summaryrefslogtreecommitdiff
path: root/extra
diff options
context:
space:
mode:
Diffstat (limited to 'extra')
-rw-r--r--extra/yassl/README6
-rw-r--r--extra/yassl/include/openssl/ssl.h2
-rw-r--r--extra/yassl/include/yassl_int.hpp8
-rw-r--r--extra/yassl/src/cert_wrapper.cpp13
-rw-r--r--extra/yassl/src/ssl.cpp14
-rw-r--r--extra/yassl/src/yassl_int.cpp33
-rw-r--r--extra/yassl/taocrypt/include/asn.hpp8
-rw-r--r--extra/yassl/taocrypt/src/asn.cpp12
-rw-r--r--extra/yassl/testsuite/test.hpp22
9 files changed, 84 insertions, 34 deletions
diff --git a/extra/yassl/README b/extra/yassl/README
index 81d573d0b20..b5eb88824fb 100644
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,6 +12,12 @@ before calling SSL_new();
*** end Note ***
+yaSSL Release notes, version 2.3.9b (2/03/2016)
+ This release of yaSSL fixes the OpenSSL compatibility function
+ X509_NAME_get_index_by_NID() to use the actual index of the common name
+ instead of searching on the format prefix. Thanks for the report from
+ yashwant.sahu@oracle.com . Anyone using this function should update.
+
yaSSL Release notes, version 2.3.9 (12/01/2015)
This release of yaSSL fixes two client side Diffie-Hellman problems.
yaSSL was only handling the cases of zero or one leading zeros for the key
diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h
index 84ce40b8415..c95eb1ed887 100644
--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -34,7 +34,7 @@
#include "rsa.h"
-#define YASSL_VERSION "2.3.9"
+#define YASSL_VERSION "2.3.9b"
#if defined(__cplusplus)
diff --git a/extra/yassl/include/yassl_int.hpp b/extra/yassl/include/yassl_int.hpp
index 269976a6eaa..781eaa38dda 100644
--- a/extra/yassl/include/yassl_int.hpp
+++ b/extra/yassl/include/yassl_int.hpp
@@ -191,14 +191,18 @@ private:
class X509_NAME {
char* name_;
size_t sz_;
+ int cnPosition_; // start of common name, -1 is none
+ int cnLen_; // length of above
ASN1_STRING entry_;
public:
- X509_NAME(const char*, size_t sz);
+ X509_NAME(const char*, size_t sz, int pos, int len);
~X509_NAME();
const char* GetName() const;
ASN1_STRING* GetEntry(int i);
size_t GetLength() const;
+ int GetCnPosition() const { return cnPosition_; }
+ int GetCnLength() const { return cnLen_; }
private:
X509_NAME(const X509_NAME&); // hide copy
X509_NAME& operator=(const X509_NAME&); // and assign
@@ -226,7 +230,7 @@ class X509 {
StringHolder afterDate_; // not valid after
public:
X509(const char* i, size_t, const char* s, size_t,
- ASN1_STRING *b, ASN1_STRING *a);
+ ASN1_STRING *b, ASN1_STRING *a, int, int, int, int);
~X509() {}
X509_NAME* GetIssuer();
diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp
index af94f5bc24f..1092e428351 100644
--- a/extra/yassl/src/cert_wrapper.cpp
+++ b/extra/yassl/src/cert_wrapper.cpp
@@ -304,7 +304,10 @@ int CertManager::Validate()
afterDate.type= cert.GetAfterDateType();
afterDate.length= strlen((char *) afterDate.data) + 1;
peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
- sSz, &beforeDate, &afterDate);
+ sSz, &beforeDate, &afterDate,
+ cert.GetIssuerCnStart(), cert.GetIssuerCnLength(),
+ cert.GetSubjectCnStart(), cert.GetSubjectCnLength()
+ );
if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) {
X509_STORE_CTX store;
@@ -350,7 +353,9 @@ int CertManager::SetPrivateKey(const x509& key)
afterDate.type= cd.GetAfterDateType();
afterDate.length= strlen((char *) afterDate.data) + 1;
selfX509_ = NEW_YS X509(cd.GetIssuer(), iSz, cd.GetCommonName(),
- sSz, &beforeDate, &afterDate);
+ sSz, &beforeDate, &afterDate,
+ cd.GetIssuerCnStart(), cd.GetIssuerCnLength(),
+ cd.GetSubjectCnStart(), cd.GetSubjectCnLength());
}
return 0;
}
@@ -367,7 +372,9 @@ void CertManager::setPeerX509(X509* x)
ASN1_STRING* after = x->GetAfter();
peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
- subject->GetName(), subject->GetLength(), before, after);
+ subject->GetName(), subject->GetLength(), before, after,
+ issuer->GetCnPosition(), issuer->GetCnLength(),
+ subject->GetCnPosition(), subject->GetCnLength());
}
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index 26a02afcacf..57542f174c9 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -1351,15 +1351,13 @@ int ASN1_STRING_type(ASN1_STRING *x)
int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
{
int idx = -1; // not found
- const char* start = &name->GetName()[lastpos + 1];
+ int cnPos = -1;
switch (nid) {
case NID_commonName:
- const char* found = strstr(start, "/CN=");
- if (found) {
- found += 4; // advance to str
- idx = found - start + lastpos + 1;
- }
+ cnPos = name->GetCnPosition();
+ if (lastpos < cnPos)
+ idx = cnPos;
break;
}
@@ -1471,10 +1469,6 @@ int SSL_peek(SSL* ssl, void* buffer, int sz)
int SSL_pending(SSL* ssl)
{
- // Just in case there's pending data that hasn't been processed yet...
- char c;
- SSL_peek(ssl, &c, 1);
-
return ssl->bufferedData();
}
diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp
index a38b7a5c81f..ff9c8155d0c 100644
--- a/extra/yassl/src/yassl_int.cpp
+++ b/extra/yassl/src/yassl_int.cpp
@@ -1554,8 +1554,9 @@ void SSL_SESSION::CopyX509(X509* x)
ASN1_TIME* after = x->GetAfter();
peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
- subject->GetName(), subject->GetLength(),
- before, after);
+ subject->GetName(), subject->GetLength(), before, after,
+ issuer->GetCnPosition(), issuer->GetCnLength(),
+ subject->GetCnPosition(), subject->GetCnLength());
}
@@ -2472,8 +2473,8 @@ void Security::set_resuming(bool b)
}
-X509_NAME::X509_NAME(const char* n, size_t sz)
- : name_(0), sz_(sz)
+X509_NAME::X509_NAME(const char* n, size_t sz, int pos, int len)
+ : name_(0), sz_(sz), cnPosition_(pos), cnLen_(len)
{
if (sz) {
name_ = NEW_YS char[sz];
@@ -2503,8 +2504,10 @@ size_t X509_NAME::GetLength() const
X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
- ASN1_STRING *b, ASN1_STRING *a)
- : issuer_(i, iSz), subject_(s, sSz),
+ ASN1_STRING *b, ASN1_STRING *a,
+ int issPos, int issLen,
+ int subPos, int subLen)
+ : issuer_(i, iSz, issPos, issLen), subject_(s, sSz, subPos, subLen),
beforeDate_((char *) b->data, b->length, b->type),
afterDate_((char *) a->data, a->length, a->type)
{}
@@ -2539,17 +2542,19 @@ ASN1_STRING* X509_NAME::GetEntry(int i)
if (i < 0 || i >= int(sz_))
return 0;
+ if (i != cnPosition_ || cnLen_ <= 0) // only entry currently supported
+ return 0;
+
+ if (cnLen_ > int(sz_-i)) // make sure there's room in read buffer
+ return 0;
+
if (entry_.data)
ysArrayDelete(entry_.data);
- entry_.data = NEW_YS byte[sz_]; // max size;
+ entry_.data = NEW_YS byte[cnLen_+1]; // max size;
- memcpy(entry_.data, &name_[i], sz_ - i);
- if (entry_.data[sz_ -i - 1]) {
- entry_.data[sz_ - i] = 0;
