Merge pilot.(none):/data/msvensson/mysql/bug28812/my50-bug28812

into  pilot.(none):/data/msvensson/mysql/mysql-5.0-maint

extra/yassl/include/openssl/crypto.h

@@ -9,6 +9,7 @@
 
 const char* SSLeay_version(int type);
 
+#define SSLEAY_NUMBER_DEFINED
 #define SSLEAY_VERSION 0x0900L
 #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
 

extra/yassl/include/openssl/des_old.h

+/* des_old.h  for openvn */

extra/yassl/include/openssl/evp.h

+/* evp.h for openSSL */
+
+#ifndef SSLEAY_NUMBER_DEFINED
+#define SSLEAY_NUMBER_DEFINED
+
+/* for OpenVPN */
+#define SSLEAY_VERSION_NUMBER 0x0090700f
+
+
+#endif /* SSLEAY_NUMBER_DEFINED */

extra/yassl/include/openssl/hmac.h

+/* hmac.h  for openvpn */

extra/yassl/include/openssl/objects.h

+/* objects.h  for openvpn */

extra/yassl/include/openssl/prefix_ssl.h

@@ -30,6 +30,7 @@
 #define SSL_CTX_new yaSSL_CTX_new
 #define SSL_new yaSSL_new
 #define SSL_set_fd yaSSL_set_fd
+#define SSL_get_fd yaSSL_get_fd
 #define SSL_connect yaSSL_connect
 #define SSL_write yaSSL_write
 #define SSL_read yaSSL_read
@@ -91,6 +92,8 @@
 #define SSL_set_rfd yaSSL_set_rfd
 #define SSL_set_wfd yaSSL_set_wfd
 #define SSL_set_shutdown yaSSL_set_shutdown
+#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown
+#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown
 #define SSL_want_read yaSSL_want_read
 #define SSL_want_write yaSSL_want_write
 #define SSL_pending yaSSL_pending

extra/yassl/include/openssl/sha.h

+/* sha.h  for openvpn */

extra/yassl/include/openssl/ssl.h

@@ -34,7 +34,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "1.6.5"
+#define YASSL_VERSION "1.7.2"
 
 
 #if defined(__cplusplus)
@@ -201,6 +201,7 @@ typedef int YASSL_SOCKET_T;
 SSL_CTX* SSL_CTX_new(SSL_METHOD*);
 SSL* SSL_new(SSL_CTX*);
 int  SSL_set_fd (SSL*, YASSL_SOCKET_T);
+YASSL_SOCKET_T SSL_get_fd(const SSL*);
 int  SSL_connect(SSL*);
 int  SSL_write(SSL*, const void*, int);
 int  SSL_read(SSL*, void*, int);

extra/yassl/include/yassl_int.hpp

@@ -584,7 +584,7 @@ class SSL {
     Socket              socket_;                // socket wrapper
     Buffers             buffers_;               // buffered handshakes and data
     Log                 log_;                   // logger
-    bool                quietShutdown_;         // shutdown without handshakes
+    bool                quietShutdown_;
 
     // optimization variables
     bool                has_data_;              // buffered data ready?

extra/yassl/src/handshake.cpp

@@ -719,6 +719,10 @@ int DoProcessReply(SSL& ssl)
 
     // add new data
     uint read  = ssl.useSocket().receive(buffer.get_buffer() + buffSz, ready);
+    if (read == static_cast<uint>(-1)) {
+        ssl.SetError(receive_error);
+        return 0;
+    }
     buffer.add_size(read);
     uint offset = 0;
     const MessageFactory& mf = ssl.getFactory().getMessage();

extra/yassl/src/socket_wrapper.cpp

@@ -114,8 +114,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
     const byte* pos = buf;
     const byte* end = pos + sz;
 
-    assert(socket_ != INVALID_SOCKET);
-
     while (pos != end) {
         int sent = ::send(socket_, reinterpret_cast<const char *>(pos),
                           static_cast<int>(end - pos), flags);
@@ -132,7 +130,6 @@ uint Socket::send(const byte* buf, unsigned int sz, int flags) const
 
 uint Socket::receive(byte* buf, unsigned int sz, int flags)
 {
-    assert(socket_ != INVALID_SOCKET);
     wouldBlock_ = false;
 
     int recvd = ::recv(socket_, reinterpret_cast<char *>(buf), sz, flags);
@@ -163,7 +160,6 @@ bool Socket::wait()
 
 void Socket::shutDown(int how)
 {
-    assert(socket_ != INVALID_SOCKET);
     shutdown(socket_, how);
 }
 

extra/yassl/src/ssl.cpp

@@ -239,6 +239,12 @@ int SSL_set_fd(SSL* ssl, YASSL_SOCKET_T fd)
 }
 
 
+YASSL_SOCKET_T SSL_get_fd(const SSL* ssl)
+{
+    return ssl->getSocket().get_fd();
+}
+
+
 int SSL_connect(SSL* ssl)
 {
     if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))

extra/yassl/src/yassl_int.cpp

@@ -773,6 +773,7 @@ void SSL::SetError(YasslError ye)
     // TODO: add string here
 }
 
