Hello, If the 2.6 mbed TLS library version is configured to support RSASSA-PSS (MBEDTLS_PKCS1_V21 enabled), but MBEDTLS_X509_RSASSA_PSS_SUPPORT is disabled, could an attacker still exploit CVE-2018-0487 during a TLS connection? The library is used for the TLS stack.
MBEDTLS_X509_RSASSA_PSS_SUPPORT is disabled at compile time, then the TLS or X.509 code will not call the vulnerable code (regardless of whether
MBEDTLS_PKCS1_V21 is enabled). Therefore disabling
MBEDTLS_X509_RSASSA_PSS_SUPPORT at compile time does make it impossible to exploit CVE-2018-0487 through TLS or X.509
For the avoidance of doubt, if
MBEDTLS_X509_RSASSA_PSS_SUPPORT is enabled at compile time, then CVE-2018-0487 can be exploited through TLS even if
MBEDTLS_PK_RSASSA_PSS is disabled in the X.509 profile at runtime.
Gilles Peskine (Mbed TLS team)
Thanks! Maybe it would be useful to mention that in the advisory as well, in case someone else has a similar config.