ssl: call signature verification twice for non-restartable operations
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index e2c24e2..86063eb 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3100,6 +3100,11 @@
{
mbedtls_platform_random_delay();
+ if( rs_ctx == NULL )
+ {
+ ret = mbedtls_pk_verify_restartable( peer_pk,
+ md_alg, hash, hashlen, p, sig_len, rs_ctx );
+ }
if( ret == 0 )
{
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index ec0c21a..3447924 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4643,13 +4643,16 @@
}
ret = mbedtls_pk_verify( peer_pk,
- md_alg, hash_start, hashlen,
- ssl->in_msg + i, sig_len );
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + i, sig_len );
if( ret == 0 )
{
mbedtls_platform_random_delay();
+ ret = mbedtls_pk_verify( peer_pk,
+ md_alg, hash_start, hashlen,
+ ssl->in_msg + i, sig_len );
if( ret == 0 )
{
mbedtls_ssl_update_handshake_status( ssl );