Fix data loss in unsigned int cast in PK
This patch introduces some additional checks in the PK module for 64-bit
systems only. The problem is that the API functions in the PK
abstraction accept a size_t value for the hashlen, while the RSA module
accepts an unsigned int for the hashlen. Instead of silently casting
size_t to unsigned int, this change checks whether the hashlen overflows
an unsigned int and returns an error.
diff --git a/ChangeLog b/ChangeLog
index aaf1bba..c1cb9ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,13 @@
= mbed TLS 2.1.x branch released xxxx-xx-xx
+Security
+ * Add checks to prevent signature forgeries for very large messages while
+ using RSA through the PK module in 64-bit systems. The issue was caused by
+ some data loss when casting a size_t to an unsigned int value in the
+ functions rsa_verify_wrap(), rsa_sign_wrap(), rsa_alt_sign_wrap() and
+ mbedtls_pk_sign(). Found by Jean-Philippe Aumasson.
+
Bugfix
* Fix the redefinition of macro ssl_set_bio to an undefined symbol
mbedtls_ssl_set_bio_timeout in compat-1.3.h, by removing it.