server-keyEnc.pem
+
+note location of des, pass = yassl123
+
+
+*** To make a public key from a private key ******
+
+
+openssl rsa -in 1024rsa.priv -pubout -out 1024rsa.pub
+
diff -Nru mysql-5.5-5.5.20/extra/yassl/examples/client/client.cpp mysql-5.5-5.5.22/extra/yassl/examples/client/client.cpp
--- mysql-5.5-5.5.20/extra/yassl/examples/client/client.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/examples/client/client.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -36,15 +36,20 @@
void NonBlockingSSL_Connect(SSL* ssl, SSL_CTX* ctx, SOCKET_T& sockfd)
{
int ret = SSL_connect(ssl);
- while (ret =! SSL_SUCCESS && SSL_get_error(ssl, 0) ==
- SSL_ERROR_WANT_READ) {
- printf("... client would block\n");
+ int err = SSL_get_error(ssl, 0);
+ while (ret != SSL_SUCCESS && (err == SSL_ERROR_WANT_READ ||
+ err == SSL_ERROR_WANT_WRITE)) {
+ if (err == SSL_ERROR_WANT_READ)
+ printf("... client would read block\n");
+ else
+ printf("... client would write block\n");
#ifdef _WIN32
Sleep(1000);
#else
sleep(1);
#endif
ret = SSL_connect(ssl);
+ err = SSL_get_error(ssl, 0);
}
if (ret != SSL_SUCCESS)
ClientError(ctx, ssl, sockfd, "SSL_connect failed");
@@ -81,7 +86,8 @@
#ifdef NON_BLOCKING
NonBlockingSSL_Connect(ssl, ctx, sockfd);
#else
- if (SSL_connect(ssl) != SSL_SUCCESS)
+ // if you get an error here see note at top of README
+ if (SSL_connect(ssl) != SSL_SUCCESS)
ClientError(ctx, ssl, sockfd, "SSL_connect failed");
#endif
showPeer(ssl);
@@ -105,7 +111,7 @@
int input = SSL_read(ssl, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
- printf("Server response: %s\n", reply);
+ printf("Server response: %s\n", reply);
}
#ifdef TEST_RESUME
@@ -121,18 +127,18 @@
tcp_connect(sockfd);
SSL_set_fd(sslResume, sockfd);
SSL_set_session(sslResume, session);
-
+
if (SSL_connect(sslResume) != SSL_SUCCESS)
ClientError(ctx, sslResume, sockfd, "SSL_resume failed");
showPeer(sslResume);
-
+
if (SSL_write(sslResume, msg, sizeof(msg)) != sizeof(msg))
ClientError(ctx, sslResume, sockfd, "SSL_write failed");
input = SSL_read(sslResume, reply, sizeof(reply));
if (input > 0) {
reply[input] = 0;
- printf("Server response: %s\n", reply);
+ printf("Server response: %s\n", reply);
}
SSL_shutdown(sslResume);
diff -Nru mysql-5.5-5.5.20/extra/yassl/examples/echoclient/echoclient.cpp mysql-5.5-5.5.22/extra/yassl/examples/echoclient/echoclient.cpp
--- mysql-5.5-5.5.20/extra/yassl/examples/echoclient/echoclient.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/examples/echoclient/echoclient.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -74,10 +74,10 @@
char send[1024];
char reply[1024];
-
+
while (fgets(send, sizeof(send), fin)) {
- int sendSz = strlen(send) + 1;
+ int sendSz = (int)strlen(send) + 1;
if (SSL_write(ssl, send, sendSz) != sendSz)
EchoClientError(ctx, ssl, sockfd, "SSL_write failed");
@@ -86,7 +86,7 @@
break;
}
- if (SSL_read(ssl, reply, sizeof(reply)) > 0)
+ if (SSL_read(ssl, reply, sizeof(reply)) > 0)
fputs(reply, fout);
}
diff -Nru mysql-5.5-5.5.20/extra/yassl/examples/echoserver/echoserver.cpp mysql-5.5-5.5.22/extra/yassl/examples/echoserver/echoserver.cpp
--- mysql-5.5-5.5.20/extra/yassl/examples/echoserver/echoserver.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/examples/echoserver/echoserver.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -93,11 +93,11 @@
#endif
while (!shutdown) {
- sockaddr_in client;
+ SOCKADDR_IN_T client;
socklen_t client_len = sizeof(client);
SOCKET_T clientfd = accept(sockfd, (sockaddr*)&client,
(ACCEPT_THIRD_T)&client_len);
- if (clientfd == -1) {
+ if (clientfd == (SOCKET_T) -1) {
SSL_CTX_free(ctx);
tcp_close(sockfd);
err_sys("tcp accept failed");
@@ -111,11 +111,11 @@
tcp_close(clientfd);
continue;
}
-
+
char command[1024];
int echoSz(0);
while ( (echoSz = SSL_read(ssl, command, sizeof(command))) > 0) {
-
+
if ( strncmp(command, "quit", 4) == 0) {
printf("client sent quit command: shutting down!\n");
shutdown = true;
@@ -127,7 +127,7 @@
char header[] = "\n\n";
char body[] = "greetings from yaSSL\n";
char footer[] = "\r\n\r\n";
-
+
strncpy(command, type, sizeof(type));
echoSz = sizeof(type) - 1;
@@ -140,7 +140,7 @@
if (SSL_write(ssl, command, echoSz) != echoSz)
EchoError(ctx, ssl, sockfd, clientfd, "SSL_write failed");
-
+
break;
}
command[echoSz] = 0;
diff -Nru mysql-5.5-5.5.20/extra/yassl/examples/server/server.cpp mysql-5.5-5.5.22/extra/yassl/examples/server/server.cpp
--- mysql-5.5-5.5.20/extra/yassl/examples/server/server.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/examples/server/server.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -35,15 +35,20 @@
void NonBlockingSSL_Accept(SSL* ssl, SSL_CTX* ctx, SOCKET_T& clientfd)
{
int ret = SSL_accept(ssl);
- while (ret != SSL_SUCCESS && SSL_get_error(ssl, 0) ==
- SSL_ERROR_WANT_READ) {
- printf("... server would block\n");
+ int err = SSL_get_error(ssl, 0);
+ while (ret != SSL_SUCCESS && (err == SSL_ERROR_WANT_READ ||
+ err == SSL_ERROR_WANT_WRITE)) {
+ if (err == SSL_ERROR_WANT_READ)
+ printf("... server would read block\n");
+ else
+ printf("... server would write block\n");
#ifdef _WIN32
Sleep(1000);
#else
sleep(1);
#endif
ret = SSL_accept(ssl);
+ err = SSL_get_error(ssl, 0);
}
if (ret != SSL_SUCCESS)
ServerError(ctx, ssl, clientfd, "SSL_accept failed");
@@ -78,14 +83,14 @@
SSL* ssl = SSL_new(ctx);
SSL_set_fd(ssl, clientfd);
-
+
#ifdef NON_BLOCKING
NonBlockingSSL_Accept(ssl, ctx, clientfd);
#else
if (SSL_accept(ssl) != SSL_SUCCESS)
ServerError(ctx, ssl, clientfd, "SSL_accept failed");
#endif
-
+
showPeer(ssl);
printf("Using Cipher Suite: %s\n", SSL_get_cipher(ssl));
@@ -93,7 +98,7 @@
int input = SSL_read(ssl, command, sizeof(command));
if (input > 0) {
command[input] = 0;
- printf("First client command: %s\n", command);
+ printf("First client command: %s\n", command);
}
char msg[] = "I hear you, fa shizzle!";
diff -Nru mysql-5.5-5.5.20/extra/yassl/include/buffer.hpp mysql-5.5-5.5.22/extra/yassl/include/buffer.hpp
--- mysql-5.5-5.5.20/extra/yassl/include/buffer.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/include/buffer.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -46,12 +46,6 @@
const uint AUTO = 0xFEEDBEEF;
-// Checking Policy should implement a check function that tests whether the
-// index is within the size limit of the array
-struct Check {
- void check(uint i, uint limit);
-};
-
struct NoCheck {
void check(uint, uint);
@@ -66,7 +60,7 @@
* write to the buffer bulk wise and have the correct size
*/
-class input_buffer : public Check {
+class input_buffer : public NoCheck {
uint size_; // number of elements in buffer
uint current_; // current offset position in buffer
byte* buffer_; // storage for buffer
@@ -132,7 +126,7 @@
* Not using vector because need checked []access and the ability to
* write to the buffer bulk wise and retain correct size
*/
-class output_buffer : public Check {
+class output_buffer : public NoCheck {
uint current_; // current offset and elements in buffer
byte* buffer_; // storage for buffer
byte* end_; // end of storage marker
diff -Nru mysql-5.5-5.5.20/extra/yassl/include/openssl/ssl.h mysql-5.5-5.5.22/extra/yassl/include/openssl/ssl.h
--- mysql-5.5-5.5.20/extra/yassl/include/openssl/ssl.h 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/include/openssl/ssl.h 2012-03-02 19:44:46.000000000 +0000
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005-2007 MySQL AB, 2008 Sun Microsystems, Inc.
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms.
