Import yaSSL version 1.5.8

- Includes patch for Bug#25189

Import yaSSL version 1.5.8
- Includes patch for Bug#25189
1ebe4850 · msvensson@neptunus.(none) · 4bb6151a · 1ebe4850 · 1ebe4850 · 1ebe4850
Commit 1ebe4850 authored Jan 22, 2007 by msvensson@neptunus.(none)
17 changed files
--- a/extra/yassl/README
+++ b/extra/yassl/README
-yaSSL Release notes, version 1.5.0 (11/09/06)
+*****************yaSSL Release notes, version 1.5.0 (1/10/07)
+
+    This release of yaSSL contains bug fixes, portability enhancements, and
+    support for GCC 4.1.1 and vs2005 sp1.
+
+
+
+    Since yaSSL now supports zlib, as does libcur, the libcurl build test can
+    fail if yaSSL is built with zlib support since the zlib library isn't 
+    passed.  You can do two things to fix this: 
+
+        1) build yaSSL w/o zlib --without-zlib
+        2) or add flags to curl configure LDFLAGS="-lm -lz"
+
+
+
+*****************yaSSL Release notes, version 1.5.0 (11/09/06)

    This release of yaSSL contains bug fixes, portability enhancements,
    and full TLS 1.1 support.  Use the functions:

--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -41,7 +41,7 @@
 #include "rsa.h"


-#define YASSL_VERSION "1.5.0"
+#define YASSL_VERSION "1.5.8"


 #if defined(__cplusplus)

--- a/extra/yassl/src/make.bat
+++ b/extra/yassl/src/make.bat
 REM quick and dirty build file for testing different MSDEVs
-
-@echo off
-REM Copyright (C) 2006 MySQL AB
-REM 
-REM This program is free software; you can redistribute it and/or modify
-REM it under the terms of the GNU General Public License as published by
-REM the Free Software Foundation; version 2 of the License.
-REM 
-REM This program is distributed in the hope that it will be useful,
-REM but WITHOUT ANY WARRANTY; without even the implied warranty of
-REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-REM GNU General Public License for more details.
-REM 
-REM You should have received a copy of the GNU General Public License
-REM along with this program; if not, write to the Free Software
-REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-@echo on
-
 setlocal 

 set myFLAGS= /I../include /I../taocrypt/mySTL /I../taocrypt/include /W3 /c /ZI

--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -958,7 +958,7 @@ void ERR_print_errors_fp(FILE* /*fp*/)

 char* ERR_error_string(unsigned long errNumber, char* buffer)
 {
-  static char* msg = (char*) "Please supply a buffer for error string";
+    static char* msg = "Please supply a buffer for error string";

    if (buffer) {
        SetErrorString(YasslError(errNumber), buffer);

--- a/extra/yassl/src/yassl_error.cpp
+++ b/extra/yassl/src/yassl_error.cpp
@@ -150,6 +150,10 @@ void SetErrorString(YasslError error, char* buffer)
        strncpy(buffer, "the read operation would block", max);
        break;

+    case CERTFICATE_ERROR :
+        strncpy(buffer, "Unable to verify certificate", max);
+        break;
+
        // TaoCrypt errors
    case NO_ERROR_E :
        strncpy(buffer, "not in error state", max);
@@ -255,8 +259,12 @@ void SetErrorString(YasslError error, char* buffer)
        strncpy(buffer, "ASN: bad other signature confirmation", max);
        break;

-    case CERTFICATE_ERROR :
-        strncpy(buffer, "Unable to verify certificate", max);
+    case CONTENT_E :
+        strncpy(buffer, "bad content processing", max);
+        break;
+
+    case PEM_E :
+        strncpy(buffer, "bad PEM format processing", max);
        break;

    default :