+
 // set the quiet shutdown mode (close_nofiy not sent or received on shutdown)
 void SSL::SetQuietShutdown(bool mode)
 {

extra/yassl/taocrypt/src/coding.cpp

@@ -107,11 +107,12 @@ void HexDecoder::Decode()
         // sanity checks
         assert( b  < sizeof(hexDecode)/sizeof(hexDecode[0]) );
         assert( b2 < sizeof(hexDecode)/sizeof(hexDecode[0]) );
-        assert( b != bad && b2 != bad );
 
         b  = hexDecode[b];
         b2 = hexDecode[b2];
         
+        assert( b != bad && b2 != bad );
+        
         decoded_[i++] = (b << 4) | b2;
         bytes -= 2;
     }
@@ -184,7 +185,7 @@ void Base64Decoder::Decode()
 {
     word32 bytes = coded_.size();
     word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz); 
-    plainSz = ((plainSz * 3) / 4) + 3;
+    plainSz = (plainSz * 3 + 3) / 4;
     decoded_.New(plainSz);
 
     word32 i = 0;

extra/yassl/taocrypt/src/crypto.cpp

@@ -26,6 +26,11 @@ extern "C" {
     // locking handled internally by library
     char CRYPTO_lock() { return 0;}
     char CRYPTO_add_lock() { return 0;}
+
+
+    // for openvpn, test are the signatures they use
+    char EVP_CIPHER_CTX_init() { return 0; }
+    char CRYPTO_mem_ctrl() { return 0; }
 }  // extern "C"
 
 

mysql-test/t/rpl_ssl.test

@@ -41,24 +41,39 @@ select * from t1;
 
 # Do the same thing a number of times
 disable_query_log;
+disable_result_log;
 let $i= 100;
 while ($i)
 {
   start slave;
   connection master;
   insert into t1 values (NULL);
+  select * from t1; # Some variance
   connection slave;
+  select * from t1; # Some variance
   stop slave;
   dec $i;
 }
 start slave;
 enable_query_log;
+enable_result_log;
 connection master;
 insert into t1 values (NULL);
+let $master_count= `select count(*) from t1`;
+
 sync_slave_with_master;
 --source include/wait_for_slave_to_start.inc
 --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
 --replace_column 1 # 7 # 8 # 9 # 22 # 23 # 33 #
 query_vertical show slave status;
 
+let $slave_count= `select count(*) from t1`;
+
+if (`select $slave_count != $master_count`)
+{
+  echo master and slave differed in number of rows;
+  echo master: $master_count;
+  echo slave: $slave_count;
+}
+
 --echo End of 5.0 tests

vio/viossl.c

@@ -172,67 +172,79 @@ void vio_ssl_delete(Vio *vio)
   vio_delete(vio);
 }
 
-
 int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
+{
+  DBUG_ENTER("sslaccept");
+  DBUG_RETURN(sslconnect(ptr, vio, timeout));
+}
+
+
+int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 {
   SSL *ssl;
   my_bool unused;
-  my_bool net_blocking;
-  enum enum_vio_type old_type;
-  DBUG_ENTER("sslaccept");
-  DBUG_PRINT("enter", ("sd: %d  ptr: 0x%lx, timeout: %ld",
-                       vio->sd, (long) ptr, timeout));
+  my_bool was_blocking;
 
-  old_type= vio->type;
-  net_blocking= vio_is_blocking(vio);
-  vio_blocking(vio, 1, &unused);	/* Must be called before reset */
-  vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
+  DBUG_ENTER("sslconnect");
+  DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d  ctx: 0x%lx",
+                       (long) ptr, vio->sd, (long) ptr->ssl_context));
+
+  /* Set socket to blocking if not already set */
+  vio_blocking(vio, 1, &was_blocking);
 
   if (!(ssl= SSL_new(ptr->ssl_context)))
   {
     DBUG_PRINT("error", ("SSL_new failure"));
     report_errors(ssl);
-    vio_reset(vio, old_type,vio->sd,0,FALSE);
-    vio_blocking(vio, net_blocking, &unused);
+    vio_blocking(vio, was_blocking, &unused);
     DBUG_RETURN(1);
   }
-  vio->ssl_arg= (void*)ssl;
   DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
   SSL_clear(ssl);
   SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
   SSL_set_fd(ssl, vio->sd);
-  if (SSL_accept(ssl) < 1)
+
+  /*
+    SSL_do_handshake will select between SSL_connect
+    or SSL_accept depending on server or client side
+  */
+  if (SSL_do_handshake(ssl) < 1)
   {
-    DBUG_PRINT("error", ("SSL_accept failure"));
+    DBUG_PRINT("error", ("SSL_do_handshake failure"));
     report_errors(ssl);
     SSL_free(ssl);
-    vio->ssl_arg= 0;
-    vio_reset(vio, old_type,vio->sd,0,FALSE);
-    vio_blocking(vio, net_blocking, &unused);
+    vio_blocking(vio, was_blocking, &unused);
     DBUG_RETURN(1);
   }
 
-#ifndef DBUG_OFF
-  {
-    char buf[1024];
-    X509 *client_cert;
-    DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl)));
+  /*
+    Connection succeeded. Install new function handlers,
+    change type, set sd to the fd used when connecting
+    and set pointer to the SSL structure
+  */
+  vio_reset(vio, VIO_TYPE_SSL, SSL_get_fd(ssl), 0, 0);
+  vio->ssl_arg= (void*)ssl;
 
-    if ((client_cert= SSL_get_peer_certificate (ssl)))
+#ifndef DBUG_OFF
   {
-      DBUG_PRINT("info",("Client certificate:"));
-      X509_NAME_oneline (X509_get_subject_name (client_cert),
-                         buf, sizeof(buf));
-      DBUG_PRINT("info",("\t subject: %s", buf));
+    /* Print some info about the peer */
+    X509 *cert;
+    char buf[512];
 
-      X509_NAME_oneline (X509_get_issuer_name  (client_cert),
-                         buf, sizeof(buf));
-      DBUG_PRINT("info",("\t issuer: %s", buf));
+    DBUG_PRINT("info",("SSL connection succeeded"));
+    DBUG_PRINT("info",("Using cipher: '%s'" , SSL_get_cipher_name(ssl)));
 
-      X509_free (client_cert);
+    if ((cert= SSL_get_peer_certificate (ssl)))
+    {
+      DBUG_PRINT("info",("Peer certificate:"));
+      X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
+      DBUG_PRINT("info",("\t subject: '%s'", buf));
+      X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf));
+      DBUG_PRINT("info",("\t issuer: '%s'", buf));
+      X509_free(cert);
     }
     else
-      DBUG_PRINT("info",("Client does not have certificate."));
+      DBUG_PRINT("info",("Peer does not have certificate."));
 
     if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
     {
@@ -247,68 +259,6 @@ int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
 }
 
 
-int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
-{
-  SSL *ssl;
-  my_bool unused;
-  my_bool net_blocking;
-  enum enum_vio_type old_type;
-
-  DBUG_ENTER("sslconnect");
-  DBUG_PRINT("enter", ("sd: %d  ptr: 0x%lx  ctx: 0x%lx",
-                       vio->sd, (long) ptr, (long) ptr->ssl_context));
-
-  old_type= vio->type;
-  net_blocking= vio_is_blocking(vio);
-  vio_blocking(vio, 1, &unused);	/* Must be called before reset */
-  vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
-  if (!(ssl= SSL_new(ptr->ssl_context)))
-  {
-    DBUG_PRINT("error", ("SSL_new failure"));
-    report_errors(ssl);
-    vio_reset(vio, old_type, vio->sd, 0, FALSE);
-    vio_blocking(vio, net_blocking, &unused);
-    DBUG_RETURN(1);
-  }
-  vio->ssl_arg= (void*)ssl;
-  DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
-  SSL_clear(ssl);
-  SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
-  SSL_set_fd(ssl, vio->sd);
-  if (SSL_connect(ssl) < 1)
-  {
-    DBUG_PRINT("error", ("SSL_connect failure"));
-    report_errors(ssl);
-    SSL_free(ssl);
-    vio->ssl_arg= 0;
-    vio_reset(vio, old_type, vio->sd, 0, FALSE);
-    vio_blocking(vio, net_blocking, &unused);
-    DBUG_RETURN(1);
-  }
-#ifndef DBUG_OFF
-  {
-    X509 *server_cert;
-    DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl)));
-
-    if ((server_cert= SSL_get_peer_certificate (ssl)))
-    {
-      char buf[256];
-      DBUG_PRINT("info",("Server certificate:"));
-      X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
-      DBUG_PRINT("info",("\t subject: %s", buf));
-      X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf));
-      DBUG_PRINT("info",("\t issuer: %s", buf));
-      X509_free (server_cert);
-    }
-    else
-      DBUG_PRINT("info",("Server does not have certificate."));
-  }
-#endif
-
-  DBUG_RETURN(0);
-}
-
-
 int vio_ssl_blocking(Vio *vio __attribute__((unused)),
 		     my_bool set_blocking_mode,
 		     my_bool *old_mode)