mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-24 01:35:46 +00:00
ea7eab1fde
Before this commit, if a certificate only had one issue (for example, if the "untrusted" bit was the only set in flags), an attacker that could flip this single bit between the moment it's set and the moment flags are checked before returning from mbedtls_x509_crt_verify() could make the entire verification routine appear to succeed (return 0 with no bit set in flags). Avoid that by making sure that flags always has either 0 or at least 9 bits set during the execution of the function. However, to preserve the API, clear the 8 extra bits before returning. This doesn't open the door to other attacks, as fortunately the API already had redundancy: either both flags and the return value are 0, or flags has bits set and the return value is non-zero with at least 16 bits set (assuming 32-bit 2-complement ints). |
||
---|---|---|
.. | ||
mbedtls | ||
tinycrypt | ||
.gitignore | ||
CMakeLists.txt |