diff options
| author | Yashwant Sahu <yashwant.sahu@oracle.com> | 2016-02-26 11:53:56 +0530 |
|---|---|---|
| committer | Yashwant Sahu <yashwant.sahu@oracle.com> | 2016-02-26 11:53:56 +0530 |
| commit | e7061f7e5a96c66cb2e0bf46bec7f6ff35801a69 (patch) | |
| tree | 10d72b2871af980cc0084c67e3b88b41b682801a /extra | |
| parent | 29cc2c28832ae4733804ac6b29d650238ee0559c (diff) | |
| download | mariadb-git-e7061f7e5a96c66cb2e0bf46bec7f6ff35801a69.tar.gz | |
Bug #22738607: YASSL FUNCTION X509_NAME_GET_INDEX_BY_NID IS NOT WORKING AS EXPECTED.mysql-5.5.49
Diffstat (limited to 'extra')
| -rw-r--r-- | extra/yassl/README | 6 | ||||
| -rw-r--r-- | extra/yassl/include/openssl/ssl.h | 2 | ||||
| -rw-r--r-- | extra/yassl/include/yassl_int.hpp | 8 | ||||
| -rw-r--r-- | extra/yassl/src/cert_wrapper.cpp | 9 | ||||
| -rw-r--r-- | extra/yassl/src/ssl.cpp | 10 | ||||
| -rw-r--r-- | extra/yassl/src/yassl_int.cpp | 31 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/include/asn.hpp | 8 | ||||
| -rw-r--r-- | extra/yassl/taocrypt/src/asn.cpp | 12 | ||||
| -rw-r--r-- | extra/yassl/testsuite/test.hpp | 22 |
9 files changed, 80 insertions, 28 deletions
diff --git a/extra/yassl/README b/extra/yassl/README index 81d573d0b20..b5eb88824fb 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,6 +12,12 @@ before calling SSL_new(); *** end Note *** +yaSSL Release notes, version 2.3.9b (2/03/2016) + This release of yaSSL fixes the OpenSSL compatibility function + X509_NAME_get_index_by_NID() to use the actual index of the common name + instead of searching on the format prefix. Thanks for the report from + yashwant.sahu@oracle.com . Anyone using this function should update. + yaSSL Release notes, version 2.3.9 (12/01/2015) This release of yaSSL fixes two client side Diffie-Hellman problems. yaSSL was only handling the cases of zero or one leading zeros for the key diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index 095b3c6aa80..83daf3cc81f 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -35,7 +35,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.3.9" +#define YASSL_VERSION "2.3.9b" #if defined(__cplusplus) diff --git a/extra/yassl/include/yassl_int.hpp b/extra/yassl/include/yassl_int.hpp index 573f4f2264f..642afb25368 100644 --- a/extra/yassl/include/yassl_int.hpp +++ b/extra/yassl/include/yassl_int.hpp @@ -191,14 +191,18 @@ private: class X509_NAME { char* name_; size_t sz_; + int cnPosition_; // start of common name, -1 is none + int cnLen_; // length of above ASN1_STRING entry_; public: - X509_NAME(const char*, size_t sz); + X509_NAME(const char*, size_t sz, int pos, int len); ~X509_NAME(); const char* GetName() const; ASN1_STRING* GetEntry(int i); size_t GetLength() const; + int GetCnPosition() const { return cnPosition_; } + int GetCnLength() const { return cnLen_; } private: X509_NAME(const X509_NAME&); // hide copy X509_NAME& operator=(const X509_NAME&); // and assign @@ -226,7 +230,7 @@ class X509 { StringHolder afterDate_; // not valid after public: X509(const char* i, size_t, const char* s, size_t, - const char* b, int, const char* a, int); + const char* b, int, const char* a, int, int, int, int, int); ~X509() {} X509_NAME* GetIssuer(); diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp index ff359c6ad71..f620f5efce0 100644 --- a/extra/yassl/src/cert_wrapper.cpp +++ b/extra/yassl/src/cert_wrapper.cpp @@ -293,7 +293,10 @@ int CertManager::Validate() int aSz = (int)strlen(cert.GetAfterDate()) + 1; peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(), sSz, cert.GetBeforeDate(), bSz, - cert.GetAfterDate(), aSz); + cert.GetAfterDate(), aSz, + cert.GetIssuerCnStart(), cert.GetIssuerCnLength(), + cert.GetSubjectCnStart(), cert.GetSubjectCnLength() + ); if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) { X509_STORE_CTX store; @@ -345,7 +348,9 @@ void CertManager::setPeerX509(X509* x) peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(), subject->GetName(), subject->GetLength(), (const char*) before->data, - before->length, (const char*) after->data, after->length); + before->length, (const char*) after->data, after->length, + issuer->GetCnPosition(), issuer->GetCnLength(), + subject->GetCnPosition(), subject->GetCnLength()); } diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp index 845b35bac8b..cde32df4f43 100644 --- a/extra/yassl/src/ssl.cpp +++ b/extra/yassl/src/ssl.cpp @@ -1351,15 +1351,13 @@ int ASN1_STRING_type(ASN1_STRING *x) int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos) { int idx = -1; // not found - const char* start = &name->GetName()[lastpos + 1]; + int cnPos = -1; switch (nid) { case NID_commonName: - const char* found = strstr(start, "/CN="); - if (found) { - found += 4; // advance to str - idx = found - start + lastpos + 1; - } + cnPos = name->GetCnPosition(); + if (lastpos < cnPos) + idx = cnPos; break; } diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 19ba6386efd..f041850f85f 