summaryrefslogtreecommitdiff
path: root/extra
diff options
context:
space:
mode:
authorHarin Vadodaria <harin.vadodaria@oracle.com>2014-08-23 08:59:03 +0530
committerHarin Vadodaria <harin.vadodaria@oracle.com>2014-08-23 08:59:03 +0530
commit6b1d25a3b366c73752fe02350f48f8449311e7ec (patch)
tree7e692646b16ed1d7255c950ef60f3400cf29cb9a /extra
parent63a6af328594a48b9ea930d17088c739a2ebe4c8 (diff)
downloadmariadb-git-6b1d25a3b366c73752fe02350f48f8449311e7ec.tar.gz
Bug#19370676 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT
LIES ABOUT SUITE_LEN_ and Bug#19355577 : YASSL PRE-AUTH BUFFER OVERFLOW WHEN CLIENT LIES ABOUT COMP_LEN_ Description : Updating yaSSL to version 2.3.4.
Diffstat (limited to 'extra')
-rw-r--r--extra/yassl/README22
-rw-r--r--extra/yassl/certs/ca-cert.pem100
-rw-r--r--extra/yassl/certs/client-cert.derbin782 -> 1198 bytes
-rw-r--r--extra/yassl/certs/client-cert.pem100
-rw-r--r--extra/yassl/certs/client-key.derbin319 -> 1192 bytes
-rw-r--r--extra/yassl/certs/client-keyEnc.pem34
-rw-r--r--extra/yassl/certs/dsa1024.derbin0 -> 448 bytes
-rw-r--r--extra/yassl/certs/dsa1024.pem12
-rw-r--r--extra/yassl/certs/dsa512.derbin249 -> 0 bytes
-rw-r--r--extra/yassl/certs/dsa512.pem8
-rw-r--r--extra/yassl/certs/server-cert.pem210
-rw-r--r--extra/yassl/certs/server-keyEnc.pem52
-rw-r--r--extra/yassl/include/buffer.hpp18
-rw-r--r--extra/yassl/include/openssl/ssl.h2
-rw-r--r--extra/yassl/src/buffer.cpp113
-rw-r--r--extra/yassl/src/handshake.cpp25
-rw-r--r--extra/yassl/src/yassl_imp.cpp179
-rw-r--r--extra/yassl/src/yassl_int.cpp7
-rw-r--r--extra/yassl/taocrypt/include/asn.hpp11
-rw-r--r--extra/yassl/taocrypt/include/block.hpp6
-rw-r--r--extra/yassl/taocrypt/include/integer.hpp4
-rw-r--r--extra/yassl/taocrypt/include/pwdbased.hpp8
-rw-r--r--extra/yassl/taocrypt/include/runtime.hpp17
-rw-r--r--extra/yassl/taocrypt/include/sha.hpp9
-rw-r--r--extra/yassl/taocrypt/src/aes.cpp19
-rw-r--r--extra/yassl/taocrypt/src/algebra.cpp8
-rw-r--r--extra/yassl/taocrypt/src/arc4.cpp11
-rw-r--r--extra/yassl/taocrypt/src/asn.cpp48
-rw-r--r--extra/yassl/taocrypt/src/blowfish.cpp8
-rw-r--r--extra/yassl/taocrypt/src/des.cpp11
-rw-r--r--extra/yassl/taocrypt/src/integer.cpp31
-rw-r--r--extra/yassl/taocrypt/src/md5.cpp10
-rw-r--r--extra/yassl/taocrypt/src/misc.cpp22
-rw-r--r--extra/yassl/taocrypt/src/rabbit.cpp10
-rw-r--r--extra/yassl/taocrypt/src/random.cpp3
-rw-r--r--extra/yassl/taocrypt/src/ripemd.cpp13
-rw-r--r--extra/yassl/taocrypt/src/sha.cpp11
-rw-r--r--extra/yassl/taocrypt/src/twofish.cpp13
38 files changed, 717 insertions, 438 deletions
diff --git a/extra/yassl/README b/extra/yassl/README
index 2c144815f19..b18e2baeea8 100644
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,15 +12,31 @@ before calling SSL_new();
*** end Note ***
-yaSSL Release notes, version 2.3.0 (12/5/2013)
+yaSSL Release notes, version 2.3.4 (8/15/2014)
- This release of yaSSL updates asm for newer GCC versions.
+ This release of yaSSL adds checking to the input_buffer class itself.
See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
-*****************yaSSL Release notes, version 2.2.3b (4/23/2013)
+yaSSL Release notes, version 2.3.2 (7/25/2014)
+
+ This release of yaSSL updates test certs.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.3.0 (12/5/2013)
+
+ This release of yaSSL updates asm for newer GCC versions.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.2.3 (4/23/2013)
This release of yaSSL updates the test certificates as they were expired
diff --git a/extra/yassl/certs/ca-cert.pem b/extra/yassl/certs/ca-cert.pem
index b2dc6ae6ee3..7e64eb47961 100644
--- a/extra/yassl/certs/ca-cert.pem
+++ b/extra/yassl/certs/ca-cert.pem
@@ -1,45 +1,45 @@
-----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
-VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
-dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
-MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
-aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
-MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
-8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
-EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
-dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
-mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
-CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
-BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
-P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
-dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
-BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
-9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
-PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
-Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
-G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
-ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
-rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
+MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf
++n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH
+7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2
+DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB
+VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq
+Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
- e9:d0:a7:5f:79:25:f4:3c
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+ 9a:41:47:cd:a1:14:62:8c
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Oct 24 18:18:15 2011 GMT
- Not After : Jul 20 18:18:15 2014 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+ Not Before: Jul 11 03:20:08 2014 GMT
+ Not After : Apr 6 03:20:08 2017 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
+ Public-Key: (2048 bit)
+ Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
@@ -64,24 +64,24 @@ Certificate:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
- DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
- serial:E9:D0:A7:5F:79:25:F4:3C
+ DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:9A:41:47:CD:A1:14:62:8C
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
- 5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
- 4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
- e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
- f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
- af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
- 98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
- 8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
- 1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
- 61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
- 1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
- 60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
- 18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
- f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
- b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
- 5a:1f:7f:ca
+ 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f:
+ fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca:
+ f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f:
+ 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4:
+ 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f:
+ ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3:
+ c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5:
+ b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a:
+ 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81:
+ 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74:
+ 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14:
+ e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9:
+ 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3:
+ bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f:
+ b2:b3:03:d8
diff --git a/extra/yassl/certs/client-cert.der b/extra/yassl/certs/client-cert.der
index 9c2ef138bf6..293985adb97 100644
--- a/extra/yassl/certs/client-cert.der
+++ b/extra/yassl/certs/client-cert.der
Binary files differ
diff --git a/extra/yassl/certs/client-cert.pem b/extra/yassl/certs/client-cert.pem
index 278b43fe65c..38330d5380e 100644
--- a/extra/yassl/certs/client-cert.pem
+++ b/extra/yassl/certs/client-cert.pem
@@ -2,17 +2,17 @@ Certificate:
Data:
Version: 3 (0x2)
Serial Number:
- 87:4a:75:be:91:66:d8:3d
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
+ b6:63:af:8f:5d:62:57:a0
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Oct 24 18:21:55 2011 GMT
- Not After : Jul 20 18:21:55 2014 GMT
- Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com
+ Not Before: Jul 11 17:39:44 2014 GMT
+ Not After : Apr 6 17:39:44 2017 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
+ Public-Key: (2048 bit)
+ Modulus:
00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b:
2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07:
32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d:
@@ -37,51 +37,51 @@ Certificate:
33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
X509v3 Authority Key Identifier:
keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0
- DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com
- serial:87:4A:75:BE:91:66:D8:3D
+ DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:B6:63:AF:8F:5D:62:57:A0
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
- 1c:7c:42:81:29:9e:21:cf:d0:d8:c1:54:6f:cc:ae:14:09:38:
