Add parentheses about parameter of MBEDTLS_X509_ID_FLAG

The `id` parameter of the public `MBEDTLS_X509_ID_FLAG` macro was
used in a subtraction without being surrounded by parentheses.
Since some operators bind less strongly than subtraction, this
could lead to erroneous evaluation of `MBEDTLS_X509_ID_FLAG`.
For example, `MBEDTLS_X509_ID_FLAG( 1 << 2 )` would evaluate
evaluate to

  `1 << ( 1 << 2 - 1 ) == 1 << ( 1 << 1 ) == 4`

instead of the intended

  `1 << ( ( 1 << 2 ) - 1 ) == 1 << ( 4 - 1 ) == 8`.

This commit fixes this by adding parentheses about the `id`
parameter in the definition of `MBEDTLS_X509_ID_FLAG`.
This commit is contained in:
Hanno Becker 2018-10-15 12:13:38 +01:00
parent 7a539a57d7
commit 0af25e71ab

View file

@ -98,7 +98,7 @@ mbedtls_x509_crt;
* Build flag from an algorithm/curve identifier (pk, md, ecp) * Build flag from an algorithm/curve identifier (pk, md, ecp)
* Since 0 is always XXX_NONE, ignore it. * Since 0 is always XXX_NONE, ignore it.
*/ */
#define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( id - 1 ) ) #define MBEDTLS_X509_ID_FLAG( id ) ( 1 << ( ( id ) - 1 ) )
/** /**
* Security profile for certificate verification. * Security profile for certificate verification.