From 6c30be8e4b693aba886c57457afc10ec2ef9420b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sun, 9 Aug 2020 14:53:10 -0400 Subject: [PATCH] ssl: call signature verification twice for non-restartable operations Signed-off-by: Andrzej Kurek --- library/ssl_cli.c | 5 +++++ library/ssl_srv.c | 7 +++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e2c24e28a..86063ebd1 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3100,6 +3100,11 @@ static int ssl_in_server_key_exchange_parse( mbedtls_ssl_context *ssl, { mbedtls_platform_random_delay(); + if( rs_ctx == NULL ) + { + ret = mbedtls_pk_verify_restartable( peer_pk, + md_alg, hash, hashlen, p, sig_len, rs_ctx ); + } if( ret == 0 ) { #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index ec0c21a6a..34479246c 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -4643,13 +4643,16 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl ) } ret = mbedtls_pk_verify( peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len ); + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len ); if( ret == 0 ) { mbedtls_platform_random_delay(); + ret = mbedtls_pk_verify( peer_pk, + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len ); if( ret == 0 ) { mbedtls_ssl_update_handshake_status( ssl );