Add double check on cert signature verification
x509_crt_check_signature() directly returns the return value of
pk_verify_xxx() without looking at it, so nothing to do here. But its caller
compares the value to 0, which ought to be double-checked.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index e537983..e1e98df 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2938,6 +2938,7 @@
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
int ret;
+ volatile int ret_fi;
mbedtls_x509_crt *parent_crt;
int signature_is_good;
@@ -3018,10 +3019,10 @@
continue;
/* Signature */
- ret = x509_crt_check_signature( child_sig, parent_crt, rs_ctx );
+ ret_fi = x509_crt_check_signature( child_sig, parent_crt, rs_ctx );
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
- if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+ if( rs_ctx != NULL && ret_fi == MBEDTLS_ERR_ECP_IN_PROGRESS )
{
/* save state */
rs_ctx->parent = parent_crt;
@@ -3030,13 +3031,18 @@
rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
#endif /* MBEDTLS_HAVE_TIME_DATE */
- return( ret );
+ return( ret_fi );
}
-#else
- (void) ret;
#endif
- signature_is_good = ret == 0;
+ signature_is_good = 0;
+ if( ret_fi == 0 )
+ {
+ mbedtls_platform_enforce_volatile_reads();
+ if( ret_fi == 0 )
+ signature_is_good = 1;
+ }
+
if( top && ! signature_is_good )
continue;