Fix double-check for bad signature In the previous version, it was enough for the attacker to glitch the top-level 'if' to skip the entire block. We want two independent blocks here, so that an attacker can only succeed with two successive glitches.

commit: 18761926a82632301b14f0ff13c5805eec766c21 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Nov 14 09:19:08 2019 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Nov 21 15:32:45 2019 +0100
tree: b17bd13402595fca2ef5fc1cda23cec0513ea011
parent: 4c9b556e385d8723a1dc21fd3e9973eab97441fa [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 22a6a23..fde6843 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -3547,13 +3547,11 @@
         /* signature was checked while searching parent */
         signature_is_good_fi = signature_is_good;
         if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
-        {
             *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
 
-            mbedtls_platform_enforce_volatile_reads();
-            if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
-                *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
-        }
+        mbedtls_platform_enforce_volatile_reads();
+        if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
+            *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA;
 
         {
             mbedtls_pk_context *parent_pk;
commit	18761926a82632301b14f0ff13c5805eec766c21	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Nov 14 09:19:08 2019 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Nov 21 15:32:45 2019 +0100
tree	b17bd13402595fca2ef5fc1cda23cec0513ea011
parent	4c9b556e385d8723a1dc21fd3e9973eab97441fa [diff] [blame]