aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2017-11-02 20:11:29 (GMT)
committerKaren Arutyunov <karen@codesynthesis.com>2017-11-24 06:33:15 (GMT)
commit354bb40e75d94466e91fe6960523612c9d17ccfb (patch)
treebdf8b8b90191b98e4b32b62e6cb0e947ea5d5ae2
parent4bce3c574df293415c7b2f45b9c2951262fe3412 (diff)
Add implementation
-rw-r--r--COPYING37
-rw-r--r--GPLv2339
-rw-r--r--INSTALL7
-rw-r--r--README21
-rw-r--r--README-DEV153
-rw-r--r--README-GIT4
-rw-r--r--README.orig56
-rw-r--r--TODO1
-rw-r--r--build/.gitignore1
-rw-r--r--build/bootstrap.build40
-rw-r--r--build/export.build10
-rw-r--r--build/root.build24
-rw-r--r--buildfile18
-rw-r--r--manifest20
-rw-r--r--mysql/atomic/gcc_atomic.h94
-rw-r--r--mysql/atomic/gcc_sync.h106
-rw-r--r--mysql/atomic/generic-msvc.h135
-rw-r--r--mysql/atomic/solaris.h117
-rw-r--r--mysql/base64.h61
-rw-r--r--mysql/binary_log_types.h70
-rw-r--r--mysql/buildfile254
-rw-r--r--mysql/byte_order_generic_x86.h56
-rw-r--r--mysql/config.h10
-rw-r--r--mysql/config.h.cmake.orig452
-rw-r--r--mysql/crypt_genhash_impl.h48
-rw-r--r--mysql/decimal.h137
-rw-r--r--mysql/errmsg.h113
-rw-r--r--mysql/extra/yassl/COPYING340
-rw-r--r--mysql/extra/yassl/FLOSS-EXCEPTIONS121
-rw-r--r--mysql/extra/yassl/README786
-rw-r--r--mysql/extra/yassl/include/buffer.hpp211
-rw-r--r--mysql/extra/yassl/include/cert_wrapper.hpp137
-rw-r--r--mysql/extra/yassl/include/crypto_wrapper.hpp428
-rw-r--r--mysql/extra/yassl/include/factory.hpp101
-rw-r--r--mysql/extra/yassl/include/handshake.hpp69
-rw-r--r--mysql/extra/yassl/include/lock.hpp96
-rw-r--r--mysql/extra/yassl/include/log.hpp55
-rw-r--r--mysql/extra/yassl/include/openssl/crypto.h33
-rw-r--r--mysql/extra/yassl/include/openssl/des.h20
-rw-r--r--mysql/extra/yassl/include/openssl/des_old.h20
-rw-r--r--mysql/extra/yassl/include/openssl/engine.h24
-rw-r--r--mysql/extra/yassl/include/openssl/err.h27
-rw-r--r--mysql/extra/yassl/include/openssl/evp.h29
-rw-r--r--mysql/extra/yassl/include/openssl/hmac.h20
-rw-r--r--mysql/extra/yassl/include/openssl/lhash.h21
-rw-r--r--mysql/extra/yassl/include/openssl/md4.h20
-rw-r--r--mysql/extra/yassl/include/openssl/md5.h23
-rw-r--r--mysql/extra/yassl/include/openssl/objects.h20
-rw-r--r--mysql/extra/yassl/include/openssl/opensslv.h31
-rw-r--r--mysql/extra/yassl/include/openssl/pem.h20
-rw-r--r--mysql/extra/yassl/include/openssl/pkcs12.h24
-rw-r--r--mysql/extra/yassl/include/openssl/prefix_crypto.h20
-rw-r--r--mysql/extra/yassl/include/openssl/prefix_ssl.h189
-rw-r--r--mysql/extra/yassl/include/openssl/rand.h21
-rw-r--r--mysql/extra/yassl/include/openssl/rsa.h29
-rw-r--r--mysql/extra/yassl/include/openssl/sha.h20
-rw-r--r--mysql/extra/yassl/include/openssl/ssl.h568
-rw-r--r--mysql/extra/yassl/include/openssl/transport_types.h26
-rw-r--r--mysql/extra/yassl/include/openssl/x509.h20
-rw-r--r--mysql/extra/yassl/include/openssl/x509v3.h20
-rw-r--r--mysql/extra/yassl/include/socket_wrapper.hpp104
-rw-r--r--mysql/extra/yassl/include/timer.hpp40
-rw-r--r--mysql/extra/yassl/include/yassl.hpp85
-rw-r--r--mysql/extra/yassl/include/yassl_error.hpp88
-rw-r--r--mysql/extra/yassl/include/yassl_imp.hpp748
-rw-r--r--mysql/extra/yassl/include/yassl_int.hpp725
-rw-r--r--mysql/extra/yassl/include/yassl_types.hpp540
-rw-r--r--mysql/extra/yassl/src/buffer.cpp330
-rw-r--r--mysql/extra/yassl/src/cert_wrapper.cpp408
-rw-r--r--mysql/extra/yassl/src/crypto_wrapper.cpp1016
-rw-r--r--mysql/extra/yassl/src/get_password.c218
-rw-r--r--mysql/extra/yassl/src/handshake.cpp1190
-rw-r--r--mysql/extra/yassl/src/lock.cpp87
-rw-r--r--mysql/extra/yassl/src/log.cpp147
-rw-r--r--mysql/extra/yassl/src/socket_wrapper.cpp238
-rw-r--r--mysql/extra/yassl/src/ssl.cpp1883
-rw-r--r--mysql/extra/yassl/src/timer.cpp80
-rw-r--r--mysql/extra/yassl/src/yassl_error.cpp288
-rw-r--r--mysql/extra/yassl/src/yassl_imp.cpp2642
-rw-r--r--mysql/extra/yassl/src/yassl_int.cpp2826
-rw-r--r--mysql/extra/yassl/taocrypt/COPYING340
-rw-r--r--mysql/extra/yassl/taocrypt/README48
-rw-r--r--mysql/extra/yassl/taocrypt/include/aes.hpp155
-rw-r--r--mysql/extra/yassl/taocrypt/include/algebra.hpp226
-rw-r--r--mysql/extra/yassl/taocrypt/include/arc4.hpp58
-rw-r--r--mysql/extra/yassl/taocrypt/include/asn.hpp392
-rw-r--r--mysql/extra/yassl/taocrypt/include/block.hpp202
-rw-r--r--mysql/extra/yassl/taocrypt/include/blowfish.hpp88
-rw-r--r--mysql/extra/yassl/taocrypt/include/coding.hpp91
-rw-r--r--mysql/extra/yassl/taocrypt/include/des.hpp130
-rw-r--r--mysql/extra/yassl/taocrypt/include/dh.hpp86
-rw-r--r--mysql/extra/yassl/taocrypt/include/dsa.hpp126
-rw-r--r--mysql/extra/yassl/taocrypt/include/error.hpp88
-rw-r--r--mysql/extra/yassl/taocrypt/include/file.hpp130
-rw-r--r--mysql/extra/yassl/taocrypt/include/hash.hpp110
-rw-r--r--mysql/extra/yassl/taocrypt/include/hc128.hpp63
-rw-r--r--mysql/extra/yassl/taocrypt/include/hmac.hpp138
-rw-r--r--mysql/extra/yassl/taocrypt/include/integer.hpp332
-rw-r--r--mysql/extra/yassl/taocrypt/include/kernelc.hpp34
-rw-r--r--mysql/extra/yassl/taocrypt/include/md2.hpp64
-rw-r--r--mysql/extra/yassl/taocrypt/include/md4.hpp62
-rw-r--r--mysql/extra/yassl/taocrypt/include/md5.hpp70
-rw-r--r--mysql/extra/yassl/taocrypt/include/misc.hpp888
-rw-r--r--mysql/extra/yassl/taocrypt/include/modarith.hpp165
-rw-r--r--mysql/extra/yassl/taocrypt/include/modes.hpp154
-rw-r--r--mysql/extra/yassl/taocrypt/include/pwdbased.hpp91
-rw-r--r--mysql/extra/yassl/taocrypt/include/rabbit.hpp65
-rw-r--r--mysql/extra/yassl/taocrypt/include/random.hpp84
-rw-r--r--mysql/extra/yassl/taocrypt/include/ripemd.hpp69
-rw-r--r--mysql/extra/yassl/taocrypt/include/rsa.hpp250
-rw-r--r--mysql/extra/yassl/taocrypt/include/runtime.hpp60
-rw-r--r--mysql/extra/yassl/taocrypt/include/sha.hpp174
-rw-r--r--mysql/extra/yassl/taocrypt/include/twofish.hpp94
-rw-r--r--mysql/extra/yassl/taocrypt/include/type_traits.hpp77
-rw-r--r--mysql/extra/yassl/taocrypt/include/types.hpp99
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/algorithm.hpp108
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/helpers.hpp153
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/list.hpp367
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/memory.hpp136
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/memory_array.hpp135
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/pair.hpp58
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/stdexcept.hpp76
-rw-r--r--mysql/extra/yassl/taocrypt/mySTL/vector.hpp153
-rw-r--r--mysql/extra/yassl/taocrypt/src/aes.cpp1885
-rw-r--r--mysql/extra/yassl/taocrypt/src/aestables.cpp36
-rw-r--r--mysql/extra/yassl/taocrypt/src/algebra.cpp336
-rw-r--r--mysql/extra/yassl/taocrypt/src/arc4.cpp243
-rw-r--r--mysql/extra/yassl/taocrypt/src/asn.cpp1348
-rw-r--r--mysql/extra/yassl/taocrypt/src/coding.cpp266
-rw-r--r--mysql/extra/yassl/taocrypt/src/des.cpp778
-rw-r--r--mysql/extra/yassl/taocrypt/src/dh.cpp103
-rw-r--r--mysql/extra/yassl/taocrypt/src/dsa.cpp274
-rw-r--r--mysql/extra/yassl/taocrypt/src/file.cpp115
-rw-r--r--mysql/extra/yassl/taocrypt/src/hash.cpp191
-rw-r--r--mysql/extra/yassl/taocrypt/src/hc128.cpp317
-rw-r--r--mysql/extra/yassl/taocrypt/src/integer.cpp3894
-rw-r--r--mysql/extra/yassl/taocrypt/src/md2.cpp125
-rw-r--r--mysql/extra/yassl/taocrypt/src/md4.cpp157
-rw-r--r--mysql/extra/yassl/taocrypt/src/md5.cpp506
-rw-r--r--mysql/extra/yassl/taocrypt/src/misc.cpp297
-rw-r--r--mysql/extra/yassl/taocrypt/src/rabbit.cpp255
-rw-r--r--mysql/extra/yassl/taocrypt/src/random.cpp138
-rw-r--r--mysql/extra/yassl/taocrypt/src/ripemd.cpp844
-rw-r--r--mysql/extra/yassl/taocrypt/src/rsa.cpp215
-rw-r--r--mysql/extra/yassl/taocrypt/src/sha.cpp1033
-rw-r--r--mysql/hash.h125
-rw-r--r--mysql/keycache.h156
-rw-r--r--mysql/lf.h212
-rw-r--r--mysql/libmysql/assert.c28
-rw-r--r--mysql/libmysql/authentication_win/common.cpp510
-rw-r--r--mysql/libmysql/authentication_win/common.h324
-rw-r--r--mysql/libmysql/authentication_win/handshake.cpp288
-rw-r--r--mysql/libmysql/authentication_win/handshake.h181
-rw-r--r--mysql/libmysql/authentication_win/handshake_client.cpp393
-rw-r--r--mysql/libmysql/authentication_win/log_client.cpp65
-rw-r--r--mysql/libmysql/authentication_win/plugin_client.cpp67
-rw-r--r--mysql/libmysql/client_settings.h73
-rw-r--r--mysql/libmysql/errmsg.c130
-rw-r--r--mysql/libmysql/get_password.c205
-rw-r--r--mysql/libmysql/libmysql.c5077
-rw-r--r--mysql/libmysql/libmysql_exports_win32.def120
-rw-r--r--mysql/libmysql/mysql_trace.c215
-rw-r--r--mysql/libmysql/mysql_trace.h165
-rw-r--r--mysql/little_endian.h93
-rw-r--r--mysql/m_ctype.h806
-rw-r--r--mysql/m_string.h341
-rw-r--r--mysql/mutex_lock.h47
-rw-r--r--mysql/my_aes.h137
-rw-r--r--mysql/my_alloc.h78
-rw-r--r--mysql/my_atomic.h76
-rw-r--r--mysql/my_base.h647
-rw-r--r--mysql/my_bit.h124
-rw-r--r--mysql/my_bitmap.h144
-rw-r--r--mysql/my_byteorder.h213
-rw-r--r--mysql/my_command.h64
-rw-r--r--mysql/my_compare.h127
-rw-r--r--mysql/my_compiler.h178
-rw-r--r--mysql/my_config.h348
-rw-r--r--mysql/my_dbug.h245
-rw-r--r--mysql/my_default.h55
-rw-r--r--mysql/my_dir.h93
-rw-r--r--mysql/my_getopt.h149
-rw-r--r--mysql/my_global.h792
-rw-r--r--mysql/my_icp.h48
-rw-r--r--mysql/my_list.h45
-rw-r--r--mysql/my_md5.h50
-rw-r--r--mysql/my_md5_size.h27
-rw-r--r--mysql/my_murmur3.h27
-rw-r--r--mysql/my_rdtsc.h130
-rw-r--r--mysql/my_rnd.h38
-rw-r--r--mysql/my_sqlcommand.h179
-rw-r--r--mysql/my_stacktrace.h114
-rw-r--r--mysql/my_sys.h982
-rw-r--r--mysql/my_thread.h192
-rw-r--r--mysql/my_thread_local.h107
-rw-r--r--mysql/my_time.h244
-rw-r--r--mysql/my_timer.h75
-rw-r--r--mysql/my_tree.h97
-rw-r--r--mysql/my_uctype.h1484
-rw-r--r--mysql/my_xml.h96
-rw-r--r--mysql/myisampack.h234
-rw-r--r--mysql/mysql.h728
-rw-r--r--mysql/mysql/client_authentication.h28
-rw-r--r--mysql/mysql/client_plugin.h202
-rw-r--r--mysql/mysql/com_data.h125
-rw-r--r--mysql/mysql/get_password.h36
-rw-r--r--mysql/mysql/mysql_lex_string.h33
-rw-r--r--mysql/mysql/plugin.h744
-rw-r--r--mysql/mysql/plugin_auth_common.h143
-rw-r--r--mysql/mysql/plugin_trace.h349
-rw-r--r--mysql/mysql/psi/mysql_file.h1433
-rw-r--r--mysql/mysql/psi/mysql_memory.h62
-rw-r--r--mysql/mysql/psi/mysql_socket.h1255
-rw-r--r--mysql/mysql/psi/mysql_stage.h198
-rw-r--r--mysql/mysql/psi/mysql_table.h142
-rw-r--r--mysql/mysql/psi/mysql_thread.h1323
-rw-r--r--mysql/mysql/psi/psi.h2980
-rw-r--r--mysql/mysql/psi/psi_base.h155
-rw-r--r--mysql/mysql/psi/psi_memory.h155
-rw-r--r--mysql/mysql/service_command.h436
-rw-r--r--mysql/mysql/service_locking.h114
-rw-r--r--mysql/mysql/service_my_plugin_log.h64
-rw-r--r--mysql/mysql/service_my_snprintf.h101
-rw-r--r--mysql/mysql/service_mysql_alloc.h81
-rw-r--r--mysql/mysql/service_mysql_keyring.h62
-rw-r--r--mysql/mysql/service_mysql_password_policy.h66
-rw-r--r--mysql/mysql/service_mysql_string.h133
-rw-r--r--mysql/mysql/service_parser.h286
-rw-r--r--mysql/mysql/service_rpl_transaction_ctx.h81
-rw-r--r--mysql/mysql/service_rpl_transaction_write_set.h80
-rw-r--r--mysql/mysql/service_rules_table.h192
-rw-r--r--mysql/mysql/service_security_context.h95
-rw-r--r--mysql/mysql/service_srv_session.h173
-rw-r--r--mysql/mysql/service_srv_session_info.h174
-rw-r--r--mysql/mysql/service_thd_alloc.h132
-rw-r--r--mysql/mysql/service_thd_wait.h114
-rw-r--r--mysql/mysql/service_thread_scheduler.h85
-rw-r--r--mysql/mysql/services.h59
-rw-r--r--mysql/mysql_com.h614
-rw-r--r--mysql/mysql_time.h55
-rw-r--r--mysql/mysql_version.h7
-rw-r--r--mysql/mysql_version.h.in.orig30
-rw-r--r--mysql/mysqld_error.h1095
-rw-r--r--mysql/mysys/array.c281
-rw-r--r--mysql/mysys/base64.c464
-rw-r--r--mysql/mysys/charset-def.c409
-rw-r--r--mysql/mysys/charset.c968
-rw-r--r--mysql/mysys/checksum.c35
-rw-r--r--mysql/mysys/errors.c92
-rw-r--r--mysql/mysys/hash.c812
-rw-r--r--mysql/mysys/lf_alloc-pin.c470
-rw-r--r--mysql/mysys/lf_dynarray.c208
-rw-r--r--mysql/mysys/lf_hash.c722
-rw-r--r--mysql/mysys/list.c114
-rw-r--r--mysql/mysys/mf_arr_appstr.c62
-rw-r--r--mysql/mysys/mf_cache.c105
-rw-r--r--mysql/mysys/mf_dirname.c155
-rw-r--r--mysql/mysys/mf_fn_ext.c54
-rw-r--r--mysql/mysys/mf_format.c147
-rw-r--r--mysql/mysys/mf_getdate.c73
-rw-r--r--mysql/mysys/mf_iocache.c1733
-rw-r--r--mysql/mysys/mf_iocache2.c514
-rw-r--r--mysql/mysys/mf_keycache.c4051
-rw-r--r--mysql/mysys/mf_keycaches.c363
-rw-r--r--mysql/mysys/mf_loadpath.c72
-rw-r--r--mysql/mysys/mf_pack.c409
-rw-r--r--mysql/mysys/mf_path.c121
-rw-r--r--mysql/mysys/mf_qsort.c205
-rw-r--r--mysql/mysys/mf_qsort2.c20
-rw-r--r--mysql/mysys/mf_radix.c59
-rw-r--r--mysql/mysys/mf_same.c41
-rw-r--r--mysql/mysys/mf_soundex.c105
-rw-r--r--mysql/mysys/mf_tempfile.c140
-rw-r--r--mysql/mysys/mf_unixpath.c36
-rw-r--r--mysql/mysys/mf_wcomp.c89
-rw-r--r--mysql/mysys/mulalloc.c64
-rw-r--r--mysql/mysys/my_access.c268
-rw-r--r--mysql/mysys/my_alloc.c557
-rw-r--r--mysql/mysys/my_bit.c64
-rw-r--r--mysql/mysys/my_bitmap.c672
-rw-r--r--mysql/mysys/my_chmod.c102
-rw-r--r--mysql/mysys/my_chsize.c106
-rw-r--r--mysql/mysys/my_compare.c474
-rw-r--r--mysql/mysys/my_compress.c267
-rw-r--r--mysql/mysys/my_copy.c153
-rw-r--r--mysql/mysys/my_create.c74
-rw-r--r--mysql/mysys/my_delete.c133
-rw-r--r--mysql/mysys/my_div.c38
-rw-r--r--mysql/mysys/my_error.c477
-rw-r--r--mysql/mysys/my_file.c144
-rw-r--r--mysql/mysys/my_fopen.c379
-rw-r--r--mysql/mysys/my_fstream.c186
-rw-r--r--mysql/mysys/my_gethwaddr.c259
-rw-r--r--mysql/mysys/my_getsystime.c122
-rw-r--r--mysql/mysys/my_getwd.c162
-rw-r--r--mysql/mysys/my_handler_errors.h114
-rw-r--r--mysql/mysys/my_init.c564
-rw-r--r--mysql/mysys/my_lib.c378
-rw-r--r--mysql/mysys/my_lock.c221
-rw-r--r--mysql/mysys/my_malloc.c325
-rw-r--r--mysql/mysys/my_memmem.c84
-rw-r--r--mysql/mysys/my_mess.c65
-rw-r--r--mysql/mysys/my_mkdir.c48
-rw-r--r--mysql/mysys/my_mmap.c89
-rw-r--r--mysql/mysys/my_once.c120
-rw-r--r--mysql/mysys/my_open.c194
-rw-r--r--mysql/mysys/my_pread.c207
-rw-r--r--mysql/mysys/my_rdtsc.c902
-rw-r--r--mysql/mysys/my_read.c107
-rw-r--r--mysql/mysys/my_redel.c132
-rw-r--r--mysql/mysys/my_rename.c59
-rw-r--r--mysql/mysys/my_seek.c111
-rw-r--r--mysql/mysys/my_static.c143
-rw-r--r--mysql/mysys/my_static.h41
-rw-r--r--mysql/mysys/my_symlink.c208
-rw-r--r--mysql/mysys/my_symlink2.c195
-rw-r--r--mysql/mysys/my_sync.c195
-rw-r--r--mysql/mysys/my_syslog.c287
-rw-r--r--mysql/mysys/my_thr_init.c459
-rw-r--r--mysql/mysys/my_thread.c185
-rw-r--r--mysql/mysys/my_winerr.c130
-rw-r--r--mysql/mysys/my_winfile.c682
-rw-r--r--mysql/mysys/my_write.c129
-rw-r--r--mysql/mysys/mysys_priv.h130
-rw-r--r--mysql/mysys/posix_timers.c395
-rw-r--r--mysql/mysys/psi_noop.c1040
-rw-r--r--mysql/mysys/ptr_cmp.c55
-rw-r--r--mysql/mysys/queues.c622
-rw-r--r--mysql/mysys/sql_chars.c120
-rw-r--r--mysql/mysys/stacktrace.c802
-rw-r--r--mysql/mysys/string.c187
-rw-r--r--mysql/mysys/thr_cond.c113
-rw-r--r--mysql/mysys/thr_lock.c1522
-rw-r--r--mysql/mysys/thr_mutex.c195
-rw-r--r--mysql/mysys/thr_rwlock.c139
-rw-r--r--mysql/mysys/tree.c760
-rw-r--r--mysql/mysys/typelib.c388
-rw-r--r--mysql/mysys_err.h95
-rw-r--r--mysql/mysys_ssl/crypt_genhash_impl.cpp465
-rw-r--r--mysql/mysys_ssl/mf_tempdir.cpp100
-rw-r--r--mysql/mysys_ssl/my_aes.cpp59
-rw-r--r--mysql/mysys_ssl/my_aes_impl.h31
-rw-r--r--mysql/mysys_ssl/my_aes_yassl.cpp244
-rw-r--r--mysql/mysys_ssl/my_default.cpp1523
-rw-r--r--mysql/mysys_ssl/my_default_priv.h43
-rw-r--r--mysql/mysys_ssl/my_getopt.cpp1615
-rw-r--r--mysql/mysys_ssl/my_md5.cpp68
-rw-r--r--mysql/mysys_ssl/my_murmur3.cpp134
-rw-r--r--mysql/mysys_ssl/my_rnd.cpp115
-rw-r--r--mysql/mysys_ssl/my_sha1.cpp141
-rw-r--r--mysql/mysys_ssl/my_sha2.cpp68
-rw-r--r--mysql/password.h34
-rw-r--r--mysql/pfs_socket_provider.h71
-rw-r--r--mysql/prealloced_array.h486
-rw-r--r--mysql/probes_mysql.h29
-rw-r--r--mysql/probes_mysql_nodtrace.h129
-rw-r--r--mysql/queues.h93
-rw-r--r--mysql/sha1.h38
-rw-r--r--mysql/sha2.h70
-rw-r--r--mysql/sql-common/client.c6241
-rw-r--r--mysql/sql-common/client_authentication.cpp282
-rw-r--r--mysql/sql-common/client_plugin.c592
-rw-r--r--mysql/sql-common/my_time.c2022
-rw-r--r--mysql/sql-common/pack.c140
-rw-r--r--mysql/sql/atomic_class.h117
-rw-r--r--mysql/sql/auth/password.c378
-rw-r--r--mysql/sql/my_decimal.h538
-rw-r--r--mysql/sql/mysqld.h979
-rw-r--r--mysql/sql/net_serv.cpp1059
-rw-r--r--mysql/sql/sql_alloc.h51
-rw-r--r--mysql/sql/sql_cmd.h96
-rw-r--r--mysql/sql/thr_malloc.h38
-rw-r--r--mysql/sql_chars.h75
-rw-r--r--mysql/sql_common.h206
-rw-r--r--mysql/sql_string.h666
-rw-r--r--mysql/strings/bchange.c35
-rw-r--r--mysql/strings/ctype-big5.c6951
-rw-r--r--mysql/strings/ctype-bin.c603
-rw-r--r--mysql/strings/ctype-cp932.c34878
-rw-r--r--mysql/strings/ctype-czech.c638
-rw-r--r--mysql/strings/ctype-euc_kr.c10084
-rw-r--r--mysql/strings/ctype-eucjpms.c67630
-rw-r--r--mysql/strings/ctype-extra.c8773
-rw-r--r--mysql/strings/ctype-gb18030.c22572
-rw-r--r--mysql/strings/ctype-gb2312.c6486
-rw-r--r--mysql/strings/ctype-gbk.c10884
-rw-r--r--mysql/strings/ctype-latin1.c805
-rw-r--r--mysql/strings/ctype-mb.c1502
-rw-r--r--mysql/strings/ctype-simple.c1941
-rw-r--r--mysql/strings/ctype-sjis.c34247
-rw-r--r--mysql/strings/ctype-tis620.c990
-rw-r--r--mysql/strings/ctype-uca.c26490
-rw-r--r--mysql/strings/ctype-ucs2.c3542
-rw-r--r--mysql/strings/ctype-ujis.c67374
-rw-r--r--mysql/strings/ctype-utf8.c8714
-rw-r--r--mysql/strings/ctype-win1250ch.c715
-rw-r--r--mysql/strings/ctype.c1104
-rw-r--r--mysql/strings/decimal.c2640
-rw-r--r--mysql/strings/dtoa.c2784
-rw-r--r--mysql/strings/int2str.c155
-rw-r--r--mysql/strings/is_prefix.c33
-rw-r--r--mysql/strings/llstr.c41
-rw-r--r--mysql/strings/longlong2str.c144
-rw-r--r--mysql/strings/my_stpmov.c30
-rw-r--r--mysql/strings/my_stpnmov.c33
-rw-r--r--mysql/strings/my_strchr.c111
-rw-r--r--mysql/strings/my_strtoll10.c236
-rw-r--r--mysql/strings/my_vsnprintf.c683
-rw-r--r--mysql/strings/str2int.c180
-rw-r--r--mysql/strings/str_alloc.c40
-rw-r--r--mysql/strings/strappend.c40
-rw-r--r--mysql/strings/strcend.c36
-rw-r--r--mysql/strings/strcont.c45
-rw-r--r--mysql/strings/strend.c37
-rw-r--r--mysql/strings/strfill.c35
-rw-r--r--mysql/strings/strmake.c55
-rw-r--r--mysql/strings/strxmov.c51
-rw-r--r--mysql/strings/strxnmov.c64
-rw-r--r--mysql/strings/t_ctype.h259
-rw-r--r--mysql/strings/xml.c574
-rw-r--r--mysql/thr_cond.h201
-rw-r--r--mysql/thr_lock.h162
-rw-r--r--mysql/thr_mutex.h227
-rw-r--r--mysql/thr_rwlock.h214
-rw-r--r--mysql/typelib.h54
-rw-r--r--mysql/version.h0
-rw-r--r--mysql/version.h.in43
-rw-r--r--mysql/vio/vio.c459
-rw-r--r--mysql/vio/vio_priv.h67
-rw-r--r--mysql/vio/viopipe.c117
-rw-r--r--mysql/vio/vioshm.c226
-rw-r--r--mysql/vio/viosocket.c1140
-rw-r--r--mysql/vio/viossl.c511
-rw-r--r--mysql/vio/viosslfactories.c729
-rw-r--r--mysql/violite.h338
-rw-r--r--mysql/zlib/README125
-rw-r--r--mysql/zlib/README.MySQL16
-rw-r--r--mysql/zlib/adler32.c149
-rw-r--r--mysql/zlib/compress.c79
-rw-r--r--mysql/zlib/crc32.c423
-rw-r--r--mysql/zlib/crc32.h441
-rw-r--r--mysql/zlib/deflate.c1736
-rw-r--r--mysql/zlib/deflate.h331
-rw-r--r--mysql/zlib/gzio.c1031
-rw-r--r--mysql/zlib/infback.c623
-rw-r--r--mysql/zlib/inffast.c318
-rw-r--r--mysql/zlib/inffast.h11
-rw-r--r--mysql/zlib/inffixed.h94
-rw-r--r--mysql/zlib/inflate.c1380
-rw-r--r--mysql/zlib/inflate.h115
-rw-r--r--mysql/zlib/inftrees.c329
-rw-r--r--mysql/zlib/inftrees.h55
-rw-r--r--mysql/zlib/trees.c1219
-rw-r--r--mysql/zlib/trees.h128
-rw-r--r--mysql/zlib/uncompr.c61
-rw-r--r--mysql/zlib/zconf.h328
-rw-r--r--mysql/zlib/zlib.h1357
-rw-r--r--mysql/zlib/zutil.c281
-rw-r--r--mysql/zlib/zutil.h199
-rw-r--r--tests/.gitignore3
-rw-r--r--tests/basic/buildfile7
-rw-r--r--tests/basic/driver.c23
-rw-r--r--tests/basic/testscript5
-rw-r--r--tests/build/.gitignore1
-rw-r--r--tests/build/bootstrap.build9
-rw-r--r--tests/build/root.build21
-rw-r--r--tests/buildfile5
467 files changed, 461639 insertions, 0 deletions
diff --git a/COPYING b/COPYING
new file mode 100644
index 0000000..ba60367
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,37 @@
+MySQL Server 5.7
+
+This is a release of MySQL, a dual-license SQL database server.
+For the avoidance of doubt, this particular copy of the software
+is released under the version 2 of the GNU General Public License.
+MySQL is brought to you by Oracle.
+
+Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+
+License information can be found in the COPYING file.
+
+MySQL FOSS License Exception
+We want free and open source software applications under certain
+licenses to be able to use specified GPL-licensed MySQL client
+libraries despite the fact that not all such FOSS licenses are
+compatible with version 2 of the GNU General Public License.
+Therefore there are special exceptions to the terms and conditions
+of the GPLv2 as applied to these client libraries, which are
+identified and described in more detail in the FOSS License
+Exception at
+<http://www.mysql.com/about/legal/licensing/foss-exception.html>.
+
+This distribution may include materials developed by third
+parties. For license and attribution notices for these
+materials, please refer to the documentation that accompanies
+this distribution (see the "Licenses for Third-Party Components"
+appendix) or view the online documentation at
+<http://dev.mysql.com/doc/>.
+
+GPLv2 Disclaimer
+For the avoidance of doubt, except that if any license choice
+other than GPL or LGPL is available it will apply instead,
+Oracle elects to use only the General Public License version 2
+(GPLv2) at this time for any software where a choice of GPL
+license versions is made available with the language indicating
+that GPLv2 or any later version may be used, or where a choice
+of which version of the GPL is applied is otherwise unspecified.
diff --git a/GPLv2 b/GPLv2
new file mode 100644
index 0000000..d511905
--- /dev/null
+++ b/GPLv2
@@ -0,0 +1,339 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/INSTALL b/INSTALL
new file mode 100644
index 0000000..0711405
--- /dev/null
+++ b/INSTALL
@@ -0,0 +1,7 @@
+The aim of this package is to make reading the INSTALL file unnecessary. So
+next time try running:
+
+$ bpkg build libmysqlclient
+
+But if you don't want to use the package manager, then you can also build this
+package manually using the standard build2 build system.
diff --git a/README b/README
new file mode 100644
index 0000000..f7f87c5
--- /dev/null
+++ b/README
@@ -0,0 +1,21 @@
+MySQL is a relational SQL database management system with libmysqlclient being
+its C client library. Applications can use this library to pass queries to
+MySQL database servers and to receive the results of those queries using the C
+programming language. For more information see:
+
+https://www.mysql.com
+
+This package contains the original libmysqlclient library source code overlaid
+with the build2-based build system and packaged for the build2 package manager
+(bpkg).
+
+See the INSTALL file for the prerequisites and installation instructions.
+
+Send questions, bug reports, or any other feedback about the library itself to
+the MySQL mailing lists. Send build system and packaging-related feedback to
+the packaging@build2.org mailing list (see https://lists.build2.org for posting
+guidelines, etc).
+
+The packaging of libmysqlclient for build2 is tracked in a Git repository at:
+
+https://git.build2.org/cgit/packaging/mysql/
diff --git a/README-DEV b/README-DEV
new file mode 100644
index 0000000..f35edbf
--- /dev/null
+++ b/README-DEV
@@ -0,0 +1,153 @@
+This document describes how libmysqlclient was packaged for build2. In
+particular, this understanding will be useful when upgrading to a new upstream
+version.
+
+The original libmysqlclient library is packaged together with other libraries,
+the MySQL server, and client utilities. The library source files are spread
+across several top-level subdirectories. These subdirectories also contain the
+library-irrelevant files (which we skip) along with examples and tests. The
+reasonable approach for defining the required source files is to exclude
+everything you have doubts about and rely on the linker reporting unresolved
+symbols. We balance between keeping the upstream package directory structure
+and making sure that the library can be properly imported into a build2
+projects. Below are the packaging steps in more detail.
+
+1. Copy include/mysql_version.h.in to mysql/version.h.in, and create
+ mysql/mysql_version.h that includes <mysql/version.h>.
+
+2. Copy config.h.cmake to mysql/config.h.cmake.orig, and use it for creating
+ mysql/my_config.h manually, defining/undefining only those macros that are
+ used in the library source code (see below). Also create mysql/config.h
+ that just includes <mysql/my_config.h>.
+
+ Note that some macro values can not be easily determined at the
+ preprocessing time. We define them based on the supported platform tests
+ and add mysql/libmysql/assert.c, containing compile-time assertions for
+ the macros in question.
+
+ Also note that some of the macro values depend on the project
+ configuration. We add such macro definitions into the mysql/version.h.in
+ and include <mysql/version.h> into mysql/my_config.h. We could place them
+ into a separate header template file, but probably there is already enough
+ config and version headers.
+
+3. Copy libbinlogevents/export/binary_log_types.h to mysql/.
+
+4. Part of the upstream package library headers are located under the include/
+ subdirectory. We will copy it recursively to mysql/, but only those headers
+ that are required by the library source code. We start from an empty mysql/
+ and add the headers that can't be found by the preprocessor. Note that you
+ need to be careful not to pickup system-installed headers (see below).
+
+5. Recursively copy source files from zlib/, strings/, mysys/, mysys_ssl/,
+ extra/yassl/, vio/, sql/, sql-common/ and libmysql/ to mysql/, preserving
+ the original directory structure, except files not required for the library
+ compilation/linkage (see above). Rename .cc files to .cpp afterwards, using
+ the following command (upstream uses a mixture of extensions which we just
+ not going to bother handling):
+
+ $ for f in `find . -name '*.cc'`; do mv "$f" "${f%.cc}.cpp"; done
+
+ Copy the READMEs and licenses for the bundled libraries as well.
+
+6. Copy client/get_password.c to mysql/extra/yassl/src/.
+
+7. Copy upstream package compile-time auto-generated include/mysqld_error.h
+ to mysql/. It is generated from sql/share/errmsg-utf8.txt by the pre-built
+ comp_err utility. The utility also produces some other headers (which we
+ don't use) and localized errmsg.sys files that are not installed with the
+ library. Could we not copy it from a binary or distribution or from
+ Debian/Fedora package?
+
+8. Create mysql/libmysql/libmysql_exports_win32.def to contain a list of the
+ exported names. For that purpose grep through libmysql/CMakeLists.txt to
+ see how the .def file is generated for Windows. The corresponding code
+ normally looks like:
+
+ MERGE_LIBRARIES(libmysql SHARED ${LIBS}
+ EXPORTS ${CLIENT_API_FUNCTIONS} ${CLIENT_API_FUNCTIONS_UNDOCUMENTED}
+ COMPONENT SharedLibraries)
+
+ If that's the case, collect names that get appended to the
+ CLIENT_API_FUNCTIONS and CLIENT_API_FUNCTIONS_UNDOCUMENTED variables.
+
+9. Copy README to COPYING, and truncate it to contain only the licensing
+ information.
+
+10. Copy COPYING to GPLv2.
+
+When merging libmysqlclient build2 package with a new version of the upstream
+package make sure that all the preprocessor include directives reference the
+packaged header files, rather than MariaDB or MySQL headers that are installed
+into the system. It's easy to miss some headers in the package if MariaDB or
+MySQL development package is installed on the host. We also need to check if
+the bundled library headers are picked up. To verify the correctness you can
+build the merged project, concatenate the produced .d files, sort the resulting
+file removing duplicates and edit the result, leaving only the system headers.
+Afterwards grep through the remained headers for some patterns:
+
+$ cat `find . -name '*.d'` | sort -u >headers
+$ emacs headers # Edit, leaving system headers only.
+$ fgrep -e 'mysql' -e 'mariadb' -e 'openssl' -e 'zlib' headers
+
+
+$ for m in `cat mysql/config.h.cmake.orig | sed -n 's/.*#\s*\(define\|cmakedefine\)\s\{1,\}\([_A-Z0-9]\{1,\}\)\(\s.*\)\{0,1\}$/\2/p' | sort -u`; do
+ if grep -q -e "\b$m\b" `find . -name '*.h' -a ! -name 'my_config.h' -a ! -name 'config.h' -o -name '*.c'`; then
+ echo "$m"
+ fi
+ done >used-macros1
+
+$ cat mysql/my_config.h |
+ sed -n 's/#\s*\(define\|undef\)\s\{1,\}\([_A-Z0-9]\{1,\}\)\(\s.*\)\{0,1\}$/\2/p' |
+ sort -u >defined-macros
+
+$ diff defined-macros used-macros
+
+Also make sure that the macros set in mysql/my_config.h is still up to date.
+For that purpose obtain the macros that are used in the new source base, then
+obtain the macros (un)defined in the current mysql/my_config.h and compare the
+sets. That can be achieved running the following commands in the build2 project
+root directory:
+
+$ for m in `cat mysql/config.h.cmake.orig | sed -n 's/.*#\s*\(define\|cmakedefine\)\s\{1,\}\([_a-zA-Z0-9]\{1,\}\)\(\s.*\)\{0,1\}$/\2/p' | sort -u`; do
+ if grep -q -e "\b$m\b" `find . -name '*.h' -a ! -name 'my_config.h' -a ! -name 'config.h' -o -name '*.c'`; then
+ echo "$m"
+ fi
+ done >used-macros
+
+$ cat mysql/my_config.h |
+ sed -n 's/#\s*\(define\|undef\)\s\{1,\}\([_a-zA-Z0-9]\{1,\}\)\(\s.*\)\{0,1\}$/\2/p' |
+ sort -u >defined-macros
+
+diff defined-macros used-macros
+
+To obtain the pre-defined macros for gcc and clang use following commands:
+
+$ gcc -dM -E - < /dev/null
+$ clang -dM -E - < /dev/null
+
+Note that some macro definitions are passed to the preprocessor via the -D
+command line options. Such macro sets may be specific for source file
+subdirectories. It makes sense to check that the sets used for the build2
+package still match the ones for the new upstream package. For that purpose you
+can grep the old and new upstream package CMakeList.txt files for
+ADD_DEFINITIONS() directives and review the changes. If needed, you may also
+run cmake for the upstream project and view the flags.make files created for
+the corresponding source directories. Or, as a last resort, you can see the
+actual compiler and linker command lines running make utility with VERBOSE=1
+option. For VC, you need to set output verbosity to Diagnostics level at the
+'Tools/Options/Projects and Solutions\Build and Run' dialog tab, change the
+current directory to the project build directory in CMD console, and run the
+following command:
+
+> devenv MySQL.sln /build >build.log
+
+It also makes sense to check for changes in compiler and linker flags. You may
+grep CMakeList.txt files for the appropriate directives, or you may compile the
+upstream project in the verbose mode on the platform of interest.
+
+To configure the upstream package for the build use the commands like this:
+
+$ mkdir out
+$ cd out
+$ cmake -DDOWNLOAD_BOOST=1 -DWITH_BOOST=boost -DWITHOUT_SERVER=ON ..
diff --git a/README-GIT b/README-GIT
new file mode 100644
index 0000000..9ae3e5c
--- /dev/null
+++ b/README-GIT
@@ -0,0 +1,4 @@
+The checked out mysql/version.h will be overwritten during the build process
+but these changes should be ignored. To do this automatically, run:
+
+git update-index --assume-unchanged mysql/version.h
diff --git a/README.orig b/README.orig
new file mode 100644
index 0000000..d48441b
--- /dev/null
+++ b/README.orig
@@ -0,0 +1,56 @@
+MySQL Server 5.7
+
+This is a release of MySQL, a dual-license SQL database server.
+For the avoidance of doubt, this particular copy of the software
+is released under the version 2 of the GNU General Public License.
+MySQL is brought to you by Oracle.
+
+Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
+
+License information can be found in the COPYING file.
+
+MySQL FOSS License Exception
+We want free and open source software applications under certain
+licenses to be able to use specified GPL-licensed MySQL client
+libraries despite the fact that not all such FOSS licenses are
+compatible with version 2 of the GNU General Public License.
+Therefore there are special exceptions to the terms and conditions
+of the GPLv2 as applied to these client libraries, which are
+identified and described in more detail in the FOSS License
+Exception at
+<http://www.mysql.com/about/legal/licensing/foss-exception.html>.
+
+This distribution may include materials developed by third
+parties. For license and attribution notices for these
+materials, please refer to the documentation that accompanies
+this distribution (see the "Licenses for Third-Party Components"
+appendix) or view the online documentation at
+<http://dev.mysql.com/doc/>.
+
+GPLv2 Disclaimer
+For the avoidance of doubt, except that if any license choice
+other than GPL or LGPL is available it will apply instead,
+Oracle elects to use only the General Public License version 2
+(GPLv2) at this time for any software where a choice of GPL
+license versions is made available with the language indicating
+that GPLv2 or any later version may be used, or where a choice
+of which version of the GPL is applied is otherwise unspecified.
+
+For further information about MySQL or additional documentation,
+see:
+- The latest information about MySQL: http://www.mysql.com
+- The current MySQL documentation: http://dev.mysql.com/doc
+
+Some Reference Manual sections of special interest:
+- If you are migrating from an older version of MySQL, please
+ read the "Upgrading from..." section.
+- To see what MySQL can do, take a look at the features section.
+- For installation instructions, see the Installing and Upgrading
+ chapter.
+- For the new features/bugfix history, see the MySQL Change History
+ appendix.
+
+You can browse the MySQL Reference Manual online or download it
+in any of several formats at the URL given earlier in this file.
+Source distributions include a local copy of the manual in the
+Docs directory.
diff --git a/TODO b/TODO
new file mode 100644
index 0000000..d7aa6fd
--- /dev/null
+++ b/TODO
@@ -0,0 +1 @@
+- Unbundle zlib (but see changes/patches)?
diff --git a/build/.gitignore b/build/.gitignore
new file mode 100644
index 0000000..225c27f
--- /dev/null
+++ b/build/.gitignore
@@ -0,0 +1 @@
+config.build
diff --git a/build/bootstrap.build b/build/bootstrap.build
new file mode 100644
index 0000000..d8cff23
--- /dev/null
+++ b/build/bootstrap.build
@@ -0,0 +1,40 @@
+# file : build/bootstrap.build
+# copyright : Copyright (c) 2016-2017 Code Synthesis Ltd
+# license : GPLv2 with FOSS License Exception; see accompanying COPYING file
+
+project = libmysqlclient
+
+using version
+using config
+using dist
+using test
+using install
+
+# The MySQL client library ABI version number has the <major>.<minor>.<patch>
+# form. The major number is increased for backwards-incompatible API changes,
+# the minor number for backwards-compatible ones (for example, for adding a new
+# function), and the patch number is typically increased for each package
+# release, being in a sense redundant. Increase of the version component resets
+# the rightmost ones to zero. See also:
+#
+# http://mysqlserverteam.com/the-client-library-part-2-the-version-number/
+#
+# There is no way to deduce the ABI version from the release version, so we
+# obtain the ABI version from the SHARED_LIB_MAJOR_VERSION variable value in
+# cmake/mysql_version.cmake for each package release. Also, while at it, check
+# that the protocol version is still correct (the PROTOCOL_VERSION variable).
+#
+# See also how Debian/Fedora package libmariadb if trying to wrap your head
+# around this mess.
+#
+if ($version.major == 5 && $version.minor == 7 && $version.patch == 20)
+{
+ # @@ Should we also use the ABI minor version to make sure the library is
+ # also forward-compatible?
+ #
+ abi_version = 20
+
+ protocol_version = 10
+}
+else
+ fail "increment the ABI version?"
diff --git a/build/export.build b/build/export.build
new file mode 100644
index 0000000..786efb8
--- /dev/null
+++ b/build/export.build
@@ -0,0 +1,10 @@
+# file : build/export.build
+# copyright : Copyright (c) 2016-2017 Code Synthesis Ltd
+# license : GPLv2 with FOSS License Exception; see accompanying COPYING file
+
+$out_root/:
+{
+ include mysql/
+}
+
+export $out_root/mysql/lib{mysqlclient}
diff --git a/build/root.build b/build/root.build
new file mode 100644
index 0000000..b699441
--- /dev/null
+++ b/build/root.build
@@ -0,0 +1,24 @@
+# file : build/root.build
+# copyright : Copyright (c) 2016-2017 Code Synthesis Ltd
+# license : GPLv2 with FOSS License Exception; see accompanying COPYING file
+
+c.std = 99
+
+using c
+
+h{*}: extension = h
+c{*}: extension = c
+
+# The upstream package uses -std=gnu++03 on Linux. However we can't specify
+# C++03 as the code refers to the strtoull() C function that was introduced
+# in C++11. Specifying C++11 looks like an overkill, and can break something
+# else.
+#
+using cxx.guess
+
+cxx.std = ($cxx.id == 'gcc' || $cxx.id == 'clang' ? gnu++03 : 03)
+
+using cxx
+
+hxx{*}: extension = hpp
+cxx{*}: extension = cpp
diff --git a/buildfile b/buildfile
new file mode 100644
index 0000000..b8ec70f
--- /dev/null
+++ b/buildfile
@@ -0,0 +1,18 @@
+# file : buildfile
+# copyright : Copyright (c) 2016-2017 Code Synthesis Ltd
+# license : GPLv2 with FOSS License Exception; see accompanying COPYING file
+
+./: {*/ -build/} doc{COPYING GPLv2 INSTALL README version} file{manifest}
+
+# The version file is auto-generated (by the version module) from manifest.
+# Include it in distribution and don't remove when cleaning in src (so that
+# clean results in a state identical to distributed).
+#
+doc{version}: file{manifest}
+doc{version}: dist = true
+doc{version}: clean = ($src_root != $out_root)
+
+# Don't install tests or the INSTALL file.
+#
+dir{tests/}: install = false
+doc{INSTALL}@./: install = false
diff --git a/manifest b/manifest
new file mode 100644
index 0000000..30f3dd1
--- /dev/null
+++ b/manifest
@@ -0,0 +1,20 @@
+: 1
+name: libmysqlclient
+
+# Note: remember to update doc-url below!
+#
+version: 5.7.20-a.0.z
+
+summary: MySQL C API client library
+license: GPLv2 with FOSS License Exception
+tags: mysql, database, client, connector, library, c, api, interface
+description-file: README
+url: https://www.mysql.com
+doc-url: https://dev.mysql.com/doc/refman/5.7/en/c-api.html
+src-url: https://git.build2.org/cgit/packaging/mysql/libmysqlclient/tree/
+package-url: https://git.build2.org/cgit/packaging/mysql/
+email: mysql@lists.mysql.com; Mailing list.
+package-email: packaging@build2.org; Mailing list.
