yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-10-29 21:57:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
mbedtls/include/mbedtls
History
Manuel Pégourié-Gonnard ea7eab1fde Add redundancy (Hamming distance) to cert flags 
Before this commit, if a certificate only had one issue (for example, if the
"untrusted" bit was the only set in flags), an attacker that could flip this
single bit between the moment it's set and the moment flags are checked before
returning from mbedtls_x509_crt_verify() could make the entire verification
routine appear to succeed (return 0 with no bit set in flags).

Avoid that by making sure that flags always has either 0 or at least 9 bits
set during the execution of the function. However, to preserve the API, clear
the 8 extra bits before returning. This doesn't open the door to other
attacks, as fortunately the API already had redundancy: either both flags and
the return value are 0, or flags has bits set and the return value is non-zero
with at least 16 bits set (assuming 32-bit 2-complement ints).
2019-11-21 15:32:45 +01:00
..
aes.h Adjust AES RAM usage according to config options 2019-10-24 09:49:23 +03:00
aesni.h
arc4.h
aria.h
asn1.h Changed every memcmp to SCA equivalent mbedtls_platform_memcmp 2019-10-03 13:14:33 +03:00
asn1write.h Improve macro hygiene 2019-04-24 10:51:54 +02:00
base64.h
bignum.h Improve macro hygiene 2019-04-24 10:51:54 +02:00
blowfish.h
bn_mul.h bn_mul.h: require at least ARMv6 to enable the ARM DSP code 2019-08-03 14:22:32 +02:00
camellia.h
ccm.h
certs.h Document origin of hardcoded certificates in library/certs.c 2019-05-30 10:27:49 +01:00
chacha20.h
chachapoly.h
check_config.h Update AES-128 bit configuration 2019-10-24 09:49:23 +03:00
cipher.h Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
cipher_internal.h
cmac.h
compat-1.3.h Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp 2019-10-04 08:52:00 +03:00
config.h Review corrections 2019-10-24 12:19:50 +03:00
ctr_drbg.h
debug.h Fixup debug.h and ssl_internal.h: Add missing include of ecdh.h 2019-09-04 16:19:49 +01:00
des.h
dhm.h
ecdh.h
ecdsa.h
ecjpake.h Introduce MD handle type 2019-09-09 09:45:57 +01:00
ecp.h
ecp_internal.h
entropy.h
entropy_poll.h
error.h Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED 2019-11-21 15:14:59 +01:00
gcm.h
havege.h
hkdf.h Merge branch 'baremetal' into baremetal-2.16-20190909 2019-09-12 09:58:14 +02:00
hmac_drbg.h Introduce MD handle type 2019-09-09 09:45:57 +01:00
md.h MD: Implement config dep'n inlining of mbedtls_md_setup() 2019-09-09 09:45:57 +01:00
md2.h
md4.h
md5.h
md_internal.h Fixup: Don't assume that alt SHA256 impln's have trivial init/free 2019-09-09 09:45:57 +01:00
memory_buffer_alloc.h
net.h
net_sockets.h
nist_kw.h
oid.h Fixup: Remove trailing whitespace in oid.h 2019-09-04 16:17:25 +01:00
padlock.h Improve macro hygiene 2019-04-24 10:51:54 +02:00
pem.h
pk.h Merge remote-tracking branch 'public/pr/2835' into baremetal 2019-09-24 15:28:35 +01:00
pk_internal.h Make sub-context statically allocated 2019-09-19 10:45:14 +02:00
pkcs5.h
pkcs11.h
pkcs12.h
platform.h Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED 2019-11-21 15:14:59 +01:00
platform_time.h
platform_util.h Force some compilers to respect volatile reads 2019-11-21 15:14:59 +01:00
poly1305.h
ripemd160.h
rsa.h Merge remote-tracking branch 'restricted/pr/582' into mbedtls-2.16-restricted 2019-06-24 11:40:59 +01:00
rsa_internal.h
sha1.h
sha256.h Completely ignore is224 if SHA-224 is disabled 2019-09-09 10:21:30 +02:00
sha512.h
ssl.h Merge remote-tracking branch 'origin/pr/609' into baremetal 2019-09-10 14:50:04 +01:00
ssl_cache.h Remove peer CRT from mbedtls_ssl_session if !KEEP_PEER_CERT 2019-06-19 10:25:01 +01:00
ssl_ciphersuites.h Fixup: Add missing TinyCrypt guards 2019-09-04 16:17:45 +01:00
ssl_cookie.h
ssl_internal.h Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp 2019-10-04 08:52:00 +03:00
ssl_ticket.h Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
threading.h
timing.h
version.h Bump version to Mbed TLS 2.16.3 2019-09-06 13:27:00 +01:00
x509.h Add redundancy (Hamming distance) to cert flags 2019-11-21 15:32:45 +01:00
x509_crl.h struct optimization for mbedtls_x509_crl 2019-09-05 08:54:13 +03:00
x509_crt.h Merge remote-tracking branch 'origin/pr/652' into baremetal 2019-09-25 16:37:07 +01:00
x509_csr.h Address review comments 2019-06-18 11:05:44 +01:00
x509_internal.h Changed x509_internal.h methods as static. 2019-09-06 10:03:36 +03:00
xtea.h