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1555,7 +1555,9 @@ void SSL_SESSION::CopyX509(X509* x) peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(), subject->GetName(), subject->GetLength(), (const char*) before->data, - before->length, (const char*) after->data, after->length); + before->length, (const char*) after->data, after->length, + issuer->GetCnPosition(), issuer->GetCnLength(), + subject->GetCnPosition(), subject->GetCnLength()); } @@ -2472,8 +2474,8 @@ void Security::set_resuming(bool b) } -X509_NAME::X509_NAME(const char* n, size_t sz) - : name_(0), sz_(sz) +X509_NAME::X509_NAME(const char* n, size_t sz, int pos, int len) + : name_(0), sz_(sz), cnPosition_(pos), cnLen_(len) { if (sz) { name_ = NEW_YS char[sz]; @@ -2503,8 +2505,9 @@ size_t X509_NAME::GetLength() const X509::X509(const char* i, size_t iSz, const char* s, size_t sSz, - const char* b, int bSz, const char* a, int aSz) - : issuer_(i, iSz), subject_(s, sSz), + const char* b, int bSz, const char* a, int aSz, int issPos, + int issLen, int subPos, int subLen) + : issuer_(i, iSz, issPos, issLen), subject_(s, sSz, subPos, subLen), beforeDate_(b, bSz), afterDate_(a, aSz) {} @@ -2538,17 +2541,19 @@ ASN1_STRING* X509_NAME::GetEntry(int i) if (i < 0 || i >= int(sz_)) return 0; + if (i != cnPosition_ || cnLen_ <= 0) // only entry currently supported + return 0; + + if (cnLen_ > int(sz_-i)) // make sure there's room in read buffer + return 0; + if (entry_.data) ysArrayDelete(entry_.data); - entry_.data = NEW_YS byte[sz_]; // max size; + entry_.data = NEW_YS byte[cnLen_+1]; // max size; - memcpy(entry_.data, &name_[i], sz_ - i); - if (entry_.data[sz_ -i - 1]) { - entry_.data[sz_ - i] = 0; - entry_.length = int(sz_) - i; - } - else - entry_.length = int(sz_) - i - 1; + memcpy(entry_.data, &name_[i], cnLen_); + entry_.data[cnLen_] = 0; + entry_.length = cnLen_; entry_.type = 0; return &entry_; diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index c7d01d00323..9a10064ce02 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -283,6 +283,10 @@ public: const byte* GetHash() const { return subjectHash_; } const char* GetBeforeDate() const { return beforeDate_; } const char* GetAfterDate() const { return afterDate_; } + int GetSubjectCnStart() const { return subCnPos_; } + int GetIssuerCnStart() const { return issCnPos_; } + int GetSubjectCnLength() const { return subCnLen_; } + int GetIssuerCnLength() const { return issCnLen_; } void DecodeToKey(); private: @@ -292,6 +296,10 @@ private: word32 sigLength_; // length of signature word32 signatureOID_; // sum of algorithm object id word32 keyOID_; // sum of key algo object id + int subCnPos_; // subject common name start, -1 is none + int subCnLen_; // length of above + int issCnPos_; // issuer common name start, -1 is none + int issCnLen_; // length of above byte subjectHash_[SHA_SIZE]; // hash of all Names byte issuerHash_[SHA_SIZE]; // hash of all Names byte* signature_; diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index c419ec0a992..a210d805452 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -474,8 +474,9 @@ void DH_Decoder::Decode(DH& key) CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers, bool noVerify, CertType ct) - : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), - signature_(0), verify_(!noVerify) + : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), subCnPos_(-1), + subCnLen_(0), issCnPos_(-1), issCnLen_(0), signature_(0), + verify_(!noVerify) { issuer_[0] = 0; subject_[0] = 0; @@ -796,6 +797,13 @@ void CertDecoder::GetName(NameType nt) case COMMON_NAME: if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen))) return; + if (nt == ISSUER) { + issCnPos_ = (int)(ptr - strLen - issuer_); + issCnLen_ = (int)strLen; + } else { + subCnPos_ = (int)(ptr - strLen - subject_); + subCnLen_ = (int)strLen; + } break; case SUR_NAME: if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen))) diff --git a/extra/yassl/testsuite/test.hpp b/extra/yassl/testsuite/test.hpp index 3e15ce81489..5c9dc7ce117 100644 --- a/extra/yassl/testsuite/test.hpp +++ b/extra/yassl/testsuite/test.hpp @@ -470,10 +470,28 @@ inline void showPeer(SSL* ssl) char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0); char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0); - printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer, - subject); + X509_NAME_ENTRY* se = NULL; + ASN1_STRING* sd = NULL; + char* subCN = NULL; + + X509_NAME* sub = X509_get_subject_name(peer); + int lastpos = -1; + if (sub) + lastpos = X509_NAME_get_index_by_NID(sub, NID_commonName, lastpos); + if (lastpos >= 0) { + se = X509_NAME_get_entry(sub, lastpos); + if (se) + sd = X509_NAME_ENTRY_get_data(se); + if (sd) + subCN = (char*)ASN1_STRING_data(sd); + } + + printf("peer's cert info:\n issuer : %s\n subject: %s\n" + " subject cn: %s\n", issuer, subject, subCN); + free(subject); free(issuer); + } else printf("peer has no cert!\n"); |