tdyy
diff --git a/‎extra/yassl/README‎
Lines changed: 6 additions & 0 deletions b/‎extra/yassl/README‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎extra/yassl/include/openssl/ssl.h‎
Lines changed: 1 addition & 1 deletion b/‎extra/yassl/include/openssl/ssl.h‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎extra/yassl/include/yassl_int.hpp‎
Lines changed: 7 additions & 2 deletions b/‎extra/yassl/include/yassl_int.hpp‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎extra/yassl/src/cert_wrapper.cpp‎
Lines changed: 10 additions & 3 deletions b/‎extra/yassl/src/cert_wrapper.cpp‎
Lines changed: 10 additions & 3 deletions
diff --git a/‎extra/yassl/src/ssl.cpp‎
Lines changed: 5 additions & 7 deletions b/‎extra/yassl/src/ssl.cpp‎
Lines changed: 5 additions & 7 deletions
diff --git a/‎extra/yassl/src/yassl_int.cpp‎
Lines changed: 19 additions & 14 deletions b/‎extra/yassl/src/yassl_int.cpp‎
Lines changed: 19 additions & 14 deletions
diff --git a/‎extra/yassl/taocrypt/include/asn.hpp‎
Lines changed: 8 additions & 1 deletion b/‎extra/yassl/taocrypt/include/asn.hpp‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎extra/yassl/taocrypt/src/asn.cpp‎
Lines changed: 10 additions & 2 deletions b/‎extra/yassl/taocrypt/src/asn.cpp‎
Lines changed: 10 additions & 2 deletions
diff --git a/‎extra/yassl/testsuite/test.hpp‎
Lines changed: 17 additions & 2 deletions b/‎extra/yassl/testsuite/test.hpp‎
Lines changed: 17 additions & 2 deletions
@@ -12,6 +12,12 @@ before calling SSL_new();
 
 *** end Note ***
 
+yaSSL Release notes, version 2.3.9b (2/03/2016)
+ This release of yaSSL fixes the OpenSSL compatibility function
+ X509_NAME_get_index_by_NID() to use the actual index of the common name
+ instead of searching on the format prefix. Thanks for the report from
+ yashwant.sahu@oracle.com . Anyone using this function should update.
+
 yaSSL Release notes, version 2.3.9 (12/01/2015)
  This release of yaSSL fixes two client side Diffie-Hellman problems.
  yaSSL was only handling the cases of zero or one leading zeros for the key
 
@@ -34,7 +34,7 @@
 #include "rsa.h"
 
 
-#define YASSL_VERSION "2.3.9"
+#define YASSL_VERSION "2.3.9b"
 
 
 #if defined(__cplusplus)
 
@@ -191,14 +191,19 @@ class sslFactory {
 class X509_NAME {
  char* name_;
  size_t sz_;
+ int cnPosition_; // start of common name, -1 is none
+ int cnLen_; // length of above
  ASN1_STRING entry_;
 public:
- X509_NAME(const char*, size_t sz);
+ X509_NAME(const char*, size_t sz, int pos, int len);
  ~X509_NAME();
 
  const char* GetName() const;
  ASN1_STRING* GetEntry(int i);
  size_t GetLength() const;
+ int GetCnPosition() const { return cnPosition_; }
+ int GetCnLength() const { return cnLen_; }
+
 private:
  X509_NAME(const X509_NAME&); // hide copy
  X509_NAME& operator=(const X509_NAME&); // and assign
@@ -226,7 +231,7 @@ class X509 {
  StringHolder afterDate_; // not valid after
 public:
  X509(const char* i, size_t, const char* s, size_t,
- ASN1_STRING *b, ASN1_STRING *a);
+ ASN1_STRING *b, ASN1_STRING *a, int, int, int, int);
  ~X509() {}
 
  X509_NAME* GetIssuer();
 
@@ -304,7 +304,10 @@ int CertManager::Validate()
  afterDate.type= cert.GetAfterDateType();
  afterDate.length= strlen((char *) afterDate.data) + 1;
  peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
- sSz, &beforeDate, &afterDate);
+ sSz, &beforeDate, &afterDate,
+ cert.GetIssuerCnStart(), cert.GetIssuerCnLength(),
+ cert.GetSubjectCnStart(), cert.GetSubjectCnLength()
+ );
 
  if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) {
  X509_STORE_CTX store;
@@ -350,7 +353,9 @@ int CertManager::SetPrivateKey(const x509& key)
  afterDate.type= cd.GetAfterDateType();
  afterDate.length= strlen((char *) afterDate.data) + 1;
  selfX509_ = NEW_YS X509(cd.GetIssuer(), iSz, cd.GetCommonName(),
- sSz, &beforeDate, &afterDate);
+ sSz, &beforeDate, &afterDate,
+ cd.GetIssuerCnStart(), cd.GetIssuerCnLength(),
+ cd.GetSubjectCnStart(), cd.GetSubjectCnLength());
  }
  return 0;
 }
@@ -367,7 +372,9 @@ void CertManager::setPeerX509(X509* x)
  ASN1_STRING* after = x->GetAfter();
 
  peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
- subject->GetName(), subject->GetLength(), before, after);
+ subject->GetName(), subject->GetLength(), before, after,
+ issuer->GetCnPosition(), issuer->GetCnLength(),
+ subject->GetCnPosition(), subject->GetCnLength());
 }
 
 
 
@@ -1350,16 +1350,14 @@ int ASN1_STRING_type(ASN1_STRING *x)
 int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
 {
  int idx = -1; // not found
- const char* start = &name->GetName()[lastpos + 1];
+ int cnPos = -1;
 
  switch (nid) {
  case NID_commonName:
- const char* found = strstr(start, "/CN=");
- if (found) {
- found += 4; // advance to str
- idx = found - start + lastpos + 1;
- }
- break;
+ cnPos = name->GetCnPosition();
+ if (lastpos < cnPos)
+ idx = cnPos;
+ break;
  }
 
  return idx;
 
@@ -1607,7 +1607,9 @@ void SSL_SESSION::CopyX509(X509* x)
 
  peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
  subject->GetName(), subject->GetLength(),
- before, after);
+ before, after,
+ issuer->GetCnPosition(), issuer->GetCnLength(),
+ subject->GetCnPosition(), subject->GetCnLength());
 }
 
 
@@ -2575,8 +2577,8 @@ void Security::set_resuming(bool b)
 }
 
 
-X509_NAME::X509_NAME(const char* n, size_t sz)
- : name_(0), sz_(sz)
+X509_NAME::X509_NAME(const char* n, size_t sz, int pos, int len)
+ : name_(0), sz_(sz), cnPosition_(pos), cnLen_(len)
 {
  if (sz) {
  name_ = NEW_YS char[sz];
@@ -2606,8 +2608,10 @@ size_t X509_NAME::GetLength() const
 
 
 X509::X509(const char* i, size_t iSz, const char* s, size_t sSz,
- ASN1_STRING *b, ASN1_STRING *a)
- : issuer_(i, iSz), subject_(s, sSz),
+ ASN1_STRING *b, ASN1_STRING *a,
+ int issPos, int issLen,
+ int subPos, int subLen)
+ : issuer_(i, iSz, issPos, issLen), subject_(s, sSz, subPos, subLen),
  beforeDate_((char *) b->data, b->length, b->type),
  afterDate_((char *) a->data, a->length, a->type)
 {}
@@ -2642,19 +2646,20 @@ ASN1_STRING* X509_NAME::GetEntry(int i)
  if (i < 0 || i >= int(sz_))
  return 0;
 
+ if (i != cnPosition_ || cnLen_ <= 0) // only entry currently supported
+ return 0;
+
+ if (cnLen_ > int(sz_-i)) // make sure there's room in read buffer
+ return 0;
+
  if (entry_.data)
  ysArrayDelete(entry_.data);
- entry_.data = NEW_YS byte[sz_]; // max size;
+ entry_.data = NEW_YS byte[cnLen_+1]; // max size;
 
- memcpy(entry_.data, &name_[i], sz_ - i);
- if (entry_.data[sz_ -i - 1]) {
- entry_.data[sz_ - i] = 0;
- entry_.length = int(sz_) - i;
- }
- else
- entry_.length = int(sz_) - i - 1;
+ memcpy(entry_.data, &name_[i], cnLen_);
+ entry_.data[cnLen_] = 0;
+ entry_.length = cnLen_;
  entry_.type = 0;
-
  return &entry_;
 }
 
 
@@ -286,7 +286,10 @@ class CertDecoder : public BER_Decoder {
  byte GetBeforeDateType() const { return beforeDateType_; }
  const char* GetAfterDate() const { return afterDate_; }
  byte GetAfterDateType() const { return afterDateType_; }
-
+ int GetSubjectCnStart() const { return subCnPos_; }
+ int GetIssuerCnStart() const { return issCnPos_; }
+ int GetSubjectCnLength() const { return subCnLen_; }
+ int GetIssuerCnLength() const { return issCnLen_; }
  void DecodeToKey();
 private:
  PublicKey key_;
@@ -295,6 +298,10 @@ class CertDecoder : public BER_Decoder {
  word32 sigLength_; // length of signature
  word32 signatureOID_; // sum of algorithm object id
  word32 keyOID_; // sum of key algo object id
+ int subCnPos_; // subject common name start, -1 is none
+ int subCnLen_; // length of above
+ int issCnPos_; // issuer common name start, -1 is none
+ int issCnLen_; // length of above
  byte subjectHash_[SHA_SIZE]; // hash of all Names
  byte issuerHash_[SHA_SIZE]; // hash of all Names
  byte* signature_;
 
@@ -487,8 +487,9 @@ void DH_Decoder::Decode(DH& key)
 
 CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
  bool noVerify, CertType ct)
- : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
- signature_(0), verify_(!noVerify)
+ : BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0), subCnPos_(-1),
+ subCnLen_(0), issCnPos_(-1), issCnLen_(0), signature_(0),
+ verify_(!noVerify)
 {
  issuer_[0] = 0;
  subject_[0] = 0;
@@ -809,6 +810,13 @@ void CertDecoder::GetName(NameType nt)
  case COMMON_NAME:
  if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
  return;
+ if (nt == ISSUER) {
+ issCnPos_ = (int)(ptr - strLen - issuer_);
+ issCnLen_ = (int)strLen;
+ } else {
+ subCnPos_ = (int)(ptr - strLen - subject_);
+ subCnLen_ = (int)strLen;
+ }
  break;
  case SUR_NAME:
  if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen)))
 
@@ -469,9 +469,24 @@ inline void showPeer(SSL* ssl)
  if (peer) {
  char* issuer = X509_NAME_oneline(X509_get_issuer_name(peer), 0, 0);
  char* subject = X509_NAME_oneline(X509_get_subject_name(peer), 0, 0);
+ X509_NAME_ENTRY* se = NULL;
+ ASN1_STRING* sd = NULL;
+ char* subCN = NULL;
+ X509_NAME* sub = X509_get_subject_name(peer);
+ int lastpos = -1;
+ if (sub)
+ lastpos = X509_NAME_get_index_by_NID(sub, NID_commonName, lastpos);
+ if (lastpos >= 0) {
+ se = X509_NAME_get_entry(sub, lastpos);
+ if (se)
+ sd = X509_NAME_ENTRY_get_data(se);
+ if (sd)
+ subCN = (char*)ASN1_STRING_data(sd);
+ }
+
+ printf("peer's cert info:\n issuer : %s\n subject: %s\n"
+ " subject cn: %s\n", issuer, subject, subCN);
 
- printf("peer's cert info:\n issuer : %s\n subject: %s\n", issuer,
- subject);
  free(subject);
  free(issuer);
  }