+build-email: builds@build2.org
+depends: * build2 >= 0.7.0-
+depends: * bpkg >= 0.7.0-
diff --git a/mysql/atomic/gcc_atomic.h b/mysql/atomic/gcc_atomic.h
new file mode 100644
index 0000000..8807857
--- /dev/null
+++ b/mysql/atomic/gcc_atomic.h
@@ -0,0 +1,94 @@
+#ifndef GCC_ATOMIC_INCLUDED
+#define GCC_ATOMIC_INCLUDED
+
+/* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/* New GCC __atomic builtins introduced in GCC 4.7 */
+
+static inline int my_atomic_cas32(int32 volatile *a, int32 *cmp, int32 set)
+{
+ return __atomic_compare_exchange_n(a, cmp, set, 0,
+ __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
+}
+
+static inline int my_atomic_cas64(int64 volatile *a, int64 *cmp, int64 set)
+{
+ return __atomic_compare_exchange_n(a, cmp, set, 0,
+ __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
+}
+
+static inline int my_atomic_casptr(void * volatile *a, void **cmp, void *set)
+{
+ return __atomic_compare_exchange_n(a, cmp, set, 0,
+ __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
+}
+
+static inline int32 my_atomic_add32(int32 volatile *a, int32 v)
+{
+ return __atomic_fetch_add(a, v, __ATOMIC_SEQ_CST);
+}
+
+static inline int64 my_atomic_add64(int64 volatile *a, int64 v)
+{
+ return __atomic_fetch_add(a, v, __ATOMIC_SEQ_CST);
+}
+
+static inline int32 my_atomic_fas32(int32 volatile *a, int32 v)
+{
+ return __atomic_exchange_n(a, v, __ATOMIC_SEQ_CST);
+}
+
+static inline int64 my_atomic_fas64(int64 volatile *a, int64 v)
+{
+ return __atomic_exchange_n(a, v, __ATOMIC_SEQ_CST);
+}
+
+static inline void * my_atomic_fasptr(void * volatile *a, void * v)
+{
+ return __atomic_exchange_n(a, v, __ATOMIC_SEQ_CST);
+}
+
+static inline int32 my_atomic_load32(int32 volatile *a)
+{
+ return __atomic_load_n(a, __ATOMIC_SEQ_CST);
+}
+
+static inline int64 my_atomic_load64(int64 volatile *a)
+{
+ return __atomic_load_n(a, __ATOMIC_SEQ_CST);
+}
+
+static inline void* my_atomic_loadptr(void * volatile *a)
+{
+ return __atomic_load_n(a, __ATOMIC_SEQ_CST);
+}
+
+static inline void my_atomic_store32(int32 volatile *a, int32 v)
+{
+ __atomic_store_n(a, v, __ATOMIC_SEQ_CST);
+}
+
+static inline void my_atomic_store64(int64 volatile *a, int64 v)
+{
+ __atomic_store_n(a, v, __ATOMIC_SEQ_CST);
+}
+
+static inline void my_atomic_storeptr(void * volatile *a, void *v)
+{
+ __atomic_store_n(a, v, __ATOMIC_SEQ_CST);
+}
+
+#endif /* GCC_ATOMIC_INCLUDED */
diff --git a/mysql/atomic/gcc_sync.h b/mysql/atomic/gcc_sync.h
new file mode 100644
index 0000000..82eea35
--- /dev/null
+++ b/mysql/atomic/gcc_sync.h
@@ -0,0 +1,106 @@
+#ifndef GCC_SYNC_INCLUDED
+#define GCC_SYNC_INCLUDED
+
+/* Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/* Old GCC __sync builtins introduced in GCC 4.1 */
+
+static inline int my_atomic_cas32(int32 volatile *a, int32 *cmp, int32 set)
+{
+ int32 cmp_val= *cmp;
+ int32 sav= __sync_val_compare_and_swap(a, cmp_val, set);
+ int ret= (sav == cmp_val);
+ if (!ret)
+ *cmp = sav;
+ return ret;
+}
+
+static inline int my_atomic_cas64(int64 volatile *a, int64 *cmp, int64 set)
+{
+ int64 cmp_val= *cmp;
+ int64 sav= __sync_val_compare_and_swap(a, cmp_val, set);
+ int ret= (sav == cmp_val);
+ if (!ret)
+ *cmp = sav;
+ return ret;
+}
+
+static inline int my_atomic_casptr(void * volatile *a, void **cmp, void *set)
+{
+ void *cmp_val= *cmp;
+ void *sav= __sync_val_compare_and_swap(a, cmp_val, set);
+ int ret= (sav == cmp_val);
+ if (!ret)
+ *cmp = sav;
+ return ret;
+}
+
+static inline int32 my_atomic_add32(int32 volatile *a, int32 v)
+{
+ return __sync_fetch_and_add(a, v);
+}
+
+static inline int64 my_atomic_add64(int64 volatile *a, int64 v)
+{
+ return __sync_fetch_and_add(a, v);
+}
+
+static inline int32 my_atomic_fas32(int32 volatile *a, int32 v)
+{
+ return __sync_lock_test_and_set(a, v);
+}
+
+static inline int64 my_atomic_fas64(int64 volatile *a, int64 v)
+{
+ return __sync_lock_test_and_set(a, v);
+}
+
+static inline void * my_atomic_fasptr(void * volatile *a, void * v)
+{
+ return __sync_lock_test_and_set(a, v);
+}
+
+static inline int32 my_atomic_load32(int32 volatile *a)
+{
+ return __sync_fetch_and_or(a, 0);
+}
+
+static inline int64 my_atomic_load64(int64 volatile *a)
+{
+ return __sync_fetch_and_or(a, 0);
+}
+
+static inline void* my_atomic_loadptr(void * volatile *a)
+{
+ return __sync_fetch_and_or(a, 0);
+}
+
+static inline void my_atomic_store32(int32 volatile *a, int32 v)
+{
+ (void) __sync_lock_test_and_set(a, v);
+}
+
+static inline void my_atomic_store64(int64 volatile *a, int64 v)
+{
+ (void) __sync_lock_test_and_set(a, v);
+}
+
+static inline void my_atomic_storeptr(void * volatile *a, void *v)
+{
+ (void) __sync_lock_test_and_set(a, v);
+}
+
+#endif /* GCC_SYNC_INCLUDED */
diff --git a/mysql/atomic/generic-msvc.h b/mysql/atomic/generic-msvc.h
new file mode 100644
index 0000000..9fe2cdd
--- /dev/null
+++ b/mysql/atomic/generic-msvc.h
@@ -0,0 +1,135 @@
+#ifndef ATOMIC_MSC_INCLUDED
+#define ATOMIC_MSC_INCLUDED
+
+/* Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#include <windows.h>
+
+static inline int my_atomic_cas32(int32 volatile *a, int32 *cmp, int32 set)
+{
+ int32 initial_cmp= *cmp;
+ int32 initial_a= InterlockedCompareExchange((volatile LONG*)a,
+ set, initial_cmp);
+ int ret= (initial_a == initial_cmp);
+ if (!ret)
+ *cmp= initial_a;
+ return ret;
+}
+
+static inline int my_atomic_cas64(int64 volatile *a, int64 *cmp, int64 set)
+{
+ int64 initial_cmp= *cmp;
+ int64 initial_a= InterlockedCompareExchange64((volatile LONGLONG*)a,
+ (LONGLONG)set,
+ (LONGLONG)initial_cmp);
+ int ret= (initial_a == initial_cmp);
+ if (!ret)
+ *cmp= initial_a;
+ return ret;
+}
+
+static inline int my_atomic_casptr(void * volatile *a, void **cmp, void *set)
+{
+ void *initial_cmp= *cmp;
+ void *initial_a= InterlockedCompareExchangePointer(a, set, initial_cmp);
+ int ret= (initial_a == initial_cmp);
+ if (!ret)
+ *cmp= initial_a;
+ return ret;
+}
+
+static inline int32 my_atomic_add32(int32 volatile *a, int32 v)
+{
+ return (int32)InterlockedExchangeAdd((volatile LONG*)a, v);
+}
+
+static inline int64 my_atomic_add64(int64 volatile *a, int64 v)
+{
+ return (int64)InterlockedExchangeAdd64((volatile LONGLONG*)a, (LONGLONG)v);
+}
+
+static inline int32 my_atomic_load32(int32 volatile *a)
+{
+ return (int32)InterlockedCompareExchange((volatile LONG *)a, 0, 0);
+}
+
+static inline int64 my_atomic_load64(int64 volatile *a)
+{
+ return (int64)InterlockedCompareExchange64((volatile LONGLONG *)a, 0, 0);
+}
+
+static inline void* my_atomic_loadptr(void * volatile *a)
+{
+ return InterlockedCompareExchangePointer(a, 0, 0);
+}
+
+static inline int32 my_atomic_fas32(int32 volatile *a, int32 v)
+{
+ return (int32)InterlockedExchange((volatile LONG*)a, v);
+}
+
+static inline int64 my_atomic_fas64(int64 volatile *a, int64 v)
+{
+ return (int64)InterlockedExchange64((volatile LONGLONG*)a, v);
+}
+
+static inline void * my_atomic_fasptr(void * volatile *a, void * v)
+{
+ return InterlockedExchangePointer(a, v);
+}
+
+static inline void my_atomic_store32(int32 volatile *a, int32 v)
+{
+ (void)InterlockedExchange((volatile LONG*)a, v);
+}
+
+static inline void my_atomic_store64(int64 volatile *a, int64 v)
+{
+ (void)InterlockedExchange64((volatile LONGLONG*)a, v);
+}
+
+static inline void my_atomic_storeptr(void * volatile *a, void *v)
+{
+ (void)InterlockedExchangePointer(a, v);
+}
+
+
+/*
+ my_yield_processor (equivalent of x86 PAUSE instruction) should be used
+ to improve performance on hyperthreaded CPUs. Intel recommends to use it in
+ spin loops also on non-HT machines to reduce power consumption (see e.g
+ http://softwarecommunity.intel.com/articles/eng/2004.htm)
+
+ Running benchmarks for spinlocks implemented with InterlockedCompareExchange
+ and YieldProcessor shows that much better performance is achieved by calling
+ YieldProcessor in a loop - that is, yielding longer. On Intel boxes setting
+ loop count in the range 200-300 brought best results.
+ */
+#define YIELD_LOOPS 200
+
+static inline int my_yield_processor()
+{
+ int i;
+ for (i=0; i<YIELD_LOOPS; i++)
+ {
+ YieldProcessor();
+ }
+ return 1;
+}
+
+#define LF_BACKOFF my_yield_processor()
+
+#endif /* ATOMIC_MSC_INCLUDED */
diff --git a/mysql/atomic/solaris.h b/mysql/atomic/solaris.h
new file mode 100644
index 0000000..5be36ec
--- /dev/null
+++ b/mysql/atomic/solaris.h
@@ -0,0 +1,117 @@
+#ifndef ATOMIC_SOLARIS_INCLUDED
+#define ATOMIC_SOLARIS_INCLUDED
+
+/* Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#include <atomic.h>
+
+#if defined(__GNUC__)
+#define atomic_typeof(T,V) __typeof__(V)
+#else
+#define atomic_typeof(T,V) T
+#endif
+
+static inline int my_atomic_cas32(int32 volatile *a, int32 *cmp, int32 set)
+{
+ int ret;
+ atomic_typeof(uint32_t, *cmp) sav;
+ sav= atomic_cas_32((volatile uint32_t *)a, (uint32_t)*cmp, (uint32_t)set);
+ ret= (sav == *cmp);
+ if (!ret)
+ *cmp= sav;
+ return ret;
+}
+
+static inline int my_atomic_cas64(int64 volatile *a, int64 *cmp, int64 set)
+{
+ int ret;
+ atomic_typeof(uint64_t, *cmp) sav;
+ sav= atomic_cas_64((volatile uint64_t *)a, (uint64_t)*cmp, (uint64_t)set);
+ ret= (sav == *cmp);
+ if (!ret)
+ *cmp= sav;
+ return ret;
+}
+
+static inline int my_atomic_casptr(void * volatile *a, void **cmp, void *set)
+{
+ int ret;
+ atomic_typeof(void *, *cmp) sav;
+ sav= atomic_cas_ptr((volatile void **)a, (void *)*cmp, (void *)set);
+ ret= (sav == *cmp);
+ if (!ret)
+ *cmp= sav;
+ return ret;
+}
+
+static inline int32 my_atomic_add32(int32 volatile *a, int32 v)
+{
+ int32 nv= atomic_add_32_nv((volatile uint32_t *)a, v);
+ return nv - v;
+}
+
+static inline int64 my_atomic_add64(int64 volatile *a, int64 v)
+{
+ int64 nv= atomic_add_64_nv((volatile uint64_t *)a, v);
+ return nv - v;
+}
+
+static inline int32 my_atomic_fas32(int32 volatile *a, int32 v)
+{
+ return atomic_swap_32((volatile uint32_t *)a, (uint32_t)v);
+}
+
+static inline int64 my_atomic_fas64(int64 volatile *a, int64 v)
+{
+ return atomic_swap_64((volatile uint64_t *)a, (uint64_t)v);
+}
+
+static inline void * my_atomic_fasptr(void * volatile *a, void * v)
+{
+ return atomic_swap_ptr(a, v);
+}
+
+static inline int32 my_atomic_load32(int32 volatile *a)
+{
+ return atomic_or_32_nv((volatile uint32_t *)a, 0);
+}
+
+static inline int64 my_atomic_load64(int64 volatile *a)
+{
+ return atomic_or_64_nv((volatile uint64_t *)a, 0);
+}
+
+static inline void* my_atomic_loadptr(void * volatile *a)
+{
+ return atomic_add_ptr_nv(a, 0);
+}
+
+static inline void my_atomic_store32(int32 volatile *a, int32 v)
+{
+ (void) atomic_swap_32((volatile uint32_t *)a, (uint32_t)v);
+}
+
+static inline void my_atomic_store64(int64 volatile *a, int64 v)
+{
+ (void) atomic_swap_64((volatile uint64_t *)a, (uint64_t)v);
+}
+
+static inline void my_atomic_storeptr(void * volatile *a, void *v)
+{
+ (void) atomic_swap_ptr((volatile void **)a, (void *)v);
+}
+
+#endif /* ATOMIC_SOLARIS_INCLUDED */
diff --git a/mysql/base64.h b/mysql/base64.h
new file mode 100644
index 0000000..6406808
--- /dev/null
+++ b/mysql/base64.h
@@ -0,0 +1,61 @@
+/* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#ifndef __BASE64_H_INCLUDED__
+#define __BASE64_H_INCLUDED__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ Calculate how much memory needed for dst of base64_encode()
+*/
+uint64 base64_needed_encoded_length(uint64 length_of_data);
+
+/*
+ Maximum length base64_encode_needed_length() can accept with no overflow.
+*/
+uint64 base64_encode_max_arg_length(void);
+
+/*
+ Calculate how much memory needed for dst of base64_decode()
+*/
+uint64 base64_needed_decoded_length(uint64 length_of_encoded_data);
+
+/*
+ Maximum length base64_decode_needed_length() can accept with no overflow.
+*/
+uint64 base64_decode_max_arg_length();
+
+/*
+ Encode data as a base64 string
+*/
+int base64_encode(const void *src, size_t src_len, char *dst);
+
+/*
+ Decode a base64 string into data
+*/
+int64 base64_decode(const char *src, size_t src_len,
+ void *dst, const char **end_ptr, int flags);
+
+/* Allow multuple chunks 'AAA= AA== AA==', binlog uses this */
+#define MY_BASE64_DECODE_ALLOW_MULTIPLE_CHUNKS 1
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* !__BASE64_H_INCLUDED__ */
diff --git a/mysql/binary_log_types.h b/mysql/binary_log_types.h
new file mode 100644
index 0000000..b20eacf
--- /dev/null
+++ b/mysql/binary_log_types.h
@@ -0,0 +1,70 @@
+/* Copyright (c) 2014, 2015 Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/**
+ @file binary_log_types.h
+
+ @brief This file contains the field type.
+
+
+ @note This file can be imported both from C and C++ code, so the
+ definitions have to be constructed to support this.
+*/
+
+#ifndef BINARY_LOG_TYPES_INCLUDED
+#define BINARY_LOG_TYPES_INCLUDED
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*
+ * Constants exported from this package.
+ */
+
+typedef enum enum_field_types {
+ MYSQL_TYPE_DECIMAL, MYSQL_TYPE_TINY,
+ MYSQL_TYPE_SHORT, MYSQL_TYPE_LONG,
+ MYSQL_TYPE_FLOAT, MYSQL_TYPE_DOUBLE,
+ MYSQL_TYPE_NULL, MYSQL_TYPE_TIMESTAMP,
+ MYSQL_TYPE_LONGLONG,MYSQL_TYPE_INT24,
+ MYSQL_TYPE_DATE, MYSQL_TYPE_TIME,
+ MYSQL_TYPE_DATETIME, MYSQL_TYPE_YEAR,
+ MYSQL_TYPE_NEWDATE, MYSQL_TYPE_VARCHAR,
+ MYSQL_TYPE_BIT,
+ MYSQL_TYPE_TIMESTAMP2,
+ MYSQL_TYPE_DATETIME2,
+ MYSQL_TYPE_TIME2,
+ MYSQL_TYPE_JSON=245,
+ MYSQL_TYPE_NEWDECIMAL=246,
+ MYSQL_TYPE_ENUM=247,
+ MYSQL_TYPE_SET=248,
+ MYSQL_TYPE_TINY_BLOB=249,
+ MYSQL_TYPE_MEDIUM_BLOB=250,
+ MYSQL_TYPE_LONG_BLOB=251,
+ MYSQL_TYPE_BLOB=252,
+ MYSQL_TYPE_VAR_STRING=253,
+ MYSQL_TYPE_STRING=254,
+ MYSQL_TYPE_GEOMETRY=255
+} enum_field_types;
+
+#define DATETIME_MAX_DECIMALS 6
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif /* BINARY_LOG_TYPES_INCLUDED */
diff --git a/mysql/buildfile b/mysql/buildfile
new file mode 100644
index 0000000..cbb41bf
--- /dev/null
+++ b/mysql/buildfile
@@ -0,0 +1,254 @@
+# file : mysql/buildfile
+# copyright : Copyright (c) 2016-2017 Code Synthesis Ltd
+# license : GPLv2 with FOSS License Exception; see accompanying COPYING file
+
+# Windows-specific utilities.
+#
+mysys_win32 = my_winerr my_winfile
+
+# Windows-specific named pipe and shared memory based communication channels.
+#
+vio_win32 = viopipe vioshm
+
+lib{mysqlclient}: {h }{* -version} \
+ {h }{ version} \
+ zlib/{h c }{* } \
+ strings/{h c }{* } \
+ atomic/{h }{* } \
+ mysys/{h c }{* -posix_timers -{$mysys_win32}} \
+ mysys_ssl/{h cxx}{* } \
+ extra/yassl/{h c hxx cxx}{** } \
+ vio/{h c }{* -{$vio_win32}} \
+ sql/{h c hxx cxx}{** } \
+ sql-common/{h c hxx cxx}{* } \
+ libmysql/{h c }{* } \
+ mysql/{h }{** }
+
+# Makes sense to distribute READMEs and licenses for the bundled libraries.
+#
+lib{mysqlclient}: zlib/file{README* } \
+ extra/yassl/file{README COPYING FLOSS-EXCEPTIONS} \
+ extra/yassl/taocrypt/file{README COPYING }
+
+tclass = $c.target.class
+tsys = $c.target.system
+
+if ($tclass == 'linux')
+ lib{mysqlclient}: mysys/c{posix_timers}
+else
+ lib{mysqlclient}: mysys/file{posix_timers.c}
+
+if ($tclass == 'windows')
+ lib{mysqlclient}: mysys/{ c }{$mysys_win32} \
+ vio/{ c }{$vio_win32 } \
+ libmysql/authentication_win/{h cxx}{* }
+else
+ lib{mysqlclient}: mysys/file{$regex.apply($mysys_win32, '(.+)', '\1.c')} \
+ vio/file{$regex.apply($vio_win32, '(.+)', '\1.c')} \
+ libmysql/authentication_win/file{*.h *.cpp }
+
+lib{mysqlclient}: libmysql/file{libmysql_exports_win32.def}
+
+# See bootstrap.build for details.
+#
+if $version.pre_release
+ lib{mysqlclient}: bin.lib.version = @"-$version.project_id"
+else
+ lib{mysqlclient}: bin.lib.version = @"-$abi_version"
+
+# Include the generated version header into the distribution (so that we
+# don't pick up an installed one) and don't remove it when cleaning in src (so
+# that clean results in a state identical to distributed).
+#
+# @@ We should probably allow to configure MYSQL_UNIX_ADDR via configuration
+# variable config.libmysqlclient.unix_addr. Note that it is set differently
+# for the upstream package and major Linux distributions:
+#
+# Debian/Ubuntu: /var/run/mysqld/mysqld.sock
+# Fedora/RHEL: /var/lib/mysql/mysql.sock
+# Source package: /tmp/mysql.sock
+#
+# @@ Note that if variable values changes (say install root is reconfigured),
+# then the version files is not regenerated. Should we store instantiated
+# variables name/value hash in the dependency file? This will be fixed
+# as part of the in module.
+#
+h{version}: in{version} $src_root/file{manifest}
+
+h{version}: dist = true
+h{version}: clean = ($src_root != $out_root)
+h{version}: in.symbol = '@'
+
+h{version}: PROTOCOL_VERSION = $protocol_version
+h{version}: VERSION = $version.project
+h{version}: MYSQL_BASE_VERSION = "$version.major.$version.minor"
+h{version}: MYSQL_VERSION_MAJOR = $version.major
+h{version}: MYSQL_VERSION_MINOR = $version.minor
+h{version}: MYSQL_SERVER_SUFFIX = ''
+h{version}: DOT_FRM_VERSION = 6 # File format (server-related).
+h{version}: MYSQL_VERSION_ID = \
+ "\(10000 * $version.major + 100 * $version.minor + $version.patch\)"
+h{version}: MYSQL_TCP_PORT = 3306
+h{version}: MYSQL_TCP_PORT_DEFAULT = 0
+h{version}: MYSQL_UNIX_ADDR = ($tclass != 'windows' ? /tmp/mysql.sock : '')
+h{version}: COMPILATION_COMMENT = 'Source distribution'
+h{version}: SYS_SCHEMA_VERSION = '1.5.1' # Server-related.
+h{version}: MACHINE_TYPE = $c.target.cpu
+h{version}: SYSTEM_TYPE = $tsys
+h{version}: DEFAULT_BASEDIR = \
+ ($install.root != [null] \
+ ? $regex.replace("$install.resolve($install.root)", '\\', '/') \
+ : '')
+h{version}: PLUGINDIR = \
+ ($install.root != [null] \
+ ? $regex.replace($install.resolve($install.lib)/mysql/plugin, '\\', '/') \
+ : '')
+h{version}: SHAREDIR = \
+ ($install.root != [null] \
+ ? $regex.replace($install.resolve($install.data_root)/share/mysql, \
+ '\\', '/') \
+ : '')
+
+# We have dropped the macro definitions that are not used in the package code:
+#
+# -DHAVE_LIBEVENT1
+#
+cc.poptions += -DHAVE_CONFIG_H -DDBUG_OFF
+
+if ($tclass != 'windows')
+{
+ cc.poptions += -D_FILE_OFFSET_BITS=64
+
+ if ($tclass == 'linux')
+ cc.poptions += -D_GNU_SOURCE
+}
+else
+{
+ # Note that the original package defines the WIN32 macro for VC only,
+ # relying on the fact that MinGW GCC defines it by default. However, the
+ # macro disappears from the default ones if to compile with -std=c9x (as we
+ # do). So we define it for both VC and MinGW GCC.
+ #
+ cc.poptions += -DWIN32 -D_WINDOWS -D_WIN32_WINNT=0x0601 -DNOGDI -DNOMINMAX \
+ -DWIN32_LEAN_AND_MEAN -D_MBCS
+}
+
+# Note that we add "-I$src_root" for the headers auto-generating machinery to
+# work properly.
+#
+cc.poptions =+ "-I$out_root" "-I$src_root" "-I$src_base"
+
+zlib_poptions = "-I$src_base/zlib"
+strings_poptions = "-I$src_base/strings"
+mysys_poptions = "-I$src_base/mysys"
+
+# To keep "-I$out_root" "-I$src_root" first we use '+=', rather than '=+' to
+# append poptions for the target wildcards.
+#
+ zlib/obj{*}: cc.poptions += $zlib_poptions
+ mysys/obj{*}: cc.poptions += $mysys_poptions $zlib_poptions
+strings/obj{*}: cc.poptions += $strings_poptions -DDISABLE_MYSQL_THREAD_H
+
+yassl_dir = $src_base/extra/yassl
+taocrypt_dir = $yassl_dir/taocrypt
+
+taocrypt_poptions = "-I$taocrypt_dir/include" "-I$taocrypt_dir/mySTL" \
+ -DHAVE_YASSL -DYASSL_PREFIX -DHAVE_OPENSSL \
+ -DMULTI_THREADED
+
+extra/yassl/taocrypt/src/obj{*}: cc.poptions += $taocrypt_poptions
+
+yassl_poptions = "-I$yassl_dir/include" $taocrypt_poptions
+
+extra/yassl/src/obj{*}: \
+ cc.poptions += -Dget_tty_password=yassl_mysql_get_tty_password \
+ -Dget_tty_password_ext=yassl_mysql_get_tty_password_ext \
+ $yassl_poptions
+
+ vio/obj{*}: cc.poptions += "-I$src_base" $yassl_poptions
+mysys_ssl/obj{*}: cc.poptions += "-I$src_base" $yassl_poptions $mysys_poptions
+
+# The CLIENT_PROTOCOL_TRACING macro seems to be required for debugging only.
+# However, the compilation falls apart if undefined, so we keep it.
+#
+sql_poptions = "-I$src_base/sql" "-I$src_base/libmysql" \
+ -DCLIENT_PROTOCOL_TRACING \
+ $yassl_poptions $zlib_poptions $strings_poptions
+
+if ($tclass == 'windows')
+ sql_poptions += -DAUTHENTICATION_WIN
+
+sql/obj{*}: cc.poptions += $sql_poptions
+sql-common/obj{*}: cc.poptions += $sql_poptions
+libmysql/obj{*}: cc.poptions += $sql_poptions
+
+# The upstream package always adds -DDEBUG_ERRROR_LOG -DWINAUTH_USE_DBUG_LIB.
+# Looks like they are required for debugging only, so let's omit them.
+#
+if ($tclass == 'windows')
+ libmysql/authentication_win/obj{*}: cc.poptions += -DSECURITY_WIN32
+
+if ($tsys == 'win32-msvc')
+{
+ # Disable warnings that pop up with /W3.
+ #
+ cc.coptions += /wd4311 /wd4113
+}
+else
+{
+ # We don't care about C++ ABI specification conformance, especially given
+ # that only C functions are exported. So we omit -fabi-version=2.
+ #
+ cc.coptions += -fno-omit-frame-pointer -fno-strict-aliasing
+
+ # Disable warnings that pop up with -W -Wall.
+ #
+ cc.coptions += -Wno-unused-parameter -Wno-unused-variable \
+ -Wno-unused-const-variable -Wno-unused-but-set-variable \
+ -Wno-maybe-uninitialized
+}
+
+if ($tclass != 'windows')
+{
+ # On Linux the upstream package also passes the cmake-generated
+ # libmysql.ver file. The symbols it contains are hard-coded into
+ # libmysql/CMakeList.txt. We have dropped the file for now.
+ #
+ if ($tclass == 'linux')
+ cc.loptions += -Wl,--no-undefined # Make sure all symbols are resolvable.
+
+ cc.libs += ($tclass == 'bsd' ? -lexecinfo : -ldl) -lpthread -lm
+
+ if ($tclass == 'linux')
+ cc.libs += -lrt # Posix timers.
+}
+else
+{
+ cc.libs += advapi32.lib
+ cc.loptions += "/DEF:$src_base/libmysql/libmysql_exports_win32.def"
+}
+
+# The library clients must include the API header as <mysql/mysql.h>.
+#
+lib{mysqlclient}: cc.export.poptions = "-I$out_root" "-I$src_root"
+
+# Let's install the bare minimum of headers: mysql.h and headers it recursively
+# includes.
+#
+h{*}: install = false
+hxx{*}: install = false
+
+# @@ Fix once LHS pair generation is implemented.
+#
+for h: mysql mysql_version mysql_com mysql_time my_list my_alloc my_command \
+ binary_log_types typelib \
+ mysql/client_plugin mysql/plugin_auth_common \
+ mysql/psi/psi_base mysql/psi/psi_memory
+{
+ h{$h}@./: install = include/mysql/$path.directory($h)
+ h{$h}@./: install.subdirs = true
+}
+
+# Install into the mysql/ subdirectory of, say, /usr/include.
+#
+h{version}: install = include/mysql/
diff --git a/mysql/byte_order_generic_x86.h b/mysql/byte_order_generic_x86.h
new file mode 100644
index 0000000..b3762b5
--- /dev/null
+++ b/mysql/byte_order_generic_x86.h
@@ -0,0 +1,56 @@
+/* Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/*
+ Optimized functions for the x86 architecture (_WIN32 included).
+
+ x86 handles misaligned reads and writes just fine, so suppress
+ UBSAN warnings for these functions.
+*/
+static inline int16 sint2korr(const uchar *A) SUPPRESS_UBSAN;
+static inline int16 sint2korr(const uchar *A) { return *((int16*) A); }
+
+static inline int32 sint4korr(const uchar *A) SUPPRESS_UBSAN;
+static inline int32 sint4korr(const uchar *A) { return *((int32*) A); }
+
+static inline uint16 uint2korr(const uchar *A) SUPPRESS_UBSAN;
+static inline uint16 uint2korr(const uchar *A) { return *((uint16*) A); }
+
+static inline uint32 uint4korr(const uchar *A) SUPPRESS_UBSAN;
+static inline uint32 uint4korr(const uchar *A) { return *((uint32*) A); }
+
+static inline ulonglong uint8korr(const uchar *A) SUPPRESS_UBSAN;
+static inline ulonglong uint8korr(const uchar *A) { return *((ulonglong*) A);}
+
+static inline longlong sint8korr(const uchar *A) SUPPRESS_UBSAN;
+static inline longlong sint8korr(const uchar *A) { return *((longlong*) A); }
+
+static inline void int2store(uchar *T, uint16 A) SUPPRESS_UBSAN;
+static inline void int2store(uchar *T, uint16 A)
+{
+ *((uint16*) T)= A;
+}
+
+static inline void int4store(uchar *T, uint32 A) SUPPRESS_UBSAN;
+static inline void int4store(uchar *T, uint32 A)
+{
+ *((uint32*) T)= A;
+}
+
+static inline void int8store(uchar *T, ulonglong A) SUPPRESS_UBSAN;
+static inline void int8store(uchar *T, ulonglong A)
+{
+ *((ulonglong*) T)= A;
+}
diff --git a/mysql/config.h b/mysql/config.h
new file mode 100644
index 0000000..6e88f5f
--- /dev/null
+++ b/mysql/config.h
@@ -0,0 +1,10 @@
+/* file : mysql/config.h -*- C -*-
+ * copyright : Copyright (c) 2016-2017 Code Synthesis Ltd
+ * license : GPLv2 with FOSS License Exception; see accompanying COPYING file
+ */
+
+/*
+ * The upstream package auto-generated my_config.h and config.h (used by the
+ * bundled libs) are identical, so we just express one through the other.
+ */
+#include <mysql/my_config.h>
diff --git a/mysql/config.h.cmake.orig b/mysql/config.h.cmake.orig
new file mode 100644
index 0000000..e0abacc
--- /dev/null
+++ b/mysql/config.h.cmake.orig
@@ -0,0 +1,452 @@
+/* Copyright (c) 2009, 2017, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#ifndef MY_CONFIG_H
+#define MY_CONFIG_H
+
+/*
+ * From configure.cmake, in order of appearance
+ */
+#cmakedefine HAVE_LLVM_LIBCPP 1
+#cmakedefine _LARGEFILE_SOURCE 1
+
+/* Libraries */
+#cmakedefine HAVE_LIBM 1
+#cmakedefine HAVE_LIBNSL 1
+#cmakedefine HAVE_LIBCRYPT 1
+#cmakedefine HAVE_LIBSOCKET 1
+#cmakedefine HAVE_LIBDL 1
+#cmakedefine HAVE_LIBRT 1
+#cmakedefine HAVE_LIBWRAP 1
+#cmakedefine HAVE_LIBWRAP_PROTOTYPES 1
+
+/* Header files */
+#cmakedefine HAVE_ALLOCA_H 1
+#cmakedefine HAVE_ARPA_INET_H 1
+#cmakedefine HAVE_DLFCN_H 1
+#cmakedefine HAVE_EXECINFO_H 1
+#cmakedefine HAVE_FPU_CONTROL_H 1
+#cmakedefine HAVE_GRP_H 1
+#cmakedefine HAVE_IEEEFP_H 1
+#cmakedefine HAVE_LANGINFO_H 1
+#cmakedefine HAVE_MALLOC_H 1
+#cmakedefine HAVE_NETINET_IN_H 1
+#cmakedefine HAVE_POLL_H 1
+#cmakedefine HAVE_PWD_H 1
+#cmakedefine HAVE_STRINGS_H 1
+#cmakedefine HAVE_SYS_CDEFS_H 1
+#cmakedefine HAVE_SYS_IOCTL_H 1
+#cmakedefine HAVE_SYS_MMAN_H 1
+#cmakedefine HAVE_SYS_RESOURCE_H 1
+#cmakedefine HAVE_SYS_SELECT_H 1
+#cmakedefine HAVE_SYS_SOCKET_H 1
+#cmakedefine HAVE_TERM_H 1
+#cmakedefine HAVE_TERMIOS_H 1
+#cmakedefine HAVE_TERMIO_H 1
+#cmakedefine HAVE_UNISTD_H 1
+#cmakedefine HAVE_SYS_WAIT_H 1
+#cmakedefine HAVE_SYS_PARAM_H 1
+#cmakedefine HAVE_FNMATCH_H 1
+#cmakedefine HAVE_SYS_UN_H 1
+#cmakedefine HAVE_VIS_H 1
+#cmakedefine HAVE_SASL_SASL_H 1
+
+/* Libevent */
+#cmakedefine HAVE_DEVPOLL 1
+#cmakedefine HAVE_SYS_DEVPOLL_H 1
+#cmakedefine HAVE_SYS_EPOLL_H 1
+#cmakedefine HAVE_TAILQFOREACH 1
+
+/* Functions */
+#cmakedefine HAVE_ALIGNED_MALLOC 1
+#cmakedefine HAVE_BACKTRACE 1
+#cmakedefine HAVE_PRINTSTACK 1
+#cmakedefine HAVE_INDEX 1
+#cmakedefine HAVE_CLOCK_GETTIME 1
+#cmakedefine HAVE_CUSERID 1
+#cmakedefine HAVE_DIRECTIO 1
+#cmakedefine HAVE_FTRUNCATE 1
+#cmakedefine HAVE_COMPRESS 1
+#cmakedefine HAVE_CRYPT 1
+#cmakedefine HAVE_DLOPEN 1
+#cmakedefine HAVE_FCHMOD 1
+#cmakedefine HAVE_FCNTL 1
+#cmakedefine HAVE_FDATASYNC 1
+#cmakedefine HAVE_DECL_FDATASYNC 1
+#cmakedefine HAVE_FEDISABLEEXCEPT 1
+#cmakedefine HAVE_FSEEKO 1
+#cmakedefine HAVE_FSYNC 1
+#cmakedefine HAVE_GETHOSTBYADDR_R 1
+#cmakedefine HAVE_GETHRTIME 1
+#cmakedefine HAVE_GETNAMEINFO 1
+#cmakedefine HAVE_GETPASS 1
+#cmakedefine HAVE_GETPASSPHRASE 1
+#cmakedefine HAVE_GETPWNAM 1
+#cmakedefine HAVE_GETPWUID 1
+#cmakedefine HAVE_GETRLIMIT 1
+#cmakedefine HAVE_GETRUSAGE 1
+#cmakedefine HAVE_INITGROUPS 1
+#cmakedefine HAVE_ISSETUGID 1
+#cmakedefine HAVE_GETUID 1
+#cmakedefine HAVE_GETEUID 1
+#cmakedefine HAVE_GETGID 1
+#cmakedefine HAVE_GETEGID 1
+#cmakedefine HAVE_LSTAT 1
+#cmakedefine HAVE_MADVISE 1
+#cmakedefine HAVE_MALLOC_INFO 1
+#cmakedefine HAVE_MEMRCHR 1
+#cmakedefine HAVE_MLOCK 1
+#cmakedefine HAVE_MLOCKALL 1
+#cmakedefine HAVE_MMAP64 1
+#cmakedefine HAVE_POLL 1
+#cmakedefine HAVE_POSIX_FALLOCATE 1
+#cmakedefine HAVE_POSIX_MEMALIGN 1
+#cmakedefine HAVE_PREAD 1
+#cmakedefine HAVE_PTHREAD_CONDATTR_SETCLOCK 1
+#cmakedefine HAVE_PTHREAD_SIGMASK 1
+#cmakedefine HAVE_READLINK 1
+#cmakedefine HAVE_REALPATH 1
+#cmakedefine HAVE_SETFD 1
+#cmakedefine HAVE_SIGACTION 1
+#cmakedefine HAVE_SLEEP 1
+#cmakedefine HAVE_STPCPY 1
+#cmakedefine HAVE_STPNCPY 1
+#cmakedefine HAVE_STRLCPY 1
+#cmakedefine HAVE_STRNLEN 1
+#cmakedefine HAVE_STRLCAT 1
+#cmakedefine HAVE_STRSIGNAL 1
+#cmakedefine HAVE_FGETLN 1
+#cmakedefine HAVE_STRSEP 1
+#cmakedefine HAVE_TELL 1
+#cmakedefine HAVE_VASPRINTF 1
+#cmakedefine HAVE_MEMALIGN 1
+#cmakedefine HAVE_NL_LANGINFO 1
+#cmakedefine HAVE_HTONLL 1
+#cmakedefine DNS_USE_CPU_CLOCK_FOR_ID 1
+#cmakedefine HAVE_EPOLL 1
+/* #cmakedefine HAVE_EVENT_PORTS 1 */
+#cmakedefine HAVE_INET_NTOP 1
+#cmakedefine HAVE_WORKING_KQUEUE 1
+#cmakedefine HAVE_TIMERADD 1
+#cmakedefine HAVE_TIMERCLEAR 1
+#cmakedefine HAVE_TIMERCMP 1
+#cmakedefine HAVE_TIMERISSET 1
+
+/* WL2373 */
+#cmakedefine HAVE_SYS_TIME_H 1
+#cmakedefine HAVE_SYS_TIMES_H 1
+#cmakedefine HAVE_TIMES 1
+#cmakedefine HAVE_GETTIMEOFDAY 1
+
+/* Symbols */
+#cmakedefine HAVE_LRAND48 1
+#cmakedefine GWINSZ_IN_SYS_IOCTL 1
+#cmakedefine FIONREAD_IN_SYS_IOCTL 1
+#cmakedefine FIONREAD_IN_SYS_FILIO 1
+#cmakedefine HAVE_SIGEV_THREAD_ID 1
+#cmakedefine HAVE_SIGEV_PORT 1
+#cmakedefine HAVE_LOG2 1
+
+#cmakedefine HAVE_ISINF 1
+
+#cmakedefine HAVE_KQUEUE_TIMERS 1
+#cmakedefine HAVE_POSIX_TIMERS 1
+
+/* Endianess */
+#cmakedefine WORDS_BIGENDIAN 1
+
+/* Type sizes */
+#cmakedefine SIZEOF_VOIDP @SIZEOF_VOIDP@
+#cmakedefine SIZEOF_CHARP @SIZEOF_CHARP@
+#cmakedefine SIZEOF_LONG @SIZEOF_LONG@
+#cmakedefine SIZEOF_SHORT @SIZEOF_SHORT@
+#cmakedefine SIZEOF_INT @SIZEOF_INT@
+#cmakedefine SIZEOF_LONG_LONG @SIZEOF_LONG_LONG@
+#cmakedefine SIZEOF_OFF_T @SIZEOF_OFF_T@
+#cmakedefine SIZEOF_TIME_T @SIZEOF_TIME_T@
+#cmakedefine HAVE_UINT 1
+#cmakedefine HAVE_ULONG 1
+#cmakedefine HAVE_U_INT32_T 1
+#cmakedefine HAVE_STRUCT_TIMESPEC
+
+/* Support for tagging symbols with __attribute__((visibility("hidden"))) */
+#cmakedefine HAVE_VISIBILITY_HIDDEN 1
+
+/* Code tests*/
+#cmakedefine STACK_DIRECTION @STACK_DIRECTION@
+#cmakedefine TIME_WITH_SYS_TIME 1
+#cmakedefine NO_FCNTL_NONBLOCK 1
+#cmakedefine HAVE_PAUSE_INSTRUCTION 1
+#cmakedefine HAVE_FAKE_PAUSE_INSTRUCTION 1
+#cmakedefine HAVE_HMT_PRIORITY_INSTRUCTION 1
+#cmakedefine HAVE_ABI_CXA_DEMANGLE 1
+#cmakedefine HAVE_BUILTIN_UNREACHABLE 1
+#cmakedefine HAVE_BUILTIN_EXPECT 1
+#cmakedefine HAVE_BUILTIN_STPCPY 1
+#cmakedefine HAVE_GCC_ATOMIC_BUILTINS 1
+#cmakedefine HAVE_GCC_SYNC_BUILTINS 1
+#cmakedefine HAVE_VALGRIND
+
+/* IPV6 */
+#cmakedefine HAVE_NETINET_IN6_H 1
+#cmakedefine HAVE_STRUCT_SOCKADDR_IN6 1
+#cmakedefine HAVE_STRUCT_IN6_ADDR 1
+#cmakedefine HAVE_IPV6 1
+
+#cmakedefine ss_family @ss_family@
+#cmakedefine HAVE_SOCKADDR_IN_SIN_LEN 1
+#cmakedefine HAVE_SOCKADDR_IN6_SIN6_LEN 1
+
+/*
+ * Platform specific CMake files
+ */
+#define MACHINE_TYPE "@MYSQL_MACHINE_TYPE@"
+#cmakedefine HAVE_LINUX_LARGE_PAGES 1
+#cmakedefine HAVE_SOLARIS_LARGE_PAGES 1
+#cmakedefine HAVE_SOLARIS_ATOMIC 1
+#cmakedefine HAVE_SOLARIS_STYLE_GETHOST 1
+#define SYSTEM_TYPE "@SYSTEM_TYPE@"
+/* Windows stuff, mostly functions, that have Posix analogs but named differently */
+#cmakedefine IPPROTO_IPV6 @IPPROTO_IPV6@
+#cmakedefine IPV6_V6ONLY @IPV6_V6ONLY@
+/* This should mean case insensitive file system */
+#cmakedefine FN_NO_CASE_SENSE 1
+
+/*
+ * From main CMakeLists.txt
+ */
+#cmakedefine MAX_INDEXES @MAX_INDEXES@
+#cmakedefine WITH_INNODB_MEMCACHED 1
+#cmakedefine ENABLE_MEMCACHED_SASL 1
+#cmakedefine ENABLE_MEMCACHED_SASL_PWDB 1
+#cmakedefine ENABLED_PROFILING 1
+#cmakedefine HAVE_ASAN
+#cmakedefine ENABLED_LOCAL_INFILE 1
+#cmakedefine OPTIMIZER_TRACE 1
+#cmakedefine DEFAULT_MYSQL_HOME "@DEFAULT_MYSQL_HOME@"
+#cmakedefine SHAREDIR "@SHAREDIR@"
+#cmakedefine DEFAULT_BASEDIR "@DEFAULT_BASEDIR@"
+#cmakedefine MYSQL_DATADIR "@MYSQL_DATADIR@"
+#cmakedefine MYSQL_KEYRINGDIR "@MYSQL_KEYRINGDIR@"
+#cmakedefine DEFAULT_CHARSET_HOME "@DEFAULT_CHARSET_HOME@"
+#cmakedefine PLUGINDIR "@PLUGINDIR@"
+#cmakedefine DEFAULT_SYSCONFDIR "@DEFAULT_SYSCONFDIR@"
+#cmakedefine DEFAULT_TMPDIR @DEFAULT_TMPDIR@
+#cmakedefine INSTALL_SBINDIR "@default_prefix@/@INSTALL_SBINDIR@"
+#cmakedefine INSTALL_BINDIR "@default_prefix@/@INSTALL_BINDIR@"
+#cmakedefine INSTALL_MYSQLSHAREDIR "@default_prefix@/@INSTALL_MYSQLSHAREDIR@"
+#cmakedefine INSTALL_SHAREDIR "@default_prefix@/@INSTALL_SHAREDIR@"
+#cmakedefine INSTALL_PLUGINDIR "@default_prefix@/@INSTALL_PLUGINDIR@"
+#cmakedefine INSTALL_INCLUDEDIR "@default_prefix@/@INSTALL_INCLUDEDIR@"
+#cmakedefine INSTALL_SCRIPTDIR "@default_prefix@/@INSTALL_SCRIPTDIR@"
+#cmakedefine INSTALL_MYSQLDATADIR "@default_prefix@/@INSTALL_MYSQLDATADIR@"
+#cmakedefine INSTALL_MYSQLKEYRINGDIR "@default_prefix@/@INSTALL_MYSQLKEYRINGDIR@"
+#cmakedefine INSTALL_PLUGINTESTDIR "@INSTALL_PLUGINTESTDIR@"
+#cmakedefine INSTALL_INFODIR "@default_prefix@/@INSTALL_INFODIR@"
+#cmakedefine INSTALL_MYSQLTESTDIR "@default_prefix@/@INSTALL_MYSQLTESTDIR@"
+#cmakedefine INSTALL_DOCREADMEDIR "@default_prefix@/@INSTALL_DOCREADMEDIR@"
+#cmakedefine INSTALL_DOCDIR "@default_prefix@/@INSTALL_DOCDIR@"
+#cmakedefine INSTALL_MANDIR "@default_prefix@/@INSTALL_MANDIR@"
+#cmakedefine INSTALL_SUPPORTFILESDIR "@default_prefix@/@INSTALL_SUPPORTFILESDIR@"
+#cmakedefine INSTALL_LIBDIR "@default_prefix@/@INSTALL_LIBDIR@"
+
+/*
+ * Readline
+ */
+#cmakedefine HAVE_MBSTATE_T
+#cmakedefine HAVE_LANGINFO_CODESET
+#cmakedefine HAVE_WCSDUP
+#cmakedefine HAVE_WCHAR_T 1
+#cmakedefine HAVE_WINT_T 1
+#cmakedefine HAVE_CURSES_H 1
+#cmakedefine HAVE_NCURSES_H 1
+#cmakedefine USE_LIBEDIT_INTERFACE 1
+#cmakedefine HAVE_HIST_ENTRY 1
+#cmakedefine USE_NEW_EDITLINE_INTERFACE 1
+
+/*
+ * Libedit
+ */
+#cmakedefine HAVE_DECL_TGOTO 1
+
+/*
+ * DTrace
+ */
+#cmakedefine HAVE_DTRACE 1
+
+/*
+ * Character sets
+ */
+#cmakedefine MYSQL_DEFAULT_CHARSET_NAME "@MYSQL_DEFAULT_CHARSET_NAME@"
+#cmakedefine MYSQL_DEFAULT_COLLATION_NAME "@MYSQL_DEFAULT_COLLATION_NAME@"
+#cmakedefine HAVE_CHARSET_armscii8 1
+#cmakedefine HAVE_CHARSET_ascii 1
+#cmakedefine HAVE_CHARSET_big5 1
+#cmakedefine HAVE_CHARSET_cp1250 1
+#cmakedefine HAVE_CHARSET_cp1251 1
+#cmakedefine HAVE_CHARSET_cp1256 1
+#cmakedefine HAVE_CHARSET_cp1257 1
+#cmakedefine HAVE_CHARSET_cp850 1
+#cmakedefine HAVE_CHARSET_cp852 1
+#cmakedefine HAVE_CHARSET_cp866 1
+#cmakedefine HAVE_CHARSET_cp932 1
+#cmakedefine HAVE_CHARSET_dec8 1
+#cmakedefine HAVE_CHARSET_eucjpms 1
+#cmakedefine HAVE_CHARSET_euckr 1
+#cmakedefine HAVE_CHARSET_gb2312 1
+#cmakedefine HAVE_CHARSET_gbk 1
+#cmakedefine HAVE_CHARSET_gb18030 1
+#cmakedefine HAVE_CHARSET_geostd8 1
+#cmakedefine HAVE_CHARSET_greek 1
+#cmakedefine HAVE_CHARSET_hebrew 1
+#cmakedefine HAVE_CHARSET_hp8 1
+#cmakedefine HAVE_CHARSET_keybcs2 1
+#cmakedefine HAVE_CHARSET_koi8r 1
+#cmakedefine HAVE_CHARSET_koi8u 1
+#cmakedefine HAVE_CHARSET_latin1 1
+#cmakedefine HAVE_CHARSET_latin2 1
+#cmakedefine HAVE_CHARSET_latin5 1
+#cmakedefine HAVE_CHARSET_latin7 1
+#cmakedefine HAVE_CHARSET_macce 1
+#cmakedefine HAVE_CHARSET_macroman 1
+#cmakedefine HAVE_CHARSET_sjis 1
+#cmakedefine HAVE_CHARSET_swe7 1
+#cmakedefine HAVE_CHARSET_tis620 1
+#cmakedefine HAVE_CHARSET_ucs2 1
+#cmakedefine HAVE_CHARSET_ujis 1
+#cmakedefine HAVE_CHARSET_utf8mb4 1
+#cmakedefine HAVE_CHARSET_utf8mb3 1
+#cmakedefine HAVE_CHARSET_utf8 1
+#cmakedefine HAVE_CHARSET_utf16 1
+#cmakedefine HAVE_CHARSET_utf32 1
+#cmakedefine HAVE_UCA_COLLATIONS 1
+
+/*
+ * Feature set
+ */
+#cmakedefine WITH_PARTITION_STORAGE_ENGINE 1
+
+/*
+ * Performance schema
+ */
+#cmakedefine WITH_PERFSCHEMA_STORAGE_ENGINE 1
+#cmakedefine DISABLE_PSI_THREAD 1
+#cmakedefine DISABLE_PSI_MUTEX 1
+#cmakedefine DISABLE_PSI_RWLOCK 1
+#cmakedefine DISABLE_PSI_COND 1
+#cmakedefine DISABLE_PSI_FILE 1
+#cmakedefine DISABLE_PSI_TABLE 1
+#cmakedefine DISABLE_PSI_SOCKET 1
+#cmakedefine DISABLE_PSI_STAGE 1
+#cmakedefine DISABLE_PSI_STATEMENT 1
+#cmakedefine DISABLE_PSI_SP 1
+#cmakedefine DISABLE_PSI_PS 1
+#cmakedefine DISABLE_PSI_IDLE 1
+#cmakedefine DISABLE_PSI_STATEMENT_DIGEST 1
+#cmakedefine DISABLE_PSI_METADATA 1
+#cmakedefine DISABLE_PSI_MEMORY 1
+#cmakedefine DISABLE_PSI_TRANSACTION 1
+
+/*
+ * syscall
+*/
+#cmakedefine HAVE_SYS_THREAD_SELFID 1
+#cmakedefine HAVE_SYS_GETTID 1
+#cmakedefine HAVE_PTHREAD_GETTHREADID_NP 1
+#cmakedefine HAVE_PTHREAD_SETNAME_NP 1
+#cmakedefine HAVE_INTEGER_PTHREAD_SELF 1
+
+/* Platform-specific C++ compiler behaviors we rely upon */
+
+/*
+ This macro defines whether the compiler in use needs a 'typename' keyword
+ to access the types defined inside a class template, such types are called
+ dependent types. Some compilers require it, some others forbid it, and some
+ others may work with or without it. For example, GCC requires the 'typename'
+ keyword whenever needing to access a type inside a template, but msvc
+ forbids it.
