Add double-check for flags == 0 in crt_verify()
Also move to "default flow assumes failure" while at it.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6b4ed1c..22a6a23 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -3783,6 +3783,7 @@
int ret;
mbedtls_x509_crt_verify_chain ver_chain;
uint32_t ee_flags;
+ volatile uint32_t flags_fi;
*flags = 0;
ee_flags = 0;
@@ -3859,16 +3860,19 @@
return( ret );
}
- if( *flags != 0 )
+ flags_fi = *flags;
+ if( flags_fi == 0 )
{
- /* Preserve the API by removing internal extra bits - from now on the
- * fact that flags is non-zero is also redundantly encoded by the
- * return value from this function. */
- *flags &= ~ X509_BADCERT_FI_EXTRA;
- return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+ mbedtls_platform_enforce_volatile_reads();
+ if( flags_fi == 0 )
+ return( 0 );
}
- return( 0 );
+ /* Preserve the API by removing internal extra bits - from now on the
+ * fact that flags is non-zero is also redundantly encoded by the
+ * non-zero return value from this function. */
+ *flags &= ~ X509_BADCERT_FI_EXTRA;
+ return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
}
/*