mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-30 00:34:18 +01:00
Use double-checking of critical value in pk_verify()
Also change the flow so that the default return value is a failing one.
This commit is contained in:
parent
324c6e9cc9
commit
ca7b5ab5ef
16
library/pk.c
16
library/pk.c
@ -577,6 +577,7 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *sig, size_t sig_len )
|
||||
{
|
||||
int ret;
|
||||
volatile int ret_fi;
|
||||
uint8_t signature[2*NUM_ECC_BYTES];
|
||||
unsigned char *p;
|
||||
const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
|
||||
@ -589,12 +590,21 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = uECC_verify( keypair->public_key, hash,
|
||||
ret_fi = uECC_verify( keypair->public_key, hash,
|
||||
(unsigned) hash_len, signature, uecc_curve );
|
||||
if( ret != UECC_SUCCESS )
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
|
||||
if( ret_fi == UECC_ATTACK_DETECTED )
|
||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||
|
||||
if( ret_fi == UECC_SUCCESS )
|
||||
{
|
||||
if( ret_fi == UECC_SUCCESS )
|
||||
return( 0 );
|
||||
else
|
||||
return( MBEDTLS_ERR_PLATFORM_FAULT_DETECTED );
|
||||
}
|
||||
|
||||
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user