Fix data loss in unsigned int cast in PK This patch introduces some additional checks in the PK module for 64-bit systems only. The problem is that the API functions in the PK abstraction accept a size_t value for the hashlen, while the RSA module accepts an unsigned int for the hashlen. Instead of silently casting size_t to unsigned int, this change checks whether the hashlen overflows an unsigned int and returns an error.

commit: c71b7eb0e7b9a0ecfe16a418c4c9735af230259f [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Jan 19 11:24:33 2017 +0000
committer: Andres AG <andres.amayagarcia@arm.com> Wed Feb 15 10:44:02 2017 +0000
tree: cc460bbf23f58b57f0f4e5f4a700a7c47faf1b16
parent: df33a6a8056be7fcb8a1784fa026d0308f19dc7b [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 1e1420a..316c5de 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -1,6 +1,13 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
-= mbed TLS x.x.x branch xxxx-xx-xx
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Security
+    * Add checks to prevent signature forgeries for very large messages while
+      using RSA through the PK module in 64-bit systems. The issue was caused by
+      some data loss when casting a size_t to an unsigned int value in the
+      functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
+      pk_sign(). Found by Jean-Philippe Aumasson.
 
 Bugfix
    * Fix unused variable/function compilation warnings in pem.c and x509_csr.c
commit	c71b7eb0e7b9a0ecfe16a418c4c9735af230259f	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Jan 19 11:24:33 2017 +0000
committer	Andres AG <andres.amayagarcia@arm.com>	Wed Feb 15 10:44:02 2017 +0000
tree	cc460bbf23f58b57f0f4e5f4a700a7c47faf1b16
parent	df33a6a8056be7fcb8a1784fa026d0308f19dc7b [diff] [blame]