RSA: Fix buffer overflow in PSS signature verification Fix buffer overflow in RSA-PSS signature verification when the hash is too large for the key size. Found by Seth Terashima, Qualcomm. Added a non-regression test and a positive test with the smallest permitted key size for a SHA-512 hash.

commit: 5c3247120fea5c83f494fde79657a19e07eac46d [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Oct 17 19:01:38 2017 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Oct 17 19:16:14 2017 +0200
tree: c25aae1443e75b79efe9c565cdcf97ea2ac11d20
parent: 41a38dfed6cef8867b448ca5e01a3a7da16475df [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 8f7843d..24835cd 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,11 @@
 
 = mbed TLS 2.1.x released xxxx-xx-xx
 
+Security
+   * Fix buffer overflow in RSA-PSS verification when the hash is too
+     large for the key size. Found by Seth Terashima, Qualcomm Product
+     Security Initiative, Qualcomm Technologies Inc.
+
 Bugfix
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
commit	5c3247120fea5c83f494fde79657a19e07eac46d	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Oct 17 19:01:38 2017 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Oct 17 19:16:14 2017 +0200
tree	c25aae1443e75b79efe9c565cdcf97ea2ac11d20
parent	41a38dfed6cef8867b448ca5e01a3a7da16475df [diff] [blame]