- ff:68:98:9a:95:53:76:18:7b:e6:30:76:ec:28:0d:75:a7:de:
- e0:cd:8e:d5:55:23:6a:47:2b:4e:8d:fc:7d:06:a3:d8:0f:ad:
- 5e:d6:04:c9:00:33:fb:77:27:d3:b5:03:b3:7b:21:74:31:0b:
- 4a:af:2d:1a:b3:93:8e:cc:f3:5f:3d:90:3f:cc:e3:55:19:91:
- 7b:78:24:2e:4a:09:bb:18:4e:61:2d:9c:c6:0a:a0:34:91:88:
- 70:6b:3b:48:47:bc:79:94:a2:a0:4d:32:47:54:c2:a3:dc:2e:
- d2:51:4c:29:39:11:ff:e2:15:5e:58:97:36:f6:e9:06:06:86:
- 0e:8d:9d:95:03:72:b2:8b:19:7c:e9:14:6e:a1:88:73:68:58:
- 6d:71:5e:c2:d5:d3:13:d2:5f:de:ea:03:be:e2:00:40:e5:ce:
- fd:e6:92:31:57:c3:eb:bb:66:ac:cb:2f:1a:fa:e0:62:a2:47:
- f4:93:43:2a:4b:6c:5e:0a:2f:f9:e7:e6:4a:63:86:b0:ac:2a:
- a1:eb:b4:5b:67:cd:32:e4:b6:11:4b:9a:72:66:0d:a2:4a:76:
- 8f:fe:22:bc:83:fd:db:b7:d5:a9:ee:05:c9:b1:71:7e:1b:2b:
- e1:e3:af:c0
+ 85:10:90:c5:5d:de:25:8c:f2:57:7b:2d:14:1c:05:f9:71:63:
+ 40:b0:e3:c1:c1:2e:13:2a:7a:b7:d6:24:58:87:eb:03:fb:0d:
+ af:e0:f4:d0:c8:bc:51:36:10:4f:79:cc:4f:66:7d:af:99:cb:
+ 7b:ce:68:94:c6:36:aa:42:6e:8c:78:5b:b2:85:ca:d1:e1:a8:
+ 31:d1:81:d9:f9:c1:a3:9e:34:43:ef:0a:79:7d:3e:83:61:fc:
+ 14:5c:d1:dd:bc:0e:d7:51:b7:71:6e:41:7e:8b:2c:5a:9a:cb:
+ 77:4b:6a:f5:06:ff:02:af:1e:e6:63:4f:bc:44:d9:3f:56:9e:
+ 09:9c:43:f9:55:21:32:46:82:09:86:a9:7b:74:1c:9e:5a:2a:
+ bf:03:79:91:cb:f2:29:7f:c9:15:82:89:b9:53:cd:7e:07:90:
+ a9:5d:76:e1:19:5e:0d:58:b8:59:d5:0d:df:23:ab:6b:63:76:
+ 19:9e:9c:df:b0:57:49:6c:d0:86:97:c3:6c:3c:fa:e0:56:c2:
+ 1b:e3:a1:42:1a:58:62:85:9d:74:19:83:08:af:59:90:f8:99:
+ bd:67:d3:4a:ea:0e:c9:ca:61:8a:0d:8a:42:cc:90:e9:2e:c2:
+ 54:73:7f:5e:af:8d:e2:32:cb:45:20:d6:19:4d:5b:77:31:cc:
+ 0f:2d:c0:7e
-----BEGIN CERTIFICATE-----
-MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD
-VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG
-A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu
-eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw
-MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE
-CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS
-BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ
-KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE
-ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk
-NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+
-v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/
-eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw
-Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU
-M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w
-J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x
-ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv
-Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW
-DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG
-9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe
-4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q
-P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR
-/+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO
-/eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua
-cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA==
+MIIEqjCCA5KgAwIBAgIJALZjr49dYlegMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G
+A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNDA3MTExNzM5NDRaFw0xNzA0MDYxNzM5NDRaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s
+ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9am
+NrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/
+Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE7
+9fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX
+11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8l
+TMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwgckGA1UdIwSBwTCBvoAU
+M9hFZtdohxh+VA1wJ5HHJteFZcChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM
+MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAtmOvj11iV6AwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAhRCQxV3eJYzyV3stFBwF+XFj
+QLDjwcEuEyp6t9YkWIfrA/sNr+D00Mi8UTYQT3nMT2Z9r5nLe85olMY2qkJujHhb
+soXK0eGoMdGB2fnBo540Q+8KeX0+g2H8FFzR3bwO11G3cW5BfossWprLd0tq9Qb/
+Aq8e5mNPvETZP1aeCZxD+VUhMkaCCYape3QcnloqvwN5kcvyKX/JFYKJuVPNfgeQ
+qV124RleDVi4WdUN3yOra2N2GZ6c37BXSWzQhpfDbDz64FbCG+OhQhpYYoWddBmD
+CK9ZkPiZvWfTSuoOycphig2KQsyQ6S7CVHN/Xq+N4jLLRSDWGU1bdzHMDy3Afg==
-----END CERTIFICATE-----
diff --git a/extra/yassl/certs/client-key.der b/extra/yassl/certs/client-key.der
index 649406c4417..94dc253a2bd 100644
--- a/extra/yassl/certs/client-key.der
+++ b/extra/yassl/certs/client-key.der
Binary files differ
diff --git a/extra/yassl/certs/client-keyEnc.pem b/extra/yassl/certs/client-keyEnc.pem
index 6f29eac50c1..0097c0760a5 100644
--- a/extra/yassl/certs/client-keyEnc.pem
+++ b/extra/yassl/certs/client-keyEnc.pem
@@ -1,30 +1,12 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,B9D8FB94E38635AB
+DEK-Info: DES-EDE3-CBC,BDE979D13CCC0ABD
-3OTcffWLy2Ddlu2oUwnMWkvIb3e9wLL1jrKOpC0aeb//uiawgw50+KuU4pewB5fN
-lfEJwpX4NjfPL+Nk+B1VAVrv5gwk5/SY9SwIJluutzmGS4TfVOhqi2SVd0mc9kOD
-cSWQ9ltAohFu67jdx36j2u+eghDTOjls1lM8EpzL5cu3Bp4G+ST0nXAdnGtSZdV6
-eToLWjIHiC/JqeRSsKAlG0M5verw14sbb5MO4ZQF4Tdu0fCFgFvDSUM2V4ZLtS1N
-VysLEkHoF56YKZ5H2FYLxOVDpn5lSiLnOgRbteEzsysyJ1zLxXWFFwJPCpLVNL0e
-P7OoEoCR+oAdzGkkPF+EdMoULtQP+n6U7jGx3oFVS17NORIFvyxyP0hD4pGTGLnl
-qAEk30lhKGAE5GgvA2itxZIno/sxPKr5T5Sc2yWh9RdQuLWYNrOb8Kz8J1iXV5l6
-/5TLGu5XVWIlBnUtjMFUe5M54tqGQ6SuDUlL2ud5YeLVN0T+RU/bqV2fXGoBUqKb
-Oe8PECm62Ls0wjv27BIOXXV32WSXwsywSzBqq2YXZ5zc9Q0+Mf1Zl6jKwcr8rXhv
-rA2kcpicONryggsPZnn/us1bVuWKndsCbm7A5om6HowpamNMPuxhISigzzE59L6X
-X6Sl2F0N0zhrfUVlAAlfYTrwcQVtyBDj1xp2nzJFocurJt9EylLaT0Sw3nxWtuOg
-yQuF05UPCzxqow/7dMVqtQKng0ptpsn/E+Kr/Egk1YaTpUUxref6mD3R1S+qWML8
-uqTa3y1CWd4u+aJZH2oZU3gmEd8GvuWnmhsw8iTyq1bzYIga1rQZqh4W5Ok9V+jR
-GioT/x3mTIhtuEZ1Cmhne5qM3gWYgM3rC3D4+RnUFeThOC5lHtOYHtIEpg66cs7g
-QYAn75ghEkyfG7ZvdxAU9Ngn6hckux9tFu3GmeEtdqhVOHaOMaYi60uGSk6uBnTv
-P1sUqi70kMrIBWU7TgldKlTqVdReM87Nkb2O5v1xqtoswLWIi65hFWTqt/H65c1H
-aEBG1cBqnqBMYuFk8b4TzZbuU9o1UKj0/6N5mpm//BmW65B0htEDP7IYpGF0mt0H
-LkU+4ISmuLfPfQeviYio6/yASaFkHpxfK7N8CQvmyAG9U8FHRio2QCGSb2EO+BnT
-Bti6L9oMiQbAsCLWTbvBhCVxdncFw1ncq8gkPMXjEEVUsqAo5Kg+903pRHUyHLzS
-R6R3C6tTJnNtucJ0zqQMF3K1FHS1m8GrOm+hskJLTHgZLdz6tFTYkXfZBSCwIl7s
-plg0wq9CrNC2B8MczWn/j3/h7qSI3wBNqADHMdoiOHECffCeyGEYjW3+0iMoj1m1
-wY0DIym4DDRzk6wsEesxVi8iiCVpYwWnjJAvWYECEO+hWuwCez+eGVkhCT/5g3xW
-hPSRhivNuJT05tdR5o+yqONHn1eAQH7Ar3cj+neY5WC0iS5FK9axTqbHXotofD1e
-pJX17ZVWsmIIpRvAWGD+LOcfTMZsaB9DJbkrPSWlMW3lC2S5JOq8OgfMNWIDDUN1
-guwpK5Z/lWV1qMMnaWeDVgPH/G0FssECXlCU5+/Ol654h8tm2bRXYAYHPM+OoW67
+N7yz2JV13EmQ7MZPL5wamid5+G1V1gp8FKqMemAC5JDxonS/W9oViMLUcxbfPTDx
+FznKdYSVTIQ7vv3ofmDG4MEyV/2C568N2kdtAw+jTfrZFN+IU9CI+W+In/nacirF
+02sAcvDMofustnooKNOO7/iyb5+3vRvEt5vSSRQn5WuSQ9sUKjuzoLs/lbf7fyAt
+4NeqfI3rYBZXxiUOLITOGXzGNRuFoY+o2uDCfelLAJ8uhiVG6ME3LeJEo1dT5lZ8
+CSJOLPasKg0iG4V7olM4j9FvAfZr48RRsSfUen756Jo2HpI4bad8LKhFYIdNs2Au
+WwKLmjpo6QB9hBmRshR04rEXPdrgTqLBExCE08PyaGYnWU8ggWritCeBzDQFj/n4
+sI+NO0Mymuvg98e5RpO52lg3Xnqv9RIK3guLFOmI6aEHC0PS4WwOEQ==
-----END RSA PRIVATE KEY-----
diff --git a/extra/yassl/certs/dsa1024.der b/extra/yassl/certs/dsa1024.der
new file mode 100644
index 00000000000..db880d51480
--- /dev/null
+++ b/extra/yassl/certs/dsa1024.der
Binary files differ
diff --git a/extra/yassl/certs/dsa1024.pem b/extra/yassl/certs/dsa1024.pem
new file mode 100644
index 00000000000..5478ebfc2b2
--- /dev/null
+++ b/extra/yassl/certs/dsa1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQC9Ue5KMuCKx+rG4epwxFFDzyoH4ccSwlglXsRdvqswDRK/oQvT
+NNNoWiVxTn3kvQ8qDlhWy9KjGTrqr/ttgmh56FFpe6tz4yTgCNyR9D+eGclD7lNf
+dPUc4E3SA6efopG6+ymI55bS+9xUFTG402UCrYSKT59zI2HBfuI6dltsxQIVAJHJ
+7WDQ+jBn/nmMyCQzdi+0qJx1AoGBAJJacRK36s5yGY1b6qhxWqvpoAC+SfEKylZn
+YWGYf2PM+Iwo6AgPKEw6BSsX+7Nmc4Gjyr4JWhComKi6onPamO/A2CbMM0DCxb47
+BeLBWfqWAgXVj0CODT4MQos5yugnviR/YpEgbzLxvrXr469lKWsAyB19/gFmGmQW
+cCgAwGm6AoGBAJ3LY89yHyvQ/TsQ6zlYbovjbk/ogndsMqPdNUvL4RuPTgJP/caa
+DDa0XJ7ak6A7TJ+QheLNwOXoZPYJC4EGFSDAXpYniGhbWIrVTCGe6lmZDfnx40WX
+S0kk3m/DHaC03ElLAiybxVGxyqoUfbT3Zv1JwftWMuiqHH5uADhdXuXVAhQ01VXa
+Rr8IPem35lKghVKnq/kGQw==
+-----END DSA PRIVATE KEY-----
diff --git a/extra/yassl/certs/dsa512.der b/extra/yassl/certs/dsa512.der
deleted file mode 100644
index 027bedeffb1..00000000000
--- a/extra/yassl/certs/dsa512.der
+++ /dev/null
Binary files differ
diff --git a/extra/yassl/certs/dsa512.pem b/extra/yassl/certs/dsa512.pem
deleted file mode 100644
index 04a3dd94a77..00000000000
--- a/extra/yassl/certs/dsa512.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol
-m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ
-AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE
-1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+
-VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc
-E2V27tjDFY02uA==
------END DSA PRIVATE KEY-----
diff --git a/extra/yassl/certs/server-cert.pem b/extra/yassl/certs/server-cert.pem
index cfe4b7b8228..f56cba9de70 100644
--- a/extra/yassl/certs/server-cert.pem
+++ b/extra/yassl/certs/server-cert.pem
@@ -1,17 +1,17 @@
Certificate:
Data:
- Version: 1 (0x0)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Oct 24 18:27:13 2011 GMT
- Not After : Jul 20 18:27:13 2014 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=Support, CN=www.yassl.com/emailAddress=info@yassl.com
+ Not Before: Jul 11 17:20:14 2014 GMT
+ Not After : Apr 6 17:20:14 2017 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
+ Public-Key: (2048 bit)
+ Modulus:
