RSA PKCS1v1.5 verification: check padding length The test case was generated by modifying our signature code so that it produces a 7-byte long padding (which also means garbage at the end, so it is essential to check that the error that is detected first is indeed the padding rather than the final length check).

commit: 19c10e9984acaef5a5fb4c15965b982fc1728d1f [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu May 11 12:49:51 2017 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu May 11 13:37:45 2017 +0200
tree: 71abe45658829c1493450fbdd98835b4b722f5dd
parent: 98864d5c0b154eda7aeb2c2bffe7e7e1c97424bc [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index b46c728..832810b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.x branch released xxxx-xx-xx
+
+Security
+   * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a
+     potential Bleichenbacher/BERserk-style attack.
+
 = mbed TLS 1.3.19 branch released 2017-03-08
 
 Security
commit	19c10e9984acaef5a5fb4c15965b982fc1728d1f	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu May 11 12:49:51 2017 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu May 11 13:37:45 2017 +0200
tree	71abe45658829c1493450fbdd98835b4b722f5dd
parent	98864d5c0b154eda7aeb2c2bffe7e7e1c97424bc [diff] [blame]