mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:05:41 +01:00
c05f1506f4
Currently functions that may return success or failure tend to do so by returning 0 or 1. If an active physical attacker can flip a bit in memory or registers at the right time, they may easily change a failure value into a success value, with potentially catastrophic security consequences. As typical attackers can only flip a few bits, an element of protection against such attacks is to ensure a sufficient Hamming distance between failure values and the success value. This commit introduces such values, which will put to use in critical functions in future commits. In addition to SUCCESS and FAILURE, a third value ATTACK_DETECTED is introduced, which can be used later when suspicious-looking events are noticed (static data changed when it shouldn't, double condition checking returning inconsistent results, etc.). Values are chosen so that Hamming distances are large, and that no value is the complement of another, in order to avoid unwanted compiler optimisations. Note: the error values used by Mbed TLS are already safe (assuming 32-bit integers) as they are of the form -x with x in the range [1, 2^15) so their Hamming distance with the success value (0) is at least 17, so it's hard for an attacker to turn an error value into the success value (or vice-versa). |
||
|---|---|---|
| .. | ||
| mbedtls | ||
| tinycrypt | ||
| .gitignore | ||
| CMakeLists.txt | ||