Improve FI resistance of pk verification in ssl_cli.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 86063eb..523e62c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2794,6 +2794,7 @@
* structural change to provide default flow assumes failure
*/
volatile int ret = 0;
+ volatile int ret_fi = MBEDTLS_ERR_PLATFORM_FAULT_DETECTED;
unsigned char *p;
unsigned char *end;
@@ -2931,6 +2932,7 @@
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
{
((void) ret);
+ ((void) ret_fi);
((void) p);
((void) end);
((void) ciphersuite_info);
@@ -3102,10 +3104,14 @@
if( rs_ctx == NULL )
{
- ret = mbedtls_pk_verify_restartable( peer_pk,
+ ret_fi = mbedtls_pk_verify_restartable( peer_pk,
md_alg, hash, hashlen, p, sig_len, rs_ctx );
}
- if( ret == 0 )
+ else
+ {
+ ret_fi = 0;
+ }
+ if( ret == 0 && ret_fi == 0 )
{
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,