yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 02:25:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve FI resistance of pk verification in ssl_cli.c

Browse Source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-09-20 02:03:42 +02:00
parent f74a86c0b0
commit f4d2c7de31
No known key found for this signature in database
GPG Key ID: 89A90840DC388527
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
library/ssl_cli.c
View File

@ -2794,6 +2794,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
* structural change to provide default flow assumes failure * structural change to provide default flow assumes failure
*/ */
volatile int ret = 0; volatile int ret = 0;
volatile int ret_fi = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
unsigned char *p; unsigned char *p;
unsigned char *end; unsigned char *end;
@ -2931,6 +2932,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{ {
((void) ret); ((void) ret);
((void) ret_fi);
((void) p); ((void) p);
((void) end); ((void) end);
((void) ciphersuite_info); ((void) ciphersuite_info);
@ -3102,10 +3104,14 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
if( rs_ctx == NULL ) if( rs_ctx == NULL )
{ {
ret = mbedtls_pk_verify_restartable( peer_pk, ret_fi = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx ); md_alg, hash, hashlen, p, sig_len, rs_ctx );
} }
if( ret == 0 ) else
{
ret_fi = 0;
}
if( ret == 0 && ret_fi == 0 )
{ {
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it, /* We don't need the peer's public key anymore. Free it,