eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use safer return values in uECC_verify()

Browse source 
This is a first step in protecting against fault injection attacks: the
attacker can no longer change failure into success by flipping a single bit.
Additional steps are needed to prevent other attacks (instruction skip etc)
and will be the object of future commits.

The return value of uECC_vli_equal() should be protected as well, which will
be done in a future commit as well.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-11-06 10:30:26 +01:00
parent c05f1506f4
commit 10d8e8ed64
5 changed files with 14 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
library/pk.c
View file

@ -591,7 +591,7 @@ static int uecc_eckey_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
ret = uECC_verify( keypair->public_key, hash,
(unsigned) hash_len, signature, uecc_curve );
if( ret == 0 )
if( ret != UECC_SUCCESS )
return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
return( 0 );