Double check mbedtls_pk_verify
The verification could be skipped in server, changed the default flow
so that the handshake status is ever updated if the verify
succeeds, and that is checked twice.
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1a341c4..38ff1ab 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4432,7 +4432,7 @@
#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
- int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+ volatile int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, sig_len;
unsigned char hash[48];
unsigned char *hash_start = hash;
@@ -4618,17 +4618,25 @@
md_alg, ssl, hash, &dummy_hlen );
}
- if( ( ret = mbedtls_pk_verify( peer_pk,
- md_alg, hash_start, hashlen,
- ssl->in_msg + i, sig_len ) ) != 0 )
+ ret = mbedtls_pk_verify( peer_pk,
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + i, sig_len );
+
+ if( ret == 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
- goto exit;
+ mbedtls_platform_enforce_volatile_reads();
+
+ if( ret == 0 )
+ {
+ mbedtls_ssl_update_handshake_status( ssl );
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+ goto exit;
+ }
+
}
- mbedtls_ssl_update_handshake_status( ssl );
-
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
exit: