Manuel Pégourié-Gonnard ea7eab1fde Add redundancy (Hamming distance) to cert flags ... Before this commit, if a certificate only had one issue (for example, if the "untrusted" bit was the only set in flags), an attacker that could flip this single bit between the moment it's set and the moment flags are checked before returning from mbedtls_x509_crt_verify() could make the entire verification routine appear to succeed (return 0 with no bit set in flags). Avoid that by making sure that flags always has either 0 or at least 9 bits set during the execution of the function. However, to preserve the API, clear the 8 extra bits before returning. This doesn't open the door to other attacks, as fortunately the API already had redundancy: either both flags and the return value are 0, or flags has bits set and the return value is non-zero with at least 16 bits set (assuming 32-bit 2-complement ints).		2019-11-21 15:32:45 +01:00
..
mbedtls	Add redundancy (Hamming distance) to cert flags	2019-11-21 15:32:45 +01:00
tinycrypt	Harden return value of uECC_vli_equal()	2019-11-21 15:12:44 +01:00
.gitignore
CMakeLists.txt	Merge branch 'mbedtls-2.16' into baremetal	2019-06-18 09:00:37 +01:00