summaryrefslogtreecommitdiff
path: root/extra/yassl
diff options
context:
space:
mode:
Diffstat (limited to 'extra/yassl')
-rw-r--r--extra/yassl/README11
-rw-r--r--extra/yassl/include/lock.hpp9
-rw-r--r--extra/yassl/include/openssl/ssl.h2
-rw-r--r--extra/yassl/include/yassl_error.hpp2
-rw-r--r--extra/yassl/src/cert_wrapper.cpp3
-rw-r--r--extra/yassl/src/lock.cpp4
-rw-r--r--extra/yassl/src/ssl.cpp5
-rw-r--r--extra/yassl/src/yassl_error.cpp7
-rw-r--r--extra/yassl/taocrypt/include/aes.hpp1
-rw-r--r--extra/yassl/taocrypt/include/misc.hpp8
-rw-r--r--extra/yassl/taocrypt/include/pwdbased.hpp4
-rw-r--r--extra/yassl/taocrypt/src/asn.cpp4
-rw-r--r--extra/yassl/taocrypt/src/coding.cpp21
-rw-r--r--extra/yassl/taocrypt/src/crypto.cpp37
-rw-r--r--extra/yassl/taocrypt/taocrypt.dsw17
-rw-r--r--extra/yassl/taocrypt/test/memory.cpp2
-rw-r--r--extra/yassl/taocrypt/test/test.dsp (renamed from extra/yassl/taocrypt/test.dsp)14
-rw-r--r--extra/yassl/yassl.dsw5
18 files changed, 81 insertions, 75 deletions
diff --git a/extra/yassl/README b/extra/yassl/README
index 7720a9453dd..24bdf32f989 100644
--- a/extra/yassl/README
+++ b/extra/yassl/README
@@ -12,7 +12,16 @@ before calling SSL_new();
*** end Note ***
-yaSSL Release notes, version 2.1.2 (9/2/2011)
+yaSSL Release notes, version 2.2.2 (7/5/2012)
+
+ This release of yaSSL contains bug fixes and more security checks around
+ malicious certificates.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.1.2 (9/2/2011)
This release of yaSSL contains bug fixes, better non-blocking support with
SSL_write, and OpenSSL RSA public key format support.
diff --git a/extra/yassl/include/lock.hpp b/extra/yassl/include/lock.hpp
index ae875001633..487bedfcc70 100644
--- a/extra/yassl/include/lock.hpp
+++ b/extra/yassl/include/lock.hpp
@@ -27,7 +27,7 @@
Visual Studio Source Annotations header (sourceannotations.h) fails
to compile if outside of the global namespace.
*/
-#ifdef YASSL_THREAD_SAFE
+#ifdef MULTI_THREADED
#ifdef _WIN32
#include <windows.h>
#endif
@@ -36,8 +36,9 @@
namespace yaSSL {
-#ifdef YASSL_THREAD_SAFE
+#ifdef MULTI_THREADED
#ifdef _WIN32
+ #include <windows.h>
class Mutex {
CRITICAL_SECTION cs_;
@@ -77,7 +78,7 @@ namespace yaSSL {
};
#endif // _WIN32
-#else // YASSL_THREAD_SAFE (WE'RE SINGLE)
+#else // MULTI_THREADED (WE'RE SINGLE)
class Mutex {
public:
@@ -87,7 +88,7 @@ namespace yaSSL {
};
};
-#endif // YASSL_THREAD_SAFE
+#endif // MULTI_THREADED
diff --git a/extra/yassl/include/openssl/ssl.h b/extra/yassl/include/openssl/ssl.h
index 0d99888da88..2fcba67cfdd 100644
--- a/extra/yassl/include/openssl/ssl.h
+++ b/extra/yassl/include/openssl/ssl.h
@@ -35,7 +35,7 @@
#include "rsa.h"
-#define YASSL_VERSION "2.2.0"
+#define YASSL_VERSION "2.2.2"
#if defined(__cplusplus)
diff --git a/extra/yassl/include/yassl_error.hpp b/extra/yassl/include/yassl_error.hpp
index 87bb4c55e96..8efc7f72e87 100644
--- a/extra/yassl/include/yassl_error.hpp
+++ b/extra/yassl/include/yassl_error.hpp
@@ -65,7 +65,7 @@ enum YasslError {
enum Library { yaSSL_Lib = 0, CryptoLib, SocketLib };
enum { MAX_ERROR_SZ = 80 };
-void SetErrorString(unsigned long, char*);
+void SetErrorString(YasslError, char*);
/* remove for now, if go back to exceptions use this wrapper
// Base class for all yaSSL exceptions
diff --git a/extra/yassl/src/cert_wrapper.cpp b/extra/yassl/src/cert_wrapper.cpp
index 7e73464001a..917cfa1a8fb 100644
--- a/extra/yassl/src/cert_wrapper.cpp
+++ b/extra/yassl/src/cert_wrapper.cpp
@@ -250,8 +250,7 @@ int CertManager::Validate()
TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
- int err = cert.GetError().What();
- if ( err )
+ if (int err = cert.GetError().What())
return err;
const TaoCrypt::PublicKey& key = cert.GetPublicKey();
diff --git a/extra/yassl/src/lock.cpp b/extra/yassl/src/lock.cpp
index 9eb41408ff7..d603440757f 100644
--- a/extra/yassl/src/lock.cpp
+++ b/extra/yassl/src/lock.cpp
@@ -26,7 +26,7 @@
namespace yaSSL {
-#ifdef YASSL_THREAD_SAFE
+#ifdef MULTI_THREADED
#ifdef _WIN32
Mutex::Mutex()
@@ -79,7 +79,7 @@ namespace yaSSL {
#endif // _WIN32
-#endif // YASSL_THREAD_SAFE
+#endif // MULTI_THREADED
diff --git a/extra/yassl/src/ssl.cpp b/extra/yassl/src/ssl.cpp
index 8401798534b..6c839bc2f79 100644
--- a/extra/yassl/src/ssl.cpp
+++ b/extra/yassl/src/ssl.cpp
@@ -27,7 +27,6 @@
-
/* see man pages for function descriptions */
#include "runtime.hpp"
@@ -747,7 +746,7 @@ void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback vc)
int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
const char* path)
{
- int ret = SSL_SUCCESS;
+ int ret = SSL_FAILURE;
const int HALF_PATH = 128;
if (file) ret = read_file(ctx, file, SSL_FILETYPE_PEM, CA);
@@ -1014,7 +1013,7 @@ char* ERR_error_string(unsigned long errNumber, char* buffer)
static char* msg = (char*)"Please supply a buffer for error string";
if (buffer) {
- SetErrorString(errNumber, buffer);
+ SetErrorString(YasslError(errNumber), buffer);
return buffer;
}
diff --git a/extra/yassl/src/yassl_error.cpp b/extra/yassl/src/yassl_error.cpp
index e55c10c68c0..f48fbdc925e 100644
--- a/extra/yassl/src/yassl_error.cpp
+++ b/extra/yassl/src/yassl_error.cpp
@@ -31,11 +31,6 @@
#pragma warning(disable: 4996)
#endif
-#ifdef _MSC_VER
- // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
- #pragma warning(disable: 4996)
-#endif
-
namespace yaSSL {
@@ -60,7 +55,7 @@ Library Error::get_lib() const
*/
-void SetErrorString(unsigned long error, char* buffer)
+void SetErrorString(YasslError error, char* buffer)
{
using namespace TaoCrypt;
const int max = MAX_ERROR_SZ; // shorthand
diff --git a/extra/yassl/taocrypt/include/aes.hpp b/extra/yassl/taocrypt/include/aes.hpp
index dc19c98a83a..e2041fc9350 100644
--- a/extra/yassl/taocrypt/include/aes.hpp
+++ b/extra/yassl/taocrypt/include/aes.hpp
@@ -92,7 +92,6 @@ typedef BlockCipher<ENCRYPTION, AES, CBC> AES_CBC_Encryption;
typedef BlockCipher<DECRYPTION, AES, CBC> AES_CBC_Decryption;
-
} // naemspace
#endif // TAO_CRYPT_AES_HPP
diff --git a/extra/yassl/taocrypt/include/misc.hpp b/extra/yassl/taocrypt/include/misc.hpp
index b6925f916f8..c58713855dd 100644
--- a/extra/yassl/taocrypt/include/misc.hpp
+++ b/extra/yassl/taocrypt/include/misc.hpp
@@ -136,9 +136,13 @@ void CleanUp();
// Turn on ia32 ASM for Big Integer
// CodeWarrior defines _MSC_VER
+//
+// Do not use assembler with GCC, as the implementation for it is broken;
+// it does not use proper GCC asm contraints and makes assumptions about
+// frame pointers and so on, which breaks depending on GCC version and
+// optimization level.
