Commit 7dc6f93d authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard Committed by Simon Butcher

Add precision about exploitability in ChangeLog

Also fix some whitespace while at it.
parent ff40a4b8
......@@ -5,6 +5,7 @@ mbed TLS ChangeLog (Sorted per branch, date)
Security
* Fix potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt
(not triggerable remotely in (D)TLS).
Bugfix
* Fix bug in mbedtls_mpi_add_mpi() that caused wrong results when the three
......
......@@ -595,7 +595,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
// first comparison checks for overflow
if( ilen + 11 < ilen || olen < ilen + 11 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment