mbedtls/include/mbedtls
Manuel Pégourié-Gonnard ea7eab1fde Add redundancy (Hamming distance) to cert flags
Before this commit, if a certificate only had one issue (for example, if the
"untrusted" bit was the only set in flags), an attacker that could flip this
single bit between the moment it's set and the moment flags are checked before
returning from mbedtls_x509_crt_verify() could make the entire verification
routine appear to succeed (return 0 with no bit set in flags).

Avoid that by making sure that flags always has either 0 or at least 9 bits
set during the execution of the function. However, to preserve the API, clear
the 8 extra bits before returning. This doesn't open the door to other
attacks, as fortunately the API already had redundancy: either both flags and
the return value are 0, or flags has bits set and the return value is non-zero
with at least 16 bits set (assuming 32-bit 2-complement ints).
2019-11-21 15:32:45 +01:00
..
aes.h Adjust AES RAM usage according to config options 2019-10-24 09:49:23 +03:00
aesni.h Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16 2019-01-30 16:09:08 +00:00
arc4.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
aria.h Leave behaviour on NULL input unspecified in ARIA 2018-12-19 12:51:00 +00:00
asn1.h Changed every memcmp to SCA equivalent mbedtls_platform_memcmp 2019-10-03 13:14:33 +03:00
asn1write.h Improve macro hygiene 2019-04-24 10:51:54 +02:00
base64.h Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16 2019-01-30 16:09:08 +00:00
bignum.h Improve macro hygiene 2019-04-24 10:51:54 +02:00
blowfish.h Minor Blowfish documentation improvements 2018-12-19 15:48:37 +00:00
bn_mul.h bn_mul.h: require at least ARMv6 to enable the ARM DSP code 2019-08-03 14:22:32 +02:00
camellia.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
ccm.h Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16 2019-01-30 16:09:08 +00:00
certs.h Document origin of hardcoded certificates in library/certs.c 2019-05-30 10:27:49 +01:00
chacha20.h Minor improvements to ChaCha20/Poly1305/ChaChaPoly documentation 2018-12-18 15:30:30 +00:00
chachapoly.h Minor improvements to ChaCha20/Poly1305/ChaChaPoly documentation 2018-12-18 15:30:30 +00:00
check_config.h Update AES-128 bit configuration 2019-10-24 09:49:23 +03:00
cipher.h Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
cipher_internal.h Move definition to cipher.h 2018-07-01 10:22:53 +03:00
cmac.h Include configuration file to headers 2018-12-16 12:02:50 +02:00
compat-1.3.h Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp 2019-10-04 08:52:00 +03:00
config.h Review corrections 2019-10-24 12:19:50 +03:00
ctr_drbg.h Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16 2019-01-30 16:09:08 +00:00
debug.h Fixup debug.h and ssl_internal.h: Add missing include of ecdh.h 2019-09-04 16:19:49 +01:00
des.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
dhm.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
ecdh.h Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16 2019-01-30 16:09:08 +00:00
ecdsa.h Add a safer deterministic ECDSA function 2019-03-06 14:41:44 +00:00
ecjpake.h Introduce MD handle type 2019-09-09 09:45:57 +01:00
ecp.h Fix typo in documentation 2019-02-21 16:58:20 +01:00
ecp_internal.h Include configuration file to headers 2018-12-16 12:02:50 +02:00
entropy.h Allow to forward declare of public structs #1215 2018-07-24 10:02:47 +02:00
entropy_poll.h Update Doxygen file blocks to remove copyright and license information 2018-01-23 15:44:39 +00:00
error.h Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED 2019-11-21 15:14:59 +01:00
gcm.h Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16 2019-01-30 16:09:08 +00:00
