mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 02:14:16 +01:00
Use double-checking of critical value in pk_verify()
Also change the flow so that the default return value is a failing one.
This commit is contained in:
parent
324c6e9cc9
commit
ca7b5ab5ef
20
library/pk.c
20
library/pk.c
@ -577,6 +577,7 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
const unsigned char *sig, size_t sig_len )
|
const unsigned char *sig, size_t sig_len )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
volatile int ret_fi;
|
||||||
uint8_t signature[2*NUM_ECC_BYTES];
|
uint8_t signature[2*NUM_ECC_BYTES];
|
||||||
unsigned char *p;
|
unsigned char *p;
|
||||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||||
@ -589,12 +590,21 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
ret = uECC_verify( keypair->public_key, hash,
|
ret_fi = uECC_verify( keypair->public_key, hash,
|
||||||
(unsigned) hash_len, signature, uecc_curve );
|
(unsigned) hash_len, signature, uecc_curve );
|
||||||
if( ret != UECC_SUCCESS )
|
|
||||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
|
||||||
|
|
||||||
return( 0 );
|
if( ret_fi == UECC_ATTACK_DETECTED )
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
|
|
||||||
|
if( ret_fi == UECC_SUCCESS )
|
||||||
|
{
|
||||||
|
if( ret_fi == UECC_SUCCESS )
|
||||||
|
return( 0 );
|
||||||
|
else
|
||||||
|
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||||
|
}
|
||||||
|
|
||||||
|
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Loading…
Reference in New Issue
Block a user