From 18761926a82632301b14f0ff13c5805eec766c21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 14 Nov 2019 09:19:08 +0100 Subject: [PATCH] Fix double-check for bad signature In the previous version, it was enough for the attacker to glitch the top-level 'if' to skip the entire block. We want two independent blocks here, so that an attacker can only succeed with two successive glitches. --- library/x509_crt.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 22a6a23a1..fde6843b5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -3547,13 +3547,11 @@ find_parent: /* signature was checked while searching parent */ signature_is_good_fi = signature_is_good; if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD ) - { *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA; - mbedtls_platform_enforce_volatile_reads(); - if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD ) - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA; - } + mbedtls_platform_enforce_volatile_reads(); + if( signature_is_good_fi != X509_SIGNATURE_IS_GOOD ) + *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED | X509_BADCERT_FI_EXTRA; { mbedtls_pk_context *parent_pk;