Bug#19695101 UPGRADE YASSL TO 2.3.5

Kristofer Pettersson · Kristofer Pettersson · commit d6d45fa3d86c · 2014-09-29T10:17:38.000+02:00
diff --git a/extra/yassl/README b/extra/yassl/README
@@ -12,6 +12,15 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.3.5 (9/29/2014)
+
+    This release of yaSSL fixes an RSA Padding check vulnerability reported by
+    Intel Security Advanced Threat Research team
+
+See normal  build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
 yaSSL Release notes, version 2.3.4 (8/15/2014)
 
     This release of yaSSL adds checking to the input_buffer class itself.
diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h
@@ -35,7 +35,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.3.4"
+#define YASSL_VERSION "2.3.5"
 
 
 #if defined(__cplusplus)
diff --git a/extra/yassl/taocrypt/src/rsa.cpp b/extra/yassl/taocrypt/src/rsa.cpp
@@ -177,7 +177,7 @@ word32 RSA_BlockType1::UnPad(const byte* pkcsBlock, word32 pkcsBlockLen,
 
     // skip past the padding until we find the separator
     unsigned i=1;
-    while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body
+    while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) { // null body
         }
     if (!(i==pkcsBlockLen || pkcsBlock[i-1]==0))
         return 0;

Original file line number	Diff line number	Diff line change
`@@ -177,7 +177,7 @@ word32 RSA_BlockType1::UnPad(const byte* pkcsBlock, word32 pkcsBlockLen,`
`177`	`177`
`178`	`178`	`// skip past the padding until we find the separator`
`179`	`179`	`unsigned i=1;`
`180`		`- while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body`
	`180`	`+ while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) { // null body`
`181`	`181`	`}`
`182`	`182`	`if (!(i==pkcsBlockLen \|\| pkcsBlock[i-1]==0))`
`183`	`183`	`return 0;`