RSA: Fix buffer overflow in PSS signature verification Fix buffer overflow in RSA-PSS signature verification when the hash is too large for the key size. Found by Seth Terashima, Qualcomm. Added a non-regression test and a positive test with the smallest permitted key size for a SHA-512 hash.

commit: 55db24ca506cf5831bd31e32d26e5db2cc0264f9 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Oct 17 19:01:38 2017 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Oct 17 19:30:12 2017 +0200
tree: 9483c4d6f1148b8e148ace646b9b04f09b0bedb6
parent: a75a4591430919a6eb3d430aca396044fe3816d4 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index a3171d7..d2c5f6b 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,5 +1,12 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS 1.3.x released xxxx-xx-xx
+
+Security
+   * Fix buffer overflow in RSA-PSS verification when the hash is too
+     large for the key size. Found by Seth Terashima, Qualcomm Product
+     Security Initiative, Qualcomm Technologies Inc.
+
 = mbed TLS 1.3.21 branch released 2017-08-10
 
 Security
commit	55db24ca506cf5831bd31e32d26e5db2cc0264f9	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Oct 17 19:01:38 2017 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Oct 17 19:30:12 2017 +0200
tree	9483c4d6f1148b8e148ace646b9b04f09b0bedb6
parent	a75a4591430919a6eb3d430aca396044fe3816d4 [diff] [blame]