havege.h Include configuration file for all headers 2018-12-16 12:14:37 +02:00
hkdf.h Merge branch 'baremetal' into baremetal-2.16-20190909 2019-09-12 09:58:14 +02:00
hmac_drbg.h Introduce MD handle type 2019-09-09 09:45:57 +01:00
md.h MD: Implement config dep'n inlining of mbedtls_md_setup() 2019-09-09 09:45:57 +01:00
md2.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
md4.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
md5.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
md_internal.h Fixup: Don't assume that alt SHA256 impln's have trivial init/free 2019-09-09 09:45:57 +01:00
memory_buffer_alloc.h Update Doxygen file blocks to remove copyright and license information 2018-01-23 15:44:39 +00:00
net.h Include configuration file to headers 2018-12-16 12:02:50 +02:00
net_sockets.h Merge remote-tracking branch 'upstream-public/pr/1861' into development 2018-08-10 11:17:14 +01:00
nist_kw.h Include configuration file for all headers 2018-12-16 12:14:37 +02:00
oid.h Fixup: Remove trailing whitespace in oid.h 2019-09-04 16:17:25 +01:00
padlock.h Improve macro hygiene 2019-04-24 10:51:54 +02:00
pem.h Include configuration file to headers 2018-12-16 12:02:50 +02:00
pk.h Merge remote-tracking branch 'public/pr/2835' into baremetal 2019-09-24 15:28:35 +01:00
pk_internal.h Make sub-context statically allocated 2019-09-19 10:45:14 +02:00
pkcs5.h Merge remote-tracking branch 'origin/pr/1375' into mbedtls-2.16 2019-01-30 16:09:08 +00:00
pkcs11.h Allow to forward declare of public structs #1215 2018-07-24 10:02:47 +02:00
pkcs12.h Include configuration file for all headers 2018-12-16 12:14:37 +02:00
platform.h Add error code MBEDTLS_ERR_PLATFORM_FAULT_DETECTED 2019-11-21 15:14:59 +01:00
platform_time.h Update Doxygen file blocks to remove copyright and license information 2018-01-23 15:44:39 +00:00
platform_util.h Force some compilers to respect volatile reads 2019-11-21 15:14:59 +01:00
poly1305.h Fix include file path 2018-12-28 11:11:10 +08:00
ripemd160.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
rsa.h Merge remote-tracking branch 'restricted/pr/582' into mbedtls-2.16-restricted 2019-06-24 11:40:59 +01:00
rsa_internal.h Merge remote-tracking branch 'upstream-public/pr/1457' into development-proposed 2018-04-04 09:19:27 +02:00
sha1.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
sha256.h Completely ignore is224 if SHA-224 is disabled 2019-09-09 10:21:30 +02:00
sha512.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00
ssl.h Merge remote-tracking branch 'origin/pr/609' into baremetal 2019-09-10 14:50:04 +01:00
ssl_cache.h Remove peer CRT from mbedtls_ssl_session if !KEEP_PEER_CERT 2019-06-19 10:25:01 +01:00
ssl_ciphersuites.h Fixup: Add missing TinyCrypt guards 2019-09-04 16:17:45 +01:00
ssl_cookie.h Include configuration file to headers 2018-12-16 12:02:50 +02:00
ssl_internal.h Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp 2019-10-04 08:52:00 +03:00
ssl_ticket.h Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
threading.h Deprecate hardware acceleration errors 2018-11-09 15:01:07 +00:00
timing.h Allow to forward declare of public structs #1215 2018-07-24 10:02:47 +02:00
version.h Bump version to Mbed TLS 2.16.3 2019-09-06 13:27:00 +01:00
x509.h Add redundancy (Hamming distance) to cert flags 2019-11-21 15:32:45 +01:00
x509_crl.h struct optimization for mbedtls_x509_crl 2019-09-05 08:54:13 +03:00
x509_crt.h Merge remote-tracking branch 'origin/pr/652' into baremetal 2019-09-25 16:37:07 +01:00
x509_csr.h Address review comments 2019-06-18 11:05:44 +01:00
x509_internal.h Changed x509_internal.h methods as static. 2019-09-06 10:03:36 +03:00
xtea.h Merge remote-tracking branch 'public/pr/975' into mbedtls-2.16 2019-01-08 16:34:19 +00:00