+ */
+#cmakedefine HAVE_IMPLICIT_DEPENDENT_NAME_TYPING 1
+
+
+/*
+ * MySQL version
+ */
+#cmakedefine DOT_FRM_VERSION @DOT_FRM_VERSION@
+#define MYSQL_VERSION_MAJOR @MAJOR_VERSION@
+#define MYSQL_VERSION_MINOR @MINOR_VERSION@
+#define MYSQL_VERSION_PATCH @PATCH_VERSION@
+#define MYSQL_VERSION_EXTRA "@EXTRA_VERSION@"
+#define PACKAGE "mysql"
+#define PACKAGE_BUGREPORT ""
+#define PACKAGE_NAME "MySQL Server"
+#define PACKAGE_STRING "MySQL Server @VERSION@"
+#define PACKAGE_TARNAME "mysql"
+#define PACKAGE_VERSION "@VERSION@"
+#define VERSION "@VERSION@"
+#define PROTOCOL_VERSION 10
+
+/*
+ * CPU info
+ */
+#cmakedefine CPU_LEVEL1_DCACHE_LINESIZE @CPU_LEVEL1_DCACHE_LINESIZE@
+
+/*
+ * NDB
+ */
+#cmakedefine WITH_NDBCLUSTER_STORAGE_ENGINE 1
+#cmakedefine HAVE_PTHREAD_SETSCHEDPARAM 1
+
+/*
+ * Other
+ */
+#cmakedefine EXTRA_DEBUG 1
+#cmakedefine HAVE_CHOWN 1
+
+/*
+ * Hardcoded values needed by libevent/NDB/memcached
+ */
+#define HAVE_FCNTL_H 1
+#define HAVE_GETADDRINFO 1
+#define HAVE_INTTYPES_H 1
+/* libevent's select.c is not Windows compatible */
+#ifndef _WIN32
+#define HAVE_SELECT 1
+#endif
+#define HAVE_SIGNAL_H 1
+#define HAVE_STDARG_H 1
+#define HAVE_STDINT_H 1
+#define HAVE_STDLIB_H 1
+#define HAVE_STRDUP 1
+#define HAVE_STRTOK_R 1
+#define HAVE_STRTOLL 1
+#define HAVE_SYS_STAT_H 1
+#define HAVE_SYS_TYPES_H 1
+#define SIZEOF_CHAR 1
+
+/*
+ * Needed by libevent
+ */
+#cmakedefine HAVE_SOCKLEN_T 1
+
+/* For --secure-file-priv */
+#cmakedefine DEFAULT_SECURE_FILE_PRIV_DIR @DEFAULT_SECURE_FILE_PRIV_DIR@
+#cmakedefine DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR @DEFAULT_SECURE_FILE_PRIV_EMBEDDED_DIR@
+#cmakedefine HAVE_LIBNUMA 1
+
+/* For default value of --early_plugin_load */
+#cmakedefine DEFAULT_EARLY_PLUGIN_LOAD @DEFAULT_EARLY_PLUGIN_LOAD@
+
+#endif
diff --git a/mysql/crypt_genhash_impl.h b/mysql/crypt_genhash_impl.h
new file mode 100644
index 0000000..9909186
--- /dev/null
+++ b/mysql/crypt_genhash_impl.h
@@ -0,0 +1,48 @@
+/* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#ifndef CRYPT_HASHGEN_IMPL_H
+#define CRYPT_HASHGEN_IMPL_H
+#define ROUNDS_DEFAULT 5000
+#define ROUNDS_MIN 1000
+#define ROUNDS_MAX 999999999
+#define MIXCHARS 32
+#define CRYPT_SALT_LENGTH 20
+#define CRYPT_MAGIC_LENGTH 3
+#define CRYPT_PARAM_LENGTH 13
+#define SHA256_HASH_LENGTH 43
+#define CRYPT_MAX_PASSWORD_SIZE (CRYPT_SALT_LENGTH + \
+ SHA256_HASH_LENGTH + \
+ CRYPT_MAGIC_LENGTH + \
+ CRYPT_PARAM_LENGTH)
+
+#include <stddef.h>
+#include <my_global.h>
+
+int extract_user_salt(char **salt_begin,
+ char **salt_end);
+C_MODE_START
+char *
+my_crypt_genhash(char *ctbuffer,
+ size_t ctbufflen,
+ const char *plaintext,
+ size_t plaintext_len,
+ const char *switchsalt,
+ const char **params);
+void generate_user_salt(char *buffer, int buffer_len);
+void xor_string(char *to, int to_len, char *pattern, int pattern_len);
+
+C_MODE_END
+#endif
diff --git a/mysql/decimal.h b/mysql/decimal.h
new file mode 100644
index 0000000..f963b6f
--- /dev/null
+++ b/mysql/decimal.h
@@ -0,0 +1,137 @@
+/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+#ifndef DECIMAL_INCLUDED
+#define DECIMAL_INCLUDED
+
+typedef enum
+{TRUNCATE=0, HALF_EVEN, HALF_UP, CEILING, FLOOR}
+ decimal_round_mode;
+typedef int32 decimal_digit_t;
+
+/**
+ intg is the number of *decimal* digits (NOT number of decimal_digit_t's !)
+ before the point
+ frac is the number of decimal digits after the point
+ len is the length of buf (length of allocated space) in decimal_digit_t's,
+ not in bytes
+ sign false means positive, true means negative
+ buf is an array of decimal_digit_t's
+ */
+typedef struct st_decimal_t {
+ int intg, frac, len;
+ my_bool sign;
+ decimal_digit_t *buf;
+} decimal_t;
+
+#ifndef MYSQL_ABI_CHECK
+int internal_str2dec(const char *from, decimal_t *to, char **end,
+ my_bool fixed);
+int decimal2string(const decimal_t *from, char *to, int *to_len,
+ int fixed_precision, int fixed_decimals,
+ char filler);
+int decimal2ulonglong(decimal_t *from, ulonglong *to);
+int ulonglong2decimal(ulonglong from, decimal_t *to);
+int decimal2longlong(decimal_t *from, longlong *to);
+int longlong2decimal(longlong from, decimal_t *to);
+int decimal2double(const decimal_t *from, double *to);
+int double2decimal(double from, decimal_t *to);
+int decimal_actual_fraction(decimal_t *from);
+int decimal2bin(decimal_t *from, uchar *to, int precision, int scale);
+int bin2decimal(const uchar *from, decimal_t *to, int precision, int scale);
+
+/**
+ Convert decimal to lldiv_t.
+ The integer part is stored in to->quot.
+ The fractional part is multiplied to 10^9 and stored to to->rem.
+ @param from Decimal value
+ @param to lldiv_t value
+ @retval 0 on success
+ @retval !0 in error
+*/
+int decimal2lldiv_t(const decimal_t *from, lldiv_t *to);
+
+/**
+ Convert doube to lldiv_t.
+ The integer part is stored in to->quot.
+ The fractional part is multiplied to 10^9 and stored to to->rem.
+ @param from Decimal value
+ @param to lldiv_t value
+ @retval 0 on success
+ @retval !0 in error
+*/
+
+int double2lldiv_t(double from, lldiv_t *to);
+int decimal_size(int precision, int scale);
+int decimal_bin_size(int precision, int scale);
+int decimal_result_size(decimal_t *from1, decimal_t *from2, char op,
+ int param);
+
+int decimal_intg(const decimal_t *from);
+int decimal_add(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_sub(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_cmp(const decimal_t *from1, const decimal_t *from2);
+int decimal_mul(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_div(const decimal_t *from1, const decimal_t *from2, decimal_t *to,
+ int scale_incr);
+int decimal_mod(const decimal_t *from1, const decimal_t *from2, decimal_t *to);
+int decimal_round(const decimal_t *from, decimal_t *to, int new_scale,
+ decimal_round_mode mode);
+int decimal_is_zero(const decimal_t *from);
+void max_decimal(int precision, int frac, decimal_t *to);
+
+#define string2decimal(A,B,C) internal_str2dec((A), (B), (C), 0)
+#define string2decimal_fixed(A,B,C) internal_str2dec((A), (B), (C), 1)
+
+/* set a decimal_t to zero */
+
+#define decimal_make_zero(dec) do { \
+ (dec)->buf[0]=0; \
+ (dec)->intg=1; \
+ (dec)->frac=0; \
+ (dec)->sign=0; \
+ } while(0)
+
+/*
+ returns the length of the buffer to hold string representation
+ of the decimal (including decimal dot, possible sign and \0)
+*/
+
+#define decimal_string_size(dec) (((dec)->intg ? (dec)->intg : 1) + \
+ (dec)->frac + ((dec)->frac > 0) + 2)
+
+/*
+ conventions:
+
+ decimal_smth() == 0 -- everything's ok
+ decimal_smth() <= 1 -- result is usable, but precision loss is possible
+ decimal_smth() <= 2 -- result can be unusable, most significant digits
+ could've been lost
+ decimal_smth() > 2 -- no result was generated
+*/
+
+#define E_DEC_OK 0
+#define E_DEC_TRUNCATED 1
+#define E_DEC_OVERFLOW 2
+#define E_DEC_DIV_ZERO 4
+#define E_DEC_BAD_NUM 8
+#define E_DEC_OOM 16
+
+#define E_DEC_ERROR 31
+#define E_DEC_FATAL_ERROR 30
+
+#endif // !MYSQL_ABI_CHECK
+
+#endif
diff --git a/mysql/errmsg.h b/mysql/errmsg.h
new file mode 100644
index 0000000..9c5327a
--- /dev/null
+++ b/mysql/errmsg.h
@@ -0,0 +1,113 @@
+#ifndef ERRMSG_INCLUDED
+#define ERRMSG_INCLUDED
+
+/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/* Error messages for MySQL clients */
+/* (Error messages for the daemon are in sql/share/errmsg.txt) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+void init_client_errs(void);
+void finish_client_errs(void);
+extern const char *client_errors[]; /* Error messages */
+#ifdef __cplusplus
+}
+#endif
+
+#define CR_MIN_ERROR 2000 /* For easier client code */
+#define CR_MAX_ERROR 2999
+#if !defined(ER)
+#define ER(X) (((X) >= CR_ERROR_FIRST && (X) <= CR_ERROR_LAST)? \
+ client_errors[(X)-CR_ERROR_FIRST]: client_errors[CR_UNKNOWN_ERROR])
+
+#endif
+#define CLIENT_ERRMAP 2 /* Errormap used by my_error() */
+
+/* Do not add error numbers before CR_ERROR_FIRST. */
+/* If necessary to add lower numbers, change CR_ERROR_FIRST accordingly. */
+#define CR_ERROR_FIRST 2000 /*Copy first error nr.*/
+#define CR_UNKNOWN_ERROR 2000
+#define CR_SOCKET_CREATE_ERROR 2001
+#define CR_CONNECTION_ERROR 2002
+#define CR_CONN_HOST_ERROR 2003
+#define CR_IPSOCK_ERROR 2004
+#define CR_UNKNOWN_HOST 2005
+#define CR_SERVER_GONE_ERROR 2006
+#define CR_VERSION_ERROR 2007
+#define CR_OUT_OF_MEMORY 2008
+#define CR_WRONG_HOST_INFO 2009
+#define CR_LOCALHOST_CONNECTION 2010
+#define CR_TCP_CONNECTION 2011
+#define CR_SERVER_HANDSHAKE_ERR 2012
+#define CR_SERVER_LOST 2013
+#define CR_COMMANDS_OUT_OF_SYNC 2014
+#define CR_NAMEDPIPE_CONNECTION 2015
+#define CR_NAMEDPIPEWAIT_ERROR 2016
+#define CR_NAMEDPIPEOPEN_ERROR 2017
+#define CR_NAMEDPIPESETSTATE_ERROR 2018
+#define CR_CANT_READ_CHARSET 2019
+#define CR_NET_PACKET_TOO_LARGE 2020
+#define CR_EMBEDDED_CONNECTION 2021
+#define CR_PROBE_SLAVE_STATUS 2022
+#define CR_PROBE_SLAVE_HOSTS 2023
+#define CR_PROBE_SLAVE_CONNECT 2024
+#define CR_PROBE_MASTER_CONNECT 2025
+#define CR_SSL_CONNECTION_ERROR 2026
+#define CR_MALFORMED_PACKET 2027
+#define CR_WRONG_LICENSE 2028
+
+/* new 4.1 error codes */
+#define CR_NULL_POINTER 2029
+#define CR_NO_PREPARE_STMT 2030
+#define CR_PARAMS_NOT_BOUND 2031
+#define CR_DATA_TRUNCATED 2032
+#define CR_NO_PARAMETERS_EXISTS 2033
+#define CR_INVALID_PARAMETER_NO 2034
+#define CR_INVALID_BUFFER_USE 2035
+#define CR_UNSUPPORTED_PARAM_TYPE 2036
+
+#define CR_SHARED_MEMORY_CONNECTION 2037
+#define CR_SHARED_MEMORY_CONNECT_REQUEST_ERROR 2038
+#define CR_SHARED_MEMORY_CONNECT_ANSWER_ERROR 2039
+#define CR_SHARED_MEMORY_CONNECT_FILE_MAP_ERROR 2040
+#define CR_SHARED_MEMORY_CONNECT_MAP_ERROR 2041
+#define CR_SHARED_MEMORY_FILE_MAP_ERROR 2042
+#define CR_SHARED_MEMORY_MAP_ERROR 2043
+#define CR_SHARED_MEMORY_EVENT_ERROR 2044
+#define CR_SHARED_MEMORY_CONNECT_ABANDONED_ERROR 2045
+#define CR_SHARED_MEMORY_CONNECT_SET_ERROR 2046
+#define CR_CONN_UNKNOW_PROTOCOL 2047
+#define CR_INVALID_CONN_HANDLE 2048
+#define CR_UNUSED_1 2049
+#define CR_FETCH_CANCELED 2050
+#define CR_NO_DATA 2051
+#define CR_NO_STMT_METADATA 2052
+#define CR_NO_RESULT_SET 2053
+#define CR_NOT_IMPLEMENTED 2054
+#define CR_SERVER_LOST_EXTENDED 2055
+#define CR_STMT_CLOSED 2056
+#define CR_NEW_STMT_METADATA 2057
+#define CR_ALREADY_CONNECTED 2058
+#define CR_AUTH_PLUGIN_CANNOT_LOAD 2059
+#define CR_DUPLICATE_CONNECTION_ATTR 2060
+#define CR_AUTH_PLUGIN_ERR 2061
+#define CR_INSECURE_API_ERR 2062
+#define CR_ERROR_LAST /*Copy last error nr:*/ 2062
+/* Add error numbers before CR_ERROR_LAST and change it accordingly. */
+
+#endif /* ERRMSG_INCLUDED */
diff --git a/mysql/extra/yassl/COPYING b/mysql/extra/yassl/COPYING
new file mode 100644
index 0000000..845980a
--- /dev/null
+++ b/mysql/extra/yassl/COPYING
@@ -0,0 +1,340 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Library General
+Public License instead of this License.
diff --git a/mysql/extra/yassl/FLOSS-EXCEPTIONS b/mysql/extra/yassl/FLOSS-EXCEPTIONS
new file mode 100644
index 0000000..47f86ff
--- /dev/null
+++ b/mysql/extra/yassl/FLOSS-EXCEPTIONS
@@ -0,0 +1,121 @@
+yaSSL FLOSS License Exception
+****************************************
+
+Version 0.2, 31 August 2006
+
+The Sawtooth Consulting Ltd. Exception for Free/Libre and Open Source
+Software-only Applications Using yaSSL Libraries (the "FLOSS Exception").
+
+*Exception Intent*
+
+We want specified Free/Libre and Open Source Software ("FLOSS")
+applications to be able to use specified GPL-licensed yaSSL
+libraries (the "Program") despite the fact that not all FLOSS
+licenses are compatible with version 2 of the GNU General Public
+License (the "GPL").
+
+*Legal Terms and Conditions*
+
+As a special exception to the terms and conditions of version 2.0 of
+the GPL:
+
+ 1. You are free to distribute a Derivative Work that is formed
+ entirely from the Program and one or more works (each, a "FLOSS
+ Work") licensed under one or more of the licenses listed below
+ in section 1, as long as:
+
+ 1. You obey the GPL in all respects for the Program and the
+ Derivative Work, except for identifiable sections of the
+ Derivative Work which are not derived from the Program,
+ and which can reasonably be considered independent and
+ separate works in themselves,
+
+ 2. all identifiable sections of the Derivative Work which
+ are not derived from the Program, and which can reasonably be
+ considered independent and separate works in themselves,
+
+ * i
+
+ are distributed subject to one of the FLOSS licenses
+ listed below, and
+
+ * ii
+
+ the object code or executable form of those sections are
+ accompanied by the complete corresponding machine-readable
+ source code for those sections on the same medium and under
+ the same FLOSS license as the corresponding object code or
+ executable forms of those sections, and
+
+
+ 3. any works which are aggregated with the Program or with
+ a Derivative Work on a volume of a storage or distribution
+ medium in accordance with the GPL, can reasonably be considered
+ independent and separate works in themselves which are not
+ derivatives of either the Program, a Derivative Work or a FLOSS
+ Work.
+
+
+ If the above conditions are not met, then the Program may only be
+ copied, modified, distributed or used under the terms and
+ conditions of the GPL or another valid licensing option from
+ Sawtooth Consulting Ltd.
+
+ 2. FLOSS License List
+
+ *License name* *Version(s)/Copyright Date*
+ Academic Free License 2.0
+ Apache Software License 1.0/1.1/2.0
+ Apple Public Source License 2.0
+ Artistic license From Perl 5.8.0
+ BSD license "July 22 1999"
+ Common Development and Distribution License (CDDL) 1.0
+ Common Public License 1.0
+ GNU Library or "Lesser" General Public 2.0/2.1
+ License (LGPL)
+ Jabber Open Source License 1.0
+ MIT license -
+ Mozilla Public License (MPL) 1.0/1.1
+ Open Software License 2.0
+ PHP License 3.0
+ Python license (CNRI Python License) -
+ Python Software Foundation License 2.1.1
+ Sleepycat License "1999"
+ University of Illinois/NCSA Open Source License -
+ W3C License "2001"
+ X11 License "2001"
+ Zlib/libpng License -
+ Zope Public License 2.0
+
+ Due to the many variants of some of the above licenses, we require
+ that any version follow the 2003 version of the Free Software
+ Foundation's Free Software Definition
+ (http://www.gnu.org/philosophy/free-sw.html
+ (http://www.gnu.org/philosophy/free-sw.html)) or version 1.9 of
+ the Open Source Definition by the Open Source Initiative
+ (http://www.opensource.org/docs/definition.php
+ (http://www.opensource.org/docs/definition.php)).
+
+ 3. Definitions
+
+ 1. Terms used, but not defined, herein shall have the
+ meaning provided in the GPL.
+
+ 2. Derivative Work means a derivative work under copyright
+ law.
+
+
+ 4. Applicability This FLOSS Exception applies to all Programs that
+ contain a notice placed by Sawtooth Consulting Ltd. saying that the
+ Program may be distributed under the terms of this FLOSS Exception.
+ If you create or distribute a work which is a Derivative Work of
+ both the Program and any other work licensed under the GPL, then
+ this FLOSS Exception is not available for that work; thus, you
+ must remove the FLOSS Exception notice from that work and
+ comply with the GPL in all respects, including by retaining all
+ GPL notices. You may choose to redistribute a copy of the
+ Program exclusively under the terms of the GPL by removing the
+ FLOSS Exception notice from that copy of the Program, provided
+ that the copy has never been modified by you or any third party.
+
+
diff --git a/mysql/extra/yassl/README b/mysql/extra/yassl/README
new file mode 100644
index 0000000..de1bf51
--- /dev/null
+++ b/mysql/extra/yassl/README
@@ -0,0 +1,786 @@
+*** Note, Please read ***
+
+yaSSL takes a different approach to certificate verification than OpenSSL does.
+The default policy for the client is to verify the server, this means that if
+you don't load CAs to verify the server you'll get a connect error, unable to
+verify. It you want to mimic OpenSSL behavior of not verifying the server and
+reducing security you can do this by calling:
+
+SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
+
+before calling SSL_new();
+
+*** end Note ***
+
+yaSSL Release notes, version 2.4.4 (8/8/2017)
+ This release of yaSSL fixes an interop issue. A fix for detecting cipher
+ suites with non leading zeros is included as yaSSL only supports cipher
+ suites with leading zeros. Thanks for the report from Security Innovation
+ and Oracle.
+
+ Users interoping with other SSL stacks should update.
+
+yaSSL Release notes, version 2.4.2 (9/22/2016)
+ This release of yaSSL fixes a medium security vulnerability. A fix for
+ potential AES side channel leaks is included that a local user monitoring
+ the same CPU core cache could exploit. VM users, hyper-threading users,
+ and users where potential attackers have access to the CPU cache will need
+ to update if they utilize AES.
+
+ DSA padding fixes for unusual sizes is included as well. Users with DSA
+ certficiates should update.
+
+yaSSL Release notes, version 2.4.0 (5/20/2016)
+ This release of yaSSL fixes the OpenSSL compatibility function
+ SSL_CTX_load_verify_locations() when using the path directory to allow
+ unlimited path sizes. Minor Windows build fixes are included.
+ No high level security fixes in this version but we always recommend
+ updating.
+
+
+yaSSL Release notes, version 2.3.9b (2/03/2016)
+ This release of yaSSL fixes the OpenSSL compatibility function
+ X509_NAME_get_index_by_NID() to use the actual index of the common name
+ instead of searching on the format prefix. Thanks for the report from
+ yashwant.sahu@oracle.com . Anyone using this function should update.
+
+yaSSL Release notes, version 2.3.9 (12/01/2015)
+ This release of yaSSL fixes two client side Diffie-Hellman problems.
+ yaSSL was only handling the cases of zero or one leading zeros for the key
+ agreement instead of potentially any number. This caused about 1 in 50,000
+ connections to fail when using DHE cipher suites. The second problem was
+ the case where a server would send a public value shorter than the prime
+ value, causing about 1 in 128 client connections to fail, and also
+ caused the yaSSL client to read off the end of memory. All client side
+ DHE cipher suite users should update.
+ Thanks to Adam Langely (agl@imperialviolet.org) for the detailed report!
+
+yaSSL Release notes, version 2.3.8 (9/17/2015)
+ This release of yaSSL fixes a high security vulnerability. All users
+ SHOULD update. If using yaSSL for TLS on the server side with private
+ RSA keys allowing ephemeral key exchange you MUST update and regenerate
+ the RSA private keys. This report is detailed in:
+ https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
+ yaSSL now detects RSA signature faults and returns an error.
+
+yaSSL Patch notes, version 2.3.7e (6/26/2015)
+ This release of yaSSL includes a fix for Date less than comparison.
+ Previously yaSSL would return true on less than comparisons if the Dates
+ were equal. Reported by Oracle. No security problem, but if a cert was
+ generated right now, a server started using it in the same second, and a
+ client tried to verify it in the same second it would report not yet valid.
+
+yaSSL Patch notes, version 2.3.7d (6/22/2015)
+ This release of yaSSL includes a fix for input_buffer set_current with
+ index 0. SSL_peek() at front of waiting data could trigger. Robert
+ Golebiowski of Oracle identified and suggested a fix, thanks!
+
+yaSSL Patch notes, version 2.3.7c (6/12/2015)
+ This release of yaSSL does certificate DATE comparisons to the second
+ instead of to the minute, helpful when using freshly generated certs.
+ Though keep in mind that time sync differences could still show up.
+
+yaSSL Patch notes, version 2.3.7b (3/18/2015)
+ This release of yaSSL fixes a potential crash with corrupted private keys.
+ Also detects bad keys earlier for user.
+
+yaSSL Release notes, version 2.3.7 (12/10/2014)
+ This release of yaSSL fixes the potential to process duplicate handshake
+ messages by explicitly marking/checking received handshake messages.
+
+yaSSL Release notes, version 2.3.6 (11/25/2014)
+
+ This release of yaSSL fixes some valgrind warnings/errors including
+ uninitialized reads and off by one index errors induced from fuzzing
+ the handshake. These were reported by Oracle.
+
+yaSSL Release notes, version 2.3.5 (9/29/2014)
+
+ This release of yaSSL fixes an RSA Padding check vulnerability reported by
+ Intel Security Advanced Threat Research team
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+yaSSL Release notes, version 2.3.4 (8/15/2014)
+
+ This release of yaSSL adds checking to the input_buffer class itself.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+yaSSL Release notes, version 2.3.2 (7/25/2014)
+
+ This release of yaSSL updates test certs.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.3.0 (12/5/2013)
+
+ This release of yaSSL updates asm for newer GCC versions.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.2.3 (4/23/2013)
+
+ This release of yaSSL updates the test certificates as they were expired
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.2.2d (2/5/2013)
+
+ This release of yaSSL contains countermeasuers for the Lucky 13 TLS 1.1
+ CBC timing padding attack identified by Nadhem AlFardan and Kenneth Paterson
+ see: http://www.isg.rhul.ac.uk/tls/
+
+ It also adds SHA2 certificate verification and better checks for malicious
+ input.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.2.2 (7/5/2012)
+
+ This release of yaSSL contains bug fixes and more security checks around
+ malicious certificates.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.1.2 (9/2/2011)
+
+ This release of yaSSL contains bug fixes, better non-blocking support with
+ SSL_write, and OpenSSL RSA public key format support.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 2.0.0 (7/6/2010)
+
+ This release of yaSSL contains bug fixes, new testing certs,
+ and a security patch for a potential heap overflow on forged application
+ data processing. Vulnerability discovered by Matthieu Bonetti from VUPEN
+ Security http://www.vupen.com.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.9 (1/26/2010)
+
+ This release of yaSSL contains bug fixes, the removal of assert() s and
+ a security patch for a buffer overflow possibility in certificate name
+ processing.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.8 (10/14/09)
+
+ This release of yaSSL contains bug fixes and adds new stream ciphers
+ Rabbit and HC-128
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.6 (11/13/08)
+
+ This release of yaSSL contains bug fixes, adds autconf shared library
+ support and has better server suite detection based on certficate and
+ private key.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.9.2 (9/24/08)
+
+ This release of yaSSL contains bug fixes and improved certificate verify
+ callback support.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.8.8 (5/7/08)
+
+ This release of yaSSL contains bug fixes, and better socket handling.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.8.6 (1/31/08)
+
+ This release of yaSSL contains bug fixes, and fixes security problems
+ associated with using SSL 2.0 client hellos and improper input handling.
+ Please upgrade to this version if you are using a previous one.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.7.5 (10/15/07)
+
+ This release of yaSSL contains bug fixes, adds MSVC 2005 project support,
+ GCC 4.2 support, IPV6 support and test, and new test certificates.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.7.2 (8/20/07)
+
+ This release of yaSSL contains bug fixes and adds initial OpenVPN support.
+ Just configure at this point and beginning of build.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.6.8 (4/16/07)
+
+ This release of yaSSL contains bug fixes and adds SHA-256, SHA-512, SHA-224,
+ and SHA-384.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+
+*****************yaSSL Release notes, version 1.6.0 (2/22/07)
+
+ This release of yaSSL contains bug fixes, portability enhancements, and
+ better X509 support.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0 and note in 1.5.8.
+
+*****************yaSSL Release notes, version 1.5.8 (1/10/07)
+
+ This release of yaSSL contains bug fixes, portability enhancements, and
+ support for GCC 4.1.1 and vs2005 sp1.
+
+
+
+ Since yaSSL now supports zlib, as does libcurl, the libcurl build test can
+ fail if yaSSL is built with zlib support since the zlib library isn't
+ passed. You can do two things to fix this:
+
+ 1) build yaSSL w/o zlib --without-zlib
+ 2) or add flags to curl configure LDFLAGS="-lm -lz"
+
+
+
+*****************yaSSL Release notes, version 1.5.0 (11/09/06)
+
+ This release of yaSSL contains bug fixes, portability enhancements,
+ and full TLS 1.1 support. Use the functions:
+
+ SSL_METHOD *TLSv1_1_server_method(void);
+ SSL_METHOD *TLSv1_1_client_method(void);
+
+ or the SSLv23 versions (even though yaSSL doesn't support SSL 2.0 the v23
+ means to pick the highest of SSL 3.0, TLS 1.0, or TLS 1.1).
+
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+
+****************yaSSL Release notes, version 1.4.5 (10/15/06)
+
+
+ This release of yaSSL contains bug fixes, portability enhancements,
+ zlib compression support, removal of assembly instructions at runtime if
+ not supported, and initial TLS 1.1 support.
+
+
+ Compression Notes: yaSSL uses zlib for compression and the compression
+ should only be used if yaSSL is at both ends because the implementation
+ details aren't yet standard. If you'd like to turn compression on use
+ the SSL_set_compression() function on the client before calling
+ SSL_connect(). If both the client and server were built with zlib support
+ then the connection will use compression. If the client isn't built with
+ support then SSL_set_compression() will return an error (-1).
+
+ To build yaSSL with zlib support on Unix simply have zlib support on your
+ system and configure will find it if it's in the standard locations. If
+ it's somewhere else use the option ./configure --with-zlib=DIR. If you'd
+ like to disable compression support in yaSSL use ./configure --without-zlib.
+
+ To build yaSSL with zlib support on Windows:
+
+ 1) download zlib from http://www.zlib.net/
+ 2) follow the instructions in zlib from projects/visualc6/README.txt
+ for how to add the zlib project into the yaSSL workspace noting that
+ you'll need to add configuration support for "Win32 Debug" and
+ "Win32 Release" in note 3 under "To use:".
+ 3) define HAVE_LIBZ when building yaSSL
+
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+********************yaSSL Release notes, version 1.4.0 (08/13/06)
+
+
+ This release of yaSSL contains bug fixes, portability enhancements,
+ nonblocking connect and accept, better OpenSSL error mapping, and
+ certificate caching for session resumption.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+********************yaSSL Release notes, version 1.3.7 (06/26/06)
+
+
+ This release of yaSSL contains bug fixes, portability enhancements,
+ and libcurl 7.15.4 support (any newer versions may not build).
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+********************yaSSL Release notes, version 1.3.5 (06/01/06)
+
+
+ This release of yaSSL contains bug fixes, portability enhancements,
+ better libcurl support, and improved non-blocking I/O.
+
+See normal build instructions below under 1.0.6.
+See libcurl build instructions below under 1.3.0.
+
+
+********************yaSSL Release notes, version 1.3.0 (04/26/06)
+
+
+ This release of yaSSL contains minor bug fixes, portability enhancements,
+ and libcurl support.
+
+See normal build instructions below under 1.0.6.
+
+
+--To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
+
+ To build for libcurl the library needs to be built without C++ globals since
+ the linker will be called in a C context, also libcurl configure will expect
+ OpenSSL library names so some symbolic links are created.
+
+ ./configure --enable-pure-c
+ make
+ make openssl-links
+
+ (then go to your libcurl home and tell libcurl about yaSSL build dir)
+ ./configure --with-ssl=/yaSSL-BuildDir LDFLAGS=-lm
+ make
+
+
+--To build for libcurl on Win32:
+
+ Simply add the yaSSL project as a dependency to libcurl, add
+ yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and
+ define USE_SSLEAY and USE_OPENSSL
+
+ please email todd@yassl.com if you have any questions.
+
+
+*******************yaSSL Release notes, version 1.2.2 (03/27/06)
+
+
+ This release of yaSSL contains minor bug fixes and portability enhancements.
+
+See build instructions below under 1.0.6:
+
+
+
+*******************yaSSL Release notes, version 1.2.0
+
+
+ This release of yaSSL contains minor bug fixes, portability enhancements,
+ Diffie-Hellman compatibility fixes for other servers and client,
+ optimization improvements, and x86 ASM changes.
+
+See build instructions below under 1.0.6:
+
+
+
+*****************yaSSL Release notes, version 1.1.5
+
+ This release of yaSSL contains minor bug fixes, portability enhancements,
+ and user requested changes including the ability to add all certificates in
+ a directory, more robust socket handling, no new overloading unless
+ requested, and an SSL_VERIFY_NONE option.
+
+
+See build instructions below under 1.0.6:
+
+
+
+******************yaSSL Release notes, version 1.0.6
+
+This release of yaSSL contains minor bug fixes, portability enhancements,
+x86 assembly for ARC4, SHA, MD5, and RIPEMD, --enable-ia32-asm configure
+option, and a security patch for certificate chain processing.
+
+--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
+
+ ./configure
+ make
+
+ run testsuite from yaSSL-Home/testsuite to test the build
+
+to make a release build:
+
+ ./configure --disable-debug
+ make
+
+ run testsuite from yaSSL-Home/testsuite to test the build
+
+
+--To build on Win32
+
+Choose (Re)Build All from the project workspace
+
+run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
+
+
+
+***************** yaSSL Release notes, version 1.0.5
+
+This release of yaSSL contains minor bug fixes, portability enhancements,
+x86 assembly for AES, 3DES, BLOWFISH, and TWOFISH, --without-debug configure
+option, and --enable-kernel-mode configure option for using TaoCrypt with
+kernel modules.
+
+--To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin:
+
+ ./configure
+ make
+
+ run testsuite from yaSSL-Home/testsuite to test the build
+
+to make a release build:
+
+ ./configure --without-debug
+ make
+
+ run testsuite from yaSSL-Home/testsuite to test the build
+
+
+--To build on Win32
+
+Choose (Re)Build All from the project workspace
+
+run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
+
+
+******************yaSSL Release notes, version 1.0.1
+
+This release of yaSSL contains minor bug fixes, portability enhancements,
+GCC 3.4.4 support, MSVC 2003 support, and more documentation.
+
+Please see build instructions in the release notes for 0.9.6 below.
+
+
+******************yaSSL Release notes, version 1.0
+
+This release of yaSSL contains minor bug fixes, portability enhancements,
+GCC 4.0 support, testsuite, improvements, and API additions.
+
+Please see build instructions in the release notes for 0.9.6 below.
+
+
+******************yaSSL Release notes, version 0.9.9
+
+This release of yaSSL contains minor bug fixes, portability enchancements,
+MSVC 7 support, memory improvements, and API additions.
+
+Please see build instructions in the release notes for 0.9.6 below.
+
+
+******************yaSSL Release notes, version 0.9.8
+
+This release of yaSSL contains minor bug fixes and portability enchancements.
+
+Please see build instructions in the release notes for 0.9.6 below.
+
+
+******************yaSSL Release notes, version 0.9.6
+
+This release of yaSSL contains minor bug fixes, removal of STL support, and
+removal of exceptions and rtti so that the library can be linked without the
+std c++ library.
+
+--To build on Linux, Solaris, FreeBSD, Mac OS X, or Cygwin
+
+./configure
+make
+
+run testsuite from yaSSL-Home/testsuite to test the build
+
+
+--To build on Win32
+
+Choose (Re)Build All from the project workspace
+
+run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build
+
+
+
+******************yaSSL Release notes, version 0.9.2
+
+This release of yaSSL contains minor bug fixes, expanded certificate
+verification and chaining, and improved documentation.
+
+Please see build instructions in release notes 0.3.0.
+
+
+
+******************yaSSL Release notes, version 0.9.0
+
+This release of yaSSL contains minor bug fixes, client verification handling,
+hex and base64 encoing/decoding, and an improved test suite.
+
+Please see build instructions in release notes 0.3.0.
+
+
+******************yaSSL Release notes, version 0.8.0
+
+This release of yaSSL contains minor bug fixes, and initial porting effort to
+64bit, BigEndian, and more UNIX systems.
+
+Please see build instructions in release notes 0.3.0.
+
+
+******************yaSSL Release notes, version 0.6.0
+
+This release of yaSSL contains minor bug fixes, source cleanup, and binary beta
+(1) of the yaSSL libraries.
+
+Please see build instructions in release notes 0.3.0.
+
+
+
+******************yaSSL Release notes, version 0.5.0
+
+This release of yaSSL contains minor bug fixes, full session resumption
+support, and initial testing suite support.
+
+
+
+Please see build instructions in release notes 0.3.0.
+
+
+
+******************yaSSL Release notes, version 0.4.0
+
+This release of yaSSL contains minor bug fixes, an optional memory tracker,
+an echo client and server with input/output redirection for load testing,
+and initial session caching support.
+
+
+Please see build instructions in release notes 0.3.0.
+
+
+******************yaSSL Release notes, version 0.3.5
+
+This release of yaSSL contains minor bug fixes and extensions to the crypto
+library including a full test suite.
+
+
+*******************yaSSL Release notes, version 0.3.0
+
+This release of yaSSL contains minor bug fixes and extensions to the crypto
+library including AES and an improved random number generator. GNU autoconf
+and automake are now used to simplify the build process on Linux.
+
+*** Linux Build process
+
+./configure
+make
+
+*** Windows Build process
+
+open the yassl workspace and build the project
+
+
+*******************yaSSL Release notes, version 0.2.9
+
+This release of yaSSL contains minor bug fixes and extensions to the crypto
+library.
+
+See the notes at the bottom of this page for build instructions.
+
+
+*******************yaSSL Release notes, version 0.2.5
+
+This release of yaSSL contains minor bug fixes and a beta binary of the yaSSL
+libraries for win32 and linux.
+
+See the notes at the bottom of this page for build instructions.
+
+
+
+*******************yaSSL Release notes, version 0.2.0
+
+This release of yaSSL contains minor bug fixes and initial alternate crypto
+functionality.
+
+*** Complete Build ***
+
+See the notes in Readme.txt for build instructions.
+
+*** Update Build ***
+
+If you have already done a complete build of yaSSL as described in the release
+0.0.1 - 0.1.0 notes and downloaded the update to 0.2.0, place the update file
+yassl-update-0.2.0.tar.gz in the yaSSL home directory and issue the command:
+
+gzip -cd yassl-update-0.2.0.tar.gz | tar xvf -
+
+to update the previous release.
+
+Then issue the make command on linux or rebuild the yaSSL project on Windows.
+
+*******************yaSSL Release notes, version 0.1.0
+
+This release of yaSSL contains minor bug fixes, full client and server TLSv1
+support including full ephemeral Diffie-Hellman support, SSL type RSA and DSS
+signing and verification, and initial stunnel 4.05 build support.
+
+
+
+*********************yaSSL Release notes, version 0.0.3
+
+The third release of yaSSL contains minor bug fixes, client certificate
+enhancements, and initial ephemeral Diffie-Hellman integration:
+
+
+
+*********************
+
+yaSSL Release notes, version 0.0.2
+
+The second release of yaSSL contains minor bug fixes, client certificate
+enhancements, session resumption, and improved TLS support including:
+
+- HMAC for MD5 and SHA-1
+- PRF (pseudo random function)
+- Master Secret and Key derivation routines
+- Record Authentication codes
+- Finish verify data check
+
+Once ephemeral RSA and DH are added yaSSL will be fully complaint with TLS.
+
+
+
+**********************
+
+yassl Release notes, version 0.0.1
+
+The first release of yassl supports normal RSA mode SSLv3 connections with
+support for SHA-1 and MD5 digests. Ciphers include DES, 3DES, and RC4.
+
+yassl uses the CryptoPP library for cryptography, the source is available at
+www.cryptopp.com .
+
+yassl uses CML (the Certificate Management Library) for x509 support. More
+features will be in future versions. The CML source is available for download
+from www.digitalnet.com/knowledge/cml_home.htm .
+
+The next release of yassl will support the 3 lesser-used SSL connection modes;
+HandShake resumption, Ephemeral RSA (or DH), and Client Authentication as well
+as full support for TLS. Backwards support for SSLv2 is not planned at this
+time.
+
+
+**********************
+
+Building yassl on linux:
+
+use the ./buildall script to build everything.
+
+buildall will configure and build CML, CryptoPP, and yassl. Testing was
+preformed with gcc version 3.3.2 on kernel 2.4.22.
+
+
+**********************
+
+Building yassl on Windows:
+
+Testing was preformed on Windows 2000 with Visual C++ 6 sp5.
+
+1) decompress esnacc_r16.tgz in place, see buildall for syntax if unsure
+
+2) decompress smp_r23.tgz in place
+
+3) unzip cryptopp51/crypto51.zip in place
+
+4) Build SNACC (part of CML) using snacc_builds.dsw in the SNACC directory
+
+5) Build SMP (part of CMP) using smp.dsw in the smp directory
+
+6) Build yassl using yassl.dsw
+
+
+**********************
+
+examples, server and client:
+
+Please see the server and client examples in both versions to see how to link
+to yassl and the support libraries. On linux do 'make server' and 'make
+client' to build them. On Windows you will find the example projects in the
+main workspace, yassl.dsw.
+
+The example server and client are compatible with openssl.
+
+
+**********************
+
+Building yassl into mysql on linux:
+
+Testing was done using mysql version 4.0.17.
+
+alter openssl_libs in the configure file, line 21056. Change '-lssl -lcrypto'
+to '-lyassl -lcryptopp -lcmapi -lcmlasn -lctil -lc++asn1'.
+
+see build/config_command for the configure command used to configure mysql
+please change /home/touska/ to the relevant directory of course.
+
+add yassl/lib to the LD_LIBRARY_PATH because libmysql/conf_to_src does not
+use the ssl lib directory though it does use the ssl libraries.
+
+make
+
+make install
+
+
+*********************
+
+License: yassl is currently under the GPL, please see license information
+in the source and include files.
+
+
+*********************
+
+Contact: please send comments or questions to Todd A Ouska at todd@yassl.com
+and/or Larry Stefonic at larry@yassl.com.
+
+
+
diff --git a/mysql/extra/yassl/include/buffer.hpp b/mysql/extra/yassl/include/buffer.hpp
new file mode 100644
index 0000000..77d2ed8
--- /dev/null
+++ b/mysql/extra/yassl/include/buffer.hpp
@@ -0,0 +1,211 @@
+/*
+ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* yaSSL buffer header defines input and output buffers to simulate streaming
+ * with SSL types and sockets
+ */
+
+#ifndef yaSSL_BUFFER_HPP
+#define yaSSL_BUFFER_HPP
+
+#include <assert.h> // assert
+#include "yassl_types.hpp" // ysDelete
+#include "memory.hpp" // mySTL::auto_ptr
+#include STL_ALGORITHM_FILE
+
+
+namespace STL = STL_NAMESPACE;
+
+
+#ifdef _MSC_VER
+ // disable truncated debug symbols
+ #pragma warning(disable:4786)
+#endif
+
+
+namespace yaSSL {
+
+typedef unsigned char byte;
+typedef unsigned int uint;
+const uint AUTO = 0xFEEDBEEF;
+
+
+
+struct NoCheck {
+ int check(uint, uint);
+};
+
+struct Check {
+ int check(uint, uint);
+};
+
+/* input_buffer operates like a smart c style array with a checking option,
+ * meant to be read from through [] with AUTO index or read().
+ * Should only write to at/near construction with assign() or raw (e.g., recv)
+ * followed by add_size with the number of elements added by raw write.
+ *
+ * Not using vector because need checked []access, offset, and the ability to
+ * write to the buffer bulk wise and have the correct size
+ */
+
+class input_buffer : public Check {
+ uint size_; // number of elements in buffer
+ uint current_; // current offset position in buffer
+ byte* buffer_; // storage for buffer
+ byte* end_; // end of storage marker
+ int error_; // error number
+ byte zero_; // for returning const reference to zero byte
+public:
+ input_buffer();
+
+ explicit input_buffer(uint s);
+
+ // with assign
+ input_buffer(uint s, const byte* t, uint len);
+
+ ~input_buffer();
+
+ // users can pass defualt zero length buffer and then allocate
+ void allocate(uint s);
+
+ // for passing to raw writing functions at beginning, then use add_size
+ byte* get_buffer() const;
+
+ // after a raw write user can set new size
+ // if you know the size before the write use assign()
+ void add_size(uint i);
+
+ uint get_capacity() const;
+
+ uint get_current() const;
+
+ uint get_size() const;
+
+ uint get_remaining() const;
+
+ int get_error() const;
+
+ void set_error();
+
+ void set_current(uint i);
+
+ // read only access through [], advance current
+ // user passes in AUTO index for ease of use
+ const byte& operator[](uint i);
+
+ // end of input test
+ bool eof();
+
+ // peek ahead
+ byte peek();
+
+ // write function, should use at/near construction
+ void assign(const byte* t, uint s);
+
+ // use read to query input, adjusts current
+ void read(byte* dst, uint length);
+
+private:
+ input_buffer(const input_buffer&); // hide copy
+ input_buffer& operator=(const input_buffer&); // and assign
+};
+
+
+/* output_buffer operates like a smart c style array with a checking option.
+ * Meant to be written to through [] with AUTO index or write().
+ * Size (current) counter increases when written to. Can be constructed with
+ * zero length buffer but be sure to allocate before first use.
+ * Don't use add write for a couple bytes, use [] instead, way less overhead.
+ *
+ * Not using vector because need checked []access and the ability to
+ * write to the buffer bulk wise and retain correct size
+ */
+class output_buffer : public NoCheck {
+ uint current_; // current offset and elements in buffer
+ byte* buffer_; // storage for buffer
+ byte* end_; // end of storage marker
+public:
+ // default
+ output_buffer();
+
+ // with allocate
+ explicit output_buffer(uint s);
+
+ // with assign
+ output_buffer(uint s, const byte* t, uint len);
+
+ ~output_buffer();
+
+ uint get_size() const;
+
+ uint get_capacity() const;
+
+ void set_current(uint c);
+
+ // users can pass defualt zero length buffer and then allocate
+ void allocate(uint s);
+
+ // for passing to reading functions when finished
+ const byte* get_buffer() const;
+
+ // allow write access through [], update current
+ // user passes in AUTO as index for ease of use
+ byte& operator[](uint i);
+
+ // end of output test
+ bool eof();
+
+ void write(const byte* t, uint s);
+
+private:
+ output_buffer(const output_buffer&); // hide copy
+ output_buffer& operator=(const output_buffer&); // and assign
+};
+
+
+
+
+// turn delete an incomplete type into comipler error instead of warning
+template <typename T>
+inline void checked_delete(T* p)
+{
+ typedef char complete_type[sizeof(T) ? 1 : -1];
+ (void)sizeof(complete_type);
+ ysDelete(p);
+}
+
+
+// checked delete functor increases effeciency, no indirection on function call
+// sets pointer to zero so safe for std conatiners
+struct del_ptr_zero
+{
+ template <typename T>
+ void operator()(T*& p) const
+ {
+ T* tmp = 0;
+ STL::swap(tmp, p);
+ checked_delete(tmp);
+ }
+};
+
+
+
+} // naemspace
+
+#endif // yaSSL_BUUFER_HPP
diff --git a/mysql/extra/yassl/include/cert_wrapper.hpp b/mysql/extra/yassl/include/cert_wrapper.hpp
new file mode 100644
index 0000000..8e3393b
--- /dev/null
+++ b/mysql/extra/yassl/include/cert_wrapper.hpp
@@ -0,0 +1,137 @@
+/*
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+ */
+
+
+/* The certificate wrapper header defines certificate management functions
+ *
+ */
+
+
+#ifndef yaSSL_CERT_WRAPPER_HPP
+#define yaSSL_CERT_WRAPPER_HPP
+
+#ifdef _MSC_VER
+ // disable truncated debug symbols
+ #pragma warning(disable:4786)
+#endif
+
+
+#include "yassl_types.hpp" // SignatureAlgorithm
+#include "buffer.hpp" // input_buffer
+#include "asn.hpp" // SignerList
+#include "openssl/ssl.h" // internal and external use
+#include STL_LIST_FILE
+#include STL_ALGORITHM_FILE
+
+
+namespace STL = STL_NAMESPACE;
+
+
+namespace yaSSL {
+
+typedef unsigned char opaque;
+class X509; // forward openSSL type
+
+using TaoCrypt::SignerList;
+
+// an x509 version 3 certificate
+class x509 {
+ uint length_;
+ opaque* buffer_;
+public:
+ explicit x509(uint sz);
+ ~x509();
+
+ uint get_length() const;
+ const opaque* get_buffer() const;
+ opaque* use_buffer();
+
+ x509(const x509&);
+ x509& operator=(const x509&);
+private:
+ void Swap(x509&);
+};
+
+
+// Certificate Manager keeps a list of the cert chain and public key
+class CertManager {
+ typedef STL::list<x509*> CertList;
+
+ CertList list_; // self
+ input_buffer privateKey_;
+
+ CertList peerList_; // peer
+ input_buffer peerPublicKey_;
+ X509* peerX509_; // peer's openSSL X509
+ X509* selfX509_; // our own openSSL X509
+
+ SignatureAlgorithm keyType_; // self key type
+ SignatureAlgorithm peerKeyType_; // peer's key type
+
+ SignerList signers_; // decoded CA keys and names
+ // plus verified chained certs
+ bool verifyPeer_;
+ bool verifyNone_; // no error if verify fails
+ bool failNoCert_;
+ bool sendVerify_;
+ bool sendBlankCert_;
+ VerifyCallback verifyCallback_; // user verify callback
+public:
+ CertManager();
+ ~CertManager();
+
+ void AddPeerCert(x509* x); // take ownership
+ void CopySelfCert(const x509* x);
+ int CopyCaCert(const x509* x);
+ int Validate();
+
+ int SetPrivateKey(const x509&);
+
+ const x509* get_cert() const;
+ const opaque* get_peerKey() const;
+ const opaque* get_privateKey() const;
+ X509* get_peerX509() const;
+ X509* get_selfX509() const;
+ SignatureAlgorithm get_keyType() const;
+ SignatureAlgorithm get_peerKeyType() const;
+
+ uint get_peerKeyLength() const;
+ uint get_privateKeyLength() const;
+
+ bool verifyPeer() const;
+ bool verifyNone() const;
+ bool failNoCert() const;
+ bool sendVerify() const;
+ bool sendBlankCert() const;
+
+ void setVerifyPeer();
+ void setVerifyNone();
+ void setFailNoCert();
+ void setSendVerify();
+ void setSendBlankCert();
+ void setPeerX509(X509*);
+ void setVerifyCallback(VerifyCallback);
+private:
+ CertManager(const CertManager&); // hide copy
+ CertManager& operator=(const CertManager&); // and assigin
+};
+
+
+} // naemspace
+
+#endif // yaSSL_CERT_WRAPPER_HPP
diff --git a/mysql/extra/yassl/include/crypto_wrapper.hpp b/mysql/extra/yassl/include/crypto_wrapper.hpp
new file mode 100644
index 0000000..c0395cb
--- /dev/null
+++ b/mysql/extra/yassl/include/crypto_wrapper.hpp
@@ -0,0 +1,428 @@
+/*
+ Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* The crypto wrapper header is used to define policies for the cipher
+ * components used by SSL. There are 3 policies to consider:
+ *
+ * 1) MAC, the Message Authentication Code used for each Message
+ * 2) Bulk Cipher, the Cipher used to encrypt/decrypt each Message
+ * 3) Atuhentication, the Digitial Signing/Verifiaction scheme used
+ *
+ * This header doesn't rely on a specific crypto libraries internals,
+ * only the implementation should.
