Merge branch 'mysql-5.5' into mysql-5.6

Conflicts:
	extra/yassl/include/yassl_int.hpp
	extra/yassl/src/cert_wrapper.cpp
	extra/yassl/src/yassl_int.cpp
	extra/yassl/taocrypt/include/asn.hpp

Author: Yashwant Sahu

extra/yassl/README

@@ -12,6 +12,12 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.3.9b (2/03/2016)
+    This release of yaSSL fixes the OpenSSL compatibility function
+    X509_NAME_get_index_by_NID() to use the actual index of the common name
+    instead of searching on the format prefix.  Thanks for the report from
+    yashwant.sahu@oracle.com  .  Anyone using this function should update.
+
 yaSSL Release notes, version 2.3.9 (12/01/2015)
     This release of yaSSL fixes two client side Diffie-Hellman problems.
     yaSSL was only handling the cases of zero or one leading zeros for the key

extra/yassl/include/openssl/ssl.h

@@ -34,7 +34,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.3.9"
+#define YASSL_VERSION "2.3.9b"
 
 
 #if defined(__cplusplus)

extra/yassl/include/yassl_int.hpp

@@ -191,14 +191,19 @@ class sslFactory {
 class X509_NAME {
     char*       name_;
     size_t      sz_;
+    int         cnPosition_;   // start of common name, -1 is none
+    int         cnLen_;        // length of above
     ASN1_STRING entry_;
 public:
-    X509_NAME(const char*, size_t sz);
+    X509_NAME(const char*, size_t sz, int pos, int len);
     ~X509_NAME();
 
     const char*  GetName() const;
     ASN1_STRING* GetEntry(int i);
     size_t       GetLength() const;
+    int          GetCnPosition() const { return cnPosition_; }
+    int          GetCnLength()   const { return cnLen_; }
+
 private:
     X509_NAME(const X509_NAME&);                // hide copy
     X509_NAME& operator=(const X509_NAME&);     // and assign
@@ -226,7 +231,7 @@ class X509 {
     StringHolder afterDate_;    // not valid after
 public:
     X509(const char* i, size_t, const char* s, size_t,
-         ASN1_STRING *b, ASN1_STRING *a);
+         ASN1_STRING *b, ASN1_STRING *a, int, int, int, int);
     ~X509() {}
 
     X509_NAME* GetIssuer();

extra/yassl/src/cert_wrapper.cpp

@@ -304,7 +304,10 @@ int CertManager::Validate()
         afterDate.type= cert.GetAfterDateType();
         afterDate.length= strlen((char *) afterDate.data) + 1;
         peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
-                                sSz, &beforeDate, &afterDate);
+                                sSz, &beforeDate, &afterDate,
+                                cert.GetIssuerCnStart(), cert.GetIssuerCnLength(),
+                                cert.GetSubjectCnStart(), cert.GetSubjectCnLength()
+                                );
 
         if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) {
             X509_STORE_CTX store;
@@ -350,7 +353,9 @@ int CertManager::SetPrivateKey(const x509& key)
         afterDate.type= cd.GetAfterDateType();
         afterDate.length= strlen((char *) afterDate.data) + 1;
         selfX509_ = NEW_YS X509(cd.GetIssuer(), iSz, cd.GetCommonName(),
-                                sSz, &beforeDate, &afterDate);
+                                sSz, &beforeDate, &afterDate,
+                                cd.GetIssuerCnStart(), cd.GetIssuerCnLength(),
+                                cd.GetSubjectCnStart(), cd.GetSubjectCnLength());
     }
     return 0;
 }
@@ -367,7 +372,9 @@ void CertManager::setPeerX509(X509* x)
     ASN1_STRING* after  = x->GetAfter();
 
     peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
-        subject->GetName(), subject->GetLength(), before, after);
+        subject->GetName(), subject->GetLength(), before, after,
+        issuer->GetCnPosition(), issuer->GetCnLength(),
+        subject->GetCnPosition(), subject->GetCnLength());
 }
 
 

extra/yassl/src/ssl.cpp

@@ -1350,16 +1350,14 @@ int ASN1_STRING_type(ASN1_STRING *x)
 int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
 {
     int idx = -1;  // not found
-    const char* start = &name->GetName()[lastpos + 1];
+    int cnPos = -1;
 
     switch (nid) {
     case NID_commonName:
-        const char* found = strstr(start, "/CN=");
-        if (found) {
-            found += 4;  // advance to str
-            idx = found - start + lastpos + 1;
-        }
-        break;
+         cnPos = name->GetCnPosition();
+         if (lastpos < cnPos)
+           idx = cnPos;
+         break;
     }
 
     return idx;

extra/yassl/src/yassl_int.cpp

@@ -1607,7 +1607,9 @@ void SSL_SESSION::CopyX509(X509* x)
 
     peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
         subject->GetName(), subject->GetLength(),
-        before, after);
+        before, after,
+        issuer->GetCnPosition(), issuer->GetCnLength(),
+        subject->GetCnPosition(), subject->GetCnLength());
 }
 
 
@@ -2575,8 +2577,8 @@ void Security::set_resuming(bool b)
 }
 
 
-X509_NAME::X509_NAME(const char* n, size_t sz)
-    : name_(0), sz_(sz)
+X509_NAME::X509_NAME(const char* n, size_t sz, int pos, int len)
+    : name_(0), sz_(sz), cnPosition_(pos), cnLen_(len)
 {
     if (sz) {
         name_ = NEW_YS char[sz];
@@ -2606,8 +2608,10 @@ size_t X509_NAME::GetLength() const
 
 
 X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
-           ASN1_STRING *b, ASN1_STRING *a)
-    : issuer_(i, iSz), subject_(s, sSz),
+           ASN1_STRING *b, ASN1_STRING *a,
+           int issPos, int issLen,
+           int subPos, int subLen)
+    : issuer_(i, iSz, issPos, issLen), subject_(s, sSz, subPos, subLen),
       beforeDate_((char *) b->data, b->length, b->type),
       afterDate_((char *) a->data, a->length, a->type)
 {}
@@ -2642,19 +2646,20 @@ ASN1_STRING* X509_NAME::GetEntry(int i)
     if (i < 0 || i >= int(sz_))
         return 0;
 
+    if (i != cnPosition_ || cnLen_ <= 0)   // only entry currently supported
+        return 0;
+
+    if (cnLen_ > int(sz_-i))   // make sure there's room in read buffer
+        return 0;
+
     if (entry_.data)
         ysArrayDelete(entry_.data);
-    entry_.data = NEW_YS byte[sz_];       // max size;
+    entry_.data = NEW_YS byte[cnLen_+1];       // max size;
 
-    memcpy(entry_.data, &name_[i], sz_ - i);
-    if (entry_.data[sz_ -i - 1]) {
-        entry_.data[sz_ - i] = 0;
-        entry_.length = int(sz_) - i;
-    }
-    else
-        entry_.length = int(sz_) - i - 1;
+    memcpy(entry_.data, &name_[i], cnLen_);
+    entry_.data[cnLen_] = 0;
+    entry_.length = cnLen_;
     entry_.type = 0;
-
     return &entry_;
 }
 

extra/yassl/taocrypt/include/asn.hpp

@@ -286,7 +286,10 @@ class CertDecoder : public BER_Decoder {
     byte             GetBeforeDateType() const { return beforeDateType_; }
     const char*      GetAfterDate()  const { return afterDate_; }
     byte             GetAfterDateType() const { return afterDateType_; }
-
+    int              GetSubjectCnStart()  const { return subCnPos_; }
+    int              GetIssuerCnStart()   const { return issCnPos_; }
+    int              GetSubjectCnLength() const { return subCnLen_; }
+    int              GetIssuerCnLength()  const { return issCnLen_; }
     void DecodeToKey();
 private:
     PublicKey key_;
@@ -295,6 +298,10 @@ class CertDecoder : public BER_Decoder {
     word32    sigLength_;               // length of signature
     word32    signatureOID_;            // sum of algorithm object id
     word32    keyOID_;                  // sum of key algo  object id
+    int       subCnPos_;                // subject common name start, -1 is none
+    int       subCnLen_;                // length of above
+    int       issCnPos_;                // issuer common name start, -1 is none
+    int       issCnLen_;                // length of above
     byte      subjectHash_[SHA_SIZE];   // hash of all Names
     byte      issuerHash_[SHA_SIZE];    // hash of all Names
     byte*     signature_;

extra/yassl/taocrypt/src/asn.cpp

@@ -487,8 +487,9 @@ void DH_Decoder::Decode(DH& key)
 
 CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
                          bool noVerify, CertType ct)
-    : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
-      signature_(0), verify_(!noVerify)
+    : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), subCnPos_(-1),
+      subCnLen_(0), issCnPos_(-1), issCnLen_(0), signature_(0),
+      verify_(!noVerify)
 {
     issuer_[0] = 0;
     subject_[0] = 0;
@@ -809,6 +810,13 @@ void CertDecoder::GetName(NameType nt)
             case COMMON_NAME:
                 if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
                     return;
+                if (nt == ISSUER) {
+                    issCnPos_ = (int)(ptr - strLen - issuer_);
+                    issCnLen_ = (int)strLen;
+                } else {
+                    subCnPos_ = (int)(ptr - strLen - subject_);
+                    subCnLen_ = (int)strLen;
+                }
                 break;
             case SUR_NAME:
                 if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen)))

extra/yassl/testsuite/test.hpp

@@ -469,9 +469,24 @@ inline void showPeer(SSL* ssl)
     if (peer) {
         char* issuer  = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0);
         char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
+        X509_NAME_ENTRY* se = NULL;
+        ASN1_STRING*     sd = NULL;
+        char*            subCN = NULL;
+        X509_NAME* sub = X509_get_subject_name(peer);
+        int lastpos = -1;
+        if (sub)
+            lastpos = X509_NAME_get_index_by_NID(sub, NID_commonName, lastpos);
+        if (lastpos >= 0) {
+            se = X509_NAME_get_entry(sub, lastpos);
+            if (se)
+                sd = X509_NAME_ENTRY_get_data(se);
+            if (sd)
+                subCN = (char*)ASN1_STRING_data(sd);
+        }
+
+        printf("peer's cert info:\n issuer : %s\n subject: %s\n"
+               " subject cn: %s\n", issuer, subject, subCN);
 
-        printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
-                                                                  subject);
         free(subject);
         free(issuer);
     }