diff --git a/.bzrfileids b/.bzrfileids index c4363b8637a..d5a1a80f45d 100644 Binary files a/.bzrfileids and b/.bzrfileids differ diff --git a/VERSION b/VERSION index e7e4a95de53..9d67751a150 100644 --- a/VERSION +++ b/VERSION @@ -1,4 +1,4 @@ MYSQL_VERSION_MAJOR=5 MYSQL_VERSION_MINOR=5 -MYSQL_VERSION_PATCH=39 +MYSQL_VERSION_PATCH=40 MYSQL_VERSION_EXTRA=.t18-dev diff --git a/client/mysql.cc b/client/mysql.cc index 8089e7f524f..a232d40e3e6 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -1250,6 +1250,16 @@ int main(int argc,char *argv[]) sig_handler mysql_end(int sig) { +#ifndef _WIN32 + /* + Ingnoring SIGQUIT and SIGINT signals when cleanup process starts. + This will help in resolving the double free issues, which occures in case + the signal handler function is started in between the clean up function. + */ + signal(SIGQUIT, SIG_IGN); + signal(SIGINT, SIG_IGN); +#endif + mysql_close(&mysql); #ifdef HAVE_READLINE if (!status.batch && !quick && !opt_html && !opt_xml && diff --git a/cmake/dtrace.cmake b/cmake/dtrace.cmake index 66b07c03e9b..0a772ca2ba8 100644 --- a/cmake/dtrace.cmake +++ b/cmake/dtrace.cmake @@ -37,7 +37,15 @@ MACRO(CHECK_DTRACE) # On FreeBSD, dtrace does not handle userland tracing yet IF(DTRACE AND NOT CMAKE_SYSTEM_NAME MATCHES "FreeBSD" AND NOT BUGGY_GCC_NO_DTRACE_MODULES) - SET(ENABLE_DTRACE ON CACHE BOOL "Enable dtrace") + # 5.5 not able to do Sun dtrace on linux, just disable it + EXECUTE_PROCESS( + COMMAND ${DTRACE} -V + OUTPUT_VARIABLE out) + IF(out MATCHES "Sun D" AND CMAKE_SYSTEM_NAME MATCHES "Linux") + SET(ENABLE_DTRACE OFF CACHE BOOL "Sun DTrace on Linux not supported") + ELSE() + SET(ENABLE_DTRACE ON CACHE BOOL "Enable dtrace") + ENDIF() ENDIF() SET(HAVE_DTRACE ${ENABLE_DTRACE}) IF(CMAKE_SYSTEM_NAME MATCHES "SunOS") diff --git a/extra/yassl/README b/extra/yassl/README index 2c144815f19..b18e2baeea8 100644 --- a/extra/yassl/README +++ b/extra/yassl/README @@ -12,15 +12,31 @@ before calling SSL_new(); *** end Note *** -yaSSL Release notes, version 2.3.0 (12/5/2013) +yaSSL Release notes, version 2.3.4 (8/15/2014) - This release of yaSSL updates asm for newer GCC versions. + This release of yaSSL adds checking to the input_buffer class itself. See normal build instructions below under 1.0.6. See libcurl build instructions below under 1.3.0 and note in 1.5.8. -*****************yaSSL Release notes, version 2.2.3b (4/23/2013) +yaSSL Release notes, version 2.3.2 (7/25/2014) + + This release of yaSSL updates test certs. + +See normal build instructions below under 1.0.6. +See libcurl build instructions below under 1.3.0 and note in 1.5.8. + + +*****************yaSSL Release notes, version 2.3.0 (12/5/2013) + + This release of yaSSL updates asm for newer GCC versions. + +See normal build instructions below under 1.0.6. +See libcurl build instructions below under 1.3.0 and note in 1.5.8. + + +*****************yaSSL Release notes, version 2.2.3 (4/23/2013) This release of yaSSL updates the test certificates as they were expired diff --git a/extra/yassl/certs/ca-cert.pem b/extra/yassl/certs/ca-cert.pem index b2dc6ae6ee3..7e64eb47961 100644 --- a/extra/yassl/certs/ca-cert.pem +++ b/extra/yassl/certs/ca-cert.pem @@ -1,45 +1,45 @@ -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD -VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G -A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3 -dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx -MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q -8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k -EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A -dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/ -mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ -CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O -BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd -P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u -dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV -BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG -9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513 -PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH -Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr -G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m -ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi -rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg== +MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf ++n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH +7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2 +DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB +VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq +Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - e9:d0:a7:5f:79:25:f4:3c - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + 9a:41:47:cd:a1:14:62:8c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:18:15 2011 GMT - Not After : Jul 20 18:18:15 2014 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 03:20:08 2014 GMT + Not After : Apr 6 03:20:08 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: @@ -64,24 +64,24 @@ Certificate: 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - serial:E9:D0:A7:5F:79:25:F4:3C + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:9A:41:47:CD:A1:14:62:8C X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26: - 4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6: - e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c: - f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e: - af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18: - 98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02: - 8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab: - 1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80: - 61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87: - 1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f: - 60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf: - 18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12: - f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4: - b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70: - 5a:1f:7f:ca + 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f: + fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca: + f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f: + 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4: + 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f: + ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3: + c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5: + b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a: + 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81: + 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74: + 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14: + e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9: + 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3: + bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f: + b2:b3:03:d8 diff --git a/extra/yassl/certs/client-cert.der b/extra/yassl/certs/client-cert.der index 9c2ef138bf6..293985adb97 100644 Binary files a/extra/yassl/certs/client-cert.der and b/extra/yassl/certs/client-cert.der differ diff --git a/extra/yassl/certs/client-cert.pem b/extra/yassl/certs/client-cert.pem index 278b43fe65c..38330d5380e 100644 --- a/extra/yassl/certs/client-cert.pem +++ b/extra/yassl/certs/client-cert.pem @@ -2,17 +2,17 @@ Certificate: Data: Version: 3 (0x2) Serial Number: - 87:4a:75:be:91:66:d8:3d - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com + b6:63:af:8f:5d:62:57:a0 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:21:55 2011 GMT - Not After : Jul 20 18:21:55 2014 GMT - Subject: C=US, ST=Oregon, L=Portland, O=yaSSL, OU=Programming, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 17:39:44 2014 GMT + Not After : Apr 6 17:39:44 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Programming, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: @@ -37,51 +37,51 @@ Certificate: 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 X509v3 Authority Key Identifier: keyid:33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 - DirName:/C=US/ST=Oregon/L=Portland/O=yaSSL/OU=Programming/CN=www.yassl.com/emailAddress=info@yassl.com - serial:87:4A:75:BE:91:66:D8:3D + DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Programming/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:B6:63:AF:8F:5D:62:57:A0 X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 1c:7c:42:81:29:9e:21:cf:d0:d8:c1:54:6f:cc:ae:14:09:38: - ff:68:98:9a:95:53:76:18:7b:e6:30:76:ec:28:0d:75:a7:de: - e0:cd:8e:d5:55:23:6a:47:2b:4e:8d:fc:7d:06:a3:d8:0f:ad: - 5e:d6:04:c9:00:33:fb:77:27:d3:b5:03:b3:7b:21:74:31:0b: - 4a:af:2d:1a:b3:93:8e:cc:f3:5f:3d:90:3f:cc:e3:55:19:91: - 7b:78:24:2e:4a:09:bb:18:4e:61:2d:9c:c6:0a:a0:34:91:88: - 70:6b:3b:48:47:bc:79:94:a2:a0:4d:32:47:54:c2:a3:dc:2e: - d2:51:4c:29:39:11:ff:e2:15:5e:58:97:36:f6:e9:06:06:86: - 0e:8d:9d:95:03:72:b2:8b:19:7c:e9:14:6e:a1:88:73:68:58: - 6d:71:5e:c2:d5:d3:13:d2:5f:de:ea:03:be:e2:00:40:e5:ce: - fd:e6:92:31:57:c3:eb:bb:66:ac:cb:2f:1a:fa:e0:62:a2:47: - f4:93:43:2a:4b:6c:5e:0a:2f:f9:e7:e6:4a:63:86:b0:ac:2a: - a1:eb:b4:5b:67:cd:32:e4:b6:11:4b:9a:72:66:0d:a2:4a:76: - 8f:fe:22:bc:83:fd:db:b7:d5:a9:ee:05:c9:b1:71:7e:1b:2b: - e1:e3:af:c0 + 85:10:90:c5:5d:de:25:8c:f2:57:7b:2d:14:1c:05:f9:71:63: + 40:b0:e3:c1:c1:2e:13:2a:7a:b7:d6:24:58:87:eb:03:fb:0d: + af:e0:f4:d0:c8:bc:51:36:10:4f:79:cc:4f:66:7d:af:99:cb: + 7b:ce:68:94:c6:36:aa:42:6e:8c:78:5b:b2:85:ca:d1:e1:a8: + 31:d1:81:d9:f9:c1:a3:9e:34:43:ef:0a:79:7d:3e:83:61:fc: + 14:5c:d1:dd:bc:0e:d7:51:b7:71:6e:41:7e:8b:2c:5a:9a:cb: + 77:4b:6a:f5:06:ff:02:af:1e:e6:63:4f:bc:44:d9:3f:56:9e: + 09:9c:43:f9:55:21:32:46:82:09:86:a9:7b:74:1c:9e:5a:2a: + bf:03:79:91:cb:f2:29:7f:c9:15:82:89:b9:53:cd:7e:07:90: + a9:5d:76:e1:19:5e:0d:58:b8:59:d5:0d:df:23:ab:6b:63:76: + 19:9e:9c:df:b0:57:49:6c:d0:86:97:c3:6c:3c:fa:e0:56:c2: + 1b:e3:a1:42:1a:58:62:85:9d:74:19:83:08:af:59:90:f8:99: + bd:67:d3:4a:ea:0e:c9:ca:61:8a:0d:8a:42:cc:90:e9:2e:c2: + 54:73:7f:5e:af:8d:e2:32:cb:45:20:d6:19:4d:5b:77:31:cc: + 0f:2d:c0:7e -----BEGIN CERTIFICATE----- -MIIEmDCCA4CgAwIBAgIJAIdKdb6RZtg9MA0GCSqGSIb3DQEBBQUAMIGOMQswCQYD -VQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwG -A1UEChMFeWFTU0wxFDASBgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cu -eWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTAeFw0xMTEw -MjQxODIxNTVaFw0xNDA3MjAxODIxNTVaMIGOMQswCQYDVQQGEwJVUzEPMA0GA1UE -CBMGT3JlZ29uMREwDwYDVQQHEwhQb3J0bGFuZDEOMAwGA1UEChMFeWFTU0wxFDAS -BgNVBAsTC1Byb2dyYW1taW5nMRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJ -KoZIhvcNAQkBFg5pbmZvQHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9amNrIHMo7Quml7xsNE -ntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/Zcx/ZSRppugUiVvk -NPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE79fGjSjXk4c6W3xt+ -v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX11JlJHOwzu8Zza7/ -eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8lTMTRefRx04ZAGBOw -Y7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB9jCB8zAdBgNVHQ4EFgQU -M9hFZtdohxh+VA1wJ5HHJteFZcAwgcMGA1UdIwSBuzCBuIAUM9hFZtdohxh+VA1w -J5HHJteFZcChgZSkgZEwgY4xCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24x -ETAPBgNVBAcTCFBvcnRsYW5kMQ4wDAYDVQQKEwV5YVNTTDEUMBIGA1UECxMLUHJv -Z3JhbW1pbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEW -DmluZm9AeWFzc2wuY29tggkAh0p1vpFm2D0wDAYDVR0TBAUwAwEB/zANBgkqhkiG -9w0BAQUFAAOCAQEAHHxCgSmeIc/Q2MFUb8yuFAk4/2iYmpVTdhh75jB27CgNdafe -4M2O1VUjakcrTo38fQaj2A+tXtYEyQAz+3cn07UDs3shdDELSq8tGrOTjszzXz2Q -P8zjVRmRe3gkLkoJuxhOYS2cxgqgNJGIcGs7SEe8eZSioE0yR1TCo9wu0lFMKTkR -/+IVXliXNvbpBgaGDo2dlQNysosZfOkUbqGIc2hYbXFewtXTE9Jf3uoDvuIAQOXO -/eaSMVfD67tmrMsvGvrgYqJH9JNDKktsXgov+efmSmOGsKwqoeu0W2fNMuS2EUua -cmYNokp2j/4ivIP927fVqe4FybFxfhsr4eOvwA== +MIIEqjCCA5KgAwIBAgIJALZjr49dYlegMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4G +A1UECgwHd29sZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNDA3MTExNzM5NDRaFw0xNzA0MDYxNzM5NDRaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEQMA4GA1UECgwHd29s +ZlNTTDEUMBIGA1UECwwLUHJvZ3JhbW1pbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIHR9am +NrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sDR5q/ +Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1EbDKE7 +9fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5AciIX +11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqsu/8l +TMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUM9hFZtdohxh+VA1wJ5HHJteFZcAwgckGA1UdIwSBwTCBvoAU +M9hFZtdohxh+VA1wJ5HHJteFZcChgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRAwDgYDVQQKDAd3b2xmU1NM +MRQwEgYDVQQLDAtQcm9ncmFtbWluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAtmOvj11iV6AwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAhRCQxV3eJYzyV3stFBwF+XFj +QLDjwcEuEyp6t9YkWIfrA/sNr+D00Mi8UTYQT3nMT2Z9r5nLe85olMY2qkJujHhb +soXK0eGoMdGB2fnBo540Q+8KeX0+g2H8FFzR3bwO11G3cW5BfossWprLd0tq9Qb/ +Aq8e5mNPvETZP1aeCZxD+VUhMkaCCYape3QcnloqvwN5kcvyKX/JFYKJuVPNfgeQ +qV124RleDVi4WdUN3yOra2N2GZ6c37BXSWzQhpfDbDz64FbCG+OhQhpYYoWddBmD +CK9ZkPiZvWfTSuoOycphig2KQsyQ6S7CVHN/Xq+N4jLLRSDWGU1bdzHMDy3Afg== -----END CERTIFICATE----- diff --git a/extra/yassl/certs/client-key.der b/extra/yassl/certs/client-key.der index 649406c4417..94dc253a2bd 100644 Binary files a/extra/yassl/certs/client-key.der and b/extra/yassl/certs/client-key.der differ diff --git a/extra/yassl/certs/client-keyEnc.pem b/extra/yassl/certs/client-keyEnc.pem index 6f29eac50c1..0097c0760a5 100644 --- a/extra/yassl/certs/client-keyEnc.pem +++ b/extra/yassl/certs/client-keyEnc.pem @@ -1,30 +1,12 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,B9D8FB94E38635AB +DEK-Info: DES-EDE3-CBC,BDE979D13CCC0ABD -3OTcffWLy2Ddlu2oUwnMWkvIb3e9wLL1jrKOpC0aeb//uiawgw50+KuU4pewB5fN -lfEJwpX4NjfPL+Nk+B1VAVrv5gwk5/SY9SwIJluutzmGS4TfVOhqi2SVd0mc9kOD -cSWQ9ltAohFu67jdx36j2u+eghDTOjls1lM8EpzL5cu3Bp4G+ST0nXAdnGtSZdV6 -eToLWjIHiC/JqeRSsKAlG0M5verw14sbb5MO4ZQF4Tdu0fCFgFvDSUM2V4ZLtS1N -VysLEkHoF56YKZ5H2FYLxOVDpn5lSiLnOgRbteEzsysyJ1zLxXWFFwJPCpLVNL0e -P7OoEoCR+oAdzGkkPF+EdMoULtQP+n6U7jGx3oFVS17NORIFvyxyP0hD4pGTGLnl -qAEk30lhKGAE5GgvA2itxZIno/sxPKr5T5Sc2yWh9RdQuLWYNrOb8Kz8J1iXV5l6 -/5TLGu5XVWIlBnUtjMFUe5M54tqGQ6SuDUlL2ud5YeLVN0T+RU/bqV2fXGoBUqKb -Oe8PECm62Ls0wjv27BIOXXV32WSXwsywSzBqq2YXZ5zc9Q0+Mf1Zl6jKwcr8rXhv -rA2kcpicONryggsPZnn/us1bVuWKndsCbm7A5om6HowpamNMPuxhISigzzE59L6X -X6Sl2F0N0zhrfUVlAAlfYTrwcQVtyBDj1xp2nzJFocurJt9EylLaT0Sw3nxWtuOg -yQuF05UPCzxqow/7dMVqtQKng0ptpsn/E+Kr/Egk1YaTpUUxref6mD3R1S+qWML8 -uqTa3y1CWd4u+aJZH2oZU3gmEd8GvuWnmhsw8iTyq1bzYIga1rQZqh4W5Ok9V+jR -GioT/x3mTIhtuEZ1Cmhne5qM3gWYgM3rC3D4+RnUFeThOC5lHtOYHtIEpg66cs7g -QYAn75ghEkyfG7ZvdxAU9Ngn6hckux9tFu3GmeEtdqhVOHaOMaYi60uGSk6uBnTv -P1sUqi70kMrIBWU7TgldKlTqVdReM87Nkb2O5v1xqtoswLWIi65hFWTqt/H65c1H -aEBG1cBqnqBMYuFk8b4TzZbuU9o1UKj0/6N5mpm//BmW65B0htEDP7IYpGF0mt0H -LkU+4ISmuLfPfQeviYio6/yASaFkHpxfK7N8CQvmyAG9U8FHRio2QCGSb2EO+BnT -Bti6L9oMiQbAsCLWTbvBhCVxdncFw1ncq8gkPMXjEEVUsqAo5Kg+903pRHUyHLzS -R6R3C6tTJnNtucJ0zqQMF3K1FHS1m8GrOm+hskJLTHgZLdz6tFTYkXfZBSCwIl7s -plg0wq9CrNC2B8MczWn/j3/h7qSI3wBNqADHMdoiOHECffCeyGEYjW3+0iMoj1m1 -wY0DIym4DDRzk6wsEesxVi8iiCVpYwWnjJAvWYECEO+hWuwCez+eGVkhCT/5g3xW -hPSRhivNuJT05tdR5o+yqONHn1eAQH7Ar3cj+neY5WC0iS5FK9axTqbHXotofD1e -pJX17ZVWsmIIpRvAWGD+LOcfTMZsaB9DJbkrPSWlMW3lC2S5JOq8OgfMNWIDDUN1 -guwpK5Z/lWV1qMMnaWeDVgPH/G0FssECXlCU5+/Ol654h8tm2bRXYAYHPM+OoW67 +N7yz2JV13EmQ7MZPL5wamid5+G1V1gp8FKqMemAC5JDxonS/W9oViMLUcxbfPTDx +FznKdYSVTIQ7vv3ofmDG4MEyV/2C568N2kdtAw+jTfrZFN+IU9CI+W+In/nacirF +02sAcvDMofustnooKNOO7/iyb5+3vRvEt5vSSRQn5WuSQ9sUKjuzoLs/lbf7fyAt +4NeqfI3rYBZXxiUOLITOGXzGNRuFoY+o2uDCfelLAJ8uhiVG6ME3LeJEo1dT5lZ8 +CSJOLPasKg0iG4V7olM4j9FvAfZr48RRsSfUen756Jo2HpI4bad8LKhFYIdNs2Au +WwKLmjpo6QB9hBmRshR04rEXPdrgTqLBExCE08PyaGYnWU8ggWritCeBzDQFj/n4 +sI+NO0Mymuvg98e5RpO52lg3Xnqv9RIK3guLFOmI6aEHC0PS4WwOEQ== -----END RSA PRIVATE KEY----- diff --git a/extra/yassl/certs/dsa1024.der b/extra/yassl/certs/dsa1024.der new file mode 100644 index 00000000000..db880d51480 Binary files /dev/null and b/extra/yassl/certs/dsa1024.der differ diff --git a/extra/yassl/certs/dsa1024.pem b/extra/yassl/certs/dsa1024.pem new file mode 100644 index 00000000000..5478ebfc2b2 --- /dev/null +++ b/extra/yassl/certs/dsa1024.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQC9Ue5KMuCKx+rG4epwxFFDzyoH4ccSwlglXsRdvqswDRK/oQvT +NNNoWiVxTn3kvQ8qDlhWy9KjGTrqr/ttgmh56FFpe6tz4yTgCNyR9D+eGclD7lNf +dPUc4E3SA6efopG6+ymI55bS+9xUFTG402UCrYSKT59zI2HBfuI6dltsxQIVAJHJ +7WDQ+jBn/nmMyCQzdi+0qJx1AoGBAJJacRK36s5yGY1b6qhxWqvpoAC+SfEKylZn +YWGYf2PM+Iwo6AgPKEw6BSsX+7Nmc4Gjyr4JWhComKi6onPamO/A2CbMM0DCxb47 +BeLBWfqWAgXVj0CODT4MQos5yugnviR/YpEgbzLxvrXr469lKWsAyB19/gFmGmQW +cCgAwGm6AoGBAJ3LY89yHyvQ/TsQ6zlYbovjbk/ogndsMqPdNUvL4RuPTgJP/caa +DDa0XJ7ak6A7TJ+QheLNwOXoZPYJC4EGFSDAXpYniGhbWIrVTCGe6lmZDfnx40WX +S0kk3m/DHaC03ElLAiybxVGxyqoUfbT3Zv1JwftWMuiqHH5uADhdXuXVAhQ01VXa +Rr8IPem35lKghVKnq/kGQw== +-----END DSA PRIVATE KEY----- diff --git a/extra/yassl/certs/dsa512.der b/extra/yassl/certs/dsa512.der deleted file mode 100644 index 027bedeffb1..00000000000 Binary files a/extra/yassl/certs/dsa512.der and /dev/null differ diff --git a/extra/yassl/certs/dsa512.pem b/extra/yassl/certs/dsa512.pem deleted file mode 100644 index 04a3dd94a77..00000000000 --- a/extra/yassl/certs/dsa512.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIH3AgEAAkEAmSlpgMk8mGhFqYL+Z+uViMW0DNYmRZUZLKAgW37faencww/zYQol -m/IhAWrNqow358pm21b0D3160Ri5Qv0bEQIVAK0lKasKnwkcwa0DIHZ/prfdTQMJ -AkASiJna59ALk5vm7jwhf5yztI2ljOI3gD8X0YFPvfBxtjIIVN2/AeKzdwZkdYoE -1nk5sQIDA8YGdOWQBQoQRhkxAkAEhKAmMXIM6E9dUxdisYDKwBZfwx7qxdmYOPm+ -VlNHaM4IIlccuw13kc9bNu3zJIKQis2QfNt3+Rctc3Pvu7mCAhQjg+e+aqykxwwc -E2V27tjDFY02uA== ------END DSA PRIVATE KEY----- diff --git a/extra/yassl/certs/server-cert.pem b/extra/yassl/certs/server-cert.pem index cfe4b7b8228..f56cba9de70 100644 --- a/extra/yassl/certs/server-cert.pem +++ b/extra/yassl/certs/server-cert.pem @@ -1,17 +1,17 @@ Certificate: Data: - Version: 1 (0x0) - Serial Number: 2 (0x2) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:27:13 2011 GMT - Not After : Jul 20 18:27:13 2014 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=yaSSL, OU=Support, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 17:20:14 2014 GMT + Not After : Apr 6 17:20:14 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: @@ -31,59 +31,74 @@ Certificate: a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: ad:d7 Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:9A:41:47:CD:A1:14:62:8C + + X509v3 Basic Constraints: + CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 71:4e:d3:62:df:cc:4c:f7:cd:b7:6e:52:0b:6c:6e:e0:bd:c2: - 2d:07:d7:c0:b0:6e:43:1e:35:bc:30:01:50:f0:ff:99:23:6c: - 18:1a:41:b6:11:d6:d4:19:61:fd:e4:77:97:1c:39:e1:57:ab: - c5:15:63:77:11:36:5e:74:e2:24:0b:1f:41:78:ad:b7:81:e7: - b4:40:66:80:f0:4b:91:a0:6d:a8:6e:3d:53:d9:8b:ce:2a:e1: - 0b:45:65:87:a1:96:ae:ee:3e:88:d5:12:1f:78:17:ae:2c:c5: - 73:44:d8:dc:f4:af:d8:cc:ae:4c:e1:0c:be:55:a4:99:f7:6e: - 96:c0:c8:45:87:bf:dc:51:57:ff:9e:73:37:6a:18:9c:c3:f9: - 22:7a:f4:b0:52:bd:fc:21:30:f8:c5:ff:1e:87:7d:ad:a2:5a: - 35:f5:22:a8:b4:0a:76:38:e6:76:b0:98:af:1b:ec:8a:0a:43: - 74:d2:85:34:37:84:07:e1:f6:23:b2:29:de:a6:b6:b7:4c:57: - 7e:96:06:cb:a9:16:25:29:3a:03:2d:55:7d:a6:8c:a4:f7:9e: - 81:c9:95:b6:7c:c1:4a:ce:94:66:0c:ca:88:eb:d2:09:f5:5b: - 19:58:82:df:27:fd:67:95:78:b7:02:06:d5:a7:61:bd:ef:3a: - fc:b2:61:cd + 3d:8c:70:05:5b:62:4b:bf:6c:b6:48:61:01:10:1d:5e:05:ba: + 55:94:2c:ae:59:6f:97:80:5d:6c:86:ec:9a:eb:15:45:44:e4: + 56:f8:75:ca:8a:45:32:f4:c7:e1:fa:f2:98:1c:91:d3:3f:e8: + 0e:c9:1b:fa:e1:79:99:67:0e:0d:6b:8a:ec:1a:2c:59:c4:34: + 04:8d:39:77:cd:b5:e9:60:5b:82:bf:34:ce:ed:c6:4f:3f:b4: + 5c:4d:8a:b4:f4:0a:04:12:a0:56:c1:e1:33:37:a1:54:87:48: + e9:81:c2:0f:8f:6f:d3:52:4c:4c:32:4c:6b:9f:3a:04:8f:77: + 5d:ad:dc:3d:2b:f2:c9:df:3c:60:5d:d8:fc:86:72:7c:3d:d0: + 84:4b:8c:df:26:43:fe:c0:cc:5b:e1:36:b3:3d:32:28:a3:ef: + 0c:20:d6:b1:50:39:d6:67:a9:8b:84:bc:92:34:eb:19:23:e8: + 10:8f:ea:bd:18:8c:93:27:3c:74:75:8e:58:04:fa:2a:74:44: + 7d:fc:4d:39:df:54:17:ba:78:e1:5d:6a:70:d3:7c:a2:80:81: + e6:19:51:91:c3:44:51:ec:bb:88:a9:53:e1:d7:a9:8c:28:f4: + 21:1c:42:51:09:b4:12:6d:a0:d6:25:09:85:c6:2a:0c:af:a7: + 58:e6:52:8b -----BEGIN CERTIFICATE----- -MIIDkDCCAngCAQIwDQYJKoZIhvcNAQEFBQAwgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wHhcNMTExMDI0MTgyNzEzWhcN -MTQwNzIwMTgyNzEzWjCBijELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB01vbnRhbmEx -EDAOBgNVBAcTB0JvemVtYW4xDjAMBgNVBAoTBXlhU1NMMRAwDgYDVQQLEwdTdXBw -b3J0MRYwFAYDVQQDEw13d3cueWFzc2wuY29tMR0wGwYJKoZIhvcNAQkBFg5pbmZv -QHlhc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFX -QfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/h -vXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4 -pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo -3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4 -D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHm -YYPF0pbf2dBPrdcCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAcU7TYt/MTPfNt25S -C2xu4L3CLQfXwLBuQx41vDABUPD/mSNsGBpBthHW1Blh/eR3lxw54VerxRVjdxE2 -XnTiJAsfQXitt4HntEBmgPBLkaBtqG49U9mLzirhC0Vlh6GWru4+iNUSH3gXrizF -c0TY3PSv2MyuTOEMvlWkmfdulsDIRYe/3FFX/55zN2oYnMP5Inr0sFK9/CEw+MX/ -Hod9raJaNfUiqLQKdjjmdrCYrxvsigpDdNKFNDeEB+H2I7Ip3qa2t0xXfpYGy6kW -JSk6Ay1VfaaMpPeegcmVtnzBSs6UZgzKiOvSCfVbGViC3yf9Z5V4twIG1adhve86 -/LJhzQ== +MIIEnjCCA4agAwIBAgIBATANBgkqhkiG9w0BAQUFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMTQwNzEx +MTcyMDE0WhcNMTcwNDA2MTcyMDE0WjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOB/DCB+TAdBgNVHQ4EFgQU +sxEyyZKYhOLJ+NA7bgNCyh8OjjwwgckGA1UdIwSBwTCBvoAUJ45nEXTDJh0/7TNj +s6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwK +Q29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcN +AQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQUFAAOCAQEAPYxwBVtiS79stkhhARAdXgW6VZQsrllvl4BdbIbs +musVRUTkVvh1yopFMvTH4frymByR0z/oDskb+uF5mWcODWuK7BosWcQ0BI05d821 +6WBbgr80zu3GTz+0XE2KtPQKBBKgVsHhMzehVIdI6YHCD49v01JMTDJMa586BI93 +Xa3cPSvyyd88YF3Y/IZyfD3QhEuM3yZD/sDMW+E2sz0yKKPvDCDWsVA51mepi4S8 +kjTrGSPoEI/qvRiMkyc8dHWOWAT6KnREffxNOd9UF7p44V1qcNN8ooCB5hlRkcNE +Uey7iKlT4depjCj0IRxCUQm0Em2g1iUJhcYqDK+nWOZSiw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: - e9:d0:a7:5f:79:25:f4:3c - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + 9a:41:47:cd:a1:14:62:8c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Validity - Not Before: Oct 24 18:18:15 2011 GMT - Not After : Jul 20 18:18:15 2014 GMT - Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.yassl.com/emailAddress=info@yassl.com + Not Before: Jul 11 03:20:08 2014 GMT + Not After : Apr 6 03:20:08 2017 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com/emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): + Public-Key: (2048 bit) + Modulus: 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: @@ -104,54 +119,55 @@ Certificate: 36:79 Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Subject Key Identifier: + X509v3 Subject Key Identifier: 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - X509v3 Authority Key Identifier: + X509v3 Authority Key Identifier: keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 - DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.yassl.com/emailAddress=info@yassl.com - serial:E9:D0:A7:5F:79:25:F4:3C + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:9A:41:47:CD:A1:14:62:8C - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption - 5f:86:14:f4:51:8b:bc:a5:4e:30:da:5e:ac:9a:f8:6c:d9:26: - 4b:93:f9:e3:1c:89:6f:9e:ee:b3:9d:77:3e:89:20:76:a3:e6: - e8:86:15:21:db:e2:33:b2:34:d5:d0:9f:f3:c1:a4:87:92:5c: - f9:d1:ff:30:2f:8e:03:bc:b3:3c:0c:32:a3:90:5f:1a:90:1e: - af:9d:f3:9e:d7:07:02:a9:7d:27:66:63:2f:af:18:d7:ac:18: - 98:8c:83:8f:38:f3:0b:ac:36:10:75:fb:ca:76:13:50:5b:02: - 8f:73:bf:e3:a0:ee:83:52:25:54:ce:26:ce:9c:bd:2f:79:ab: - 1b:60:b8:92:f1:03:c0:fc:3b:08:d9:c0:ad:d5:72:08:25:80: - 61:2d:dc:9f:a7:83:62:07:47:e0:07:4c:4b:07:30:04:a9:87: - 1c:55:7f:07:12:d0:cb:42:5d:cb:cf:66:01:1a:17:ee:f9:0f: - 60:b7:db:6f:68:e5:4e:41:62:6e:d3:6f:60:4f:4b:27:de:cf: - 18:07:f1:13:5d:cb:3f:a9:25:44:da:52:5c:c8:04:e1:56:12: - f5:2a:90:4e:d1:e2:af:01:b5:23:a1:ec:31:da:7b:63:69:c4: - b8:f3:e7:ce:a1:3d:c0:db:6d:f3:b2:d9:46:c8:9f:c3:b8:70: - 5a:1f:7f:ca + 79:78:0c:6d:79:88:91:fc:3a:15:9c:f9:27:62:16:f0:21:1f: + fa:7d:3f:a2:a8:32:1e:f7:f2:11:a9:74:16:74:5e:dc:18:ca: + f0:00:2a:d5:03:06:26:30:f1:47:83:fd:32:6e:fc:ed:aa:4f: + 7d:0c:63:60:31:2f:7c:0c:bf:99:66:87:ed:27:08:86:2d:c4: + 33:e8:98:23:1c:fe:a3:db:9a:49:4e:fc:5a:42:ef:71:c3:3f: + ad:dc:4a:a8:d2:a3:1d:09:ac:33:04:7b:86:f3:6d:00:59:a3: + c8:db:d1:3c:73:f6:0e:90:d6:5e:49:e0:bf:36:63:08:7b:a5: + b0:8f:35:3b:56:8c:11:35:49:04:1c:d0:e7:ba:56:c5:0d:0a: + 91:8d:d6:b7:62:19:34:12:52:4c:d2:6d:7c:c5:3d:0f:18:81: + 54:cb:f6:3c:e5:84:d2:d6:71:15:ec:1a:34:0b:f0:a0:21:74: + 43:c8:a3:b0:df:d9:67:da:e2:ad:93:48:f8:a0:87:bd:79:14: + e0:62:0a:df:f7:31:2e:31:7b:d1:32:2a:0a:fe:5d:14:ef:d9: + 64:50:e4:83:91:bc:70:0d:d7:88:8d:d9:bc:84:0e:c5:1a:b3: + bf:64:02:4e:51:91:a4:a2:85:15:83:af:f0:5b:9b:28:49:5f: + b2:b3:03:d8 -----BEGIN CERTIFICATE----- -MIIEnjCCA4agAwIBAgIJAOnQp195JfQ8MA0GCSqGSIb3DQEBBQUAMIGQMQswCQYD -VQQGEwJVUzEQMA4GA1UECBMHTW9udGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8G -A1UEChMIU2F3dG9vdGgxEzARBgNVBAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3 -dy55YXNzbC5jb20xHTAbBgkqhkiG9w0BCQEWDmluZm9AeWFzc2wuY29tMB4XDTEx -MTAyNDE4MTgxNVoXDTE0MDcyMDE4MTgxNVowgZAxCzAJBgNVBAYTAlVTMRAwDgYD -VQQIEwdNb250YW5hMRAwDgYDVQQHEwdCb3plbWFuMREwDwYDVQQKEwhTYXd0b290 -aDETMBEGA1UECxMKQ29uc3VsdGluZzEWMBQGA1UEAxMNd3d3Lnlhc3NsLmNvbTEd -MBsGCSqGSIb3DQEJARYOaW5mb0B5YXNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC/DMotFLIehEJbzTgfSvJNdRDxtjWf38p9A5jTrN4DZu4q -8diwfW4HVAsQmCFNgMsSIOfMT95FfclydzLqypC7aVIQAy+o85XF8YtiVhvvZ2+k -EEGVrQqb46XAsNJwdlAwW6joCCx87aeieo04KRysx+3yfJWwlYJ9SVw4zXcl772A -dVOUPD3KY1ufFbXTHRMvGdE823Y6zLh9yeXC19pAb9gh3HMbQi1TnP4a/H2rejY/ -mN6EfAVnzmoUOIep8Yy1aMtof3EgK/WgY/VWL6Mm0rdvsVoX1ziZCP6TWG/+wxNJ -CBYLp01nAFIxZyNOmO1RRR25BNkL7Ngos0u97TZ5AgMBAAGjgfgwgfUwHQYDVR0O -BBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHFBgNVHSMEgb0wgbqAFCeOZxF0wyYd -P+0zY7Ok2B0w5ejVoYGWpIGTMIGQMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHTW9u -dGFuYTEQMA4GA1UEBxMHQm96ZW1hbjERMA8GA1UEChMIU2F3dG9vdGgxEzARBgNV -BAsTCkNvbnN1bHRpbmcxFjAUBgNVBAMTDXd3dy55YXNzbC5jb20xHTAbBgkqhkiG -9w0BCQEWDmluZm9AeWFzc2wuY29tggkA6dCnX3kl9DwwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOCAQEAX4YU9FGLvKVOMNperJr4bNkmS5P54xyJb57us513 -PokgdqPm6IYVIdviM7I01dCf88Gkh5Jc+dH/MC+OA7yzPAwyo5BfGpAer53zntcH -Aql9J2ZjL68Y16wYmIyDjzjzC6w2EHX7ynYTUFsCj3O/46Dug1IlVM4mzpy9L3mr -G2C4kvEDwPw7CNnArdVyCCWAYS3cn6eDYgdH4AdMSwcwBKmHHFV/BxLQy0Jdy89m -ARoX7vkPYLfbb2jlTkFibtNvYE9LJ97PGAfxE13LP6klRNpSXMgE4VYS9SqQTtHi -rwG1I6HsMdp7Y2nEuPPnzqE9wNtt87LZRsifw7hwWh9/yg== +MIIEqjCCA5KgAwIBAgIJAJpBR82hFGKMMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTAe +Fw0xNDA3MTEwMzIwMDhaFw0xNzA0MDYwMzIwMDhaMIGUMQswCQYDVQQGEwJVUzEQ +MA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3 +dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3Ns +LmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL8Myi0Ush6EQlvNOB9K8k11EPG2NZ/fyn0D +mNOs3gNm7irx2LB9bgdUCxCYIU2AyxIg58xP3kV9yXJ3MurKkLtpUhADL6jzlcXx +i2JWG+9nb6QQQZWtCpvjpcCw0nB2UDBbqOgILHztp6J6jTgpHKzH7fJ8lbCVgn1J +XDjNdyXvvYB1U5Q8PcpjW58VtdMdEy8Z0TzbdjrMuH3J5cLX2kBv2CHccxtCLVOc +/hr8fat6Nj+Y3oR8BWfOahQ4h6nxjLVoy2h/cSAr9aBj9VYvoybSt2+xWhfXOJkI +/pNYb/7DE0kIFgunTWcAUjFnI06Y7VFFHbkE2Qvs2CizS73tNnkCAwEAAaOB/DCB ++TAdBgNVHQ4EFgQUJ45nEXTDJh0/7TNjs6TYHTDl6NUwgckGA1UdIwSBwTCBvoAU +J45nEXTDJh0/7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tggkAmkFHzaEUYowwDAYD +VR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAeXgMbXmIkfw6FZz5J2IW8CEf ++n0/oqgyHvfyEal0FnRe3BjK8AAq1QMGJjDxR4P9Mm787apPfQxjYDEvfAy/mWaH +7ScIhi3EM+iYIxz+o9uaSU78WkLvccM/rdxKqNKjHQmsMwR7hvNtAFmjyNvRPHP2 +DpDWXkngvzZjCHulsI81O1aMETVJBBzQ57pWxQ0KkY3Wt2IZNBJSTNJtfMU9DxiB +VMv2POWE0tZxFewaNAvwoCF0Q8ijsN/ZZ9rirZNI+KCHvXkU4GIK3/cxLjF70TIq +Cv5dFO/ZZFDkg5G8cA3XiI3ZvIQOxRqzv2QCTlGRpKKFFYOv8FubKElfsrMD2A== +-----END CERTIFICATE----- diff --git a/extra/yassl/certs/server-keyEnc.pem b/extra/yassl/certs/server-keyEnc.pem index 278a0946c68..e5ab57d4c9e 100644 --- a/extra/yassl/certs/server-keyEnc.pem +++ b/extra/yassl/certs/server-keyEnc.pem @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,08132C1FFF5BC8CC +DEK-Info: DES-CBC,136C7D8A69656668 -W+krChiFlNU+koE0Bep+U45OG4V4IFZv67ex6yJHgcsPd+HQ692A/h+5dYc8rdlW -2LDgSODHHIMTt6RVJDxXxXs3qFmJQbnVXeXxV209X8EfaRarh+yiMKeUP6K8hIvj -+IYRma6iKOs+d4KlcZZudGs2f/x8nhxXbmQtrLhGd4h91mnJk2sKmiz7UkUy6Qng -gOHnT2dfF4Qk2ZYsjisRHjpWZiqh40GO1LuTgUjZoH+LGhMwMwOAE6+ss5xa+yE+ -Xd9Yljm0/QW68JILkCJQjLDRvPGxDJyvYq6TT/kSElsRlI/AuRrZH1YVD3hn/xjx -tDoEB+JEbH6iu9ne2srxnGSKLzoUbb4XPaCjLIW9BJf7oANmmFQpZZQiRTyIUVWi -IE5hJciqF7ra7IwfZAW/PeWGXpzNOVN9QAvyAMsmvUCzJdxd1ySUatjhZ+mSFYGk -rDVtyrgt4ZQgV0EdJV0Yn1ZWMOk1qEKXT0JAnI+9S6Y+QEdwXmdz3xlVuq61Jvub -iJUVepnD/1QeFfWy8JwlscWpWFrkr569f3SNG+FGb6fufnUP7K6sX3urj+pj1QET -f9NmmvLBsVsbj1Egg3wnxbVHIUPky64LY04wtNJaAwhuG6mKCvaClKYMTmTCyrzP -aRwghhMQ3yHUbo2A1ZppYsXXg8lX30eW+5O77N9Q3xfP0phODHXsnXhBH09ml1JQ -MmiCaL5n6sIVcjtFmN/kyaEuz/1VrBSaDCPeW88n61UXUidXrGOZN/2c/2xFir8B -2rdE82lQLl07SJxzQQ6aJVvrc5tnbV/ENDySS5dG6Yl/w89/nuu0RFHmAweKqfGC -8m0XOkmonIk6h3YT7XrkE0b/2jkf1mMaMKrGGfRmxqNt1nGxMCJHAO/Sn9v+I9rU -W7HCZ04RTnRp1BXcqDxdwlveDKJRVfiKOSSEOpEXXlexS5R1vikmxrCwK5YVUTkT -3tgahVtHJkFHnBHBzXyHUDwWahxZaU9TO43z0JFxs0zINWUWppldf0oyWjP1FSrI -a9tXBs7aoykUY9Av9K0p4UJJU005qzD/tuegZFX34wRETJO0BJnlZHTTZSqLSVX+ -KZg4nPq8Xii1VHta3tgw7up2z1tpepsBerTsRQ1+IDpxLaIxgt9am0hXVTiMLex/ -DD9UvQC/eBUmpmWraK/Mqeq/UrPl+lmeoXsG6LWIvEp9d19rJ/3OhIJf2pDh9dC8 -NzJoNP9qOrDajAwzeeF5dbQxCaG+X8am9s4wryC0p+NrQ0tzv8efey0zBodDIOgo -F1G7+ADgHy+V565q8sdL52xx0xB9Ty5p9IOfOUbxa3K65TJf/I/QAQjl4LyTbkfr -kzpYAG2uF55EB3Eq3aMrj47pzZy0ELXXN2qYJ9Oelgl+h6MzYbmd+Wm+A2Cofv3u -7ANAyjAYN7/Lo3lTFAt7sXAXGKnqw62JNSSMkIqZVrG5dn7Jxj5AJCVyYxTrm6Y+ -DDcblX47XrWxVoVJN/dLJZ8FzWs4o/8w9Yn8U54Ci7F0g+j2f+OpDy9PGFYT9pKw -xWG8chkYE6QPilEYvdi26ZnZ3u236q9PMtyRP87NmBN2sLkj/rbBTzBxWIaGS+Mt +jvNTyPaztxPIoAzbdmZnD0Zw2+60tMxNc0GMHNmeOyG25aHP/dT+TWiKFpFVkkkY +uoCIhYUyw7gmpw+CnRJwWd+ans4nrvAjwy5oWJvarvsyUpjqvnPoIlAqd+d4TDKN +eESzcI76+gHdisAtCrQD+fGqgTZhli5TgDbnpasL/QnY2qDlutvakkVw7gPXe156 +2Phy8WN+efr65J6wt3K/dj7Datl9u4JeHQK81gYyWBVX+EagEjPGDzkFQCj9Z0q7 +8K3iB5GW1JAqJS0IfZPB40AnSTF/n1TL1SN3qfU3l7hTGNrx9o7580bgDEoAR7pI +F8eZlS15KHtZmh11AnU1KTKZ6kmgnNqeMTGMN6N0ct2wMKW1dV87eTDlF0oiR2ol +XwtFgKmrIjfpmzkdWjbJmWnGMjD56KdiFZga/ZyKMsPrVoYLgfJEpn36iQspfygx +HCGNTf0PjIsjEWU0WyQiF86t+c45W3wNFsv/AxVyfMl+su02yrd6u2ecuQDir3Cs +b2k8IKtQgVe/NIpEWLKuiHG5oedIPPQyDYK5uq+gHxCGeOoKnWlsWFEHZRiza4X5 +tbgTrJB8Sw0ENWrvVGGmQZN4pSImlsMwzQ2qik5CQ00N1b3+56/obn0z75I3bUSb +tC5g8DRjl6oclAenNgh/MYMT287y5W2dD4npxHcekX4O3J2CDXNfg4vV2j5GRxtg +LVJdYE2p7bpYePCDHrYng8b9ubBprx0CrEnkIvvtUjzNPf6VDL0+MBKl+XgR2/nz +iRqTuZnlGGOyM+KYDwXpgwfs/HfvFGksxTAlO/40GkGh+WGPaIoNyCK0SgQKhyb4 +JIkR0vd2/yLg3lWMJrGwh7A0Gm07Z/781oURP3uWd+PaCOgGcd5ipcAjcEyuxNly +AthipWqmQWUcbf6Z2N9j3OA22Hv2Uzk8HSfi9VOZtL9svdEEZ0NnOekJgnc6stQp +bXiknlK/T5WdrWxSyCfgUq68Vf6DFfIRAVuFdJ3WHT2wVXHrDfft6D+Ne/XCxPoE +8zGmkyusaph33UHQ1oNyUbLbwcDCDSmOo8gYoedD3IwxtMA3wJRugomqosItwV8X +vkgmcy8eSE/+gZUxJEN2gnLcfKFhCkC80J6oFhmoDD6vuUnPHcFdKZgVPw2rzPk5 +Vb1kX+gpORplYmKpq1vz/ujscL4T0TmYLz02hkIS4edpW55ncTTv7JWefpRiTB1J +RB3td3me4htqR+YIDWJ+emrOmqsCG2WvpAS+MTw2mj1jYk9LL/ZYobTjSCEWmuwT +yVK6m303irR7HQDauxhslRFgoK21w63viOyj5NKIU1gQtaAANGDxcgORC1XLjjgt +oNutSQA+7P42vfHSHK4cnTBXl6V32H/GyVpdHQOZqSrqIjgLmUZodSmRPROxosZF +a46B1O7m/rJFxkiKW4vod+/WqjoE0Hhfrb8rRrkRjzGeCqqSSnQ3vrunVkvF8hlA +b6FOv4ZBJL4piC1GKH+rscqke9NEiDqXN8C3iYz86jbck/Ha21yUS8T3X7N52sg+ +B3AmOGnLK6BebYeto9vZxQjacChJZSixSxLV+l9/nVQ0+mW42azHdzk0ru59TGAj -----END RSA PRIVATE KEY----- diff --git a/extra/yassl/include/buffer.hpp b/extra/yassl/include/buffer.hpp index 27f71199093..77d2ed8193c 100644 --- a/extra/yassl/include/buffer.hpp +++ b/extra/yassl/include/buffer.hpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -48,7 +48,11 @@ const uint AUTO = 0xFEEDBEEF; struct NoCheck { - void check(uint, uint); + int check(uint, uint); +}; + +struct Check { + int check(uint, uint); }; /* input_buffer operates like a smart c style array with a checking option, @@ -60,11 +64,13 @@ struct NoCheck { * write to the buffer bulk wise and have the correct size */ -class input_buffer : public NoCheck { +class input_buffer : public Check { uint size_; // number of elements in buffer uint current_; // current offset position in buffer byte* buffer_; // storage for buffer byte* end_; // end of storage marker + int error_; // error number + byte zero_; // for returning const reference to zero byte public: input_buffer(); @@ -93,6 +99,10 @@ class input_buffer : public NoCheck { uint get_remaining() const; + int get_error() const; + + void set_error(); + void set_current(uint i); // read only access through [], advance current @@ -103,7 +113,7 @@ class input_buffer : public NoCheck { bool eof(); // peek ahead - byte peek() const; + byte peek(); // write function, should use at/near construction void assign(const byte* t, uint s); diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h index d4226450660..993822d0ab0 100644 --- a/extra/yassl/include/openssl/ssl.h +++ b/extra/yassl/include/openssl/ssl.h @@ -35,7 +35,7 @@ #include "rsa.h" -#define YASSL_VERSION "2.3.0" +#define YASSL_VERSION "2.3.4" #if defined(__cplusplus) diff --git a/extra/yassl/src/buffer.cpp b/extra/yassl/src/buffer.cpp index 6f356e9fd4f..aa7224bf64e 100644 --- a/extra/yassl/src/buffer.cpp +++ b/extra/yassl/src/buffer.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,8 +32,19 @@ namespace yaSSL { -void NoCheck::check(uint, uint) +/* return 0 on check success, always true for NoCheck policy */ +int NoCheck::check(uint, uint) { + return 0; +} + +/* return 0 on check success */ +int Check::check(uint i, uint max) +{ + if (i < max) + return 0; + + return -1; } @@ -48,18 +59,20 @@ void NoCheck::check(uint, uint) input_buffer::input_buffer() - : size_(0), current_(0), buffer_(0), end_(0) + : size_(0), current_(0), buffer_(0), end_(0), error_(0), zero_(0) {} input_buffer::input_buffer(uint s) - : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s) + : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s), + error_(0), zero_(0) {} // with assign input_buffer::input_buffer(uint s, const byte* t, uint len) - : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s) + : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s), + error_(0), zero_(0) { assign(t, len); } @@ -74,8 +87,10 @@ input_buffer::~input_buffer() // users can pass defualt zero length buffer and then allocate void input_buffer::allocate(uint s) { - buffer_ = NEW_YS byte[s]; - end_ = buffer_ + s; + if (error_ == 0) { + buffer_ = NEW_YS byte[s]; + end_ = buffer_ + s; + } } @@ -90,40 +105,67 @@ byte* input_buffer::get_buffer() const // if you know the size before the write use assign() void input_buffer::add_size(uint i) { - check(size_ + i-1, get_capacity()); - size_ += i; + if (error_ == 0 && check(size_ + i-1, get_capacity()) == 0) + size_ += i; + else + error_ = -1; } uint input_buffer::get_capacity() const { - return (uint) (end_ - buffer_); + if (error_ == 0) + return end_ - buffer_; + + return 0; } uint input_buffer::get_current() const { - return current_; + if (error_ == 0) + return current_; + + return 0; } uint input_buffer::get_size() const { - return size_; + if (error_ == 0) + return size_; + + return 0; } uint input_buffer::get_remaining() const { - return size_ - current_; + if (error_ == 0) + return size_ - current_; + + return 0; +} + + +int input_buffer::get_error() const +{ + return error_; +} + + +void input_buffer::set_error() +{ + error_ = -1; } void input_buffer::set_current(uint i) { - if (i) - check(i - 1, size_); - current_ = i; + if (error_ == 0 && i && check(i - 1, size_) == 0) + current_ = i; + else + error_ = -1; } @@ -131,40 +173,59 @@ void input_buffer::set_current(uint i) // user passes in AUTO index for ease of use const byte& input_buffer::operator[](uint i) { - check(current_, size_); - return buffer_[current_++]; + if (error_ == 0 && check(current_, size_) == 0) + return buffer_[current_++]; + + error_ = -1; + return zero_; } // end of input test bool input_buffer::eof() { + if (error_ != 0) + return true; + return current_ >= size_; } // peek ahead -byte input_buffer::peek() const +byte input_buffer::peek() { - return buffer_[current_]; + if (error_ == 0 && check(current_, size_) == 0) + return buffer_[current_]; + + error_ = -1; + return 0; } // write function, should use at/near construction void input_buffer::assign(const byte* t, uint s) { - check(current_, get_capacity()); - add_size(s); - memcpy(&buffer_[current_], t, s); + if (t && error_ == 0 && check(current_, get_capacity()) == 0) { + add_size(s); + if (error_ == 0) { + memcpy(&buffer_[current_], t, s); + return; // success + } + } + + error_ = -1; } // use read to query input, adjusts current void input_buffer::read(byte* dst, uint length) { - check(current_ + length - 1, size_); - memcpy(dst, &buffer_[current_], length); - current_ += length; + if (dst && error_ == 0 && check(current_ + length - 1, size_) == 0) { + memcpy(dst, &buffer_[current_], length); + current_ += length; + } else { + error_ = -1; + } } diff --git a/extra/yassl/src/handshake.cpp b/extra/yassl/src/handshake.cpp index 058f8596546..33303b1106d 100644 --- a/extra/yassl/src/handshake.cpp +++ b/extra/yassl/src/handshake.cpp @@ -522,7 +522,7 @@ void buildSHA_CertVerify(SSL& ssl, byte* digest) // some clients still send sslv2 client hello void ProcessOldClientHello(input_buffer& input, SSL& ssl) { - if (input.get_remaining() < 2) { + if (input.get_error() || input.get_remaining() < 2) { ssl.SetError(bad_input); return; } @@ -549,20 +549,24 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl) byte len[2]; - input.read(len, sizeof(len)); + len[0] = input[AUTO]; + len[1] = input[AUTO]; ato16(len, ch.suite_len_); - input.read(len, sizeof(len)); + len[0] = input[AUTO]; + len[1] = input[AUTO]; uint16 sessionLen; ato16(len, sessionLen); ch.id_len_ = sessionLen; - input.read(len, sizeof(len)); + len[0] = input[AUTO]; + len[1] = input[AUTO]; uint16 randomLen; ato16(len, randomLen); - if (ch.suite_len_ > MAX_SUITE_SZ || sessionLen > ID_LEN || - randomLen > RAN_LEN) { + if (input.get_error() || ch.suite_len_ > MAX_SUITE_SZ || + ch.suite_len_ > input.get_remaining() || + sessionLen > ID_LEN || randomLen > RAN_LEN) { ssl.SetError(bad_input); return; } @@ -580,13 +584,12 @@ void ProcessOldClientHello(input_buffer& input, SSL& ssl) ch.suite_len_ = j; if (ch.id_len_) - input.read(ch.session_id_, ch.id_len_); + input.read(ch.session_id_, ch.id_len_); // id_len_ from sessionLen if (randomLen < RAN_LEN) memset(ch.random_, 0, RAN_LEN - randomLen); input.read(&ch.random_[RAN_LEN - randomLen], randomLen); - ch.Process(input, ssl); } @@ -787,6 +790,9 @@ int DoProcessReply(SSL& ssl) ssl.verifyState(hdr); } + if (ssl.GetError()) + return 0; + // make sure we have enough input in buffer to process this record if (needHdr || hdr.length_ > buffer.get_remaining()) { // put header in front for next time processing @@ -799,6 +805,9 @@ int DoProcessReply(SSL& ssl) while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) { // each message in record, can be more than 1 if not encrypted + if (ssl.GetError()) + return 0; + if (ssl.getSecurity().get_parms().pending_ == false) { // cipher on // sanity check for malicious/corrupted/illegal input if (buffer.get_remaining() < hdr.length_) { diff --git a/extra/yassl/src/yassl_imp.cpp b/extra/yassl/src/yassl_imp.cpp index db960d307ff..a924cdbd829 100644 --- a/extra/yassl/src/yassl_imp.cpp +++ b/extra/yassl/src/yassl_imp.cpp @@ -220,16 +220,26 @@ void DH_Server::build(SSL& ssl) // read PreMaster secret and decrypt, server side void EncryptedPreMasterSecret::read(SSL& ssl, input_buffer& input) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + const CertManager& cert = ssl.getCrypto().get_certManager(); RSA rsa(cert.get_privateKey(), cert.get_privateKeyLength(), false); uint16 cipherLen = rsa.get_cipherLength(); if (ssl.isTLS()) { byte len[2]; - input.read(len, sizeof(len)); + len[0] = input[AUTO]; + len[1] = input[AUTO]; ato16(len, cipherLen); } alloc(cipherLen); input.read(secret_, length_); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } opaque preMasterSecret[SECRET_LEN]; rsa.decrypt(preMasterSecret, secret_, length_, @@ -277,6 +287,11 @@ void EncryptedPreMasterSecret::alloc(int sz) // read client's public key, server side void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input) { + if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) { + ssl.SetError(bad_input); + return; + } + DiffieHellman& dh = ssl.useCrypto().use_dh(); uint16 keyLength; @@ -287,6 +302,10 @@ void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input) alloc(keyLength); input.read(Yc_, keyLength); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } dh.makeAgreement(Yc_, keyLength); // because of encoding, first byte might be 0, don't use for preMaster @@ -331,6 +350,10 @@ void ClientDiffieHellmanPublic::alloc(int sz, bool offset) // read server's p, g, public key and sig, client side void DH_Server::read(SSL& ssl, input_buffer& input) { + if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) { + ssl.SetError(bad_input); + return; + } uint16 length, messageTotal = 6; // pSz + gSz + pubSz byte tmp[2]; @@ -341,6 +364,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input) messageTotal += length; input.read(parms_.alloc_p(length), length); + if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) { + ssl.SetError(bad_input); + return; + } // g tmp[0] = input[AUTO]; @@ -349,6 +376,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input) messageTotal += length; input.read(parms_.alloc_g(length), length); + if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) { + ssl.SetError(bad_input); + return; + } // pub tmp[0] = input[AUTO]; @@ -357,12 +388,20 @@ void DH_Server::read(SSL& ssl, input_buffer& input) messageTotal += length; input.read(parms_.alloc_pub(length), length); + if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) { + ssl.SetError(bad_input); + return; + } // save message for hash verify input_buffer message(messageTotal); input.set_current(input.get_current() - messageTotal); input.read(message.get_buffer(), messageTotal); message.add_size(messageTotal); + if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) { + ssl.SetError(bad_input); + return; + } // signature tmp[0] = input[AUTO]; @@ -371,6 +410,10 @@ void DH_Server::read(SSL& ssl, input_buffer& input) signature_ = NEW_YS byte[length]; input.read(signature_, length); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } // verify signature byte hash[FINISHED_SZ]; @@ -645,6 +688,10 @@ void HandShakeHeader::Process(input_buffer& input, SSL& ssl) { ssl.verifyState(*this); if (ssl.GetError()) return; + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } const HandShakeFactory& hsf = ssl.getFactory().getHandShake(); mySTL::auto_ptr hs(hsf.CreateObject(type_)); if (!hs.get()) { @@ -810,8 +857,13 @@ uint16 ChangeCipherSpec::get_length() const // CipherSpec processing handler -void ChangeCipherSpec::Process(input_buffer&, SSL& ssl) +void ChangeCipherSpec::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + ssl.useSecurity().use_parms().pending_ = false; if (ssl.getSecurity().get_resuming()) { if (ssl.getSecurity().get_parms().entity_ == client_end) @@ -873,6 +925,11 @@ output_buffer& operator<<(output_buffer& output, const Alert& a) // Alert processing handler void Alert::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + if (ssl.getSecurity().get_parms().pending_ == false) { // encrypted alert int aSz = get_length(); // alert size already read on input opaque verify[SHA_LEN]; @@ -890,12 +947,19 @@ void Alert::Process(input_buffer& input, SSL& ssl) if (ssl.getSecurity().get_parms().cipher_type_ == block) { int ivExtra = 0; + opaque fill; if (ssl.isTLSv1_1()) ivExtra = ssl.getCrypto().get_cipher().get_blockSize(); int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra - aSz - digestSz; - input.set_current(input.get_current() + padSz); + for (int i = 0; i < padSz; i++) + fill = input[AUTO]; + } + + if (input.get_error()) { + ssl.SetError(bad_input); + return; } // verify @@ -1112,6 +1176,11 @@ static int timing_verify(SSL& ssl, const byte* input, int padLen, int t, // Process handler for Data void Data::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + int msgSz = ssl.getSecurity().get_parms().encrypt_size_; int pad = 0, padSz = 0; int ivExtra = 0; @@ -1154,7 +1223,7 @@ void Data::Process(input_buffer& input, SSL& ssl) int dataSz = msgSz - ivExtra - digestSz - pad - padSz; - if (dataSz < 0) { + if (dataSz < 0 || dataSz > (MAX_RECORD_SIZE + COMPRESS_EXTRA)) { ssl.SetError(bad_input); return; } @@ -1180,6 +1249,10 @@ void Data::Process(input_buffer& input, SSL& ssl) // advance past mac and fill input.set_current(input.get_current() + digestSz + pad + padSz); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } } @@ -1244,6 +1317,11 @@ output_buffer& operator<<(output_buffer& output, const Certificate& cert) // certificate processing handler void Certificate::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + CertManager& cm = ssl.useCrypto().use_certManager(); uint32 list_sz; @@ -1412,6 +1490,10 @@ input_buffer& operator>>(input_buffer& input, ServerHello& hello) // Session hello.id_len_ = input[AUTO]; + if (hello.id_len_ > ID_LEN) { + input.set_error(); + return input; + } if (hello.id_len_) input.read(hello.session_id_, hello.id_len_); @@ -1452,8 +1534,13 @@ output_buffer& operator<<(output_buffer& output, const ServerHello& hello) // Server Hello processing handler -void ServerHello::Process(input_buffer&, SSL& ssl) +void ServerHello::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + if (ssl.GetMultiProtocol()) { // SSLv23 support if (ssl.isTLS() && server_version_.minor_ < 1) // downgrade to SSLv3 @@ -1547,8 +1634,12 @@ const opaque* ServerHello::get_random() const // Server Hello Done processing handler -void ServerHelloDone::Process(input_buffer&, SSL& ssl) +void ServerHelloDone::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } ssl.useStates().useClient() = serverHelloDoneComplete; } @@ -1667,8 +1758,13 @@ output_buffer& operator<<(output_buffer& output, const ClientHello& hello) // Client Hello processing handler -void ClientHello::Process(input_buffer&, SSL& ssl) +void ClientHello::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + // store version for pre master secret ssl.useSecurity().use_connection().chVersion_ = client_version_; @@ -1800,9 +1896,17 @@ output_buffer& operator<<(output_buffer& output, const ServerKeyExchange& sk) // Server Key Exchange processing handler void ServerKeyExchange::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } createKey(ssl); if (ssl.GetError()) return; server_key_->read(ssl, input); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } ssl.useStates().useClient() = serverKeyExchangeComplete; } @@ -1924,18 +2028,24 @@ input_buffer& operator>>(input_buffer& input, CertificateRequest& request) { // types request.typeTotal_ = input[AUTO]; + if (request.typeTotal_ > CERT_TYPES) { + input.set_error(); + return input; + } for (int i = 0; i < request.typeTotal_; i++) request.certificate_types_[i] = ClientCertificateType(input[AUTO]); - byte tmp[REQUEST_HEADER]; - input.read(tmp, sizeof(tmp)); + byte tmp[2]; + tmp[0] = input[AUTO]; + tmp[1] = input[AUTO]; uint16 sz; ato16(tmp, sz); // authorities while (sz) { uint16 dnSz; - input.read(tmp, sizeof(tmp)); + tmp[0] = input[AUTO]; + tmp[1] = input[AUTO]; ato16(tmp, dnSz); DistinguishedName dn; @@ -1945,6 +2055,9 @@ input_buffer& operator>>(input_buffer& input, CertificateRequest& request) input.read(&dn[REQUEST_HEADER], dnSz); sz -= dnSz + REQUEST_HEADER; + + if (input.get_error()) + break; } return input; @@ -1983,8 +2096,12 @@ output_buffer& operator<<(output_buffer& output, // CertificateRequest processing handler -void CertificateRequest::Process(input_buffer&, SSL& ssl) +void CertificateRequest::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } CertManager& cm = ssl.useCrypto().use_certManager(); cm.setSendVerify(); @@ -2067,7 +2184,8 @@ output_buffer& CertificateVerify::get(output_buffer& out) const input_buffer& operator>>(input_buffer& input, CertificateVerify& request) { byte tmp[VERIFY_HEADER]; - input.read(tmp, sizeof(tmp)); + tmp[0] = input[AUTO]; + tmp[1] = input[AUTO]; uint16 sz = 0; ato16(tmp, sz); @@ -2091,8 +2209,13 @@ output_buffer& operator<<(output_buffer& output, // CertificateVerify processing handler -void CertificateVerify::Process(input_buffer&, SSL& ssl) +void CertificateVerify::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } + const Hashes& hashVerify = ssl.getHashes().get_certVerify(); const CertManager& cert = ssl.getCrypto().get_certManager(); @@ -2131,9 +2254,17 @@ output_buffer& operator<<(output_buffer& output, const ClientKeyExchange& ck) // Client Key Exchange processing handler void ClientKeyExchange::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } createKey(ssl); if (ssl.GetError()) return; client_key_->read(ssl, input); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } if (ssl.getCrypto().get_certManager().verifyPeer()) build_certHashes(ssl, ssl.useHashes().use_certVerify()); @@ -2220,11 +2351,19 @@ output_buffer& operator<<(output_buffer& output, const Finished& fin) // Finished processing handler void Finished::Process(input_buffer& input, SSL& ssl) { + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } // verify hashes const Finished& verify = ssl.getHashes().get_verify(); uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ; input.read(hashes_.md5_, finishedSz); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } if (memcmp(&hashes_, &verify.hashes_, finishedSz)) { ssl.SetError(verify_error); @@ -2246,19 +2385,23 @@ void Finished::Process(input_buffer& input, SSL& ssl) opaque mac[SHA_LEN]; // max size int digestSz = ssl.getCrypto().get_digest().get_digestSize(); input.read(mac, digestSz); + if (input.get_error()) { + ssl.SetError(bad_input); + return; + } uint ivExtra = 0; if (ssl.getSecurity().get_parms().cipher_type_ == block) if (ssl.isTLSv1_1()) ivExtra = ssl.getCrypto().get_cipher().get_blockSize(); + opaque fill; int padSz = ssl.getSecurity().get_parms().encrypt_size_ - ivExtra - HANDSHAKE_HEADER - finishedSz - digestSz; - input.set_current(input.get_current() + padSz); - - // verify mac - if (memcmp(mac, verifyMAC, digestSz)) { - ssl.SetError(verify_error); + for (int i = 0; i < padSz; i++) + fill = input[AUTO]; + if (input.get_error()) { + ssl.SetError(bad_input); return; } diff --git a/extra/yassl/src/yassl_int.cpp b/extra/yassl/src/yassl_int.cpp index 73f8f2330c5..3acc2c123ba 100644 --- a/extra/yassl/src/yassl_int.cpp +++ b/extra/yassl/src/yassl_int.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -2534,8 +2534,9 @@ ASN1_STRING* StringHolder::GetString() int DeCompress(input_buffer& in, int sz, input_buffer& out) { byte tmp[LENGTH_SZ]; - - in.read(tmp, sizeof(tmp)); + + tmp[0] = in[AUTO]; + tmp[1] = in[AUTO]; uint16 len; ato16(tmp, len); diff --git a/extra/yassl/taocrypt/include/asn.hpp b/extra/yassl/taocrypt/include/asn.hpp index daf1000bde9..c7d01d00323 100644 --- a/extra/yassl/taocrypt/include/asn.hpp +++ b/extra/yassl/taocrypt/include/asn.hpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -111,7 +111,7 @@ enum Constants MAX_LENGTH_SZ = 5, MAX_SEQ_SZ = 5, // enum(seq|con) + length(4) MAX_ALGO_SIZE = 9, - MAX_DIGEST_SZ = 25, // SHA + enum(Bit or Octet) + length(4) + MAX_DIGEST_SZ = 69, // SHA512 + enum(Bit or Octet) + length(4) DSA_SIG_SZ = 40, ASN_NAME_MAX = 512 // max total of all included names }; @@ -257,8 +257,11 @@ typedef STL::list SignerList; enum ContentType { HUH = 651 }; -enum SigType { SHAwDSA = 517, MD2wRSA = 646, MD5wRSA = 648, SHAwRSA =649}; -enum HashType { MD2h = 646, MD5h = 649, SHAh = 88 }; +enum SigType { SHAwDSA = 517, MD2wRSA = 646, MD5wRSA = 648, SHAwRSA = 649, + SHA256wRSA = 655, SHA384wRSA = 656, SHA512wRSA = 657, + SHA256wDSA = 416 }; +enum HashType { MD2h = 646, MD5h = 649, SHAh = 88, SHA256h = 414, SHA384h = 415, + SHA512h = 416 }; enum KeyType { DSAk = 515, RSAk = 645 }; // sums of algo OID diff --git a/extra/yassl/taocrypt/include/block.hpp b/extra/yassl/taocrypt/include/block.hpp index d7a69211e02..4f58c82ffcc 100644 --- a/extra/yassl/taocrypt/include/block.hpp +++ b/extra/yassl/taocrypt/include/block.hpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -74,7 +74,7 @@ typename A::pointer StdReallocate(A& a, T* p, typename A::size_type oldSize, if (preserve) { A b = A(); typename A::pointer newPointer = b.allocate(newSize, 0); - memcpy(newPointer, p, sizeof(T) * min((word32) oldSize, (word32) newSize)); + memcpy(newPointer, p, sizeof(T) * min(oldSize, newSize)); a.deallocate(p, oldSize); STL::swap(a, b); return newPointer; @@ -186,9 +186,9 @@ class Block { ~Block() { allocator_.deallocate(buffer_, sz_); } private: + A allocator_; word32 sz_; // size in Ts T* buffer_; - A allocator_; }; diff --git a/extra/yassl/taocrypt/include/integer.hpp b/extra/yassl/taocrypt/include/integer.hpp index 68f3c4bbf39..75a3ee3d3df 100644 --- a/extra/yassl/taocrypt/include/integer.hpp +++ b/extra/yassl/taocrypt/include/integer.hpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -47,7 +47,7 @@ #ifdef TAOCRYPT_X86ASM_AVAILABLE #if defined(__GNUC__) && (__GNUC__ >= 4) - // GCC 4 or greater optimizes too much inline on recursive for bigint, + // GCC 4 or greater optimizes too much inline on recursive for bigint, // -O3 just as fast without asm here anyway #undef TAOCRYPT_X86ASM_AVAILABLE #endif diff --git a/extra/yassl/taocrypt/include/pwdbased.hpp b/extra/yassl/taocrypt/include/pwdbased.hpp index 9025cc1a50c..cf4dff5cee6 100644 --- a/extra/yassl/taocrypt/include/pwdbased.hpp +++ b/extra/yassl/taocrypt/include/pwdbased.hpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,6 +16,7 @@ MA 02110-1301 USA. */ + /* pwdbased.hpp defines PBKDF2 from PKCS #5 */ @@ -48,10 +49,7 @@ word32 PBKDF2_HMAC::DeriveKey(byte* derived, word32 dLen, const byte* pwd, word32 pLen, const byte* salt, word32 sLen, word32 iterations) const { - if (dLen > MaxDerivedKeyLength()) - return 0; - - if (iterations < 0) + if (dLen > MaxDerivedKeyLength()) return 0; ByteBlock buffer(T::DIGEST_SIZE); diff --git a/extra/yassl/taocrypt/include/runtime.hpp b/extra/yassl/taocrypt/include/runtime.hpp index ef7ce092cde..4c7436251fd 100644 --- a/extra/yassl/taocrypt/include/runtime.hpp +++ b/extra/yassl/taocrypt/include/runtime.hpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -34,7 +34,10 @@ // Handler for pure virtual functions namespace __Crun { - void pure_error(void); + static void pure_error(void) + { + // "Pure virtual method called, Aborted", GCC 4.2 str cmp fix + } } // namespace __Crun #endif // __sun @@ -48,7 +51,15 @@ extern "C" { #if defined(DO_TAOCRYPT_KERNEL_MODE) #include "kernelc.hpp" #endif - int __cxa_pure_virtual () __attribute__ ((weak)); + +/* Disallow inline __cxa_pure_virtual() */ +static int __cxa_pure_virtual() __attribute__((noinline, used)); +static int __cxa_pure_virtual() +{ + // oops, pure virtual called! + return 0; +} + } // extern "C" #endif // __GNUC__ > 2 diff --git a/extra/yassl/taocrypt/include/sha.hpp b/extra/yassl/taocrypt/include/sha.hpp index d1f9607f8de..cf6d0d09a1d 100644 --- a/extra/yassl/taocrypt/include/sha.hpp +++ b/extra/yassl/taocrypt/include/sha.hpp @@ -1,6 +1,5 @@ /* - Copyright (C) 2000-2007 MySQL AB - Use is subject to license terms + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -159,6 +158,12 @@ class SHA384 : public HASH64withTransform { void Transform(); }; +enum { MAX_SHA2_DIGEST_SIZE = 64 }; // SHA512 + +#else + +enum { MAX_SHA2_DIGEST_SIZE = 32 }; // SHA256 + #endif // WORD64_AVAILABLE diff --git a/extra/yassl/taocrypt/src/aes.cpp b/extra/yassl/taocrypt/src/aes.cpp index d04ef69c19f..ee4c7a6e8a1 100644 --- a/extra/yassl/taocrypt/src/aes.cpp +++ b/extra/yassl/taocrypt/src/aes.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -66,7 +66,7 @@ void AES::Process(byte* out, const byte* in, word32 sz) in += BLOCK_SIZE; } } - else { + else { while (blocks--) { AsmDecrypt(in, out, (void*)Td0); @@ -79,8 +79,8 @@ void AES::Process(byte* out, const byte* in, word32 sz) out += BLOCK_SIZE; in += BLOCK_SIZE; } - } - } + } + } } #endif // DO_AES_ASM @@ -466,14 +466,13 @@ void AES::decrypt(const byte* inBlock, const byte* xorBlock, "movd mm7, ebp;" \ "movd mm4, eax;" \ "mov ebp, edx;" \ - "sub esp, 4;" - + "sub esp, 4;" #define EPILOG() \ "add esp, 4;" \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "c" (this), "S" (inBlock), "d" (boxes), "a" (outBlock) \ : "%edi", "memory", "cc" \ @@ -834,9 +833,9 @@ void AES::AsmEncrypt(const byte* inBlock, byte* outBlock, void* boxes) const #ifdef _MSC_VER - __declspec(naked) + __declspec(naked) #else - __attribute__ ((noinline)) + __attribute__ ((noinline)) #endif void AES::AsmDecrypt(const byte* inBlock, byte* outBlock, void* boxes) const { diff --git a/extra/yassl/taocrypt/src/algebra.cpp b/extra/yassl/taocrypt/src/algebra.cpp index b4086522124..ef59bfbbc56 100644 --- a/extra/yassl/taocrypt/src/algebra.cpp +++ b/extra/yassl/taocrypt/src/algebra.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -186,10 +186,10 @@ Integer AbstractGroup::CascadeScalarMultiply(const Element &x, struct WindowSlider { - WindowSlider(const Integer &expIn, bool fastNegateIn, + WindowSlider(const Integer &exp, bool fastNegate, unsigned int windowSizeIn=0) - : exp(expIn), windowModulus(Integer::One()), windowSize(windowSizeIn), - windowBegin(0), fastNegate(fastNegateIn), firstTime(true), + : exp(exp), windowModulus(Integer::One()), windowSize(windowSizeIn), + windowBegin(0), fastNegate(fastNegate), firstTime(true), finished(false) { if (windowSize == 0) diff --git a/extra/yassl/taocrypt/src/arc4.cpp b/extra/yassl/taocrypt/src/arc4.cpp index f5794ec2566..10a3a7d6ffc 100644 --- a/extra/yassl/taocrypt/src/arc4.cpp +++ b/extra/yassl/taocrypt/src/arc4.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -121,12 +121,11 @@ void ARC4::AsmProcess(byte* out, const byte* in, word32 length) "push ebx;" \ "push ebp;" \ "mov ebp, eax;" - #define EPILOG() \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "c" (this), "D" (out), "S" (in), "a" (length) \ : "%edx", "memory", "cc" \ @@ -180,7 +179,7 @@ void ARC4::AsmProcess(byte* out, const byte* in, word32 length) #ifdef _MSC_VER AS1( loopStart: ) // loopStart #else - AS1( 0: ) // loopStart for some gas (need numeric for jump back + AS1( 0: ) // loopStart for some gas (need numeric for jump back #endif // y = (y+a) & 0xff; @@ -232,7 +231,7 @@ void ARC4::AsmProcess(byte* out, const byte* in, word32 length) AS1( nothing: ) - // inline adjust + // inline adjust AS2( add esp, 4 ) // fix room on stack EPILOG() diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp index ad054809879..544e9518da8 100644 --- a/extra/yassl/taocrypt/src/asn.cpp +++ b/extra/yassl/taocrypt/src/asn.cpp @@ -1,6 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. - Use is subject to license terms. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -761,7 +760,7 @@ void CertDecoder::GetName(NameType nt) while (source_.get_index() < length) { GetSet(); if (source_.GetError().What() == SET_E) { - source_.SetError(NO_ERROR_E); // extensions may only have sequence + source_.SetError(NO_ERROR_E); // extensions may only have sequence source_.prev(); } GetSequence(); @@ -832,10 +831,8 @@ void CertDecoder::GetName(NameType nt) if (source_.IsLeft(length) == false) return; if (email) { - if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) { - source_.SetError(CONTENT_E); - return; - } + if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) + return; } source_.advance(length); @@ -972,12 +969,26 @@ bool CertDecoder::ConfirmSignature(Source& pub) hasher.reset(NEW_TC SHA); ht = SHAh; } + else if (signatureOID_ == SHA256wRSA || signatureOID_ == SHA256wDSA) { + hasher.reset(NEW_TC SHA256); + ht = SHA256h; + } +#ifdef WORD64_AVAILABLE + else if (signatureOID_ == SHA384wRSA) { + hasher.reset(NEW_TC SHA384); + ht = SHA384h; + } + else if (signatureOID_ == SHA512wRSA) { + hasher.reset(NEW_TC SHA512); + ht = SHA512h; + } +#endif else { source_.SetError(UNKOWN_SIG_E); return false; } - byte digest[SHA::DIGEST_SIZE]; // largest size + byte digest[MAX_SHA2_DIGEST_SIZE]; // largest size hasher->Update(source_.get_buffer() + certBegin_, sigIndex_ - certBegin_); hasher->Final(digest); @@ -1050,6 +1061,12 @@ word32 DER_Encoder::SetAlgoID(HashType aOID, byte* output) 0x02, 0x05, 0x05, 0x00 }; static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02, 0x05, 0x00}; + static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, 0x05, 0x00 }; + static const byte sha384AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00 }; + static const byte sha512AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00 }; int algoSz = 0; const byte* algoName = 0; @@ -1060,6 +1077,21 @@ word32 DER_Encoder::SetAlgoID(HashType aOID, byte* output) algoName = shaAlgoID; break; + case SHA256h: + algoSz = sizeof(sha256AlgoID); + algoName = sha256AlgoID; + break; + + case SHA384h: + algoSz = sizeof(sha384AlgoID); + algoName = sha384AlgoID; + break; + + case SHA512h: + algoSz = sizeof(sha512AlgoID); + algoName = sha512AlgoID; + break; + case MD2h: algoSz = sizeof(md2AlgoID); algoName = md2AlgoID; diff --git a/extra/yassl/taocrypt/src/blowfish.cpp b/extra/yassl/taocrypt/src/blowfish.cpp index 5cfd81e369c..9491c93040e 100644 --- a/extra/yassl/taocrypt/src/blowfish.cpp +++ b/extra/yassl/taocrypt/src/blowfish.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -237,8 +237,8 @@ void Blowfish::ProcessAndXorBlock(const byte* in, const byte* xOr, byte* out) #define EPILOG() \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "c" (this), "S" (inBlock), "a" (outBlock) \ : "%edi", "%edx", "memory", "cc" \ @@ -291,7 +291,7 @@ void Blowfish::ProcessAndXorBlock(const byte* in, const byte* xOr, byte* out) #ifdef _MSC_VER - __declspec(naked) + __declspec(naked) #else __attribute__ ((noinline)) #endif diff --git a/extra/yassl/taocrypt/src/des.cpp b/extra/yassl/taocrypt/src/des.cpp index b52a83a38c6..673c21ed207 100644 --- a/extra/yassl/taocrypt/src/des.cpp +++ b/extra/yassl/taocrypt/src/des.cpp @@ -1,6 +1,5 @@ /* - Copyright (C) 2000-2007 MySQL AB - Use is subject to license terms + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -642,9 +641,9 @@ void DES_EDE3::ProcessAndXorBlock(const byte* in, const byte* xOr, #ifdef _MSC_VER - __declspec(naked) + __declspec(naked) #else - __attribute__ ((noinline)) + __attribute__ ((noinline)) #endif void DES_EDE3::AsmProcess(const byte* in, byte* out, void* box) const { @@ -664,8 +663,8 @@ void DES_EDE3::AsmProcess(const byte* in, byte* out, void* box) const #define EPILOG() \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "d" (this), "S" (in), "a" (box), "c" (out) \ : "%edi", "memory", "cc" \ diff --git a/extra/yassl/taocrypt/src/integer.cpp b/extra/yassl/taocrypt/src/integer.cpp index c981b1bf786..2d85ee01a3f 100644 --- a/extra/yassl/taocrypt/src/integer.cpp +++ b/extra/yassl/taocrypt/src/integer.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -56,9 +56,8 @@ #endif #elif defined(_MSC_VER) && defined(_M_IX86) /* #pragma message("You do not seem to have the Visual C++ Processor Pack ") - #pragma message("installed, so use of SSE2 intrinsics will be disabled.") -*/ #pragma message("installed, so use of SSE2 intrinsics will be disabled.") +*/ #elif defined(__GNUC__) && defined(__i386__) /* #warning You do not have GCC 3.3 or later, or did not specify the -msse2 \ compiler option. Use of SSE2 intrinsics will be disabled. @@ -282,7 +281,12 @@ DWord() {} word GetHighHalfAsBorrow() const {return 0-halfs_.high;} private: - struct dword_struct + union + { + #ifdef TAOCRYPT_NATIVE_DWORD_AVAILABLE + dword whole_; + #endif + struct { #ifdef LITTLE_ENDIAN_ORDER word low; @@ -291,14 +295,7 @@ DWord() {} word high; word low; #endif - }; - - union - { - #ifdef TAOCRYPT_NATIVE_DWORD_AVAILABLE - dword whole_; - #endif - struct dword_struct halfs_; + } halfs_; }; }; @@ -1201,24 +1198,20 @@ class LowLevel : public PentiumOptimized #define AS1(x) #x ";" #define AS2(x, y) #x ", " #y ";" #define AddPrologue \ - word res; \ __asm__ __volatile__ \ ( \ "push %%ebx;" /* save this manually, in case of -fPIC */ \ - "mov %3, %%ebx;" \ + "mov %2, %%ebx;" \ ".intel_syntax noprefix;" \ "push ebp;" #define AddEpilogue \ "pop ebp;" \ ".att_syntax prefix;" \ "pop %%ebx;" \ - "mov %%eax, %0;" \ - : "=g" (res) \ + : \ : "c" (C), "d" (A), "m" (B), "S" (N) \ : "%edi", "memory", "cc" \ - ); \ - return res; - + ); #define MulPrologue \ __asm__ __volatile__ \ ( \ diff --git a/extra/yassl/taocrypt/src/md5.cpp b/extra/yassl/taocrypt/src/md5.cpp index e9a9e8fe517..45cfa8a3322 100644 --- a/extra/yassl/taocrypt/src/md5.cpp +++ b/extra/yassl/taocrypt/src/md5.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -223,7 +223,7 @@ void MD5::Update(const byte* data, word32 len) #ifdef _MSC_VER - __declspec(naked) + __declspec(naked) #else __attribute__ ((noinline)) #endif @@ -242,8 +242,8 @@ void MD5::AsmTransform(const byte* data, word32 times) #define EPILOG() \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "c" (this), "D" (data), "a" (times) \ : "%esi", "%edx", "memory", "cc" \ @@ -297,7 +297,7 @@ void MD5::AsmTransform(const byte* data, word32 times) #ifdef _MSC_VER AS1( loopStart: ) // loopStart #else - AS1( 0: ) // loopStart for some gas (need numeric for jump back + AS1( 0: ) // loopStart for some gas (need numeric for jump back #endif // set up diff --git a/extra/yassl/taocrypt/src/misc.cpp b/extra/yassl/taocrypt/src/misc.cpp index b576d3d59d2..fd9e8b92c1d 100644 --- a/extra/yassl/taocrypt/src/misc.cpp +++ b/extra/yassl/taocrypt/src/misc.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -84,17 +84,7 @@ namespace STL = STL_NAMESPACE; } -#ifdef __sun - -// Handler for pure virtual functions -namespace __Crun { - void pure_error() { - } -} - -#endif - -#if defined(__ICC) || defined(__INTEL_COMPILER) || (__GNUC__ > 2) +#if defined(__ICC) || defined(__INTEL_COMPILER) extern "C" { @@ -175,6 +165,14 @@ word Crop(word value, unsigned int size) #ifdef TAOCRYPT_X86ASM_AVAILABLE +#ifndef _MSC_VER + static jmp_buf s_env; + static void SigIllHandler(int) + { + longjmp(s_env, 1); + } +#endif + bool HaveCpuId() { diff --git a/extra/yassl/taocrypt/src/rabbit.cpp b/extra/yassl/taocrypt/src/rabbit.cpp index 89e6a207a1b..5e32f383493 100644 --- a/extra/yassl/taocrypt/src/rabbit.cpp +++ b/extra/yassl/taocrypt/src/rabbit.cpp @@ -1,15 +1,15 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. - + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, @@ -236,7 +236,7 @@ void Rabbit::Process(byte* output, const byte* input, word32 msglen) NextState(Work); /* Generate 16 bytes of pseudo-random data */ - tmp[0] = LITTLE32(workCtx_.x[0] ^ + tmp[0] = LITTLE32(workCtx_.x[0] ^ (workCtx_.x[5]>>16) ^ U32V(workCtx_.x[3]<<16)); tmp[1] = LITTLE32(workCtx_.x[2] ^ (workCtx_.x[7]>>16) ^ U32V(workCtx_.x[5]<<16)); diff --git a/extra/yassl/taocrypt/src/random.cpp b/extra/yassl/taocrypt/src/random.cpp index 084871c5447..4b89b5b32c5 100644 --- a/extra/yassl/taocrypt/src/random.cpp +++ b/extra/yassl/taocrypt/src/random.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -27,6 +27,7 @@ #include #if defined(_WIN32) + #define _WIN32_WINNT 0x0400 #include #include #else diff --git a/extra/yassl/taocrypt/src/ripemd.cpp b/extra/yassl/taocrypt/src/ripemd.cpp index b670a9eca86..5d03dc61cd6 100644 --- a/extra/yassl/taocrypt/src/ripemd.cpp +++ b/extra/yassl/taocrypt/src/ripemd.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -507,6 +507,8 @@ void RIPEMD160::Transform() #ifdef _MSC_VER __declspec(naked) +#else + __attribute__ ((noinline)) #endif void RIPEMD160::AsmTransform(const byte* data, word32 times) { @@ -520,12 +522,11 @@ void RIPEMD160::AsmTransform(const byte* data, word32 times) ".intel_syntax noprefix;" \ "push ebx;" \ "push ebp;" - #define EPILOG() \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "c" (this), "D" (data), "d" (times) \ : "%esi", "%eax", "memory", "cc" \ @@ -571,7 +572,7 @@ void RIPEMD160::AsmTransform(const byte* data, word32 times) #ifdef _MSC_VER AS1( loopStart: ) // loopStart #else - AS1( 0: ) // loopStart for some gas (need numeric for jump back + AS1( 0: ) // loopStart for some gas (need numeric for jump back #endif AS2( movd mm2, edx ) // store times_ @@ -830,7 +831,7 @@ void RIPEMD160::AsmTransform(const byte* data, word32 times) AS1( jnz 0b ) // loopStart #endif - // inline adjust + // inline adjust AS2( add esp, 24 ) // fix room on stack EPILOG() diff --git a/extra/yassl/taocrypt/src/sha.cpp b/extra/yassl/taocrypt/src/sha.cpp index 0d3491eb83d..4206f7f64ea 100644 --- a/extra/yassl/taocrypt/src/sha.cpp +++ b/extra/yassl/taocrypt/src/sha.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -776,12 +776,11 @@ void SHA::AsmTransform(const byte* data, word32 times) ".intel_syntax noprefix;" \ "push ebx;" \ "push ebp;" - #define EPILOG() \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "c" (this), "D" (data), "a" (times) \ : "%esi", "%edx", "memory", "cc" \ @@ -830,7 +829,7 @@ void SHA::AsmTransform(const byte* data, word32 times) #ifdef _MSC_VER AS1( loopStart: ) // loopStart #else - AS1( 0: ) // loopStart for some gas (need numeric for jump back + AS1( 0: ) // loopStart for some gas (need numeric for jump back #endif // byte reverse 16 words of input, 4 at a time, put on stack for W[] @@ -1022,7 +1021,7 @@ void SHA::AsmTransform(const byte* data, word32 times) AS1( jnz 0b ) // loopStart #endif - // inline adjust + // inline adjust AS2( add esp, 68 ) // fix room on stack EPILOG() diff --git a/extra/yassl/taocrypt/src/twofish.cpp b/extra/yassl/taocrypt/src/twofish.cpp index 3a93ac11476..3051af21513 100644 --- a/extra/yassl/taocrypt/src/twofish.cpp +++ b/extra/yassl/taocrypt/src/twofish.cpp @@ -1,5 +1,5 @@ /* - Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -285,12 +285,11 @@ void Twofish::decrypt(const byte* inBlock, const byte* xorBlock, "push ebp;" \ "movd mm3, eax;" \ "movd mm6, ebp;" - #define EPILOG() \ "pop ebp;" \ "pop ebx;" \ - "emms;" \ - ".att_syntax;" \ + "emms;" \ + ".att_syntax;" \ : \ : "D" (this), "S" (inBlock), "a" (outBlock) \ : "%ecx", "%edx", "memory", "cc" \ @@ -479,7 +478,7 @@ void Twofish::AsmEncrypt(const byte* inBlock, byte* outBlock) const AS2( movd ebp, mm6 ) AS2( movd esi, mm0 ) // k_ #ifdef __GNUC__ - AS2( movd edi, mm3 ) // outBlock + AS2( movd edi, mm3 ) // outBlock #else AS2( mov edi, [ebp + 12] ) // outBlock #endif @@ -500,7 +499,7 @@ void Twofish::AsmEncrypt(const byte* inBlock, byte* outBlock) const #ifdef _MSC_VER - __declspec(naked) + __declspec(naked) #else __attribute__ ((noinline)) #endif @@ -551,7 +550,7 @@ void Twofish::AsmDecrypt(const byte* inBlock, byte* outBlock) const AS2( movd ebp, mm6 ) AS2( movd esi, mm0 ) // k_ #ifdef __GNUC__ - AS2( movd edi, mm3 ) // outBlock + AS2( movd edi, mm3 ) // outBlock #else AS2( mov edi, [ebp + 12] ) // outBlock #endif diff --git a/mysql-test/r/ctype_cp932.result b/mysql-test/r/ctype_cp932.result new file mode 100644 index 00000000000..4b170ee4c9b --- /dev/null +++ b/mysql-test/r/ctype_cp932.result @@ -0,0 +1,35 @@ +# +# Bug #11755818 LIKE DOESN'T MATCH WHEN CP932_BIN/SJIS_BIN COLLATIONS ARE +# USED. +# +SET @old_character_set_client= @@character_set_client; +SET @old_character_set_connection= @@character_set_connection; +SET @old_character_set_results= @@character_set_results; +SET character_set_client= 'utf8'; +SET character_set_connection= 'utf8'; +SET character_set_results= 'utf8'; +CREATE TABLE t1 (a VARCHAR(10) COLLATE cp932_bin); +INSERT INTO t1 VALUES('カカ'); +SELECT * FROM t1 WHERE a LIKE '%カ'; +a +カカ +SELECT * FROM t1 WHERE a LIKE '_カ'; +a +カカ +SELECT * FROM t1 WHERE a LIKE '%_カ'; +a +カカ +ALTER TABLE t1 MODIFY a VARCHAR(100) COLLATE sjis_bin; +SELECT * FROM t1 WHERE a LIKE '%カ'; +a +カカ +SELECT * FROM t1 WHERE a LIKE '_カ'; +a +カカ +SELECT * FROM t1 WHERE a LIKE '%_カ'; +a +カカ +DROP TABLE t1; +SET @@character_set_client= @old_character_set_client; +SET @@character_set_connection= @old_character_set_connection; +SET @@character_set_results= @old_character_set_results; diff --git a/mysql-test/r/log_errchk.result b/mysql-test/r/log_errchk.result new file mode 100644 index 00000000000..407fba2323e --- /dev/null +++ b/mysql-test/r/log_errchk.result @@ -0,0 +1,10 @@ +call mtr.add_suppression("Could not use"); +# Case 1: Setting fife file to general_log_file and slow_query_log_file +# system variable. +SET GLOBAL general_log_file="MYSQLTEST_VARDIR/tmp/general_log.fifo";; +ERROR 42000: Variable 'general_log_file' can't be set to the value of 'MYSQLTEST_VARDIR/tmp/general_log.fifo' +SET GLOBAL slow_query_log_file="MYSQLTEST_VARDIR/tmp/slow_log.fifo";; +ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of 'MYSQLTEST_VARDIR/tmp/slow_log.fifo' +# Case 2: Starting server with fifo file as general log file +# and slow query log file. +Setting fifo file as general log file and slow query log failed. diff --git a/mysql-test/suite/innodb/r/foreign-keys.result