Commit 01dca16d authored by Joerg Bruehe's avatar Joerg Bruehe

Further upgrade the yaSSL library to version 2.2.0

to pick up some new security fixes that are in it.

Patch provided by Georgi Kodinov.
parent b6174b92
......@@ -21,8 +21,7 @@ See normal build instructions below under 1.0.6.
See libcurl build instructions below under 1.3.0 and note in 1.5.8.
*****************yaSSL Release notes, version 1.9.9 (1/26/2010)
yaSSL Release notes, version 2.0.0 (7/6/2010)
*****************yaSSL Release notes, version 2.0.0 (7/6/2010)
This release of yaSSL contains bug fixes, new testing certs,
and a security patch for a potential heap overflow on forged application
......
/*
Copyright (c) 2005-2007 MySQL AB, 2008 Sun Microsystems, Inc.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms.
This program is free software; you can redistribute it and/or modify
......@@ -35,7 +35,7 @@
#include "rsa.h"
#define YASSL_VERSION "2.1.4"
#define YASSL_VERSION "2.2.0"
#if defined(__cplusplus)
......
/*
Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -1087,19 +1087,37 @@ void Certificate::Process(input_buffer& input, SSL& ssl)
uint32 list_sz;
byte tmp[3];
if (input.get_remaining() < sizeof(tmp)) {
ssl.SetError(YasslError(bad_input));
return;
}
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
tmp[2] = input[AUTO];
c24to32(tmp, list_sz);
if (list_sz > (uint)MAX_RECORD_SIZE) { // sanity check
ssl.SetError(YasslError(bad_input));
return;
}
while (list_sz) {
// cert size
uint32 cert_sz;
if (input.get_remaining() < sizeof(tmp)) {
ssl.SetError(YasslError(bad_input));
return;
}
tmp[0] = input[AUTO];
tmp[1] = input[AUTO];
tmp[2] = input[AUTO];
c24to32(tmp, cert_sz);
if (cert_sz > (uint)MAX_RECORD_SIZE || input.get_remaining() < cert_sz){
ssl.SetError(YasslError(bad_input));
return;
}
x509* myCert;
cm.AddPeerCert(myCert = NEW_YS x509(cert_sz));
input.read(myCert->use_buffer(), myCert->get_length());
......
/*
Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -308,8 +308,9 @@ SSL::SSL(SSL_CTX* ctx)
SetError(YasslError(err));
return;
}
else if (serverSide) {
else if (serverSide && ctx->GetCiphers().setSuites_ == 0) {
// remove RSA or DSA suites depending on cert key type
// but don't override user sets
ProtocolVersion pv = secure_.get_connection().version_;
bool removeDH = secure_.use_parms().removeDH_;
......
/*
Copyright (C) 2000-2007 MySQL AB
Copyright (C) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -39,25 +39,32 @@ public:
explicit Source(word32 sz = 0) : buffer_(sz), current_(0) {}
Source(const byte* b, word32 sz) : buffer_(b, sz), current_(0) {}
word32 remaining() { if (GetError().What()) return 0;
else return buffer_.size() - current_; }
word32 size() const { return buffer_.size(); }
void grow(word32 sz) { buffer_.CleanGrow(sz); }
bool IsLeft(word32 sz) { if (remaining() >= sz) return true;
else { SetError(CONTENT_E); return false; } }
const byte* get_buffer() const { return buffer_.get_buffer(); }
const byte* get_current() const { return &buffer_[current_]; }
word32 get_index() const { return current_; }
void set_index(word32 i) { current_ = i; }
void set_index(word32 i) { if (i < size()) current_ = i; }
byte operator[] (word32 i) { current_ = i; return next(); }
byte next() { return buffer_[current_++]; }
byte prev() { return buffer_[--current_]; }
byte next() { if (IsLeft(1)) return buffer_[current_++]; else return 0; }
byte prev() { if (current_) return buffer_[--current_]; else return 0; }
void add(const byte* data, word32 len)
{
if (IsLeft(len)) {
memcpy(buffer_.get_buffer() + current_, data, len);
current_ += len;