This program is free software; you can redistribute it and/or modify
@@ -30,12 +30,12 @@
#include "prefix_ssl.h"
#endif
-#include /* ERR_print fp */
+#include /* ERR_print fp */
#include "opensslv.h" /* for version number */
#include "rsa.h"
-#define YASSL_VERSION "1.7.2"
+#define YASSL_VERSION "2.2.0"
#if defined(__cplusplus)
@@ -43,9 +43,9 @@
#endif
void yaSSL_CleanUp(); /* call once at end of application use to
- free static singleton memory holders,
- not a leak per se, but helpful when
- looking for them */
+ free static singleton memory holders,
+ not a leak per se, but helpful when
+ looking for them */
#if defined(__cplusplus)
} // extern
@@ -70,11 +70,11 @@
class X509;
class X509_NAME;
#else
- typedef struct SSL SSL;
+ typedef struct SSL SSL;
typedef struct SSL_SESSION SSL_SESSION;
- typedef struct SSL_METHOD SSL_METHOD;
- typedef struct SSL_CTX SSL_CTX;
- typedef struct SSL_CIPHER SSL_CIPHER;
+ typedef struct SSL_METHOD SSL_METHOD;
+ typedef struct SSL_CTX SSL_CTX;
+ typedef struct SSL_CIPHER SSL_CIPHER;
typedef struct RSA RSA;
@@ -107,6 +107,15 @@
/* X509 stuff, different file? */
+/* because mySQL dereferences to use error and current_cert, even after calling
+ * get functions for local references */
+typedef struct X509_STORE_CTX {
+ int error;
+ int error_depth;
+ X509* current_cert;
+} X509_STORE_CTX;
+
+
typedef struct X509_STORE X509_STORE;
typedef struct X509_LOOKUP X509_LOOKUP;
typedef struct X509_OBJECT { char c; } X509_OBJECT;
@@ -125,16 +134,6 @@
-/* because mySQL dereferences to use error and current_cert, even after calling
- * get functions for local references */
-typedef struct X509_STORE_CTX {
- int error;
- int error_depth;
- X509* current_cert;
-} X509_STORE_CTX;
-
-
-
X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
int X509_STORE_CTX_get_error(X509_STORE_CTX*);
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
@@ -205,7 +204,7 @@
int SSL_set_fd (SSL*, YASSL_SOCKET_T);
YASSL_SOCKET_T SSL_get_fd(const SSL*);
int SSL_connect(SSL*); /* if you get an error from connect
- see note at top of REAMDE */
+ see note at top of README */
int SSL_write(SSL*, const void*, int);
int SSL_read(SSL*, void*, int);
int SSL_accept(SSL*);
@@ -351,11 +350,11 @@
SSL_ERROR_ZERO_RETURN = 84,
SSL_ERROR_SSL = 85,
- SSL_SENT_SHUTDOWN = 90,
- SSL_RECEIVED_SHUTDOWN = 91,
+ SSL_ST_CONNECT = 90,
+ SSL_ST_ACCEPT = 91,
SSL_CB_LOOP = 92,
- SSL_ST_CONNECT = 93,
- SSL_ST_ACCEPT = 94,
+ SSL_SENT_SHUTDOWN = 93,
+ SSL_RECEIVED_SHUTDOWN = 94,
SSL_CB_ALERT = 95,
SSL_CB_READ = 96,
SSL_CB_HANDSHAKE_DONE = 97
@@ -366,7 +365,7 @@
SSL_METHOD *SSLv3_method(void);
SSL_METHOD *SSLv3_server_method(void);
SSL_METHOD *SSLv3_client_method(void);
-SSL_METHOD *TLSv1_server_method(void);
+SSL_METHOD *TLSv1_server_method(void);
SSL_METHOD *TLSv1_client_method(void);
SSL_METHOD *TLSv1_1_server_method(void);
SSL_METHOD *TLSv1_1_client_method(void);
diff -Nru mysql-5.5-5.5.20/extra/yassl/include/socket_wrapper.hpp mysql-5.5-5.5.22/extra/yassl/include/socket_wrapper.hpp
--- mysql-5.5-5.5.20/extra/yassl/include/socket_wrapper.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/include/socket_wrapper.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -26,7 +26,6 @@
#ifndef yaSSL_SOCKET_WRAPPER_HPP
#define yaSSL_SOCKET_WRAPPER_HPP
-#include
#ifdef _WIN32
#include
@@ -73,7 +72,8 @@
uint get_ready() const;
socket_t get_fd() const;
- uint send(const byte* buf, unsigned int len, int flags = 0) const;
+ uint send(const byte* buf, unsigned int len, unsigned int& sent,
+ int flags = 0);
uint receive(byte* buf, unsigned int len, int flags = 0);
bool wait();
diff -Nru mysql-5.5-5.5.20/extra/yassl/include/yassl_int.hpp mysql-5.5-5.5.22/extra/yassl/include/yassl_int.hpp
--- mysql-5.5-5.5.20/extra/yassl/include/yassl_int.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/include/yassl_int.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -168,7 +168,7 @@
// openSSL X509 names
class X509_NAME {
- char* name_;
+ char* name_;
size_t sz_;
ASN1_STRING entry_;
public:
@@ -246,11 +246,11 @@
SSL_SESSION(const SSL&, RandomPool&);
~SSL_SESSION();
- const opaque* GetID() const;
- const opaque* GetSecret() const;
- const Cipher* GetSuite() const;
- uint GetBornOn() const;
- uint GetTimeOut() const;
+ const opaque* GetID() const;
+ const opaque* GetSecret() const;
+ const Cipher* GetSuite() const;
+ uint GetBornOn() const;
+ uint GetTimeOut() const;
X509* GetPeerX509() const;
void SetTimeOut(uint);
@@ -417,33 +417,33 @@
public:
typedef STL::list CertList;
private:
- SSL_METHOD* method_;
- x509* certificate_;
- x509* privateKey_;
- CertList caList_;
- Ciphers ciphers_;
- DH_Parms dhParms_;
+ SSL_METHOD* method_;
+ x509* certificate_;
+ x509* privateKey_;
+ CertList caList_;
+ Ciphers ciphers_;
+ DH_Parms dhParms_;
pem_password_cb passwordCb_;
void* userData_;
bool sessionCacheOff_;
bool sessionCacheFlushOff_;
- Stats stats_;
- Mutex mutex_; // for Stats
+ Stats stats_;
+ Mutex mutex_; // for Stats
VerifyCallback verifyCallback_;
public:
explicit SSL_CTX(SSL_METHOD* meth);
~SSL_CTX();
- const x509* getCert() const;
- const x509* getKey() const;
- const SSL_METHOD* getMethod() const;
- const Ciphers& GetCiphers() const;
- const DH_Parms& GetDH_Parms() const;
- const Stats& GetStats() const;
- VerifyCallback getVerifyCallback() const;
+ const x509* getCert() const;
+ const x509* getKey() const;
+ const SSL_METHOD* getMethod() const;
+ const Ciphers& GetCiphers() const;
+ const DH_Parms& GetDH_Parms() const;
+ const Stats& GetStats() const;
+ const VerifyCallback getVerifyCallback() const;
pem_password_cb GetPasswordCb() const;
void* GetUserData() const;
- bool GetSessionCacheOff() const;
+ bool GetSessionCacheOff() const;
bool GetSessionCacheFlushOff() const;
void setVerifyPeer();
@@ -532,10 +532,13 @@
public:
typedef STL::list inputList;
typedef STL::list outputList;
+ int prevSent; // previous plain text bytes sent when got WANT_WRITE
+ int plainSz; // plain text bytes in buffer to send when got WANT_WRITE
private:
- inputList dataList_; // list of users app data / handshake
- outputList handShakeList_; // buffered handshake msgs
- input_buffer* rawInput_; // buffered raw input yet to process
+ inputList dataList_; // list of users app data / handshake
+ outputList handShakeList_; // buffered handshake msgs
+ input_buffer* rawInput_; // buffered raw input yet to process
+ output_buffer* output_; // WANT_WRITE buffered output
public:
Buffers();
~Buffers();
@@ -546,11 +549,13 @@
inputList& useData();
outputList& useHandShake();
- void SetRawInput(input_buffer*); // takes ownership
- input_buffer* TakeRawInput(); // takes ownership
+ void SetRawInput(input_buffer*); // takes ownership
+ input_buffer* TakeRawInput(); // takes ownership
+ void SetOutput(output_buffer*); // takes ownership
+ output_buffer* TakeOutput(); // takes ownership
private:
Buffers(const Buffers&); // hide copy
- Buffers& operator=(const Buffers&); // and assign
+ Buffers& operator=(const Buffers&); // and assign
};
@@ -652,6 +657,7 @@
void deriveKeys();
void deriveTLSKeys();
void Send(const byte*, uint);
+ void SendWriteBuffered();
uint bufferedData();
uint get_SEQIncrement(bool);
diff -Nru mysql-5.5-5.5.20/extra/yassl/include/yassl_types.hpp mysql-5.5-5.5.22/extra/yassl/include/yassl_types.hpp
--- mysql-5.5-5.5.20/extra/yassl/include/yassl_types.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/include/yassl_types.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -26,7 +26,6 @@
#define yaSSL_TYPES_HPP
#include
-#include
#include "type_traits.hpp"
@@ -37,6 +36,13 @@
#endif
+#ifdef _MSC_VER
+ // disable conversion warning
+ // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+ #pragma warning(disable:4244 4996)
+#endif
+
+
namespace yaSSL {
#define YASSL_LIB
@@ -63,29 +69,29 @@
template
void ysDelete(T* ptr)
{
- if (ptr) ptr->~T();
- ::operator delete(ptr, yaSSL::ys);
+ if (ptr) ptr->~T();
+ ::operator delete(ptr, yaSSL::ys);
}
template
void ysArrayDelete(T* ptr)
{
- // can't do array placement destruction since not tracking size in
- // allocation, only allow builtins to use array placement since they
- // don't need destructors called
- typedef char builtin[TaoCrypt::IsFundamentalType::Yes ? 1 : -1];
- (void)sizeof(builtin);
+ // can't do array placement destruction since not tracking size in
+ // allocation, only allow builtins to use array placement since they
+ // don't need destructors called
+ typedef char builtin[TaoCrypt::IsFundamentalType::Yes ? 1 : -1];
+ (void)sizeof(builtin);
- ::operator delete[](ptr, yaSSL::ys);
+ ::operator delete[](ptr, yaSSL::ys);
}
#define NEW_YS new (yaSSL::ys)
// to resolve compiler generated operator delete on base classes with
- // virtual destructors (when on stack), make sure doesn't get called
+ // virtual destructors (when on stack)
class virtual_base {
public:
- static void operator delete(void*) { assert(0); }
+ static void operator delete(void*) { }
};
@@ -124,7 +130,7 @@
typedef unsigned int uint;
-
+
#ifdef USE_SYS_STL
// use system STL
#define STL_VECTOR_FILE
diff -Nru mysql-5.5-5.5.20/extra/yassl/INSTALL mysql-5.5-5.5.22/extra/yassl/INSTALL
--- mysql-5.5-5.5.20/extra/yassl/INSTALL 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/INSTALL 2012-03-02 19:44:46.000000000 +0000
@@ -1,13 +1,19 @@
-Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
-Foundation, Inc.
