diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2016-06-30 16:38:05 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2016-06-30 16:38:05 +0200 |
| commit | 932646b1ff6a8f5815a961340a9e1ee4702f5b44 (patch) | |
| tree | 5bc42ace8ae1f7e4d00baffd468bdb7564e851f1 /extra | |
| parent | 0bb30f3603b519780eaf3fe0527b1c6af285229a (diff) | |
| parent | 33492ec8d4e2077cf8e07d0628a959d8729bd1f9 (diff) | |
| download | mariadb-git-932646b1ff6a8f5815a961340a9e1ee4702f5b44.tar.gz | |
Merge branch '10.1' into 10.2
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/mysql_waitpid.c | 7 | ||||
| -rw-r--r-- | extra/yassl/README | 6 | ||||
| -rw-r--r-- | extra/yassl/include/openssl/ssl.h | 2 | ||||
| -rw-r--r-- | extra/yassl/include/yassl_int.hpp | 8 | ||||
| -rw-r--r-- | extra/yassl/src/cert_wrapper.cpp | 13 | ||||
| -rw-r--r-- | extra/yassl/src/log.cpp | 3 | ||||
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 14 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 33 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/include/asn.hpp | 8 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/src/asn.cpp | 12 | ||||
| -rw-r--r-- | extra/yassl/testsuite/test.hpp | 22 |
11 files changed, 90 insertions, 38 deletions
diff --git a/extra/mysql_waitpid.c b/extra/mysql_waitpid.c index 7777da25aa1..5cdf1dedc27 100644 --- a/extra/mysql_waitpid.c +++ b/extra/mysql_waitpid.c @@ -50,10 +50,11 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), switch(optid) { case 'V': printf("%s version %s by Jani Tolonen\n", progname, VER); - exit(-1); + exit(0); case 'I': case '?': usage(); + exit(0); } return 0; } @@ -69,7 +70,10 @@ int main(int argc, char *argv[]) exit(-1); if (!argv[0] || !argv[1] || (pid= atoi(argv[0])) <= 0 || (t= atoi(argv[1])) <= 0) + { usage(); + exit(-1); + } for (; t > 0; t--) { if (kill((pid_t) pid, sig)) @@ -100,5 +104,4 @@ void usage(void) printf("integer arguments.\n\n"); printf("Options:\n"); my_print_help(my_long_options); - exit(-1); } diff --git a/extra/yassl/README b/extra/yassl/README index 81d573d0b20..b5eb88824fb 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,6 +12,12 @@ before calling SSL_new(); *** end Note *** +yaSSL Release notes, version 2.3.9b (2/03/2016) + This release of yaSSL fixes the OpenSSL compatibility function + X509_NAME_get_index_by_NID() to use the actual index of the common name + instead of searching on the format prefix. Thanks for the report from + yashwant.sahu@oracle.com . Anyone using this function should update. + yaSSL Release notes, version 2.3.9 (12/01/2015) This release of yaSSL fixes two client side Diffie-Hellman problems. yaSSL was only handling the cases of zero or one leading zeros for the key diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 84ce40b8415..c95eb1ed887 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -34,7 +34,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.3.9" +#define YASSL_VERSION "2.3.9b" #if defined(__cplusplus) diff --git a/extra/yassl/include/yassl_int.hpp b/extra/yassl/include/yassl_int.hpp index 55b4b34f9c6..4f35c7e7c92 100644 --- a/extra/yassl/include/yassl_int.hpp +++ b/extra/yassl/include/yassl_int.hpp @@ -191,14 +191,18 @@ private: class X509_NAME { char* name_; size_t sz_; + int cnPosition_; // start of common name, -1 is none + int cnLen_; // length of above ASN1_STRING entry_; public: - X509_NAME(const char*, size_t sz); + X509_NAME(const char*, size_t sz, int pos, int len); ~X509_NAME(); const char* GetName() const; ASN1_STRING* GetEntry(int i); size_t GetLength() const; + int GetCnPosition() const { return cnPosition_; } + int GetCnLength() const { return cnLen_; } private: X509_NAME(const X509_NAME&); // hide copy X509_NAME& operator=(const X509_NAME&); // and assign @@ -226,7 +230,7 @@ class X509 { StringHolder afterDate_; // not valid after