Double check mbedtls_pk_verify

The verification could be skipped in server, changed the default flow
so that the handshake status is ever updated if the verify
succeeds, and that is checked twice.
This commit is contained in:
Jarno Lamsa 2019-12-11 15:00:27 +02:00
parent 9e8e820993
commit 83a56a630a

View File

@ -4432,7 +4432,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
#else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */ #else /* !MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; volatile int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t i, sig_len; size_t i, sig_len;
unsigned char hash[48]; unsigned char hash[48];
unsigned char *hash_start = hash; unsigned char *hash_start = hash;
@ -4618,17 +4618,25 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
md_alg, ssl, hash, &dummy_hlen ); md_alg, ssl, hash, &dummy_hlen );
} }
if( ( ret = mbedtls_pk_verify( peer_pk, ret = mbedtls_pk_verify( peer_pk,
md_alg, hash_start, hashlen, md_alg, hash_start, hashlen,
ssl->in_msg + i, sig_len ) ) != 0 ) ssl->in_msg + i, sig_len );
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
goto exit;
}
if( ret == 0 )
{
mbedtls_platform_enforce_volatile_reads();
if( ret == 0 )
{
mbedtls_ssl_update_handshake_status( ssl ); mbedtls_ssl_update_handshake_status( ssl );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse certificate verify" ) );
goto exit;
}
}
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
exit: exit: