Add double-check for flags == 0 in crt_verify() Also move to "default flow assumes failure" while at it.

commit: 4c9b556e385d8723a1dc21fd3e9973eab97441fa [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Nov 12 10:45:32 2019 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Nov 21 15:32:45 2019 +0100
tree: 5cbf595fd320be345d419f8b6f3e0e57f5240788
parent: ea7eab1fde7269de70d328e4383f6bd406824a1f [diff] [blame]
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6b4ed1c..22a6a23 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -3783,6 +3783,7 @@
     int ret;
     mbedtls_x509_crt_verify_chain ver_chain;
     uint32_t ee_flags;
+    volatile uint32_t flags_fi;
 
     *flags = 0;
     ee_flags = 0;
@@ -3859,16 +3860,19 @@
         return( ret );
     }
 
-    if( *flags != 0 )
+    flags_fi = *flags;
+    if( flags_fi == 0 )
     {
-        /* Preserve the API by removing internal extra bits - from now on the
-         * fact that flags is non-zero is also redundantly encoded by the
-         * return value from this function. */
-        *flags &= ~ X509_BADCERT_FI_EXTRA;
-        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+        mbedtls_platform_enforce_volatile_reads();
+        if( flags_fi == 0 )
+            return( 0 );
     }
 
-    return( 0 );
+    /* Preserve the API by removing internal extra bits - from now on the
+     * fact that flags is non-zero is also redundantly encoded by the
+     * non-zero return value from this function. */
+    *flags &= ~ X509_BADCERT_FI_EXTRA;
+    return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
 }
 
 /*
commit	4c9b556e385d8723a1dc21fd3e9973eab97441fa	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Tue Nov 12 10:45:32 2019 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Nov 21 15:32:45 2019 +0100
tree	5cbf595fd320be345d419f8b6f3e0e57f5240788
parent	ea7eab1fde7269de70d328e4383f6bd406824a1f [diff] [blame]