public: X509(const char* i, size_t, const char* s, size_t, - ASN1_STRING *b, ASN1_STRING *a); + ASN1_STRING *b, ASN1_STRING *a, int, int, int, int); ~X509() {} X509_NAME* GetIssuer(); diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp index af94f5bc24f..1092e428351 100644 --- a/extra/yassl/src/cert_wrapper.cpp +++ b/extra/yassl/src/cert_wrapper.cpp @@ -304,7 +304,10 @@ int CertManager::Validate() afterDate.type= cert.GetAfterDateType(); afterDate.length= strlen((char *) afterDate.data) + 1; peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(), - sSz, &beforeDate, &afterDate); + sSz, &beforeDate, &afterDate, + cert.GetIssuerCnStart(), cert.GetIssuerCnLength(), + cert.GetSubjectCnStart(), cert.GetSubjectCnLength() + ); if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) { X509_STORE_CTX store; @@ -350,7 +353,9 @@ int CertManager::SetPrivateKey(const x509& key) afterDate.type= cd.GetAfterDateType(); afterDate.length= strlen((char *) afterDate.data) + 1; selfX509_ = NEW_YS X509(cd.GetIssuer(), iSz, cd.GetCommonName(), - sSz, &beforeDate, &afterDate); + sSz, &beforeDate, &afterDate, + cd.GetIssuerCnStart(), cd.GetIssuerCnLength(), + cd.GetSubjectCnStart(), cd.GetSubjectCnLength()); } return 0; } @@ -367,7 +372,9 @@ void CertManager::setPeerX509(X509* x) ASN1_STRING* after = x->GetAfter(); peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(), - subject->GetName(), subject->GetLength(), before, after); + subject->GetName(), subject->GetLength(), before, after, + issuer->GetCnPosition(), issuer->GetCnLength(), + subject->GetCnPosition(), subject->GetCnLength()); } diff --git a/extra/yassl/src/log.cpp b/extra/yassl/src/log.cpp index 13c68295747..c4be306a7b8 100644 --- a/extra/yassl/src/log.cpp +++ b/extra/yassl/src/log.cpp @@ -1,6 +1,5 @@ /* - Copyright (C) 2000-2007 MySQL AB - Use is subject to license terms + Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 5603430a677..2a1f2fbe395 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -1351,15 +1351,13 @@ int ASN1_STRING_type(ASN1_STRING *x) int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos) { int idx = -1; // not found - const char* start = &name->GetName()[lastpos + 1]; + int cnPos = -1; switch (nid) { case NID_commonName: - const char* found = strstr(start, "/CN="); - if (found) { - found += 4; // advance to str - idx = found - start + lastpos + 1; - } + cnPos = name->GetCnPosition(); + if (lastpos < cnPos) + idx = cnPos; break; } @@ -1471,10 +1469,6 @@ int SSL_peek(SSL* ssl, void* buffer, int sz) int SSL_pending(SSL* ssl) { - // Just in case there's pending data that hasn't been processed yet... - char c; - SSL_peek(ssl, &c, 1); - return ssl->bufferedData(); } diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 9b447547c56..edc89df4cfa 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1554,8 +1554,9 @@ void SSL_SESSION::CopyX509(X509* x) ASN1_TIME* after = x->GetAfter(); peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(), - subject->GetName(), subject->GetLength(), - before, after); + subject->GetName(), subject->GetLength(), before, after, + issuer->GetCnPosition(), issuer->GetCnLength(), + subject->GetCnPosition(), subject->GetCnLength()); } @@ -2477,8 +2478,8 @@ void Security::set_resuming(bool b) } -X509_NAME::X509_NAME(const char* n, size_t sz) - : name_(0), sz_(sz) +X509_NAME::X509_NAME(const char* n, size_t sz, int pos, int len) + : name_(0), sz_(sz), cnPosition_(pos), cnLen_(len) { if (sz) { name_ = NEW_YS char[sz]; @@ -2508,8 +2509,10 @@ size_t X509_NAME::GetLength() const X509::X509(const char* i, size_t iSz, const char* s, size_t sSz, - ASN1_STRING *b, ASN1_STRING *a) - : issuer_(i, iSz), subject_(s, sSz), + ASN1_STRING *b, ASN1_STRING *a, + int issPos, int issLen, + int subPos, int subLen) + : issuer_(i, iSz, issPos, issLen), subject_(s, sSz, subPos, subLen), beforeDate_((char *) b->data, b->length, b->type), afterDate_((char *) a->data, a->length, a->type) {} @@ -2544,17 +2547,19 @@ ASN1_STRING* X509_NAME::GetEntry(int i) if (i < 0 || i >= int(sz_)) return 0; + if (i != cnPosition_ || cnLen_ <= 0) // only entry currently supported + return 0; + + if (cnLen_ > int(sz_-i)) // make sure there's room in read buffer + return 0; + if (entry_.data) ysArrayDelete(entry_.data); - entry_.data = NEW_YS byte[sz_]; // max size; + entry_.data = NEW_YS byte[cnLen_+1]; // max size; - memcpy(entry_.data, &name_[i], sz_ - i); - if (entry_.data[sz_ -i - 1]) { - entry_.data[sz_ - i] = 0; - entry_.length = int(sz_) - i; - } - else - entry_.length = int(sz_) - i - 1; + memcpy(entry_.data, &name_[i], cnLen_); + entry_.data[cnLen_] = 0; + entry_.length = cnLen_; entry_.type = 0; return &entry_; diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index 2854b8fe06d..999e853b941 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -285,6 +285,10 @@ public: byte GetBeforeDateType() const { return beforeDateType_; } const char* GetAfterDate() const { return afterDate_; } byte GetAfterDateType() const { return afterDateType_; } + int GetSubjectCnStart() const { return subCnPos_; } + int GetIssuerCnStart() const { return issCnPos_; } + int GetSubjectCnLength() const { return subCnLen_; } + int GetIssuerCnLength() const { return issCnLen_; } void DecodeToKey(); private: @@ -294,6 +298,10 @@ private: word32 sigLength_; // length of signature word32 signatureOID_; // sum of algorithm object id word32 keyOID_; // sum of key algo object id + int subCnPos_; // subject common name start, -1 is none + int subCnLen_; // length of above + int issCnPos_; // issuer common name start, -1 is none + int issCnLen_; // length of above byte subjectHash_[SHA_SIZE]; // hash of all Names byte issuerHash_[SHA_SIZE]; // hash of all Names byte* signature_; diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index d8b133a3f0a..0474e7c21d5 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -482,8 +482,9 @@ void DH_Decoder::Decode(DH& key) CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers, bool noVerify, CertType ct) - : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), - signature_(0), verify_(!noVerify) + : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), subCnPos_(-1), + subCnLen_(0), issCnPos_(-1), issCnLen_(0), signature_(0), + verify_(!noVerify) { issuer_[0] = 0; subject_[0] = 0; @@ -804,6 +805,13 @@ void CertDecoder::GetName(NameType nt) case COMMON_NAME: if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen))) return; + if (nt == ISSUER) { + issCnPos_ = (int)(ptr - strLen - issuer_); + issCnLen_ = (int)strLen; + } else { + subCnPos_ = (int)(ptr - strLen - subject_); + subCnLen_ = (int)strLen; + } break; case SUR_NAME: if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen))) diff --git a/extra/yassl/testsuite/test.hpp b/extra/yassl/testsuite/test.hpp index 52f6ed79526..5374edd0e2a 100644 --- a/extra/yassl/testsuite/test.hpp +++ b/extra/yassl/testsuite/test.hpp @@ -470,10 +470,28 @@ inline void showPeer(SSL* ssl) char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); - printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, - subject); + X509_NAME_ENTRY* se = NULL; + ASN1_STRING* sd = NULL; + char* subCN = NULL; + + X509_NAME* sub = X509_get_subject_name(peer); + int lastpos = -1; + if (sub) + lastpos = X509_NAME_get_index_by_NID(sub, NID_commonName, lastpos); + if (lastpos >= 0) { + se = X509_NAME_get_entry(sub, lastpos); + if (se) + sd = X509_NAME_ENTRY_get_data(se); + if (sd) + subCN = (char*)ASN1_STRING_data(sd); + } + + printf("peer's cert info:\n issuer : %s\n subject: %s\n" + " subject cn: %s\n", issuer, subject, subCN); + free(subject); free(issuer); + } else printf("peer has no cert!\n"); |