Fix double-check for bad signature
In the previous version, it was enough for the attacker to glitch the
top-level 'if' to skip the entire block. We want two independent blocks here,
so that an attacker can only succeed with two successive glitches.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 22a6a23..fde6843 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -3547,13 +3547,11 @@
/* signature was checked while searching parent */
signature_is_good_fi = signature_is_good;
if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
- {
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
- mbedtls_platform_enforce_volatile_reads();
- if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
- *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
- }
+ mbedtls_platform_enforce_volatile_reads();
+ if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
+ *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
{
mbedtls_pk_context *parent_pk;