00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27:
01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6:
f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75:
@@ -31,59 +31,74 @@ Certificate:
a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f:
ad:d7
Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C
+ X509v3 Authority Key Identifier:
+ keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
+ DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:9A:41:47:CD:A1:14:62:8C
+
+ X509v3 Basic Constraints:
+ CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
- 71:4e:d3:62:df:cc:4c:f7:cd:b7:6e:52:0b:6c:6e:e0:bd:c2:
- 2d:07:d7:c0:b0:6e:43:1e:35:bc:30:01:50:f0:ff:99:23:6c:
- 18:1a:41:b6:11:d6:d4:19:61:fd:e4:77:97:1c:39:e1:57:ab:
- c5:15:63:77:11:36:5e:74:e2:24:0b:1f:41:78:ad:b7:81:e7:
- b4:40:66:80:f0:4b:91:a0:6d:a8:6e:3d:53:d9:8b:ce:2a:e1:
- 0b:45:65:87:a1:96:ae:ee:3e:88:d5:12:1f:78:17:ae:2c:c5:
- 73:44:d8:dc:f4:af:d8:cc:ae:4c:e1:0c:be:55:a4:99:f7:6e:
- 96:c0:c8:45:87:bf:dc:51:57:ff:9e:73:37:6a:18:9c:c3:f9:
- 22:7a:f4:b0:52:bd:fc:21:30:f8:c5:ff:1e:87:7d:ad:a2:5a:
- 35:f5:22:a8:b4:0a:76:38:e6:76:b0:98:af:1b:ec:8a:0a:43:
- 74:d2:85:34:37:84:07:e1:f6:23:b2:29:de:a6:b6:b7:4c:57:
- 7e:96:06:cb:a9:16:25:29:3a:03:2d:55:7d:a6:8c:a4:f7:9e:
- 81:c9:95:b6:7c:c1:4a:ce:94:66:0c:ca:88:eb:d2:09:f5:5b:
- 19:58:82:df:27:fd:67:95:78:b7:02:06:d5:a7:61:bd:ef:3a:
- fc:b2:61:cd
+ 3d:8c:70:05:5b:62:4b:bf:6c:b6:48:61:01:10:1d:5e:05:ba:
+ 55:94:2c:ae:59:6f:97:80:5d:6c:86:ec:9a:eb:15:45:44:e4:
+ 56:f8:75:ca:8a:45:32:f4:c7:e1:fa:f2:98:1c:91:d3:3f:e8:
+ 0e:c9:1b:fa:e1:79:99:67:0e:0d:6b:8a:ec:1a:2c:59:c4:34:
+ 04:8d:39:77:cd:b5:e9:60:5b:82:bf:34:ce:ed:c6:4f:3f:b4:
+ 5c:4d:8a:b4:f4:0a:04:12:a0:56:c1:e1:33:37:a1:54:87:48:
+ e9:81:c2:0f:8f:6f:d3:52:4c:4c:32:4c:6b:9f:3a:04:8f:77:
+ 5d:ad:dc:3d:2b:f2:c9:df:3c:60:5d:d8:fc:86:72:7c:3d:d0:
+ 84:4b:8c:df:26:43:fe:c0:cc:5b:e1:36:b3:3d:32:28:a3:ef:
+ 0c:20:d6:b1:50:39:d6:67:a9:8b:84:bc:92:34:eb:19:23:e8:
+ 10:8f:ea:bd:18:8c:93:27:3c:74:75:8e:58:04:fa:2a:74:44:
+ 7d:fc:4d:39:df:54:17:ba:78:e1:5d:6a:70:d3:7c:a2:80:81:
+ e6:19:51:91:c3:44:51:ec:bb:88:a9:53:e1:d7:a9:8c:28:f4:
+ 21:1c:42:51:09:b4:12:6d:a0:d6:25:09:85:c6:2a:0c:af:a7:
+ 58:e6:52:8b
-----BEGIN CERTIFICATE-----
-MIIDkDCCAngCAQIwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
-aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
-MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTExMDI0MTgyNzEzWhcN
-MTQwNzIwMTgyNzEzWjCBijELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmEx
-EDAOBgNVBAcTB0JvemVtYW4xDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwdTdXBw
-b3J0MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZv
-QHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFX
-QfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/h
-vXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4
-pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo
-3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4
-D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHm
-YYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAcU7TYt/MTPfNt25S
-C2xu4L3CLQfXwLBuQx41vDABUPD/mSNsGBpBthHW1Blh/eR3lxw54VerxRVjdxE2
-XnTiJAsfQXitt4HntEBmgPBLkaBtqG49U9mLzirhC0Vlh6GWru4+iNUSH3gXrizF
-c0TY3PSv2MyuTOEMvlWkmfdulsDIRYe/3FFX/55zN2oYnMP5Inr0sFK9/CEw+MX/
-Hod9raJaNfUiqLQKdjjmdrCYrxvsigpDdNKFNDeEB+H2I7Ip3qa2t0xXfpYGy6kW
-JSk6Ay1VfaaMpPeegcmVtnzBSs6UZgzKiOvSCfVbGViC3yf9Z5V4twIG1adhve86
-/LJhzQ==
+MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh
+d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz
+bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTQwNzEx
+MTcyMDE0WhcNMTcwNDA2MTcyMDE0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM
+B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO
+BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
+SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn
+f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X
+GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM
+QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq
+0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ
+6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU
+sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj
+s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h
+MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK
+Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN
+AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYDVR0TBAUwAwEB/zAN
+BgkqhkiG9w0BAQUFAAOCAQEAPYxwBVtiS79stkhhARAdXgW6VZQsrllvl4BdbIbs
+musVRUTkVvh1yopFMvTH4frymByR0z/oDskb+uF5mWcODWuK7BosWcQ0BI05d821
+6WBbgr80zu3GTz+0XE2KtPQKBBKgVsHhMzehVIdI6YHCD49v01JMTDJMa586BI93
+Xa3cPSvyyd88YF3Y/IZyfD3QhEuM3yZD/sDMW+E2sz0yKKPvDCDWsVA51mepi4S8
+kjTrGSPoEI/qvRiMkyc8dHWOWAT6KnREffxNOd9UF7p44V1qcNN8ooCB5hlRkcNE
+Uey7iKlT4depjCj0IRxCUQm0Em2g1iUJhcYqDK+nWOZSiw==
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
- e9:d0:a7:5f:79:25:f4:3c
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+ 9a:41:47:cd:a1:14:62:8c
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Validity
- Not Before: Oct 24 18:18:15 2011 GMT
- Not After : Jul 20 18:18:15 2014 GMT
- Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com
+ Not Before: Jul 11 03:20:08 2014 GMT
+ Not After : Apr 6 03:20:08 2017 GMT
+ Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
+ Public-Key: (2048 bit)
+ Modulus:
00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a:
f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac:
de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98:
@@ -104,54 +119,55 @@ Certificate:
36:79
Exponent: 65537 (0x10001)
X509v3 extensions:
- X509v3 Subject Key Identifier:
+ X509v3 Subject Key Identifier:
27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
- X509v3 Authority Key Identifier:
+ X509v3 Authority Key Identifier:
keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5
- DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com
- serial:E9:D0:A7:5F:79:25:F4:3C
+ DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com
+ serial:9A:41:47:CD:A1:14:62:8C
- X509v3 Basic Constraints:
+ X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
- 5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26:
- 4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6:
- e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c:
- f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e:
- af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18:
- 98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02:
- 8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab:
- 1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80:
- 61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87:
- 1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f:
- 60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf:
- 18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12:
- f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4:
- b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70:
- 5a:1f:7f:ca
+ 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f:
+ fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca:
+ f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f:
+ 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4:
+ 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f:
+ ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3:
+ c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5:
+ b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a:
+ 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81:
+ 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74:
+ 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14:
+ e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9:
+ 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3:
+ bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f:
+ b2:b3:03:d8
-----BEGIN CERTIFICATE-----
-MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD
-VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G
-A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3
-dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx
-MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD
-VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290
-aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd
-MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q
-8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k
-EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A
-dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/
-mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ
-CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O
-BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd
-P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u
-dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV
-BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG
-9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513
-PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH
-Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr
-G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m
-ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi
-rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg==
+MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G