+Installation Instructions
+*************************
- This file is free documentation; the Free Software Foundation gives
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006 Free Software Foundation, Inc.
+
+This file is free documentation; the Free Software Foundation gives
unlimited permission to copy, distribute and modify it.
Basic Installation
==================
- These are generic installation instructions.
+Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package. The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
@@ -20,9 +26,9 @@
It can also use an optional file (typically called `config.cache'
and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring. (Caching is
+the results of its tests to speed up reconfiguring. Caching is
disabled by default to prevent problems with accidental use of stale
-cache files.)
+cache files.
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
@@ -32,20 +38,17 @@
may remove or edit it.
The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'. You only need
-`configure.ac' if you want to change it or regenerate `configure' using
-a newer version of `autoconf'.
+`configure' by a program called `autoconf'. You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
- `./configure' to configure the package for your system. If you're
- using `csh' on an old version of System V, you might need to type
- `sh ./configure' instead to prevent `csh' from trying to execute
- `configure' itself.
+ `./configure' to configure the package for your system.
- Running `configure' takes awhile. While running, it prints some
- messages telling which features it is checking for.
+ Running `configure' might take a while. While running, it prints
+ some messages telling which features it is checking for.
2. Type `make' to compile the package.
@@ -67,51 +70,49 @@
Compilers and Options
=====================
- Some systems require unusual options for compilation or linking that
-the `configure' script does not know about. Run `./configure --help'
-for details on some of the pertinent environment variables.
+Some systems require unusual options for compilation or linking that the
+`configure' script does not know about. Run `./configure --help' for
+details on some of the pertinent environment variables.
You can give `configure' initial values for configuration parameters
by setting variables in the command line or in the environment. Here
is an example:
- ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix
*Note Defining Variables::, for more details.
Compiling For Multiple Architectures
====================================
- You can compile the package for more than one kind of computer at the
+You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
-own directory. To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'. `cd' to the
+own directory. To do this, you can use GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
- If you have to use a `make' that does not support the `VPATH'
-variable, you have to compile the package for one architecture at a
-time in the source code directory. After you have installed the
-package for one architecture, use `make distclean' before reconfiguring
-for another architecture.
+ With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory. After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
Installation Names
==================
- By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc. You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
+By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc. You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
In addition, if you use an unusual directory layout you can give
-options like `--bindir=PATH' to specify different values for particular
+options like `--bindir=DIR' to specify different values for particular
kinds of files. Run `configure --help' for a list of the directories
you can set and what kinds of files go in them.
@@ -122,7 +123,7 @@
Optional Features
=================
- Some packages pay attention to `--enable-FEATURE' options to
+Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
@@ -137,11 +138,11 @@
Specifying the System Type
==========================
- There may be some features `configure' cannot figure out
-automatically, but needs to determine by the type of machine the package
-will run on. Usually, assuming the package is built to be run on the
-_same_ architectures, `configure' can figure that out, but if it prints
-a message saying it cannot guess the machine type, give it the
+There may be some features `configure' cannot figure out automatically,
+but needs to determine by the type of machine the package will run on.
+Usually, assuming the package is built to be run on the _same_
+architectures, `configure' can figure that out, but if it prints a
+message saying it cannot guess the machine type, give it the
`--build=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name which has the form:
@@ -156,7 +157,7 @@
need to know the machine type.
If you are _building_ compiler tools for cross-compiling, you should
-use the `--target=TYPE' option to select the type of system they will
+use the option `--target=TYPE' to select the type of system they will
produce code for.
If you want to _use_ a cross compiler, that generates code for a
@@ -167,9 +168,9 @@
Sharing Defaults
================
- If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
+If you want to set default values for `configure' scripts to share, you
+can create a site shell script called `config.site' that gives default
+values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
@@ -178,7 +179,7 @@
Defining Variables
==================
- Variables not defined in a site shell script can be set in the
+Variables not defined in a site shell script can be set in the
environment passed to `configure'. However, some packages may run
configure again during the build, and the customized values of these
variables may be lost. In order to avoid this problem, you should set
@@ -186,14 +187,18 @@
./configure CC=/usr/local2/bin/gcc
-will cause the specified gcc to be used as the C compiler (unless it is
+causes the specified `gcc' to be used as the C compiler (unless it is
overridden in the site shell script).
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug. Until the bug is fixed you can use this workaround:
+
+ CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
`configure' Invocation
======================
- `configure' recognizes the following options to control how it
-operates.
+`configure' recognizes the following options to control how it operates.
`--help'
`-h'
diff -Nru mysql-5.5-5.5.20/extra/yassl/README mysql-5.5-5.5.22/extra/yassl/README
--- mysql-5.5-5.5.20/extra/yassl/README 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/README 2012-03-02 19:44:46.000000000 +0000
@@ -1,3 +1,120 @@
+*** Note, Please read ***
+
+yaSSL takes a different approach to certificate verification than OpenSSL does.
+The default policy for the client is to verify the server, this means that if
+you don't load CAs to verify the server you'll get a connect error, unable to
+verify. It you want to mimic OpenSSL behavior of not verifying the server and
+reducing security you can do this by calling:
+
+SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+before calling SSL_new();
+
+*** end Note ***
+
+yaSSL Release notes, version 2.1.2 (9/2/2011)
+
+ This release of yaSSL contains bug fixes, better non-blocking support with
+ SSL_write, and OpenSSL RSA public key format support.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.0.0 (7/6/2010)
+
+ This release of yaSSL contains bug fixes, new testing certs,
+ and a security patch for a potential heap overflow on forged application
+ data processing. Vulnerability discovered by Matthieu Bonetti from VUPEN
+ Security http://www.vupen.com.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.9 (1/26/2010)
+
+ This release of yaSSL contains bug fixes, the removal of assert() s and
+ a security patch for a buffer overflow possibility in certificate name
+ processing.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.8 (10/14/09)
+
+ This release of yaSSL contains bug fixes and adds new stream ciphers
+ Rabbit and HC-128
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.6 (11/13/08)
+
+ This release of yaSSL contains bug fixes, adds autconf shared library
+ support and has better server suite detection based on certficate and
+ private key.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.2 (9/24/08)
+
+ This release of yaSSL contains bug fixes and improved certificate verify
+ callback support.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.8.8 (5/7/08)
+
+ This release of yaSSL contains bug fixes, and better socket handling.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.8.6 (1/31/08)
+
+ This release of yaSSL contains bug fixes, and fixes security problems
+ associated with using SSL 2.0 client hellos and improper input handling.
+ Please upgrade to this version if you are using a previous one.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.7.5 (10/15/07)
+
+ This release of yaSSL contains bug fixes, adds MSVC 2005 project support,
+ GCC 4.2 support, IPV6 support and test, and new test certificates.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.7.2 (8/20/07)
+
+ This release of yaSSL contains bug fixes and adds initial OpenVPN support.
+ Just configure at this point and beginning of build.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.6.8 (4/16/07)
+
+ This release of yaSSL contains bug fixes and adds SHA-256, SHA-512, SHA-224,
+ and SHA-384.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
*****************yaSSL Release notes, version 1.6.0 (2/22/07)
This release of yaSSL contains bug fixes, portability enhancements, and
@@ -13,7 +130,7 @@
- Since yaSSL now supports zlib, as does libcur, the libcurl build test can
+ Since yaSSL now supports zlib, as does libcurl, the libcurl build test can
fail if yaSSL is built with zlib support since the zlib library isn't
passed. You can do two things to fix this:
@@ -518,7 +635,7 @@
*********************
Contact: please send comments or questions to Todd A Ouska at todd@yassl.com
-and/or Larry Stefonic at larry@yassl.com or 425-741-6858.
+and/or Larry Stefonic at larry@yassl.com.
