Add double check on cert signature verification

x509_crt_check_signature() directly returns the return value of pk_verify_xxx() without looking at it, so nothing to do here. But its caller compares the value to 0, which ought to be double-checked.
2024-11-23 00:35:50 +01:00 · 2019-11-08 11:02:56 +01:00 · 2019-11-08 11:02:56 +01:00 · d1e55dfce6
commit d1e55dfce6
parent 72a8c9e7dc
1 changed files with 12 additions and 6 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -2938,6 +2938,7 @@ static int x509_crt_find_parent_in(
                        mbedtls_x509_crt_restart_ctx *rs_ctx )
 {
    int ret;
+    volatile int ret_fi;
    mbedtls_x509_crt *parent_crt;
    int signature_is_good;

@ -3018,10 +3019,10 @@ check_signature:
            continue;

        /* Signature */
-        ret = x509_crt_check_signature( child_sig, parent_crt, rs_ctx );
+        ret_fi = x509_crt_check_signature( child_sig, parent_crt, rs_ctx );

 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+        if( rs_ctx != NULL && ret_fi == MBEDTLS_ERR_ECP_IN_PROGRESS )
        {
            /* save state */
            rs_ctx->parent = parent_crt;
@ -3030,13 +3031,18 @@ check_signature:
            rs_ctx->fallback_signature_is_good = fallback_signature_is_good;
 #endif /* MBEDTLS_HAVE_TIME_DATE */

-            return( ret );
+            return( ret_fi );
        }
-#else
-        (void) ret;
 #endif

-        signature_is_good = ret == 0;
+        signature_is_good = 0;
+        if( ret_fi == 0 )
+        {
+            mbedtls_platform_enforce_volatile_reads();
+            if( ret_fi == 0 )
+                signature_is_good = 1;
+        }
+
        if( top && ! signature_is_good )
            continue;