11 files changed, 93 insertions, 7 deletions
diff --git a/extra/yassl/README b/extra/yassl/README
index da399c3d141..bf0e1c9f40f 100644
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,6 +12,35 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.3.8 (9/17/2015)
+    This release of yaSSL fixes a high security vulnerability.  All users
+    SHOULD update.  If using yaSSL for TLS on the server side with private
+    RSA keys allowing ephemeral key exchange you MUST update and regenerate
+    the RSA private keys.  This report is detailed in:
+    https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
+    yaSSL now detects RSA signature faults and returns an error.
+
+yaSSL Patch notes, version 2.3.7e (6/26/2015)
+    This release of yaSSL includes a fix for Date less than comparison.
+    Previously yaSSL would return true on less than comparisons if the Dates
+    were equal. Reported by Oracle. No security problem, but if a cert was
+    generated right now, a server started using it in the same second, and a
+    client tried to verify it in the same second it would report not yet valid.
+
+yaSSL Patch notes, version 2.3.7d (6/22/2015)
+    This release of yaSSL includes a fix for input_buffer set_current with
+    index 0.  SSL_peek() at front of waiting data could trigger.  Robert
+    Golebiowski of Oracle identified and suggested a fix, thanks!
+
+yaSSL Patch notes, version 2.3.7c (6/12/2015)
+    This release of yaSSL does certificate DATE comparisons to the second
+    instead of to the minute, helpful when using freshly generated certs.
+    Though keep in mind that time sync differences could still show up.
+
+yaSSL Patch notes, version 2.3.7b (3/18/2015)
+    This release of yaSSL fixes a potential crash with corrupted private keys.
+    Also detects bad keys earlier for user.
+
 yaSSL Release notes, version 2.3.7 (12/10/2014)
     This release of yaSSL fixes the potential to process duplicate handshake
     messages by explicitly marking/checking received handshake messages.
diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h
index 24acc7e86b9..b0a7592f870 100644
--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -35,7 +35,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.3.7"
+#define YASSL_VERSION "2.3.8"
 
 
 #if defined(__cplusplus)
diff --git a/extra/yassl/include/yassl_error.hpp b/extra/yassl/include/yassl_error.hpp
index beba7b0b5dd..d63244dca90 100644
--- a/extra/yassl/include/yassl_error.hpp
+++ b/extra/yassl/include/yassl_error.hpp
@@ -53,7 +53,8 @@ enum YasslError {
     compress_error      = 118,
     decompress_error    = 119,
     pms_version_error   = 120,
-    sanityCipher_error  = 121
+    sanityCipher_error  = 121,
+    rsaSignFault_error  = 122
 
     // !!!! add error message to .cpp !!!!
 
diff --git a/extra/yassl/src/buffer.cpp b/extra/yassl/src/buffer.cpp
index ee5e0cc0793..532da3875a7 100644
--- a/extra/yassl/src/buffer.cpp
+++ b/extra/yassl/src/buffer.cpp
@@ -165,7 +165,7 @@ void input_buffer::set_error()
 
 void input_buffer::set_current(uint i) 
 {
-    if (error_ == 0 && (i == 0 || check(i - 1, size_) == 0))
+    if (error_ == 0 && check(i ? i - 1 : 0, size_) == 0)
         current_ = i;
     else
         error_ = -1;
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
index 33303b1106d..aa2de39333c 100644
--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -1172,6 +1172,8 @@ void sendCertificateVerify(SSL& ssl, BufferOutput buffer)
 
     CertificateVerify  verify;
     verify.Build(ssl);
+    if (ssl.GetError()) return;
+
     RecordLayerHeader  rlHeader;
     HandShakeHeader    hsHeader;
     mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index 9c1016ba53d..9516e8b985e 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -37,6 +37,8 @@
 #include "file.hpp"             // for TaoCrypt Source
 #include "coding.hpp"           // HexDecoder
 #include "helpers.hpp"          // for placement new hack
+#include "rsa.hpp"              // for TaoCrypt RSA key decode
+#include "dsa.hpp"              // for TaoCrypt DSA key decode
 #include <stdio.h>
 
 #ifdef _WIN32
@@ -54,6 +56,8 @@ namespace yaSSL {
 
 int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
 {
+    int ret = SSL_SUCCESS;
+
     if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
         return SSL_BAD_FILETYPE;
 
