Updated yassl to yassl-2.3.8mysql-5.5.46

(cherry picked from commit 7f9941eab55ed672bfcccd382dafbdbcfdc75aaa)
author: Robert Golebiowski <robert.golebiowski@oracle.com> 2015-09-18 11:18:25 +0200
committer: Bjorn Munch <bjorn.munch@oracle.com> 2015-09-18 16:13:38 +0200
commit: b9768521bdeb1a8069c7b871f4536792b65fd79b (patch)
tree: 7c8cf55e4750040c2071ea0e09d56ece275dcb6d /extra/yassl/src
parent: 0243a2d432abb609af890aea5a417862aa4514cb (diff)
download: mariadb-git-b9768521bdeb1a8069c7b871f4536792b65fd79b.tar.gz
3 files changed, 20 insertions, 1 deletions
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
index 33303b1106d..aa2de39333c 100644
--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -1172,6 +1172,8 @@ void sendCertificateVerify(SSL& ssl, BufferOutput buffer)
 
     CertificateVerify  verify;
     verify.Build(ssl);
+    if (ssl.GetError()) return;
+
     RecordLayerHeader  rlHeader;
     HandShakeHeader    hsHeader;
     mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
diff --git a/extra/yassl/src/yassl_error.cpp b/extra/yassl/src/yassl_error.cpp
index e5d69367339..5169b7dd5d0 100644
--- a/extra/yassl/src/yassl_error.cpp
+++ b/extra/yassl/src/yassl_error.cpp
@@ -148,6 +148,10 @@ void SetErrorString(YasslError error, char* buffer)
         strncpy(buffer, "sanity check on cipher text size error", max);
         break;
 
+    case rsaSignFault_error:
+        strncpy(buffer, "rsa signature fault error", max);
+        break;
+
         // openssl errors
     case SSL_ERROR_WANT_READ :
         strncpy(buffer, "the read operation would block", max);
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
index 69ba469b928..1baa5adedf8 100644
--- a/extra/yassl/src/yassl_imp.cpp
+++ b/extra/yassl/src/yassl_imp.cpp
@@ -196,9 +196,16 @@ void DH_Server::build(SSL& ssl)
     sha.update(tmp.get_buffer(), tmp.get_size());
     sha.get_digest(&hash[MD5_LEN]);
 
-    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo)
+    if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
         auth->sign(signature_, hash, sizeof(hash),
                    ssl.getCrypto().get_random());
+        // check for rsa signautre fault
+        if (!auth->verify(hash, sizeof(hash), signature_,
+                                              auth->get_signatureLength())) {
+            ssl.SetError(rsaSignFault_error);
+            return;
+        }
+    }
     else {
         auth->sign(signature_, &hash[MD5_LEN], SHA_LEN,
                    ssl.getCrypto().get_random());
@@ -2159,6 +2166,12 @@ void CertificateVerify::Build(SSL& ssl)
         memcpy(sig.get(), len, VERIFY_HEADER);
         rsa.sign(sig.get() + VERIFY_HEADER, hashes_.md5_, sizeof(Hashes),
                  ssl.getCrypto().get_random());
+        // check for rsa signautre fault
+        if (!rsa.verify(hashes_.md5_, sizeof(Hashes), sig.get() + VERIFY_HEADER,
+                                                      rsa.get_cipherLength())) {
+            ssl.SetError(rsaSignFault_error);
+            return;
+        }
     }
     else {  // DSA
         DSS dss(cert.get_privateKey(), cert.get_privateKeyLength(), false);
author	Robert Golebiowski <robert.golebiowski@oracle.com>	2015-09-18 11:18:25 +0200
committer	Bjorn Munch <bjorn.munch@oracle.com>	2015-09-18 16:13:38 +0200
commit	b9768521bdeb1a8069c7b871f4536792b65fd79b (patch)
tree	7c8cf55e4750040c2071ea0e09d56ece275dcb6d /extra/yassl/src
parent	0243a2d432abb609af890aea5a417862aa4514cb (diff)
download	mariadb-git-b9768521bdeb1a8069c7b871f4536792b65fd79b.tar.gz