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/buffer.cpp mysql-5.5-5.5.22/extra/yassl/src/buffer.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/buffer.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/buffer.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -32,14 +32,6 @@
-// Checking Policy should implement a check function that tests whether the
-// index is within the size limit of the array
-
-void Check::check(uint i, uint limit)
-{
- assert(i < limit);
-}
-
void NoCheck::check(uint, uint)
{
@@ -83,7 +75,6 @@
// users can pass defualt zero length buffer and then allocate
void input_buffer::allocate(uint s)
{
- assert(!buffer_); // find realloc error
buffer_ = NEW_YS byte[s];
end_ = buffer_ + s;
}
@@ -141,7 +132,6 @@
// user passes in AUTO index for ease of use
const byte& input_buffer::operator[](uint i)
{
- assert (i == AUTO);
check(current_, size_);
return buffer_[current_++];
}
@@ -238,7 +228,6 @@
// users can pass defualt zero length buffer and then allocate
void output_buffer::allocate(uint s)
{
- assert(!buffer_); // find realloc error
buffer_ = NEW_YS byte[s]; end_ = buffer_ + s;
}
@@ -254,7 +243,6 @@
// user passes in AUTO as index for ease of use
byte& output_buffer::operator[](uint i)
{
- assert(i == AUTO);
check(current_, get_capacity());
return buffer_[current_++];
}
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/cert_wrapper.cpp mysql-5.5-5.5.22/extra/yassl/src/cert_wrapper.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/cert_wrapper.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/cert_wrapper.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -250,7 +250,8 @@
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
- if (int err = cert.GetError().What())
+ int err = cert.GetError().What();
+ if ( err )
return err;
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
@@ -266,7 +267,7 @@
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
int err = cert.GetError().What();
- if ( err )
+ if ( err && err != TaoCrypt::SIG_OTHER_E)
return err;
uint sz = cert.GetPublicKey().size();
@@ -327,7 +328,6 @@
// Store OpenSSL type peer's cert
void CertManager::setPeerX509(X509* x)
{
- assert(peerX509_ == 0);
if (x == 0) return;
X509_NAME* issuer = x->GetIssuer();
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/crypto_wrapper.cpp mysql-5.5-5.5.22/extra/yassl/src/crypto_wrapper.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/crypto_wrapper.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/crypto_wrapper.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -955,7 +955,7 @@
}
// get blank line
if (fgets(line, sizeof(line), file))
- begin = ftell(file);
+ begin = ftell(file);
}
}
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/handshake.cpp mysql-5.5-5.5.22/extra/yassl/src/handshake.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/handshake.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/handshake.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -50,7 +50,7 @@
hello.suite_len_ = ssl.getSecurity().get_parms().suites_size_;
memcpy(hello.cipher_suites_, ssl.getSecurity().get_parms().suites_,
hello.suite_len_);
- hello.comp_len_ = 1;
+ hello.comp_len_ = 1;
hello.set_length(sizeof(ProtocolVersion) +
RAN_LEN +
@@ -528,8 +528,9 @@
input.read(len, sizeof(len));
uint16 randomLen;
ato16(len, randomLen);
+
if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN ||
- randomLen > RAN_LEN) {
+ randomLen > RAN_LEN) {
ssl.SetError(bad_input);
return;
}
@@ -707,7 +708,7 @@
{
// wait for input if blocking
if (!ssl.useSocket().wait()) {
- ssl.SetError(receive_error);
+ ssl.SetError(receive_error);
return 0;
}
uint ready = ssl.getSocket().get_ready();
@@ -750,8 +751,8 @@
if (static_cast(RECORD_HEADER) > buffer.get_remaining())
needHdr = true;
else {
- buffer >> hdr;
- ssl.verifyState(hdr);
+ buffer >> hdr;
+ ssl.verifyState(hdr);
}
// make sure we have enough input in buffer to process this record
@@ -789,9 +790,8 @@
void processReply(SSL& ssl)
{
if (ssl.GetError()) return;
-
- if (DoProcessReply(ssl))
- {
+
+ if (DoProcessReply(ssl)) {
// didn't complete process
if (!ssl.getSocket().IsNonBlocking()) {
// keep trying now, blocking ok
@@ -857,6 +857,7 @@
if (ssl.GetError()) return;
ServerKeyExchange sk(ssl);
sk.build(ssl);
+ if (ssl.GetError()) return;
RecordLayerHeader rlHeader;
HandShakeHeader hsHeader;
@@ -875,8 +876,7 @@
// send change cipher
void sendChangeCipher(SSL& ssl, BufferOutput buffer)
{
- if (ssl.getSecurity().get_parms().entity_ == server_end)
- {
+ if (ssl.getSecurity().get_parms().entity_ == server_end) {
if (ssl.getSecurity().get_resuming())
ssl.verifyState(clientKeyExchangeComplete);
else
@@ -913,7 +913,7 @@
}
else {
if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
- GetSessions().add(ssl); // store session
+ GetSessions().add(ssl); // store session
if (side == client_end)
buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
}
@@ -929,12 +929,22 @@
// send data
int sendData(SSL& ssl, const void* buffer, int sz)
{
+ int sent = 0;
+
if (ssl.GetError() == YasslError(SSL_ERROR_WANT_READ))
ssl.SetError(no_error);
+ if (ssl.GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+ ssl.SetError(no_error);
+ ssl.SendWriteBuffered();
+ if (!ssl.GetError()) {
+ // advance sent to prvevious sent + plain size just sent
+ sent = ssl.useBuffers().prevSent + ssl.useBuffers().plainSz;
+ }
+ }
+
ssl.verfiyHandShakeComplete();
if (ssl.GetError()) return -1;
- int sent = 0;
for (;;) {
int len = min(sz - sent, MAX_RECORD_SIZE);
@@ -943,6 +953,8 @@
Data data;
+ if (sent == sz) break;
+
if (ssl.CompressionOn()) {
if (Compress(static_cast(buffer) + sent, len,
tmp) == -1) {
@@ -957,9 +969,14 @@
buildMessage(ssl, out, data);
ssl.Send(out.get_buffer(), out.get_size());
- if (ssl.GetError()) return -1;
+ if (ssl.GetError()) {
+ if (ssl.GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+ ssl.useBuffers().plainSz = len;
+ ssl.useBuffers().prevSent = sent;
+ }
+ return -1;
+ }
sent += len;
- if (sent == sz) break;
}
ssl.useLog().ShowData(sent, true);
return sent;
@@ -992,7 +1009,7 @@
if (peek)
ssl.PeekData(data);
else
- ssl.fillData(data);
+ ssl.fillData(data);
ssl.useLog().ShowData(data.get_length());
if (ssl.GetError()) return -1;
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/socket_wrapper.cpp mysql-5.5-5.5.22/extra/yassl/src/socket_wrapper.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/socket_wrapper.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/socket_wrapper.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -109,19 +109,28 @@
}
-uint Socket::send(const byte* buf, unsigned int sz, int flags) const
+uint Socket::send(const byte* buf, unsigned int sz, unsigned int& written,
+ int flags)
{
const byte* pos = buf;
const byte* end = pos + sz;
+ wouldBlock_ = false;
+
while (pos != end) {
int sent = ::send(socket_, reinterpret_cast(pos),
static_cast(end - pos), flags);
-
- if (sent == -1)
- return 0;
-
+ if (sent == -1) {
+ if (get_lastError() == SOCKET_EWOULDBLOCK ||
+ get_lastError() == SOCKET_EAGAIN) {
+ wouldBlock_ = true; // would have blocked this time only
+ nonBlocking_ = true; // nonblocking, win32 only way to tell
+ return 0;
+ }
+ return static_cast(-1);
+ }
pos += sent;
+ written += sent;
}
return sz;
@@ -140,8 +149,8 @@
get_lastError() == SOCKET_EAGAIN) {
wouldBlock_ = true; // would have blocked this time only
nonBlocking_ = true; // socket nonblocking, win32 only way to tell
- return 0;
- }
+ return 0;
+ }
}
else if (recvd == 0)
return static_cast(-1);
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/ssl.cpp mysql-5.5-5.5.22/extra/yassl/src/ssl.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/ssl.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/ssl.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -252,60 +252,73 @@
if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
ssl->SetError(no_error);
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+
+ ssl->SetError(no_error);
+ ssl->SendWriteBuffered();
+ if (!ssl->GetError())
+ ssl->useStates().UseConnect() =
+ ConnectState(ssl->getStates().GetConnect() + 1);
+ }
+
ClientState neededState;
switch (ssl->getStates().GetConnect()) {
case CONNECT_BEGIN :
- sendClientHello(*ssl);
+ sendClientHello(*ssl);
if (!ssl->GetError())
ssl->useStates().UseConnect() = CLIENT_HELLO_SENT;
case CLIENT_HELLO_SENT :
neededState = ssl->getSecurity().get_resuming() ?
- serverFinishedComplete : serverHelloDoneComplete;
- while (ssl->getStates().getClient() < neededState) {
- if (ssl->GetError()) break;
- processReply(*ssl);
- }
+ serverFinishedComplete : serverHelloDoneComplete;
+ while (ssl->getStates().getClient() < neededState) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ // if resumption failed, reset needed state
+ if (neededState == serverFinishedComplete)
+ if (!ssl->getSecurity().get_resuming())
+ neededState = serverHelloDoneComplete;
+ }
if (!ssl->GetError())
ssl->useStates().UseConnect() = FIRST_REPLY_DONE;
case FIRST_REPLY_DONE :
- if(ssl->getCrypto().get_certManager().sendVerify())
- sendCertificate(*ssl);
+ if(ssl->getCrypto().get_certManager().sendVerify())
+ sendCertificate(*ssl);
- if (!ssl->getSecurity().get_resuming())
- sendClientKeyExchange(*ssl);
+ if (!ssl->getSecurity().get_resuming())
+ sendClientKeyExchange(*ssl);
- if(ssl->getCrypto().get_certManager().sendVerify())
- sendCertificateVerify(*ssl);
+ if(ssl->getCrypto().get_certManager().sendVerify())
+ sendCertificateVerify(*ssl);
- sendChangeCipher(*ssl);
- sendFinished(*ssl, client_end);
- ssl->flushBuffer();
+ sendChangeCipher(*ssl);
+ sendFinished(*ssl, client_end);
+ ssl->flushBuffer();
if (!ssl->GetError())
ssl->useStates().UseConnect() = FINISHED_DONE;
case FINISHED_DONE :
- if (!ssl->getSecurity().get_resuming())
- while (ssl->getStates().getClient() < serverFinishedComplete) {
- if (ssl->GetError()) break;
- processReply(*ssl);
- }
+ if (!ssl->getSecurity().get_resuming())
+ while (ssl->getStates().getClient() < serverFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
if (!ssl->GetError())
ssl->useStates().UseConnect() = SECOND_REPLY_DONE;
case SECOND_REPLY_DONE :
- ssl->verifyState(serverFinishedComplete);
- ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+ ssl->verifyState(serverFinishedComplete);
+ ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
if (ssl->GetError()) {
GetErrors().Add(ssl->GetError());
- return SSL_FATAL_ERROR;
+ return SSL_FATAL_ERROR;
}
- return SSL_SUCCESS;
+ return SSL_SUCCESS;
default :
return SSL_FATAL_ERROR; // unkown state
@@ -331,27 +344,36 @@
if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
ssl->SetError(no_error);
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+
+ ssl->SetError(no_error);
+ ssl->SendWriteBuffered();
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() =
+ AcceptState(ssl->getStates().GetAccept() + 1);
+ }
+
switch (ssl->getStates().GetAccept()) {
case ACCEPT_BEGIN :
- processReply(*ssl);
+ processReply(*ssl);
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_FIRST_REPLY_DONE;
case ACCEPT_FIRST_REPLY_DONE :
- sendServerHello(*ssl);
+ sendServerHello(*ssl);
- if (!ssl->getSecurity().get_resuming()) {
- sendCertificate(*ssl);
+ if (!ssl->getSecurity().get_resuming()) {
+ sendCertificate(*ssl);
- if (ssl->getSecurity().get_connection().send_server_key_)
- sendServerKeyExchange(*ssl);
+ if (ssl->getSecurity().get_connection().send_server_key_)
+ sendServerKeyExchange(*ssl);
- if(ssl->getCrypto().get_certManager().verifyPeer())
- sendCertificateRequest(*ssl);
+ if(ssl->getCrypto().get_certManager().verifyPeer())
+ sendCertificateRequest(*ssl);
- sendServerHelloDone(*ssl);
- ssl->flushBuffer();
+ sendServerHelloDone(*ssl);
+ ssl->flushBuffer();
}
if (!ssl->GetError())
@@ -359,40 +381,40 @@
case SERVER_HELLO_DONE :
if (!ssl->getSecurity().get_resuming()) {
- while (ssl->getStates().getServer() < clientFinishedComplete) {
- if (ssl->GetError()) break;
- processReply(*ssl);
+ while (ssl->getStates().getServer() < clientFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
}
- }
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_SECOND_REPLY_DONE;
case ACCEPT_SECOND_REPLY_DONE :
- sendChangeCipher(*ssl);
- sendFinished(*ssl, server_end);
- ssl->flushBuffer();
+ sendChangeCipher(*ssl);
+ sendFinished(*ssl, server_end);
+ ssl->flushBuffer();
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_FINISHED_DONE;
case ACCEPT_FINISHED_DONE :
- if (ssl->getSecurity().get_resuming()) {
- while (ssl->getStates().getServer() < clientFinishedComplete) {
- if (ssl->GetError()) break;
- processReply(*ssl);
- }
- }
+ if (ssl->getSecurity().get_resuming()) {
+ while (ssl->getStates().getServer() < clientFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
+ }
if (!ssl->GetError())
ssl->useStates().UseAccept() = ACCEPT_THIRD_REPLY_DONE;
case ACCEPT_THIRD_REPLY_DONE :
- ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+ ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
if (ssl->GetError()) {
GetErrors().Add(ssl->GetError());
- return SSL_FATAL_ERROR;
+ return SSL_FATAL_ERROR;
}
- return SSL_SUCCESS;
+ return SSL_SUCCESS;
default:
return SSL_FATAL_ERROR; // unknown state
@@ -1097,7 +1119,6 @@
ivLeft -= store;
}
}
- assert(keyOutput == (keyLen + ivLen));
return keyOutput;
}
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/yassl.cpp mysql-5.5-5.5.22/extra/yassl/src/yassl.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/yassl.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/yassl.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -69,13 +69,13 @@
if (base.ca_)
if (SSL_CTX_load_verify_locations(base.ctx_,
- base.ca_, 0) != SSL_SUCCESS) assert(0);
+ base.ca_, 0) != SSL_SUCCESS) throw(0);
if (base.cert_)
if (SSL_CTX_use_certificate_file(base.ctx_,
- base.cert_, SSL_FILETYPE_PEM) != SSL_SUCCESS) assert(0);
+ base.cert_, SSL_FILETYPE_PEM) != SSL_SUCCESS) throw(0);
if (base.key_)
if (SSL_CTX_use_PrivateKey_file(base.ctx_, base.key_,
- SSL_FILETYPE_PEM) != SSL_SUCCESS) assert(0);
+ SSL_FILETYPE_PEM) != SSL_SUCCESS) throw(0);
if (end == server_end) SetDH(base);
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/yassl_error.cpp mysql-5.5-5.5.22/extra/yassl/src/yassl_error.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/yassl_error.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/yassl_error.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -31,6 +31,11 @@
#pragma warning(disable: 4996)
#endif
+#ifdef _MSC_VER
+ // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+ #pragma warning(disable: 4996)
+#endif
+
namespace yaSSL {
@@ -59,8 +64,9 @@
{
using namespace TaoCrypt;
const int max = MAX_ERROR_SZ; // shorthand
+ int localError = error; // errors from a few enums
- switch (error) {
+ switch (localError) {
// yaSSL proper errors
case range_error :
@@ -121,7 +127,7 @@
case certificate_error :
strncpy(buffer, "unable to proccess cerificate", max);
- break;
+ break;
case privateKey_error :
strncpy(buffer, "unable to proccess private key, bad format", max);
@@ -130,7 +136,7 @@
case badVersion_error :
strncpy(buffer, "protocol version mismatch", max);
break;
-
+
case compress_error :
strncpy(buffer, "compression error", max);
break;
@@ -148,6 +154,10 @@
strncpy(buffer, "the read operation would block", max);
break;
+ case SSL_ERROR_WANT_WRITE :
+ strncpy(buffer, "the write operation would block", max);
+ break;
+
case CERTFICATE_ERROR :
strncpy(buffer, "Unable to verify certificate", max);
break;
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/yassl_imp.cpp mysql-5.5-5.5.22/extra/yassl/src/yassl_imp.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/yassl_imp.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/yassl_imp.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -117,7 +117,7 @@
if (*dhClient.get_agreedKey() == 0)
ssl.set_preMaster(dhClient.get_agreedKey() + 1, keyLength - 1);
else
- ssl.set_preMaster(dhClient.get_agreedKey(), keyLength);
+ ssl.set_preMaster(dhClient.get_agreedKey(), keyLength);
}
@@ -135,8 +135,7 @@
mySTL::auto_ptr auth;
const CertManager& cert = ssl.getCrypto().get_certManager();
- if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo)
- {
+ if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
if (cert.get_keyType() != rsa_sa_algo) {
ssl.SetError(privateKey_error);
return;
@@ -925,8 +924,6 @@
void Data::SetData(uint16 len, const opaque* buffer)
{
- assert(write_buffer_ == 0);
-
length_ = len;
write_buffer_ = buffer;
}
@@ -992,6 +989,11 @@
int dataSz = msgSz - ivExtra - digestSz - pad - padSz;
opaque verify[SHA_LEN];
+ if (dataSz < 0) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
const byte* rawData = input.get_buffer() + input.get_current();
// read data
@@ -1006,10 +1008,10 @@
tmp.get_buffer(), tmp.get_size()));
}
else {
- input_buffer* data;
- ssl.addData(data = NEW_YS input_buffer(dataSz));
- input.read(data->get_buffer(), dataSz);
- data->add_size(dataSz);
+ input_buffer* data;
+ ssl.addData(data = NEW_YS input_buffer(dataSz));
+ input.read(data->get_buffer(), dataSz);
+ data->add_size(dataSz);
}
if (ssl.isTLS())
@@ -1085,19 +1087,37 @@
uint32 list_sz;
byte tmp[3];
+ if (input.get_remaining() < sizeof(tmp)) {
+ ssl.SetError(YasslError(bad_input));
+ return;
+ }
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
tmp[2] = input[AUTO];
c24to32(tmp, list_sz);
+
+ if (list_sz > (uint)MAX_RECORD_SIZE) { // sanity check
+ ssl.SetError(YasslError(bad_input));