- entry_.length = int(sz_) - i;
- }
- else
- entry_.length = int(sz_) - i - 1;
+ memcpy(entry_.data, &name_[i], cnLen_);
+ entry_.data[cnLen_] = 0;
+ entry_.length = cnLen_;
entry_.type = 0;
return &entry_;
diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp
index 2854b8fe06d..999e853b941 100644
--- a/extra/yassl/taocrypt/include/asn.hpp
+++ b/extra/yassl/taocrypt/include/asn.hpp
@@ -285,6 +285,10 @@ public:
byte GetBeforeDateType() const { return beforeDateType_; }
const char* GetAfterDate() const { return afterDate_; }
byte GetAfterDateType() const { return afterDateType_; }
+ int GetSubjectCnStart() const { return subCnPos_; }
+ int GetIssuerCnStart() const { return issCnPos_; }
+ int GetSubjectCnLength() const { return subCnLen_; }
+ int GetIssuerCnLength() const { return issCnLen_; }
void DecodeToKey();
private:
@@ -294,6 +298,10 @@ private:
word32 sigLength_; // length of signature
word32 signatureOID_; // sum of algorithm object id
word32 keyOID_; // sum of key algo object id
+ int subCnPos_; // subject common name start, -1 is none
+ int subCnLen_; // length of above
+ int issCnPos_; // issuer common name start, -1 is none
+ int issCnLen_; // length of above
byte subjectHash_[SHA_SIZE]; // hash of all Names
byte issuerHash_[SHA_SIZE]; // hash of all Names
byte* signature_;
diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp
index d8b133a3f0a..0474e7c21d5 100644
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -482,8 +482,9 @@ void DH_Decoder::Decode(DH& key)
CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
bool noVerify, CertType ct)
- : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
- signature_(0), verify_(!noVerify)
+ : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), subCnPos_(-1),
+ subCnLen_(0), issCnPos_(-1), issCnLen_(0), signature_(0),
+ verify_(!noVerify)
{
issuer_[0] = 0;
subject_[0] = 0;
@@ -804,6 +805,13 @@ void CertDecoder::GetName(NameType nt)
case COMMON_NAME:
if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
return;
+ if (nt == ISSUER) {
+ issCnPos_ = (int)(ptr - strLen - issuer_);
+ issCnLen_ = (int)strLen;
+ } else {
+ subCnPos_ = (int)(ptr - strLen - subject_);
+ subCnLen_ = (int)strLen;
+ }
break;
case SUR_NAME:
if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen)))
diff --git a/extra/yassl/testsuite/test.hpp b/extra/yassl/testsuite/test.hpp
index 52f6ed79526..5374edd0e2a 100644
--- a/extra/yassl/testsuite/test.hpp
+++ b/extra/yassl/testsuite/test.hpp
@@ -470,10 +470,28 @@ inline void showPeer(SSL* ssl)
char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0);
char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
- printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
- subject);
+ X509_NAME_ENTRY* se = NULL;
+ ASN1_STRING* sd = NULL;
+ char* subCN = NULL;
+
+ X509_NAME* sub = X509_get_subject_name(peer);
+ int lastpos = -1;
+ if (sub)
+ lastpos = X509_NAME_get_index_by_NID(sub, NID_commonName, lastpos);
+ if (lastpos >= 0) {
+ se = X509_NAME_get_entry(sub, lastpos);
+ if (se)
+ sd = X509_NAME_ENTRY_get_data(se);
+ if (sd)
+ subCN = (char*)ASN1_STRING_data(sd);
+ }
+
+ printf("peer's cert info:\n issuer : %s\n subject: %s\n"
+ " subject cn: %s\n", issuer, subject, subCN);
+
free(subject);
free(issuer);
+
}
else
printf("peer has no cert!\n");
View Lorry Controller Status