Merge pull request #4735 from daverodgman/alert_bugfixes_2.16 Backport 2.16: Fix alert raised for invalid fragment length

commit: 4c20c774a1d0ed36bee52a5e23d1fdc879deaef6 [log] [tgz]
author: Dave Rodgman <dave.rodgman@arm.com> Wed Jun 30 09:02:45 2021 +0100
committer: GitHub <noreply@github.com> Wed Jun 30 09:02:45 2021 +0100
tree: 8007007ab61d6bec2ebc907eb66728de8551e749
parent: 90e6c24cf96c89bf91d4c919cd9ecf2147957bea [diff]
parent: cee9e922558f4c97fdccecb5c3f815da4901dd38 [diff]
diff --git a/ChangeLog.d/ensure_hash_len_is_valid.txt b/ChangeLog.d/ensure_hash_len_is_valid.txt
new file mode 100644
index 0000000..2059249
--- /dev/null
+++ b/ChangeLog.d/ensure_hash_len_is_valid.txt

@@ -0,0 +1,5 @@
+Bugfix
+   * mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
+     restartable variants now require at least the specified hash length if
+     nonzero. Before, for RSA, hash_len was ignored in favor of the length of
+     the specified hash algorithm.

diff --git a/library/pk.c b/library/pk.c
index 81cfdbf..8998271 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -225,12 +225,15 @@
 {
     const mbedtls_md_info_t *md_info;
 
-    if( *hash_len != 0 )
+    if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
         return( 0 );
 
     if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
         return( -1 );
 
+    if ( *hash_len != 0 && *hash_len < mbedtls_md_get_size( md_info ) )
+        return ( -1 );
+
     *hash_len = mbedtls_md_get_size( md_info );
     return( 0 );
 }
commit	4c20c774a1d0ed36bee52a5e23d1fdc879deaef6	[log] [tgz]
author	Dave Rodgman <dave.rodgman@arm.com>	Wed Jun 30 09:02:45 2021 +0100
committer	GitHub <noreply@github.com>	Wed Jun 30 09:02:45 2021 +0100
tree	8007007ab61d6bec2ebc907eb66728de8551e749
parent	90e6c24cf96c89bf91d4c919cd9ecf2147957bea [diff]
parent	cee9e922558f4c97fdccecb5c3f815da4901dd38 [diff]