mbedtls/include/tinycrypt
Manuel Pégourié-Gonnard 2b6312b7d9 Harden return value of uECC_vli_equal()
Previously it was returning 0 or 1, so flipping a single bit in the return
value reversed its meaning. Now it's returning the diff itself.

This is safe because in the two places it's used (signature verification and
point validation), invalid values will have a large number of bits differing
from the expected value, so diff will have a large Hamming weight.

An alternative would be to return for example -!(diff == 0), but the
comparison itself is prone to attacks (glitching the appropriate flag in the
CPU flags register, or the conditional branch if the comparison uses one). So
we'd need to protect the comparison, and it's simpler to just skip it and
return diff itself.
2019-11-21 15:12:44 +01:00
..
ecc.h Harden return value of uECC_vli_equal() 2019-11-21 15:12:44 +01:00
ecc_dh.h Addition of copyright statements to tinycrypt files 2019-09-09 17:37:08 +01:00
ecc_dsa.h Use safer return values in uECC_verify() 2019-11-21 15:12:44 +01:00