+A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3
+dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe
+Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ
+MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3
+dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns
+LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D
+mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx
+i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J
+XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc
+/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI
+/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB
++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU
+J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290
+aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t
+MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD
+VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf
++n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH
+7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2
+DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB
+VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq
+Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A==
+-----END CERTIFICATE-----
diff --git a/extra/yassl/certs/server-keyEnc.pem b/extra/yassl/certs/server-keyEnc.pem
index 278a0946c68..e5ab57d4c9e 100644
--- a/extra/yassl/certs/server-keyEnc.pem
+++ b/extra/yassl/certs/server-keyEnc.pem
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-CBC,08132C1FFF5BC8CC
+DEK-Info: DES-CBC,136C7D8A69656668
-W+krChiFlNU+koE0Bep+U45OG4V4IFZv67ex6yJHgcsPd+HQ692A/h+5dYc8rdlW
-2LDgSODHHIMTt6RVJDxXxXs3qFmJQbnVXeXxV209X8EfaRarh+yiMKeUP6K8hIvj
-+IYRma6iKOs+d4KlcZZudGs2f/x8nhxXbmQtrLhGd4h91mnJk2sKmiz7UkUy6Qng
-gOHnT2dfF4Qk2ZYsjisRHjpWZiqh40GO1LuTgUjZoH+LGhMwMwOAE6+ss5xa+yE+
-Xd9Yljm0/QW68JILkCJQjLDRvPGxDJyvYq6TT/kSElsRlI/AuRrZH1YVD3hn/xjx
-tDoEB+JEbH6iu9ne2srxnGSKLzoUbb4XPaCjLIW9BJf7oANmmFQpZZQiRTyIUVWi
-IE5hJciqF7ra7IwfZAW/PeWGXpzNOVN9QAvyAMsmvUCzJdxd1ySUatjhZ+mSFYGk
-rDVtyrgt4ZQgV0EdJV0Yn1ZWMOk1qEKXT0JAnI+9S6Y+QEdwXmdz3xlVuq61Jvub
-iJUVepnD/1QeFfWy8JwlscWpWFrkr569f3SNG+FGb6fufnUP7K6sX3urj+pj1QET
-f9NmmvLBsVsbj1Egg3wnxbVHIUPky64LY04wtNJaAwhuG6mKCvaClKYMTmTCyrzP
-aRwghhMQ3yHUbo2A1ZppYsXXg8lX30eW+5O77N9Q3xfP0phODHXsnXhBH09ml1JQ
-MmiCaL5n6sIVcjtFmN/kyaEuz/1VrBSaDCPeW88n61UXUidXrGOZN/2c/2xFir8B
-2rdE82lQLl07SJxzQQ6aJVvrc5tnbV/ENDySS5dG6Yl/w89/nuu0RFHmAweKqfGC
-8m0XOkmonIk6h3YT7XrkE0b/2jkf1mMaMKrGGfRmxqNt1nGxMCJHAO/Sn9v+I9rU
-W7HCZ04RTnRp1BXcqDxdwlveDKJRVfiKOSSEOpEXXlexS5R1vikmxrCwK5YVUTkT
-3tgahVtHJkFHnBHBzXyHUDwWahxZaU9TO43z0JFxs0zINWUWppldf0oyWjP1FSrI
-a9tXBs7aoykUY9Av9K0p4UJJU005qzD/tuegZFX34wRETJO0BJnlZHTTZSqLSVX+
-KZg4nPq8Xii1VHta3tgw7up2z1tpepsBerTsRQ1+IDpxLaIxgt9am0hXVTiMLex/
-DD9UvQC/eBUmpmWraK/Mqeq/UrPl+lmeoXsG6LWIvEp9d19rJ/3OhIJf2pDh9dC8
-NzJoNP9qOrDajAwzeeF5dbQxCaG+X8am9s4wryC0p+NrQ0tzv8efey0zBodDIOgo
-F1G7+ADgHy+V565q8sdL52xx0xB9Ty5p9IOfOUbxa3K65TJf/I/QAQjl4LyTbkfr
-kzpYAG2uF55EB3Eq3aMrj47pzZy0ELXXN2qYJ9Oelgl+h6MzYbmd+Wm+A2Cofv3u
-7ANAyjAYN7/Lo3lTFAt7sXAXGKnqw62JNSSMkIqZVrG5dn7Jxj5AJCVyYxTrm6Y+
-DDcblX47XrWxVoVJN/dLJZ8FzWs4o/8w9Yn8U54Ci7F0g+j2f+OpDy9PGFYT9pKw
-xWG8chkYE6QPilEYvdi26ZnZ3u236q9PMtyRP87NmBN2sLkj/rbBTzBxWIaGS+Mt
+jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY
+uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN
+eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156
+2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7
+8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI
+F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol
+XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx
+HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs
+b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5
+tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb
+tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg
+LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz
+iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4
+JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly
+AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp
+bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE
+8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X
+vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5
+Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J
+RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT
+yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt
+oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF
+a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA
+b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+
+B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj
-----END RSA PRIVATE KEY-----
diff --git a/extra/yassl/include/buffer.hpp b/extra/yassl/include/buffer.hpp
index 27f71199093..77d2ed8193c 100644
--- a/extra/yassl/include/buffer.hpp
+++ b/extra/yassl/include/buffer.hpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -48,7 +48,11 @@ const uint AUTO = 0xFEEDBEEF;
struct NoCheck {
- void check(uint, uint);
+ int check(uint, uint);
+};
+
+struct Check {
+ int check(uint, uint);
};
/* input_buffer operates like a smart c style array with a checking option,
@@ -60,11 +64,13 @@ struct NoCheck {
* write to the buffer bulk wise and have the correct size
*/
-class input_buffer : public NoCheck {
+class input_buffer : public Check {
uint size_; // number of elements in buffer
uint current_; // current offset position in buffer
byte* buffer_; // storage for buffer
byte* end_; // end of storage marker
+ int error_; // error number
+ byte zero_; // for returning const reference to zero byte
public:
input_buffer();
@@ -93,6 +99,10 @@ public:
uint get_remaining() const;
+ int get_error() const;
+
+ void set_error();
+
void set_current(uint i);
// read only access through [], advance current
@@ -103,7 +113,7 @@ public:
bool eof();
// peek ahead
- byte peek() const;
+ byte peek();
// write function, should use at/near construction
void assign(const byte* t, uint s);
diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h
index d4226450660..993822d0ab0 100644
--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -35,7 +35,7 @@
#include "rsa.h"
-#define YASSL_VERSION "2.3.0"
+#define YASSL_VERSION "2.3.4"
#if defined(__cplusplus)
diff --git a/extra/yassl/src/buffer.cpp b/extra/yassl/src/buffer.cpp
index 6f356e9fd4f..aa7224bf64e 100644
--- a/extra/yassl/src/buffer.cpp
+++ b/extra/yassl/src/buffer.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -32,8 +32,19 @@ namespace yaSSL {
-void NoCheck::check(uint, uint)
+/* return 0 on check success, always true for NoCheck policy */
+int NoCheck::check(uint, uint)
{
+ return 0;
+}
+
+/* return 0 on check success */
+int Check::check(uint i, uint max)
+{
+ if (i < max)
+ return 0;
+
+ return -1;
}
@@ -48,18 +59,20 @@ void NoCheck::check(uint, uint)
input_buffer::input_buffer()
- : size_(0), current_(0), buffer_(0), end_(0)
+ : size_(0), current_(0), buffer_(0), end_(0), error_(0), zero_(0)
{}
input_buffer::input_buffer(uint s)
- : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s)
+ : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s),
+ error_(0), zero_(0)
{}
// with assign
input_buffer::input_buffer(uint s, const byte* t, uint len)
- : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s)
+ : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s),
+ error_(0), zero_(0)
{
assign(t, len);
}
@@ -74,8 +87,10 @@ input_buffer::~input_buffer()
// users can pass defualt zero length buffer and then allocate
void input_buffer::allocate(uint s)
{
- buffer_ = NEW_YS byte[s];
- end_ = buffer_ + s;
+ if (error_ == 0) {
+ buffer_ = NEW_YS byte[s];
+ end_ = buffer_ + s;
+ }
}
@@ -90,40 +105,67 @@ byte* input_buffer::get_buffer() const
// if you know the size before the write use assign()
void input_buffer::add_size(uint i)
{
- check(size_ + i-1, get_capacity());
- size_ += i;
+ if (error_ == 0 && check(size_ + i-1, get_capacity()) == 0)
+ size_ += i;
+ else
+ error_ = -1;
}
uint input_buffer::get_capacity() const
{
- return (uint) (end_ - buffer_);
+ if (error_ == 0)
+ return end_ - buffer_;
+
+ return 0;
}
uint input_buffer::get_current() const
{
- return current_;
+ if (error_ == 0)
+ return current_;
+
+ return 0;
}
uint input_buffer::get_size() const
{
- return size_;
+ if (error_ == 0)
+ return size_;
+
+ return 0;
}
uint input_buffer::get_remaining() const
{
- return size_ - current_;
+ if (error_ == 0)
+ return size_ - current_;
+
+ return 0;
+}
+
+
+int input_buffer::get_error() const
+{
+ return error_;
+}
+
+
+void input_buffer::set_error()
+{
+ error_ = -1;
}
void input_buffer::set_current(uint i)
{
- if (i)
- check(i - 1, size_);
- current_ = i;
+ if (error_ == 0 && i && check(i - 1, size_) == 0)
+ current_ = i;
+ else
+ error_ = -1;
}
@@ -131,40 +173,59 @@ void input_buffer::set_current(uint i)
// user passes in AUTO index for ease of use
const byte& input_buffer::operator[](uint i)
{
- check(current_, size_);
- return buffer_[current_++];
+ if (error_ == 0 && check(current_, size_) == 0)
+ return buffer_[current_++];
+
+ error_ = -1;
+ return zero_;
}
// end of input test
bool input_buffer::eof()
{
+ if (error_ != 0)
+ return true;
+
return current_ >= size_;
}
// peek ahead
-byte input_buffer::peek() const
+byte input_buffer::peek()
{