#if !defined(TAOCRYPT_DISABLE_X86ASM) && ((defined(_MSC_VER) && \
- !defined(__MWERKS__) && defined(_M_IX86)) || \
- (defined(__GNUC__) && defined(__i386__)))
+ !defined(__MWERKS__) && defined(_M_IX86)))
#define TAOCRYPT_X86ASM_AVAILABLE
#endif
diff --git a/extra/yassl/taocrypt/include/pwdbased.hpp b/extra/yassl/taocrypt/include/pwdbased.hpp
index f40a336e2c3..d050fd8988b 100644
--- a/extra/yassl/taocrypt/include/pwdbased.hpp
+++ b/extra/yassl/taocrypt/include/pwdbased.hpp
@@ -48,9 +48,11 @@ word32 PBKDF2_HMAC<T>::DeriveKey(byte* derived, word32 dLen, const byte* pwd,
word32 pLen, const byte* salt, word32 sLen,
word32 iterations) const
{
- if (dLen > MaxDerivedKeyLength())
+ if (dLen > MaxDerivedKeyLength())
return 0;
+ if (iterations < 0)
+ return 0;
ByteBlock buffer(T::DIGEST_SIZE);
HMAC<T> hmac;
diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp
index 5ec4cac1c44..ad054809879 100644
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -154,6 +154,8 @@ word32 GetLength(Source& source)
else
length = b;
+ if (source.IsLeft(length) == false) return 0;
+
return length;
}
@@ -832,7 +834,7 @@ void CertDecoder::GetName(NameType nt)
if (email) {
if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
source_.SetError(CONTENT_E);
- return;
+ return;
}
}
diff --git a/extra/yassl/taocrypt/src/coding.cpp b/extra/yassl/taocrypt/src/coding.cpp
index 97c62ea12a7..0512ea9c889 100644
--- a/extra/yassl/taocrypt/src/coding.cpp
+++ b/extra/yassl/taocrypt/src/coding.cpp
@@ -103,6 +103,16 @@ void HexDecoder::Decode()
byte b = coded_.next() - 0x30; // 0 starts at 0x30
byte b2 = coded_.next() - 0x30;
+ // sanity checks
+ if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+ if (b2 >= sizeof(hexDecode)/sizeof(hexDecode[0])) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+
b = hexDecode[b];
b2 = hexDecode[b2];
@@ -178,6 +188,7 @@ void Base64Decoder::Decode()
{
word32 bytes = coded_.size();
word32 plainSz = bytes - ((bytes + (pemLineSz - 1)) / pemLineSz);
+ const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
plainSz = ((plainSz * 3) / 4) + 3;
decoded_.New(plainSz);
@@ -200,6 +211,16 @@ void Base64Decoder::Decode()
if (e4 == pad)
pad4 = true;
+ if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+
+ if (e1 > maxIdx || e2 > maxIdx || e3 > maxIdx || e4 > maxIdx) {
+ coded_.SetError(PEM_E);
+ return;
+ }
+
e1 = base64Decode[e1 - 0x2B];
e2 = base64Decode[e2 - 0x2B];
e3 = (e3 == pad) ? 0 : base64Decode[e3 - 0x2B];
diff --git a/extra/yassl/taocrypt/src/crypto.cpp b/extra/yassl/taocrypt/src/crypto.cpp
deleted file mode 100644
index 90d406bf0c2..00000000000
--- a/extra/yassl/taocrypt/src/crypto.cpp
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- Copyright (C) 2000-2007 MySQL AB
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; see the file COPYING. If not, write to the
- Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
- MA 02110-1301 USA.
-*/
-
-/* put features that other apps expect from OpenSSL type crypto */
-
-
-
-extern "C" {
-
- // for libcurl configure test, these are the signatures they use
- // locking handled internally by library
- char CRYPTO_lock() { return 0;}
- char CRYPTO_add_lock() { return 0;}
-
-
- // for openvpn, test are the signatures they use
- char EVP_CIPHER_CTX_init() { return 0; }
- char CRYPTO_mem_ctrl() { return 0; }
-} // extern "C"
-
-
-
diff --git a/extra/yassl/taocrypt/taocrypt.dsw b/extra/yassl/taocrypt/taocrypt.dsw
index d10d7534c3d..43115069160 100644
--- a/extra/yassl/taocrypt/taocrypt.dsw
+++ b/extra/yassl/taocrypt/taocrypt.dsw
@@ -3,6 +3,21 @@ Microsoft Developer Studio Workspace File, Format Version 6.00
###############################################################################
+Project: "benchmark"=.\benchmark\benchmark.dsp - Package Owner=<4>
+
+Package=<5>
+{{{
+}}}
+
+Package=<4>
+{{{
+ Begin Project Dependency
+ Project_Dep_Name taocrypt
+ End Project Dependency
+}}}
+
+###############################################################################
+
Project: "taocrypt"=.\taocrypt.dsp - Package Owner=<4>
Package=<5>
@@ -15,7 +30,7 @@ Package=<4>
###############################################################################
-Project: "test"=.\test.dsp - Package Owner=<4>
+Project: "test"=.\test\test.dsp - Package Owner=<4>
Package=<5>
{{{
diff --git a/extra/yassl/taocrypt/test/memory.cpp b/extra/yassl/taocrypt/test/memory.cpp
index ec398a64c45..a9b21f94902 100644
--- a/extra/yassl/taocrypt/test/memory.cpp
+++ b/extra/yassl/taocrypt/test/memory.cpp
@@ -31,7 +31,7 @@
To use MemoryTracker merely add this file to your project
No need to instantiate anything
-If your app is multi threaded define YASSL_THREAD_SAFE
+If your app is multi threaded define MULTI_THREADED
*********************************************************************/
diff --git a/extra/yassl/taocrypt/test.dsp b/extra/yassl/taocrypt/test/test.dsp
index 1084f8e06e3..93b369de3d9 100644
--- a/extra/yassl/taocrypt/test.dsp
+++ b/extra/yassl/taocrypt/test/test.dsp
@@ -37,12 +37,12 @@ RSC=rc.exe
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "test\Release"
-# PROP Intermediate_Dir "test\Release"
+# PROP Output_Dir "Release"
+# PROP Intermediate_Dir "Release"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MT /W3 /O2 /I "include" /I "mySTL" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /c
+# ADD CPP /nologo /MD /W3 /O2 /I "../include" /I "../mySTL" /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /c
# ADD BASE RSC /l 0x409 /d "NDEBUG"
# ADD RSC /l 0x409 /d "NDEBUG"
BSC32=bscmake.exe
@@ -61,12 +61,12 @@ LINK32=link.exe
# PROP BASE Target_Dir ""
# PROP Use_MFC 0
# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "test\Debug"
-# PROP Intermediate_Dir "test\Debug"
+# PROP Output_Dir "Debug"
+# PROP Intermediate_Dir "Debug"
# PROP Ignore_Export_Lib 0
# PROP Target_Dir ""
# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MTd /W3 /Gm /ZI /Od /I "include" /I "mySTL" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
+# ADD CPP /nologo /MDd /W3 /Gm /ZI /Od /I "../include" /I "../mySTL" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /YX /FD /GZ /c
# ADD BASE RSC /l 0x409 /d "_DEBUG"
# ADD RSC /l 0x409 /d "_DEBUG"
BSC32=bscmake.exe
@@ -87,7 +87,7 @@ LINK32=link.exe
# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
# Begin Source File
-SOURCE=.\test\test.cpp
+SOURCE=.\test.cpp
# End Source File
# End Group
# Begin Group "Header Files"
diff --git a/extra/yassl/yassl.dsw b/extra/yassl/yassl.dsw
index 288c88dfd5b..8da089fc1fa 100644
--- a/extra/yassl/yassl.dsw
+++ b/extra/yassl/yassl.dsw
@@ -90,7 +90,7 @@ Package=<4>
###############################################################################
-Project: "test"=.\taocrypt\test.dsp - Package Owner=<4>
+Project: "test"=.\taocrypt\test\test.dsp - Package Owner=<4>
Package=<5>
{{{
@@ -114,9 +114,6 @@ Package=<5>
Package=<4>
{{{
Begin Project Dependency
- Project_Dep_Name taocrypt
- End Project Dependency
- Begin Project Dependency
Project_Dep_Name yassl
End Project Dependency
}}}