commit af60cd769890259fb646c3a38ab2770d44ec8e1f
author Jarno Lamsa <jarno.lamsa@arm.com> Thu Dec 19 16:45:23 2019 +0200
committer Jarno Lamsa <jarno.lamsa@arm.com> Fri Dec 20 10:50:33 2019 +0200
tree 696da5e4b33d6300a36af84e3db40de6dddda1d8
parent 616fbe177c7ef310ffaf01863644f21eb558d3b9

Protect the peer_authenticated flag more

Add more protection to the flag preventing attacker
possibly to glitch using faulty certificate.

library/entropy.c

diff --git a/library/entropy.c b/library/entropy.c
index d1bde6a..9818a54 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -314,6 +314,7 @@
         {
             return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
         }
+
     }
 
     return( MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE );

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index cd3aaf7..92d1da0 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4449,7 +4449,6 @@
     if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
-        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
         return( 0 );
     }
@@ -4478,7 +4477,6 @@
     if( !mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
-        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
         return( 0 );
     }
@@ -4507,7 +4505,6 @@
     if( peer_pk == NULL )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate verify" ) );
-        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
         return( 0 );
     }

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e8a230d..46b6679 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -48,6 +48,8 @@
 #include "mbedtls/ssl_internal.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/version.h"
+#include "mbedtls/platform.h"
+
 
 #include <string.h>
 
@@ -7261,7 +7263,7 @@
  * indicating whether a Certificate message is expected or not.
  */
 #define SSL_CERTIFICATE_EXPECTED 0
-#define SSL_CERTIFICATE_SKIP     1
+#define SSL_CERTIFICATE_SKIP     0xff
 static int ssl_parse_certificate_coordinate( mbedtls_ssl_context *ssl,
                                              int authmode )
 {
@@ -7609,7 +7611,6 @@
     if( crt_expected == SSL_CERTIFICATE_SKIP )
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
-        ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         goto exit;
     }
 
@@ -7936,6 +7937,10 @@
 #else
     const int authmode = mbedtls_ssl_conf_get_authmode( ssl->conf );
 #endif
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+    volatile int crt_expected = SSL_CERTIFICATE_EXPECTED;
+    crt_expected = ssl_parse_certificate_coordinate( ssl, authmode );
+#endif
     MBEDTLS_SSL_DEBUG_MSG( 3, ( "=> handshake wrapup" ) );
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -7976,9 +7981,21 @@
     }
 #endif /* MBEDTLS_SSL_SRV_C && !MBEDTLS_SSL_NO_SESSION_CACHE */
 
-    if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+    if( authmode == MBEDTLS_SSL_VERIFY_NONE ||
+        authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ||
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+        crt_expected == SSL_CERTIFICATE_SKIP )
+#else
+        1 )
+#endif
     {
-        if( authmode == MBEDTLS_SSL_VERIFY_NONE )
+        if( authmode == MBEDTLS_SSL_VERIFY_NONE ||
+            authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ||
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+            crt_expected == SSL_CERTIFICATE_SKIP )
+#else
+            1 )
+#endif
         {
             ssl->handshake->peer_authenticated = MBEDTLS_SSL_FI_FLAG_SET;
         }