Mbed TLS is now part of TrustedFirmware.org.

CVE-2018-0487 mitigation?

Mar 3, 2018 01:13
Milena Milenkovic

Hello, If the 2.6 mbed TLS library version is configured to support RSASSA-PSS (MBEDTLS_PKCS1_V21 enabled), but MBEDTLS_X509_RSASSA_PSS_SUPPORT is disabled, could an attacker still exploit CVE-2018-0487 during a TLS connection? The library is used for the TLS stack.

Mar 9, 2018 14:43
Gilles Peskine

Hi Milena,

If MBEDTLS_X509_RSASSA_PSS_SUPPORT is disabled at compile time, then the TLS or X.509 code will not call the vulnerable code (regardless of whether MBEDTLS_PKCS1_V21 is enabled). Therefore disabling MBEDTLS_X509_RSASSA_PSS_SUPPORT at compile time does make it impossible to exploit CVE-2018-0487 through TLS or X.509

For the avoidance of doubt, if MBEDTLS_X509_RSASSA_PSS_SUPPORT is enabled at compile time, then CVE-2018-0487 can be exploited through TLS even if MBEDTLS_PK_RSASSA_PSS is disabled in the X.509 profile at runtime.

Best regards,

Gilles Peskine (Mbed TLS team)

Mar 9, 2018 20:06
Milena Milenkovic

Thanks! Maybe it would be useful to mention that in the advisory as well, in case someone else has a similar config.