--- a/extra/yassl/taocrypt/benchmark/make.bat
+++ b/extra/yassl/taocrypt/benchmark/make.bat
 REM quick and dirty build file for testing different MSDEVs
-
-@echo off
-REM Copyright (C) 2006 MySQL AB
-REM 
-REM This program is free software; you can redistribute it and/or modify
-REM it under the terms of the GNU General Public License as published by
-REM the Free Software Foundation; version 2 of the License.
-REM 
-REM This program is distributed in the hope that it will be useful,
-REM but WITHOUT ANY WARRANTY; without even the implied warranty of
-REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-REM GNU General Public License for more details.
-REM 
-REM You should have received a copy of the GNU General Public License
-REM along with this program; if not, write to the Free Software
-REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-@echo on
-
 setlocal 

 set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2

--- a/extra/yassl/taocrypt/include/asn.hpp
+++ b/extra/yassl/taocrypt/include/asn.hpp
@@ -99,6 +99,17 @@ enum DNTags
 };


+enum PCKS12_Tags
+{
+    /* DATA                      = 1, */ // from ASN1
+    SIGNED_DATA               = 2,
+    ENVELOPED_DATA            = 3,
+    SIGNED_AND_ENVELOPED_DATA = 4,
+    DIGESTED_DATA             = 5,
+    ENCRYPTED_DATA            = 6
+};
+
+
 enum Constants
 {
    MIN_DATE_SZ   = 13,
@@ -195,6 +206,16 @@ private:
 };


+// PKCS12 BER Decoder
+class PKCS12_Decoder : public BER_Decoder {
+public:
+    explicit PKCS12_Decoder(Source& s) : BER_Decoder(s) {}
+    void Decode();
+private:
+    void ReadHeader();
+};
+
+
 // General PublicKey
 class PublicKey {
    byte*  key_;
@@ -241,6 +262,7 @@ private:
 typedef STL::list<Signer*> SignerList;


+enum ContentType { HUH = 651 };
 enum SigType  { SHAwDSA = 517, MD2wRSA = 646, MD5wRSA = 648, SHAwRSA =649};
 enum HashType { MD2h = 646, MD5h = 649, SHAh = 88 };
 enum KeyType  { DSAk = 515, RSAk = 645 };     // sums of algo OID
@@ -345,6 +367,12 @@ private:
 };


+// Get Cert in PEM format from BEGIN to END
+int GetCert(Source&);
+
+// Get Cert in PEM format from pkcs12 file
+int GetPKCS_Cert(const char* password, Source&);
+
 } // namespace



--- a/extra/yassl/taocrypt/include/error.hpp
+++ b/extra/yassl/taocrypt/include/error.hpp
@@ -70,8 +70,12 @@ DSA_SZ_E        = 1035, // "bad DSA r or s size"
 BEFORE_DATE_E   = 1036, // "before date in the future"
 AFTER_DATE_E    = 1037, // "after date in the past"
 SIG_CONFIRM_E   = 1038, // "bad self  signature confirmation"
-SIG_OTHER_E     = 1039  // "bad other signature confirmation"
+SIG_OTHER_E     = 1039, // "bad other signature confirmation"

+CONTENT_E       = 1040, // "bad content processing"
+PEM_E           = 1041  // "bad pem format error"
+
+    //  add error string to yassl/src/yassl_error.cpp !!! 
 };



--- a/extra/yassl/taocrypt/include/file.hpp
+++ b/extra/yassl/taocrypt/include/file.hpp
@@ -71,8 +71,10 @@ public:
    void   SetError(ErrorNumber w) { error_.SetError(w); }

    friend class FileSource;  // for get()
-private:
-    Source(const Source& that) : buffer_(that.buffer_), current_(that.current_) {}
+
+    Source(const Source& that)
+        : buffer_(that.buffer_), current_(that.current_) {}
+
    Source& operator=(const Source& that)
    {
        Source tmp(that);

--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -1098,4 +1098,83 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
 }


+// Get Cert in PEM format from BEGIN to END
+int GetCert(Source& source)
+{
+    char header[] = "-----BEGIN CERTIFICATE-----";
+    char footer[] = "-----END CERTIFICATE-----";
+
+    char* begin = strstr((char*)source.get_buffer(), header);
+    char* end   = strstr((char*)source.get_buffer(), footer);
+
+    if (!begin || !end || begin >= end) return -1;
+
+    end += strlen(footer); 
+    if (*end == '\r') end++;
+
+    Source tmp((byte*)begin, end - begin + 1);
+    source.Swap(tmp);
+
+    return 0;
+}
+
+
+
+// Decode a BER encoded PKCS12 structure
+void PKCS12_Decoder::Decode()
+{
+    ReadHeader();
+    if (source_.GetError().What()) return;
+
+    // Get AuthSafe
+
+    GetSequence();
+    
+        // get object id
+    byte obj_id = source_.next();
+    if (obj_id != OBJECT_IDENTIFIER) {
+        source_.SetError(OBJECT_ID_E);
+        return;
+    }
+
+    word32 length = GetLength(source_);
+
+    word32 algo_sum = 0;
+    while (length--)
+        algo_sum += source_.next();
+
+    
+       
+
+
+
+    // Get MacData optional
+    /*
+    mac     digestInfo  like certdecoder::getdigest?
+    macsalt octet string
+    iter    integer
+    
+    */
+}
+
+
+void PKCS12_Decoder::ReadHeader()
+{
+    // Gets Version
+    GetSequence();
+    GetVersion();
+}
+
+
+// Get Cert in PEM format from pkcs12 file
+int GetPKCS_Cert(const char* password, Source& source)
+{
+    PKCS12_Decoder pkcs12(source);
+    pkcs12.Decode();
+
+    return 0;
+}
+
+
+
 } // namespace
--- a/extra/yassl/taocrypt/src/coding.cpp
+++ b/extra/yassl/taocrypt/src/coding.cpp
@@ -131,8 +131,7 @@ void HexDecoder::Decode()
 void Base64Encoder::Encode()
 {
    word32 bytes = plain_.size();
-    word32 outSz = bytes * 4 / 3;
-    outSz += (outSz % 4);           // 4 byte integrals         
+    word32 outSz = (bytes + 3 - 1) / 3 * 4;

    outSz += (outSz + pemLineSz - 1) / pemLineSz;  // new lines
    encoded_.New(outSz);
@@ -159,7 +158,7 @@ void Base64Encoder::Encode()

        bytes -= 3;

-        if ((++j % 16) == 0)
+        if ((++j % 16) == 0 && bytes)
            encoded_[i++] = '\n';
    }

@@ -236,11 +235,18 @@ void Base64Decoder::Decode()
        if ((++j % 16) == 0) {
            byte endLine = coded_.next();
            bytes--;
+            while (endLine == ' ') {        // remove possible whitespace
+                endLine = coded_.next();
+                bytes--;
+            }
            if (endLine == '\r') {
                endLine = coded_.next();
                bytes--;
            }
-            assert(endLine == '\n');
+            if (endLine != '\n') {
+                coded_.SetError(PEM_E); 
+                return;
+            }
        }
    }


--- a/extra/yassl/taocrypt/src/integer.cpp
+++ b/extra/yassl/taocrypt/src/integer.cpp
@@ -88,7 +88,7 @@ namespace TaoCrypt {
 #ifdef SSE2_INTRINSICS_AVAILABLE

