yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 11:05:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve FI resistance of certificate verification in ssl_srv.c

Browse Source 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-09-20 01:57:30 +02:00
parent ef34494d80
commit f74a86c0b0
No known key found for this signature in database
GPG Key ID: 89A90840DC388527
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/ssl_srv.c
View File

@ -4457,6 +4457,7 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
volatile int ret = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
volatile int ret_fi = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
size_t i, sig_len;
unsigned char hash[48];
unsigned char *hash_start = hash;
@ -4650,10 +4651,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
mbedtls_platform_random_delay();
ret = mbedtls_pk_verify( peer_pk,
md_alg, hash_start, hashlen,
ssl->in_msg + i, sig_len );
if( ret == 0 )
ret_fi = mbedtls_pk_verify( peer_pk,
md_alg, hash_start, hashlen,
ssl->in_msg + i, sig_len );
if( ret == 0 && ret_fi == 0 )
{
mbedtls_ssl_update_handshake_status( ssl );