- return buffer_[current_];
+ if (error_ == 0 && check(current_, size_) == 0)
+ return buffer_[current_];
+
+ error_ = -1;
+ return 0;
}
// write function, should use at/near construction
void input_buffer::assign(const byte* t, uint s)
{
- check(current_, get_capacity());
- add_size(s);
- memcpy(&buffer_[current_], t, s);
+ if (t && error_ == 0 && check(current_, get_capacity()) == 0) {
+ add_size(s);
+ if (error_ == 0) {
+ memcpy(&buffer_[current_], t, s);
+ return; // success
+ }
+ }
+
+ error_ = -1;
}
// use read to query input, adjusts current
void input_buffer::read(byte* dst, uint length)
{
- check(current_ + length - 1, size_);
- memcpy(dst, &buffer_[current_], length);
- current_ += length;
+ if (dst && error_ == 0 && check(current_ + length - 1, size_) == 0) {
+ memcpy(dst, &buffer_[current_], length);
+ current_ += length;
+ } else {
+ error_ = -1;
+ }
}
diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp
index 058f8596546..33303b1106d 100644
--- a/extra/yassl/src/handshake.cpp
+++ b/extra/yassl/src/handshake.cpp
@@ -522,7 +522,7 @@ void buildSHA_CertVerify(SSL& ssl, byte* digest)
// some clients still send sslv2 client hello
void ProcessOldClientHello(input_buffer& input, SSL& ssl)
{
- if (input.get_remaining() < 2) {
+ if (input.get_error() || input.get_remaining() < 2) {
ssl.SetError(bad_input);
return;
}
@@ -549,20 +549,24 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl)
byte len[2];
- input.read(len, sizeof(len));
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
ato16(len, ch.suite_len_);
- input.read(len, sizeof(len));
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
uint16 sessionLen;
ato16(len, sessionLen);
ch.id_len_ = sessionLen;
- input.read(len, sizeof(len));
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
uint16 randomLen;
ato16(len, randomLen);
- if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN ||
- randomLen > RAN_LEN) {
+ if (input.get_error() || ch.suite_len_ > MAX_SUITE_SZ ||
+ ch.suite_len_ > input.get_remaining() ||
+ sessionLen > ID_LEN || randomLen > RAN_LEN) {
ssl.SetError(bad_input);
return;
}
@@ -580,13 +584,12 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl)
ch.suite_len_ = j;
if (ch.id_len_)
- input.read(ch.session_id_, ch.id_len_);
+ input.read(ch.session_id_, ch.id_len_); // id_len_ from sessionLen
if (randomLen < RAN_LEN)
memset(ch.random_, 0, RAN_LEN - randomLen);
input.read(&ch.random_[RAN_LEN - randomLen], randomLen);
-
ch.Process(input, ssl);
}
@@ -787,6 +790,9 @@ int DoProcessReply(SSL& ssl)
ssl.verifyState(hdr);
}
+ if (ssl.GetError())
+ return 0;
+
// make sure we have enough input in buffer to process this record
if (needHdr || hdr.length_ > buffer.get_remaining()) {
// put header in front for next time processing
@@ -799,6 +805,9 @@ int DoProcessReply(SSL& ssl)
while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
// each message in record, can be more than 1 if not encrypted
+ if (ssl.GetError())
+ return 0;
+
if (ssl.getSecurity().get_parms().pending_ == false) { // cipher on
// sanity check for malicious/corrupted/illegal input
if (buffer.get_remaining() < hdr.length_) {
diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp
index db960d307ff..a924cdbd829 100644
--- a/extra/yassl/src/yassl_imp.cpp
+++ b/extra/yassl/src/yassl_imp.cpp
@@ -220,16 +220,26 @@ void DH_Server::build(SSL& ssl)
// read PreMaster secret and decrypt, server side
void EncryptedPreMasterSecret::read(SSL& ssl, input_buffer& input)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
const CertManager& cert = ssl.getCrypto().get_certManager();
RSA rsa(cert.get_privateKey(), cert.get_privateKeyLength(), false);
uint16 cipherLen = rsa.get_cipherLength();
if (ssl.isTLS()) {
byte len[2];
- input.read(len, sizeof(len));
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
ato16(len, cipherLen);
}
alloc(cipherLen);
input.read(secret_, length_);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
opaque preMasterSecret[SECRET_LEN];
rsa.decrypt(preMasterSecret, secret_, length_,
@@ -277,6 +287,11 @@ void EncryptedPreMasterSecret::alloc(int sz)
// read client's public key, server side
void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input)
{
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
DiffieHellman& dh = ssl.useCrypto().use_dh();
uint16 keyLength;
@@ -287,6 +302,10 @@ void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input)
alloc(keyLength);
input.read(Yc_, keyLength);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
dh.makeAgreement(Yc_, keyLength);
// because of encoding, first byte might be 0, don't use for preMaster
@@ -331,6 +350,10 @@ void ClientDiffieHellmanPublic::alloc(int sz, bool offset)
// read server's p, g, public key and sig, client side
void DH_Server::read(SSL& ssl, input_buffer& input)
{
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
uint16 length, messageTotal = 6; // pSz + gSz + pubSz
byte tmp[2];
@@ -341,6 +364,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input)
messageTotal += length;
input.read(parms_.alloc_p(length), length);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
// g
tmp[0] = input[AUTO];
@@ -349,6 +376,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input)
messageTotal += length;
input.read(parms_.alloc_g(length), length);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
// pub
tmp[0] = input[AUTO];
@@ -357,12 +388,20 @@ void DH_Server::read(SSL& ssl, input_buffer& input)
messageTotal += length;
input.read(parms_.alloc_pub(length), length);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
// save message for hash verify
input_buffer message(messageTotal);
input.set_current(input.get_current() - messageTotal);
input.read(message.get_buffer(), messageTotal);
message.add_size(messageTotal);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
// signature
tmp[0] = input[AUTO];
@@ -371,6 +410,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input)
signature_ = NEW_YS byte[length];
input.read(signature_, length);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
// verify signature
byte hash[FINISHED_SZ];
@@ -645,6 +688,10 @@ void HandShakeHeader::Process(input_buffer& input, SSL& ssl)
{
ssl.verifyState(*this);
if (ssl.GetError()) return;
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
const HandShakeFactory& hsf = ssl.getFactory().getHandShake();
mySTL::auto_ptr<HandShakeBase> hs(hsf.CreateObject(type_));
if (!hs.get()) {
@@ -810,8 +857,13 @@ uint16 ChangeCipherSpec::get_length() const
// CipherSpec processing handler
-void ChangeCipherSpec::Process(input_buffer&, SSL& ssl)
+void ChangeCipherSpec::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
ssl.useSecurity().use_parms().pending_ = false;
if (ssl.getSecurity().get_resuming()) {
if (ssl.getSecurity().get_parms().entity_ == client_end)
@@ -873,6 +925,11 @@ output_buffer& operator<<(output_buffer& output, const Alert& a)
// Alert processing handler
void Alert::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
if (ssl.getSecurity().get_parms().pending_ == false) { // encrypted alert
int aSz = get_length(); // alert size already read on input
opaque verify[SHA_LEN];
@@ -890,12 +947,19 @@ void Alert::Process(input_buffer& input, SSL& ssl)
if (ssl.getSecurity().get_parms().cipher_type_ == block) {
int ivExtra = 0;
+ opaque fill;
if (ssl.isTLSv1_1())
ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra -
aSz - digestSz;
- input.set_current(input.get_current() + padSz);
+ for (int i = 0; i < padSz; i++)
+ fill = input[AUTO];
+ }
+
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
}
// verify
@@ -1112,6 +1176,11 @@ static int timing_verify(SSL& ssl, const byte* input, int padLen, int t,
// Process handler for Data
void Data::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
int msgSz = ssl.getSecurity().get_parms().encrypt_size_;
int pad = 0, padSz = 0;
int ivExtra = 0;
@@ -1154,7 +1223,7 @@ void Data::Process(input_buffer& input, SSL& ssl)
int dataSz = msgSz - ivExtra - digestSz - pad - padSz;
- if (dataSz < 0) {
+ if (dataSz < 0 || dataSz > (MAX_RECORD_SIZE + COMPRESS_EXTRA)) {
ssl.SetError(bad_input);
return;
}
@@ -1180,6 +1249,10 @@ void Data::Process(input_buffer& input, SSL& ssl)
// advance past mac and fill
input.set_current(input.get_current() + digestSz + pad + padSz);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
}
@@ -1244,6 +1317,11 @@ output_buffer& operator<<(output_buffer& output, const Certificate& cert)
// certificate processing handler
void Certificate::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
CertManager& cm = ssl.useCrypto().use_certManager();
uint32 list_sz;
@@ -1412,6 +1490,10 @@ input_buffer& operator>>(input_buffer& input, ServerHello& hello)
// Session
hello.id_len_ = input[AUTO];
+ if (hello.id_len_ > ID_LEN) {
+ input.set_error();
+ return input;
+ }
if (hello.id_len_)
input.read(hello.session_id_, hello.id_len_);
@@ -1452,8 +1534,13 @@ output_buffer& operator<<(output_buffer& output, const ServerHello& hello)
// Server Hello processing handler
-void ServerHello::Process(input_buffer&, SSL& ssl)
+void ServerHello::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
if (ssl.GetMultiProtocol()) { // SSLv23 support
if (ssl.isTLS() && server_version_.minor_ < 1)