 template <class T>
-CPP_TYPENAME AllocatorBase<T>::pointer AlignedAllocator<T>::allocate(
+CPP_TYPENAME AlignedAllocator<T>::pointer AlignedAllocator<T>::allocate(
                                           size_type n, const void *)
 {
    CheckSize(n);
@@ -572,24 +572,29 @@ static word AtomicInverseModPower2(word A)
 class Portable
 {
 public:
-    static word Add(word *C, const word *A, const word *B, unsigned int N);
-    static word Subtract(word *C, const word *A, const word*B, unsigned int N);
-
-    static void Multiply2(word *C, const word *A, const word *B);
-    static word Multiply2Add(word *C, const word *A, const word *B);
-    static void Multiply4(word *C, const word *A, const word *B);
-    static void Multiply8(word *C, const word *A, const word *B);
-    static unsigned int MultiplyRecursionLimit() {return 8;}
-
-    static void Multiply2Bottom(word *C, const word *A, const word *B);
-    static void Multiply4Bottom(word *C, const word *A, const word *B);
-    static void Multiply8Bottom(word *C, const word *A, const word *B);
-    static unsigned int MultiplyBottomRecursionLimit() {return 8;}
-
-    static void Square2(word *R, const word *A);
-    static void Square4(word *R, const word *A);
-    static void Square8(word *R, const word *A) {assert(false);}
-    static unsigned int SquareRecursionLimit() {return 4;}
+    static word TAOCRYPT_CDECL Add(word *C, const word *A, const word *B,
+                                   unsigned int N);
+    static word TAOCRYPT_CDECL Subtract(word *C, const word *A, const word*B,
+                                        unsigned int N);
+    static void TAOCRYPT_CDECL Multiply2(word *C, const word *A, const word *B);
+    static word TAOCRYPT_CDECL Multiply2Add(word *C,
+                                            const word *A, const word *B);
+    static void TAOCRYPT_CDECL Multiply4(word *C, const word *A, const word *B);
+    static void TAOCRYPT_CDECL Multiply8(word *C, const word *A, const word *B);
+    static unsigned int TAOCRYPT_CDECL MultiplyRecursionLimit() {return 8;}
+
+    static void TAOCRYPT_CDECL Multiply2Bottom(word *C, const word *A,
+                                               const word *B);
+    static void TAOCRYPT_CDECL Multiply4Bottom(word *C, const word *A,
+                                               const word *B);
+    static void TAOCRYPT_CDECL Multiply8Bottom(word *C, const word *A,
+                                               const word *B);
+    static unsigned int TAOCRYPT_CDECL MultiplyBottomRecursionLimit(){return 8;}
+
+    static void TAOCRYPT_CDECL Square2(word *R, const word *A);
+    static void TAOCRYPT_CDECL Square4(word *R, const word *A);
+    static void TAOCRYPT_CDECL Square8(word *R, const word *A) {assert(false);}
+    static unsigned int TAOCRYPT_CDECL SquareRecursionLimit() {return 4;}
 };

 word Portable::Add(word *C, const word *A, const word *B, unsigned int N)

--- a/extra/yassl/taocrypt/src/make.bat
+++ b/extra/yassl/taocrypt/src/make.bat
 REM quick and dirty build file for testing different MSDEVs
-
-@echo off
-REM Copyright (C) 2006 MySQL AB
-REM 
-REM This program is free software; you can redistribute it and/or modify
-REM it under the terms of the GNU General Public License as published by
-REM the Free Software Foundation; version 2 of the License.
-REM 
-REM This program is distributed in the hope that it will be useful,
-REM but WITHOUT ANY WARRANTY; without even the implied warranty of
-REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-REM GNU General Public License for more details.
-REM 
-REM You should have received a copy of the GNU General Public License
-REM along with this program; if not, write to the Free Software
-REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-@echo on
-
 setlocal 

 set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2 

--- a/extra/yassl/taocrypt/test/make.bat
+++ b/extra/yassl/taocrypt/test/make.bat
 REM quick and dirty build file for testing different MSDEVs
-
-@echo off
-REM Copyright (C) 2006 MySQL AB
-REM 
-REM This program is free software; you can redistribute it and/or modify
-REM it under the terms of the GNU General Public License as published by
-REM the Free Software Foundation; version 2 of the License.
-REM 
-REM This program is distributed in the hope that it will be useful,
-REM but WITHOUT ANY WARRANTY; without even the implied warranty of
-REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-REM GNU General Public License for more details.
-REM 
-REM You should have received a copy of the GNU General Public License
-REM along with this program; if not, write to the Free Software
-REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-@echo on
-
 setlocal 