b/mysql-test/suite/innodb/r/foreign-keys.result new file mode 100644 index 00000000000..be8d27b152c --- /dev/null +++ b/mysql-test/suite/innodb/r/foreign-keys.result @@ -0,0 +1,16 @@ +# +# Bug #19471516 SERVER CRASHES WHEN EXECUTING ALTER TABLE +# ADD FOREIGN KEY +# +CREATE TABLE `department` (`department_id` INT, `department_people_fk` INT, +PRIMARY KEY (`department_id`)) engine=innodb; +CREATE TABLE `title` (`title_id` INT, `title_manager_fk` INT, +`title_reporter_fk` INT, PRIMARY KEY (`title_id`)); +CREATE TABLE `people` (`people_id` INT, PRIMARY KEY (`people_id`)); +ALTER TABLE `department` ADD FOREIGN KEY (`department_people_fk`) REFERENCES +`people` (`people_id`); +ALTER TABLE `title` ADD FOREIGN KEY (`title_manager_fk`) REFERENCES `people` +(`people_id`); +ALTER TABLE `title` ADD FOREIGN KEY (`title_reporter_fk`) REFERENCES `people` +(`people_id`); +drop table title, department, people; diff --git a/mysql-test/suite/innodb/t/foreign-keys.test b/mysql-test/suite/innodb/t/foreign-keys.test new file mode 100644 index 00000000000..45642cf28a7 --- /dev/null +++ b/mysql-test/suite/innodb/t/foreign-keys.test @@ -0,0 +1,26 @@ +--source include/have_innodb.inc +--source include/have_debug.inc + +--echo # +--echo # Bug #19471516 SERVER CRASHES WHEN EXECUTING ALTER TABLE +--echo # ADD FOREIGN KEY +--echo # + +CREATE TABLE `department` (`department_id` INT, `department_people_fk` INT, +PRIMARY KEY (`department_id`)) engine=innodb; + +CREATE TABLE `title` (`title_id` INT, `title_manager_fk` INT, +`title_reporter_fk` INT, PRIMARY KEY (`title_id`)); + +CREATE TABLE `people` (`people_id` INT, PRIMARY KEY (`people_id`)); + +ALTER TABLE `department` ADD FOREIGN KEY (`department_people_fk`) REFERENCES +`people` (`people_id`); + +ALTER TABLE `title` ADD FOREIGN KEY (`title_manager_fk`) REFERENCES `people` +(`people_id`); + +ALTER TABLE `title` ADD FOREIGN KEY (`title_reporter_fk`) REFERENCES `people` +(`people_id`); + +drop table title, department, people; diff --git a/mysql-test/t/ctype_cp932.test b/mysql-test/t/ctype_cp932.test new file mode 100644 index 00000000000..96a2666f69b --- /dev/null +++ b/mysql-test/t/ctype_cp932.test @@ -0,0 +1,29 @@ +-- source include/have_cp932.inc +--echo # +--echo # Bug #11755818 LIKE DOESN'T MATCH WHEN CP932_BIN/SJIS_BIN COLLATIONS ARE +--echo # USED. +--echo # + +SET @old_character_set_client= @@character_set_client; +SET @old_character_set_connection= @@character_set_connection; +SET @old_character_set_results= @@character_set_results; +SET character_set_client= 'utf8'; +SET character_set_connection= 'utf8'; +SET character_set_results= 'utf8'; + +CREATE TABLE t1 (a VARCHAR(10) COLLATE cp932_bin); +INSERT INTO t1 VALUES('カカ'); +SELECT * FROM t1 WHERE a LIKE '%カ'; +SELECT * FROM t1 WHERE a LIKE '_カ'; +SELECT * FROM t1 WHERE a LIKE '%_カ'; + +ALTER TABLE t1 MODIFY a VARCHAR(100) COLLATE sjis_bin; +SELECT * FROM t1 WHERE a LIKE '%カ'; +SELECT * FROM t1 WHERE a LIKE '_カ'; +SELECT * FROM t1 WHERE a LIKE '%_カ'; +DROP TABLE t1; + +## Reset to initial values +SET @@character_set_client= @old_character_set_client; +SET @@character_set_connection= @old_character_set_connection; +SET @@character_set_results= @old_character_set_results; diff --git a/mysql-test/t/log_errchk.test b/mysql-test/t/log_errchk.test new file mode 100644 index 00000000000..6a213fa3cee --- /dev/null +++ b/mysql-test/t/log_errchk.test @@ -0,0 +1,65 @@ +# +--source include/not_windows.inc +--source include/force_restart.inc +--source include/not_embedded.inc + +# +# Bug#14757009 : WHEN THE GENERAL_LOG IS A SOCKET AND THE READER GOES AWAY, +# MYSQL QUITS WORKING. +# +call mtr.add_suppression("Could not use"); + +--let $gen_log_file= $MYSQLTEST_VARDIR/tmp/general_log.fifo +--let $slow_query_log_file= $MYSQLTEST_VARDIR/tmp/slow_log.fifo +--let GREP_FILE=$MYSQLTEST_VARDIR/log/mysqld.1.err + +--exec mkfifo $gen_log_file +--exec mkfifo $slow_query_log_file + +--echo # Case 1: Setting fife file to general_log_file and slow_query_log_file +--echo # system variable. +# Only regular files can be set to general log. Setting fifo file to general log +# reports an error. +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--error ER_WRONG_VALUE_FOR_VAR +--eval SET GLOBAL general_log_file="$gen_log_file"; + +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--error ER_WRONG_VALUE_FOR_VAR +--eval SET GLOBAL slow_query_log_file="$slow_query_log_file"; + +--echo # Case 2: Starting server with fifo file as general log file +--echo # and slow query log file. +# Restart server with fifo file as general log file. +--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect +--shutdown_server 60 +--source include/wait_until_disconnected.inc +--enable_reconnect +# Write file to make mysql-test-run.pl start up the server again +--exec echo "restart: --general-log-file=$gen_log_file --slow-query-log-file=$slow_query_log_file" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect +--source include/wait_until_connected_again.inc + +# With fix error should be reported in the error log file if file is not a +# regular file. +--perl + my $file= $ENV{'GREP_FILE'}; + my $pattern= "Turning logging off for the whole duration"; + open(FILE, "$file") or die("Unable to open $file: $!\n"); + my $count = 0; + while () { + if ($_ =~ m/$pattern/) { + $count++; + break; + } + } + if ($count >= 2){ + print "Setting fifo file as general log file and slow query log failed.\n"; + } else { + print "test failed.\n"; + } + close(FILE); +EOF + +# Cleanup +--remove_file $gen_log_file +--remove_file $slow_query_log_file diff --git a/packaging/rpm-oel/mysql.spec.in b/packaging/rpm-oel/mysql.spec.in index ba57515678c..d8cf49fe993 100644 --- a/packaging/rpm-oel/mysql.spec.in +++ b/packaging/rpm-oel/mysql.spec.in @@ -85,7 +85,7 @@ Name: mysql-%{product_suffix} Summary: A very fast and reliable SQL database server Group: Applications/Databases Version: @VERSION@ -Release: 4%{?commercial:.1}%{?dist} +Release: 2%{?commercial:.1}%{?dist} License: Copyright (c) 2000, @MYSQL_COPYRIGHT_YEAR@, %{mysql_vendor}. All rights reserved. Under %{?license_type} license as shown in the Description field. Source0: https://cdn.mysql.com/Downloads/MySQL-@MYSQL_BASE_VERSION@/%{src_dir}.tar.gz URL: http://www.mysql.com/ @@ -156,8 +156,8 @@ Requires: net-tools Provides: MySQL-server-advanced%{?_isa} = %{version}-%{release} Obsoletes: MySQL-server-advanced < %{version}-%{release} Obsoletes: mysql-community-server < %{version}-%{release} -Requires: mysql-enterprise-client%{?_isa} = %{version}-%{release} -Requires: mysql-enterprise-common%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-client%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-common%{?_isa} = %{version}-%{release} %else Provides: MySQL-server%{?_isa} = %{version}-%{release} Requires: mysql-community-client%{?_isa} = %{version}-%{release} @@ -169,6 +169,8 @@ Obsoletes: mariadb-server Obsoletes: mariadb-galera-server Provides: mysql-server = %{version}-%{release} Provides: mysql-server%{?_isa} = %{version}-%{release} +Provides: mysql-compat-server = %{version}-%{release} +Provides: mysql-compat-server%{?_isa} = %{version}-%{release} %if 0%{?systemd} Requires(post): systemd Requires(preun): systemd @@ -207,7 +209,7 @@ Group: Applications/Databases Provides: MySQL-client-advanced%{?_isa} = %{version}-%{release} Obsoletes: MySQL-client-advanced < %{version}-%{release} Obsoletes: mysql-community-client < %{version}-%{release} -Requires: mysql-enterprise-libs%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-libs%{?_isa} = %{version}-%{release} %else Provides: MySQL-client%{?_isa} = %{version}-%{release} Requires: mysql-community-libs%{?_isa} = %{version}-%{release} @@ -246,7 +248,7 @@ Group: Applications/Databases Provides: MySQL-test-advanced%{?_isa} = %{version}-%{release} Obsoletes: MySQL-test-advanced < %{version}-%{release} Obsoletes: mysql-community-test < %{version}-%{release} -Requires: mysql-enterprise-server%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-server%{?_isa} = %{version}-%{release} %else Provides: MySQL-test%{?_isa} = %{version}-%{release} Requires: mysql-community-server%{?_isa} = %{version}-%{release} @@ -268,7 +270,7 @@ Summary: MySQL benchmark suite Group: Applications/Databases %if 0%{?commercial} Obsoletes: mysql-community-bench < %{version}-%{release} -Requires: mysql-enterprise-server%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-server%{?_isa} = %{version}-%{release} %else Requires: mysql-community-server%{?_isa} = %{version}-%{release} %endif @@ -289,7 +291,7 @@ Group: Applications/Databases Provides: MySQL-devel-advanced%{?_isa} = %{version}-%{release} Obsoletes: MySQL-devel-advanced < %{version}-%{release} Obsoletes: mysql-community-devel < %{version}-%{release} -Requires: mysql-enterprise-libs%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-libs%{?_isa} = %{version}-%{release} %else Provides: MySQL-devel%{?_isa} = %{version}-%{release} Requires: mysql-community-libs%{?_isa} = %{version}-%{release} @@ -311,7 +313,7 @@ Group: Applications/Databases Provides: MySQL-shared-advanced%{?_isa} = %{version}-%{release} Obsoletes: MySQL-shared-advanced < %{version}-%{release} Obsoletes: mysql-community-libs < %{version}-%{release} -Requires: mysql-enterprise-common%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-common%{?_isa} = %{version}-%{release} %else Provides: MySQL-shared%{?_isa} = %{version}-%{release} Requires: mysql-community-common%{?_isa} = %{version}-%{release} @@ -337,7 +339,7 @@ Provides: mysql-libs-compat%{?_isa} = %{version}-%{release} Provides: MySQL-shared-compat-advanced%{?_isa} = %{version}-%{release} Obsoletes: MySQL-shared-compat-advanced < %{version}-%{release} Obsoletes: mysql-community-libs-compat < %{version}-%{release} -Requires: mysql-enterprise-libs%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-libs%{?_isa} = %{version}-%{release} %else Provides: MySQL-shared-compat%{?_isa} = %{version}-%{release} Requires: mysql-community-libs%{?_isa} = %{version}-%{release} @@ -359,7 +361,7 @@ Group: Applications/Databases Provides: MySQL-embedded-advanced%{?_isa} = %{version}-%{release} Obsoletes: MySQL-embedded-advanced < %{version}-%{release} Obsoletes: mysql-community-embedded < %{version}-%{release} -Requires: mysql-enterprise-common%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-common%{?_isa} = %{version}-%{release} %else Provides: MySQL-embedded%{?_isa} = %{version}-%{release} Requires: mysql-community-common%{?_isa} = %{version}-%{release} @@ -387,8 +389,8 @@ Summary: Development header files and libraries for MySQL as an embeddabl Group: Applications/Databases %if 0%{?commercial} Obsoletes: mysql-community-embedded-devel < %{version}-%{release} -Requires: mysql-enterprise-devel%{?_isa} = %{version}-%{release} -Requires: mysql-enterprise-embedded%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-devel%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-embedded%{?_isa} = %{version}-%{release} %else Requires: mysql-community-devel%{?_isa} = %{version}-%{release} Requires: mysql-community-embedded%{?_isa} = %{version}-%{release} @@ -407,9 +409,9 @@ the embedded version of the MySQL server. Summary: Convenience package for easy upgrades of MySQL package set Group: Applications/Databases %if 0%{?commercial} -Requires: mysql-enterprise-client%{?_isa} = %{version}-%{release} -Requires: mysql-enterprise-libs%{?_isa} = %{version}-%{release} -Requires: mysql-enterprise-libs-compat%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-client%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-libs%{?_isa} = %{version}-%{release} +Requires: mysql-commercial-libs-compat%{?_isa} = %{version}-%{release} %else Requires: mysql-community-client%{?_isa} = %{version}-%{release} Requires: mysql-community-libs%{?