Bug#19695101 UPGRADE YASSL TO 2.3.5

d6d45fa3 · Kristofer Pettersson · 68ea0ea1 · d6d45fa3 · d6d45fa3 · d6d45fa3
Commit d6d45fa3 authored Sep 29, 2014 by Kristofer Pettersson
Showing with 11 additions and 2 deletions

extra/yassl/README extra/yassl/README +9 -0

extra/yassl/include/openssl/ssl.h extra/yassl/include/openssl/ssl.h +1 -1

extra/yassl/taocrypt/src/rsa.cpp extra/yassl/taocrypt/src/rsa.cpp +1 -1

No files found.
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,6 +12,15 @@ before calling SSL_new();
 *** end Note ***
+yaSSL Release notes, version 2.3.5 (9/29/2014)
+    This release of yaSSL fixes an RSA Padding check vulnerability reported by
+    Intel Security Advanced Threat Research team
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
 yaSSL Release notes, version 2.3.4 (8/15/2014)
    This release of yaSSL adds checking to the input_buffer class itself.

--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -35,7 +35,7 @@
 #include "rsa.h"
-#define YASSL_VERSION "2.3.4"
+#define YASSL_VERSION "2.3.5"
 #if defined(__cplusplus)

--- a/extra/yassl/taocrypt/src/rsa.cpp
+++ b/extra/yassl/taocrypt/src/rsa.cpp
@@ -177,7 +177,7 @@ word32 RSA_BlockType1::UnPad(const byte* pkcsBlock, word32 pkcsBlockLen,
    // skip past the padding until we find the separator
    unsigned i=1;
-    while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
+    while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) { // null body
        }
    if (!(i==pkcsBlockLen || pkcsBlock[i-1]==0))
        return 0;