+ */
+
+
+#ifndef yaSSL_CRYPTO_WRAPPER_HPP
+#define yaSSL_CRYPTO_WRAPPER_HPP
+
+#include "yassl_types.hpp"
+#include <stdio.h> // FILE
+
+
+namespace yaSSL {
+
+
+// Digest policy should implement a get_digest, update, and get sizes for pad
+// and digest
+struct Digest : public virtual_base {
+ virtual void get_digest(byte*) = 0;
+ virtual void get_digest(byte*, const byte*, unsigned int) = 0;
+ virtual void update(const byte*, unsigned int) = 0;
+ virtual uint get_digestSize() const = 0;
+ virtual uint get_padSize() const = 0;
+ virtual ~Digest() {}
+};
+
+
+// For use with NULL Digests
+struct NO_MAC : public Digest {
+ void get_digest(byte*);
+ void get_digest(byte*, const byte*, unsigned int);
+ void update(const byte*, unsigned int);
+ uint get_digestSize() const;
+ uint get_padSize() const;
+};
+
+
+// MD5 Digest
+class MD5 : public Digest {
+public:
+ void get_digest(byte*);
+ void get_digest(byte*, const byte*, unsigned int);
+ void update(const byte*, unsigned int);
+ uint get_digestSize() const;
+ uint get_padSize() const;
+ MD5();
+ ~MD5();
+ MD5(const MD5&);
+ MD5& operator=(const MD5&);
+private:
+ struct MD5Impl;
+ MD5Impl* pimpl_;
+};
+
+
+// SHA-1 Digest
+class SHA : public Digest {
+public:
+ void get_digest(byte*);
+ void get_digest(byte*, const byte*, unsigned int);
+ void update(const byte*, unsigned int);
+ uint get_digestSize() const;
+ uint get_padSize() const;
+ SHA();
+ ~SHA();
+ SHA(const SHA&);
+ SHA& operator=(const SHA&);
+private:
+ struct SHAImpl;
+ SHAImpl* pimpl_;
+
+};
+
+
+// RIPEMD-160 Digest
+class RMD : public Digest {
+public:
+ void get_digest(byte*);
+ void get_digest(byte*, const byte*, unsigned int);
+ void update(const byte*, unsigned int);
+ uint get_digestSize() const;
+ uint get_padSize() const;
+ RMD();
+ ~RMD();
+ RMD(const RMD&);
+ RMD& operator=(const RMD&);
+private:
+ struct RMDImpl;
+ RMDImpl* pimpl_;
+
+};
+
+
+// HMAC_MD5
+class HMAC_MD5 : public Digest {
+public:
+ void get_digest(byte*);
+ void get_digest(byte*, const byte*, unsigned int);
+ void update(const byte*, unsigned int);
+ uint get_digestSize() const;
+ uint get_padSize() const;
+ HMAC_MD5(const byte*, unsigned int);
+ ~HMAC_MD5();
+private:
+ struct HMAC_MD5Impl;
+ HMAC_MD5Impl* pimpl_;
+
+ HMAC_MD5(const HMAC_MD5&);
+ HMAC_MD5& operator=(const HMAC_MD5&);
+};
+
+
+// HMAC_SHA-1
+class HMAC_SHA : public Digest {
+public:
+ void get_digest(byte*);
+ void get_digest(byte*, const byte*, unsigned int);
+ void update(const byte*, unsigned int);
+ uint get_digestSize() const;
+ uint get_padSize() const;
+ HMAC_SHA(const byte*, unsigned int);
+ ~HMAC_SHA();
+private:
+ struct HMAC_SHAImpl;
+ HMAC_SHAImpl* pimpl_;
+
+ HMAC_SHA(const HMAC_SHA&);
+ HMAC_SHA& operator=(const HMAC_SHA&);
+};
+
+
+// HMAC_RMD
+class HMAC_RMD : public Digest {
+public:
+ void get_digest(byte*);
+ void get_digest(byte*, const byte*, unsigned int);
+ void update(const byte*, unsigned int);
+ uint get_digestSize() const;
+ uint get_padSize() const;
+ HMAC_RMD(const byte*, unsigned int);
+ ~HMAC_RMD();
+private:
+ struct HMAC_RMDImpl;
+ HMAC_RMDImpl* pimpl_;
+
+ HMAC_RMD(const HMAC_RMD&);
+ HMAC_RMD& operator=(const HMAC_RMD&);
+};
+
+
+// BulkCipher policy should implement encrypt, decrypt, get block size,
+// and set keys for encrypt and decrypt
+struct BulkCipher : public virtual_base {
+ virtual void encrypt(byte*, const byte*, unsigned int) = 0;
+ virtual void decrypt(byte*, const byte*, unsigned int) = 0;
+ virtual void set_encryptKey(const byte*, const byte* = 0) = 0;
+ virtual void set_decryptKey(const byte*, const byte* = 0) = 0;
+ virtual uint get_blockSize() const = 0;
+ virtual int get_keySize() const = 0;
+ virtual int get_ivSize() const = 0;
+ virtual ~BulkCipher() {}
+};
+
+
+// For use with NULL Ciphers
+struct NO_Cipher : public BulkCipher {
+ void encrypt(byte*, const byte*, unsigned int) {}
+ void decrypt(byte*, const byte*, unsigned int) {}
+ void set_encryptKey(const byte*, const byte*) {}
+ void set_decryptKey(const byte*, const byte*) {}
+ uint get_blockSize() const { return 0; }
+ int get_keySize() const { return 0; }
+ int get_ivSize() const { return 0; }
+};
+
+
+// SSLv3 and TLSv1 always use DES in CBC mode so IV is required
+class DES : public BulkCipher {
+public:
+ void encrypt(byte*, const byte*, unsigned int);
+ void decrypt(byte*, const byte*, unsigned int);
+ void set_encryptKey(const byte*, const byte*);
+ void set_decryptKey(const byte*, const byte*);
+ uint get_blockSize() const { return DES_BLOCK; }
+ int get_keySize() const { return DES_KEY_SZ; }
+ int get_ivSize() const { return DES_IV_SZ; }
+ DES();
+ ~DES();
+private:
+ struct DESImpl;
+ DESImpl* pimpl_;
+
+ DES(const DES&); // hide copy
+ DES& operator=(const DES&); // & assign
+};
+
+
+// 3DES Encrypt-Decrypt-Encrypt in CBC mode
+class DES_EDE : public BulkCipher {
+public:
+ void encrypt(byte*, const byte*, unsigned int);
+ void decrypt(byte*, const byte*, unsigned int);
+ void set_encryptKey(const byte*, const byte*);
+ void set_decryptKey(const byte*, const byte*);
+ uint get_blockSize() const { return DES_BLOCK; }
+ int get_keySize() const { return DES_EDE_KEY_SZ; }
+ int get_ivSize() const { return DES_IV_SZ; }
+ DES_EDE();
+ ~DES_EDE();
+private:
+ struct DES_EDEImpl;
+ DES_EDEImpl* pimpl_;
+
+ DES_EDE(const DES_EDE&); // hide copy
+ DES_EDE& operator=(const DES_EDE&); // & assign
+};
+
+
+// Alledged RC4
+class RC4 : public BulkCipher {
+public:
+ void encrypt(byte*, const byte*, unsigned int);
+ void decrypt(byte*, const byte*, unsigned int);
+ void set_encryptKey(const byte*, const byte*);
+ void set_decryptKey(const byte*, const byte*);
+ uint get_blockSize() const { return 0; }
+ int get_keySize() const { return RC4_KEY_SZ; }
+ int get_ivSize() const { return 0; }
+ RC4();
+ ~RC4();
+private:
+ struct RC4Impl;
+ RC4Impl* pimpl_;
+
+ RC4(const RC4&); // hide copy
+ RC4& operator=(const RC4&); // & assign
+};
+
+
+// AES
+class AES : public BulkCipher {
+public:
+ void encrypt(byte*, const byte*, unsigned int);
+ void decrypt(byte*, const byte*, unsigned int);
+ void set_encryptKey(const byte*, const byte*);
+ void set_decryptKey(const byte*, const byte*);
+ uint get_blockSize() const { return AES_BLOCK_SZ; }
+ int get_keySize() const;
+ int get_ivSize() const { return AES_IV_SZ; }
+ explicit AES(unsigned int = AES_128_KEY_SZ);
+ ~AES();
+private:
+ struct AESImpl;
+ AESImpl* pimpl_;
+
+ AES(const AES&); // hide copy
+ AES& operator=(const AES&); // & assign
+};
+
+
+// Random number generator
+class RandomPool {
+public:
+ void Fill(opaque* dst, uint sz) const;
+ RandomPool();
+ ~RandomPool();
+
+ int GetError() const;
+
+ friend class RSA;
+ friend class DSS;
+ friend class DiffieHellman;
+private:
+ struct RandomImpl;
+ RandomImpl* pimpl_;
+
+ RandomPool(const RandomPool&); // hide copy
+ RandomPool& operator=(const RandomPool&); // & assign
+};
+
+
+// Authentication policy should implement sign, and verify
+struct Auth : public virtual_base {
+ virtual void sign(byte*, const byte*, unsigned int, const RandomPool&) = 0;
+ virtual bool verify(const byte*, unsigned int, const byte*,
+ unsigned int) = 0;
+ virtual uint get_signatureLength() const = 0;
+ virtual ~Auth() {}
+};
+
+
+// For use with NULL Authentication schemes
+struct NO_Auth : public Auth {
+ void sign(byte*, const byte*, unsigned int, const RandomPool&) {}
+ bool verify(const byte*, unsigned int, const byte*, unsigned int)
+ { return true; }
+};
+
+
+// Digitial Signature Standard scheme
+class DSS : public Auth {
+public:
+ void sign(byte*, const byte*, unsigned int, const RandomPool&);
+ bool verify(const byte*, unsigned int, const byte*, unsigned int);
+ uint get_signatureLength() const;
+ DSS(const byte*, unsigned int, bool publicKey = true);
+ ~DSS();
+private:
+ struct DSSImpl;
+ DSSImpl* pimpl_;
+
+ DSS(const DSS&);
+ DSS& operator=(const DSS&);
+};
+
+
+// RSA Authentication and exchange
+class RSA : public Auth {
+public:
+ void sign(byte*, const byte*, unsigned int, const RandomPool&);
+ bool verify(const byte*, unsigned int, const byte*, unsigned int);
+ void encrypt(byte*, const byte*, unsigned int, const RandomPool&);
+ void decrypt(byte*, const byte*, unsigned int, const RandomPool&);
+ uint get_signatureLength() const;
+ uint get_cipherLength() const;
+ RSA(const byte*, unsigned int, bool publicKey = true);
+ ~RSA();
+private:
+ struct RSAImpl;
+ RSAImpl* pimpl_;
+
+ RSA(const RSA&); // hide copy
+ RSA& operator=(const RSA&); // & assing
+};
+
+
+class Integer;
+
+// Diffie-Hellman agreement
+// hide for now TODO: figure out a way to give access to C clients p and g args
+class DiffieHellman {
+public:
+ DiffieHellman(const byte*, unsigned int, const byte*, unsigned int,
+ const byte*, unsigned int, const RandomPool& random);
+ //DiffieHellman(const char*, const RandomPool&);
+ DiffieHellman(const Integer&, const Integer&, const RandomPool&);
+ ~DiffieHellman();
+
+ DiffieHellman(const DiffieHellman&);
+ DiffieHellman& operator=(const DiffieHellman&);
+
+ uint get_agreedKeyLength() const;
+ const byte* get_agreedKey() const;
+ uint get_publicKeyLength() const;
+ const byte* get_publicKey() const;
+ void makeAgreement(const byte*, unsigned int);
+
+ void set_sizes(int&, int&, int&) const;
+ void get_parms(byte*, byte*, byte*) const;
+private:
+ struct DHImpl;
+ DHImpl* pimpl_;
+};
+
+
+// Lagrge Integer
+class Integer {
+public:
+ Integer();
+ ~Integer();
+
+ Integer(const Integer&);
+ Integer& operator=(const Integer&);
+
+ void assign(const byte*, unsigned int);
+
+ friend class DiffieHellman;
+private:
+ struct IntegerImpl;
+ IntegerImpl* pimpl_;
+};
+
+
+class x509;
+
+
+struct EncryptedInfo {
+ enum { IV_SZ = 32, NAME_SZ = 80 };
+ char name[NAME_SZ]; // max one line
+ byte iv[IV_SZ]; // in base16 rep
+ uint ivSz;
+ bool set;
+
+ EncryptedInfo() : ivSz(0), set(false) {}
+};
+
+x509* PemToDer(FILE*, CertType, EncryptedInfo* info = 0);
+
+
+} // naemspace
+
+#endif // yaSSL_CRYPTO_WRAPPER_HPP
diff --git a/mysql/extra/yassl/include/factory.hpp b/mysql/extra/yassl/include/factory.hpp
new file mode 100644
index 0000000..dd6532f
--- /dev/null
+++ b/mysql/extra/yassl/include/factory.hpp
@@ -0,0 +1,101 @@
+/*
+ Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* The factory header defines an Object Factory, used by SSL message and
+ * handshake types.
+ *
+ * See Desgin Pattern in GoF and Alexandrescu's chapter in Modern C++ Design,
+ * page 208
+ */
+
+
+
+#ifndef yaSSL_FACTORY_HPP
+#define yaSSL_FACTORY_HPP
+
+#include STL_VECTOR_FILE
+#include STL_PAIR_FILE
+
+
+namespace STL = STL_NAMESPACE;
+
+
+
+
+
+namespace yaSSL {
+
+
+// Factory uses its callback map to create objects by id,
+// returning an abstract base pointer
+template<class AbstractProduct,
+ typename IdentifierType = int,
+ typename ProductCreator = AbstractProduct* (*)()
+ >
+class Factory {
+ typedef STL::pair<IdentifierType, ProductCreator> CallBack;
+ typedef STL::vector<CallBack> CallBackVector;
+
+ CallBackVector callbacks_;
+public:
+ // pass function pointer to register all callbacks upon creation
+ explicit Factory(void (*init)(Factory<AbstractProduct, IdentifierType,
+ ProductCreator>&))
+ {
+ init(*this);
+ }
+
+ // reserve place in vector before registering, used by init funcion
+ void Reserve(size_t sz)
+ {
+ callbacks_.reserve(sz);
+ }
+
+ // register callback
+ void Register(const IdentifierType& id, ProductCreator pc)
+ {
+ callbacks_.push_back(STL::make_pair(id, pc));
+ }
+
+ // THE Creator, returns a new object of the proper type or 0
+ AbstractProduct* CreateObject(const IdentifierType& id) const
+ {
+ typedef typename STL::vector<CallBack>::const_iterator cIter;
+
+ cIter first = callbacks_.begin();
+ cIter last = callbacks_.end();
+
+ while (first != last) {
+ if (first->first == id)
+ break;
+ ++first;
+ }
+
+ if (first == callbacks_.end())
+ return 0;
+ return (first->second)();
+ }
+private:
+ Factory(const Factory&); // hide copy
+ Factory& operator=(const Factory&); // and assign
+};
+
+
+} // naemspace
+
+#endif // yaSSL_FACTORY_HPP
diff --git a/mysql/extra/yassl/include/handshake.hpp b/mysql/extra/yassl/include/handshake.hpp
new file mode 100644
index 0000000..0c9949a
--- /dev/null
+++ b/mysql/extra/yassl/include/handshake.hpp
@@ -0,0 +1,69 @@
+/*
+ Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* The handshake header declares function prototypes for creating and reading
+ * the various handshake messages.
+ */
+
+
+
+#ifndef yaSSL_HANDSHAKE_HPP
+#define yaSSL_HANDSHAKE_HPP
+
+#include "yassl_types.hpp"
+
+
+namespace yaSSL {
+
+// forward decls
+class SSL;
+class Finished;
+class Data;
+class Alert;
+struct Hashes;
+
+enum BufferOutput { buffered, unbuffered };
+
+void sendClientHello(SSL&);
+void sendServerHello(SSL&, BufferOutput = buffered);
+void sendServerHelloDone(SSL&, BufferOutput = buffered);
+void sendClientKeyExchange(SSL&, BufferOutput = buffered);
+void sendServerKeyExchange(SSL&, BufferOutput = buffered);
+void sendChangeCipher(SSL&, BufferOutput = buffered);
+void sendFinished(SSL&, ConnectionEnd, BufferOutput = buffered);
+void sendCertificate(SSL&, BufferOutput = buffered);
+void sendCertificateRequest(SSL&, BufferOutput = buffered);
+void sendCertificateVerify(SSL&, BufferOutput = buffered);
+int sendData(SSL&, const void*, int);
+int sendAlert(SSL& ssl, const Alert& alert);
+
+int receiveData(SSL&, Data&, bool peek = false);
+void processReply(SSL&);
+
+void buildFinished(SSL&, Finished&, const opaque*);
+void build_certHashes(SSL&, Hashes&);
+
+void hmac(SSL&, byte*, const byte*, uint, ContentType, bool verify = false);
+void TLS_hmac(SSL&, byte*, const byte*, uint, ContentType,
+ bool verify = false);
+void PRF(byte* digest, uint digLen, const byte* secret, uint secLen,
+ const byte* label, uint labLen, const byte* seed, uint seedLen);
+
+} // naemspace
+
+#endif // yaSSL_HANDSHAKE_HPP
diff --git a/mysql/extra/yassl/include/lock.hpp b/mysql/extra/yassl/include/lock.hpp
new file mode 100644
index 0000000..5273f92
--- /dev/null
+++ b/mysql/extra/yassl/include/lock.hpp
@@ -0,0 +1,96 @@
+/*
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* lock.hpp provides an os specific Lock, locks mutex on entry and unlocks
+ * automatically upon exit, no-ops provided for Single Threaded
+*/
+
+#ifndef yaSSL_LOCK_HPP
+#define yaSSL_LOCK_HPP
+
+/*
+ Visual Studio Source Annotations header (sourceannotations.h) fails
+ to compile if outside of the global namespace.
+*/
+#ifdef MULTI_THREADED
+#ifdef _WIN32
+#include <windows.h>
+#endif
+#endif
+
+namespace yaSSL {
+
+
+#ifdef MULTI_THREADED
+ #ifdef _WIN32
+ #include <windows.h>
+
+ class Mutex {
+ CRITICAL_SECTION cs_;
+ public:
+ Mutex();
+ ~Mutex();
+
+ class Lock;
+ friend class Lock;
+
+ class Lock {
+ Mutex& mutex_;
+ public:
+ explicit Lock(Mutex& lm);
+ ~Lock();
+ };
+ };
+ #else // _WIN32
+ #include <pthread.h>
+
+ class Mutex {
+ pthread_mutex_t mutex_;
+ public:
+
+ Mutex();
+ ~Mutex();
+
+ class Lock;
+ friend class Lock;
+
+ class Lock {
+ Mutex& mutex_;
+ public:
+ explicit Lock(Mutex& lm);
+ ~Lock();
+ };
+ };
+
+ #endif // _WIN32
+#else // MULTI_THREADED (WE'RE SINGLE)
+
+ class Mutex {
+ public:
+ class Lock {
+ public:
+ explicit Lock(Mutex&) {}
+ };
+ };
+
+#endif // MULTI_THREADED
+
+
+
+} // namespace
+#endif // yaSSL_LOCK_HPP
diff --git a/mysql/extra/yassl/include/log.hpp b/mysql/extra/yassl/include/log.hpp
new file mode 100644
index 0000000..2651d07
--- /dev/null
+++ b/mysql/extra/yassl/include/log.hpp
@@ -0,0 +1,55 @@
+/*
+ Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* yaSSL log interface
+ *
+ */
+
+#ifndef yaSSL_LOG_HPP
+#define yaSSL_LOG_HPP
+
+#include "socket_wrapper.hpp"
+
+#ifdef YASSL_LOG
+#include <stdio.h>
+#endif
+
+namespace yaSSL {
+
+typedef unsigned int uint;
+
+
+// Debug logger
+class Log {
+#ifdef YASSL_LOG
+ FILE* log_;
+#endif
+public:
+ explicit Log(const char* str = "yaSSL.log");
+ ~Log();
+
+ void Trace(const char*);
+ void ShowTCP(socket_t, bool ended = false);
+ void ShowData(uint, bool sent = false);
+};
+
+
+} // naemspace
+
+#endif // yaSSL_LOG_HPP
diff --git a/mysql/extra/yassl/include/openssl/crypto.h b/mysql/extra/yassl/include/openssl/crypto.h
new file mode 100644
index 0000000..fc2971a
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/crypto.h
@@ -0,0 +1,33 @@
+/* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/* crypto.h for openSSL */
+
+#ifndef yaSSL_crypto_h__
+#define yaSSL_crypto_h__
+
+#ifdef YASSL_PREFIX
+#include "prefix_crypto.h"
+#endif
+
+const char* SSLeay_version(int type);
+
+#define SSLEAY_NUMBER_DEFINED
+#define SSLEAY_VERSION 0x0900L
+#define SSLEAY_VERSION_NUMBER SSLEAY_VERSION
+
+
+#endif /* yaSSL_crypto_h__ */
+
diff --git a/mysql/extra/yassl/include/openssl/des.h b/mysql/extra/yassl/include/openssl/des.h
new file mode 100644
index 0000000..f7394b6
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/des.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2005 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* des.h for openssl */
diff --git a/mysql/extra/yassl/include/openssl/des_old.h b/mysql/extra/yassl/include/openssl/des_old.h
new file mode 100644
index 0000000..b6e2e3e
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/des_old.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2007 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* des_old.h for openvn */
diff --git a/mysql/extra/yassl/include/openssl/engine.h b/mysql/extra/yassl/include/openssl/engine.h
new file mode 100644
index 0000000..15ddcd1
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/engine.h
@@ -0,0 +1,24 @@
+/*
+ Copyright (C) 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* engine.h for libcurl */
+
+#undef HAVE_OPENSSL_ENGINE_H
+
+
diff --git a/mysql/extra/yassl/include/openssl/err.h b/mysql/extra/yassl/include/openssl/err.h
new file mode 100644
index 0000000..9484742
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/err.h
@@ -0,0 +1,27 @@
+/*
+ Copyright (C) 2005, 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* err.h for openssl */
+
+#ifndef yaSSL_err_h__
+#define yaSSL_err_h__
+
+
+
+#endif /* yaSSL_err_h__ */
diff --git a/mysql/extra/yassl/include/openssl/evp.h b/mysql/extra/yassl/include/openssl/evp.h
new file mode 100644
index 0000000..6aa7335
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/evp.h
@@ -0,0 +1,29 @@
+/*
+ Copyright (C) 2007 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* evp.h for openSSL */
+
+#ifndef SSLEAY_NUMBER_DEFINED
+#define SSLEAY_NUMBER_DEFINED
+
+/* for OpenVPN */
+#define SSLEAY_VERSION_NUMBER 0x0090700f
+
+
+#endif /* SSLEAY_NUMBER_DEFINED */
diff --git a/mysql/extra/yassl/include/openssl/hmac.h b/mysql/extra/yassl/include/openssl/hmac.h
new file mode 100644
index 0000000..5da6644
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/hmac.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2007 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* hmac.h for openvpn */
diff --git a/mysql/extra/yassl/include/openssl/lhash.h b/mysql/extra/yassl/include/openssl/lhash.h
new file mode 100644
index 0000000..6d64df7
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/lhash.h
@@ -0,0 +1,21 @@
+/*
+ Copyright (C) 2005 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* lhash.h for openSSL */
+
diff --git a/mysql/extra/yassl/include/openssl/md4.h b/mysql/extra/yassl/include/openssl/md4.h
new file mode 100644
index 0000000..8a86499
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/md4.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* md4.h for libcurl */
diff --git a/mysql/extra/yassl/include/openssl/md5.h b/mysql/extra/yassl/include/openssl/md5.h
new file mode 100644
index 0000000..b54ebcd
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/md5.h
@@ -0,0 +1,23 @@
+/*
+ Copyright (C) 2005, 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* md5.h for openssl */
+
+#include "ssl.h" /* in there for now */
+
diff --git a/mysql/extra/yassl/include/openssl/objects.h b/mysql/extra/yassl/include/openssl/objects.h
new file mode 100644
index 0000000..ed2c029
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/objects.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2007 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* objects.h for openvpn */
diff --git a/mysql/extra/yassl/include/openssl/opensslv.h b/mysql/extra/yassl/include/openssl/opensslv.h
new file mode 100644
index 0000000..88b9ca6
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/opensslv.h
@@ -0,0 +1,31 @@
+/*
+ Copyright (C) 2005 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* opensslv.h compatibility */
+
+#ifndef yaSSL_opensslv_h__
+#define yaSSL_opensslv_h__
+
+
+/* api version compatibility */
+#define OPENSSL_VERSION_NUMBER 0x0090700f
+
+
+#endif /* yaSSLopensslv_h__ */
+
diff --git a/mysql/extra/yassl/include/openssl/pem.h b/mysql/extra/yassl/include/openssl/pem.h
new file mode 100644
index 0000000..c467e46
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/pem.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* pem.h for libcurl */
diff --git a/mysql/extra/yassl/include/openssl/pkcs12.h b/mysql/extra/yassl/include/openssl/pkcs12.h
new file mode 100644
index 0000000..c3f8ee6
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/pkcs12.h
@@ -0,0 +1,24 @@
+/*
+ Copyright (C) 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* pkcs12.h for libcurl */
+
+
+#undef HAVE_OPENSSL_PKCS12_H
+
diff --git a/mysql/extra/yassl/include/openssl/prefix_crypto.h b/mysql/extra/yassl/include/openssl/prefix_crypto.h
new file mode 100644
index 0000000..895dd51
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/prefix_crypto.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#define SSLeay_version yaSSLeay_version
diff --git a/mysql/extra/yassl/include/openssl/prefix_ssl.h b/mysql/extra/yassl/include/openssl/prefix_ssl.h
new file mode 100644
index 0000000..806f103
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/prefix_ssl.h
@@ -0,0 +1,189 @@
+/*
+ Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#define Copyright yaCopyright
+#define yaSSL_CleanUp yayaSSL_CleanUp
+#define BN_bin2bn yaBN_bin2bn
+#define DH_new yaDH_new
+#define DH_free yaDH_free
+#define RSA_free yaRSA_free
+#define RSA_generate_key yaRSA_generate_key
+#define X509_free yaX509_free
+#define X509_STORE_CTX_get_current_cert yaX509_STORE_CTX_get_current_cert
+#define X509_STORE_CTX_get_error yaX509_STORE_CTX_get_error
+#define X509_STORE_CTX_get_error_depth yaX509_STORE_CTX_get_error_depth
+#define X509_NAME_oneline yaX509_NAME_oneline
+#define X509_get_issuer_name yaX509_get_issuer_name
+#define X509_get_subject_name yaX509_get_subject_name
+#define X509_verify_cert_error_string yaX509_verify_cert_error_string
+#define X509_LOOKUP_add_dir yaX509_LOOKUP_add_dir
+#define X509_LOOKUP_load_file yaX509_LOOKUP_load_file
+#define X509_LOOKUP_hash_dir yaX509_LOOKUP_hash_dir
+#define X509_LOOKUP_file yaX509_LOOKUP_file
+#define X509_STORE_add_lookup yaX509_STORE_add_lookup
+#define X509_STORE_new yaX509_STORE_new
+#define X509_STORE_get_by_subject yaX509_STORE_get_by_subject
+#define ERR_get_error_line_data yaERR_get_error_line_data
+#define ERR_print_errors_fp yaERR_print_errors_fp
+#define ERR_error_string yaERR_error_string
+#define ERR_remove_state yaERR_remove_state
+#define ERR_get_error yaERR_get_error
+#define ERR_peek_error yaERR_peek_error
+#define ERR_GET_REASON yaERR_GET_REASON
+#define SSL_CTX_new yaSSL_CTX_new
+#define SSL_new yaSSL_new
+#define SSL_set_fd yaSSL_set_fd
+#define SSL_get_fd yaSSL_get_fd
+#define SSL_connect yaSSL_connect
+#define SSL_write yaSSL_write
+#define SSL_read yaSSL_read
+#define SSL_accept yaSSL_accept
+#define SSL_CTX_free yaSSL_CTX_free
+#define SSL_free yaSSL_free
+#define SSL_clear yaSSL_clear
+#define SSL_shutdown yaSSL_shutdown
+#define SSL_set_connect_state yaSSL_set_connect_state
+#define SSL_set_accept_state yaSSL_set_accept_state
+#define SSL_do_handshake yaSSL_do_handshake
+#define SSL_get_cipher yaSSL_get_cipher
+#define SSL_get_cipher_name yaSSL_get_cipher_name
+#define SSL_get_shared_ciphers yaSSL_get_shared_ciphers
+#define SSL_get_cipher_list yaSSL_get_cipher_list
+#define SSL_get_version yaSSL_get_version
+#define SSLeay_version yaSSLeay_version
+#define SSL_get_error yaSSL_get_error
+#define SSL_load_error_strings yaSSL_load_error_strings
+#define SSL_set_session yaSSL_set_session
+#define SSL_get_session yaSSL_get_session
+#define SSL_flush_sessions yaSSL_flush_sessions
+#define SSL_SESSION_set_timeout yaSSL_SESSION_set_timeout
+#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode
+#define SSL_get_peer_certificate yaSSL_get_peer_certificate
+#define SSL_get_verify_result yaSSL_get_verify_result
+#define SSL_CTX_set_verify yaSSL_CTX_set_verify
+#define SSL_CTX_load_verify_locations yaSSL_CTX_load_verify_locations
+#define SSL_CTX_set_default_verify_paths yaSSL_CTX_set_default_verify_paths
+#define SSL_CTX_check_private_key yaSSL_CTX_check_private_key
+#define SSL_CTX_set_session_id_context yaSSL_CTX_set_session_id_context
+#define SSL_CTX_set_tmp_rsa_callback yaSSL_CTX_set_tmp_rsa_callback
+#define SSL_CTX_set_options yaSSL_CTX_set_options
+#define SSL_CTX_set_session_cache_mode yaSSL_CTX_set_session_cache_mode
+#define SSL_CTX_set_timeout yaSSL_CTX_set_timeout
+#define SSL_CTX_use_certificate_chain_file yaSSL_CTX_use_certificate_chain_file
+#define SSL_CTX_set_default_passwd_cb yaSSL_CTX_set_default_passwd_cb
+#define SSL_CTX_use_RSAPrivateKey_file yaSSL_CTX_use_RSAPrivateKey_file
+#define SSL_CTX_set_info_callback yaSSL_CTX_set_info_callback
+#define SSL_CTX_sess_accept yaSSL_CTX_sess_accept
+#define SSL_CTX_sess_connect yaSSL_CTX_sess_connect
+#define SSL_CTX_sess_accept_good yaSSL_CTX_sess_accept_good
+#define SSL_CTX_sess_connect_good yaSSL_CTX_sess_connect_good
+#define SSL_CTX_sess_accept_renegotiate yaSSL_CTX_sess_accept_renegotiate
+#define SSL_CTX_sess_connect_renegotiate yaSSL_CTX_sess_connect_renegotiate
+#define SSL_CTX_sess_hits yaSSL_CTX_sess_hits
+#define SSL_CTX_sess_cb_hits yaSSL_CTX_sess_cb_hits
+#define SSL_CTX_sess_cache_full yaSSL_CTX_sess_cache_full
+#define SSL_CTX_sess_misses yaSSL_CTX_sess_misses
+#define SSL_CTX_sess_timeouts yaSSL_CTX_sess_timeouts
+#define SSL_CTX_sess_number yaSSL_CTX_sess_number
+#define SSL_CTX_sess_get_cache_size yaSSL_CTX_sess_get_cache_size
+#define SSL_CTX_get_verify_mode yaSSL_CTX_get_verify_mode
+#define SSL_get_verify_mode yaSSL_get_verify_mode
+#define SSL_CTX_get_verify_depth yaSSL_CTX_get_verify_depth
+#define SSL_get_verify_depth yaSSL_get_verify_depth
+#define SSL_get_default_timeout yaSSL_get_default_timeout
+#define SSL_CTX_get_session_cache_mode yaSSL_CTX_get_session_cache_mode
+#define SSL_session_reused yaSSL_session_reused
+#define SSL_set_rfd yaSSL_set_rfd
+#define SSL_set_wfd yaSSL_set_wfd
+#define SSL_set_shutdown yaSSL_set_shutdown
+#define SSL_set_quiet_shutdown yaSSL_set_quiet_shutdown
+#define SSL_get_quiet_shutdown yaSSL_get_quiet_shutdown
+#define SSL_want_read yaSSL_want_read
+#define SSL_want_write yaSSL_want_write
+#define SSL_pending yaSSL_pending
+#define SSLv3_method yaSSLv3_method
+#define SSLv3_server_method yaSSLv3_server_method
+#define SSLv3_client_method yaSSLv3_client_method
+#define TLSv1_server_method yaTLSv1_server_method
+#define TLSv1_client_method yaTLSv1_client_method
+#define TLSv1_1_server_method yaTLSv1_1_server_method
+#define TLSv1_1_client_method yaTLSv1_1_client_method
+#define SSLv23_server_method yaSSLv23_server_method
+#define SSL_CTX_use_certificate_file yaSSL_CTX_use_certificate_file
+#define SSL_CTX_use_PrivateKey_file yaSSL_CTX_use_PrivateKey_file
+#define SSL_CTX_set_cipher_list yaSSL_CTX_set_cipher_list
+#define SSL_CTX_sess_set_cache_size yaSSL_CTX_sess_set_cache_size
+#define SSL_CTX_set_tmp_dh yaSSL_CTX_set_tmp_dh
+#define OpenSSL_add_all_algorithms yaOpenSSL_add_all_algorithms
+#define SSL_library_init yaSSL_library_init
+#define SSLeay_add_ssl_algorithms yaSSLeay_add_ssl_algorithms
+#define SSL_get_current_cipher yaSSL_get_current_cipher
+#define SSL_CIPHER_description yaSSL_CIPHER_description
+#define SSL_alert_type_string_long yaSSL_alert_type_string_long
+#define SSL_alert_desc_string_long yaSSL_alert_desc_string_long
+#define SSL_state_string_long yaSSL_state_string_long
+#define EVP_md5 yaEVP_md5
+#define EVP_des_ede3_cbc yaEVP_des_ede3_cbc
+#define EVP_BytesToKey yaEVP_BytesToKey
+#define DES_set_key_unchecked yaDES_set_key_unchecked
+#define DES_ede3_cbc_encrypt yaDES_ede3_cbc_encrypt
+#define RAND_screen yaRAND_screen
+#define RAND_file_name yaRAND_file_name
+#define RAND_write_file yaRAND_write_file
+#define RAND_load_file yaRAND_load_file
+#define RAND_status yaRAND_status
+#define RAND_bytes yaRAND_bytes
+#define DES_set_key yaDES_set_key
+#define DES_set_odd_parity yaDES_set_odd_parity
+#define DES_ecb_encrypt yaDES_ecb_encrypt
+#define SSL_CTX_set_default_passwd_cb_userdata yaSSL_CTX_set_default_passwd_cb_userdata
+#define SSL_SESSION_free yaSSL_SESSION_free
+#define SSL_peek yaSSL_peek
+#define SSL_get_certificate yaSSL_get_certificate
+#define SSL_get_privatekey yaSSL_get_privatekey
+#define X509_get_pubkey yaX509_get_pubkey
+#define EVP_PKEY_copy_parameters yaEVP_PKEY_copy_parameters
+#define EVP_PKEY_free yaEVP_PKEY_free
+#define ERR_error_string_n yaERR_error_string_n
+#define ERR_free_strings yaERR_free_strings
+#define EVP_cleanup yaEVP_cleanup
+#define X509_get_ext_d2i yaX509_get_ext_d2i
+#define GENERAL_NAMES_free yaGENERAL_NAMES_free
+#define sk_GENERAL_NAME_num yask_GENERAL_NAME_num
+#define sk_GENERAL_NAME_value yask_GENERAL_NAME_value
+#define ASN1_STRING_data yaASN1_STRING_data
+#define ASN1_STRING_length yaASN1_STRING_length
+#define ASN1_STRING_type yaASN1_STRING_type
+#define X509_NAME_get_index_by_NID yaX509_NAME_get_index_by_NID
+#define X509_NAME_ENTRY_get_data yaX509_NAME_ENTRY_get_data
+#define X509_NAME_get_entry yaX509_NAME_get_entry
+#define ASN1_STRING_to_UTF8 yaASN1_STRING_to_UTF8
+#define SSLv23_client_method yaSSLv23_client_method
+#define SSLv2_client_method yaSSLv2_client_method
+#define SSL_get1_session yaSSL_get1_session
+#define X509_get_notBefore yaX509_get_notBefore
+#define X509_get_notAfter yaX509_get_notAfter
+#define yaSSL_ASN1_TIME_to_string ya_SSL_ASN1_TIME_to_string
+#define MD4_Init yaMD4_Init
+#define MD4_Update yaMD4_Update
+#define MD4_Final yaMD4_Final
+#define MD5_Init yaMD5_Init
+#define MD5_Update yaMD5_Update
+#define MD5_Final yaMD5_Final
+#define SSL_set_compression yaSSL_set_compression
+#define PEM_read_X509 yaSSL_PEM_read_X509
diff --git a/mysql/extra/yassl/include/openssl/rand.h b/mysql/extra/yassl/include/openssl/rand.h
new file mode 100644
index 0000000..9e0cedf
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/rand.h
@@ -0,0 +1,21 @@
+/*
+ Copyright (C) 2005 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* rand.h for openSSL */
+
diff --git a/mysql/extra/yassl/include/openssl/rsa.h b/mysql/extra/yassl/include/openssl/rsa.h
new file mode 100644
index 0000000..95305a8
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/rsa.h
@@ -0,0 +1,29 @@
+/*
+ Copyright (C) 2005, 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* rsa.h for openSSL */
+
+
+#ifndef yaSSL_rsa_h__
+#define yaSSL_rsa_h__
+
+enum { RSA_F4 = 1 };
+
+
+#endif /* yaSSL_rsa_h__ */
diff --git a/mysql/extra/yassl/include/openssl/sha.h b/mysql/extra/yassl/include/openssl/sha.h
new file mode 100644
index 0000000..5b7c6bd
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/sha.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2007 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* sha.h for openvpn */
diff --git a/mysql/extra/yassl/include/openssl/ssl.h b/mysql/extra/yassl/include/openssl/ssl.h
new file mode 100644
index 0000000..10fa491
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/ssl.h
@@ -0,0 +1,568 @@
+/*
+ Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+ */
+
+/* ssl.h defines openssl compatibility layer
+ *
+ */
+
+
+
+#ifndef yaSSL_openssl_h__
+#define yaSSL_openssl_h__
+
+#ifdef YASSL_PREFIX
+#include "prefix_ssl.h"
+#endif
+
+#include <stdio.h> /* ERR_print fp */
+#include "opensslv.h" /* for version number */
+#include "rsa.h"
+
+
+#define YASSL_VERSION "2.4.4"
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+ void yaSSL_CleanUp(); /* call once at end of application use to
+ free static singleton memory holders,
+ not a leak per se, but helpful when
+ looking for them */
+
+#if defined(__cplusplus)
+} // extern
+#endif
+
+#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
+namespace yaSSL {
+extern "C" {
+#endif
+
+#undef X509_NAME /* wincrypt.h clash */
+
+#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
+ class SSL;
+ class SSL_SESSION;
+ class SSL_METHOD;
+ class SSL_CTX;
+ class SSL_CIPHER;
+
+ class RSA;
+
+ class X509;
+ class X509_NAME;
+#else
+ typedef struct SSL SSL;
+ typedef struct SSL_SESSION SSL_SESSION;
+ typedef struct SSL_METHOD SSL_METHOD;
+ typedef struct SSL_CTX SSL_CTX;
+ typedef struct SSL_CIPHER SSL_CIPHER;
+
+ typedef struct RSA RSA;
+
+ typedef struct X509 X509;
+ typedef struct X509_NAME X509_NAME;
+#endif
+
+
+/* Big Number stuff, different file? */
+typedef struct BIGNUM BIGNUM;
+
+BIGNUM *BN_bin2bn(const unsigned char*, int, BIGNUM*);
+
+
+/* Diffie-Hellman stuff, different file? */
+/* mySQL deferences to set group parameters */
+typedef struct DH {
+ BIGNUM* p;
+ BIGNUM* g;
+} DH;
+
+DH* DH_new(void);
+void DH_free(DH*);
+
+/* RSA stuff */
+
+void RSA_free(RSA*);
+RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*);
+
+
+/* X509 stuff, different file? */
+
+/* because mySQL dereferences to use error and current_cert, even after calling
+ * get functions for local references */
+typedef struct X509_STORE_CTX {
+ int error;
+ int error_depth;
+ X509* current_cert;
+} X509_STORE_CTX;
+
+
+typedef struct X509_STORE X509_STORE;
+typedef struct X509_LOOKUP X509_LOOKUP;
+typedef struct X509_OBJECT { char c; } X509_OBJECT;
+typedef struct X509_CRL X509_CRL;
+typedef struct X509_REVOKED X509_REVOKED;
+typedef struct X509_LOOKUP_METHOD X509_LOOKUP_METHOD;
+
+
+void X509_free(X509*);
+
+
+/* bio stuff */
+typedef struct BIO BIO;
+
+/* ASN stuff */
+
+
+
+X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX*);
+int X509_STORE_CTX_get_error(X509_STORE_CTX*);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX*);
+
+char* X509_NAME_oneline(X509_NAME*, char*, int);
+X509_NAME* X509_get_issuer_name(X509*);
+X509_NAME* X509_get_subject_name(X509*);
+const char* X509_verify_cert_error_string(long);
+
+int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long);
+int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long);
+X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD* X509_LOOKUP_file(void);
+
+X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*);
+X509_STORE* X509_STORE_new(void);
+int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*,
+ X509_OBJECT*);
+
+
+
+
+enum { /* X509 Constants */
+ X509_V_OK = 0,
+ X509_V_ERR_CERT_CHAIN_TOO_LONG = 1,
+ X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2,
+ X509_V_ERR_CERT_NOT_YET_VALID = 3,
+ X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 4,
+ X509_V_ERR_CERT_HAS_EXPIRED = 5,
+ X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 6,
+ X509_FILETYPE_PEM = 7,
+ X509_LU_X509 = 8,
+ X509_LU_CRL = 9,
+ X509_V_ERR_CRL_SIGNATURE_FAILURE = 10,
+ X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = 11,
+ X509_V_ERR_CRL_HAS_EXPIRED = 12,
+ X509_V_ERR_CERT_REVOKED = 13,
+ X509_V_FLAG_CRL_CHECK = 14,
+ X509_V_FLAG_CRL_CHECK_ALL = 15
+};
+
+
+/* Error stuff, could move to yassl_error */
+unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);
+void ERR_print_errors_fp(FILE*);
+char* ERR_error_string(unsigned long,char*);
+void ERR_remove_state(unsigned long);
+unsigned long ERR_get_error(void);
+unsigned long ERR_peek_error(void);
+int ERR_GET_REASON(int);
+
+
+enum { /* ERR Constants */
+ ERR_TXT_STRING = 1,
+ EVP_R_BAD_DECRYPT = 2
+};
+
+/*
+ Allow type used by SSL_set_fd to be changed, default to int
+ in order to be compatible with OpenSSL
+ */
+#ifndef YASSL_SOCKET_T_DEFINED
+typedef int YASSL_SOCKET_T;
+#endif
+
+SSL_CTX* SSL_CTX_new(SSL_METHOD*);
+SSL* SSL_new(SSL_CTX*);
+int SSL_set_fd (SSL*, YASSL_SOCKET_T);
+YASSL_SOCKET_T SSL_get_fd(const SSL*);
+int SSL_connect(SSL*); /* if you get an error from connect
+ see note at top of README */
+int SSL_write(SSL*, const void*, int);
+int SSL_read(SSL*, void*, int);
+int SSL_accept(SSL*);
+void SSL_CTX_free(SSL_CTX*);
+void SSL_free(SSL*);
+int SSL_clear(SSL*);
+int SSL_shutdown(SSL*);
+
+void SSL_set_connect_state(SSL*);
+void SSL_set_accept_state(SSL*);
+int SSL_do_handshake(SSL*);
+
+const char* SSL_get_cipher(SSL*);
+const char* SSL_get_cipher_name(SSL*); /* uses SSL_get_cipher */
+char* SSL_get_shared_ciphers(SSL*, char*, int);
+const char* SSL_get_cipher_list(SSL*, int);
+const char* SSL_get_version(SSL*);
+const char* SSLeay_version(int);
+
+int SSL_get_error(SSL*, int);
+void SSL_load_error_strings(void);
+
+int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+SSL_SESSION* SSL_get_session(SSL* ssl);
+void SSL_flush_sessions(SSL_CTX *ctx, long tm);
+long SSL_SESSION_set_timeout(SSL_SESSION*, long);
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode);
+X509* SSL_get_peer_certificate(SSL*);
+long SSL_get_verify_result(SSL*);
+
+
+typedef int (*VerifyCallback)(int, X509_STORE_CTX*);
+typedef int (*pem_password_cb)(char*, int, int, void*);
+int default_password_callback(char * buffer, int size_arg, int rwflag,
+ void * u);
+
+void SSL_CTX_set_verify(SSL_CTX*, int, VerifyCallback verify_callback);
+int SSL_CTX_load_verify_locations(SSL_CTX*, const char*, const char*);
+int SSL_CTX_set_default_verify_paths(SSL_CTX*);
+int SSL_CTX_check_private_key(SSL_CTX*);
+int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
+ unsigned int);
+
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int));
+long SSL_CTX_set_options(SSL_CTX*, long);
+long SSL_CTX_set_session_cache_mode(SSL_CTX*, long);
+long SSL_CTX_set_timeout(SSL_CTX*, long);
+int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*);
+void SSL_CTX_set_default_passwd_cb(SSL_CTX*, pem_password_cb);
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int);
+void SSL_CTX_set_info_callback(SSL_CTX*, void (*)());
+
+long SSL_CTX_sess_accept(SSL_CTX*);
+long SSL_CTX_sess_connect(SSL_CTX*);
+long SSL_CTX_sess_accept_good(SSL_CTX*);
+long SSL_CTX_sess_connect_good(SSL_CTX*);
+long SSL_CTX_sess_accept_renegotiate(SSL_CTX*);
+long SSL_CTX_sess_connect_renegotiate(SSL_CTX*);
+long SSL_CTX_sess_hits(SSL_CTX*);
+long SSL_CTX_sess_cb_hits(SSL_CTX*);
+long SSL_CTX_sess_cache_full(SSL_CTX*);
+long SSL_CTX_sess_misses(SSL_CTX*);
+long SSL_CTX_sess_timeouts(SSL_CTX*);
+long SSL_CTX_sess_number(SSL_CTX*);
+long SSL_CTX_sess_get_cache_size(SSL_CTX*);
+
+int SSL_CTX_get_verify_mode(SSL_CTX*);
+int SSL_get_verify_mode(SSL*);
+int SSL_CTX_get_verify_depth(SSL_CTX*);
+int SSL_get_verify_depth(SSL*);
+
+long SSL_get_default_timeout(SSL*);
+long SSL_CTX_get_session_cache_mode(SSL_CTX*);
+int SSL_session_reused(SSL*);
+
+int SSL_set_rfd(SSL*, int);
+int SSL_set_wfd(SSL*, int);
+void SSL_set_shutdown(SSL*, int);
+void SSL_set_quiet_shutdown(SSL *ssl,int mode);
+int SSL_get_quiet_shutdown(SSL *ssl);
+
+int SSL_want_read(SSL*);
+int SSL_want_write(SSL*);
+
+int SSL_pending(SSL*);
+
+
+enum { /* ssl Constants */
+ SSL_WOULD_BLOCK = -8,
+ SSL_BAD_STAT = -7,
+ SSL_BAD_PATH = -6,
+ SSL_BAD_FILETYPE = -5,
+ SSL_BAD_FILE = -4,
+ SSL_NOT_IMPLEMENTED = -3,
+ SSL_UNKNOWN = -2,
+ SSL_FATAL_ERROR = -1,
+ SSL_NORMAL_SHUTDOWN = 0,
+ SSL_ERROR_NONE = 0, /* for most functions */
+ SSL_FAILURE = 0, /* for some functions */
+ SSL_SUCCESS = 1,
+
+ SSL_FILETYPE_ASN1 = 10,
+ SSL_FILETYPE_PEM = 11,
+ SSL_FILETYPE_DEFAULT = 10, /* ASN1 */
+
+ SSL_VERIFY_NONE = 0,
+ SSL_VERIFY_PEER = 1,
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT = 2,
+ SSL_VERIFY_CLIENT_ONCE = 4,
+
+ SSL_SESS_CACHE_OFF = 30,
+ SSL_SESS_CACHE_CLIENT = 31,
+ SSL_SESS_CACHE_SERVER = 32,
+ SSL_SESS_CACHE_BOTH = 33,
+ SSL_SESS_CACHE_NO_AUTO_CLEAR = 34,
+ SSL_SESS_CACHE_NO_INTERNAL_LOOKUP = 35,
+
+ SSL_OP_MICROSOFT_SESS_ID_BUG = 50,
+ SSL_OP_NETSCAPE_CHALLENGE_BUG = 51,
+ SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG = 52,
+ SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG = 53,
+ SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER = 54,
+ SSL_OP_MSIE_SSLV2_RSA_PADDING = 55,
+ SSL_OP_SSLEAY_080_CLIENT_DH_BUG = 56,
+ SSL_OP_TLS_D5_BUG = 57,
+ SSL_OP_TLS_BLOCK_PADDING_BUG = 58,
+ SSL_OP_TLS_ROLLBACK_BUG = 59,
+ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS = 60,
+ SSL_OP_ALL = 61,
+ SSL_OP_SINGLE_DH_USE = 62,
+ SSL_OP_EPHEMERAL_RSA = 63,
+ SSL_OP_PKCS1_CHECK_1 = 67,
+ SSL_OP_PKCS1_CHECK_2 = 68,
+ SSL_OP_NETSCAPE_CA_DN_BUG = 69,
+ SSL_OP_NON_EXPORT_FIRST = 70,
+ SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG = 71,
+
+ SSL_ERROR_WANT_READ = 80,
+ SSL_ERROR_WANT_WRITE = 81,
+ SSL_ERROR_SYSCALL = 82,
+ SSL_ERROR_WANT_X509_LOOKUP = 83,
+ SSL_ERROR_ZERO_RETURN = 84,
+ SSL_ERROR_SSL = 85,
+
+ SSL_ST_CONNECT = 90,
+ SSL_ST_ACCEPT = 91,
+ SSL_CB_LOOP = 92,
+ SSL_SENT_SHUTDOWN = 93,
+ SSL_RECEIVED_SHUTDOWN = 94,
+ SSL_CB_ALERT = 95,
+ SSL_CB_READ = 96,
+ SSL_CB_HANDSHAKE_DONE = 97,
+
+ SSL_OP_NO_SSLv2 = 128,
+ SSL_OP_NO_SSLv3 = 256,
+ SSL_OP_NO_TLSv1 = 512,
+ SSL_OP_NO_TLSv1_1 = 1024,
+};
+
+
+SSL_METHOD *SSLv3_method(void);
+SSL_METHOD *SSLv3_server_method(void);
+SSL_METHOD *SSLv3_client_method(void);
+SSL_METHOD *TLSv1_server_method(void);
+SSL_METHOD *TLSv1_client_method(void);
+SSL_METHOD *TLSv1_1_server_method(void);
+SSL_METHOD *TLSv1_1_client_method(void);
+SSL_METHOD *SSLv23_server_method(void);
+
+int SSL_CTX_use_certificate_file(SSL_CTX*, const char*, int);
+int SSL_CTX_use_PrivateKey_file(SSL_CTX*, const char*, int);
+int SSL_CTX_set_cipher_list(SSL_CTX*, const char*);
+
+long SSL_CTX_sess_set_cache_size(SSL_CTX*, long);
+long SSL_CTX_set_tmp_dh(SSL_CTX*, DH*);
+
+void OpenSSL_add_all_algorithms(void);
+int SSL_library_init();
+int SSLeay_add_ssl_algorithms(void);
+
+
+SSL_CIPHER* SSL_get_current_cipher(SSL*);
+char* SSL_CIPHER_description(SSL_CIPHER*, char*, int);
+
+
+char* SSL_alert_type_string_long(int);
+char* SSL_alert_desc_string_long(int);
+char* SSL_state_string_long(SSL*);
+
+X509* PEM_read_X509(FILE *fp, X509 *x, pem_password_cb cb, void *u);
+/* EVP stuff, des and md5, different file? */
+typedef char EVP_MD;
+
+typedef char EVP_CIPHER;
+
+typedef struct EVP_PKEY EVP_PKEY;
+
+typedef unsigned char DES_cblock[8];
+typedef const DES_cblock const_DES_cblock;
+typedef DES_cblock DES_key_schedule;
+
+enum {
+ DES_ENCRYPT = 1,
+ DES_DECRYPT = 0
+};
+
+const EVP_MD* EVP_md5(void);
+const EVP_CIPHER* EVP_des_ede3_cbc(void);
+
+typedef unsigned char opaque;
+
+int EVP_BytesToKey(const EVP_CIPHER*, const EVP_MD*, const opaque*,
+ const opaque*, int, int, opaque*, opaque*);
+
+void DES_set_key_unchecked(const_DES_cblock*, DES_key_schedule*);
+void DES_ede3_cbc_encrypt(const opaque*, opaque*, long, DES_key_schedule*,
+ DES_key_schedule*, DES_key_schedule*, DES_cblock*, int);
+
+
+/* RAND stuff */
+void RAND_screen(void);
+const char* RAND_file_name(char*, size_t);
+int RAND_write_file(const char*);
+int RAND_load_file(const char*, long);
+
+
+/* for libcurl */
+int RAND_status(void);
+int RAND_bytes(unsigned char* buf, int num);
+
+int DES_set_key(const_DES_cblock*, DES_key_schedule*);
+void DES_set_odd_parity(DES_cblock*);
+void DES_ecb_encrypt(DES_cblock*, DES_cblock*, DES_key_schedule*, int);
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX*, void* userdata);
+void SSL_SESSION_free(SSL_SESSION* session);
+int SSL_peek(SSL* ssl, void* buf, int num);
+
+X509* SSL_get_certificate(SSL* ssl);
+EVP_PKEY* SSL_get_privatekey(SSL* ssl);
+EVP_PKEY* X509_get_pubkey(X509* x);
+
+int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from);
+void EVP_PKEY_free(EVP_PKEY* pkey);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+void ERR_free_strings(void);
+void EVP_cleanup(void);
+
+void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx);
+
+#define GEN_IPADD 7
+#define NID_subject_alt_name 85
+#define STACK_OF(x) x
+
+
+/* defined here because libcurl dereferences */
+typedef struct ASN1_STRING {
+ int type;
+ int length;
+ unsigned char* data;
+} ASN1_STRING;
+
+
+typedef struct GENERAL_NAME {
+ int type;
+ union {
+ ASN1_STRING* ia5;
+ } d;
+} GENERAL_NAME;
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x);
+
+int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x);
+GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i);
+
+
+unsigned char* ASN1_STRING_data(ASN1_STRING* x);
+int ASN1_STRING_length(ASN1_STRING* x);
+int ASN1_STRING_type(ASN1_STRING *x);
+
+typedef ASN1_STRING X509_NAME_ENTRY;
+
+int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos);
+
+ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne);
+X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc);
+
+#define OPENSSL_malloc(x) malloc(x)
+#define OPENSSL_free(x) free(x)
+
+int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in);
+
+SSL_METHOD* SSLv23_client_method(void); /* doesn't actually roll back */
+SSL_METHOD* SSLv2_client_method(void); /* will never work, no v 2 */
+
+
+SSL_SESSION* SSL_get1_session(SSL* ssl); /* what's ref count */
+
+
+#define CRYPTO_free(x) free(x)
+#define ASN1_TIME ASN1_STRING
+
+ASN1_TIME* X509_get_notBefore(X509* x);
+ASN1_TIME* X509_get_notAfter(X509* x);
+
+
+#define ASN1_UTCTIME ASN1_STRING
+#define NID_commonName 13
+#define V_ASN1_UTF8STRING 12
+#define GEN_DNS 2
+
+#define CERTFICATE_ERROR 0x14090086 /* SSLv3 error */
+
+
+typedef struct MD4_CTX {
+ int buffer[32]; /* big enough to hold, check size in Init */
+} MD4_CTX;
+
+void MD4_Init(MD4_CTX*);
+void MD4_Update(MD4_CTX*, const void*, unsigned long);
+void MD4_Final(unsigned char*, MD4_CTX*);
+
+
+typedef struct MD5_CTX {
+ int buffer[32]; /* big enough to hold, check size in Init */
+} MD5_CTX;
+
+void MD5_Init(MD5_CTX*);
+void MD5_Update(MD5_CTX*, const void*, unsigned long);
+void MD5_Final(unsigned char*, MD5_CTX*);
+
+#define MD5_DIGEST_LENGTH 16
+
+
+#define SSL_DEFAULT_CIPHER_LIST "" /* default all */
+
+
+/* yaSSL extensions */
+int SSL_set_compression(SSL*); /* turn on yaSSL zlib compression */
+char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time, char *buf, size_t len);
+
+#include "transport_types.h"
+
+/*
+ Set functions for yaSSL to use in order to send and receive data.