// downgrade to SSLv3
@@ -1547,8 +1634,12 @@ const opaque* ServerHello::get_random() const
// Server Hello Done processing handler
-void ServerHelloDone::Process(input_buffer&, SSL& ssl)
+void ServerHelloDone::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
ssl.useStates().useClient() = serverHelloDoneComplete;
}
@@ -1667,8 +1758,13 @@ output_buffer& operator<<(output_buffer& output, const ClientHello& hello)
// Client Hello processing handler
-void ClientHello::Process(input_buffer&, SSL& ssl)
+void ClientHello::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
// store version for pre master secret
ssl.useSecurity().use_connection().chVersion_ = client_version_;
@@ -1800,9 +1896,17 @@ output_buffer& operator<<(output_buffer& output, const ServerKeyExchange& sk)
// Server Key Exchange processing handler
void ServerKeyExchange::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
createKey(ssl);
if (ssl.GetError()) return;
server_key_->read(ssl, input);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
ssl.useStates().useClient() = serverKeyExchangeComplete;
}
@@ -1924,18 +2028,24 @@ input_buffer& operator>>(input_buffer& input, CertificateRequest& request)
{
// types
request.typeTotal_ = input[AUTO];
+ if (request.typeTotal_ > CERT_TYPES) {
+ input.set_error();
+ return input;
+ }
for (int i = 0; i < request.typeTotal_; i++)
request.certificate_types_[i] = ClientCertificateType(input[AUTO]);
- byte tmp[REQUEST_HEADER];
- input.read(tmp, sizeof(tmp));
+ byte tmp[2];
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
uint16 sz;
ato16(tmp, sz);
// authorities
while (sz) {
uint16 dnSz;
- input.read(tmp, sizeof(tmp));
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
ato16(tmp, dnSz);
DistinguishedName dn;
@@ -1945,6 +2055,9 @@ input_buffer& operator>>(input_buffer& input, CertificateRequest& request)
input.read(&dn[REQUEST_HEADER], dnSz);
sz -= dnSz + REQUEST_HEADER;
+
+ if (input.get_error())
+ break;
}
return input;
@@ -1983,8 +2096,12 @@ output_buffer& operator<<(output_buffer& output,
// CertificateRequest processing handler
-void CertificateRequest::Process(input_buffer&, SSL& ssl)
+void CertificateRequest::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
CertManager& cm = ssl.useCrypto().use_certManager();
cm.setSendVerify();
@@ -2067,7 +2184,8 @@ output_buffer& CertificateVerify::get(output_buffer& out) const
input_buffer& operator>>(input_buffer& input, CertificateVerify& request)
{
byte tmp[VERIFY_HEADER];
- input.read(tmp, sizeof(tmp));
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
uint16 sz = 0;
ato16(tmp, sz);
@@ -2091,8 +2209,13 @@ output_buffer& operator<<(output_buffer& output,
// CertificateVerify processing handler
-void CertificateVerify::Process(input_buffer&, SSL& ssl)
+void CertificateVerify::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
const Hashes& hashVerify = ssl.getHashes().get_certVerify();
const CertManager& cert = ssl.getCrypto().get_certManager();
@@ -2131,9 +2254,17 @@ output_buffer& operator<<(output_buffer& output, const ClientKeyExchange& ck)
// Client Key Exchange processing handler
void ClientKeyExchange::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
createKey(ssl);
if (ssl.GetError()) return;
client_key_->read(ssl, input);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
if (ssl.getCrypto().get_certManager().verifyPeer())
build_certHashes(ssl, ssl.useHashes().use_certVerify());
@@ -2220,11 +2351,19 @@ output_buffer& operator<<(output_buffer& output, const Finished& fin)
// Finished processing handler
void Finished::Process(input_buffer& input, SSL& ssl)
{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
// verify hashes
const Finished& verify = ssl.getHashes().get_verify();
uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ;
input.read(hashes_.md5_, finishedSz);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
if (memcmp(&hashes_, &verify.hashes_, finishedSz)) {
ssl.SetError(verify_error);
@@ -2246,19 +2385,23 @@ void Finished::Process(input_buffer& input, SSL& ssl)
opaque mac[SHA_LEN]; // max size
int digestSz = ssl.getCrypto().get_digest().get_digestSize();
input.read(mac, digestSz);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
uint ivExtra = 0;
if (ssl.getSecurity().get_parms().cipher_type_ == block)
if (ssl.isTLSv1_1())
ivExtra = ssl.getCrypto().get_cipher().get_blockSize();
+ opaque fill;
int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra -
HANDSHAKE_HEADER - finishedSz - digestSz;
- input.set_current(input.get_current() + padSz);
-
- // verify mac
- if (memcmp(mac, verifyMAC, digestSz)) {
- ssl.SetError(verify_error);
+ for (int i = 0; i < padSz; i++)
+ fill = input[AUTO];
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
return;
}
diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp
index 73f8f2330c5..3acc2c123ba 100644
--- a/extra/yassl/src/yassl_int.cpp
+++ b/extra/yassl/src/yassl_int.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -2534,8 +2534,9 @@ ASN1_STRING* StringHolder::GetString()
int DeCompress(input_buffer& in, int sz, input_buffer& out)
{
byte tmp[LENGTH_SZ];
-
- in.read(tmp, sizeof(tmp));
+
+ tmp[0] = in[AUTO];
+ tmp[1] = in[AUTO];
uint16 len;
ato16(tmp, len);
diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp
index daf1000bde9..c7d01d00323 100644
--- a/extra/yassl/taocrypt/include/asn.hpp
+++ b/extra/yassl/taocrypt/include/asn.hpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -111,7 +111,7 @@ enum Constants
MAX_LENGTH_SZ = 5,
MAX_SEQ_SZ = 5, // enum(seq|con) + length(4)
MAX_ALGO_SIZE = 9,
- MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4)
+ MAX_DIGEST_SZ = 69, // SHA512 + enum(Bit or Octet) + length(4)
DSA_SIG_SZ = 40,
ASN_NAME_MAX = 512 // max total of all included names
};
@@ -257,8 +257,11 @@ typedef STL::list<Signer*> SignerList;
enum ContentType { HUH = 651 };
-enum SigType { SHAwDSA = 517, MD2wRSA = 646, MD5wRSA = 648, SHAwRSA =649};
-enum HashType { MD2h = 646, MD5h = 649, SHAh = 88 };
+enum SigType { SHAwDSA = 517, MD2wRSA = 646, MD5wRSA = 648, SHAwRSA = 649,
+ SHA256wRSA = 655, SHA384wRSA = 656, SHA512wRSA = 657,
+ SHA256wDSA = 416 };
+enum HashType { MD2h = 646, MD5h = 649, SHAh = 88, SHA256h = 414, SHA384h = 415,
+ SHA512h = 416 };
enum KeyType { DSAk = 515, RSAk = 645 }; // sums of algo OID
diff --git a/extra/yassl/taocrypt/include/block.hpp b/extra/yassl/taocrypt/include/block.hpp
index d7a69211e02..4f58c82ffcc 100644
--- a/extra/yassl/taocrypt/include/block.hpp
+++ b/extra/yassl/taocrypt/include/block.hpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -74,7 +74,7 @@ typename A::pointer StdReallocate(A& a, T* p, typename A::size_type oldSize,
if (preserve) {
A b = A();
typename A::pointer newPointer = b.allocate(newSize, 0);
- memcpy(newPointer, p, sizeof(T) * min((word32) oldSize, (word32) newSize));
+ memcpy(newPointer, p, sizeof(T) * min(oldSize, newSize));
a.deallocate(p, oldSize);
STL::swap(a, b);
return newPointer;
@@ -186,9 +186,9 @@ public:
~Block() { allocator_.deallocate(buffer_, sz_); }
private:
+ A allocator_;
word32 sz_; // size in Ts
T* buffer_;
- A allocator_;
};
diff --git a/extra/yassl/taocrypt/include/integer.hpp b/extra/yassl/taocrypt/include/integer.hpp
index 68f3c4bbf39..75a3ee3d3df 100644
--- a/extra/yassl/taocrypt/include/integer.hpp
+++ b/extra/yassl/taocrypt/include/integer.hpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -47,7 +47,7 @@
#ifdef TAOCRYPT_X86ASM_AVAILABLE
#if defined(__GNUC__) && (__GNUC__ >= 4)
- // GCC 4 or greater optimizes too much inline on recursive for bigint,
+ // GCC 4 or greater optimizes too much inline on recursive for bigint,
// -O3 just as fast without asm here anyway
#undef TAOCRYPT_X86ASM_AVAILABLE
#endif
diff --git a/extra/yassl/taocrypt/include/pwdbased.hpp b/extra/yassl/taocrypt/include/pwdbased.hpp
index 9025cc1a50c..cf4dff5cee6 100644
--- a/extra/yassl/taocrypt/include/pwdbased.hpp
+++ b/extra/yassl/taocrypt/include/pwdbased.hpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -16,6 +16,7 @@
MA 02110-1301 USA.
*/
+
/* pwdbased.hpp defines PBKDF2 from PKCS #5
*/
@@ -48,10 +49,7 @@ word32 PBKDF2_HMAC<T>::DeriveKey(byte* derived, word32 dLen, const byte* pwd,
word32 pLen, const byte* salt, word32 sLen,
word32 iterations) const
{
- if (dLen > MaxDerivedKeyLength())
- return 0;
-
- if (iterations < 0)
+ if (dLen > MaxDerivedKeyLength())
return 0;
ByteBlock buffer(T::DIGEST_SIZE);
diff --git a/extra/yassl/taocrypt/include/runtime.hpp b/extra/yassl/taocrypt/include/runtime.hpp
index ef7ce092cde..4c7436251fd 100644
--- a/extra/yassl/taocrypt/include/runtime.hpp
+++ b/extra/yassl/taocrypt/include/runtime.hpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -34,7 +34,10 @@
// Handler for pure virtual functions
namespace __Crun {
- void pure_error(void);
+ static void pure_error(void)
+ {
+ // "Pure virtual method called, Aborted", GCC 4.2 str cmp fix
+ }
} // namespace __Crun
#endif // __sun
@@ -48,7 +51,15 @@ extern "C" {
#if defined(DO_TAOCRYPT_KERNEL_MODE)
#include "kernelc.hpp"
#endif
- int __cxa_pure_virtual () __attribute__ ((weak));
+
+/* Disallow inline __cxa_pure_virtual() */
+static int __cxa_pure_virtual() __attribute__((noinline, used));
+static int __cxa_pure_virtual()
+{
+ // oops, pure virtual called!