}
}
void advance(word32 i) { current_ += i; }
void advance(word32 i) { if (IsLeft(i)) current_ += i; }
void reset(ByteBlock&);
Error GetError() { return error_; }
......
/*
Copyright (c) 2005-2007 MySQL AB, 2009, 2010 Sun Microsystems, Inc.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms.
This program is free software; you can redistribute it and/or modify
......@@ -144,6 +144,8 @@ word32 GetLength(Source& source)
if (b >= LONG_LENGTH) {
word32 bytes = b & 0x7F;
if (source.IsLeft(bytes) == false) return 0;
while (bytes--) {
b = source.next();
length = (length << 8) | b;
......@@ -578,8 +580,10 @@ void CertDecoder::StoreKey()
read = source_.get_index() - read;
length += read;
if (source_.GetError().What()) return;
while (read--) source_.prev();
if (source_.IsLeft(length) == false) return;
key_.SetSize(length);
key_.SetKey(source_.get_current());
source_.advance(length);
......@@ -611,6 +615,8 @@ void CertDecoder::AddDSA()
word32 length = GetLength(source_);
length += source_.get_index() - idx;
if (source_.IsLeft(length) == false) return;
key_.AddToEnd(source_.get_buffer() + idx, length);
}
......@@ -621,6 +627,8 @@ word32 CertDecoder::GetAlgoId()
if (source_.GetError().What()) return 0;
word32 length = GetSequence();
if (source_.GetError().What()) return 0;
byte b = source_.next();
if (b != OBJECT_IDENTIFIER) {
source_.SetError(OBJECT_ID_E);
......@@ -628,8 +636,9 @@ word32 CertDecoder::GetAlgoId()
}
length = GetLength(source_);
word32 oid = 0;
if (source_.IsLeft(length) == false) return 0;
word32 oid = 0;
while(length--)
oid += source_.next(); // just sum it up for now
......@@ -662,6 +671,10 @@ word32 CertDecoder::GetSignature()
}
sigLength_ = GetLength(source_);
if (sigLength_ == 0 || source_.IsLeft(sigLength_) == false) {
source_.SetError(CONTENT_E);
return 0;
}
b = source_.next();
if (b != 0) {
......@@ -728,6 +741,7 @@ void CertDecoder::GetName(NameType nt)
if (length >= ASN_NAME_MAX)
return;
if (source_.IsLeft(length) == false) return;
length += source_.get_index();
char* ptr;
......@@ -753,7 +767,10 @@ void CertDecoder::GetName(NameType nt)
}
word32 oidSz = GetLength(source_);
if (source_.IsLeft(oidSz) == false) return;
byte joint[2];
if (source_.IsLeft(sizeof(joint)) == false) return;
memcpy(joint, source_.get_current(), sizeof(joint));
// v1 name types
......@@ -763,6 +780,8 @@ void CertDecoder::GetName(NameType nt)
b = source_.next(); // strType
word32 strLen = GetLength(source_);
if (source_.IsLeft(strLen) == false) return;
switch (id) {
case COMMON_NAME:
if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
......@@ -804,6 +823,7 @@ void CertDecoder::GetName(NameType nt)
source_.advance(oidSz + 1);
word32 length = GetLength(source_);
if (source_.IsLeft(length) == false) return;
if (email) {
if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
......@@ -837,6 +857,8 @@ void CertDecoder::GetDate(DateType dt)
}
word32 length = GetLength(source_);
if (source_.IsLeft(length) == false) return;
byte date[MAX_DATE_SZ];
if (length > MAX_DATE_SZ || length < MIN_DATE_SZ) {
source_.SetError(DATE_SZ_E);
......
/*
Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -2587,12 +2587,15 @@ void Integer::Decode(Source& source)
}
word32 length = GetLength(source);
if (length == 0 || source.GetError().What()) return;
if ( (b = source.next()) == 0x00)
length--;
else
source.prev();
if (source.IsLeft(length) == false) return;
unsigned int words = (length + WORD_SIZE - 1) / WORD_SIZE;
words = RoundupSize(words);
if (words > reg_.size()) reg_.CleanNew(words);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment