Improve FI resistance of pk verification in ssl_cli.c

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2020-09-20 02:03:42 +02:00
parent f74a86c0b0
commit f4d2c7de31
No known key found for this signature in database
GPG key ID: 89A90840DC388527

View file

@ -2794,6 +2794,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
* structural change to provide default flow assumes failure
*/
volatile int ret = 0;
volatile int ret_fi = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
unsigned char *p;
unsigned char *end;
@ -2931,6 +2932,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
((void) ret);
((void) ret_fi);
((void) p);
((void) end);
((void) ciphersuite_info);
@ -3102,10 +3104,14 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
if( rs_ctx == NULL )
{
ret = mbedtls_pk_verify_restartable( peer_pk,
ret_fi = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx );
}
if( ret == 0 )
else
{
ret_fi = 0;
}
if( ret == 0 && ret_fi == 0 )
{
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,