@@ -141,8 +145,31 @@ int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
             }
         }
     }
+
+    if (type == PrivateKey && ctx->privateKey_) {
+        // see if key is valid early
+        TaoCrypt::Source rsaSource(ctx->privateKey_->get_buffer(),
+                                   ctx->privateKey_->get_length());
+        TaoCrypt::RSA_PrivateKey rsaKey;
+        rsaKey.Initialize(rsaSource);
+
+        if (rsaSource.GetError().What()) {
+            // rsa failed see if DSA works
+
+            TaoCrypt::Source dsaSource(ctx->privateKey_->get_buffer(),
+                                       ctx->privateKey_->get_length());
+            TaoCrypt::DSA_PrivateKey dsaKey;
+            dsaKey.Initialize(dsaSource);
+
+            if (rsaSource.GetError().What()) {
+                // neither worked
+                ret = SSL_FAILURE;
+            }
+        }
+    }
+
     fclose(input);
-    return SSL_SUCCESS;
+    return ret;
 }
 
 
diff --git a/extra/yassl/src/yassl_error.cpp b/extra/yassl/src/yassl_error.cpp
index 36e286a73ce..fec6a3394ca 100644
--- a/extra/yassl/src/yassl_error.cpp
+++ b/extra/yassl/src/yassl_error.cpp
@@ -148,6 +148,10 @@ void SetErrorString(YasslError error, char* buffer)
         strncpy(buffer, "sanity check on cipher text size error", max);
         break;
 
+    case rsaSignFault_error:
+        strncpy(buffer, "rsa signature fault error", max);
+        break;
+
         // openssl errors
     case SSL_ERROR_WANT_READ :
         strncpy(buffer, "the read operation would block", max);
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
index 742d07956da..e1a410086fb 100644
--- a/extra/yassl/src/yassl_imp.cpp
+++ b/extra/yassl/src/yassl_imp.cpp
@@ -196,9 +196,16 @@ void DH_Server::build(SSL& ssl)
     sha.update(tmp.get_buffer(), tmp.get_size());
     sha.get_digest(&hash[MD5_LEN]);
 
-    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo)
+    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
         auth->sign(signature_, hash, sizeof(hash),
                    ssl.getCrypto().get_random());
+        // check for rsa signautre fault
+        if (!auth->verify(hash, sizeof(hash), signature_,
+                                              auth->get_signatureLength())) {
+            ssl.SetError(rsaSignFault_error);
+            return;
+        }
+    }
     else {
         auth->sign(signature_, &hash[MD5_LEN], SHA_LEN,
                    ssl.getCrypto().get_random());
@@ -2159,6 +2166,12 @@ void CertificateVerify::Build(SSL& ssl)
         memcpy(sig.get(), len, VERIFY_HEADER);
         rsa.sign(sig.get() + VERIFY_HEADER, hashes_.md5_, sizeof(Hashes),
                  ssl.getCrypto().get_random());
+        // check for rsa signautre fault
+        if (!rsa.verify(hashes_.md5_, sizeof(Hashes), sig.get() + VERIFY_HEADER,
+                                                      rsa.get_cipherLength())) {
+            ssl.SetError(rsaSignFault_error);
+            return;
+        }
     }
     else {  // DSA
         DSS dss(cert.get_privateKey(), cert.get_privateKeyLength(), false);
diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp
index d521088d74a..c419ec0a992 100644
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -39,7 +39,7 @@ namespace TaoCrypt {
 namespace { // locals
 
 
-// to the minute
+// to the second
 bool operator>(tm& a, tm& b)
 {
     if (a.tm_year > b.tm_year)
@@ -60,13 +60,18 @@ bool operator>(tm& a, tm& b)
         a.tm_min > b.tm_min)
         return true;
 
+    if (a.tm_year == b.tm_year && a.tm_mon == b.tm_mon &&
+        a.tm_mday == b.tm_mday && a.tm_hour == b.tm_hour &&
+        a.tm_min  == b.tm_min  && a.tm_sec > b.tm_sec)
+        return true;
+
     return false;
 }
 
 
 bool operator<(tm& a, tm&b)
 {
-    return !(a>b);
+    return (b>a);
 }
 
 
diff --git a/extra/yassl/taocrypt/src/rsa.cpp b/extra/yassl/taocrypt/src/rsa.cpp
index 79a8a8f1c4f..73f678e2674 100644
--- a/extra/yassl/taocrypt/src/rsa.cpp
+++ b/extra/yassl/taocrypt/src/rsa.cpp
@@ -140,6 +140,10 @@ word32 RSA_BlockType2::UnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
 void RSA_BlockType1::Pad(const byte* input, word32 inputLen, byte* pkcsBlock,
                          word32 pkcsBlockLen, RandomNumberGenerator&) const
 {
+    // sanity checks
+    if (input == NULL || pkcsBlock == NULL)
+        return;
+
     // convert from bit length to byte length
     if (pkcsBlockLen % 8 != 0)
     {
diff --git a/extra/yassl/testsuite/cipher-test.sh b/extra/yassl/testsuite/cipher-test.sh
index 5ce29459d07..d3e69146097 100644
--- a/extra/yassl/testsuite/cipher-test.sh
+++ b/extra/yassl/testsuite/cipher-test.sh
@@ -4,6 +4,7 @@
 # 
 
 
+no_pid=-1
 server_pid=$no_pid