yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 10:35:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add double check on bad signature flagging

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2019-11-08 11:25:16 +01:00
parent f66657ac44
commit 81c1fc4132
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
library/x509_crt.c
View file

@ -3385,6 +3385,7 @@ static int x509_crt_verify_chain(
int parent_is_trusted; int parent_is_trusted;
int child_is_trusted; int child_is_trusted;
int signature_is_good; int signature_is_good;
volatile int signature_is_good_fi;
unsigned self_cnt; unsigned self_cnt;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@ -3527,9 +3528,16 @@ find_parent:
} }
/* signature was checked while searching parent */ /* signature was checked while searching parent */
if( signature_is_good != X509_SIGNATURE_IS_GOOD ) signature_is_good_fi = signature_is_good;
if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
{
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
mbedtls_platform_enforce_volatile_reads();
if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
}
{ {
mbedtls_pk_context *parent_pk; mbedtls_pk_context *parent_pk;
ret = mbedtls_x509_crt_pk_acquire( parent_crt, &parent_pk ); ret = mbedtls_x509_crt_pk_acquire( parent_crt, &parent_pk );