 set myFLAGS= /I../include /I../mySTL /c /W3 /G6 /O2

--- a/extra/yassl/taocrypt/test/test.cpp
+++ b/extra/yassl/taocrypt/test/test.cpp
@@ -74,7 +74,8 @@ using TaoCrypt::EncodeDSA_Signature;
 using TaoCrypt::DecodeDSA_Signature;
 using TaoCrypt::PBKDF2_HMAC;
 using TaoCrypt::tcArrayDelete;
-
+using TaoCrypt::GetCert;
+using TaoCrypt::GetPKCS_Cert;


 struct testVector {
@@ -103,6 +104,7 @@ int  rsa_test();
 int  dsa_test();
 int  dh_test();
 int  pwdbased_test();
+int  pkcs12_test();

 TaoCrypt::RandomNumberGenerator rng;

@@ -228,6 +230,13 @@ void taocrypt_test(void* args)
    else
        printf( "PBKDF2   test passed!\n");

+    /* not ready yet
+    if ( (ret = pkcs12_test()) )
+        err_sys("PKCS12   test failed!\n", ret);
+    else
+        printf( "PKCS12   test passed!\n");
+    */
+
    tcArrayDelete(cipher);
    tcArrayDelete(plain);
    tcArrayDelete(msg);
@@ -994,3 +1003,38 @@ int pwdbased_test()

    return 0;
 }
+
+
+int pkcs12_test()
+{
+    Source cert;
+    FileSource("../certs/server-cert.pem", cert);
+    if (cert.size() == 0) {
+        FileSource("../../certs/server-cert.pem", cert);  // for testsuite
+        if (cert.size() == 0) {
+            FileSource("../../../certs/server-cert.pem", cert); // Debug dir
+            if (cert.size() == 0)
+                err_sys("where's your certs dir?", -109);
+        }
+    }
+
+    if (GetCert(cert) != 0)
+        return -110;
+
+    Source source;
+    FileSource("../certs/server.p12", source);
+    if (source.size() == 0) {
+        FileSource("../../certs/server.p12", source);  // for testsuite
+        if (source.size() == 0) {
+            FileSource("../../../certs/server.p12", source); // Debug dir
+            if (source.size() == 0)
+                err_sys("where's your certs dir?", -111);
+        }
+    }
+
+    if (GetPKCS_Cert("password", source) != 0)
+        return -112;
+
+    return 0;
+}
+
--- a/extra/yassl/testsuite/make.bat
+++ b/extra/yassl/testsuite/make.bat
 REM quick and dirty build file for testing different MSDEVs
-
-@echo off
-REM Copyright (C) 2006 MySQL AB
-REM 
-REM This program is free software; you can redistribute it and/or modify
-REM it under the terms of the GNU General Public License as published by
-REM the Free Software Foundation; version 2 of the License.
-REM 
-REM This program is distributed in the hope that it will be useful,
-REM but WITHOUT ANY WARRANTY; without even the implied warranty of
-REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-REM GNU General Public License for more details.
-REM 
-REM You should have received a copy of the GNU General Public License
-REM along with this program; if not, write to the Free Software
-REM Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-@echo on
-
 setlocal 

 set myFLAGS= /I../include /I../taocrypt/include /I../taocrypt/mySTL /c /W3 /G6 /O2 /MT /D"WIN32" /D"NO_MAIN_DRIVER"

--- a/extra/yassl/testsuite/testsuite.cpp
+++ b/extra/yassl/testsuite/testsuite.cpp
@@ -86,8 +86,8 @@ int main(int argc, char** argv)
            // input output compare
    byte input[TaoCrypt::MD5::DIGEST_SIZE];
    byte output[TaoCrypt::MD5::DIGEST_SIZE];
-    file_test((char*) "input", input);
-    file_test((char*) "output", output);
+    file_test("input", input);
+    file_test("output", output);
    assert(memcmp(input, output, sizeof(input)) == 0);

    printf("\nAll tests passed!\n");