+ return;
+ }
while (list_sz) {
// cert size
uint32 cert_sz;
+
+ if (input.get_remaining() < sizeof(tmp)) {
+ ssl.SetError(YasslError(bad_input));
+ return;
+ }
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
tmp[2] = input[AUTO];
c24to32(tmp, cert_sz);
+ if (cert_sz > (uint)MAX_RECORD_SIZE || input.get_remaining() < cert_sz){
+ ssl.SetError(YasslError(bad_input));
+ return;
+ }
x509* myCert;
cm.AddPeerCert(myCert = NEW_YS x509(cert_sz));
input.read(myCert->use_buffer(), myCert->get_length());
@@ -1294,12 +1314,11 @@
ssl.set_pending(cipher_suite_[1]);
ssl.set_random(random_, server_end);
if (id_len_)
- ssl.set_sessionID(session_id_);
+ ssl.set_sessionID(session_id_);
else
ssl.useSecurity().use_connection().sessionID_Set_ = false;
- if (ssl.getSecurity().get_resuming())
- {
+ if (ssl.getSecurity().get_resuming()) {
if (memcmp(session_id_, ssl.getSecurity().get_resume().GetID(),
ID_LEN) == 0) {
ssl.set_masterSecret(ssl.getSecurity().get_resume().GetSecret());
@@ -1423,7 +1442,7 @@
if (hello.id_len_) input.read(hello.session_id_, ID_LEN);
// Suites
- byte tmp[2];
+ byte tmp[2];
uint16 len;
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
@@ -1431,8 +1450,8 @@
hello.suite_len_ = min(len, static_cast(MAX_SUITE_SZ));
input.read(hello.cipher_suites_, hello.suite_len_);
- if (len > hello.suite_len_) // ignore extra suites
- input.set_current(input.get_current() + len - hello.suite_len_);
+ if (len > hello.suite_len_) // ignore extra suites
+ input.set_current(input.get_current() + len - hello.suite_len_);
// Compression
hello.comp_len_ = input[AUTO];
@@ -1496,8 +1515,9 @@
if (ssl.GetMultiProtocol()) { // SSLv23 support
if (ssl.isTLS() && client_version_.minor_ < 1) {
// downgrade to SSLv3
- ssl.useSecurity().use_connection().TurnOffTLS();
- ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
+ ssl.useSecurity().use_connection().TurnOffTLS();
+
+ ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
bool removeDH = ssl.getSecurity().get_parms().removeDH_;
bool removeRSA = false;
bool removeDSA = false;
@@ -1511,7 +1531,7 @@
// reset w/ SSL suites
ssl.useSecurity().use_parms().SetSuites(pv, removeDH, removeRSA,
removeDSA);
- }
+ }
else if (ssl.isTLSv1_1() && client_version_.minor_ == 1)
// downgrade to TLSv1, but use same suites
ssl.useSecurity().use_connection().TurnOffTLS1_1();
@@ -1542,6 +1562,7 @@
ssl.set_session(session);
ssl.useSecurity().set_resuming(true);
ssl.matchSuite(session->GetSuite(), SUITE_LEN);
+ if (ssl.GetError()) return;
ssl.set_pending(ssl.getSecurity().get_parms().suite_[1]);
ssl.set_masterSecret(session->GetSecret());
@@ -2038,7 +2059,7 @@
// verify hashes
const Finished& verify = ssl.getHashes().get_verify();
uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ;
-
+
input.read(hashes_.md5_, finishedSz);
if (memcmp(&hashes_, &verify.hashes_, finishedSz)) {
diff -Nru mysql-5.5-5.5.20/extra/yassl/src/yassl_int.cpp mysql-5.5-5.5.22/extra/yassl/src/yassl_int.cpp
--- mysql-5.5-5.5.20/extra/yassl/src/yassl_int.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/src/yassl_int.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -308,8 +308,9 @@
SetError(YasslError(err));
return;
}
- else if (serverSide && !(ctx->GetCiphers().setSuites_)) {
+ else if (serverSide && ctx->GetCiphers().setSuites_ == 0) {
// remove RSA or DSA suites depending on cert key type
+ // but don't override user sets
ProtocolVersion pv = secure_.get_connection().version_;
bool removeDH = secure_.use_parms().removeDH_;
@@ -1128,8 +1129,28 @@
void SSL::Send(const byte* buffer, uint sz)
{
- if (socket_.send(buffer, sz) != sz)
- SetError(send_error);
+ unsigned int sent = 0;
+
+ if (socket_.send(buffer, sz, sent) != sz) {
+ if (socket_.WouldBlock()) {
+ buffers_.SetOutput(NEW_YS output_buffer(sz - sent, buffer + sent,
+ sz - sent));
+ SetError(YasslError(SSL_ERROR_WANT_WRITE));
+ }
+ else
+ SetError(send_error);
+ }
+}
+
+
+void SSL::SendWriteBuffered()
+{
+ output_buffer* out = buffers_.TakeOutput();
+
+ if (out) {
+ mySTL::auto_ptr tmp(out);
+ Send(out->get_buffer(), out->get_size());
+ }
}
@@ -1291,7 +1312,6 @@
if (secure_.use_parms().suites_[i] == peer[j]) {
secure_.use_parms().suite_[0] = 0x00;
secure_.use_parms().suite_[1] = peer[j];
-
return;
}
@@ -1435,7 +1455,6 @@
void SSL_SESSION::CopyX509(X509* x)
{
- assert(peerX509_ == 0);
if (x == 0) return;
X509_NAME* issuer = x->GetIssuer();
@@ -1833,7 +1852,7 @@
}
-VerifyCallback SSL_CTX::getVerifyCallback() const
+const VerifyCallback SSL_CTX::getVerifyCallback() const
{
return verifyCallback_;
}
@@ -2232,7 +2251,7 @@
}
-Buffers::Buffers() : rawInput_(0)
+Buffers::Buffers() : prevSent(0), plainSz(0), rawInput_(0), output_(0)
{}
@@ -2243,12 +2262,18 @@
STL::for_each(dataList_.begin(), dataList_.end(),
del_ptr_zero()) ;
ysDelete(rawInput_);
+ ysDelete(output_);
+}
+
+
+void Buffers::SetOutput(output_buffer* ob)
+{
+ output_ = ob;
}
void Buffers::SetRawInput(input_buffer* ib)
{
- assert(rawInput_ == 0);
rawInput_ = ib;
}
@@ -2262,6 +2287,15 @@
}
+output_buffer* Buffers::TakeOutput()
+{
+ output_buffer* ret = output_;
+ output_ = 0;
+
+ return ret;
+}
+
+
const Buffers::inputList& Buffers::getData() const
{
return dataList_;
@@ -2536,14 +2570,12 @@
// these versions should never get called
int Compress(const byte* in, int sz, input_buffer& buffer)
{
- assert(0);
return -1;
}
int DeCompress(input_buffer& in, int sz, input_buffer& out)
{
- assert(0);
return -1;
}
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/benchmark/benchmark.cpp mysql-5.5-5.5.22/extra/yassl/taocrypt/benchmark/benchmark.cpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/benchmark/benchmark.cpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/benchmark/benchmark.cpp 2012-03-02 19:44:46.000000000 +0000
@@ -117,7 +117,7 @@
double persec = 1 / total * megs;
- printf("3DES %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("3DES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -137,7 +137,7 @@
double persec = 1 / total * megs;
if (show)
- printf("AES %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("AES %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -156,7 +156,7 @@
double persec = 1 / total * megs;
- printf("Twofish %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("Twofish %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -176,7 +176,7 @@
double persec = 1 / total * megs;
- printf("Blowfish %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("Blowfish %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -195,7 +195,7 @@
double persec = 1 / total * megs;
- printf("ARC4 %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("ARC4 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -217,7 +217,7 @@
double persec = 1 / total * megs;
- printf("MD5 %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("MD5 %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -245,7 +245,7 @@
double persec = 1 / total * megs;
- printf("SHA %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("SHA %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -267,7 +267,7 @@
double persec = 1 / total * megs;
- printf("RIPEMD %d megs took %5.3f seconds, %5.2f MB/s\n", megs, total,
+ printf("RIPEMD %d megs took %5.3f seconds, %6.2f MB/s\n", megs, total,
persec);
}
@@ -290,7 +290,7 @@
byte message[] = "Everyone gets Friday off.";
byte cipher[128]; // for 1024 bit
byte plain[128]; // for 1024 bit
- const int len = strlen((char*)message);
+ const int len = (word32)strlen((char*)message);
int i;
double start = current_time();
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/benchmark/benchmark.dsp mysql-5.5-5.5.22/extra/yassl/taocrypt/benchmark/benchmark.dsp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/benchmark/benchmark.dsp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/benchmark/benchmark.dsp 2012-03-02 19:44:46.000000000 +0000
@@ -49,8 +49,8 @@
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
!ELSEIF "$(CFG)" == "benchmark - Win32 Debug"
@@ -64,7 +64,7 @@
# PROP Output_Dir "Debug"
# PROP Intermediate_Dir "Debug"
# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
+# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
# ADD CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /I "..\include" /I "..\mySTL" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
@@ -72,8 +72,8 @@
# ADD BASE BSC32 /nologo
# ADD BSC32 /nologo
LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
+# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
!ENDIF
Binary files /tmp/BFkNYwQDHp/mysql-5.5-5.5.20/extra/yassl/taocrypt/benchmark/dh1024.der and /tmp/u8w54JxzCZ/mysql-5.5-5.5.22/extra/yassl/taocrypt/benchmark/dh1024.der differ
Binary files /tmp/BFkNYwQDHp/mysql-5.5-5.5.20/extra/yassl/taocrypt/benchmark/dsa1024.der and /tmp/u8w54JxzCZ/mysql-5.5-5.5.22/extra/yassl/taocrypt/benchmark/dsa1024.der differ
Binary files /tmp/BFkNYwQDHp/mysql-5.5-5.5.20/extra/yassl/taocrypt/benchmark/rsa1024.der and /tmp/u8w54JxzCZ/mysql-5.5-5.5.22/extra/yassl/taocrypt/benchmark/rsa1024.der differ