+
+ These hooks are offered in order to enable non-blocking I/O. If
+ not set, yaSSL defaults to using send() and recv().
+
+ @todo Remove hooks and accompanying code when yaSSL is fixed.
+*/
+void yaSSL_transport_set_ptr(SSL *, void *);
+void yaSSL_transport_set_recv_function(SSL *, yaSSL_recv_func_t);
+void yaSSL_transport_set_send_function(SSL *, yaSSL_send_func_t);
+
+#if defined(__cplusplus) && !defined(YASSL_MYSQL_COMPATIBLE)
+} /* namespace */
+} /* extern "C" */
+#endif
+
+
+#endif /* yaSSL_openssl_h__ */
diff --git a/mysql/extra/yassl/include/openssl/transport_types.h b/mysql/extra/yassl/include/openssl/transport_types.h
new file mode 100644
index 0000000..5a9d234
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/transport_types.h
@@ -0,0 +1,26 @@
+/*
+ Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+#ifndef yaSSL_transport_types_h__
+#define yaSSL_transport_types_h__
+
+/* Type of transport functions used for sending and receiving data. */
+typedef long (*yaSSL_recv_func_t) (void *, void *, size_t);
+typedef long (*yaSSL_send_func_t) (void *, const void *, size_t);
+
+#endif
diff --git a/mysql/extra/yassl/include/openssl/x509.h b/mysql/extra/yassl/include/openssl/x509.h
new file mode 100644
index 0000000..74eb83e
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/x509.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* x509.h for libcurl */
diff --git a/mysql/extra/yassl/include/openssl/x509v3.h b/mysql/extra/yassl/include/openssl/x509v3.h
new file mode 100644
index 0000000..b48e9b4
--- /dev/null
+++ b/mysql/extra/yassl/include/openssl/x509v3.h
@@ -0,0 +1,20 @@
+/*
+ Copyright (C) 2006 MySQL AB
+ Use is subject to license terms
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* x509v3.h for libcurl */
diff --git a/mysql/extra/yassl/include/socket_wrapper.hpp b/mysql/extra/yassl/include/socket_wrapper.hpp
new file mode 100644
index 0000000..ec3ab6f
--- /dev/null
+++ b/mysql/extra/yassl/include/socket_wrapper.hpp
@@ -0,0 +1,104 @@
+/*
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+ */
+
+
+/* The socket wrapper header defines a Socket class that hides the differences
+ * between Berkely style sockets and Windows sockets, allowing transparent TCP
+ * access.
+ */
+
+
+#ifndef yaSSL_SOCKET_WRAPPER_HPP
+#define yaSSL_SOCKET_WRAPPER_HPP
+
+
+#ifdef _WIN32
+ #include <winsock2.h>
+#else
+ #include <sys/time.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #include <unistd.h>
+ #include <netinet/in.h>
+ #include <arpa/inet.h>
+#endif
+
+
+namespace yaSSL {
+
+typedef unsigned int uint;
+
+#ifdef _WIN32
+ typedef SOCKET socket_t;
+#else
+ typedef int socket_t;
+ const socket_t INVALID_SOCKET = -1;
+ const int SD_RECEIVE = 0;
+ const int SD_SEND = 1;
+ const int SD_BOTH = 2;
+ const int SOCKET_ERROR = -1;
+#endif
+
+ extern "C" {
+ #include "openssl/transport_types.h"
+ }
+
+typedef unsigned char byte;
+
+
+// Wraps Windows Sockets and BSD Sockets
+class Socket {
+ socket_t socket_; // underlying socket descriptor
+ bool wouldBlock_; // if non-blocking data, for last read
+ bool nonBlocking_; // is option set
+ void *ptr_; // Argument to transport function
+ yaSSL_send_func_t send_func_; // Function to send data
+ yaSSL_recv_func_t recv_func_; // Function to receive data
+public:
+ explicit Socket(socket_t s = INVALID_SOCKET);
+ ~Socket();
+
+ void set_fd(socket_t s);
+ uint get_ready() const;
+ socket_t get_fd() const;
+
+ void set_transport_ptr(void *ptr);
+ void set_transport_recv_function(yaSSL_recv_func_t recv_func);
+ void set_transport_send_function(yaSSL_send_func_t send_func);
+
+ uint send(const byte* buf, unsigned int len, unsigned int& sent);
+ uint receive(byte* buf, unsigned int len);
+
+ bool wait();
+ bool WouldBlock() const;
+ bool IsNonBlocking() const;
+
+ void closeSocket();
+ void shutDown(int how = SD_SEND);
+
+ static int get_lastError();
+ static void set_lastError(int error);
+private:
+ Socket(const Socket&); // hide copy
+ Socket& operator= (const Socket&); // and assign
+};
+
+
+} // naemspace
+
+#endif // yaSSL_SOCKET_WRAPPER_HPP
diff --git a/mysql/extra/yassl/include/timer.hpp b/mysql/extra/yassl/include/timer.hpp
new file mode 100644
index 0000000..0d99603
--- /dev/null
+++ b/mysql/extra/yassl/include/timer.hpp
@@ -0,0 +1,40 @@
+/*
+ Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* timer.hpp provides a high res and low res timers
+ *
+*/
+
+
+#ifndef yaSSL_TIMER_HPP
+#define yaSSL_TIMER_HPP
+
+namespace yaSSL {
+
+typedef double timer_d;
+typedef unsigned int uint;
+
+
+
+timer_d timer();
+uint lowResTimer();
+
+
+
+} // namespace
+#endif // yaSSL_TIMER_HPP
diff --git a/mysql/extra/yassl/include/yassl.hpp b/mysql/extra/yassl/include/yassl.hpp
new file mode 100644
index 0000000..081d653
--- /dev/null
+++ b/mysql/extra/yassl/include/yassl.hpp
@@ -0,0 +1,85 @@
+/*
+ Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* yaSSL externel header defines yaSSL API
+ */
+
+
+#ifndef yaSSL_EXT_HPP
+#define yaSSL_EXT_HPP
+
+
+namespace yaSSL {
+
+
+#ifdef _WIN32
+ typedef unsigned int SOCKET_T;
+#else
+ typedef int SOCKET_T;
+#endif
+
+
+class Client {
+public:
+ Client();
+ ~Client();
+
+ // basics
+ int Connect(SOCKET_T);
+ int Write(const void*, int);
+ int Read(void*, int);
+
+ // options
+ void SetCA(const char*);
+ void SetCert(const char*);
+ void SetKey(const char*);
+private:
+ struct ClientImpl;
+ ClientImpl* pimpl_;
+
+ Client(const Client&); // hide copy
+ Client& operator=(const Client&); // and assign
+};
+
+
+class Server {
+public:
+ Server();
+ ~Server();
+
+ // basics
+ int Accept(SOCKET_T);
+ int Write(const void*, int);
+ int Read(void*, int);
+
+ // options
+ void SetCA(const char*);
+ void SetCert(const char*);
+ void SetKey(const char*);
+private:
+ struct ServerImpl;
+ ServerImpl* pimpl_;
+
+ Server(const Server&); // hide copy
+ Server& operator=(const Server&); // and assign
+};
+
+
+} // namespace yaSSL
+#endif // yaSSL_EXT_HPP
diff --git a/mysql/extra/yassl/include/yassl_error.hpp b/mysql/extra/yassl/include/yassl_error.hpp
new file mode 100644
index 0000000..d63244d
--- /dev/null
+++ b/mysql/extra/yassl/include/yassl_error.hpp
@@ -0,0 +1,88 @@
+/*
+ Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* yaSSL error header defines error codes and an exception class
+ */
+
+#ifndef yaSSL_ERROR_HPP
+#define yaSSL_ERROR_HPP
+
+
+
+namespace yaSSL {
+
+
+enum YasslError {
+ no_error = 0,
+
+ // 10 - 47 from AlertDescription, 0 also close_notify
+
+ range_error = 101,
+ realloc_error = 102,
+ factory_error = 103,
+ unknown_cipher = 104,
+ prefix_error = 105,
+ record_layer = 106,
+ handshake_layer = 107,
+ out_of_order = 108,
+ bad_input = 109,
+ match_error = 110,
+ no_key_file = 111,
+ verify_error = 112,
+ send_error = 113,
+ receive_error = 114,
+ certificate_error = 115,
+ privateKey_error = 116,
+ badVersion_error = 117,
+ compress_error = 118,
+ decompress_error = 119,
+ pms_version_error = 120,
+ sanityCipher_error = 121,
+ rsaSignFault_error = 122
+
+ // !!!! add error message to .cpp !!!!
+
+ // 1000+ from TaoCrypt error.hpp
+
+};
+
+
+enum Library { yaSSL_Lib = 0, CryptoLib, SocketLib };
+enum { MAX_ERROR_SZ = 80 };
+
+void SetErrorString(YasslError, char*);
+
+/* remove for now, if go back to exceptions use this wrapper
+// Base class for all yaSSL exceptions
+class Error : public mySTL::runtime_error {
+ YasslError error_;
+ Library lib_;
+public:
+ explicit Error(const char* s = "", YasslError e = no_error,
+ Library l = yaSSL_Lib);
+
+ YasslError get_number() const;
+ Library get_lib() const;
+};
+*/
+
+
+} // naemspace
+
+#endif // yaSSL_ERROR_HPP
diff --git a/mysql/extra/yassl/include/yassl_imp.hpp b/mysql/extra/yassl/include/yassl_imp.hpp
new file mode 100644
index 0000000..a952da0
--- /dev/null
+++ b/mysql/extra/yassl/include/yassl_imp.hpp
@@ -0,0 +1,748 @@
+/*
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* yaSSL implementation header defines all strucutres from the SSL.v3
+ * specification "draft-freier-ssl-version3-02.txt"
+ * all page citations refer to this document unless otherwise noted.
+ */
+
+
+#ifndef yaSSL_IMP_HPP
+#define yaSSL_IMP_HPP
+
+#ifdef _MSC_VER
+ // disable truncated debug symbols
+ #pragma warning(disable:4786)
+#endif
+
+#include "yassl_types.hpp"
+#include "factory.hpp"
+#include STL_LIST_FILE
+
+
+namespace STL = STL_NAMESPACE;
+
+
+namespace yaSSL {
+
+
+class SSL; // forward decls
+class input_buffer;
+class output_buffer;
+
+
+struct ProtocolVersion {
+ uint8 major_;
+ uint8 minor_; // major and minor SSL/TLS version numbers
+
+ ProtocolVersion(uint8 maj = 3, uint8 min = 0);
+};
+
+
+// Record Layer Header for PlainText, Compressed, and CipherText
+struct RecordLayerHeader {
+ ContentType type_;
+ ProtocolVersion version_;
+ uint16 length_; // should not exceed 2^14
+};
+
+
+// base for all messages
+struct Message : public virtual_base {
+ virtual input_buffer& set(input_buffer&) =0;
+ virtual output_buffer& get(output_buffer&) const =0;
+
+ virtual void Process(input_buffer&, SSL&) =0;
+ virtual ContentType get_type() const =0;
+ virtual uint16 get_length() const =0;
+
+ virtual ~Message() {}
+};
+
+
+class ChangeCipherSpec : public Message {
+ CipherChoice type_;
+public:
+ ChangeCipherSpec();
+
+ friend input_buffer& operator>>(input_buffer&, ChangeCipherSpec&);
+ friend output_buffer& operator<<(output_buffer&, const ChangeCipherSpec&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ void Process(input_buffer&, SSL&);
+private:
+ ChangeCipherSpec(const ChangeCipherSpec&); // hide copy
+ ChangeCipherSpec& operator=(const ChangeCipherSpec&); // and assign
+};
+
+
+
+class Alert : public Message {
+ AlertLevel level_;
+ AlertDescription description_;
+public:
+ Alert() {}
+ Alert(AlertLevel al, AlertDescription ad);
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ void Process(input_buffer&, SSL&);
+
+ friend input_buffer& operator>>(input_buffer&, Alert&);
+ friend output_buffer& operator<<(output_buffer&, const Alert&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+private:
+ Alert(const Alert&); // hide copy
+ Alert& operator=(const Alert&); // and assign
+};
+
+
+class Data : public Message {
+ uint16 length_;
+ opaque* buffer_; // read buffer used by fillData input
+ const opaque* write_buffer_; // write buffer used by output operator
+public:
+ Data();
+ Data(uint16 len, opaque* b);
+
+ friend output_buffer& operator<<(output_buffer&, const Data&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ void set_length(uint16 l);
+ opaque* set_buffer();
+ void SetData(uint16, const opaque*);
+ void Process(input_buffer&, SSL&);
+private:
+ Data(const Data&); // hide copy
+ Data& operator=(const Data&); // and assign
+};
+
+
+uint32 c24to32(const uint24); // forward form internal header
+void c32to24(uint32, uint24&);
+
+
+// HandShake header, same for each message type from page 20/21
+class HandShakeHeader : public Message {
+ HandShakeType type_;
+ uint24 length_; // length of message
+public:
+ HandShakeHeader() {}
+
+ ContentType get_type() const;
+ uint16 get_length() const;
+ HandShakeType get_handshakeType() const;
+ void Process(input_buffer&, SSL&);
+
+ void set_type(HandShakeType hst);
+ void set_length(uint32 u32);
+
+ friend input_buffer& operator>>(input_buffer&, HandShakeHeader&);
+ friend output_buffer& operator<<(output_buffer&, const HandShakeHeader&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+private:
+ HandShakeHeader(const HandShakeHeader&); // hide copy
+ HandShakeHeader& operator=(const HandShakeHeader&); // and assign
+};
+
+
+// Base Class for all handshake messages
+class HandShakeBase : public virtual_base {
+ int length_;
+public:
+ int get_length() const;
+ void set_length(int);
+
+ // for building buffer's type field
+ virtual HandShakeType get_type() const =0;
+
+ // handles dispactch of proper >>
+ virtual input_buffer& set(input_buffer& in) =0;
+ virtual output_buffer& get(output_buffer& out) const =0;
+
+ virtual void Process(input_buffer&, SSL&) =0;
+
+ virtual ~HandShakeBase() {}
+};
+
+
+struct HelloRequest : public HandShakeBase {
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ void Process(input_buffer&, SSL&);
+
+ HandShakeType get_type() const;
+};
+
+
+// The Client's Hello Message from page 23
+class ClientHello : public HandShakeBase {
+ ProtocolVersion client_version_;
+ Random random_;
+ uint8 id_len_; // session id length
+ opaque session_id_[ID_LEN];
+ uint16 suite_len_; // cipher suite length
+ opaque cipher_suites_[MAX_SUITE_SZ];
+ uint8 comp_len_; // compression length
+ CompressionMethod compression_methods_;
+public:
+ friend input_buffer& operator>>(input_buffer&, ClientHello&);
+ friend output_buffer& operator<<(output_buffer&, const ClientHello&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+
+ const opaque* get_random() const;
+ friend void buildClientHello(SSL&, ClientHello&);
+ friend void ProcessOldClientHello(input_buffer& input, SSL& ssl);
+
+ ClientHello();
+ ClientHello(ProtocolVersion pv, bool useCompression);
+private:
+ ClientHello(const ClientHello&); // hide copy
+ ClientHello& operator=(const ClientHello&); // and assign
+};
+
+
+
+// The Server's Hello Message from page 24
+class ServerHello : public HandShakeBase {
+ ProtocolVersion server_version_;
+ Random random_;
+ uint8 id_len_; // session id length
+ opaque session_id_[ID_LEN];
+ opaque cipher_suite_[SUITE_LEN];
+ CompressionMethod compression_method_;
+public:
+ ServerHello(ProtocolVersion pv, bool useCompression);
+ ServerHello();
+
+ friend input_buffer& operator>>(input_buffer&, ServerHello&);
+ friend output_buffer& operator<<(output_buffer&, const ServerHello&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+
+ const opaque* get_random() const;
+ friend void buildServerHello(SSL&, ServerHello&);
+private:
+ ServerHello(const ServerHello&); // hide copy
+ ServerHello& operator=(const ServerHello&); // and assign
+};
+
+
+class x509;
+
+// Certificate could be a chain
+class Certificate : public HandShakeBase {
+ const x509* cert_;
+public:
+ Certificate();
+ explicit Certificate(const x509* cert);
+ friend output_buffer& operator<<(output_buffer&, const Certificate&);
+
+ const opaque* get_buffer() const;
+
+ // Process handles input, needs SSL
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+private:
+ Certificate(const Certificate&); // hide copy
+ Certificate& operator=(const Certificate&); // and assign
+};
+
+
+
+// RSA Public Key
+struct ServerRSAParams {
+ opaque* rsa_modulus_;
+ opaque* rsa_exponent_;
+};
+
+
+// Ephemeral Diffie-Hellman Parameters
+class ServerDHParams {
+ int pSz_;
+ int gSz_;
+ int pubSz_;
+ opaque* p_;
+ opaque* g_;
+ opaque* Ys_;
+public:
+ ServerDHParams();
+ ~ServerDHParams();
+
+ int get_pSize() const;
+ int get_gSize() const;
+ int get_pubSize() const;
+
+ const opaque* get_p() const;
+ const opaque* get_g() const;
+ const opaque* get_pub() const;
+
+ opaque* alloc_p(int sz);
+ opaque* alloc_g(int sz);
+ opaque* alloc_pub(int sz);
+private:
+ ServerDHParams(const ServerDHParams&); // hide copy
+ ServerDHParams& operator=(const ServerDHParams&); // and assign
+};
+
+
+struct ServerKeyBase : public virtual_base {
+ virtual ~ServerKeyBase() {}
+ virtual void build(SSL&) {}
+ virtual void read(SSL&, input_buffer&) {}
+ virtual int get_length() const;
+ virtual opaque* get_serverKey() const;
+};
+
+
+// Server random number for FORTEZZA KEA
+struct Fortezza_Server : public ServerKeyBase {
+ opaque r_s_[FORTEZZA_MAX];
+};
+
+
+struct SignatureBase : public virtual_base {
+ virtual ~SignatureBase() {}
+};
+
+struct anonymous_sa : public SignatureBase {};
+
+
+struct Hashes {
+ uint8 md5_[MD5_LEN];
+ uint8 sha_[SHA_LEN];
+};
+
+
+struct rsa_sa : public SignatureBase {
+ Hashes hashes_;
+};
+
+
+struct dsa_sa : public SignatureBase {
+ uint8 sha_[SHA_LEN];
+};
+
+
+// Server's Diffie-Hellman exchange
+class DH_Server : public ServerKeyBase {
+ ServerDHParams parms_;
+ opaque* signature_;
+
+ int length_; // total length of message
+ opaque* keyMessage_; // total exchange message
+public:
+ DH_Server();
+ ~DH_Server();
+
+ void build(SSL&);
+ void read(SSL&, input_buffer&);
+ int get_length() const;
+ opaque* get_serverKey() const;
+private:
+ DH_Server(const DH_Server&); // hide copy
+ DH_Server& operator=(const DH_Server&); // and assign
+};
+
+
+// Server's RSA exchange
+struct RSA_Server : public ServerKeyBase {
+ ServerRSAParams params_;
+ opaque* signature_; // signed rsa_sa hashes
+};
+
+
+class ServerKeyExchange : public HandShakeBase {
+ ServerKeyBase* server_key_;
+public:
+ explicit ServerKeyExchange(SSL&);
+ ServerKeyExchange();
+ ~ServerKeyExchange();
+
+ void createKey(SSL&);
+ void build(SSL& ssl);
+
+ const opaque* getKey() const;
+ int getKeyLength() const;
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ friend output_buffer& operator<<(output_buffer&, const ServerKeyExchange&);
+
+ void Process(input_buffer&, SSL&);
+ HandShakeType get_type() const;
+private:
+ ServerKeyExchange(const ServerKeyExchange&); // hide copy
+ ServerKeyExchange& operator=(const ServerKeyExchange&); // and assign
+};
+
+
+
+class CertificateRequest : public HandShakeBase {
+ ClientCertificateType certificate_types_[CERT_TYPES];
+ int typeTotal_;
+ STL::list<DistinguishedName> certificate_authorities_;
+public:
+ CertificateRequest();
+ ~CertificateRequest();
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ friend input_buffer& operator>>(input_buffer&, CertificateRequest&);
+ friend output_buffer& operator<<(output_buffer&,
+ const CertificateRequest&);
+
+ void Process(input_buffer&, SSL&);
+ HandShakeType get_type() const;
+
+ void Build();
+private:
+ CertificateRequest(const CertificateRequest&); // hide copy
+ CertificateRequest& operator=(const CertificateRequest&); // and assign
+};
+
+
+struct ServerHelloDone : public HandShakeBase {
+ ServerHelloDone();
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ void Process(input_buffer& input, SSL& ssl);
+
+ HandShakeType get_type() const;
+};
+
+
+struct PreMasterSecret {
+ opaque random_[SECRET_LEN]; // first two bytes Protocol Version
+};
+
+
+struct ClientKeyBase : public virtual_base {
+ virtual ~ClientKeyBase() {}
+ virtual void build(SSL&) {}
+ virtual void read(SSL&, input_buffer&) {}
+ virtual int get_length() const;
+ virtual opaque* get_clientKey() const;
+};
+
+
+class EncryptedPreMasterSecret : public ClientKeyBase {
+ opaque* secret_;
+ int length_;
+public:
+ EncryptedPreMasterSecret();
+ ~EncryptedPreMasterSecret();
+
+ void build(SSL&);
+ void read(SSL&, input_buffer&);
+ int get_length() const;
+ opaque* get_clientKey() const;
+ void alloc(int sz);
+private:
+ // hide copy and assign
+ EncryptedPreMasterSecret(const EncryptedPreMasterSecret&);
+ EncryptedPreMasterSecret& operator=(const EncryptedPreMasterSecret&);
+};
+
+
+// Fortezza Key Parameters from page 29
+// hard code lengths cause only used here
+struct FortezzaKeys : public ClientKeyBase {
+ opaque y_c_ [128]; // client's Yc, public value
+ opaque r_c_ [128]; // client's Rc
+ opaque y_signature_ [40]; // DSS signed public key
+ opaque wrapped_client_write_key_ [12]; // wrapped by the TEK
+ opaque wrapped_server_write_key_ [12]; // wrapped by the TEK
+ opaque client_write_iv_ [24];
+ opaque server_write_iv_ [24];
+ opaque master_secret_iv_ [24]; // IV used to encrypt preMaster
+ opaque encrypted_preMasterSecret_[48]; // random & crypted by the TEK
+};
+
+
+
+// Diffie-Hellman public key from page 40/41
+class ClientDiffieHellmanPublic : public ClientKeyBase {
+ PublicValueEncoding public_value_encoding_;
+ int length_; // includes two byte length for message
+ opaque* Yc_; // length + Yc_
+ // dh_Yc only if explicit, otherwise sent in certificate
+ enum { KEY_OFFSET = 2 };
+public:
+ ClientDiffieHellmanPublic();
+ ~ClientDiffieHellmanPublic();
+
+ void build(SSL&);
+ void read(SSL&, input_buffer&);
+ int get_length() const;
+ opaque* get_clientKey() const;
+ void alloc(int sz, bool offset = false);
+private:
+ // hide copy and assign
+ ClientDiffieHellmanPublic(const ClientDiffieHellmanPublic&);
+ ClientDiffieHellmanPublic& operator=(const ClientDiffieHellmanPublic&);
+};
+
+
+class ClientKeyExchange : public HandShakeBase {
+ ClientKeyBase* client_key_;
+public:
+ explicit ClientKeyExchange(SSL& ssl);
+ ClientKeyExchange();
+ ~ClientKeyExchange();
+
+ void createKey(SSL&);
+ void build(SSL& ssl);
+
+ const opaque* getKey() const;
+ int getKeyLength() const;
+
+ friend output_buffer& operator<<(output_buffer&, const ClientKeyExchange&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ HandShakeType get_type() const;
+ void Process(input_buffer&, SSL&);
+private:
+ ClientKeyExchange(const ClientKeyExchange&); // hide copy
+ ClientKeyExchange& operator=(const ClientKeyExchange&); // and assign
+};
+
+
+class CertificateVerify : public HandShakeBase {
+ Hashes hashes_;
+ byte* signature_; // owns
+public:
+ CertificateVerify();
+ ~CertificateVerify();
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ friend input_buffer& operator>>(input_buffer&, CertificateVerify&);
+ friend output_buffer& operator<<(output_buffer&, const CertificateVerify&);
+
+ void Process(input_buffer&, SSL&);
+ HandShakeType get_type() const;
+
+ void Build(SSL&);
+private:
+ CertificateVerify(const CertificateVerify&); // hide copy
+ CertificateVerify& operator=(const CertificateVerify&); // and assign
+};
+
+
+class Finished : public HandShakeBase {
+ Hashes hashes_;
+public:
+ Finished();
+
+ uint8* set_md5();
+ uint8* set_sha();
+
+ friend input_buffer& operator>>(input_buffer&, Finished&);
+ friend output_buffer& operator<<(output_buffer&, const Finished&);
+
+ input_buffer& set(input_buffer& in);
+ output_buffer& get(output_buffer& out) const;
+
+ void Process(input_buffer&, SSL&);
+
+ HandShakeType get_type() const;
+private:
+ Finished(const Finished&); // hide copy
+ Finished& operator=(const Finished&); // and assign
+};
+
+
+class RandomPool; // forward for connection
+
+
+// SSL Connection defined on page 11
+struct Connection {
+ opaque *pre_master_secret_;
+ opaque master_secret_[SECRET_LEN];
+ opaque client_random_[RAN_LEN];
+ opaque server_random_[RAN_LEN];
+ opaque sessionID_[ID_LEN];
+ opaque client_write_MAC_secret_[SHA_LEN]; // sha is max size
+ opaque server_write_MAC_secret_[SHA_LEN];
+ opaque client_write_key_[AES_256_KEY_SZ]; // aes 256bit is max sz
+ opaque server_write_key_[AES_256_KEY_SZ];
+ opaque client_write_IV_[AES_IV_SZ]; // aes is max size
+ opaque server_write_IV_[AES_IV_SZ];
+ uint32 sequence_number_;
+ uint32 peer_sequence_number_;
+ uint32 pre_secret_len_; // pre master length
+ bool send_server_key_; // server key exchange?
+ bool master_clean_; // master secret clean?
+ bool TLS_; // TLSv1 or greater
+ bool TLSv1_1_; // TLSv1.1 or greater
+ bool sessionID_Set_; // do we have a session
+ bool compression_; // zlib compression?
+ ProtocolVersion version_; // negotiated version
+ ProtocolVersion chVersion_; // client hello version
+ RandomPool& random_;
+
+ Connection(ProtocolVersion v, RandomPool& ran);
+ ~Connection();
+
+ void AllocPreSecret(uint sz);
+ void CleanPreMaster();
+ void CleanMaster();
+ void TurnOffTLS();
+ void TurnOffTLS1_1();
+private:
+ Connection(const Connection&); // hide copy
+ Connection& operator=(const Connection&); // and assign
+};
+
+
+struct Ciphers; // forward
+
+
+// TLSv1 Security Spec, defined on page 56 of RFC 2246
+struct Parameters {
+ ConnectionEnd entity_;
+ BulkCipherAlgorithm bulk_cipher_algorithm_;
+ CipherType cipher_type_;
+ uint8 key_size_;
+ uint8 iv_size_;
+ IsExportable is_exportable_;
+ MACAlgorithm mac_algorithm_;
+ uint8 hash_size_;
+ CompressionMethod compression_algorithm_;
+ KeyExchangeAlgorithm kea_; // yassl additions
+ SignatureAlgorithm sig_algo_; // signature auth type
+ SignatureAlgorithm verify_algo_; // cert verify auth type
+ bool pending_;
+ bool resumable_; // new conns by session
+ uint16 encrypt_size_; // current msg encrypt sz
+ Cipher suite_[SUITE_LEN]; // choosen suite
+ uint8 suites_size_;
+ Cipher suites_[MAX_SUITE_SZ];
+ char cipher_name_[MAX_SUITE_NAME];
+ char cipher_list_[MAX_CIPHERS][MAX_SUITE_NAME];
+ bool removeDH_; // for server's later use
+
+ Parameters(ConnectionEnd, const Ciphers&, ProtocolVersion, bool haveDH);
+
+ void SetSuites(ProtocolVersion pv, bool removeDH = false,
+ bool removeRSA = false, bool removeDSA = false);
+ void SetCipherNames();
+private:
+ Parameters(const Parameters&); // hide copy
+ Parameters& operator=(const Parameters&); // and assing
+};
+
+
+input_buffer& operator>>(input_buffer&, RecordLayerHeader&);
+output_buffer& operator<<(output_buffer&, const RecordLayerHeader&);
+
+input_buffer& operator>>(input_buffer&, Message&);
+output_buffer& operator<<(output_buffer&, const Message&);
+
+input_buffer& operator>>(input_buffer&, HandShakeBase&);
+output_buffer& operator<<(output_buffer&, const HandShakeBase&);
+
+
+// Message Factory definition
+// uses the ContentType enumeration for unique id
+typedef Factory<Message> MessageFactory;
+void InitMessageFactory(MessageFactory&); // registers derived classes
+
+// HandShake Factory definition
+// uses the HandShakeType enumeration for unique id
+typedef Factory<HandShakeBase> HandShakeFactory;
+void InitHandShakeFactory(HandShakeFactory&); // registers derived classes
+
+// ServerKey Factory definition
+// uses KeyExchangeAlgorithm enumeration for unique id
+typedef Factory<ServerKeyBase> ServerKeyFactory;
+void InitServerKeyFactory(ServerKeyFactory&);
+
+// ClientKey Factory definition
+// uses KeyExchangeAlgorithm enumeration for unique id
+typedef Factory<ClientKeyBase> ClientKeyFactory;
+void InitClientKeyFactory(ClientKeyFactory&);
+
+
+// Message Creators
+Message* CreateHandShake();
+Message* CreateCipherSpec();
+Message* CreateAlert();
+Message* CreateData();
+
+
+// HandShake Creators
+HandShakeBase* CreateCertificate();
+HandShakeBase* CreateHelloRequest();
+HandShakeBase* CreateClientHello();
+HandShakeBase* CreateServerHello();
+HandShakeBase* CreateServerKeyExchange();
+HandShakeBase* CreateCertificateRequest();
+HandShakeBase* CreateServerHelloDone();
+HandShakeBase* CreateClientKeyExchange();
+HandShakeBase* CreateCertificateVerify();
+HandShakeBase* CreateFinished();
+
+
+// ServerKey Exchange Creators
+ServerKeyBase* CreateRSAServerKEA();
+ServerKeyBase* CreateDHServerKEA();
+ServerKeyBase* CreateFortezzaServerKEA();
+
+// ClientKey Exchange Creators
+ClientKeyBase* CreateRSAClient();
+ClientKeyBase* CreateDHClient();
+ClientKeyBase* CreateFortezzaClient();
+
+
+
+} // naemspace
+
+#endif // yaSSL_IMP_HPP
diff --git a/mysql/extra/yassl/include/yassl_int.hpp b/mysql/extra/yassl/include/yassl_int.hpp
new file mode 100644
index 0000000..240cf94
--- /dev/null
+++ b/mysql/extra/yassl/include/yassl_int.hpp
@@ -0,0 +1,725 @@
+/*
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* yaSSL internal header defines SSL supporting types not specified in the
+ * draft along with type conversion functions and openssl compatibility
+ */
+
+
+#ifndef yaSSL_INT_HPP
+#define yaSSL_INT_HPP
+
+#include "yassl_imp.hpp"
+#include "yassl_error.hpp"
+#include "crypto_wrapper.hpp"
+#include "cert_wrapper.hpp"
+#include "log.hpp"
+#include "lock.hpp"
+#include "openssl/ssl.h" // ASN1_STRING and DH
+
+// Check if _POSIX_THREADS should be forced
+#if !defined(_POSIX_THREADS) && defined(__hpux)
+// HPUX does not define _POSIX_THREADS as it's not _fully_ implemented
+#define _POSIX_THREADS
+#endif
+
+#ifdef _POSIX_THREADS
+ #include <pthread.h>
+#endif
+
+
+namespace STL = STL_NAMESPACE;
+
+
+namespace yaSSL {
+
+
+// State Machine for Record Layer Protocol
+enum RecordLayerState {
+ recordNotReady = 0, // fatal error, no more processing
+ recordReady
+};
+
+
+// State Machine for HandShake Protocol
+enum HandShakeState {
+ handShakeNotReady = 0, // fatal error, no more processing
+ preHandshake, // initial state
+ inHandshake, // handshake started
+ handShakeReady // handshake done
+};
+
+
+// client input HandShake state, use if HandShakeState == inHandShake
+enum ClientState {
+ serverNull = 0,
+ serverHelloComplete,
+ serverCertComplete,
+ serverKeyExchangeComplete,
+ serverHelloDoneComplete,
+ serverFinishedComplete
+};
+
+
+// server input HandShake state, use if HandShakeState == inHandShake
+enum ServerState {
+ clientNull = 0,
+ clientHelloComplete,
+ clientKeyExchangeComplete,
+ clientFinishedComplete
+};
+
+
+// client connect state for nonblocking restart
+enum ConnectState {
+ CONNECT_BEGIN = 0,
+ CLIENT_HELLO_SENT,
+ FIRST_REPLY_DONE,
+ FINISHED_DONE,
+ SECOND_REPLY_DONE
+};
+
+
+// server accpet state for nonblocking restart
+enum AcceptState {
+ ACCEPT_BEGIN = 0,
+ ACCEPT_FIRST_REPLY_DONE,
+ SERVER_HELLO_DONE,
+ ACCEPT_SECOND_REPLY_DONE,
+ ACCEPT_FINISHED_DONE,
+ ACCEPT_THIRD_REPLY_DONE
+};
+
+
+// track received messages to explicitly disallow duplicate messages
+struct RecvdMessages {
+ uint8 gotClientHello_;
+ uint8 gotServerHello_;
+ uint8 gotCert_;
+ uint8 gotServerKeyExchange_;
+ uint8 gotCertRequest_;
+ uint8 gotServerHelloDone_;
+ uint8 gotCertVerify_;
+ uint8 gotClientKeyExchange_;
+ uint8 gotFinished_;
+ RecvdMessages() : gotClientHello_(0), gotServerHello_(0), gotCert_(0),
+ gotServerKeyExchange_(0), gotCertRequest_(0),
+ gotServerHelloDone_(0), gotCertVerify_(0),
+ gotClientKeyExchange_(0), gotFinished_(0)
+ {}
+};
+
+
+// combines all states
+class States {
+ RecordLayerState recordLayer_;
+ HandShakeState handshakeLayer_;
+ ClientState clientState_;
+ ServerState serverState_;
+ ConnectState connectState_;
+ AcceptState acceptState_;
+ RecvdMessages recvdMessages_;
+ char errorString_[MAX_ERROR_SZ];
+ YasslError what_;
+public:
+ States();
+
+ const RecordLayerState& getRecord() const;
+ const HandShakeState& getHandShake() const;
+ const ClientState& getClient() const;
+ const ServerState& getServer() const;
+ const ConnectState& GetConnect() const;
+ const AcceptState& GetAccept() const;
+ const char* getString() const;
+ YasslError What() const;
+
+ RecordLayerState& useRecord();
+ HandShakeState& useHandShake();
+ ClientState& useClient();
+ ServerState& useServer();
+ ConnectState& UseConnect();
+ AcceptState& UseAccept();
+ char* useString();
+ void SetError(YasslError);
+ int SetMessageRecvd(HandShakeType);
+private:
+ States(const States&); // hide copy
+ States& operator=(const States&); // and assign
+};
+
+
+// holds all factories
+class sslFactory {
+ MessageFactory messageFactory_; // creates new messages by type
+ HandShakeFactory handShakeFactory_; // creates new handshake types
+ ServerKeyFactory serverKeyFactory_; // creates new server key types
+ ClientKeyFactory clientKeyFactory_; // creates new client key types
+
+ sslFactory(); // only GetSSL_Factory creates
+public:
+ const MessageFactory& getMessage() const;
+ const HandShakeFactory& getHandShake() const;
+ const ServerKeyFactory& getServerKey() const;
+ const ClientKeyFactory& getClientKey() const;
+
+ friend sslFactory& GetSSL_Factory(); // singleton creator
+private:
+ sslFactory(const sslFactory&); // hide copy
+ sslFactory& operator=(const sslFactory&); // and assign
+};
+
+
+#undef X509_NAME // wincrypt.h clash
+
+// openSSL X509 names
+class X509_NAME {
+ char* name_;
+ size_t sz_;
+ int cnPosition_; // start of common name, -1 is none
+ int cnLen_; // length of above
+ ASN1_STRING entry_;
+public:
+ X509_NAME(const char*, size_t sz, int pos, int len);
+ ~X509_NAME();
+
+ const char* GetName() const;
+ ASN1_STRING* GetEntry(int i);
+ size_t GetLength() const;
+ int GetCnPosition() const { return cnPosition_; }
+ int GetCnLength() const { return cnLen_; }
+
+private:
+ X509_NAME(const X509_NAME&); // hide copy
+ X509_NAME& operator=(const X509_NAME&); // and assign
+};
+
+
+class StringHolder {
+ ASN1_STRING asnString_;
+public:
+ StringHolder(const char* str, int sz, byte type= 0);
+ ~StringHolder();
+
+ ASN1_STRING* GetString();
+private:
+ StringHolder(const StringHolder&); // hide copy
+ StringHolder& operator=(const StringHolder&); // and assign
+};
+
+
+// openSSL X509
+class X509 {
+ X509_NAME issuer_;
+ X509_NAME subject_;
+ StringHolder beforeDate_; // not valid before
+ StringHolder afterDate_; // not valid after
+public:
+ X509(const char* i, size_t, const char* s, size_t,
+ ASN1_STRING *b, ASN1_STRING *a, int, int, int, int);
+ ~X509() {}
+
+ X509_NAME* GetIssuer();
+ X509_NAME* GetSubject();
+
+ ASN1_STRING* GetBefore();
+ ASN1_STRING* GetAfter();
+
+private:
+ X509(const X509&); // hide copy
+ X509& operator=(const X509&); // and assign
+};
+
+
+// openSSL bignum
+struct BIGNUM {
+ /*
+ gcc 2.96 fix: because of two Integer classes (yaSSL::Integer and
+ TaoCrypt::Integer), we need to explicitly state the namespace
+ here to let gcc 2.96 deduce the correct type.
+ */
+ yaSSL::Integer int_;
+ void assign(const byte* b, uint s) { int_.assign(b,s); }
+};
+
+
+// openSSL session
+class SSL_SESSION {
+ opaque sessionID_[ID_LEN];
+ opaque master_secret_[SECRET_LEN];
+ Cipher suite_[SUITE_LEN];
+ uint bornOn_; // create time in seconds
+ uint timeout_; // timeout in seconds
+ RandomPool& random_; // will clean master secret
+ X509* peerX509_;
+public:
+ explicit SSL_SESSION(RandomPool&);
+ SSL_SESSION(const SSL&, RandomPool&);
+ ~SSL_SESSION();
+
+ const opaque* GetID() const;
+ const opaque* GetSecret() const;
+ const Cipher* GetSuite() const;
+ uint GetBornOn() const;
+ uint GetTimeOut() const;
+ X509* GetPeerX509() const;
+ void SetTimeOut(uint);
+
+ SSL_SESSION& operator=(const SSL_SESSION&); // allow assign for resumption
+private:
+ SSL_SESSION(const SSL_SESSION&); // hide copy
+
+ void CopyX509(X509*);
+};
+
+
+// holds all sessions
+class Sessions {
+ STL::list<SSL_SESSION*> list_;
+ RandomPool random_; // for session cleaning
+ Mutex mutex_; // no-op for single threaded
+ int count_; // flush counter
+
+ Sessions() : count_(0) {} // only GetSessions can create
+public:
+ SSL_SESSION* lookup(const opaque*, SSL_SESSION* copy = 0);
+ void add(const SSL&);
+ void remove(const opaque*);
+ void Flush();
+
+ ~Sessions();
+
+ friend void Session_initialize();
+ friend Sessions& GetSessions(); // singleton creator
+private:
+ Sessions(const Sessions&); // hide copy
+ Sessions& operator=(const Sessions&); // and assign
+};
+
+
+#ifdef _POSIX_THREADS
+ typedef pthread_t THREAD_ID_T;
+#else
+ typedef DWORD THREAD_ID_T;
+#endif
+
+// thread error data
+struct ThreadError {
+ THREAD_ID_T threadID_;
+ int errorID_;
+};
+
+
+// holds all errors
+class Errors {
+ STL::list<ThreadError> list_;
+ Mutex mutex_;
+
+ Errors() {} // only GetErrors can create
+public:
+ int Lookup(bool peek); // self lookup
+ void Add(int);
+ void Remove(); // remove self
+
+ ~Errors() {}
+
+ friend Errors& GetErrors(); // singleton creator
+private:
+ Errors(const Errors&); // hide copy
+ Errors& operator=(const Errors); // and assign
+};
+
+
+Sessions& GetSessions(); // forward singletons
+sslFactory& GetSSL_Factory();
+Errors& GetErrors();
+
+
+// openSSL method and context types
+class SSL_METHOD {
+ ProtocolVersion version_;
+ ConnectionEnd side_;
+ bool verifyPeer_; // request or send certificate
+ bool verifyNone_; // whether to verify certificate
+ bool failNoCert_;
+ bool multipleProtocol_; // for SSLv23 compatibility
+public:
+ SSL_METHOD(ConnectionEnd ce, ProtocolVersion pv,
+ bool multipleProtocol = false);
+
+ ProtocolVersion getVersion() const;
+ ConnectionEnd getSide() const;
+
+ void setVerifyPeer();
+ void setVerifyNone();
+ void setFailNoCert();
+
+ bool verifyPeer() const;
+ bool verifyNone() const;
+ bool failNoCert() const;
+ bool multipleProtocol() const;
+private:
+ SSL_METHOD(const SSL_METHOD&); // hide copy
+ SSL_METHOD& operator=(const SSL_METHOD&); // and assign
+};
+
+
+struct Ciphers {
+ bool setSuites_; // user set suites from default
+ byte suites_[MAX_SUITE_SZ]; // new suites
+ int suiteSz_; // suite length in bytes
+
+ Ciphers() : setSuites_(false), suiteSz_(0) {}
+};
+
+
+struct DH; // forward
+
+
+// save for SSL construction
+struct DH_Parms {
+ Integer p_;
+ Integer g_;
+ bool set_; // if set by user
+
+ DH_Parms() : set_(false) {}
+};
+
+
+enum StatsField {
+ Accept, Connect, AcceptGood, ConnectGood, AcceptRenegotiate,
+ ConnectRenegotiate, Hits, CbHits, CacheFull, Misses, Timeouts, Number,
+ GetCacheSize, VerifyMode, VerifyDepth
+};
+
+
+// SSL stats
+struct Stats {
+ long accept_;
+ long connect_;
+ long acceptGood_;
+ long connectGood_;
+ long acceptRenegotiate_;
+ long connectRenegotiate_;
+
+ long hits_;
+ long cbHits_;
+ long cacheFull_;
+ long misses_;
+ long timeouts_;
+ long number_;
+ long getCacheSize_;
+
+ int verifyMode_;
+ int verifyDepth_;
+public:
+ Stats() : accept_(0), connect_(0), acceptGood_(0), connectGood_(0),
+ acceptRenegotiate_(0), connectRenegotiate_(0), hits_(0), cbHits_(0),
+ cacheFull_(0), misses_(0), timeouts_(0), number_(0), getCacheSize_(0),
+ verifyMode_(0), verifyDepth_(0)
+ {}
+private:
+ Stats(const Stats&); // hide copy
+ Stats& operator=(const Stats&); // and assign
+};
+
+
+// the SSL context
+class SSL_CTX {
+public:
+ typedef STL::list<x509*> CertList;
+private:
+ SSL_METHOD* method_;
+ x509* certificate_;
+ x509* privateKey_;
+ CertList caList_;
+ Ciphers ciphers_;
+ DH_Parms dhParms_;
+ pem_password_cb passwordCb_;
+ void* userData_;
+ bool sessionCacheOff_;
+ bool sessionCacheFlushOff_;
+ Stats stats_;
+ Mutex mutex_; // for Stats
+ VerifyCallback verifyCallback_;
+public:
+ explicit SSL_CTX(SSL_METHOD* meth);
+ ~SSL_CTX();
+
+ const x509* getCert() const;
+ const x509* getKey() const;
+ const SSL_METHOD* getMethod() const;
+ const Ciphers& GetCiphers() const;
+ const DH_Parms& GetDH_Parms() const;
+ const Stats& GetStats() const;
+ VerifyCallback getVerifyCallback() const;
+ pem_password_cb GetPasswordCb() const;
+ void* GetUserData() const;
+ bool GetSessionCacheOff() const;
+ bool GetSessionCacheFlushOff() const;
+
+ void setVerifyPeer();
+ void setVerifyNone();
+ void setFailNoCert();
+ void setVerifyCallback(VerifyCallback);
+ bool SetCipherList(const char*);
+ bool SetDH(const DH&);
+ void SetPasswordCb(pem_password_cb cb);
+ void SetUserData(void*);
+ void SetSessionCacheOff();
+ void SetSessionCacheFlushOff();
+ void SetMethod(SSL_METHOD* meth);
+ void IncrementStats(StatsField);
+ void AddCA(x509* ca);
+ const CertList& GetCA_List() const;
+
+ friend int read_file(SSL_CTX*, const char*, int, CertType);
+private:
+ SSL_CTX(const SSL_CTX&); // hide copy
+ SSL_CTX& operator=(const SSL_CTX&); // and assign
+};
+
+
+// holds all cryptographic types
+class Crypto {
+ Digest* digest_; // agreed upon digest
+ BulkCipher* cipher_; // agreed upon cipher
+ DiffieHellman* dh_; // dh parms
+ RandomPool random_; // random number generator
+ CertManager cert_; // manages certificates
+public:
+ explicit Crypto();
+ ~Crypto();
+
+ const Digest& get_digest() const;
+ const BulkCipher& get_cipher() const;
+ const DiffieHellman& get_dh() const;
+ const RandomPool& get_random() const;
+ const CertManager& get_certManager() const;
+
+ Digest& use_digest();
+ BulkCipher& use_cipher();
+ DiffieHellman& use_dh();
+ RandomPool& use_random();
+ CertManager& use_certManager();
+
+ void SetDH(DiffieHellman*);
+ void SetDH(const DH_Parms&);
+ void setDigest(Digest*);
+ void setCipher(BulkCipher*);
+
+ bool DhSet();
+private:
+ Crypto(const Crypto&); // hide copy
+ Crypto& operator=(const Crypto&); // and assign
+};
+
+
+// holds all handshake and verify hashes
+class sslHashes {
+ MD5 md5HandShake_; // md5 handshake hash
+ SHA shaHandShake_; // sha handshake hash
+ Finished verify_; // peer's verify hash
+ Hashes certVerify_; // peer's cert verify hash
+public:
+ sslHashes() {}
+
+ const MD5& get_MD5() const;
+ const SHA& get_SHA() const;
+ const Finished& get_verify() const;
+ const Hashes& get_certVerify() const;
+
+ MD5& use_MD5();
+ SHA& use_SHA();
+ Finished& use_verify();
+ Hashes& use_certVerify();
+private:
+ sslHashes(const sslHashes&); // hide copy
+ sslHashes& operator=(const sslHashes&); // and assign
+};
+
+
+// holds input and output buffers
+class Buffers {
+public:
+ typedef STL::list<input_buffer*> inputList;
+ typedef STL::list<output_buffer*> outputList;
+ int prevSent; // previous plain text bytes sent when got WANT_WRITE
+ int plainSz; // plain text bytes in buffer to send when got WANT_WRITE
+private:
+ inputList dataList_; // list of users app data / handshake
+ outputList handShakeList_; // buffered handshake msgs
+ input_buffer* rawInput_; // buffered raw input yet to process
+ output_buffer* output_; // WANT_WRITE buffered output
+public:
+ Buffers();
+ ~Buffers();
+
+ const inputList& getData() const;
+ const outputList& getHandShake() const;
+
+ inputList& useData();
+ outputList& useHandShake();
+
+ void SetRawInput(input_buffer*); // takes ownership
+ input_buffer* TakeRawInput(); // takes ownership
+ void SetOutput(output_buffer*); // takes ownership
+ output_buffer* TakeOutput(); // takes ownership
+private:
+ Buffers(const Buffers&); // hide copy
+ Buffers& operator=(const Buffers&); // and assign
+};
+
+
+// wraps security parameters
+class Security {
+ Connection conn_; // connection information
+ Parameters parms_; // may be pending
+ SSL_SESSION resumeSession_; // if resuming
+ SSL_CTX* ctx_; // context used to init
+ bool resuming_; // trying to resume
+public:
+ Security(ProtocolVersion, RandomPool&, ConnectionEnd, const Ciphers&,
+ SSL_CTX*, bool);
+
+ const SSL_CTX* GetContext() const;
+ const Connection& get_connection() const;
+ const Parameters& get_parms() const;
+ const SSL_SESSION& get_resume() const;
+ bool get_resuming() const;
+
+ Connection& use_connection();
+ Parameters& use_parms();
+ SSL_SESSION& use_resume();
+
+ void set_resuming(bool b);
+private:
+ Security(const Security&); // hide copy
+ Security& operator=(const Security&); // and assign
+};
+
+
+// THE SSL type
+class SSL {
+ Crypto crypto_; // agreed crypto agents
+ Security secure_; // Connection and Session parms
+ States states_; // Record and HandShake states
+ sslHashes hashes_; // handshake, finished hashes
+ Socket socket_; // socket wrapper
+ Buffers buffers_; // buffered handshakes and data
+ Log log_; // logger
+ bool quietShutdown_;
+
+ // optimization variables
+ bool has_data_; // buffered data ready?
