mbedtls/include
Manuel Pégourié-Gonnard ea7eab1fde Add redundancy (Hamming distance) to cert flags
Before this commit, if a certificate only had one issue (for example, if the
"untrusted" bit was the only set in flags), an attacker that could flip this
single bit between the moment it's set and the moment flags are checked before
returning from mbedtls_x509_crt_verify() could make the entire verification
routine appear to succeed (return 0 with no bit set in flags).

Avoid that by making sure that flags always has either 0 or at least 9 bits
set during the execution of the function. However, to preserve the API, clear
the 8 extra bits before returning. This doesn't open the door to other
attacks, as fortunately the API already had redundancy: either both flags and
the return value are 0, or flags has bits set and the return value is non-zero
with at least 16 bits set (assuming 32-bit 2-complement ints).
2019-11-21 15:32:45 +01:00
..
mbedtls Add redundancy (Hamming distance) to cert flags 2019-11-21 15:32:45 +01:00
tinycrypt Harden return value of uECC_vli_equal() 2019-11-21 15:12:44 +01:00
.gitignore Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
CMakeLists.txt Merge branch 'mbedtls-2.16' into baremetal 2019-06-18 09:00:37 +01:00