+ return 0;
+}
+
} // extern "C"
#endif // __GNUC__ > 2
diff --git a/extra/yassl/taocrypt/include/sha.hpp b/extra/yassl/taocrypt/include/sha.hpp
index d1f9607f8de..cf6d0d09a1d 100644
--- a/extra/yassl/taocrypt/include/sha.hpp
+++ b/extra/yassl/taocrypt/include/sha.hpp
@@ -1,6 +1,5 @@
/*
- Copyright (C) 2000-2007 MySQL AB
- Use is subject to license terms
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -159,6 +158,12 @@ private:
void Transform();
};
+enum { MAX_SHA2_DIGEST_SIZE = 64 }; // SHA512
+
+#else
+
+enum { MAX_SHA2_DIGEST_SIZE = 32 }; // SHA256
+
#endif // WORD64_AVAILABLE
diff --git a/extra/yassl/taocrypt/src/aes.cpp b/extra/yassl/taocrypt/src/aes.cpp
index d04ef69c19f..ee4c7a6e8a1 100644
--- a/extra/yassl/taocrypt/src/aes.cpp
+++ b/extra/yassl/taocrypt/src/aes.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -66,7 +66,7 @@ void AES::Process(byte* out, const byte* in, word32 sz)
in += BLOCK_SIZE;
}
}
- else {
+ else {
while (blocks--) {
AsmDecrypt(in, out, (void*)Td0);
@@ -79,8 +79,8 @@ void AES::Process(byte* out, const byte* in, word32 sz)
out += BLOCK_SIZE;
in += BLOCK_SIZE;
}
- }
- }
+ }
+ }
}
#endif // DO_AES_ASM
@@ -466,14 +466,13 @@ void AES::decrypt(const byte* inBlock, const byte* xorBlock,
"movd mm7, ebp;" \
"movd mm4, eax;" \
"mov ebp, edx;" \
- "sub esp, 4;"
-
+ "sub esp, 4;"
#define EPILOG() \
"add esp, 4;" \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "c" (this), "S" (inBlock), "d" (boxes), "a" (outBlock) \
: "%edi", "memory", "cc" \
@@ -834,9 +833,9 @@ void AES::AsmEncrypt(const byte* inBlock, byte* outBlock, void* boxes) const
#ifdef _MSC_VER
- __declspec(naked)
+ __declspec(naked)
#else
- __attribute__ ((noinline))
+ __attribute__ ((noinline))
#endif
void AES::AsmDecrypt(const byte* inBlock, byte* outBlock, void* boxes) const
{
diff --git a/extra/yassl/taocrypt/src/algebra.cpp b/extra/yassl/taocrypt/src/algebra.cpp
index b4086522124..ef59bfbbc56 100644
--- a/extra/yassl/taocrypt/src/algebra.cpp
+++ b/extra/yassl/taocrypt/src/algebra.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -186,10 +186,10 @@ Integer AbstractGroup::CascadeScalarMultiply(const Element &x,
struct WindowSlider
{
- WindowSlider(const Integer &expIn, bool fastNegateIn,
+ WindowSlider(const Integer &exp, bool fastNegate,
unsigned int windowSizeIn=0)
- : exp(expIn), windowModulus(Integer::One()), windowSize(windowSizeIn),
- windowBegin(0), fastNegate(fastNegateIn), firstTime(true),
+ : exp(exp), windowModulus(Integer::One()), windowSize(windowSizeIn),
+ windowBegin(0), fastNegate(fastNegate), firstTime(true),
finished(false)
{
if (windowSize == 0)
diff --git a/extra/yassl/taocrypt/src/arc4.cpp b/extra/yassl/taocrypt/src/arc4.cpp
index f5794ec2566..10a3a7d6ffc 100644
--- a/extra/yassl/taocrypt/src/arc4.cpp
+++ b/extra/yassl/taocrypt/src/arc4.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -121,12 +121,11 @@ void ARC4::AsmProcess(byte* out, const byte* in, word32 length)
"push ebx;" \
"push ebp;" \
"mov ebp, eax;"
-
#define EPILOG() \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "c" (this), "D" (out), "S" (in), "a" (length) \
: "%edx", "memory", "cc" \
@@ -180,7 +179,7 @@ void ARC4::AsmProcess(byte* out, const byte* in, word32 length)
#ifdef _MSC_VER
AS1( loopStart: ) // loopStart
#else
- AS1( 0: ) // loopStart for some gas (need numeric for jump back
+ AS1( 0: ) // loopStart for some gas (need numeric for jump back
#endif
// y = (y+a) & 0xff;
@@ -232,7 +231,7 @@ void ARC4::AsmProcess(byte* out, const byte* in, word32 length)
AS1( nothing: )
- // inline adjust
+ // inline adjust
AS2( add esp, 4 ) // fix room on stack
EPILOG()
diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp
index ad054809879..544e9518da8 100644
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -1,6 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
- Use is subject to license terms.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -761,7 +760,7 @@ void CertDecoder::GetName(NameType nt)
while (source_.get_index() < length) {
GetSet();
if (source_.GetError().What() == SET_E) {
- source_.SetError(NO_ERROR_E); // extensions may only have sequence
+ source_.SetError(NO_ERROR_E); // extensions may only have sequence
source_.prev();
}
GetSequence();
@@ -832,10 +831,8 @@ void CertDecoder::GetName(NameType nt)
if (source_.IsLeft(length) == false) return;
if (email) {
- if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
- source_.SetError(CONTENT_E);
- return;
- }
+ if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length)))
+ return;
}
source_.advance(length);
@@ -972,12 +969,26 @@ bool CertDecoder::ConfirmSignature(Source& pub)
hasher.reset(NEW_TC SHA);
ht = SHAh;
}
+ else if (signatureOID_ == SHA256wRSA || signatureOID_ == SHA256wDSA) {
+ hasher.reset(NEW_TC SHA256);
+ ht = SHA256h;
+ }
+#ifdef WORD64_AVAILABLE
+ else if (signatureOID_ == SHA384wRSA) {
+ hasher.reset(NEW_TC SHA384);
+ ht = SHA384h;
+ }
+ else if (signatureOID_ == SHA512wRSA) {
+ hasher.reset(NEW_TC SHA512);
+ ht = SHA512h;
+ }
+#endif
else {
source_.SetError(UNKOWN_SIG_E);
return false;
}
- byte digest[SHA::DIGEST_SIZE]; // largest size
+ byte digest[MAX_SHA2_DIGEST_SIZE]; // largest size
hasher->Update(source_.get_buffer() + certBegin_, sigIndex_ - certBegin_);
hasher->Final(digest);
@@ -1050,6 +1061,12 @@ word32 DER_Encoder::SetAlgoID(HashType aOID, byte* output)
0x02, 0x05, 0x05, 0x00 };
static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x02, 0x02, 0x05, 0x00};
+ static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x01, 0x05, 0x00 };
+ static const byte sha384AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x02, 0x05, 0x00 };
+ static const byte sha512AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
+ 0x04, 0x02, 0x03, 0x05, 0x00 };
int algoSz = 0;
const byte* algoName = 0;
@@ -1060,6 +1077,21 @@ word32 DER_Encoder::SetAlgoID(HashType aOID, byte* output)
algoName = shaAlgoID;
break;
+ case SHA256h:
+ algoSz = sizeof(sha256AlgoID);
+ algoName = sha256AlgoID;
+ break;
+
+ case SHA384h:
+ algoSz = sizeof(sha384AlgoID);
+ algoName = sha384AlgoID;
+ break;
+
+ case SHA512h:
+ algoSz = sizeof(sha512AlgoID);
+ algoName = sha512AlgoID;
+ break;
+
case MD2h:
algoSz = sizeof(md2AlgoID);
algoName = md2AlgoID;
diff --git a/extra/yassl/taocrypt/src/blowfish.cpp b/extra/yassl/taocrypt/src/blowfish.cpp
index 5cfd81e369c..9491c93040e 100644
--- a/extra/yassl/taocrypt/src/blowfish.cpp
+++ b/extra/yassl/taocrypt/src/blowfish.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -237,8 +237,8 @@ void Blowfish::ProcessAndXorBlock(const byte* in, const byte* xOr, byte* out)
#define EPILOG() \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "c" (this), "S" (inBlock), "a" (outBlock) \
: "%edi", "%edx", "memory", "cc" \
@@ -291,7 +291,7 @@ void Blowfish::ProcessAndXorBlock(const byte* in, const byte* xOr, byte* out)
#ifdef _MSC_VER
- __declspec(naked)
+ __declspec(naked)
#else
__attribute__ ((noinline))
#endif
diff --git a/extra/yassl/taocrypt/src/des.cpp b/extra/yassl/taocrypt/src/des.cpp
index b52a83a38c6..673c21ed207 100644
--- a/extra/yassl/taocrypt/src/des.cpp
+++ b/extra/yassl/taocrypt/src/des.cpp
@@ -1,6 +1,5 @@
/*
- Copyright (C) 2000-2007 MySQL AB
- Use is subject to license terms
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -642,9 +641,9 @@ void DES_EDE3::ProcessAndXorBlock(const byte* in, const byte* xOr,
#ifdef _MSC_VER
- __declspec(naked)
+ __declspec(naked)
#else
- __attribute__ ((noinline))
+ __attribute__ ((noinline))
#endif
void DES_EDE3::AsmProcess(const byte* in, byte* out, void* box) const
{
@@ -664,8 +663,8 @@ void DES_EDE3::AsmProcess(const byte* in, byte* out, void* box) const
#define EPILOG() \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "d" (this), "S" (in), "a" (box), "c" (out) \
: "%edi", "memory", "cc" \
diff --git a/extra/yassl/taocrypt/src/integer.cpp b/extra/yassl/taocrypt/src/integer.cpp
index c981b1bf786..2d85ee01a3f 100644
--- a/extra/yassl/taocrypt/src/integer.cpp
+++ b/extra/yassl/taocrypt/src/integer.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -56,9 +56,8 @@
#endif
#elif defined(_MSC_VER) && defined(_M_IX86)
/* #pragma message("You do not seem to have the Visual C++ Processor Pack ")
- #pragma message("installed, so use of SSE2 intrinsics will be disabled.")
-*/
#pragma message("installed, so use of SSE2 intrinsics will be disabled.")
