diff options
| -rw-r--r-- | extra/yassl/README | 9 | ||||
| -rw-r--r-- | extra/yassl/include/openssl/ssl.h | 2 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/src/rsa.cpp | 2 |
3 files changed, 11 insertions, 2 deletions
diff --git a/extra/yassl/README b/extra/yassl/README index b18e2baeea8..30c7af4a702 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,6 +12,15 @@ before calling SSL_new(); *** end Note *** +yaSSL Release notes, version 2.3.5 (9/29/2014) + + This release of yaSSL fixes an RSA Padding check vulnerability reported by + Intel Security Advanced Threat Research team + +See normal build instructions below under 1.0.6. +See libcurl build instructions below under 1.3.0 and note in 1.5.8. + + yaSSL Release notes, version 2.3.4 (8/15/2014) This release of yaSSL adds checking to the input_buffer class itself. diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 993822d0ab0..e678c600fed 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -35,7 +35,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.3.4" +#define YASSL_VERSION "2.3.5" #if defined(__cplusplus) diff --git a/extra/yassl/taocrypt/src/rsa.cpp b/extra/yassl/taocrypt/src/rsa.cpp index 69c59402e48..79a8a8f1c4f 100644 --- a/extra/yassl/taocrypt/src/rsa.cpp +++ b/extra/yassl/taocrypt/src/rsa.cpp @@ -177,7 +177,7 @@ word32 RSA_BlockType1::UnPad(const byte* pkcsBlock, word32 pkcsBlockLen, // skip past the padding until we find the separator unsigned i=1; - while (i<pkcsBlockLen && pkcsBlock[i++]) { // null body + while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) { // null body } if (!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) return 0; |