+public:
+ SSL(SSL_CTX* ctx);
+
+ // gets and uses
+ const Crypto& getCrypto() const;
+ const Security& getSecurity() const;
+ const States& getStates() const;
+ const sslHashes& getHashes() const;
+ const sslFactory& getFactory() const;
+ const Socket& getSocket() const;
+ YasslError GetError() const;
+ bool GetMultiProtocol() const;
+ bool CompressionOn() const;
+
+ Crypto& useCrypto();
+ Security& useSecurity();
+ States& useStates();
+ sslHashes& useHashes();
+ Socket& useSocket();
+ Log& useLog();
+ Buffers& useBuffers();
+
+ bool HasData() const;
+ bool GetQuietShutdown() const;
+
+ // sets
+ void set_pending(Cipher suite);
+ void set_random(const opaque*, ConnectionEnd);
+ void set_sessionID(const opaque*);
+ void set_session(SSL_SESSION*);
+ void set_preMaster(const opaque*, uint);
+ void set_masterSecret(const opaque*);
+ void SetError(YasslError);
+ int SetCompression();
+ void UnSetCompression();
+ void SetQuietShutdown(bool mode);
+
+ // helpers
+ bool isTLS() const;
+ bool isTLSv1_1() const;
+ void order_error();
+ void makeMasterSecret();
+ void makeTLSMasterSecret();
+ void addData(input_buffer* data);
+ void fillData(Data&);
+ void PeekData(Data&);
+ void addBuffer(output_buffer* b);
+ void flushBuffer();
+ void verifyState(const RecordLayerHeader&);
+ void verifyState(const HandShakeHeader&);
+ void verifyState(ClientState);
+ void verifyState(ServerState);
+ void verfiyHandShakeComplete();
+ void matchSuite(const opaque*, uint length);
+ void deriveKeys();
+ void deriveTLSKeys();
+ void Send(const byte*, uint);
+ void SendWriteBuffered();
+
+ uint bufferedData();
+ uint get_SEQIncrement(bool);
+
+ const byte* get_macSecret(bool);
+private:
+ void storeKeys(const opaque*);
+ void setKeys();
+ void verifyClientState(HandShakeType);
+ void verifyServerState(HandShakeType);
+
+ SSL(const SSL&); // hide copy
+ const SSL& operator=(const SSL&); // and assign
+};
+
+
+// compression
+int Compress(const byte*, int, input_buffer&);
+int DeCompress(input_buffer&, int, input_buffer&);
+
+
+// conversion functions
+void c32to24(uint32, uint24&);
+void c24to32(const uint24, uint32&);
+
+uint32 c24to32(const uint24);
+
+void ato16(const opaque*, uint16&);
+void ato24(const opaque*, uint24&);
+
+void c16toa(uint16, opaque*);
+void c24toa(const uint24, opaque*);
+void c32toa(uint32 u32, opaque*);
+
+
+} // naemspace
+
+#endif // yaSSL_INT_HPP
diff --git a/mysql/extra/yassl/include/yassl_types.hpp b/mysql/extra/yassl/include/yassl_types.hpp
new file mode 100644
index 0000000..129661c
--- /dev/null
+++ b/mysql/extra/yassl/include/yassl_types.hpp
@@ -0,0 +1,540 @@
+/*
+ Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* yaSSL types header defines all constants, enums, and typedefs
+ * from the SSL.v3 specification "draft-freier-ssl-version3-02.txt"
+ */
+
+
+#ifndef yaSSL_TYPES_HPP
+#define yaSSL_TYPES_HPP
+
+#include <stddef.h>
+#include "type_traits.hpp"
+
+
+#ifdef _MSC_VER
+ // disable conversion warning
+ // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+ #pragma warning(disable:4244 4996)
+#endif
+
+
+#ifdef _MSC_VER
+ // disable conversion warning
+ // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+ #pragma warning(disable:4244 4996)
+#endif
+
+
+namespace yaSSL {
+
+#define YASSL_LIB
+
+
+#ifdef YASSL_PURE_C
+
+ // library allocation
+ struct new_t {}; // yaSSL New type
+ extern new_t ys; // pass in parameter
+
+ } // namespace yaSSL
+
+ void* operator new (size_t, yaSSL::new_t);
+ void* operator new[](size_t, yaSSL::new_t);
+
+ void operator delete (void*, yaSSL::new_t);
+ void operator delete[](void*, yaSSL::new_t);
+
+
+ namespace yaSSL {
+
+
+ template<typename T>
+ void ysDelete(T* ptr)
+ {
+ if (ptr) ptr->~T();
+ ::operator delete(ptr, yaSSL::ys);
+ }
+
+ template<typename T>
+ void ysArrayDelete(T* ptr)
+ {
+ // can't do array placement destruction since not tracking size in
+ // allocation, only allow builtins to use array placement since they
+ // don't need destructors called
+ typedef char builtin[TaoCrypt::IsFundamentalType<T>::Yes ? 1 : -1];
+ (void)sizeof(builtin);
+
+ ::operator delete[](ptr, yaSSL::ys);
+ }
+
+ #define NEW_YS new (yaSSL::ys)
+
+ // to resolve compiler generated operator delete on base classes with
+ // virtual destructors (when on stack)
+ class virtual_base {
+ public:
+ static void operator delete(void*) { }
+ };
+
+
+#else // YASSL_PURE_C
+
+
+ template<typename T>
+ void ysDelete(T* ptr)
+ {
+ delete ptr;
+ }
+
+ template<typename T>
+ void ysArrayDelete(T* ptr)
+ {
+ delete[] ptr;
+ }
+
+ #define NEW_YS new
+
+ class virtual_base {};
+
+
+
+#endif // YASSL_PURE_C
+
+
+typedef unsigned char uint8;
+typedef unsigned short uint16;
+typedef unsigned int uint32;
+typedef uint8 uint24[3];
+typedef uint32 uint64[2];
+
+typedef uint8 opaque;
+typedef opaque byte;
+
+typedef unsigned int uint;
+
+
+#ifdef USE_SYS_STL
+ // use system STL
+ #define STL_VECTOR_FILE <vector>
+ #define STL_LIST_FILE <list>
+ #define STL_ALGORITHM_FILE <algorithm>
+ #define STL_MEMORY_FILE <memory>
+ #define STL_PAIR_FILE <utility>
+
+ #define STL_NAMESPACE std
+#else
+ // use mySTL
+ #define STL_VECTOR_FILE "vector.hpp"
+ #define STL_LIST_FILE "list.hpp"
+ #define STL_ALGORITHM_FILE "algorithm.hpp"
+ #define STL_MEMORY_FILE "memory.hpp"
+ #define STL_PAIR_FILE "pair.hpp"
+
+ #define STL_NAMESPACE mySTL
+#endif
+
+
+#ifdef min
+ #undef min
+#endif
+
+template <typename T>
+T min(T a, T b)
+{
+ return a < b ? a : b;
+}
+
+
+
+// all length constants in bytes
+const int ID_LEN = 32; // session id length
+const int SUITE_LEN = 2; // cipher suite length
+const int SECRET_LEN = 48; // pre RSA and all master secret length
+const int MASTER_ROUNDS = 3; // master secret derivation rounds
+const int RAN_LEN = 32; // client and server random length
+const int MAC_BLOCK_SZ = 64; // MAC block size, & padding
+const int MD5_LEN = 16; // MD5 digest length
+const int SHA_LEN = 20; // SHA digest length
+const int RMD_LEN = 20; // RIPEMD-160 digest length
+const int PREFIX = 3; // up to 3 prefix letters for secret rounds
+const int KEY_PREFIX = 7; // up to 7 prefix letters for key rounds
+const int FORTEZZA_MAX = 128; // Maximum Fortezza Key length
+const int MAX_SUITE_SZ = 128; // 64 max suites * sizeof(suite)
+const int MAX_SUITE_NAME = 48; // max length of suite name
+const int MAX_CIPHERS = 32; // max supported ciphers for cipher list
+const int SIZEOF_ENUM = 1; // SSL considers an enum 1 byte, not 4
+const int SIZEOF_SENDER = 4; // Sender constant, for finished generation
+const int PAD_MD5 = 48; // pad length 1 and 2 for md5 finished
+const int PAD_SHA = 40; // should be 44, specd wrong by netscape
+const int PAD_RMD = 44; // pad length for RIPEMD-160, some use 40??
+const int CERT_HEADER = 3; // always use 3 bytes for certificate
+const int CERT_TYPES = 7; // certificate request types
+const int REQUEST_HEADER = 2; // request uses 2 bytes
+const int VERIFY_HEADER = 2; // verify length field
+const int MIN_CERT_TYPES = 1; // minimum certificate request types
+const int MIN_DIS_NAMES = 3; // minimum distinguished names
+const int MIN_DIS_SIZE = 1; // minimum distinguished name size
+const int RECORD_HEADER = 5; // type + version + length(2)
+const int HANDSHAKE_HEADER = 4; // type + length(3)
+const int FINISHED_SZ = MD5_LEN + SHA_LEN; // sizeof finished data
+const int TLS_FINISHED_SZ = 12; // TLS verify data size
+const int SEQ_SZ = 8; // 64 bit sequence number
+const int LENGTH_SZ = 2; // length field for HMAC, data only
+const int VERSION_SZ = SIZEOF_ENUM * 2; // SSL/TLS length of version
+const int DES_KEY_SZ = 8; // DES Key length
+const int DES_EDE_KEY_SZ = 24; // DES EDE Key length
+const int DES_BLOCK = 8; // DES is always fixed block size 8
+const int DES_IV_SZ = DES_BLOCK; // Init Vector length for DES
+const int RC4_KEY_SZ = 16; // RC4 Key length
+const int AES_128_KEY_SZ = 16; // AES 128bit Key length
+const int AES_192_KEY_SZ = 24; // AES 192bit Key length
+const int AES_256_KEY_SZ = 32; // AES 256bit Key length
+const int AES_BLOCK_SZ = 16; // AES 128bit block size, rfc 3268
+const int AES_IV_SZ = AES_BLOCK_SZ; // AES Init Vector length
+const int DSS_SIG_SZ = 40; // two 20 byte high byte first Integers
+const int DSS_ENCODED_EXTRA = 6; // seqID + len(1) + (intID + len(1)) * 2
+const int EVP_SALT_SZ = 8;
+const int MASTER_LABEL_SZ = 13; // TLS master secret label size
+const int KEY_LABEL_SZ = 13; // TLS key block expansion size
+const int FINISHED_LABEL_SZ = 15; // TLS finished lable length
+const int SEED_LEN = RAN_LEN * 2; // TLS seed, client + server random
+const int DEFAULT_TIMEOUT = 500; // Default Session timeout in seconds
+const int MAX_RECORD_SIZE = 16384; // 2^14, max size by standard
+const int COMPRESS_EXTRA = 1024; // extra compression possible addition
+const int SESSION_FLUSH_COUNT = 256; // when to flush session cache
+const int MAX_PAD_SIZE = 256; // max TLS padding size
+const int COMPRESS_CONSTANT = 13; // compression calculation constant
+const int COMPRESS_UPPER = 55; // compression calculation numerator
+const int COMPRESS_LOWER = 64; // compression calculation denominator
+const int COMPRESS_DUMMY_SIZE = 64; // compression dummy round size
+
+typedef uint8 Cipher; // first byte is always 0x00 for SSLv3 & TLS
+
+typedef opaque Random[RAN_LEN];
+
+typedef opaque* DistinguishedName;
+
+typedef bool IsExportable;
+
+
+enum CompressionMethod { no_compression = 0, zlib = 221 };
+
+enum CipherType { stream, block };
+
+enum CipherChoice { change_cipher_spec_choice = 1 };
+
+enum PublicValueEncoding { implicit_encoding, explicit_encoding };
+
+enum ConnectionEnd { server_end, client_end };
+
+enum AlertLevel { warning = 1, fatal = 2 };
+
+
+
+// Record Layer Header identifier from page 12
+enum ContentType {
+ no_type = 0,
+ change_cipher_spec = 20,
+ alert = 21,
+ handshake = 22,
+ application_data = 23
+};
+
+
+// HandShake Layer Header identifier from page 20
+enum HandShakeType {
+ no_shake = -1,
+ hello_request = 0,
+ client_hello = 1,
+ server_hello = 2,
+ certificate = 11,
+ server_key_exchange = 12,
+ certificate_request = 13,
+ server_hello_done = 14,
+ certificate_verify = 15,
+ client_key_exchange = 16,
+ finished = 20
+};
+
+
+// Valid Alert types from page 16/17
+enum AlertDescription {
+ close_notify = 0,
+ unexpected_message = 10,
+ bad_record_mac = 20,
+ decompression_failure = 30,
+ handshake_failure = 40,
+ no_certificate = 41,
+ bad_certificate = 42,
+ unsupported_certificate = 43,
+ certificate_revoked = 44,
+ certificate_expired = 45,
+ certificate_unknown = 46,
+ illegal_parameter = 47
+};
+
+
+// Supported Key Exchange Protocols
+enum KeyExchangeAlgorithm {
+ no_kea = 0,
+ rsa_kea,
+ diffie_hellman_kea,
+ fortezza_kea
+};
+
+
+// Supported Authentication Schemes
+enum SignatureAlgorithm {
+ anonymous_sa_algo = 0,
+ rsa_sa_algo,
+ dsa_sa_algo
+};
+
+
+// Valid client certificate request types from page 27
+enum ClientCertificateType {
+ rsa_sign = 1,
+ dss_sign = 2,
+ rsa_fixed_dh = 3,
+ dss_fixed_dh = 4,
+ rsa_ephemeral_dh = 5,
+ dss_ephemeral_dh = 6,
+ fortezza_kea_cert = 20
+};
+
+
+// Supported Ciphers from page 43
+enum BulkCipherAlgorithm {
+ cipher_null,
+ rc4,
+ rc2,
+ des,
+ triple_des, // leading 3 (3des) not valid identifier
+ des40,
+ idea,
+ aes
+};
+
+
+// Supported Message Authentication Codes from page 43
+enum MACAlgorithm {
+ no_mac,
+ md5,
+ sha,
+ rmd
+};
+
+
+// Certificate file Type
+enum CertType { Cert = 0, PrivateKey, CA };
+
+
+// all Cipher Suites from pages 41/42
+const Cipher SSL_NULL_WITH_NULL_NULL = 0; // { 0x00, 0x00 }
+const Cipher SSL_RSA_WITH_NULL_MD5 = 1; // { 0x00, 0x01 }
+const Cipher SSL_RSA_WITH_NULL_SHA = 2; // { 0x00, 0x02 }
+const Cipher SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3; // { 0x00, 0x03 }
+const Cipher SSL_RSA_WITH_RC4_128_MD5 = 4; // { 0x00, 0x04 }
+const Cipher SSL_RSA_WITH_RC4_128_SHA = 5; // { 0x00, 0x05 }
+const Cipher SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6; // { 0x00, 0x06 }
+const Cipher SSL_RSA_WITH_IDEA_CBC_SHA = 7; // { 0x00, 0x07 }
+const Cipher SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8; // { 0x00, 0x08 }
+const Cipher SSL_RSA_WITH_DES_CBC_SHA = 9; // { 0x00, 0x09 }
+const Cipher SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10; // { 0x00, 0x0A }
+const Cipher SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11; // { 0x00, 0x0B }
+const Cipher SSL_DH_DSS_WITH_DES_CBC_SHA = 12; // { 0x00, 0x0C }
+const Cipher SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13; // { 0x00, 0x0D }
+const Cipher SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14; // { 0x00, 0x0E }
+const Cipher SSL_DH_RSA_WITH_DES_CBC_SHA = 15; // { 0x00, 0x0F }
+const Cipher SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16; // { 0x00, 0x10 }
+const Cipher SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17; // { 0x00, 0x11 }
+const Cipher SSL_DHE_DSS_WITH_DES_CBC_SHA = 18; // { 0x00, 0x12 }
+const Cipher SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19; // { 0x00, 0x13 }
+const Cipher SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20; // { 0x00, 0x14 }
+const Cipher SSL_DHE_RSA_WITH_DES_CBC_SHA = 21; // { 0x00, 0x15 }
+const Cipher SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22; // { 0x00, 0x16 }
+const Cipher SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23; // { 0x00, 0x17 }
+const Cipher SSL_DH_anon_WITH_RC4_128_MD5 = 24; // { 0x00, 0x18 }
+const Cipher SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25; // { 0x00, 0x19 }
+const Cipher SSL_DH_anon_WITH_DES_CBC_SHA = 26; // { 0x00, 0x1A }
+const Cipher SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27; // { 0x00, 0x1B }
+const Cipher SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28; // { 0x00, 0x1C }
+const Cipher SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29; // { 0x00, 0x1D }
+const Cipher SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30; // { 0x00, 0x1E }
+
+// .. to 0x2B uses Kerberos Authentication
+
+
+// TLS AES extensions
+const Cipher TLS_RSA_WITH_AES_128_CBC_SHA = 47; // { 0x00, 0x2F }
+const Cipher TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48; // { 0x00, 0x30 }
+const Cipher TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49; // { 0x00, 0x31 }
+const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50; // { 0x00, 0x32 }
+const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51; // { 0x00, 0x33 }
+const Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA = 52; // { 0x00, 0x34 }
+
+const Cipher TLS_RSA_WITH_AES_256_CBC_SHA = 53; // { 0x00, 0x35 }
+const Cipher TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54; // { 0x00, 0x36 }
+const Cipher TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55; // { 0x00, 0x37 }
+const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56; // { 0x00, 0x38 }
+const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57; // { 0x00, 0x39 }
+const Cipher TLS_DH_anon_WITH_AES_256_CBC_SHA = 58; // { 0x00, 0x3A }
+
+
+// OpenPGP extensions
+
+const Cipher TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114; // { 0x00, 0x72 };
+const Cipher TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115; // { 0x00, 0x73 };
+const Cipher TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116; // { 0x00, 0x74 };
+const Cipher TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119; // { 0x00, 0x77 };
+const Cipher TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120; // { 0x00, 0x78 };
+const Cipher TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121; // { 0x00, 0x79 };
+const Cipher TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124; // { 0x00, 0x7C };
+const Cipher TLS_RSA_WITH_AES_128_CBC_RMD160 = 125; // { 0x00, 0x7D };
+const Cipher TLS_RSA_WITH_AES_256_CBC_RMD160 = 126; // { 0x00, 0x7E };
+
+
+const char* const null_str = "";
+
+const char* const cipher_names[128] =
+{
+ null_str, // SSL_NULL_WITH_NULL_NULL = 0
+ null_str, // SSL_RSA_WITH_NULL_MD5 = 1
+ null_str, // SSL_RSA_WITH_NULL_SHA = 2
+ null_str, // SSL_RSA_EXPORT_WITH_RC4_40_MD5 = 3
+ "RC4-MD5", // SSL_RSA_WITH_RC4_128_MD5 = 4
+ "RC4-SHA", // SSL_RSA_WITH_RC4_128_SHA = 5
+ null_str, // SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 6
+ null_str, // SSL_RSA_WITH_IDEA_CBC_SHA = 7
+ null_str, // SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = 8
+ "DES-CBC-SHA", // SSL_RSA_WITH_DES_CBC_SHA = 9
+ "DES-CBC3-SHA", // SSL_RSA_WITH_3DES_EDE_CBC_SHA = 10
+
+ null_str, // SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 11
+ null_str, // SSL_DH_DSS_WITH_DES_CBC_SHA = 12
+ null_str, // SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA = 13
+ null_str, // SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 14
+ null_str, // SSL_DH_RSA_WITH_DES_CBC_SHA = 15
+ null_str, // SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA = 16
+ null_str, // SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 17
+ "EDH-DSS-DES-CBC-SHA", // SSL_DHE_DSS_WITH_DES_CBC_SHA = 18
+ "EDH-DSS-DES-CBC3-SHA", // SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 19
+ null_str, // SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 20
+
+ "EDH-RSA-DES-CBC-SHA", // SSL_DHE_RSA_WITH_DES_CBC_SHA = 21
+ "EDH-RSA-DES-CBC3-SHA", // SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 22
+ null_str, // SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 = 23
+ null_str, // SSL_DH_anon_WITH_RC4_128_MD5 = 24
+ null_str, // SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA = 25
+ null_str, // SSL_DH_anon_WITH_DES_CBC_SHA = 26
+ null_str, // SSL_DH_anon_WITH_3DES_EDE_CBC_SHA = 27
+ null_str, // SSL_FORTEZZA_KEA_WITH_NULL_SHA = 28
+ null_str, // SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 29
+ null_str, // SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 30
+
+ null_str, null_str, null_str, null_str, null_str, // 31 - 35
+ null_str, null_str, null_str, null_str, null_str, // 36 - 40
+ null_str, null_str, null_str, null_str, null_str, // 41 - 45
+ null_str, // 46
+
+ // TLS AES extensions
+ "AES128-SHA", // TLS_RSA_WITH_AES_128_CBC_SHA = 47
+ null_str, // TLS_DH_DSS_WITH_AES_128_CBC_SHA = 48
+ null_str, // TLS_DH_RSA_WITH_AES_128_CBC_SHA = 49
+ "DHE-DSS-AES128-SHA", // TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 50
+ "DHE-RSA-AES128-SHA", // TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 51
+ null_str, // TLS_DH_anon_WITH_AES_128_CBC_SHA = 52
+
+ "AES256-SHA", // TLS_RSA_WITH_AES_256_CBC_SHA = 53
+ null_str, // TLS_DH_DSS_WITH_AES_256_CBC_SHA = 54
+ null_str, // TLS_DH_RSA_WITH_AES_256_CBC_SHA = 55
+ "DHE-DSS-AES256-SHA", // TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 56
+ "DHE-RSA-AES256-SHA", // TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 57
+ null_str, // TLS_DH_anon_WITH_AES_256_CBC_SHA = 58
+
+ null_str, // 59
+ null_str, // 60
+ null_str, null_str, null_str, null_str, null_str, // 61 - 65
+ null_str, null_str, null_str, null_str, null_str, // 66 - 70
+ null_str, null_str, null_str, null_str, null_str, // 71 - 75
+ null_str, null_str, null_str, null_str, null_str, // 76 - 80
+ null_str, null_str, null_str, null_str, null_str, // 81 - 85
+ null_str, null_str, null_str, null_str, null_str, // 86 - 90
+ null_str, null_str, null_str, null_str, null_str, // 91 - 95
+ null_str, null_str, null_str, null_str, null_str, // 96 - 100
+ null_str, null_str, null_str, null_str, null_str, // 101 - 105
+ null_str, null_str, null_str, null_str, null_str, // 106 - 110
+ null_str, null_str, null_str, // 111 - 113
+
+ "DHE-DSS-DES-CBC3-RMD", // TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160 = 114
+ "DHE-DSS-AES128-RMD", // TLS_DHE_DSS_WITH_AES_128_CBC_RMD160 = 115
+ "DHE-DSS-AES256-RMD", // TLS_DHE_DSS_WITH_AES_256_CBC_RMD160 = 116
+ null_str, // 117
+ null_str, // 118
+ "DHE-RSA-DES-CBC3-RMD", // TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160 = 119
+ "DHE-RSA-AES128-RMD", // TLS_DHE_RSA_WITH_AES_128_CBC_RMD160 = 120
+ "DHE-RSA-AES256-RMD", // TLS_DHE_RSA_WITH_AES_256_CBC_RMD160 = 121
+ null_str, // 122
+ null_str, // 123
+ "DES-CBC3-RMD", // TLS_RSA_WITH_3DES_EDE_CBC_RMD160 = 124
+ "AES128-RMD", // TLS_RSA_WITH_AES_128_CBC_RMD160 = 125
+ "AES256-RMD", // TLS_RSA_WITH_AES_256_CBC_RMD160 = 126
+ null_str // 127
+};
+
+// fill with MD5 pad size since biggest required
+const opaque PAD1[PAD_MD5] = { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+ 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+ };
+const opaque PAD2[PAD_MD5] = { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+ 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+ };
+
+const opaque client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
+const opaque server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
+
+const opaque tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
+const opaque tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
+
+const opaque master_label[MASTER_LABEL_SZ + 1] = "master secret";
+const opaque key_label [KEY_LABEL_SZ + 1] = "key expansion";
+
+
+} // naemspace
+
+#if __GNUC__ == 2 && __GNUC_MINOR__ <= 96
+/*
+ gcc 2.96 bails out because of two declarations of byte: yaSSL::byte and
+ TaoCrypt::byte. TODO: define global types.hpp and move the declaration of
+ 'byte' there.
+*/
+using yaSSL::byte;
+#endif
+
+
+#endif // yaSSL_TYPES_HPP
diff --git a/mysql/extra/yassl/src/buffer.cpp b/mysql/extra/yassl/src/buffer.cpp
new file mode 100644
index 0000000..954fdb5
--- /dev/null
+++ b/mysql/extra/yassl/src/buffer.cpp
@@ -0,0 +1,330 @@
+/*
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* yaSSL buffer header implements input/output buffers to simulate streaming
+ * with SSL types and sockets
+ */
+
+
+// First include (the generated) my_config.h, to get correct platform defines.
+#include "my_config.h"
+#include <string.h> // memcpy
+#include "runtime.hpp"
+#include "buffer.hpp"
+#include "yassl_types.hpp"
+
+namespace yaSSL {
+
+
+
+
+/* return 0 on check success, always true for NoCheck policy */
+int NoCheck::check(uint, uint)
+{
+ return 0;
+}
+
+/* return 0 on check success */
+int Check::check(uint i, uint max)
+{
+ if (i < max)
+ return 0;
+
+ return -1;
+}
+
+
+/* input_buffer operates like a smart c style array with a checking option,
+ * meant to be read from through [] with AUTO index or read().
+ * Should only write to at/near construction with assign() or raw (e.g., recv)
+ * followed by add_size with the number of elements added by raw write.
+ *
+ * Not using vector because need checked []access, offset, and the ability to
+ * write to the buffer bulk wise and have the correct size
+ */
+
+
+input_buffer::input_buffer()
+ : size_(0), current_(0), buffer_(0), end_(0), error_(0), zero_(0)
+{}
+
+
+input_buffer::input_buffer(uint s)
+ : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s),
+ error_(0), zero_(0)
+{}
+
+
+// with assign
+input_buffer::input_buffer(uint s, const byte* t, uint len)
+ : size_(0), current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s),
+ error_(0), zero_(0)
+{
+ assign(t, len);
+}
+
+
+input_buffer::~input_buffer()
+{
+ ysArrayDelete(buffer_);
+}
+
+
+// users can pass defualt zero length buffer and then allocate
+void input_buffer::allocate(uint s)
+{
+ if (error_ == 0) {
+ buffer_ = NEW_YS byte[s];
+ end_ = buffer_ + s;
+ }
+}
+
+
+// for passing to raw writing functions at beginning, then use add_size
+byte* input_buffer::get_buffer() const
+{
+ return buffer_;
+}
+
+
+// after a raw write user can set NEW_YS size
+// if you know the size before the write use assign()
+void input_buffer::add_size(uint i)
+{
+ if (error_ == 0 && check(size_ + i-1, get_capacity()) == 0)
+ size_ += i;
+ else
+ error_ = -1;
+}
+
+
+uint input_buffer::get_capacity() const
+{
+ if (error_ == 0)
+ return end_ - buffer_;
+
+ return 0;
+}
+
+
+uint input_buffer::get_current() const
+{
+ if (error_ == 0)
+ return current_;
+
+ return 0;
+}
+
+
+uint input_buffer::get_size() const
+{
+ if (error_ == 0)
+ return size_;
+
+ return 0;
+}
+
+
+uint input_buffer::get_remaining() const
+{
+ if (error_ == 0)
+ return size_ - current_;
+
+ return 0;
+}
+
+
+int input_buffer::get_error() const
+{
+ return error_;
+}
+
+
+void input_buffer::set_error()
+{
+ error_ = -1;
+}
+
+
+void input_buffer::set_current(uint i)
+{
+ if (error_ == 0 && check(i ? i - 1 : 0, size_) == 0)
+ current_ = i;
+ else
+ error_ = -1;
+}
+
+
+// read only access through [], advance current
+// user passes in AUTO index for ease of use
+const byte& input_buffer::operator[](uint i)
+{
+ if (error_ == 0 && check(current_, size_) == 0)
+ return buffer_[current_++];
+
+ error_ = -1;
+ return zero_;
+}
+
+
+// end of input test
+bool input_buffer::eof()
+{
+ if (error_ != 0)
+ return true;
+
+ return current_ >= size_;
+}
+
+
+// peek ahead
+byte input_buffer::peek()
+{
+ if (error_ == 0 && check(current_, size_) == 0)
+ return buffer_[current_];
+
+ error_ = -1;
+ return 0;
+}
+
+
+// write function, should use at/near construction
+void input_buffer::assign(const byte* t, uint s)
+{
+ if (t && error_ == 0 && check(current_, get_capacity()) == 0) {
+ add_size(s);
+ if (error_ == 0) {
+ memcpy(&buffer_[current_], t, s);
+ return; // success
+ }
+ }
+
+ error_ = -1;
+}
+
+
+// use read to query input, adjusts current
+void input_buffer::read(byte* dst, uint length)
+{
+ if (dst && error_ == 0 && check(current_ + length - 1, size_) == 0) {
+ memcpy(dst, &buffer_[current_], length);
+ current_ += length;
+ } else {
+ error_ = -1;
+ }
+}
+
+
+
+/* output_buffer operates like a smart c style array with a checking option.
+ * Meant to be written to through [] with AUTO index or write().
+ * Size (current) counter increases when written to. Can be constructed with
+ * zero length buffer but be sure to allocate before first use.
+ * Don't use add write for a couple bytes, use [] instead, way less overhead.
+ *
+ * Not using vector because need checked []access and the ability to
+ * write to the buffer bulk wise and retain correct size
+ */
+
+
+output_buffer::output_buffer()
+ : current_(0), buffer_(0), end_(0)
+{}
+
+
+// with allocate
+output_buffer::output_buffer(uint s)
+ : current_(0), buffer_(NEW_YS byte[s]), end_(buffer_ + s)
+{}
+
+
+// with assign
+output_buffer::output_buffer(uint s, const byte* t, uint len)
+ : current_(0), buffer_(NEW_YS byte[s]), end_(buffer_+ s)
+{
+ write(t, len);
+}
+
+
+output_buffer::~output_buffer()
+{
+ ysArrayDelete(buffer_);
+}
+
+
+uint output_buffer::get_size() const
+{
+ return current_;
+}
+
+
+uint output_buffer::get_capacity() const
+{
+ return (uint) (end_ - buffer_);
+}
+
+
+void output_buffer::set_current(uint c)
+{
+ check(c, get_capacity());
+ current_ = c;
+}
+
+
+// users can pass defualt zero length buffer and then allocate
+void output_buffer::allocate(uint s)
+{
+ buffer_ = NEW_YS byte[s]; end_ = buffer_ + s;
+}
+
+
+// for passing to reading functions when finished
+const byte* output_buffer::get_buffer() const
+{
+ return buffer_;
+}
+
+
+// allow write access through [], update current
+// user passes in AUTO as index for ease of use
+byte& output_buffer::operator[](uint i)
+{
+ check(current_, get_capacity());
+ return buffer_[current_++];
+}
+
+
+// end of output test
+bool output_buffer::eof()
+{
+ return current_ >= get_capacity();
+}
+
+
+void output_buffer::write(const byte* t, uint s)
+{
+ check(current_ + s - 1, get_capacity());
+ memcpy(&buffer_[current_], t, s);
+ current_ += s;
+}
+
+
+
+} // naemspace
+
diff --git a/mysql/extra/yassl/src/cert_wrapper.cpp b/mysql/extra/yassl/src/cert_wrapper.cpp
new file mode 100644
index 0000000..1092e42
--- /dev/null
+++ b/mysql/extra/yassl/src/cert_wrapper.cpp
@@ -0,0 +1,408 @@
+/*
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* The certificate wrapper source implements certificate management functions
+ *
+ */
+
+#include "runtime.hpp"
+#include "cert_wrapper.hpp"
+#include "yassl_int.hpp"
+#include "error.hpp"
+
+#if defined(USE_CML_LIB)
+ #include "cmapi_cpp.h"
+#else
+ #include "asn.hpp"
+ #include "file.hpp"
+#endif // USE_CML_LIB
+
+
+namespace yaSSL {
+
+
+x509::x509(uint sz) : length_(sz), buffer_(NEW_YS opaque[sz])
+{
+}
+
+
+x509::~x509()
+{
+ ysArrayDelete(buffer_);
+}
+
+
+x509::x509(const x509& that) : length_(that.length_),
+ buffer_(NEW_YS opaque[length_])
+{
+ memcpy(buffer_, that.buffer_, length_);
+}
+
+
+void x509::Swap(x509& that)
+{
+ STL::swap(length_, that.length_);
+ STL::swap(buffer_, that.buffer_);
+}
+
+
+x509& x509::operator=(const x509& that)
+{
+ x509 temp(that);
+ Swap(temp);
+ return *this;
+}
+
+
+uint x509::get_length() const
+{
+ return length_;
+}
+
+
+const opaque* x509::get_buffer() const
+{
+ return buffer_;
+}
+
+
+opaque* x509::use_buffer()
+{
+ return buffer_;
+}
+
+
+//CertManager
+CertManager::CertManager()
+ : peerX509_(0), selfX509_(0), verifyPeer_(false), verifyNone_(false), failNoCert_(false),
+ sendVerify_(false), sendBlankCert_(false), verifyCallback_(0)
+{}
+
+
+CertManager::~CertManager()
+{
+ ysDelete(peerX509_);
+ ysDelete(selfX509_);
+
+ STL::for_each(signers_.begin(), signers_.end(), del_ptr_zero()) ;
+
+ STL::for_each(peerList_.begin(), peerList_.end(), del_ptr_zero()) ;
+
+ STL::for_each(list_.begin(), list_.end(), del_ptr_zero()) ;
+}
+
+
+bool CertManager::verifyPeer() const
+{
+ return verifyPeer_;
+}
+
+
+bool CertManager::verifyNone() const
+{
+ return verifyNone_;
+}
+
+
+bool CertManager::failNoCert() const
+{
+ return failNoCert_;
+}
+
+
+bool CertManager::sendVerify() const
+{
+ return sendVerify_;
+}
+
+
+void CertManager::setVerifyPeer()
+{
+ verifyPeer_ = true;
+}
+
+
+void CertManager::setVerifyNone()
+{
+ verifyNone_ = true;
+}
+
+bool CertManager::sendBlankCert() const
+{
+ return sendBlankCert_;
+}
+
+
+void CertManager::setFailNoCert()
+{
+ failNoCert_ = true;
+}
+
+
+void CertManager::setSendVerify()
+{
+ sendVerify_ = true;
+}
+
+void CertManager::setSendBlankCert()
+{
+ sendBlankCert_ = true;
+}
+
+
+void CertManager::setVerifyCallback(VerifyCallback vc)
+{
+ verifyCallback_ = vc;
+}
+
+
+void CertManager::AddPeerCert(x509* x)
+{
+ peerList_.push_back(x); // take ownership
+}
+
+
+void CertManager::CopySelfCert(const x509* x)
+{
+ if (x)
+ list_.push_back(NEW_YS x509(*x));
+}
+
+
+// add to signers
+int CertManager::CopyCaCert(const x509* x)
+{
+ TaoCrypt::Source source(x->get_buffer(), x->get_length());
+ TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_,
+ TaoCrypt::CertDecoder::CA);
+
+ if (!cert.GetError().What()) {
+ const TaoCrypt::PublicKey& key = cert.GetPublicKey();
+ signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(),
+ cert.GetCommonName(), cert.GetHash()));
+ }
+ // just don't add, not an error return cert.GetError().What();
+ return 0;
+}
+
+
+const x509* CertManager::get_cert() const
+{
+ return list_.front();
+}
+
+
+const opaque* CertManager::get_peerKey() const
+{
+ return peerPublicKey_.get_buffer();
+}
+
+
+X509* CertManager::get_peerX509() const
+{
+ return peerX509_;
+}
+
+
+X509* CertManager::get_selfX509() const
+{
+ return selfX509_;
+}
+
+
+SignatureAlgorithm CertManager::get_peerKeyType() const
+{
+ return peerKeyType_;
+}
+
+
+SignatureAlgorithm CertManager::get_keyType() const
+{
+ return keyType_;
+}
+
+
+uint CertManager::get_peerKeyLength() const
+{
+ return peerPublicKey_.get_size();
+}
+
+
+const opaque* CertManager::get_privateKey() const
+{
+ return privateKey_.get_buffer();
+}
+
+
+uint CertManager::get_privateKeyLength() const
+{
+ return privateKey_.get_size();
+}
+
+
+// Validate the peer's certificate list, from root to peer (last to first)
+int CertManager::Validate()
+{
+ CertList::reverse_iterator last = peerList_.rbegin();
+ size_t count = peerList_.size();
+
+ while ( count > 1 ) {
+ TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
+ TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
+
+ if (int err = cert.GetError().What())
+ return err;
+
+ const TaoCrypt::PublicKey& key = cert.GetPublicKey();
+ signers_.push_back(NEW_YS TaoCrypt::Signer(key.GetKey(), key.size(),
+ cert.GetCommonName(), cert.GetHash()));
+ ++last;
+ --count;
+ }
+
+ if (count) {
+ // peer's is at the front
+ TaoCrypt::Source source((*last)->get_buffer(), (*last)->get_length());
+ TaoCrypt::CertDecoder cert(source, true, &signers_, verifyNone_);
+
+ int err = cert.GetError().What();
+ if ( err && err != TaoCrypt::SIG_OTHER_E)
+ return err;
+
+ uint sz = cert.GetPublicKey().size();
+ peerPublicKey_.allocate(sz);
+ peerPublicKey_.assign(cert.GetPublicKey().GetKey(), sz);
+
+ if (cert.GetKeyType() == TaoCrypt::RSAk)
+ peerKeyType_ = rsa_sa_algo;
+ else
+ peerKeyType_ = dsa_sa_algo;
+
+ size_t iSz = strlen(cert.GetIssuer()) + 1;
+ size_t sSz = strlen(cert.GetCommonName()) + 1;
+ ASN1_STRING beforeDate, afterDate;
+ beforeDate.data= (unsigned char *) cert.GetBeforeDate();
+ beforeDate.type= cert.GetBeforeDateType();
+ beforeDate.length= strlen((char *) beforeDate.data) + 1;
+ afterDate.data= (unsigned char *) cert.GetAfterDate();
+ afterDate.type= cert.GetAfterDateType();
+ afterDate.length= strlen((char *) afterDate.data) + 1;
+ peerX509_ = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
+ sSz, &beforeDate, &afterDate,
+ cert.GetIssuerCnStart(), cert.GetIssuerCnLength(),
+ cert.GetSubjectCnStart(), cert.GetSubjectCnLength()
+ );
+
+ if (err == TaoCrypt::SIG_OTHER_E && verifyCallback_) {
+ X509_STORE_CTX store;
+ store.error = err;
+ store.error_depth = static_cast<int>(count) - 1;
+ store.current_cert = peerX509_;
+
+ int ok = verifyCallback_(0, &store);
+ if (ok) return 0;
+ }
+
+ if (err == TaoCrypt::SIG_OTHER_E) return err;
+ }
+ return 0;
+}
+
+
+// Set the private key
+int CertManager::SetPrivateKey(const x509& key)
+{
+ privateKey_.allocate(key.get_length());
+ privateKey_.assign(key.get_buffer(), key.get_length());
+
+ // set key type
+ if (x509* cert = list_.front()) {
+ TaoCrypt::Source source(cert->get_buffer(), cert->get_length());
+ TaoCrypt::CertDecoder cd(source, false);
+ cd.DecodeToKey();
+ if (int err = cd.GetError().What())
+ return err;
+ if (cd.GetKeyType() == TaoCrypt::RSAk)
+ keyType_ = rsa_sa_algo;
+ else
+ keyType_ = dsa_sa_algo;
+
+ size_t iSz = strlen(cd.GetIssuer()) + 1;
+ size_t sSz = strlen(cd.GetCommonName()) + 1;
+ ASN1_STRING beforeDate, afterDate;
+ beforeDate.data= (unsigned char *) cd.GetBeforeDate();
+ beforeDate.type= cd.GetBeforeDateType();
+ beforeDate.length= strlen((char *) beforeDate.data) + 1;
+ afterDate.data= (unsigned char *) cd.GetAfterDate();
+ afterDate.type= cd.GetAfterDateType();
+ afterDate.length= strlen((char *) afterDate.data) + 1;
+ selfX509_ = NEW_YS X509(cd.GetIssuer(), iSz, cd.GetCommonName(),
+ sSz, &beforeDate, &afterDate,
+ cd.GetIssuerCnStart(), cd.GetIssuerCnLength(),
+ cd.GetSubjectCnStart(), cd.GetSubjectCnLength());
+ }
+ return 0;
+}
+
+
+// Store OpenSSL type peer's cert
+void CertManager::setPeerX509(X509* x)
+{
+ if (x == 0) return;
+
+ X509_NAME* issuer = x->GetIssuer();
+ X509_NAME* subject = x->GetSubject();
+ ASN1_STRING* before = x->GetBefore();
+ ASN1_STRING* after = x->GetAfter();
+
+ peerX509_ = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
+ subject->GetName(), subject->GetLength(), before, after,
+ issuer->GetCnPosition(), issuer->GetCnLength(),
+ subject->GetCnPosition(), subject->GetCnLength());
+}
+
+
+#if defined(USE_CML_LIB)
+
+// Get the peer's certificate, extract and save public key
+void CertManager::SetPeerKey()
+{
+ // first cert is the peer's
+ x509* main = peerList_.front();
+
+ Bytes_struct cert;
+ cert.num = main->get_length();
+ cert.data = main->set_buffer();
+
+ CML::Certificate cm(cert);
+ const CML::ASN::Cert& raw = cm.base();
+ CTIL::CSM_Buffer key = raw.pubKeyInfo.key;
+
+ uint sz;
+ opaque* key_buffer = reinterpret_cast<opaque*>(key.Get(sz));
+ peerPublicKey_.allocate(sz);
+ peerPublicKey_.assign(key_buffer, sz);
+}
+
+
+#endif // USE_CML_LIB
+
+
+
+} // namespace
diff --git a/mysql/extra/yassl/src/crypto_wrapper.cpp b/mysql/extra/yassl/src/crypto_wrapper.cpp
new file mode 100644
index 0000000..12f956e
--- /dev/null
+++ b/mysql/extra/yassl/src/crypto_wrapper.cpp
@@ -0,0 +1,1016 @@
+/* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */
+
+/* The crypto wrapper source implements the policies for the cipher
+ * components used by SSL.
+ *
+ * The implementation relies on a specfic library, taoCrypt.
+ */
+
+#if !defined(USE_CRYPTOPP_LIB)
+
+#include "runtime.hpp"
+#include "crypto_wrapper.hpp"
+#include "cert_wrapper.hpp"
+
+#include "md5.hpp"
+#include "sha.hpp"
+#include "ripemd.hpp"
+#include "hmac.hpp"
+#include "modes.hpp"
+#include "des.hpp"
+#include "arc4.hpp"
+#include "aes.hpp"
+#include "rsa.hpp"
+#include "dsa.hpp"
+#include "dh.hpp"
+#include "random.hpp"
+#include "file.hpp"
+#include "coding.hpp"
+
+
+namespace yaSSL {
+
+
+// MD5 Implementation
+struct MD5::MD5Impl {
+ TaoCrypt::MD5 md5_;
+ MD5Impl() {}
+ explicit MD5Impl(const TaoCrypt::MD5& md5) : md5_(md5) {}
+};
+
+
+MD5::MD5() : pimpl_(NEW_YS MD5Impl) {}
+
+
+MD5::~MD5() { ysDelete(pimpl_); }
+
+
+MD5::MD5(const MD5& that) : Digest(), pimpl_(NEW_YS
+ MD5Impl(that.pimpl_->md5_)) {}
+
+
+MD5& MD5::operator=(const MD5& that)
+{
+ pimpl_->md5_ = that.pimpl_->md5_;
+ return *this;
+}
+
+
+uint MD5::get_digestSize() const
+{
+ return MD5_LEN;
+}
+
+
+uint MD5::get_padSize() const
+{
+ return PAD_MD5;
+}
+
+
+// Fill out with MD5 digest from in that is sz bytes, out must be >= digest sz
+void MD5::get_digest(byte* out, const byte* in, unsigned int sz)
+{
+ pimpl_->md5_.Update(in, sz);
+ pimpl_->md5_.Final(out);
+}
+
+// Fill out with MD5 digest from previous updates
+void MD5::get_digest(byte* out)
+{
+ pimpl_->md5_.Final(out);
+}
+
+
+// Update the current digest
+void MD5::update(const byte* in, unsigned int sz)
+{
+ pimpl_->md5_.Update(in, sz);
+}
+
+
+// SHA Implementation
+struct SHA::SHAImpl {
+ TaoCrypt::SHA sha_;
+ SHAImpl() {}
+ explicit SHAImpl(const TaoCrypt::SHA& sha) : sha_(sha) {}
+};
+
+
+SHA::SHA() : pimpl_(NEW_YS SHAImpl) {}
+
+
+SHA::~SHA() { ysDelete(pimpl_); }
+
+
+SHA::SHA(const SHA& that) : Digest(), pimpl_(NEW_YS SHAImpl(that.pimpl_->sha_)) {}
+
+SHA& SHA::operator=(const SHA& that)
+{
+ pimpl_->sha_ = that.pimpl_->sha_;
+ return *this;
+}
+
+
+uint SHA::get_digestSize() const
+{
+ return SHA_LEN;
+}
+
+
+uint SHA::get_padSize() const
+{
+ return PAD_SHA;
+}
+
+
+// Fill out with SHA digest from in that is sz bytes, out must be >= digest sz
+void SHA::get_digest(byte* out, const byte* in, unsigned int sz)
+{
+ pimpl_->sha_.Update(in, sz);
+ pimpl_->sha_.Final(out);
+}
+
+
+// Fill out with SHA digest from previous updates
+void SHA::get_digest(byte* out)
+{
+ pimpl_->sha_.Final(out);
+}
+
+
+// Update the current digest
+void SHA::update(const byte* in, unsigned int sz)
+{
+ pimpl_->sha_.Update(in, sz);
+}
+
+
+// RMD-160 Implementation
+struct RMD::RMDImpl {
+ TaoCrypt::RIPEMD160 rmd_;
+ RMDImpl() {}
+ explicit RMDImpl(const TaoCrypt::RIPEMD160& rmd) : rmd_(rmd) {}
+};
+
+
+RMD::RMD() : pimpl_(NEW_YS RMDImpl) {}
+
+
+RMD::~RMD() { ysDelete(pimpl_); }
+
+
+RMD::RMD(const RMD& that) : Digest(), pimpl_(NEW_YS RMDImpl(that.pimpl_->rmd_)) {}
+
+RMD& RMD::operator=(const RMD& that)
+{
+ pimpl_->rmd_ = that.pimpl_->rmd_;
+ return *this;
+}
+
+
+uint RMD::get_digestSize() const
+{
+ return RMD_LEN;
+}
+
+
+uint RMD::get_padSize() const
+{
+ return PAD_RMD;
+}
+
+
+// Fill out with RMD digest from in that is sz bytes, out must be >= digest sz
+void RMD::get_digest(byte* out, const byte* in, unsigned int sz)
+{
+ pimpl_->rmd_.Update(in, sz);
+ pimpl_->rmd_.Final(out);
+}
+
+
+// Fill out with RMD digest from previous updates
+void RMD::get_digest(byte* out)
+{
+ pimpl_->rmd_.Final(out);
+}
+
+
+// Update the current digest
+void RMD::update(const byte* in, unsigned int sz)
+{
+ pimpl_->rmd_.Update(in, sz);
+}
+
+
+// HMAC_MD5 Implementation
+struct HMAC_MD5::HMAC_MD5Impl {
+ TaoCrypt::HMAC<TaoCrypt::MD5> mac_;
+ HMAC_MD5Impl() {}
+};
+
+
+HMAC_MD5::HMAC_MD5(const byte* secret, unsigned int len)
+ : pimpl_(NEW_YS HMAC_MD5Impl)
+{
+ pimpl_->mac_.SetKey(secret, len);
+}
+
+
+HMAC_MD5::~HMAC_MD5() { ysDelete(pimpl_); }
+
+
+uint HMAC_MD5::get_digestSize() const
+{
+ return MD5_LEN;
+}
+
+
+uint HMAC_MD5::get_padSize() const
+{
+ return PAD_MD5;
+}
+
+
+// Fill out with MD5 digest from in that is sz bytes, out must be >= digest sz
+void HMAC_MD5::get_digest(byte* out, const byte* in, unsigned int sz)
+{
+ pimpl_->mac_.Update(in, sz);
+ pimpl_->mac_.Final(out);
+}
+
+// Fill out with MD5 digest from previous updates
+void HMAC_MD5::get_digest(byte* out)
+{
+ pimpl_->mac_.Final(out);
+}
+
+
+// Update the current digest
+void HMAC_MD5::update(const byte* in, unsigned int sz)
+{
+ pimpl_->mac_.Update(in, sz);
+}
+
+
+// HMAC_SHA Implementation
+struct HMAC_SHA::HMAC_SHAImpl {
+ TaoCrypt::HMAC<TaoCrypt::SHA> mac_;
+ HMAC_SHAImpl() {}
+};
+
+
+HMAC_SHA::HMAC_SHA(const byte* secret, unsigned int len)
+ : pimpl_(NEW_YS HMAC_SHAImpl)
+{
+ pimpl_->mac_.SetKey(secret, len);
+}
+
+
+HMAC_SHA::~HMAC_SHA() { ysDelete(pimpl_); }
+
+
+uint HMAC_SHA::get_digestSize() const
+{
+ return SHA_LEN;
+}
+
+
+uint HMAC_SHA::get_padSize() const
+{
+ return PAD_SHA;
+}
+
+
+// Fill out with SHA digest from in that is sz bytes, out must be >= digest sz
+void HMAC_SHA::get_digest(byte* out, const byte* in, unsigned int sz)
+{
+ pimpl_->mac_.Update(in, sz);
+ pimpl_->mac_.Final(out);
+}
+
+// Fill out with SHA digest from previous updates
+void HMAC_SHA::get_digest(byte* out)
+{
+ pimpl_->mac_.Final(out);
+}
+
+
+// Update the current digest
+void HMAC_SHA::update(const byte* in, unsigned int sz)
+{
+ pimpl_->mac_.Update(in, sz);
+}
+
+
+
+// HMAC_RMD Implementation
+struct HMAC_RMD::HMAC_RMDImpl {
+ TaoCrypt::HMAC<TaoCrypt::RIPEMD160> mac_;
+ HMAC_RMDImpl() {}
+};
+
+
+HMAC_RMD::HMAC_RMD(const byte* secret, unsigned int len)
+ : pimpl_(NEW_YS HMAC_RMDImpl)
+{
+ pimpl_->mac_.SetKey(secret, len);
+}
+
+
+HMAC_RMD::~HMAC_RMD() { ysDelete(pimpl_); }
+
+
+uint HMAC_RMD::get_digestSize() const
+{
+ return RMD_LEN;
+}
+
+
+uint HMAC_RMD::get_padSize() const
+{
+ return PAD_RMD;
+}
+
+
+// Fill out with RMD digest from in that is sz bytes, out must be >= digest sz
+void HMAC_RMD::get_digest(byte* out, const byte* in, unsigned int sz)
+{
+ pimpl_->mac_.Update(in, sz);
+ pimpl_->mac_.Final(out);
+}
+
+// Fill out with RMD digest from previous updates
+void HMAC_RMD::get_digest(byte* out)
+{
+ pimpl_->mac_.Final(out);
+}
+
+
+// Update the current digest
+void HMAC_RMD::update(const byte* in, unsigned int sz)
+{
+ pimpl_->mac_.Update(in, sz);
+}
+
+
+struct DES::DESImpl {
+ TaoCrypt::DES_CBC_Encryption encryption;
+ TaoCrypt::DES_CBC_Decryption decryption;
+};
+
+
+DES::DES() : pimpl_(NEW_YS DESImpl) {}
+
+DES::~DES() { ysDelete(pimpl_); }
+
+
+void DES::set_encryptKey(const byte* k, const byte* iv)
+{
+ pimpl_->encryption.SetKey(k, DES_KEY_SZ, iv);
+}
+
+
+void DES::set_decryptKey(const byte* k, const byte* iv)
+{
+ pimpl_->decryption.SetKey(k, DES_KEY_SZ, iv);
+}
+
+// DES encrypt plain of length sz into cipher
+void DES::encrypt(byte* cipher, const byte* plain, unsigned int sz)
+{
+ pimpl_->encryption.Process(cipher, plain, sz);
+}
+
+
+// DES decrypt cipher of length sz into plain
+void DES::decrypt(byte* plain, const byte* cipher, unsigned int sz)
+{
+ pimpl_->decryption.Process(plain, cipher, sz);
+}
+
+
+struct DES_EDE::DES_EDEImpl {
+ TaoCrypt::DES_EDE3_CBC_Encryption encryption;
+ TaoCrypt::DES_EDE3_CBC_Decryption decryption;
+};
+
+
+DES_EDE::DES_EDE() : pimpl_(NEW_YS DES_EDEImpl) {}
+
+DES_EDE::~DES_EDE() { ysDelete(pimpl_); }
+
+
+void DES_EDE::set_encryptKey(const byte* k, const byte* iv)
+{
+ pimpl_->encryption.SetKey(k, DES_EDE_KEY_SZ, iv);
+}
+
+
+void DES_EDE::set_decryptKey(const byte* k, const byte* iv)
+{
+ pimpl_->decryption.SetKey(k, DES_EDE_KEY_SZ, iv);
+}
+
+
+// 3DES encrypt plain of length sz into cipher
+void DES_EDE::encrypt(byte* cipher, const byte* plain, unsigned int sz)
+{
+ pimpl_->encryption.Process(cipher, plain, sz);
+}
+
+
+// 3DES decrypt cipher of length sz into plain
+void DES_EDE::decrypt(byte* plain, const byte* cipher, unsigned int sz)
+{
+ pimpl_->decryption.Process(plain, cipher, sz);
+}
+
+
+// Implementation of alledged RC4
+struct RC4::RC4Impl {
+ TaoCrypt::ARC4::Encryption encryption;
+ TaoCrypt::ARC4::Decryption decryption;
+};
+
+
+RC4::RC4() : pimpl_(NEW_YS RC4Impl) {}
+
+RC4::~RC4() { ysDelete(pimpl_); }
+
+
+void RC4::set_encryptKey(const byte* k, const byte*)
+{
+ pimpl_->encryption.SetKey(k, RC4_KEY_SZ);
+}
+
+
+void RC4::set_decryptKey(const byte* k, const byte*)
+{
+ pimpl_->decryption.SetKey(k, RC4_KEY_SZ);
+}
+
+
+// RC4 encrypt plain of length sz into cipher
+void RC4::encrypt(byte* cipher, const byte* plain, unsigned int sz)
+{
+ pimpl_->encryption.Process(cipher, plain, sz);
+}
+
+
+// RC4 decrypt cipher of length sz into plain
+void RC4::decrypt(byte* plain, const byte* cipher, unsigned int sz)
+{
+ pimpl_->decryption.Process(plain, cipher, sz);
+}
+
+
+
+// Implementation of AES
+struct AES::AESImpl {
+ TaoCrypt::AES_CBC_Encryption encryption;
+ TaoCrypt::AES_CBC_Decryption decryption;
+ unsigned int keySz_;
+
+ AESImpl(unsigned int ks) : keySz_(ks) {}
+};
+
+
+AES::AES(unsigned int ks) : pimpl_(NEW_YS AESImpl(ks)) {}
+
+AES::~AES() { ysDelete(pimpl_); }
+
+
+int AES::get_keySize() const
+{
+ return pimpl_->keySz_;
+}
+
+
+void AES::set_encryptKey(const byte* k, const byte* iv)
+{
+ pimpl_->encryption.SetKey(k, pimpl_->keySz_, iv);
+}
+
+
+void AES::set_decryptKey(const byte* k, const byte* iv)
+{
+ pimpl_->decryption.SetKey(k, pimpl_->keySz_, iv);
+}
+
+
+// AES encrypt plain of length sz into cipher
+void AES::encrypt(byte* cipher, const byte* plain, unsigned int sz)
+{
+ pimpl_->encryption.Process(cipher, plain, sz);
+}
+
+
+// AES decrypt cipher of length sz into plain
+void AES::decrypt(byte* plain, const byte* cipher, unsigned int sz)
+{
+ pimpl_->decryption.Process(plain, cipher, sz);
+}
+
+
+struct RandomPool::RandomImpl {
+ TaoCrypt::RandomNumberGenerator RNG_;
+};
+
+RandomPool::RandomPool() : pimpl_(NEW_YS RandomImpl) {}
+
+RandomPool::~RandomPool() { ysDelete(pimpl_); }
+
+int RandomPool::GetError() const
+{
+ return pimpl_->RNG_.GetError();
+}
+
+void RandomPool::Fill(opaque* dst, uint sz) const
+{
+ pimpl_->RNG_.GenerateBlock(dst, sz);
+}
+
+
+// Implementation of DSS Authentication
+struct DSS::DSSImpl {
+ void SetPublic (const byte*, unsigned int);
+ void SetPrivate(const byte*, unsigned int);
+ TaoCrypt::DSA_PublicKey publicKey_;
+ TaoCrypt::DSA_PrivateKey privateKey_;
+};
+
+
+// Decode and store the public key
+void DSS::DSSImpl::SetPublic(const byte* key, unsigned int sz)
+{
+ TaoCrypt::Source source(key, sz);
+ publicKey_.Initialize(source);
+}
+
+
+// Decode and store the public key
+void DSS::DSSImpl::SetPrivate(const byte* key, unsigned int sz)
+{
+ TaoCrypt::Source source(key, sz);
+ privateKey_.Initialize(source);
+ publicKey_ = TaoCrypt::DSA_PublicKey(privateKey_);
+
+}
+
+
+// Set public or private key
+DSS::DSS(const byte* key, unsigned int sz, bool publicKey)
+ : pimpl_(NEW_YS DSSImpl)
+{
+ if (publicKey)
+ pimpl_->SetPublic(key, sz);
+ else
+ pimpl_->SetPrivate(key, sz);
+}
+
+
+DSS::~DSS()
+{
+ ysDelete(pimpl_);
+}
+
+
+uint DSS::get_signatureLength() const
+{
+ return pimpl_->publicKey_.SignatureLength();
+}
+
+
+// DSS Sign message of length sz into sig
+void DSS::sign(byte* sig, const byte* sha_digest, unsigned int /* shaSz */,
+ const RandomPool& random)
+{
+ using namespace TaoCrypt;
+
+ DSA_Signer signer(pimpl_->privateKey_);
+ signer.Sign(sha_digest, sig, random.pimpl_->RNG_);
+}
+
+
+// DSS Verify message of length sz against sig, is it correct?
+bool DSS::verify(const byte* sha_digest, unsigned int /* shaSz */,
+ const byte* sig, unsigned int /* sigSz */)
+{
+ using namespace TaoCrypt;
+
+ DSA_Verifier ver(pimpl_->publicKey_);
+ return ver.Verify(sha_digest, sig);
+}
+
+
+// Implementation of RSA key interface
+struct RSA::RSAImpl {
+ void SetPublic (const byte*, unsigned int);
+ void SetPrivate(const byte*, unsigned int);
+ TaoCrypt::RSA_PublicKey publicKey_;
+ TaoCrypt::RSA_PrivateKey privateKey_;
+};
+
+
+// Decode and store the public key
+void RSA::RSAImpl::SetPublic(const byte* key, unsigned int sz)
+{
+ TaoCrypt::Source source(key, sz);
+ publicKey_.Initialize(source);
+}
+
+
+// Decode and store the private key
+void RSA::RSAImpl::SetPrivate(const byte* key, unsigned int sz)
+{
+ TaoCrypt::Source source(key, sz);
+ privateKey_.Initialize(source);
+ publicKey_ = TaoCrypt::RSA_PublicKey(privateKey_);
+}
+
+
+// Set public or private key
+RSA::RSA(const byte* key, unsigned int sz, bool publicKey)
+ : pimpl_(NEW_YS RSAImpl)
+{
+ if (publicKey)
+ pimpl_->SetPublic(key, sz);
+ else
+ pimpl_->SetPrivate(key, sz);
+}
+
+RSA::~RSA()
+{
+ ysDelete(pimpl_);
+}
+
+
+// get cipher text length, varies on key size
+unsigned int RSA::get_cipherLength() const
+{
+ return pimpl_->publicKey_.FixedCiphertextLength();
+}
+
+
+// get signautre length, varies on key size
+unsigned int RSA::get_signatureLength() const
+{
+ return get_cipherLength();
+}
+
+
+// RSA Sign message of length sz into sig
+void RSA::sign(byte* sig, const byte* message, unsigned int sz,
+ const RandomPool& random)
+{
+ TaoCrypt::RSAES_Decryptor dec(pimpl_->privateKey_);
+ dec.SSL_Sign(message, sz, sig, random.pimpl_->RNG_);
+}
+
+
+// RSA Verify message of length sz against sig
+bool RSA::verify(const byte* message, unsigned int sz, const byte* sig,
+ unsigned int)
+{
+ TaoCrypt::RSAES_Encryptor enc(pimpl_->publicKey_);
+ return enc.SSL_Verify(message, sz, sig);
+}
+
+
+// RSA public encrypt plain of length sz into cipher
+void RSA::encrypt(byte* cipher, const byte* plain, unsigned int sz,
+ const RandomPool& random)
+{
+
+ TaoCrypt::RSAES_Encryptor enc(pimpl_->publicKey_);
+ enc.Encrypt(plain, sz, cipher, random.pimpl_->RNG_);
+}
+
+
+// RSA private decrypt cipher of length sz into plain
+void RSA::decrypt(byte* plain, const byte* cipher, unsigned int sz,
+ const RandomPool& random)
+{
+ TaoCrypt::RSAES_Decryptor dec(pimpl_->privateKey_);
+ dec.Decrypt(cipher, sz, plain, random.pimpl_->RNG_);
+}
+
+
+struct Integer::IntegerImpl {
+ TaoCrypt::Integer int_;
+
+ IntegerImpl() {}
+ explicit IntegerImpl(const TaoCrypt::Integer& i) : int_(i) {}
+};
+
+Integer::Integer() : pimpl_(NEW_YS IntegerImpl) {}
+
+Integer::~Integer() { ysDelete(pimpl_); }
+
+
+
+Integer::Integer(const Integer& other) : pimpl_(NEW_YS
+ IntegerImpl(other.pimpl_->int_))
+{}
+
+
+Integer& Integer::operator=(const Integer& that)
+{
+ pimpl_->int_ = that.pimpl_->int_;
+
+ return *this;
+}
+
+
+void Integer::assign(const byte* num, unsigned int sz)
+{
+ pimpl_->int_ = TaoCrypt::Integer(num, sz);
+}
+
+
+struct DiffieHellman::DHImpl {
+ TaoCrypt::DH dh_;
+ TaoCrypt::RandomNumberGenerator& ranPool_;
+ byte* publicKey_;
+ byte* privateKey_;
+ byte* agreedKey_;
+ uint pubKeyLength_;
+
+ DHImpl(TaoCrypt::RandomNumberGenerator& r) : ranPool_(r), publicKey_(0),
+ privateKey_(0), agreedKey_(0), pubKeyLength_(0) {}
+ ~DHImpl()
+ {
+ ysArrayDelete(agreedKey_);
+ ysArrayDelete(privateKey_);
+ ysArrayDelete(publicKey_);
+ }
+
+ DHImpl(const DHImpl& that) : dh_(that.dh_), ranPool_(that.ranPool_),
+ publicKey_(0), privateKey_(0), agreedKey_(0), pubKeyLength_(0)
+ {
+ uint length = dh_.GetByteLength();
+ AllocKeys(length, length, length);
+ }
+
+ void AllocKeys(unsigned int pubSz, unsigned int privSz, unsigned int agrSz)
+ {
+ publicKey_ = NEW_YS byte[pubSz];
+ privateKey_ = NEW_YS byte[privSz];
+ agreedKey_ = NEW_YS byte[agrSz];
+ }
+};
+
+
+
+/*
+// server Side DH, server's view
+DiffieHellman::DiffieHellman(const char* file, const RandomPool& random)
+ : pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_))
+{
+ using namespace TaoCrypt;
+ Source source;
+ FileSource(file, source);
+ if (source.size() == 0)
+ return; // TODO add error state, and force check
+ HexDecoder hd(source);
+
+ pimpl_->dh_.Initialize(source);
+
+ uint length = pimpl_->dh_.GetByteLength();
+
+ pimpl_->AllocKeys(length, length, length);
+ pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
+ pimpl_->publicKey_);
+}
+*/
+
+
+// server Side DH, client's view
+DiffieHellman::DiffieHellman(const byte* p, unsigned int pSz, const byte* g,
+ unsigned int gSz, const byte* pub,
+ unsigned int pubSz, const RandomPool& random)
+ : pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_))
+{
+ using TaoCrypt::Integer;
+
+ pimpl_->dh_.Initialize(Integer(p, pSz).Ref(), Integer(g, gSz).Ref());
+ pimpl_->publicKey_ = NEW_YS opaque[pimpl_->pubKeyLength_ = pubSz];
+ memcpy(pimpl_->publicKey_, pub, pubSz);
+}
+
+
+// Server Side DH, server's view
+DiffieHellman::DiffieHellman(const Integer& p, const Integer& g,
+ const RandomPool& random)
+: pimpl_(NEW_YS DHImpl(random.pimpl_->RNG_))
+{
+ using TaoCrypt::Integer;
+
+ pimpl_->dh_.Initialize(p.pimpl_->int_, g.pimpl_->int_);
+
+ uint length = pimpl_->dh_.GetByteLength();
+
+ pimpl_->AllocKeys(length, length, length);
+ pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
+ pimpl_->publicKey_);
+}
+
+DiffieHellman::~DiffieHellman() { ysDelete(pimpl_); }
+
+
+// Client side and view, use server that for p and g
+DiffieHellman::DiffieHellman(const DiffieHellman& that)
+ : pimpl_(NEW_YS DHImpl(*that.pimpl_))
+{
+ pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
+ pimpl_->publicKey_);
+}
+
+
+DiffieHellman& DiffieHellman::operator=(const DiffieHellman& that)
+{
+ pimpl_->dh_ = that.pimpl_->dh_;
+ pimpl_->dh_.GenerateKeyPair(pimpl_->ranPool_, pimpl_->privateKey_,
+ pimpl_->publicKey_);
+ return *this;
+}
+
+
+void DiffieHellman::makeAgreement(const byte* other, unsigned int otherSz)
+{
+ pimpl_->dh_.Agree(pimpl_->agreedKey_, pimpl_->privateKey_, other, otherSz);
+}
+
+
+uint DiffieHellman::get_agreedKeyLength() const
+{
+ return pimpl_->dh_.GetByteLength();
+}
+
+
+const byte* DiffieHellman::get_agreedKey() const
+{
+ return pimpl_->agreedKey_;
+}
+
+uint DiffieHellman::get_publicKeyLength() const
+{
+ return pimpl_->pubKeyLength_;
+}
+
+const byte* DiffieHellman::get_publicKey() const
+{
+ return pimpl_->publicKey_;
+}
+
+
+void DiffieHellman::set_sizes(int& pSz, int& gSz, int& pubSz) const
+{
+ using TaoCrypt::Integer;
+ Integer p = pimpl_->dh_.GetP();
+ Integer g = pimpl_->dh_.GetG();
+
+ pSz = p.ByteCount();
+ gSz = g.ByteCount();
+ pubSz = pimpl_->dh_.GetByteLength();
+}
+
+
+void DiffieHellman::get_parms(byte* bp, byte* bg, byte* bpub) const
+{
+ using TaoCrypt::Integer;
+ Integer p = pimpl_->dh_.GetP();
+ Integer g = pimpl_->dh_.GetG();
+
+ p.Encode(bp, p.ByteCount());
+ g.Encode(bg, g.ByteCount());
+ memcpy(bpub, pimpl_->publicKey_, pimpl_->dh_.GetByteLength());
+}
+
+
+// convert PEM file to DER x509 type
+x509* PemToDer(FILE* file, CertType type, EncryptedInfo* info)
+{
+ using namespace TaoCrypt;
+
+ char header[80];
+ char footer[80];
+
+ if (type == Cert) {
+ strncpy(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
+ strncpy(footer, "-----END CERTIFICATE-----", sizeof(footer));
+ } else {
+ strncpy(header, "-----BEGIN RSA PRIVATE KEY-----", sizeof(header));
+ strncpy(footer, "-----END RSA PRIVATE KEY-----", sizeof(header));
+ }
+
+ long begin = -1;
+ long end = 0;
+ bool foundEnd = false;
+
+ char line[80];
+
+ while(fgets(line, sizeof(line), file))
+ if (strncmp(header, line, strlen(header)) == 0) {
+ begin = ftell(file);
+ break;
+ }
+
+ // remove encrypted header if there
+ if (fgets(line, sizeof(line), file)) {
+ char encHeader[] = "Proc-Type";
+ if (strncmp(encHeader, line, strlen(encHeader)) == 0 &&
+ fgets(line,sizeof(line), file)) {
+
+ char* start = strstr(line, "DES");
+ char* finish = strstr(line, ",");
+ if (!start)
+ start = strstr(line, "AES");
+
+ if (!info) return 0;
+
+ if ( start && finish && (start < finish)) {
+ memcpy(info->name, start, finish - start);
+ info->name[finish - start] = 0;
+ memcpy(info->iv, finish + 1, sizeof(info->iv));
+
+ char* newline = strstr(line, "\r");
+ if (!newline) newline = strstr(line, "\n");
+ if (newline && (newline > finish)) {
+ info->ivSz = newline - (finish + 1);
+ info->set = true;
+ }
+ }
+ begin = ftell(file);
+ if (fgets(line,sizeof(line), file)) // get blank line
+ begin = ftell(file);
+ }
+
+ }
+
+ while(fgets(line, sizeof(line), file))
+ if (strncmp(footer, line, strlen(footer)) == 0) {
+ foundEnd = true;
+ break;
+ }
+ else
+ end = ftell(file);
+
+ if (begin == -1 || !foundEnd)
+ return 0;
+
+ input_buffer tmp(end - begin);
+ fseek(file, begin, SEEK_SET);
+ size_t bytes = fread(tmp.get_buffer(), end - begin, 1, file);
+ if (bytes != 1)
+ return 0;
+
+ Source der(tmp.get_buffer(), end - begin);
+ Base64Decoder b64Dec(der);
+
+ uint sz = der.size();
+ mySTL::auto_ptr<x509> x(NEW_YS x509(sz));
+ memcpy(x->use_buffer(), der.get_buffer(), sz);
+
+ return x.release();
+}
+
+
+} // namespace
+
+
+#ifdef HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
+namespace yaSSL {
+template void ysDelete<DiffieHellman::DHImpl>(DiffieHellman::DHImpl*);
+template void ysDelete<Integer::IntegerImpl>(Integer::IntegerImpl*);
+template void ysDelete<RSA::RSAImpl>(RSA::RSAImpl*);
+template void ysDelete<DSS::DSSImpl>(DSS::DSSImpl*);
+template void ysDelete<RandomPool::RandomImpl>(RandomPool::RandomImpl*);
+template void ysDelete<AES::AESImpl>(AES::AESImpl*);
+template void ysDelete<RC4::RC4Impl>(RC4::RC4Impl*);
+template void ysDelete<DES_EDE::DES_EDEImpl>(DES_EDE::DES_EDEImpl*);
+template void ysDelete<DES::DESImpl>(DES::DESImpl*);
+template void ysDelete<HMAC_RMD::HMAC_RMDImpl>(HMAC_RMD::HMAC_RMDImpl*);
+template void ysDelete<HMAC_SHA::HMAC_SHAImpl>(HMAC_SHA::HMAC_SHAImpl*);
+template void ysDelete<HMAC_MD5::HMAC_MD5Impl>(HMAC_MD5::HMAC_MD5Impl*);
+template void ysDelete<RMD::RMDImpl>(RMD::RMDImpl*);
+template void ysDelete<SHA::SHAImpl>(SHA::SHAImpl*);
+template void ysDelete<MD5::MD5Impl>(MD5::MD5Impl*);
+}
+#endif // HAVE_EXPLICIT_TEMPLATE_INSTANTIATION
+
+#endif // !USE_CRYPTOPP_LIB
diff --git a/mysql/extra/yassl/src/get_password.c b/mysql/extra/yassl/src/get_password.c
new file mode 100644
index 0000000..65e5763
--- /dev/null
+++ b/mysql/extra/yassl/src/get_password.c
@@ -0,0 +1,218 @@
+/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
+
+/*
+** Ask for a password from tty
+** This is an own file to avoid conflicts with curses
+*/
+#include <my_global.h>
+#include <my_sys.h>
+#include "mysql.h"
+#include <m_string.h>
+#include <m_ctype.h>
+#include <mysql/get_password.h>
+
+#ifdef HAVE_GETPASS
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif /* HAVE_PWD_H */
+#else /* ! HAVE_GETPASS */
+#ifndef _WIN32
+#ifdef HAVE_SYS_IOCTL_H
+#include <sys/ioctl.h>
+#endif
+#ifdef HAVE_TERMIOS_H /* For tty-password */
+#include <termios.h>
+#define TERMIO struct termios
+#else
+#ifdef HAVE_TERMIO_H /* For tty-password */
+#include <termio.h>
+#define TERMIO struct termio
+#else
+#include <sgtty.h>
+#define TERMIO struct sgttyb
+#endif
+#endif
+#else
+#include <conio.h>
+#endif /* _WIN32 */
+#endif /* HAVE_GETPASS */
+
+#ifdef HAVE_GETPASSPHRASE /* For Solaris */
+#define getpass(A) getpassphrase(A)
+#endif
+
+#ifdef _WIN32
+/* were just going to fake it here and get input from
+ the keyboard */
+
+char *get_tty_password_ext(const char *opt_message,
+ strdup_handler_t strdup_function)
+{
+ char to[80];
+ char *pos=to,*end=to+sizeof(to)-1;
+ int i=0;
+ DBUG_ENTER("get_tty_password_ext");
+ _cputs(opt_message ? opt_message : "Enter password: ");
+ for (;;)
+ {
+ char tmp;
+ tmp=_getch();
+ if (tmp == '\b' || (int) tmp == 127)
+ {
+ if (pos != to)
+ {
+ _cputs("\b \b");
+ pos--;
+ continue;
+ }
+ }
+ if (tmp == '\n' || tmp == '\r' || tmp == 3)
+ break;
+ if (iscntrl(tmp) || pos == end)
+ continue;
+ _cputs("*");
+ *(pos++) = tmp;
+ }
+ while (pos != to && isspace(pos[-1]) == ' ')
+ pos--; /* Allow dummy space at end */
+ *pos=0;
+ _cputs("\n");
+ DBUG_RETURN(strdup_function(to,MYF(MY_FAE)));
+}
+
+#else
+
+
+#ifndef HAVE_GETPASS
+/*
+** Can't use fgets, because readline will get confused
+** length is max number of chars in to, not counting \0
+* to will not include the eol characters.
+*/
+
+static void get_password(char *to,uint length,int fd, my_bool echo)
+{
+ char *pos=to,*end=to+length;
+
+ for (;;)
+ {
+ char tmp;
+ if (my_read(fd,&tmp,1,MYF(0)) != 1)
+ break;
+ if (tmp == '\b' || (int) tmp == 127)
+ {
+ if (pos != to)
+ {
+ if (echo)
+ {
+ fputs("\b \b",stderr);
+ fflush(stderr);
+ }
+ pos--;
+ continue;
+ }
+ }
+ if (tmp == '\n' || tmp == '\r' || tmp == 3)
+ break;
+ if (iscntrl(tmp) || pos == end)
+ continue;
+ if (echo)
+ {
+ fputc('*',stderr);
+ fflush(stderr);
+ }
+ *(pos++) = tmp;
+ }
+ while (pos != to && isspace(pos[-1]) == ' ')
+ pos--; /* Allow dummy space at end */
+ *pos=0;
+ return;
+}
+
+#endif /* ! HAVE_GETPASS */
+
+
+char *get_tty_password_ext(const char *opt_message,
+ strdup_handler_t strdup_function)
+{
+#ifdef HAVE_GETPASS
+ char *passbuff;
+#else /* ! HAVE_GETPASS */
+ TERMIO org,tmp;
+#endif /* HAVE_GETPASS */
+ char buff[80];
+
+ DBUG_ENTER("get_tty_password_ext");
+
+#ifdef HAVE_GETPASS
+ passbuff = getpass(opt_message ? opt_message : "Enter password: ");
+
+ /* copy the password to buff and clear original (static) buffer */
+ my_stpnmov(buff, passbuff, sizeof(buff) - 1);
+#ifdef _PASSWORD_LEN
+ memset(passbuff, 0, _PASSWORD_LEN);
+#endif
+#else
+ if (isatty(fileno(stderr)))
+ {
+ fputs(opt_message ? opt_message : "Enter password: ",stderr);
+ fflush(stderr);
+ }
+#if defined(HAVE_TERMIOS_H)
+ tcgetattr(fileno(stdin), &org);
+ tmp = org;
+ tmp.c_lflag &= ~(ECHO | ISIG | ICANON);
+ tmp.c_cc[VMIN] = 1;
+ tmp.c_cc[VTIME] = 0;
+ tcsetattr(fileno(stdin), TCSADRAIN, &tmp);
+ get_password(buff, sizeof(buff)-1, fileno(stdin), isatty(fileno(stderr)));
+ tcsetattr(fileno(stdin), TCSADRAIN, &org);
+#elif defined(HAVE_TERMIO_H)
+ ioctl(fileno(stdin), (int) TCGETA, &org);
+ tmp=org;
+ tmp.c_lflag &= ~(ECHO | ISIG | ICANON);
+ tmp.c_cc[VMIN] = 1;
+ tmp.c_cc[VTIME]= 0;
+ ioctl(fileno(stdin),(int) TCSETA, &tmp);
+ get_password(buff,sizeof(buff)-1,fileno(stdin),isatty(fileno(stderr)));
+ ioctl(fileno(stdin),(int) TCSETA, &org);
+#else
+ gtty(fileno(stdin), &org);
+ tmp=org;
+ tmp.sg_flags &= ~ECHO;
+ tmp.sg_flags |= RAW;
+ stty(fileno(stdin), &tmp);
+ get_password(buff,sizeof(buff)-1,fileno(stdin),isatty(fileno(stderr)));
+ stty(fileno(stdin), &org);
+#endif
+ if (isatty(fileno(stderr)))
+ fputc('\n',stderr);
+#endif /* HAVE_GETPASS */
+
+ DBUG_RETURN(strdup_function(buff,MYF(MY_FAE)));
+}
+
+#endif /* _WIN32 */
+
+static char * my_strdup_fct(const char *str, myf flags)
+{
+ return my_strdup(PSI_NOT_INSTRUMENTED, str, flags);
+}
+
+char *get_tty_password(const char *opt_message)
+{
+ return get_tty_password_ext(opt_message, my_strdup_fct);
+}
diff --git a/mysql/extra/yassl/src/handshake.cpp b/mysql/extra/yassl/src/handshake.cpp
new file mode 100644
index 0000000..91cc407
--- /dev/null
+++ b/mysql/extra/yassl/src/handshake.cpp
@@ -0,0 +1,1190 @@
+/*
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* The handshake source implements functions for creating and reading
+ * the various handshake messages.
+ */
+
+
+
+#include "runtime.hpp"
+#include "handshake.hpp"
+#include "yassl_int.hpp"
+
+
+namespace yaSSL {
+
+
+
+// Build a client hello message from cipher suites and compression method
+void buildClientHello(SSL& ssl, ClientHello& hello)
+{
+ // store for pre master secret
+ ssl.useSecurity().use_connection().chVersion_ = hello.client_version_;
+
+ ssl.getCrypto().get_random().Fill(hello.random_, RAN_LEN);
+ if (ssl.getSecurity().get_resuming()) {
+ hello.id_len_ = ID_LEN;
+ memcpy(hello.session_id_, ssl.getSecurity().get_resume().GetID(),
+ ID_LEN);
+ }
+ else
+ hello.id_len_ = 0;
+ hello.suite_len_ = ssl.getSecurity().get_parms().suites_size_;
+ memcpy(hello.cipher_suites_, ssl.getSecurity().get_parms().suites_,
+ hello.suite_len_);
+ hello.comp_len_ = 1;
+
+ hello.set_length(sizeof(ProtocolVersion) +
+ RAN_LEN +
+ hello.id_len_ + sizeof(hello.id_len_) +
+ hello.suite_len_ + sizeof(hello.suite_len_) +
+ hello.comp_len_ + sizeof(hello.comp_len_));
+}
+
+
+// Build a server hello message
+void buildServerHello(SSL& ssl, ServerHello& hello)
+{
+ if (ssl.getSecurity().get_resuming()) {
+ memcpy(hello.random_,ssl.getSecurity().get_connection().server_random_,
+ RAN_LEN);
+ memcpy(hello.session_id_, ssl.getSecurity().get_resume().GetID(),
+ ID_LEN);
+ }
+ else {
+ ssl.getCrypto().get_random().Fill(hello.random_, RAN_LEN);
+ ssl.getCrypto().get_random().Fill(hello.session_id_, ID_LEN);
+ }
+ hello.id_len_ = ID_LEN;
+ ssl.set_sessionID(hello.session_id_);
+
+ hello.cipher_suite_[0] = ssl.getSecurity().get_parms().suite_[0];
+ hello.cipher_suite_[1] = ssl.getSecurity().get_parms().suite_[1];
+ hello.compression_method_ = hello.compression_method_;
+
+ hello.set_length(sizeof(ProtocolVersion) + RAN_LEN + ID_LEN +
+ sizeof(hello.id_len_) + SUITE_LEN + SIZEOF_ENUM);
+}
+
+
+// add handshake from buffer into md5 and sha hashes, use handshake header
+void hashHandShake(SSL& ssl, const input_buffer& input, uint sz)
+{
+ const opaque* buffer = input.get_buffer() + input.get_current() -
+ HANDSHAKE_HEADER;
+ sz += HANDSHAKE_HEADER;
+ ssl.useHashes().use_MD5().update(buffer, sz);
+ ssl.useHashes().use_SHA().update(buffer, sz);
+}
+
+
+// locals
+namespace {
+
+// Write a plaintext record to buffer
+void buildOutput(output_buffer& buffer, const RecordLayerHeader& rlHdr,
+ const Message& msg)
+{
+ buffer.allocate(RECORD_HEADER + rlHdr.length_);
+ buffer << rlHdr << msg;
+}
+
+
+// Write a plaintext record to buffer
+void buildOutput(output_buffer& buffer, const RecordLayerHeader& rlHdr,
+ const HandShakeHeader& hsHdr, const HandShakeBase& shake)
+{
+ buffer.allocate(RECORD_HEADER + rlHdr.length_);
+ buffer << rlHdr << hsHdr << shake;
+}
+
+
+// Build Record Layer header for Message without handshake header
+void buildHeader(SSL& ssl, RecordLayerHeader& rlHeader, const Message& msg)
+{
+ ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
+ rlHeader.type_ = msg.get_type();
+ rlHeader.version_.major_ = pv.major_;
+ rlHeader.version_.minor_ = pv.minor_;
+ rlHeader.length_ = msg.get_length();
+}
+
+
+// Build HandShake and RecordLayer Headers for handshake output
+void buildHeaders(SSL& ssl, HandShakeHeader& hsHeader,
+ RecordLayerHeader& rlHeader, const HandShakeBase& shake)
+{
+ int sz = shake.get_length();
+
+ hsHeader.set_type(shake.get_type());
+ hsHeader.set_length(sz);
+
+ ProtocolVersion pv = ssl.getSecurity().get_connection().version_;
+ rlHeader.type_ = handshake;
+ rlHeader.version_.major_ = pv.major_;
+ rlHeader.version_.minor_ = pv.minor_;
+ rlHeader.length_ = sz + HANDSHAKE_HEADER;
+}
+
+
+// add handshake from buffer into md5 and sha hashes, exclude record header
+void hashHandShake(SSL& ssl, const output_buffer& output, bool removeIV = false)
+{
+ uint sz = output.get_size() - RECORD_HEADER;
+
+ const opaque* buffer = output.get_buffer() + RECORD_HEADER;
+
+ if (removeIV) { // TLSv1_1 IV
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+ sz -= blockSz;
+ buffer += blockSz;
+ }
+
+ ssl.useHashes().use_MD5().update(buffer, sz);
+ ssl.useHashes().use_SHA().update(buffer, sz);
+}
+
+
+// calculate MD5 hash for finished
+void buildMD5(SSL& ssl, Finished& fin, const opaque* sender)
+{
+
+ opaque md5_result[MD5_LEN];
+ opaque md5_inner[SIZEOF_SENDER + SECRET_LEN + PAD_MD5];
+ opaque md5_outer[SECRET_LEN + PAD_MD5 + MD5_LEN];
+
+ const opaque* master_secret =
+ ssl.getSecurity().get_connection().master_secret_;
+
+ // make md5 inner
+ memcpy(md5_inner, sender, SIZEOF_SENDER);
+ memcpy(&md5_inner[SIZEOF_SENDER], master_secret, SECRET_LEN);
+ memcpy(&md5_inner[SIZEOF_SENDER + SECRET_LEN], PAD1, PAD_MD5);
+
+ ssl.useHashes().use_MD5().get_digest(md5_result, md5_inner,
+ sizeof(md5_inner));
+
+ // make md5 outer
+ memcpy(md5_outer, master_secret, SECRET_LEN);
+ memcpy(&md5_outer[SECRET_LEN], PAD2, PAD_MD5);
+ memcpy(&md5_outer[SECRET_LEN + PAD_MD5], md5_result, MD5_LEN);
+
+ ssl.useHashes().use_MD5().get_digest(fin.set_md5(), md5_outer,
+ sizeof(md5_outer));
+}
+
+
+// calculate SHA hash for finished
+void buildSHA(SSL& ssl, Finished& fin, const opaque* sender)
+{
+
+ opaque sha_result[SHA_LEN];
+ opaque sha_inner[SIZEOF_SENDER + SECRET_LEN + PAD_SHA];
+ opaque sha_outer[SECRET_LEN + PAD_SHA + SHA_LEN];
+
+ const opaque* master_secret =
+ ssl.getSecurity().get_connection().master_secret_;
+
+ // make sha inner
+ memcpy(sha_inner, sender, SIZEOF_SENDER);
+ memcpy(&sha_inner[SIZEOF_SENDER], master_secret, SECRET_LEN);
+ memcpy(&sha_inner[SIZEOF_SENDER + SECRET_LEN], PAD1, PAD_SHA);
+
+ ssl.useHashes().use_SHA().get_digest(sha_result, sha_inner,
+ sizeof(sha_inner));
+
+ // make sha outer
+ memcpy(sha_outer, master_secret, SECRET_LEN);
+ memcpy(&sha_outer[SECRET_LEN], PAD2, PAD_SHA);
+ memcpy(&sha_outer[SECRET_LEN + PAD_SHA], sha_result, SHA_LEN);
+
+ ssl.useHashes().use_SHA().get_digest(fin.set_sha(), sha_outer,
+ sizeof(sha_outer));
+}
+
+
+// sanity checks on encrypted message size
+static int sanity_check_message(SSL& ssl, uint msgSz)
+{
+ uint minSz = 0;
+
+ if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+ if (msgSz % blockSz)
+ return -1;
+
+ minSz = ssl.getSecurity().get_parms().hash_size_ + 1; // pad byte too
+ if (blockSz > minSz)
+ minSz = blockSz;
+
+ if (ssl.isTLSv1_1())
+ minSz += blockSz; // explicit IV
+ }
+ else { // stream
+ minSz = ssl.getSecurity().get_parms().hash_size_;
+ }
+
+ if (msgSz < minSz)
+ return -1;
+
+ return 0;
+}
+
+
+// decrypt input message in place, store size in case needed later
+void decrypt_message(SSL& ssl, input_buffer& input, uint sz)
+{
+ input_buffer plain(sz);
+ opaque* cipher = input.get_buffer() + input.get_current();
+
+ if (sanity_check_message(ssl, sz) != 0) {
+ ssl.SetError(sanityCipher_error);
+ return;
+ }
+
+ ssl.useCrypto().use_cipher().decrypt(plain.get_buffer(), cipher, sz);
+ memcpy(cipher, plain.get_buffer(), sz);
+ ssl.useSecurity().use_parms().encrypt_size_ = sz;
+
+ if (ssl.isTLSv1_1()) // IV
+ input.set_current(input.get_current() +
+ ssl.getCrypto().get_cipher().get_blockSize());
+}
+
+
+// output operator for input_buffer
+output_buffer& operator<<(output_buffer& output, const input_buffer& input)
+{
+ output.write(input.get_buffer(), input.get_size());
+ return output;
+}
+
+
+// write headers, handshake hash, mac, pad, and encrypt
+void cipherFinished(SSL& ssl, Finished& fin, output_buffer& output)
+{
+ uint digestSz = ssl.getCrypto().get_digest().get_digestSize();
+ uint finishedSz = ssl.isTLS() ? TLS_FINISHED_SZ : FINISHED_SZ;
+ uint sz = RECORD_HEADER + HANDSHAKE_HEADER + finishedSz + digestSz;
+ uint pad = 0;
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+
+ if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ if (ssl.isTLSv1_1())
+ sz += blockSz; // IV
+ sz += 1; // pad byte
+ pad = (sz - RECORD_HEADER) % blockSz;
+ pad = blockSz - pad;
+ sz += pad;
+ }
+
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ buildHeaders(ssl, hsHeader, rlHeader, fin);
+ rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
+ // and pad, hanshake doesn't
+ input_buffer iv;
+ if (ssl.isTLSv1_1() && ssl.getSecurity().get_parms().cipher_type_== block){
+ iv.allocate(blockSz);
+ ssl.getCrypto().get_random().Fill(iv.get_buffer(), blockSz);
+ iv.add_size(blockSz);
+ }
+ uint ivSz = iv.get_size();
+ output.allocate(sz);
+ output << rlHeader << iv << hsHeader << fin;
+
+ hashHandShake(ssl, output, ssl.isTLSv1_1() ? true : false);
+ opaque digest[SHA_LEN]; // max size
+ if (ssl.isTLS())
+ TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER + ivSz,
+ output.get_size() - RECORD_HEADER - ivSz, handshake);
+ else
+ hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
+ output.get_size() - RECORD_HEADER, handshake);
+ output.write(digest, digestSz);
+
+ if (ssl.getSecurity().get_parms().cipher_type_ == block)
+ for (uint i = 0; i <= pad; i++) output[AUTO] = pad; // pad byte gets
+ // pad value too
+ input_buffer cipher(rlHeader.length_);
+ ssl.useCrypto().use_cipher().encrypt(cipher.get_buffer(),
+ output.get_buffer() + RECORD_HEADER, output.get_size() - RECORD_HEADER);
+ output.set_current(RECORD_HEADER);
+ output.write(cipher.get_buffer(), cipher.get_capacity());
+}
+
+
+// build an encrypted data or alert message for output
+void buildMessage(SSL& ssl, output_buffer& output, const Message& msg)
+{
+ uint digestSz = ssl.getCrypto().get_digest().get_digestSize();
+ uint sz = RECORD_HEADER + msg.get_length() + digestSz;
+ uint pad = 0;
+ uint blockSz = ssl.getCrypto().get_cipher().get_blockSize();
+
+ if (ssl.getSecurity().get_parms().cipher_type_ == block) {
+ if (ssl.isTLSv1_1()) // IV
+ sz += blockSz;
+ sz += 1; // pad byte
+ pad = (sz - RECORD_HEADER) % blockSz;
+ pad = blockSz - pad;
+ sz += pad;
+ }
+
+ RecordLayerHeader rlHeader;
+ buildHeader(ssl, rlHeader, msg);
+ rlHeader.length_ = sz - RECORD_HEADER; // record header includes mac
+ // and pad, hanshake doesn't
+ input_buffer iv;
+ if (ssl.isTLSv1_1() && ssl.getSecurity().get_parms().cipher_type_== block){
+ iv.allocate(blockSz);
+ ssl.getCrypto().get_random().Fill(iv.get_buffer(), blockSz);
+ iv.add_size(blockSz);
+ }
+
+ uint ivSz = iv.get_size();
+ output.allocate(sz);
+ output << rlHeader << iv << msg;
+
+ opaque digest[SHA_LEN]; // max size
+ if (ssl.isTLS())
+ TLS_hmac(ssl, digest, output.get_buffer() + RECORD_HEADER + ivSz,
+ output.get_size() - RECORD_HEADER - ivSz, msg.get_type());
+ else
+ hmac(ssl, digest, output.get_buffer() + RECORD_HEADER,
+ output.get_size() - RECORD_HEADER, msg.get_type());
+ output.write(digest, digestSz);
+
+ if (ssl.getSecurity().get_parms().cipher_type_ == block)
+ for (uint i = 0; i <= pad; i++) output[AUTO] = pad; // pad byte gets
+ // pad value too
+ input_buffer cipher(rlHeader.length_);
+ ssl.useCrypto().use_cipher().encrypt(cipher.get_buffer(),
+ output.get_buffer() + RECORD_HEADER, output.get_size() - RECORD_HEADER);
+ output.set_current(RECORD_HEADER);
+ output.write(cipher.get_buffer(), cipher.get_capacity());
+}
+
+
+// build alert message
+void buildAlert(SSL& ssl, output_buffer& output, const Alert& alert)
+{
+ if (ssl.getSecurity().get_parms().pending_ == false) // encrypted
+ buildMessage(ssl, output, alert);
+ else {
+ RecordLayerHeader rlHeader;
+ buildHeader(ssl, rlHeader, alert);
+ buildOutput(output, rlHeader, alert);
+ }
+}
+
+
+// build TLS finished message
+void buildFinishedTLS(SSL& ssl, Finished& fin, const opaque* sender)
+{
+ opaque handshake_hash[FINISHED_SZ];
+
+ ssl.useHashes().use_MD5().get_digest(handshake_hash);
+ ssl.useHashes().use_SHA().get_digest(&handshake_hash[MD5_LEN]);
+
+ const opaque* side;
+ if ( strncmp((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0)
+ side = tls_client;
+ else
+ side = tls_server;
+
+ PRF(fin.set_md5(), TLS_FINISHED_SZ,
+ ssl.getSecurity().get_connection().master_secret_, SECRET_LEN,
+ side, FINISHED_LABEL_SZ,
+ handshake_hash, FINISHED_SZ);
+
+ fin.set_length(TLS_FINISHED_SZ); // shorter length for TLS
+}
+
+
+// compute p_hash for MD5 or SHA-1 for TLSv1 PRF
+void p_hash(output_buffer& result, const output_buffer& secret,
+ const output_buffer& seed, MACAlgorithm hash)
+{
+ uint len = hash == md5 ? MD5_LEN : SHA_LEN;
+ uint times = result.get_capacity() / len;
+ uint lastLen = result.get_capacity() % len;
+ opaque previous[SHA_LEN]; // max size
+ opaque current[SHA_LEN]; // max size
+ mySTL::auto_ptr<Digest> hmac;
+
+ if (lastLen) times += 1;
+
+ if (hash == md5)
+ hmac.reset(NEW_YS HMAC_MD5(secret.get_buffer(), secret.get_size()));
+ else
+ hmac.reset(NEW_YS HMAC_SHA(secret.get_buffer(), secret.get_size()));
+ // A0 = seed
+ hmac->get_digest(previous, seed.get_buffer(), seed.get_size());// A1
+ uint lastTime = times - 1;
+
+ for (uint i = 0; i < times; i++) {
+ hmac->update(previous, len);
+ hmac->get_digest(current, seed.get_buffer(), seed.get_size());
+
+ if (lastLen && (i == lastTime))
+ result.write(current, lastLen);
+ else {
+ result.write(current, len);
+ //memcpy(previous, current, len);
+ hmac->get_digest(previous, previous, len);
+ }
+ }
+}
+
+
+// calculate XOR for TLSv1 PRF
+void get_xor(byte *digest, uint digLen, output_buffer& md5,
+ output_buffer& sha)
+{
+ for (uint i = 0; i < digLen; i++)
+ digest[i] = md5[AUTO] ^ sha[AUTO];
+}
+
+
+// build MD5 part of certificate verify
+void buildMD5_CertVerify(SSL& ssl, byte* digest)
+{
+ opaque md5_result[MD5_LEN];
+ opaque md5_inner[SECRET_LEN + PAD_MD5];
+ opaque md5_outer[SECRET_LEN + PAD_MD5 + MD5_LEN];
+
+ const opaque* master_secret =
+ ssl.getSecurity().get_connection().master_secret_;
+
+ // make md5 inner
+ memcpy(md5_inner, master_secret, SECRET_LEN);
+ memcpy(&md5_inner[SECRET_LEN], PAD1, PAD_MD5);
+
+ ssl.useHashes().use_MD5().get_digest(md5_result, md5_inner,
+ sizeof(md5_inner));
+
+ // make md5 outer
+ memcpy(md5_outer, master_secret, SECRET_LEN);
+ memcpy(&md5_outer[SECRET_LEN], PAD2, PAD_MD5);
+ memcpy(&md5_outer[SECRET_LEN + PAD_MD5], md5_result, MD5_LEN);
+
+ ssl.useHashes().use_MD5().get_digest(digest, md5_outer, sizeof(md5_outer));
+}
+
+
+// build SHA part of certificate verify
+void buildSHA_CertVerify(SSL& ssl, byte* digest)
+{
+ opaque sha_result[SHA_LEN];
+ opaque sha_inner[SECRET_LEN + PAD_SHA];
+ opaque sha_outer[SECRET_LEN + PAD_SHA + SHA_LEN];
+
+ const opaque* master_secret =
+ ssl.getSecurity().get_connection().master_secret_;
+
+ // make sha inner
+ memcpy(sha_inner, master_secret, SECRET_LEN);
+ memcpy(&sha_inner[SECRET_LEN], PAD1, PAD_SHA);
+
+ ssl.useHashes().use_SHA().get_digest(sha_result, sha_inner,
+ sizeof(sha_inner));
+
+ // make sha outer
+ memcpy(sha_outer, master_secret, SECRET_LEN);
+ memcpy(&sha_outer[SECRET_LEN], PAD2, PAD_SHA);
+ memcpy(&sha_outer[SECRET_LEN + PAD_SHA], sha_result, SHA_LEN);
+
+ ssl.useHashes().use_SHA().get_digest(digest, sha_outer, sizeof(sha_outer));
+}
+
+
+} // namespace for locals
+
+
+// some clients still send sslv2 client hello
+void ProcessOldClientHello(input_buffer& input, SSL& ssl)
+{
+ if (input.get_error() || input.get_remaining() < 2) {
+ ssl.SetError(bad_input);
+ return;
+ }
+ byte b0 = input[AUTO];
+ byte b1 = input[AUTO];
+
+ uint16 sz = ((b0 & 0x7f) << 8) | b1;
+
+ if (sz > input.get_remaining()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ // hashHandShake manually
+ const opaque* buffer = input.get_buffer() + input.get_current();
+ ssl.useHashes().use_MD5().update(buffer, sz);
+ ssl.useHashes().use_SHA().update(buffer, sz);
+
+ b1 = input[AUTO]; // does this value mean client_hello?
