Fix data loss in unsigned int cast in PK This patch introduces some additional checks in the PK module for 64-bit systems only. The problem is that the API functions in the PK abstraction accept a size_t value for the hashlen, while the RSA module accepts an unsigned int for the hashlen. Instead of silently casting size_t to unsigned int, this change checks whether the hashlen overflows an unsigned int and returns an error.

commit: c89250913f6a2ea4b9e1c04be981c4f699137293 [log] [tgz]
author: Andres AG <andres.amayagarcia@arm.com> Thu Jan 19 11:24:33 2017 +0000
committer: Simon Butcher <simon.butcher@arm.com> Sat Feb 25 20:37:43 2017 +0000
tree: 5cc7a1c1b1150cf37fbe980d408eda31c652cadd
parent: 3a7d9314b490716f2190613bec8200a4160a61ce [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index aaf1bba..c1cb9ef 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,13 @@
 
 = mbed TLS 2.1.x branch released xxxx-xx-xx
 
+Security
+    * Add checks to prevent signature forgeries for very large messages while
+      using RSA through the PK module in 64-bit systems. The issue was caused by
+      some data loss when casting a size_t to an unsigned int value in the
+      functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
+      mbedtls_pk_sign(). Found by Jean-Philippe Aumasson.
+
 Bugfix
    * Fix the redefinition of macro ssl_set_bio to an undefined symbol
      mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.
commit	c89250913f6a2ea4b9e1c04be981c4f699137293	[log] [tgz]
author	Andres AG <andres.amayagarcia@arm.com>	Thu Jan 19 11:24:33 2017 +0000
committer	Simon Butcher <simon.butcher@arm.com>	Sat Feb 25 20:37:43 2017 +0000
tree	5cc7a1c1b1150cf37fbe980d408eda31c652cadd
parent	3a7d9314b490716f2190613bec8200a4160a61ce [diff] [blame]