commit 83a56a630a7abaec20ae79adc83aba68c703bcd1
author Jarno Lamsa <jarno.lamsa@arm.com> Wed Dec 11 15:00:27 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 07:56:10 2019 +0200
tree af26e97cdf3f205b272a1e8bd257028f3459bdf3
parent 9e8e8209931a7869e4e8a45a197c64603d61a9ad

Double check mbedtls_pk_verify

The verification could be skipped in server, changed the default flow
so that the handshake status is ever updated if the verify
succeeds, and that is checked twice.

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1a341c4..38ff1ab 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4432,7 +4432,7 @@
 #else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
 static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
 {
-    int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
+    volatile int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
     size_t i, sig_len;
     unsigned char hash[48];
     unsigned char *hash_start = hash;
@@ -4618,17 +4618,25 @@
             md_alg, ssl, hash, &dummy_hlen );
     }
 
-    if( ( ret = mbedtls_pk_verify( peer_pk,
-                           md_alg, hash_start, hashlen,
-                           ssl->in_msg + i, sig_len ) ) != 0 )
+    ret = mbedtls_pk_verify( peer_pk,
+                                      md_alg, hash_start, hashlen,
+                                      ssl->in_msg + i, sig_len );
+
+    if( ret == 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
-        goto exit;
+        mbedtls_platform_enforce_volatile_reads();
+
+        if( ret == 0 )
+        {
+            mbedtls_ssl_update_handshake_status( ssl );
+
+            MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+            goto exit;
+        } 
+        
     }
 
-    mbedtls_ssl_update_handshake_status( ssl );
-
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
+    MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
 
 exit: