yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-02-26 00:16:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add double-check for flags == 0 in crt_verify()

Browse source 
Also move to "default flow assumes failure" while at it.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-11-12 10:45:32 +01:00
parent ea7eab1fde
commit 4c9b556e38
1 changed files with 11 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
library/x509_crt.c
View file

@ -3783,6 +3783,7 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
int ret; int ret;
mbedtls_x509_crt_verify_chain ver_chain; mbedtls_x509_crt_verify_chain ver_chain;
uint32_t ee_flags; uint32_t ee_flags;
volatile uint32_t flags_fi;
*flags = 0; *flags = 0;
ee_flags = 0; ee_flags = 0;
@ -3859,16 +3860,19 @@ exit:
return( ret ); return( ret );
} }
if( *flags != 0 ) flags_fi = *flags;
if( flags_fi == 0 )
{ {
/* Preserve the API by removing internal extra bits - from now on the mbedtls_platform_enforce_volatile_reads();
* fact that flags is non-zero is also redundantly encoded by the if( flags_fi == 0 )
* return value from this function. */ return( 0 );
*flags &= ~ X509_BADCERT_FI_EXTRA;
return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
} }
return( 0 ); /* Preserve the API by removing internal extra bits - from now on the
* fact that flags is non-zero is also redundantly encoded by the
* non-zero return value from this function. */
*flags &= ~ X509_BADCERT_FI_EXTRA;
return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
} }
/* /*