+*/
#elif defined(__GNUC__) && defined(__i386__)
/* #warning You do not have GCC 3.3 or later, or did not specify the -msse2 \
compiler option. Use of SSE2 intrinsics will be disabled.
@@ -282,7 +281,12 @@ DWord() {}
word GetHighHalfAsBorrow() const {return 0-halfs_.high;}
private:
- struct dword_struct
+ union
+ {
+ #ifdef TAOCRYPT_NATIVE_DWORD_AVAILABLE
+ dword whole_;
+ #endif
+ struct
{
#ifdef LITTLE_ENDIAN_ORDER
word low;
@@ -291,14 +295,7 @@ private:
word high;
word low;
#endif
- };
-
- union
- {
- #ifdef TAOCRYPT_NATIVE_DWORD_AVAILABLE
- dword whole_;
- #endif
- struct dword_struct halfs_;
+ } halfs_;
};
};
@@ -1201,24 +1198,20 @@ public:
#define AS1(x) #x ";"
#define AS2(x, y) #x ", " #y ";"
#define AddPrologue \
- word res; \
__asm__ __volatile__ \
( \
"push %%ebx;" /* save this manually, in case of -fPIC */ \
- "mov %3, %%ebx;" \
+ "mov %2, %%ebx;" \
".intel_syntax noprefix;" \
"push ebp;"
#define AddEpilogue \
"pop ebp;" \
".att_syntax prefix;" \
"pop %%ebx;" \
- "mov %%eax, %0;" \
- : "=g" (res) \
+ : \
: "c" (C), "d" (A), "m" (B), "S" (N) \
: "%edi", "memory", "cc" \
- ); \
- return res;
-
+ );
#define MulPrologue \
__asm__ __volatile__ \
( \
diff --git a/extra/yassl/taocrypt/src/md5.cpp b/extra/yassl/taocrypt/src/md5.cpp
index e9a9e8fe517..45cfa8a3322 100644
--- a/extra/yassl/taocrypt/src/md5.cpp
+++ b/extra/yassl/taocrypt/src/md5.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -223,7 +223,7 @@ void MD5::Update(const byte* data, word32 len)
#ifdef _MSC_VER
- __declspec(naked)
+ __declspec(naked)
#else
__attribute__ ((noinline))
#endif
@@ -242,8 +242,8 @@ void MD5::AsmTransform(const byte* data, word32 times)
#define EPILOG() \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "c" (this), "D" (data), "a" (times) \
: "%esi", "%edx", "memory", "cc" \
@@ -297,7 +297,7 @@ void MD5::AsmTransform(const byte* data, word32 times)
#ifdef _MSC_VER
AS1( loopStart: ) // loopStart
#else
- AS1( 0: ) // loopStart for some gas (need numeric for jump back
+ AS1( 0: ) // loopStart for some gas (need numeric for jump back
#endif
// set up
diff --git a/extra/yassl/taocrypt/src/misc.cpp b/extra/yassl/taocrypt/src/misc.cpp
index b576d3d59d2..fd9e8b92c1d 100644
--- a/extra/yassl/taocrypt/src/misc.cpp
+++ b/extra/yassl/taocrypt/src/misc.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -84,17 +84,7 @@ namespace STL = STL_NAMESPACE;
}
-#ifdef __sun
-
-// Handler for pure virtual functions
-namespace __Crun {
- void pure_error() {
- }
-}
-
-#endif
-
-#if defined(__ICC) || defined(__INTEL_COMPILER) || (__GNUC__ > 2)
+#if defined(__ICC) || defined(__INTEL_COMPILER)
extern "C" {
@@ -175,6 +165,14 @@ word Crop(word value, unsigned int size)
#ifdef TAOCRYPT_X86ASM_AVAILABLE
+#ifndef _MSC_VER
+ static jmp_buf s_env;
+ static void SigIllHandler(int)
+ {
+ longjmp(s_env, 1);
+ }
+#endif
+
bool HaveCpuId()
{
diff --git a/extra/yassl/taocrypt/src/rabbit.cpp b/extra/yassl/taocrypt/src/rabbit.cpp
index 89e6a207a1b..5e32f383493 100644
--- a/extra/yassl/taocrypt/src/rabbit.cpp
+++ b/extra/yassl/taocrypt/src/rabbit.cpp
@@ -1,15 +1,15 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
-
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
@@ -236,7 +236,7 @@ void Rabbit::Process(byte* output, const byte* input, word32 msglen)
NextState(Work);
/* Generate 16 bytes of pseudo-random data */
- tmp[0] = LITTLE32(workCtx_.x[0] ^
+ tmp[0] = LITTLE32(workCtx_.x[0] ^
(workCtx_.x[5]>>16) ^ U32V(workCtx_.x[3]<<16));
tmp[1] = LITTLE32(workCtx_.x[2] ^
(workCtx_.x[7]>>16) ^ U32V(workCtx_.x[5]<<16));
diff --git a/extra/yassl/taocrypt/src/random.cpp b/extra/yassl/taocrypt/src/random.cpp
index 084871c5447..4b89b5b32c5 100644
--- a/extra/yassl/taocrypt/src/random.cpp
+++ b/extra/yassl/taocrypt/src/random.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -27,6 +27,7 @@
#include <time.h>
#if defined(_WIN32)
+ #define _WIN32_WINNT 0x0400
#include <windows.h>
#include <wincrypt.h>
#else
diff --git a/extra/yassl/taocrypt/src/ripemd.cpp b/extra/yassl/taocrypt/src/ripemd.cpp
index b670a9eca86..5d03dc61cd6 100644
--- a/extra/yassl/taocrypt/src/ripemd.cpp
+++ b/extra/yassl/taocrypt/src/ripemd.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -507,6 +507,8 @@ void RIPEMD160::Transform()
#ifdef _MSC_VER
__declspec(naked)
+#else
+ __attribute__ ((noinline))
#endif
void RIPEMD160::AsmTransform(const byte* data, word32 times)
{
@@ -520,12 +522,11 @@ void RIPEMD160::AsmTransform(const byte* data, word32 times)
".intel_syntax noprefix;" \
"push ebx;" \
"push ebp;"
-
#define EPILOG() \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "c" (this), "D" (data), "d" (times) \
: "%esi", "%eax", "memory", "cc" \
@@ -571,7 +572,7 @@ void RIPEMD160::AsmTransform(const byte* data, word32 times)
#ifdef _MSC_VER
AS1( loopStart: ) // loopStart
#else
- AS1( 0: ) // loopStart for some gas (need numeric for jump back
+ AS1( 0: ) // loopStart for some gas (need numeric for jump back
#endif
AS2( movd mm2, edx ) // store times_
@@ -830,7 +831,7 @@ void RIPEMD160::AsmTransform(const byte* data, word32 times)
AS1( jnz 0b ) // loopStart
#endif
- // inline adjust
+ // inline adjust
AS2( add esp, 24 ) // fix room on stack
EPILOG()
diff --git a/extra/yassl/taocrypt/src/sha.cpp b/extra/yassl/taocrypt/src/sha.cpp
index 0d3491eb83d..4206f7f64ea 100644
--- a/extra/yassl/taocrypt/src/sha.cpp
+++ b/extra/yassl/taocrypt/src/sha.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -776,12 +776,11 @@ void SHA::AsmTransform(const byte* data, word32 times)
".intel_syntax noprefix;" \
"push ebx;" \
"push ebp;"
-
#define EPILOG() \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "c" (this), "D" (data), "a" (times) \
: "%esi", "%edx", "memory", "cc" \
@@ -830,7 +829,7 @@ void SHA::AsmTransform(const byte* data, word32 times)
#ifdef _MSC_VER
AS1( loopStart: ) // loopStart
#else
- AS1( 0: ) // loopStart for some gas (need numeric for jump back
+ AS1( 0: ) // loopStart for some gas (need numeric for jump back
#endif
// byte reverse 16 words of input, 4 at a time, put on stack for W[]
@@ -1022,7 +1021,7 @@ void SHA::AsmTransform(const byte* data, word32 times)
AS1( jnz 0b ) // loopStart
#endif
- // inline adjust
+ // inline adjust
AS2( add esp, 68 ) // fix room on stack
EPILOG()
diff --git a/extra/yassl/taocrypt/src/twofish.cpp b/extra/yassl/taocrypt/src/twofish.cpp
index 3a93ac11476..3051af21513 100644
--- a/extra/yassl/taocrypt/src/twofish.cpp
+++ b/extra/yassl/taocrypt/src/twofish.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -285,12 +285,11 @@ void Twofish::decrypt(const byte* inBlock, const byte* xorBlock,
"push ebp;" \
"movd mm3, eax;" \
"movd mm6, ebp;"
-
#define EPILOG() \
"pop ebp;" \
"pop ebx;" \
- "emms;" \
- ".att_syntax;" \
+ "emms;" \
+ ".att_syntax;" \
: \
: "D" (this), "S" (inBlock), "a" (outBlock) \
: "%ecx", "%edx", "memory", "cc" \
@@ -479,7 +478,7 @@ void Twofish::AsmEncrypt(const byte* inBlock, byte* outBlock) const
AS2( movd ebp, mm6 )
AS2( movd esi, mm0 ) // k_
#ifdef __GNUC__
- AS2( movd edi, mm3 ) // outBlock
+ AS2( movd edi, mm3 ) // outBlock
#else
AS2( mov edi, [ebp + 12] ) // outBlock
#endif
@@ -500,7 +499,7 @@ void Twofish::AsmEncrypt(const byte* inBlock, byte* outBlock) const
#ifdef _MSC_VER
- __declspec(naked)
+ __declspec(naked)
#else
__attribute__ ((noinline))
#endif
@@ -551,7 +550,7 @@ void Twofish::AsmDecrypt(const byte* inBlock, byte* outBlock) const
AS2( movd ebp, mm6 )
AS2( movd esi, mm0 ) // k_
#ifdef __GNUC__
- AS2( movd edi, mm3 ) // outBlock
+ AS2( movd edi, mm3 ) // outBlock
#else
AS2( mov edi, [ebp + 12] ) // outBlock
#endif