Binary files /tmp/BFkNYwQDHp/mysql-5.5-5.5.20/extra/yassl/taocrypt/certs/client-cert.der and /tmp/u8w54JxzCZ/mysql-5.5-5.5.22/extra/yassl/taocrypt/certs/client-cert.der differ
Binary files /tmp/BFkNYwQDHp/mysql-5.5-5.5.20/extra/yassl/taocrypt/certs/client-key.der and /tmp/u8w54JxzCZ/mysql-5.5-5.5.22/extra/yassl/taocrypt/certs/client-key.der differ
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/certs/dh1024.dat mysql-5.5-5.5.22/extra/yassl/taocrypt/certs/dh1024.dat
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/certs/dh1024.dat 1970-01-01 00:00:00.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/certs/dh1024.dat 2012-03-02 19:44:46.000000000 +0000
@@ -0,0 +1 @@
+30818702818100DA9A18547FF03B385CC16508C173A7EF4EB61CB40EF8FEF3B31F145051676166BCDC3FE6B799FC394D08C26385F9413F896E09117E46209D6923602683CEA100924A6EE695281775C619DAA94EA8CB3691B4275B0183F1D39639EBC92995FE645D6C1BC28D409E585549BBD2C5DCDD6C208B04EADD8B7A6D997F72CBAD88390F020102
\ No newline at end of file
Binary files /tmp/BFkNYwQDHp/mysql-5.5-5.5.20/extra/yassl/taocrypt/certs/dsa512.der and /tmp/u8w54JxzCZ/mysql-5.5-5.5.22/extra/yassl/taocrypt/certs/dsa512.der differ
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/CMakeLists.txt mysql-5.5-5.5.22/extra/yassl/taocrypt/CMakeLists.txt
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/CMakeLists.txt 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/CMakeLists.txt 2012-03-02 19:44:46.000000000 +0000
@@ -20,12 +20,14 @@
ADD_DEFINITIONS(${SSL_DEFINES})
SET(TAOCRYPT_SOURCES src/aes.cpp src/aestables.cpp src/algebra.cpp src/arc4.cpp src/asn.cpp src/coding.cpp
src/des.cpp src/dh.cpp src/dsa.cpp src/file.cpp src/hash.cpp src/integer.cpp src/md2.cpp
- src/md4.cpp src/md5.cpp src/misc.cpp src/random.cpp src/ripemd.cpp src/rsa.cpp src/sha.cpp
+ src/md4.cpp src/md5.cpp src/misc.cpp src/random.cpp src/ripemd.cpp src/rsa.cpp src/sha.cpp
+ src/rabbit.cpp src/hc128.cpp
include/aes.hpp include/algebra.hpp include/arc4.hpp include/asn.hpp include/block.hpp
include/coding.hpp include/des.hpp include/dh.hpp include/dsa.hpp include/dsa.hpp
include/error.hpp include/file.hpp include/hash.hpp include/hmac.hpp include/integer.hpp
include/md2.hpp include/md5.hpp include/misc.hpp include/modarith.hpp include/modes.hpp
- include/random.hpp include/ripemd.hpp include/rsa.hpp include/sha.hpp)
+ include/random.hpp include/ripemd.hpp include/rsa.hpp include/sha.hpp
+ include/rabbit.hpp include/hc128.hpp)
IF(HAVE_EXPLICIT_TEMPLATE_INSTANTIATION)
SET(TAOCRYPT_SOURCES ${TAOCRYPT_SOURCES} src/template_instnt.cpp)
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/asn.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/asn.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/asn.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/asn.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -167,6 +167,7 @@
void Decode(RSA_PublicKey&);
private:
void ReadHeader();
+ void ReadHeaderOpenSSL();
};
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/block.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/block.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/block.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/block.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -61,10 +61,6 @@
void destroy(pointer p) {p->~T();}
size_type max_size() const {return ~size_type(0)/sizeof(T);}
protected:
- static void CheckSize(size_t n)
- {
- assert(n <= ~size_t(0) / sizeof(T));
- }
};
@@ -101,7 +97,8 @@
pointer allocate(size_type n, const void* = 0)
{
- this->CheckSize(n);
+ if (n > this->max_size())
+ return 0;
if (n == 0)
return 0;
return NEW_TC T[n];
@@ -144,9 +141,8 @@
return *this;
}
- T& operator[] (word32 i) { assert(i < sz_); return buffer_[i]; }
- const T& operator[] (word32 i) const
- { assert(i < sz_); return buffer_[i]; }
+ T& operator[] (word32 i) { return buffer_[i]; }
+ const T& operator[] (word32 i) const { return buffer_[i]; }
T* operator+ (word32 i) { return buffer_ + i; }
const T* operator+ (word32 i) const { return buffer_ + i; }
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/blowfish.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/blowfish.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/blowfish.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/blowfish.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -59,11 +59,11 @@
void SetKey(const byte* key, word32 sz, CipherDir fake = ENCRYPTION);
void SetIV(const byte* iv) { memcpy(r_, iv, BLOCK_SIZE); }
private:
- static const word32 p_init_[ROUNDS + 2];
- static const word32 s_init_[4 * 256];
+ static const word32 p_init_[ROUNDS + 2];
+ static const word32 s_init_[4 * 256];
- word32 pbox_[ROUNDS + 2 + 4 * 256];
- word32* sbox_;
+ word32 pbox_[ROUNDS + 2 + 4 * 256];
+ word32* sbox_;
void crypt_block(const word32 in[2], word32 out[2]) const;
void AsmProcess(const byte* in, byte* out) const;
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/des.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/des.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/des.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/des.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -84,7 +84,7 @@
// DES_EDE3
class DES_EDE3 : public Mode_BASE {
public:
- DES_EDE3(CipherDir DIR, Mode MODE)
+ DES_EDE3(CipherDir DIR, Mode MODE)
: Mode_BASE(DES_BLOCK_SIZE, DIR, MODE) {}
void SetKey(const byte*, word32, CipherDir dir);
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/file.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/file.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/file.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/file.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -1,5 +1,5 @@
/*
- Copyright (C) 2000-2007 MySQL AB
+ Copyright (C) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -39,25 +39,32 @@
explicit Source(word32 sz = 0) : buffer_(sz), current_(0) {}
Source(const byte* b, word32 sz) : buffer_(b, sz), current_(0) {}
+ word32 remaining() { if (GetError().What()) return 0;
+ else return buffer_.size() - current_; }
word32 size() const { return buffer_.size(); }
void grow(word32 sz) { buffer_.CleanGrow(sz); }
+
+ bool IsLeft(word32 sz) { if (remaining() >= sz) return true;
+ else { SetError(CONTENT_E); return false; } }
const byte* get_buffer() const { return buffer_.get_buffer(); }
const byte* get_current() const { return &buffer_[current_]; }
word32 get_index() const { return current_; }
- void set_index(word32 i) { current_ = i; }
+ void set_index(word32 i) { if (i < size()) current_ = i; }
byte operator[] (word32 i) { current_ = i; return next(); }
- byte next() { return buffer_[current_++]; }
- byte prev() { return buffer_[--current_]; }
+ byte next() { if (IsLeft(1)) return buffer_[current_++]; else return 0; }
+ byte prev() { if (current_) return buffer_[--current_]; else return 0; }
void add(const byte* data, word32 len)
{
- memcpy(buffer_.get_buffer() + current_, data, len);
- current_ += len;
+ if (IsLeft(len)) {
+ memcpy(buffer_.get_buffer() + current_, data, len);
+ current_ += len;
+ }
}
- void advance(word32 i) { current_ += i; }
+ void advance(word32 i) { if (IsLeft(i)) current_ += i; }
void reset(ByteBlock&);
Error GetError() { return error_; }
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/hash.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/hash.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/hash.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/hash.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -63,8 +63,8 @@
word32 buffLen_; // in bytes
HashLengthType loLen_; // length in bytes
HashLengthType hiLen_; // length in bytes
- word32 digest_[MaxDigestSz];
- word32 buffer_[MaxBufferSz / sizeof(word32)];
+ word32 digest_[MaxDigestSz];
+ word32 buffer_[MaxBufferSz / sizeof(word32)];
virtual void Transform() = 0;
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/hc128.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/hc128.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/hc128.hpp 1970-01-01 00:00:00.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/hc128.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -0,0 +1,63 @@
+/*
+ Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* hc128.hpp defines HC128
+*/
+
+
+#ifndef TAO_CRYPT_HC128_HPP
+#define TAO_CRYPT_HC128_HPP
+
+#include "misc.hpp"
+
+namespace TaoCrypt {
+
+
+// HC128 encryption and decryption
+class HC128 {
+public:
+
+ typedef HC128 Encryption;
+ typedef HC128 Decryption;
+
+
+ HC128() {}
+
+ void Process(byte*, const byte*, word32);
+ void SetKey(const byte*, const byte*);
+private:
+ word32 T_[1024]; /* P[i] = T[i]; Q[i] = T[1024 + i ]; */
+ word32 X_[16];
+ word32 Y_[16];
+ word32 counter1024_; /* counter1024 = i mod 1024 at the ith step */
+ word32 key_[8];
+ word32 iv_[8];
+
+ void SetIV(const byte*);
+ void GenerateKeystream(word32*);
+ void SetupUpdate();
+
+ HC128(const HC128&); // hide copy
+ const HC128 operator=(const HC128&); // and assign
+};
+
+} // namespace
+
+
