Protect return value from mbedtls_pk_verify

Use double checks and default flow assumes failure.

library/ssl_cli.c

@@ -2731,7 +2731,7 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
                                           unsigned char *buf,
                                           size_t buflen )
 {
-    int ret;
+    volatile int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
     unsigned char *p;
     unsigned char *end;
 
@@ -3031,9 +3031,27 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
             rs_ctx = &ssl->handshake->ecrs_ctx.pk;
 #endif
 
-        if( ( ret = mbedtls_pk_verify_restartable( peer_pk,
+        ret = mbedtls_pk_verify_restartable( peer_pk,
-                        md_alg, hash, hashlen, p, sig_len, rs_ctx ) ) != 0 )
+                        md_alg, hash, hashlen, p, sig_len, rs_ctx );
+
+        if( ret == 0 )
         {
+            mbedtls_platform_enforce_volatile_reads();
+
+            if( ret == 0 )
+            {
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+                /* We don't need the peer's public key anymore. Free it,
+                * so that more RAM is available for upcoming expensive
+                * operations like ECDHE. */
+                mbedtls_pk_free( peer_pk );
+#else
+                mbedtls_x509_crt_pk_release(
+                    ssl->session_negotiate->peer_cert );
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+                return( ret );
+            }
+        }
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
         if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
 #endif
@@ -3049,21 +3067,11 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
             mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
 #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-            return( ret );
-        }
 
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-        /* We don't need the peer's public key anymore. Free it,
-         * so that more RAM is available for upcoming expensive
-         * operations like ECDHE. */
-        mbedtls_pk_free( peer_pk );
-#else
-        mbedtls_x509_crt_pk_release( ssl->session_negotiate->peer_cert );
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     }
 #endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
 
-    return( 0 );
+    return( ret );
 }
 
 static int ssl_in_server_key_exchange_postprocess( mbedtls_ssl_context *ssl )