_isa} = %{version}-%{release} @@ -911,6 +913,9 @@ fi %endif %changelog +* Tue Jul 22 2014 Balasubramanian Kandasamy - 5.5.39-5 +- Provide mysql-compat-server dependencies + * Tue Jul 08 2014 Balasubramanian Kandasamy - 5.5.39-4 - Remove perl(GD) and dtrace dependencies diff --git a/scripts/mysql_system_tables_fix.sql b/scripts/mysql_system_tables_fix.sql index ccf28eb475c..42d95a8b635 100644 --- a/scripts/mysql_system_tables_fix.sql +++ b/scripts/mysql_system_tables_fix.sql @@ -669,6 +669,23 @@ DROP TABLE tmp_proxies_priv; -- ALTER TABLE user ADD max_statement_time int(11) unsigned DEFAULT 0 NOT NULL; +-- Checking for any duplicate hostname and username combination are exists. +-- If exits we will throw error. +DROP PROCEDURE IF EXISTS mysql.count_duplicate_host_names; +DELIMITER // +CREATE PROCEDURE mysql.count_duplicate_host_names() +BEGIN + SET @duplicate_hosts=(SELECT count(*) FROM mysql.user GROUP BY user, lower(host) HAVING count(*) > 1 LIMIT 1); + IF @duplicate_hosts > 1 THEN + SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Multiple accounts exist for @user_name, @host_name that differ only in Host lettercase; remove all except one of them'; + END IF; +END // +DELIMITER ; +CALL mysql.count_duplicate_host_names(); +-- Get warnings (if any) +SHOW WARNINGS; +DROP PROCEDURE mysql.count_duplicate_host_names; + # Convering the host name to lower case for existing users UPDATE user SET host=LOWER( host ) WHERE LOWER( host ) <> host; diff --git a/sql-common/client.c b/sql-common/client.c index f2c091261b4..850daa38750 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -1909,6 +1909,12 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c DBUG_RETURN(1); } + if (X509_V_OK != SSL_get_verify_result(ssl)) + { + *errptr= "Failed to verify the server certificate"; + X509_free(server_cert); + DBUG_RETURN(1); + } /* We already know that the certificate exchanged was valid; the SSL library handled that. Now we need to verify that the contents of the certificate diff --git a/sql/item.cc b/sql/item.cc index ccef2b6321a..96f15b92a54 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1,5 +1,5 @@ /* - Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -5143,6 +5143,18 @@ enum_field_types Item::field_type() const } +/** + Verifies that the input string is well-formed according to its character set. + @param send_error If true, call my_error if string is not well-formed. + + Will truncate input string if it is not well-formed. + + @return + If well-formed: input string. + If not well-formed: + if strict mode: NULL pointer and we set this Item's value to NULL + if not strict mode: input string truncated up to last good character + */ String *Item::check_well_formed_result(String *str, bool send_error) { /* Check whether we got a well-formed string */ @@ -5229,7 +5241,7 @@ bool Item::eq_by_collation(Item *item, bool binary_cmp, CHARSET_INFO *cs) If max_length > CONVERT_IF_BIGGER_TO_BLOB create a blob @n If max_length > 0 create a varchar @n - If max_length == 0 create a CHAR(0) + If max_length == 0 create a CHAR(0) (or VARCHAR(0) if we are grouping) @param table Table for which the field is created */ @@ -5247,8 +5259,19 @@ Field *Item::make_string_field(TABLE *table) field= new Field_varstring(max_length, maybe_null, name, table->s, collation.collation); else - field= new Field_string(max_length, maybe_null, name, - collation.collation); + { + /* + marker == 4 : see create_tmp_table() + With CHAR(0) end_update() may write garbage into the next field. + */ + if (max_length == 0 && marker == 4 && maybe_null && + field_type() == MYSQL_TYPE_VAR_STRING && type() != Item::TYPE_HOLDER) + field= new Field_varstring(max_length, maybe_null, name, table->s, + collation.collation); + else + field= new Field_string(max_length, maybe_null, name, + collation.collation); + } if (field) field->init(table); return field; diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index bc7d488a41d..eab8b4ddb00 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -2814,6 +2814,16 @@ String *Item_func_rpad::val_str(String *str) rpad->set_charset(&my_charset_bin); } +#ifdef USE_MB + if (use_mb(rpad->charset())) + { + // This will chop off any trailing illegal characters from rpad. + String *well_formed_pad= args[2]->check_well_formed_result(rpad, false); + if (!well_formed_pad) + goto err; + } +#endif + if (count <= (res_char_length= res->numchars())) { // String to pad is big enough res->length(res->charpos((int) count)); // Shorten result if longer @@ -2917,6 +2927,16 @@ String *Item_func_lpad::val_str(String *str) pad->set_charset(&my_charset_bin); } +#ifdef USE_MB + if (use_mb(pad->charset())) + { + // This will chop off any trailing illegal characters from pad. + String *well_formed_pad= args[2]->check_well_formed_result(pad, false); + if (!well_formed_pad) + goto err; + } +#endif + res_char_length= res->numchars(); if (count <= res_char_length) diff --git a/sql/log.cc b/sql/log.cc index 342e226b2b3..71584169f82 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -2318,6 +2318,7 @@ bool MYSQL_LOG::open( const char *new_name, enum cache_type io_cache_type_arg) { char buff[FN_REFLEN]; + MY_STAT f_stat; File file= -1; int open_flags= O_CREAT | O_BINARY; DBUG_ENTER("MYSQL_LOG::open"); @@ -2335,6 +2336,10 @@ bool MYSQL_LOG::open( log_type_arg, io_cache_type_arg)) goto err; + /* File is regular writable file */ + if (my_stat(log_file_name, &f_stat, MYF(0)) && !MY_S_ISREG(f_stat.st_mode)) + goto err; + if (io_cache_type == SEQ_READ_APPEND) open_flags |= O_RDWR | O_APPEND; else diff --git a/sql/mysqld.cc b/sql/mysqld.cc index f0fdb0f22b0..0428a8bb86c 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -7173,6 +7173,9 @@ mysqld_get_one_option(int optid, test_flags= argument ? (uint) atoi(argument) : 0; opt_endinfo=1; break; + case OPT_THREAD_CONCURRENCY: + WARN_DEPRECATED_NO_REPLACEMENT(NULL, "THREAD_CONCURRENCY"); + break; case (int) OPT_ISAM_LOG: opt_myisam_log=1; break; diff --git a/sql/mysqld.h b/sql/mysqld.h index d371195e6d2..e3bed35578d 100644 --- a/sql/mysqld.h +++ b/sql/mysqld.h @@ -441,6 +441,7 @@ enum options_mysqld OPT_SSL_CERT, OPT_SSL_CIPHER, OPT_SSL_KEY, + OPT_THREAD_CONCURRENCY, OPT_UPDATE_LOG, OPT_WANT_CORE, OPT_ENGINE_CONDITION_PUSHDOWN, diff --git a/sql/sql_priv.h b/sql/sql_priv.h index 970b921d6e6..523220b3c03 100644 --- a/sql/sql_priv.h +++ b/sql/sql_priv.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -59,6 +59,33 @@ (Old), (New)); \ } while(0) + +/* + Generates a warning that a feature is deprecated and there is no replacement. + + Using it as + + WARN_DEPRECATED_NO_REPLACEMENT(thd, "BAD"); + + Will result in a warning + + "'BAD' is deprecated and will be removed in a future release." + + Note that in macro arguments BAD is not quoted. +*/ + +#define WARN_DEPRECATED_NO_REPLACEMENT(Thd,Old) \ + do { \ + if (((THD *) Thd) != NULL) \ + push_warning_printf(((THD *) Thd), MYSQL_ERROR::WARN_LEVEL_WARN, \ + ER_WARN_DEPRECATED_SYNTAX_NO_REPLACEMENT, \ + ER(ER_WARN_DEPRECATED_SYNTAX_NO_REPLACEMENT), \ + (Old)); \ + else \ + sql_print_warning("'%s' is deprecated and will be removed " \ + "in a future release.", (Old)); \ + } while(0) + /*************************************************************************/ #endif diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 0aed0aa1d3b..e400ed8fb63 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -1863,7 +1863,8 @@ static Sys_var_ulong Sys_thread_concurrency( "the desired number of threads that should be run at the same time." "This variable has no effect, and is deprecated. " "It will be removed in a future release.", - READ_ONLY GLOBAL_VAR(concurrency), CMD_LINE(REQUIRED_ARG), + READ_ONLY GLOBAL_VAR(concurrency), + CMD_LINE(REQUIRED_ARG, OPT_THREAD_CONCURRENCY), VALID_RANGE(1, 512), DEFAULT(DEFAULT_CONCURRENCY), BLOCK_SIZE(1), NO_MUTEX_GUARD, NOT_IN_BINLOG, ON_CHECK(0), ON_UPDATE(0), DEPRECATED("")); diff --git a/storage/innobase/buf/buf0buf.c b/storage/innobase/buf/buf0buf.c index c36b3ed8b29..a42ed0b51b6 100644 --- a/storage/innobase/buf/buf0buf.c +++ b/storage/innobase/buf/buf0buf.c @@ -3636,6 +3636,7 @@ buf_page_io_complete( " because of" " a corrupt database page.\n", stderr); + ut_error; } } diff --git a/storage/innobase/dict/dict0dict.c b/storage/innobase/dict/dict0dict.c index 4ed0051b77a..0e4691658d5 100644 --- a/storage/innobase/dict/dict0dict.c +++ b/storage/innobase/dict/dict0dict.c @@ -1123,6 +1123,11 @@ dict_table_rename_in_cache( /* The id will be changed. So remove old one */ rbt_delete(foreign->foreign_table->foreign_rbt, foreign->id); + if (foreign->referenced_table) { + rbt_delete(foreign->referenced_table->referenced_rbt, + foreign->id); + } + if (ut_strlen(foreign->foreign_table_name) < ut_strlen(table->name)) { /* Allocate a longer name buffer; @@ -1273,6 +1278,11 @@ dict_table_rename_in_cache( rbt_insert(foreign->foreign_table->foreign_rbt, foreign->id, &foreign); + if (foreign->referenced_table) { + rbt_insert(foreign->referenced_table->referenced_rbt, + foreign->id, &foreign); + } + foreign = UT_LIST_GET_NEXT(foreign_list, foreign); } @@ -5364,6 +5374,11 @@ dict_find_table_by_space( ut_ad(space_id > 0); + if (dict_sys == NULL) { + /* This could happen when it's in redo processing. */ + return(NULL); + } + table = UT_LIST_GET_FIRST(dict_sys->table_LRU); num_item = UT_LIST_GET_LEN(dict_sys->table_LRU); diff --git a/storage/innobase/row/row0ins.c b/storage/innobase/row/row0ins.c index 544f6f1ee46..8e0f098074b 100644 --- a/storage/innobase/row/row0ins.c +++ b/storage/innobase/row/row0ins.c @@ -1702,6 +1702,7 @@ row_ins_scan_sec_index_for_duplicate( do { const rec_t* rec = btr_pcur_get_rec(&pcur); const buf_block_t* block = btr_pcur_get_block(&pcur); + const ulint lock_type = LOCK_ORDINARY; if (page_rec_is_infimum(rec)) { diff --git a/strings/ctype-mb.c b/strings/ctype-mb.c index 258613d3b05..02373304672 100644 --- a/strings/ctype-mb.c +++ b/strings/ctype-mb.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1044,7 +1044,7 @@ static int my_wildcmp_mb_bin_impl(CHARSET_INFO *cs, } if (*wildstr == w_many) { /* Found w_many */ - uchar cmp; + int cmp; const char* mb = wildstr; int mb_len=0; diff --git a/strings/decimal.c b/strings/decimal.c index 39dff0723b9..4f5528fcccc 100644 --- a/strings/decimal.c +++ b/strings/decimal.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2004, 2014, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -2322,7 +2322,7 @@ static int do_div_mod(const decimal_t *from1, const decimal_t *from2, error=E_DEC_TRUNCATED; goto done; } - stop1=start1+frac0; + stop1= start1 + frac0 + intg0; frac0+=intg0; to->intg=0; while (intg0++ < 0) diff --git a/support-files/mysql.spec.sh b/support-files/mysql.spec.sh index 3a4ea2b8a3d..8788c771ed8 100644 --- a/support-files/mysql.spec.sh +++ b/support-files/mysql.spec.sh @@ -33,7 +33,7 @@ %global mysqld_group mysql %global mysqldatadir /var/lib/mysql -%global release 2 +%global release 1 # @@ -152,9 +152,9 @@ %else %if %(test -f /etc/oracle-release && echo 1 || echo 0) %define elver %(rpm -qf --qf '%%{version}\\n' /etc/oracle-release | sed -e 's/^\\([0-9]*\\).*/\\1/g') - %if "%elver" == "6" - %define distro_description Oracle Linux 6 - %define distro_releasetag el6 + %if "%elver" == "6" || "%elver" == "7" + %define distro_description Oracle Linux %elver + %define distro_releasetag el%elver %define distro_buildreq gcc-c++ ncurses-devel perl readline-devel time zlib-devel cmake libaio-devel %define distro_requires chkconfig coreutils grep procps shadow-utils net-tools %else @@ -265,6 +265,7 @@ Packager: Twitter MySQL team Vendor: %{package_vendor} Provides: msqlormysql MySQL-server BuildRequires: %{distro_buildreq} +%{?el7:Patch0: mysql-5.5-libmysqlclient-symbols.patch} # Regression tests may take a long time, override the default to skip them %{!?runselftest:%global runselftest 1} @@ -457,7 +458,8 @@ and applications need to dynamically load and use MySQL. ############################################################################## %prep %setup -T -a 0 -c -n %{src_dir} - +pushd %{src_dir} +%{?el7:%patch0 -p1} ############################################################################## %build @@ -568,6 +570,8 @@ install -d $RBR%{_libdir} install -d $RBR%{_mandir} install -d $RBR%{_sbindir} +mkdir -p $RBR%{_sysconfdir}/my.cnf.d + # Install all binaries ( cd $MBD/release @@ -1105,6 +1109,7 @@ echo "=====" >> $STATUS_HISTORY %doc %attr(644, root, man) %{_mandir}/man1/resolveip.1* %ghost %config(noreplace,missingok) %{_sysconfdir}/my.cnf +%dir %{_sysconfdir}/my.cnf.d %attr(755, root, root) %{_bindir}/innochecksum %attr(755, root, root) %{_bindir}/my_print_defaults