+#endif // TAO_CRYPT_HC128_HPP
+
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/integer.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/integer.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/integer.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/integer.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -110,13 +110,6 @@
#endif
-// general MIN
-template inline
-const T& min(const T& a, const T& b)
-{
- return a < b ? a : b;
-}
-
// general MAX
template inline
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/kernelc.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/kernelc.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/kernelc.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/kernelc.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -30,17 +30,5 @@
extern "C" void* memset(void*, int, size_t);
extern "C" void printk(char *fmt, ...);
-#define KERN_ERR "<3>" /* error conditions */
-
-#if defined(NDEBUG)
- #define assert(p) ((void)0)
-#else
- #define assert(expr) \
- if (!(expr)) { \
- printk(KERN_ERR "Assertion failed! %s,%s,%s,line=%d\n", \
- #expr,__FILE__,__FUNCTION__,__LINE__); }
-#endif
-
-
#endif // TAOCRYPT_KERNELC_HPP
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/misc.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/misc.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/misc.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/misc.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -24,7 +24,6 @@
#if !defined(DO_TAOCRYPT_KERNEL_MODE)
#include
- #include
#include
#else
#include "kernelc.hpp"
@@ -62,30 +61,30 @@
template
void tcDelete(T* ptr)
{
- if (ptr) ptr->~T();
- ::operator delete(ptr, TaoCrypt::tc);
+ if (ptr) ptr->~T();
+ ::operator delete(ptr, TaoCrypt::tc);
}
template
void tcArrayDelete(T* ptr)
{
- // can't do array placement destruction since not tracking size in
- // allocation, only allow builtins to use array placement since they
- // don't need destructors called
- typedef char builtin[IsFundamentalType::Yes ? 1 : -1];
- (void)sizeof(builtin);
+ // can't do array placement destruction since not tracking size in
+ // allocation, only allow builtins to use array placement since they
+ // don't need destructors called
+ typedef char builtin[IsFundamentalType::Yes ? 1 : -1];
+ (void)sizeof(builtin);
- ::operator delete[](ptr, TaoCrypt::tc);
+ ::operator delete[](ptr, TaoCrypt::tc);
}
#define NEW_TC new (TaoCrypt::tc)
// to resolve compiler generated operator delete on base classes with
- // virtual destructors (when on stack), make sure doesn't get called
+ // virtual destructors (when on stack)
class virtual_base {
public:
- static void operator delete(void*) { assert(0); }
+ static void operator delete(void*) { }
};
#else // YASSL_PURE_C
@@ -366,7 +365,6 @@
template
inline T2 ModPowerOf2(T1 a, T2 b)
{
- assert(IsPowerOf2(b));
return T2(a) & (b-1);
}
@@ -409,14 +407,12 @@
template inline T rotlFixed(T x, unsigned int y)
{
- assert(y < sizeof(T)*8);
- return (x<>(sizeof(T)*8-y));
+ return (x<>(sizeof(T)*8-y));
}
template inline T rotrFixed(T x, unsigned int y)
{
- assert(y < sizeof(T)*8);
- return (x>>y) | (x<<(sizeof(T)*8-y));
+ return (x>>y) | (x<<(sizeof(T)*8-y));
}
#ifdef INTEL_INTRINSICS
@@ -425,13 +421,11 @@
template<> inline word32 rotlFixed(word32 x, word32 y)
{
- assert(y < 32);
return y ? _lrotl(x, y) : x;
}
template<> inline word32 rotrFixed(word32 x, word32 y)
{
- assert(y < 32);
return y ? _lrotr(x, y) : x;
}
@@ -441,7 +435,9 @@
#undef min
#endif
-inline word32 min(word32 a, word32 b)
+
+template
+inline const T& min(const T& a, const T& b)
{
return a < b ? a : b;
}
@@ -486,7 +482,6 @@
template
inline void ByteReverse(T* out, const T* in, word32 byteCount)
{
- assert(byteCount % sizeof(T) == 0);
word32 count = byteCount/sizeof(T);
for (word32 i=0; i(block));
return ByteReverseIf(*reinterpret_cast(block), order);
- }
else
return UnalignedGetWord(order, block);
}
@@ -699,7 +691,6 @@
{
if (assumeAligned)
{
- assert(IsAligned(block));
if (xorBlock)
*reinterpret_cast(block) = ByteReverseIf(value, order)
^ *reinterpret_cast(xorBlock);
@@ -812,7 +803,6 @@
inline
word ShiftWordsLeftByBits(word* r, unsigned int n, unsigned int shiftBits)
{
- assert (shiftBits=0; i--)
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/modes.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/modes.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/modes.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/modes.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -61,9 +61,7 @@
explicit Mode_BASE(int sz, CipherDir dir, Mode mode)
: blockSz_(sz), reg_(reinterpret_cast(r_)),
tmp_(reinterpret_cast(t_)), dir_(dir), mode_(mode)
- {
- assert(sz <= MaxBlockSz);
- }
+ {}
virtual ~Mode_BASE() {}
virtual void Process(byte*, const byte*, word32);
@@ -96,8 +94,7 @@
{
if (mode_ == ECB)
ECB_Process(out, in, sz);
- else if (mode_ == CBC)
- {
+ else if (mode_ == CBC) {
if (dir_ == ENCRYPTION)
CBC_Encrypt(out, in, sz);
else
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/pwdbased.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/pwdbased.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/pwdbased.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/pwdbased.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -48,8 +48,9 @@
word32 pLen, const byte* salt, word32 sLen,
word32 iterations) const
{
- assert(dLen <= MaxDerivedKeyLength());
- assert(iterations > 0);
+ if (dLen > MaxDerivedKeyLength())
+ return 0;
+
ByteBlock buffer(T::DIGEST_SIZE);
HMAC hmac;
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/rabbit.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/rabbit.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/rabbit.hpp 1970-01-01 00:00:00.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/rabbit.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -0,0 +1,65 @@
+/*
+ Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* rabbit.hpp defines Rabbit
+*/
+
+
+#ifndef TAO_CRYPT_RABBIT_HPP
+#define TAO_CRYPT_RABBIT_HPP
+
+#include "misc.hpp"
+
+namespace TaoCrypt {
+
+
+// Rabbit encryption and decryption
+class Rabbit {
+public:
+
+ typedef Rabbit Encryption;
+ typedef Rabbit Decryption;
+
+ enum RabbitCtx { Master = 0, Work = 1 };
+
+ Rabbit() {}
+
+ void Process(byte*, const byte*, word32);
+ void SetKey(const byte*, const byte*);
+private:
+ struct Ctx {
+ word32 x[8];
+ word32 c[8];
+ word32 carry;
+ };
+
+ Ctx masterCtx_;
+ Ctx workCtx_;
+
+ void NextState(RabbitCtx);
+ void SetIV(const byte*);
+
+ Rabbit(const Rabbit&); // hide copy
+ const Rabbit operator=(const Rabbit&); // and assign
+};
+
+} // namespace
+
+
+#endif // TAO_CRYPT_RABBIT_HPP
+
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/rsa.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/rsa.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/rsa.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/rsa.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -178,7 +178,8 @@
RandomNumberGenerator& rng)
{
PK_Lengths lengths(key_.GetModulus());
- assert(sz <= lengths.FixedMaxPlaintextLength());
+ if (sz > lengths.FixedMaxPlaintextLength())
+ return;
ByteBlock paddedBlock(lengths.PaddedBlockByteLength());
padding_.Pad(plain, sz, paddedBlock.get_buffer(),
@@ -195,7 +196,6 @@
RandomNumberGenerator& rng)
{
PK_Lengths lengths(key_.GetModulus());
- assert(sz == lengths.FixedCiphertextLength());
if (sz != lengths.FixedCiphertextLength())
return 0;
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/runtime.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/runtime.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/runtime.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/runtime.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -31,7 +31,6 @@
#ifdef __sun
-#include
// Handler for pure virtual functions
namespace __Crun {
@@ -46,9 +45,7 @@
#if __GNUC__ > 2
extern "C" {
-#if !defined(DO_TAOCRYPT_KERNEL_MODE)
- #include
-#else
+#if defined(DO_TAOCRYPT_KERNEL_MODE)
#include "kernelc.hpp"
#endif
int __cxa_pure_virtual () __attribute__ ((weak));
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/include/types.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/include/types.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/include/types.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/include/types.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -62,7 +62,7 @@
// compilers we've found 64-bit multiply insructions for
#if defined(__GNUC__) || defined(_MSC_VER) || defined(__DECCXX)
#if !(defined(__ICC) || defined(__INTEL_COMPILER))
- #define HAVE_64_MULTIPLY
+ #define HAVE_64_MULTIPLY
#endif
#endif
diff -Nru mysql-5.5-5.5.20/extra/yassl/taocrypt/mySTL/stdexcept.hpp mysql-5.5-5.5.22/extra/yassl/taocrypt/mySTL/stdexcept.hpp
--- mysql-5.5-5.5.20/extra/yassl/taocrypt/mySTL/stdexcept.hpp 2011-12-16 19:52:06.000000000 +0000
+++ mysql-5.5-5.5.22/extra/yassl/taocrypt/mySTL/stdexcept.hpp 2012-03-02 19:44:46.000000000 +0000
@@ -26,7 +26,6 @@
#include