+
+ ClientHello ch;
+ ch.client_version_.major_ = input[AUTO];
+ ch.client_version_.minor_ = input[AUTO];
+
+ byte len[2];
+
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
+ ato16(len, ch.suite_len_);
+
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
+ uint16 sessionLen;
+ ato16(len, sessionLen);
+ ch.id_len_ = sessionLen;
+
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
+ uint16 randomLen;
+ ato16(len, randomLen);
+
+ if (input.get_error() || ch.suite_len_ > MAX_SUITE_SZ ||
+ ch.suite_len_ > input.get_remaining() ||
+ sessionLen > ID_LEN || randomLen > RAN_LEN) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ int j = 0;
+ for (uint16 i = 0; i < ch.suite_len_; i += 3) {
+ byte first = input[AUTO];
+ if (first) // sslv2 type
+ input.read(len, SUITE_LEN); // skip
+ else {
+ input.read(&ch.cipher_suites_[j], SUITE_LEN);
+ j += SUITE_LEN;
+ }
+ }
+ ch.suite_len_ = j;
+
+ if (ch.id_len_)
+ input.read(ch.session_id_, ch.id_len_); // id_len_ from sessionLen
+
+ if (randomLen < RAN_LEN)
+ memset(ch.random_, 0, RAN_LEN - randomLen);
+ input.read(&ch.random_[RAN_LEN - randomLen], randomLen);
+
+ ch.Process(input, ssl);
+}
+
+
+// Build a finished message, see 7.6.9
+void buildFinished(SSL& ssl, Finished& fin, const opaque* sender)
+{
+ // store current states, building requires get_digest which resets state
+ MD5 md5(ssl.getHashes().get_MD5());
+ SHA sha(ssl.getHashes().get_SHA());
+
+ if (ssl.isTLS())
+ buildFinishedTLS(ssl, fin, sender);
+ else {
+ buildMD5(ssl, fin, sender);
+ buildSHA(ssl, fin, sender);
+ }
+
+ // restore
+ ssl.useHashes().use_MD5() = md5;
+ ssl.useHashes().use_SHA() = sha;
+}
+
+
+/* compute SSLv3 HMAC into digest see
+ * buffer is of sz size and includes HandShake Header but not a Record Header
+ * verify means to check peers hmac
+*/
+void hmac(SSL& ssl, byte* digest, const byte* buffer, uint sz,
+ ContentType content, bool verify)
+{
+ Digest& mac = ssl.useCrypto().use_digest();
+ opaque inner[SHA_LEN + PAD_MD5 + SEQ_SZ + SIZEOF_ENUM + LENGTH_SZ];
+ opaque outer[SHA_LEN + PAD_MD5 + SHA_LEN];
+ opaque result[SHA_LEN]; // max possible sizes
+ uint digestSz = mac.get_digestSize(); // actual sizes
+ uint padSz = mac.get_padSize();
+ uint innerSz = digestSz + padSz + SEQ_SZ + SIZEOF_ENUM + LENGTH_SZ;
+ uint outerSz = digestSz + padSz + digestSz;
+
+ // data
+ const opaque* mac_secret = ssl.get_macSecret(verify);
+ opaque seq[SEQ_SZ] = { 0x00, 0x00, 0x00, 0x00 };
+ opaque length[LENGTH_SZ];
+ c16toa(sz, length);
+ c32toa(ssl.get_SEQIncrement(verify), &seq[sizeof(uint32)]);
+
+ // make inner
+ memcpy(inner, mac_secret, digestSz);
+ memcpy(&inner[digestSz], PAD1, padSz);
+ memcpy(&inner[digestSz + padSz], seq, SEQ_SZ);
+ inner[digestSz + padSz + SEQ_SZ] = content;
+ memcpy(&inner[digestSz + padSz + SEQ_SZ + SIZEOF_ENUM], length, LENGTH_SZ);
+
+ mac.update(inner, innerSz);
+ mac.get_digest(result, buffer, sz); // append content buffer
+
+ // make outer
+ memcpy(outer, mac_secret, digestSz);
+ memcpy(&outer[digestSz], PAD2, padSz);
+ memcpy(&outer[digestSz + padSz], result, digestSz);
+
+ mac.get_digest(digest, outer, outerSz);
+}
+
+
+// TLS type HAMC
+void TLS_hmac(SSL& ssl, byte* digest, const byte* buffer, uint sz,
+ ContentType content, bool verify)
+{
+ mySTL::auto_ptr<Digest> hmac;
+ opaque seq[SEQ_SZ] = { 0x00, 0x00, 0x00, 0x00 };
+ opaque length[LENGTH_SZ];
+ opaque inner[SIZEOF_ENUM + VERSION_SZ + LENGTH_SZ]; // type + version + len
+
+ c16toa(sz, length);
+ c32toa(ssl.get_SEQIncrement(verify), &seq[sizeof(uint32)]);
+
+ MACAlgorithm algo = ssl.getSecurity().get_parms().mac_algorithm_;
+
+ if (algo == sha)
+ hmac.reset(NEW_YS HMAC_SHA(ssl.get_macSecret(verify), SHA_LEN));
+ else if (algo == rmd)
+ hmac.reset(NEW_YS HMAC_RMD(ssl.get_macSecret(verify), RMD_LEN));
+ else
+ hmac.reset(NEW_YS HMAC_MD5(ssl.get_macSecret(verify), MD5_LEN));
+
+ hmac->update(seq, SEQ_SZ); // seq_num
+ inner[0] = content; // type
+ inner[SIZEOF_ENUM] = ssl.getSecurity().get_connection().version_.major_;
+ inner[SIZEOF_ENUM + SIZEOF_ENUM] =
+ ssl.getSecurity().get_connection().version_.minor_; // version
+ memcpy(&inner[SIZEOF_ENUM + VERSION_SZ], length, LENGTH_SZ); // length
+ hmac->update(inner, sizeof(inner));
+ hmac->get_digest(digest, buffer, sz); // content
+}
+
+
+// compute TLSv1 PRF (pseudo random function using HMAC)
+void PRF(byte* digest, uint digLen, const byte* secret, uint secLen,
+ const byte* label, uint labLen, const byte* seed, uint seedLen)
+{
+ uint half = (secLen + 1) / 2;
+
+ output_buffer md5_half(half);
+ output_buffer sha_half(half);
+ output_buffer labelSeed(labLen + seedLen);
+
+ md5_half.write(secret, half);
+ sha_half.write(secret + half - secLen % 2, half);
+ labelSeed.write(label, labLen);
+ labelSeed.write(seed, seedLen);
+
+ output_buffer md5_result(digLen);
+ output_buffer sha_result(digLen);
+
+ p_hash(md5_result, md5_half, labelSeed, md5);
+ p_hash(sha_result, sha_half, labelSeed, sha);
+
+ md5_result.set_current(0);
+ sha_result.set_current(0);
+ get_xor(digest, digLen, md5_result, sha_result);
+}
+
+
+// build certificate hashes
+void build_certHashes(SSL& ssl, Hashes& hashes)
+{
+ // store current states, building requires get_digest which resets state
+ MD5 md5(ssl.getHashes().get_MD5());
+ SHA sha(ssl.getHashes().get_SHA());
+
+ if (ssl.isTLS()) {
+ ssl.useHashes().use_MD5().get_digest(hashes.md5_);
+ ssl.useHashes().use_SHA().get_digest(hashes.sha_);
+ }
+ else {
+ buildMD5_CertVerify(ssl, hashes.md5_);
+ buildSHA_CertVerify(ssl, hashes.sha_);
+ }
+
+ // restore
+ ssl.useHashes().use_MD5() = md5;
+ ssl.useHashes().use_SHA() = sha;
+}
+
+
+
+// do process input requests, return 0 is done, 1 is call again to complete
+int DoProcessReply(SSL& ssl)
+{
+ uint ready = ssl.getSocket().get_ready();
+ if (!ready)
+ ready= 64;
+
+ // add buffered data if its there
+ input_buffer* buffered = ssl.useBuffers().TakeRawInput();
+ uint buffSz = buffered ? buffered->get_size() : 0;
+ input_buffer buffer(buffSz + ready);
+ if (buffSz) {
+ buffer.assign(buffered->get_buffer(), buffSz);
+ ysDelete(buffered);
+ buffered = 0;
+ }
+
+ // add new data
+ uint read = ssl.useSocket().receive(buffer.get_buffer() + buffSz, ready);
+ if (read == static_cast<uint>(-1)) {
+ ssl.SetError(receive_error);
+ return 0;
+ } else if (read == 0)
+ return 1;
+
+ buffer.add_size(read);
+ uint offset = 0;
+ const MessageFactory& mf = ssl.getFactory().getMessage();
+
+ // old style sslv2 client hello?
+ if (ssl.getSecurity().get_parms().entity_ == server_end &&
+ ssl.getStates().getServer() == clientNull)
+ if (buffer.peek() != handshake) {
+ ProcessOldClientHello(buffer, ssl);
+ if (ssl.GetError())
+ return 0;
+ }
+
+ while(!buffer.eof()) {
+ // each record
+ RecordLayerHeader hdr;
+ bool needHdr = false;
+
+ if (static_cast<uint>(RECORD_HEADER) > buffer.get_remaining())
+ needHdr = true;
+ else {
+ buffer >> hdr;
+ ssl.verifyState(hdr);
+ }
+
+ if (ssl.GetError())
+ return 0;
+
+ // make sure we have enough input in buffer to process this record
+ if (needHdr || hdr.length_ > buffer.get_remaining()) {
+ // put header in front for next time processing
+ uint extra = needHdr ? 0 : RECORD_HEADER;
+ uint sz = buffer.get_remaining() + extra;
+ ssl.useBuffers().SetRawInput(NEW_YS input_buffer(sz,
+ buffer.get_buffer() + buffer.get_current() - extra, sz));
+ return 1;
+ }
+
+ while (buffer.get_current() < hdr.length_ + RECORD_HEADER + offset) {
+ // each message in record, can be more than 1 if not encrypted
+ if (ssl.GetError())
+ return 0;
+
+ if (ssl.getSecurity().get_parms().pending_ == false) { // cipher on
+ // sanity check for malicious/corrupted/illegal input
+ if (buffer.get_remaining() < hdr.length_) {
+ ssl.SetError(bad_input);
+ return 0;
+ }
+ decrypt_message(ssl, buffer, hdr.length_);
+ if (ssl.GetError())
+ return 0;
+ }
+
+ mySTL::auto_ptr<Message> msg(mf.CreateObject(hdr.type_));
+ if (!msg.get()) {
+ ssl.SetError(factory_error);
+ return 0;
+ }
+ buffer >> *msg;
+ msg->Process(buffer, ssl);
+ if (ssl.GetError())
+ return 0;
+ }
+ offset += hdr.length_ + RECORD_HEADER;
+ }
+ return 0;
+}
+
+
+// process input requests
+void processReply(SSL& ssl)
+{
+ if (ssl.GetError()) return;
+
+ if (DoProcessReply(ssl)) {
+ // didn't complete process
+ if (!ssl.getSocket().IsNonBlocking()) {
+ // keep trying now, blocking ok
+ while (!ssl.GetError())
+ if (DoProcessReply(ssl) == 0) break;
+ }
+ else
+ // user will have try again later, non blocking
+ ssl.SetError(YasslError(SSL_ERROR_WANT_READ));
+ }
+}
+
+
+// send client_hello, no buffering
+void sendClientHello(SSL& ssl)
+{
+ ssl.verifyState(serverNull);
+ if (ssl.GetError()) return;
+
+ ClientHello ch(ssl.getSecurity().get_connection().version_,
+ ssl.getSecurity().get_connection().compression_);
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ output_buffer out;
+
+ buildClientHello(ssl, ch);
+ ssl.set_random(ch.get_random(), client_end);
+ buildHeaders(ssl, hsHeader, rlHeader, ch);
+ buildOutput(out, rlHeader, hsHeader, ch);
+ hashHandShake(ssl, out);
+
+ ssl.Send(out.get_buffer(), out.get_size());
+}
+
+
+// send client key exchange
+void sendClientKeyExchange(SSL& ssl, BufferOutput buffer)
+{
+ ssl.verifyState(serverHelloDoneComplete);
+ if (ssl.GetError()) return;
+
+ ClientKeyExchange ck(ssl);
+ ck.build(ssl);
+ ssl.makeMasterSecret();
+
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+ buildHeaders(ssl, hsHeader, rlHeader, ck);
+ buildOutput(*out.get(), rlHeader, hsHeader, ck);
+ hashHandShake(ssl, *out.get());
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send server key exchange
+void sendServerKeyExchange(SSL& ssl, BufferOutput buffer)
+{
+ if (ssl.GetError()) return;
+ ServerKeyExchange sk(ssl);
+ sk.build(ssl);
+ if (ssl.GetError()) return;
+
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+ buildHeaders(ssl, hsHeader, rlHeader, sk);
+ buildOutput(*out.get(), rlHeader, hsHeader, sk);
+ hashHandShake(ssl, *out.get());
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send change cipher
+void sendChangeCipher(SSL& ssl, BufferOutput buffer)
+{
+ if (ssl.getSecurity().get_parms().entity_ == server_end) {
+ if (ssl.getSecurity().get_resuming())
+ ssl.verifyState(clientKeyExchangeComplete);
+ else
+ ssl.verifyState(clientFinishedComplete);
+ }
+ if (ssl.GetError()) return;
+
+ ChangeCipherSpec ccs;
+ RecordLayerHeader rlHeader;
+ buildHeader(ssl, rlHeader, ccs);
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+ buildOutput(*out.get(), rlHeader, ccs);
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send finished
+void sendFinished(SSL& ssl, ConnectionEnd side, BufferOutput buffer)
+{
+ if (ssl.GetError()) return;
+
+ Finished fin;
+ buildFinished(ssl, fin, side == client_end ? client : server);
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+ cipherFinished(ssl, fin, *out.get()); // hashes handshake
+
+ if (ssl.getSecurity().get_resuming()) {
+ if (side == server_end)
+ buildFinished(ssl, ssl.useHashes().use_verify(), client); // client
+ }
+ else {
+ if (!ssl.getSecurity().GetContext()->GetSessionCacheOff())
+ GetSessions().add(ssl); // store session
+ if (side == client_end)
+ buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
+ }
+ ssl.useSecurity().use_connection().CleanMaster();
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send data
+int sendData(SSL& ssl, const void* buffer, int sz)
+{
+ int sent = 0;
+
+ if (ssl.GetError() == YasslError(SSL_ERROR_WANT_READ))
+ ssl.SetError(no_error);
+
+ if (ssl.GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+ ssl.SetError(no_error);
+ ssl.SendWriteBuffered();
+ if (!ssl.GetError()) {
+ // advance sent to prvevious sent + plain size just sent
+ sent = ssl.useBuffers().prevSent + ssl.useBuffers().plainSz;
+ }
+ }
+
+ ssl.verfiyHandShakeComplete();
+ if (ssl.GetError()) return -1;
+
+ for (;;) {
+ int len = min(sz - sent, MAX_RECORD_SIZE);
+ output_buffer out;
+ input_buffer tmp;
+
+ Data data;
+
+ if (sent == sz) break;
+
+ if (ssl.CompressionOn()) {
+ if (Compress(static_cast<const opaque*>(buffer) + sent, len,
+ tmp) == -1) {
+ ssl.SetError(compress_error);
+ return -1;
+ }
+ data.SetData(tmp.get_size(), tmp.get_buffer());
+ }
+ else
+ data.SetData(len, static_cast<const opaque*>(buffer) + sent);
+
+ buildMessage(ssl, out, data);
+ ssl.Send(out.get_buffer(), out.get_size());
+
+ if (ssl.GetError()) {
+ if (ssl.GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+ ssl.useBuffers().plainSz = len;
+ ssl.useBuffers().prevSent = sent;
+ }
+ return -1;
+ }
+ sent += len;
+ }
+ ssl.useLog().ShowData(sent, true);
+ return sent;
+}
+
+
+// send alert
+int sendAlert(SSL& ssl, const Alert& alert)
+{
+ output_buffer out;
+ buildAlert(ssl, out, alert);
+ ssl.Send(out.get_buffer(), out.get_size());
+
+ return alert.get_length();
+}
+
+
+// process input data
+int receiveData(SSL& ssl, Data& data, bool peek)
+{
+ if (ssl.GetError() == YasslError(SSL_ERROR_WANT_READ))
+ ssl.SetError(no_error);
+
+ ssl.verfiyHandShakeComplete();
+ if (ssl.GetError()) return -1;
+
+ if (!ssl.HasData())
+ processReply(ssl);
+
+ if (peek)
+ ssl.PeekData(data);
+ else
+ ssl.fillData(data);
+
+ ssl.useLog().ShowData(data.get_length());
+ if (ssl.GetError()) return -1;
+
+ if (data.get_length() == 0 && ssl.getSocket().WouldBlock()) {
+ ssl.SetError(YasslError(SSL_ERROR_WANT_READ));
+ return SSL_WOULD_BLOCK;
+ }
+ return data.get_length();
+}
+
+
+// send server hello
+void sendServerHello(SSL& ssl, BufferOutput buffer)
+{
+ if (ssl.getSecurity().get_resuming())
+ ssl.verifyState(clientKeyExchangeComplete);
+ else
+ ssl.verifyState(clientHelloComplete);
+ if (ssl.GetError()) return;
+
+ ServerHello sh(ssl.getSecurity().get_connection().version_,
+ ssl.getSecurity().get_connection().compression_);
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+
+ buildServerHello(ssl, sh);
+ ssl.set_random(sh.get_random(), server_end);
+ buildHeaders(ssl, hsHeader, rlHeader, sh);
+ buildOutput(*out.get(), rlHeader, hsHeader, sh);
+ hashHandShake(ssl, *out.get());
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send server hello done
+void sendServerHelloDone(SSL& ssl, BufferOutput buffer)
+{
+ if (ssl.GetError()) return;
+
+ ServerHelloDone shd;
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+
+ buildHeaders(ssl, hsHeader, rlHeader, shd);
+ buildOutput(*out.get(), rlHeader, hsHeader, shd);
+ hashHandShake(ssl, *out.get());
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send certificate
+void sendCertificate(SSL& ssl, BufferOutput buffer)
+{
+ if (ssl.GetError()) return;
+
+ Certificate cert(ssl.getCrypto().get_certManager().get_cert());
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+
+ buildHeaders(ssl, hsHeader, rlHeader, cert);
+ buildOutput(*out.get(), rlHeader, hsHeader, cert);
+ hashHandShake(ssl, *out.get());
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send certificate request
+void sendCertificateRequest(SSL& ssl, BufferOutput buffer)
+{
+ if (ssl.GetError()) return;
+
+ CertificateRequest request;
+ request.Build();
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+
+ buildHeaders(ssl, hsHeader, rlHeader, request);
+ buildOutput(*out.get(), rlHeader, hsHeader, request);
+ hashHandShake(ssl, *out.get());
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+// send certificate verify
+void sendCertificateVerify(SSL& ssl, BufferOutput buffer)
+{
+ if (ssl.GetError()) return;
+
+ if(ssl.getCrypto().get_certManager().sendBlankCert()) return;
+
+ CertificateVerify verify;
+ verify.Build(ssl);
+ if (ssl.GetError()) return;
+
+ RecordLayerHeader rlHeader;
+ HandShakeHeader hsHeader;
+ mySTL::auto_ptr<output_buffer> out(NEW_YS output_buffer);
+
+ buildHeaders(ssl, hsHeader, rlHeader, verify);
+ buildOutput(*out.get(), rlHeader, hsHeader, verify);
+ hashHandShake(ssl, *out.get());
+
+ if (buffer == buffered)
+ ssl.addBuffer(out.release());
+ else
+ ssl.Send(out->get_buffer(), out->get_size());
+}
+
+
+} // namespace
diff --git a/mysql/extra/yassl/src/lock.cpp b/mysql/extra/yassl/src/lock.cpp
new file mode 100644
index 0000000..c74ea1c
--- /dev/null
+++ b/mysql/extra/yassl/src/lock.cpp
@@ -0,0 +1,87 @@
+/*
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* Locking functions
+ */
+
+#include "runtime.hpp"
+#include "lock.hpp"
+
+
+namespace yaSSL {
+
+
+#ifdef MULTI_THREADED
+ #ifdef _WIN32
+
+ Mutex::Mutex()
+ {
+ InitializeCriticalSection(&cs_);
+ }
+
+
+ Mutex::~Mutex()
+ {
+ DeleteCriticalSection(&cs_);
+ }
+
+
+ Mutex::Lock::Lock(Mutex& lm) : mutex_(lm)
+ {
+ EnterCriticalSection(&mutex_.cs_);
+ }
+
+
+ Mutex::Lock::~Lock()
+ {
+ LeaveCriticalSection(&mutex_.cs_);
+ }
+
+ #else // _WIN32
+
+ Mutex::Mutex()
+ {
+ pthread_mutex_init(&mutex_, 0);
+ }
+
+
+ Mutex::~Mutex()
+ {
+ pthread_mutex_destroy(&mutex_);
+ }
+
+
+ Mutex::Lock::Lock(Mutex& lm) : mutex_(lm)
+ {
+ pthread_mutex_lock(&mutex_.mutex_);
+ }
+
+
+ Mutex::Lock::~Lock()
+ {
+ pthread_mutex_unlock(&mutex_.mutex_);
+ }
+
+
+ #endif // _WIN32
+#endif // MULTI_THREADED
+
+
+
+} // namespace yaSSL
+
diff --git a/mysql/extra/yassl/src/log.cpp b/mysql/extra/yassl/src/log.cpp
new file mode 100644
index 0000000..2f112ac
--- /dev/null
+++ b/mysql/extra/yassl/src/log.cpp
@@ -0,0 +1,147 @@
+/*
+ Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* Debug logging functions
+ */
+
+
+#include "runtime.hpp"
+#include "log.hpp"
+
+#ifdef YASSL_LOG
+ #include <time.h>
+ #include <stdio.h>
+ #include <string.h>
+#endif
+
+
+
+namespace yaSSL {
+
+
+#ifdef YASSL_LOG
+
+ enum { MAX_MSG = 81 };
+
+ Log::Log(const char* str)
+ {
+ log_ = fopen(str, "w");
+ Trace("********** Logger Attached **********");
+ }
+
+
+ Log::~Log()
+ {
+ Trace("********** Logger Detached **********");
+ fclose(log_);
+ }
+
+
+ // Trace a message
+ void Log::Trace(const char* str)
+ {
+ if (!log_) return;
+
+ time_t clicks = time(0);
+ char timeStr[32];
+
+ memset(timeStr, 0, sizeof(timeStr));
+ // get rid of newline
+ strncpy(timeStr, ctime(&clicks), sizeof(timeStr));
+ unsigned int len = strlen(timeStr);
+ timeStr[len - 1] = 0;
+
+ char msg[MAX_MSG];
+
+ strncpy(msg, timeStr, sizeof(timeStr));
+ strncat(msg, ":", 1);
+ strncat(msg, str, MAX_MSG - sizeof(timeStr) - 2);
+ strncat(msg, "\n", 1);
+ msg[MAX_MSG - 1] = 0;
+
+ fputs(msg, log_);
+ }
+
+
+ #if defined(_WIN32) || defined(__MACH__) || defined(__hpux__)
+ typedef int socklen_t;
+ #endif
+
+
+ // write tcp address
+ void Log::ShowTCP(socket_t fd, bool ended)
+ {
+ sockaddr_in peeraddr;
+ socklen_t len = sizeof(peeraddr);
+ if (getpeername(fd, (sockaddr*)&peeraddr, &len) != 0)
+ return;
+
+ const char* p = reinterpret_cast<const char*>(&peeraddr.sin_addr);
+ char msg[MAX_MSG];
+ char number[16];
+
+ if (ended)
+ strncpy(msg, "yaSSL conn DONE w/ peer ", 26);
+ else
+ strncpy(msg, "yaSSL conn BEGUN w/ peer ", 26);
+ for (int i = 0; i < 4; ++i) {
+ sprintf(number, "%u", static_cast<unsigned short>(p[i]));
+ strncat(msg, number, 8);
+ if (i < 3)
+ strncat(msg, ".", 1);
+ }
+ strncat(msg, " port ", 8);
+ sprintf(number, "%d", htons(peeraddr.sin_port));
+ strncat(msg, number, 8);
+
+ msg[MAX_MSG - 1] = 0;
+ Trace(msg);
+ }
+
+
+ // log processed data
+ void Log::ShowData(uint bytes, bool sent)
+ {
+ char msg[MAX_MSG];
+ char number[16];
+
+ if (sent)
+ strncpy(msg, "Sent ", 10);
+ else
+ strncpy(msg, "Received ", 10);
+ sprintf(number, "%u", bytes);
+ strncat(msg, number, 8);
+ strncat(msg, " bytes of application data", 27);
+
+ msg[MAX_MSG - 1] = 0;
+ Trace(msg);
+ }
+
+
+#else // no YASSL_LOG
+
+
+ Log::Log(const char*) {}
+ Log::~Log() {}
+ void Log::Trace(const char*) {}
+ void Log::ShowTCP(socket_t, bool) {}
+ void Log::ShowData(uint, bool) {}
+
+
+#endif // YASSL_LOG
+} // namespace
diff --git a/mysql/extra/yassl/src/socket_wrapper.cpp b/mysql/extra/yassl/src/socket_wrapper.cpp
new file mode 100644
index 0000000..a23c1c1
--- /dev/null
+++ b/mysql/extra/yassl/src/socket_wrapper.cpp
@@ -0,0 +1,238 @@
+/*
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* The socket wrapper source implements a Socket class that hides the
+ * differences between Berkely style sockets and Windows sockets, allowing
+ * transparent TCP access.
+ */
+
+
+#include "runtime.hpp"
+#include "socket_wrapper.hpp"
+
+#ifndef _WIN32
+ #include <errno.h>
+ #include <netdb.h>
+ #include <unistd.h>
+ #include <arpa/inet.h>
+ #include <netinet/in.h>
+ #include <sys/ioctl.h>
+ #include <string.h>
+ #include <fcntl.h>
+#endif // _WIN32
+
+#if defined(__sun) || defined(__SCO_VERSION__)
+ #include <sys/filio.h>
+#endif
+
+#ifdef _WIN32
+ const int SOCKET_EINVAL = WSAEINVAL;
+ const int SOCKET_EWOULDBLOCK = WSAEWOULDBLOCK;
+ const int SOCKET_EAGAIN = WSAEWOULDBLOCK;
+#else
+ const int SOCKET_EINVAL = EINVAL;
+ const int SOCKET_EWOULDBLOCK = EWOULDBLOCK;
+ const int SOCKET_EAGAIN = EAGAIN;
+#endif // _WIN32
+
+
+namespace {
+
+
+extern "C" long system_recv(void *ptr, void *buf, size_t count)
+{
+ yaSSL::socket_t *socket = (yaSSL::socket_t *) ptr;
+ return ::recv(*socket, reinterpret_cast<char *>(buf), count, 0);
+}
+
+
+extern "C" long system_send(void *ptr, const void *buf, size_t count)
+{
+ yaSSL::socket_t *socket = (yaSSL::socket_t *) ptr;
+ return ::send(*socket, reinterpret_cast<const char *>(buf), count, 0);
+}
+
+
+}
+
+
+namespace yaSSL {
+
+
+Socket::Socket(socket_t s)
+ : socket_(s), wouldBlock_(false), nonBlocking_(false),
+ ptr_(&socket_), send_func_(system_send), recv_func_(system_recv)
+{}
+
+
+void Socket::set_fd(socket_t s)
+{
+ socket_ = s;
+}
+
+
+socket_t Socket::get_fd() const
+{
+ return socket_;
+}
+
+
+Socket::~Socket()
+{
+ // don't close automatically now
+}
+
+
+void Socket::closeSocket()
+{
+ if (socket_ != INVALID_SOCKET) {
+#ifdef _WIN32
+ closesocket(socket_);
+#else
+ close(socket_);
+#endif
+ socket_ = INVALID_SOCKET;
+ }
+}
+
+
+uint Socket::get_ready() const
+{
+#ifdef _WIN32
+ unsigned long ready = 0;
+ ioctlsocket(socket_, FIONREAD, &ready);
+#else
+ /*
+ 64-bit Solaris requires the variable passed to
+ FIONREAD be a 32-bit value.
+ */
+ unsigned int ready = 0;
+ ioctl(socket_, FIONREAD, &ready);
+#endif
+
+ return ready;
+}
+
+
+void Socket::set_transport_ptr(void *ptr)
+{
+ ptr_ = ptr;
+}
+
+
+void Socket::set_transport_recv_function(yaSSL_recv_func_t recv_func)
+{
+ recv_func_ = recv_func;
+}
+
+
+void Socket::set_transport_send_function(yaSSL_send_func_t send_func)
+{
+ send_func_ = send_func;
+}
+
+
+uint Socket::send(const byte* buf, unsigned int sz, unsigned int& written)
+{
+ const byte* pos = buf;
+ const byte* end = pos + sz;
+
+ wouldBlock_ = false;
+
+ /* Remove send()/recv() hooks once non-blocking send is implemented. */
+ while (pos != end) {
+ int sent = send_func_(ptr_, pos, static_cast<int>(end - pos));
+ if (sent == -1) {
+ if (get_lastError() == SOCKET_EWOULDBLOCK ||
+ get_lastError() == SOCKET_EAGAIN) {
+ wouldBlock_ = true; // would have blocked this time only
+ nonBlocking_ = true; // nonblocking, win32 only way to tell
+ return 0;
+ }
+ return static_cast<uint>(-1);
+ }
+ pos += sent;
+ written += sent;
+ }
+
+ return sz;
+}
+
+
+uint Socket::receive(byte* buf, unsigned int sz)
+{
+ wouldBlock_ = false;
+
+ int recvd = recv_func_(ptr_, buf, sz);
+
+ // idea to seperate error from would block by arnetheduck@gmail.com
+ if (recvd == -1) {
+ if (get_lastError() == SOCKET_EWOULDBLOCK ||
+ get_lastError() == SOCKET_EAGAIN) {
+ wouldBlock_ = true; // would have blocked this time only
+ nonBlocking_ = true; // socket nonblocking, win32 only way to tell
+ return 0;
+ }
+ }
+ else if (recvd == 0)
+ return static_cast<uint>(-1);
+
+ return recvd;
+}
+
+
+void Socket::shutDown(int how)
+{
+ shutdown(socket_, how);
+}
+
+
+int Socket::get_lastError()
+{
+#ifdef _WIN32
+ return WSAGetLastError();
+#else
+ return errno;
+#endif
+}
+
+
+bool Socket::WouldBlock() const
+{
+ return wouldBlock_;
+}
+
+
+bool Socket::IsNonBlocking() const
+{
+ return nonBlocking_;
+}
+
+
+void Socket::set_lastError(int errorCode)
+{
+#ifdef _WIN32
+ WSASetLastError(errorCode);
+#else
+ errno = errorCode;
+#endif
+}
+
+
+} // namespace
diff --git a/mysql/extra/yassl/src/ssl.cpp b/mysql/extra/yassl/src/ssl.cpp
new file mode 100644
index 0000000..39244a0
--- /dev/null
+++ b/mysql/extra/yassl/src/ssl.cpp
@@ -0,0 +1,1883 @@
+/*
+ Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* SSL source implements all openssl compatibility API functions
+ *
+ * TODO: notes are mostly api additions to allow compilation with mysql
+ * they don't affect normal modes but should be provided for completeness
+
+ * stunnel functions at end of file
+ */
+
+
+
+/* see man pages for function descriptions */
+
+#include "runtime.hpp"
+#include "openssl/ssl.h"
+#include "handshake.hpp"
+#include "yassl_int.hpp"
+#include "md5.hpp" // for TaoCrypt MD5 size assert
+#include "md4.hpp" // for TaoCrypt MD4 size assert
+#include "file.hpp" // for TaoCrypt Source
+#include "coding.hpp" // HexDecoder
+#include "helpers.hpp" // for placement new hack
+#include "rsa.hpp" // for TaoCrypt RSA key decode
+#include "dsa.hpp" // for TaoCrypt DSA key decode
+#include <stdio.h>
+
+#ifdef _WIN32
+ #include <windows.h> // FindFirstFile etc..
+#else
+ #include <sys/types.h> // file helper
+ #include <sys/stat.h> // stat
+ #include <dirent.h> // opendir
+#endif
+
+
+namespace yaSSL {
+
+
+
+int read_file(SSL_CTX* ctx, const char* file, int format, CertType type)
+{
+ int ret = SSL_SUCCESS;
+
+ if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
+ return SSL_BAD_FILETYPE;
+
+ if (file == NULL || !file[0])
+ return SSL_BAD_FILE;
+
+ FILE* input = fopen(file, "rb");
+ if (!input)
+ return SSL_BAD_FILE;
+
+ if (type == CA) {
+ // may have a bunch of CAs
+ x509* ptr;
+ while ( (ptr = PemToDer(input, Cert)) )
+ ctx->AddCA(ptr);
+
+ if (!feof(input)) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ }
+ else {
+ x509*& x = (type == Cert) ? ctx->certificate_ : ctx->privateKey_;
+
+ if (format == SSL_FILETYPE_ASN1) {
+ fseek(input, 0, SEEK_END);
+ long sz = ftell(input);
+ rewind(input);
+ x = NEW_YS x509(sz); // takes ownership
+ size_t bytes = fread(x->use_buffer(), sz, 1, input);
+ if (bytes != 1) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ }
+ else {
+ EncryptedInfo info;
+ x = PemToDer(input, type, &info);
+ if (!x) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ if (info.set) {
+ // decrypt
+ char password[80];
+ pem_password_cb cb = ctx->GetPasswordCb();
+ if (!cb) {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ int passwordSz = cb(password, sizeof(password), 0,
+ ctx->GetUserData());
+ byte key[AES_256_KEY_SZ]; // max sizes
+ byte iv[AES_IV_SZ];
+
+ // use file's salt for key derivation, but not real iv
+ TaoCrypt::Source source(info.iv, info.ivSz);
+ TaoCrypt::HexDecoder dec(source);
+ memcpy(info.iv, source.get_buffer(), min((uint)sizeof(info.iv),
+ source.size()));
+ EVP_BytesToKey(info.name, "MD5", info.iv, (byte*)password,
+ passwordSz, 1, key, iv);
+
+ mySTL::auto_ptr<BulkCipher> cipher;
+ if (strncmp(info.name, "DES-CBC", 7) == 0)
+ cipher.reset(NEW_YS DES);
+ else if (strncmp(info.name, "DES-EDE3-CBC", 13) == 0)
+ cipher.reset(NEW_YS DES_EDE);
+ else if (strncmp(info.name, "AES-128-CBC", 13) == 0)
+ cipher.reset(NEW_YS AES(AES_128_KEY_SZ));
+ else if (strncmp(info.name, "AES-192-CBC", 13) == 0)
+ cipher.reset(NEW_YS AES(AES_192_KEY_SZ));
+ else if (strncmp(info.name, "AES-256-CBC", 13) == 0)
+ cipher.reset(NEW_YS AES(AES_256_KEY_SZ));
+ else {
+ fclose(input);
+ return SSL_BAD_FILE;
+ }
+ cipher->set_decryptKey(key, info.iv);
+ mySTL::auto_ptr<x509> newx(NEW_YS x509(x->get_length()));
+ cipher->decrypt(newx->use_buffer(), x->get_buffer(),
+ x->get_length());
+ ysDelete(x);
+ x = newx.release();
+ }
+ }
+ }
+
+ if (type == PrivateKey && ctx->privateKey_) {
+ // see if key is valid early
+ TaoCrypt::Source rsaSource(ctx->privateKey_->get_buffer(),
+ ctx->privateKey_->get_length());
+ TaoCrypt::RSA_PrivateKey rsaKey;
+ rsaKey.Initialize(rsaSource);
+
+ if (rsaSource.GetError().What()) {
+ // rsa failed see if DSA works
+
+ TaoCrypt::Source dsaSource(ctx->privateKey_->get_buffer(),
+ ctx->privateKey_->get_length());
+ TaoCrypt::DSA_PrivateKey dsaKey;
+ dsaKey.Initialize(dsaSource);
+
+ if (dsaSource.GetError().What()) {
+ // neither worked
+ ret = SSL_FAILURE;
+ }
+ }
+ }
+
+ fclose(input);
+ return ret;
+}
+
+
+extern "C" {
+
+
+SSL_METHOD* SSLv3_method()
+{
+ return SSLv3_client_method();
+}
+
+
+SSL_METHOD* SSLv3_server_method()
+{
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,0));
+}
+
+
+SSL_METHOD* SSLv3_client_method()
+{
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,0));
+}
+
+
+SSL_METHOD* TLSv1_server_method()
+{
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,1));
+}
+
+
+SSL_METHOD* TLSv1_client_method()
+{
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,1));
+}
+
+
+SSL_METHOD* TLSv1_1_server_method()
+{
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2));
+}
+
+
+SSL_METHOD* TLSv1_1_client_method()
+{
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2));
+}
+
+
+SSL_METHOD* SSLv23_server_method()
+{
+ // compatibility only, no version 2 support, but does SSL 3 and TLS 1
+ return NEW_YS SSL_METHOD(server_end, ProtocolVersion(3,2), true);
+}
+
+
+SSL_METHOD* SSLv23_client_method()
+{
+ // compatibility only, no version 2 support, but does SSL 3 and TLS 1
+ // though it sends TLS1 hello not SSLv2 so SSLv3 only servers will decline
+ // TODO: maybe add support to send SSLv2 hello ???
+ return NEW_YS SSL_METHOD(client_end, ProtocolVersion(3,2), true);
+}
+
+
+SSL_CTX* SSL_CTX_new(SSL_METHOD* method)
+{
+ return NEW_YS SSL_CTX(method);
+}
+
+
+void SSL_CTX_free(SSL_CTX* ctx)
+{
+ ysDelete(ctx);
+}
+
+
+SSL* SSL_new(SSL_CTX* ctx)
+{
+ return NEW_YS SSL(ctx);
+}
+
+
+void SSL_free(SSL* ssl)
+{
+ ysDelete(ssl);
+}
+
+
+int SSL_set_fd(SSL* ssl, YASSL_SOCKET_T fd)
+{
+ ssl->useSocket().set_fd(fd);
+ return SSL_SUCCESS;
+}
+
+
+YASSL_SOCKET_T SSL_get_fd(const SSL* ssl)
+{
+ return ssl->getSocket().get_fd();
+}
+
+
+// if you get an error from connect see note at top of README
+int SSL_connect(SSL* ssl)
+{
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
+ ssl->SetError(no_error);
+
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+
+ ssl->SetError(no_error);
+ ssl->SendWriteBuffered();
+ if (!ssl->GetError())
+ ssl->useStates().UseConnect() =
+ ConnectState(ssl->getStates().GetConnect() + 1);
+ }
+
+ ClientState neededState;
+
+ switch (ssl->getStates().GetConnect()) {
+
+ case CONNECT_BEGIN :
+ sendClientHello(*ssl);
+ if (!ssl->GetError())
+ ssl->useStates().UseConnect() = CLIENT_HELLO_SENT;
+
+ case CLIENT_HELLO_SENT :
+ neededState = ssl->getSecurity().get_resuming() ?
+ serverFinishedComplete : serverHelloDoneComplete;
+ while (ssl->getStates().getClient() < neededState) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ // if resumption failed, reset needed state
+ if (neededState == serverFinishedComplete)
+ if (!ssl->getSecurity().get_resuming())
+ neededState = serverHelloDoneComplete;
+ }
+ if (!ssl->GetError())
+ ssl->useStates().UseConnect() = FIRST_REPLY_DONE;
+
+ case FIRST_REPLY_DONE :
+ if(ssl->getCrypto().get_certManager().sendVerify())
+ sendCertificate(*ssl);
+
+ if (!ssl->getSecurity().get_resuming())
+ sendClientKeyExchange(*ssl);
+
+ if(ssl->getCrypto().get_certManager().sendVerify())
+ sendCertificateVerify(*ssl);
+
+ sendChangeCipher(*ssl);
+ sendFinished(*ssl, client_end);
+ ssl->flushBuffer();
+
+ if (!ssl->GetError())
+ ssl->useStates().UseConnect() = FINISHED_DONE;
+
+ case FINISHED_DONE :
+ if (!ssl->getSecurity().get_resuming())
+ while (ssl->getStates().getClient() < serverFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
+ if (!ssl->GetError())
+ ssl->useStates().UseConnect() = SECOND_REPLY_DONE;
+
+ case SECOND_REPLY_DONE :
+ ssl->verifyState(serverFinishedComplete);
+ ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+
+ if (ssl->GetError()) {
+ GetErrors().Add(ssl->GetError());
+ return SSL_FATAL_ERROR;
+ }
+ return SSL_SUCCESS;
+
+ default :
+ return SSL_FATAL_ERROR; // unkown state
+ }
+}
+
+
+int SSL_write(SSL* ssl, const void* buffer, int sz)
+{
+ return sendData(*ssl, buffer, sz);
+}
+
+
+int SSL_read(SSL* ssl, void* buffer, int sz)
+{
+ Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer));
+ return receiveData(*ssl, data);
+}
+
+
+int SSL_accept(SSL* ssl)
+{
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_READ))
+ ssl->SetError(no_error);
+
+ if (ssl->GetError() == YasslError(SSL_ERROR_WANT_WRITE)) {
+
+ ssl->SetError(no_error);
+ ssl->SendWriteBuffered();
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() =
+ AcceptState(ssl->getStates().GetAccept() + 1);
+ }
+
+ switch (ssl->getStates().GetAccept()) {
+
+ case ACCEPT_BEGIN :
+ processReply(*ssl);
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() = ACCEPT_FIRST_REPLY_DONE;
+
+ case ACCEPT_FIRST_REPLY_DONE :
+ sendServerHello(*ssl);
+
+ if (!ssl->getSecurity().get_resuming()) {
+ sendCertificate(*ssl);
+
+ if (ssl->getSecurity().get_connection().send_server_key_)
+ sendServerKeyExchange(*ssl);
+
+ if(ssl->getCrypto().get_certManager().verifyPeer())
+ sendCertificateRequest(*ssl);
+
+ sendServerHelloDone(*ssl);
+ ssl->flushBuffer();
+ }
+
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() = SERVER_HELLO_DONE;
+
+ case SERVER_HELLO_DONE :
+ if (!ssl->getSecurity().get_resuming()) {
+ while (ssl->getStates().getServer() < clientFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
+ }
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() = ACCEPT_SECOND_REPLY_DONE;
+
+ case ACCEPT_SECOND_REPLY_DONE :
+ sendChangeCipher(*ssl);
+ sendFinished(*ssl, server_end);
+ ssl->flushBuffer();
+
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() = ACCEPT_FINISHED_DONE;
+
+ case ACCEPT_FINISHED_DONE :
+ if (ssl->getSecurity().get_resuming()) {
+ while (ssl->getStates().getServer() < clientFinishedComplete) {
+ if (ssl->GetError()) break;
+ processReply(*ssl);
+ }
+ }
+ if (!ssl->GetError())
+ ssl->useStates().UseAccept() = ACCEPT_THIRD_REPLY_DONE;
+
+ case ACCEPT_THIRD_REPLY_DONE :
+ ssl->useLog().ShowTCP(ssl->getSocket().get_fd());
+
+ if (ssl->GetError()) {
+ GetErrors().Add(ssl->GetError());
+ return SSL_FATAL_ERROR;
+ }
+ return SSL_SUCCESS;
+
+ default:
+ return SSL_FATAL_ERROR; // unknown state
+ }
+}
+
+
+int SSL_do_handshake(SSL* ssl)
+{
+ if (ssl->getSecurity().get_parms().entity_ == client_end)
+ return SSL_connect(ssl);
+ else
+ return SSL_accept(ssl);
+}
+
+
+int SSL_clear(SSL* ssl)
+{
+ GetErrors().Remove();
+
+ return SSL_SUCCESS;
+}
+
+
+int SSL_shutdown(SSL* ssl)
+{
+ if (!ssl->GetQuietShutdown()) {
+ Alert alert(warning, close_notify);
+ sendAlert(*ssl, alert);
+ }
+ ssl->useLog().ShowTCP(ssl->getSocket().get_fd(), true);
+
+ GetErrors().Remove();
+
+ return SSL_SUCCESS;
+}
+
+
+void SSL_set_quiet_shutdown(SSL *ssl,int mode)
+{
+ ssl->SetQuietShutdown(mode != 0);
+}
+
+
+int SSL_get_quiet_shutdown(SSL *ssl)
+{
+ return ssl->GetQuietShutdown();
+}
+
+
+/* on by default but allow user to turn off */
+long SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long mode)
+{
+ if (mode == SSL_SESS_CACHE_OFF)
+ ctx->SetSessionCacheOff();
+
+ if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
+ ctx->SetSessionCacheFlushOff();
+
+ return SSL_SUCCESS;
+}
+
+
+SSL_SESSION* SSL_get_session(SSL* ssl)
+{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return 0;
+
+ return GetSessions().lookup(
+ ssl->getSecurity().get_connection().sessionID_);
+}
+
+
+int SSL_set_session(SSL* ssl, SSL_SESSION* session)
+{
+ if (ssl->getSecurity().GetContext()->GetSessionCacheOff())
+ return SSL_FAILURE;
+
+ ssl->set_session(session);
+ return SSL_SUCCESS;
+}
+
+
+int SSL_session_reused(SSL* ssl)
+{
+ return ssl->getSecurity().get_resuming();
+}
+
+
+long SSL_SESSION_set_timeout(SSL_SESSION* sess, long t)
+{
+ if (!sess)
+ return SSL_ERROR_NONE;
+
+ sess->SetTimeOut(t);
+ return SSL_SUCCESS;
+}
+
+
+long SSL_get_default_timeout(SSL* /*ssl*/)
+{
+ return DEFAULT_TIMEOUT;
+}
+
+
+void SSL_flush_sessions(SSL_CTX *ctx, long /* tm */)
+{
+ if (ctx->GetSessionCacheOff())
+ return;
+
+ GetSessions().Flush();
+}
+
+
+const char* SSL_get_cipher_name(SSL* ssl)
+{
+ return SSL_get_cipher(ssl);
+}
+
+
+const char* SSL_get_cipher(SSL* ssl)
+{
+ return ssl->getSecurity().get_parms().cipher_name_;
+}
+
+
+// SSLv2 only, not implemented
+char* SSL_get_shared_ciphers(SSL* /*ssl*/, char* buf, int len)
+{
+ return strncpy(buf, "Not Implemented, SSLv2 only", len);
+}
+
+
+const char* SSL_get_cipher_list(SSL* ssl, int priority)
+{
+ if (priority < 0 || priority >= MAX_CIPHERS)
+ return 0;
+
+ if (ssl->getSecurity().get_parms().cipher_list_[priority][0])
+ return ssl->getSecurity().get_parms().cipher_list_[priority];
+
+ return 0;
+}
+
+
+int SSL_CTX_set_cipher_list(SSL_CTX* ctx, const char* list)
+{
+ if (ctx->SetCipherList(list))
+ return SSL_SUCCESS;
+ else
+ return SSL_FAILURE;
+}
+
+
+const char* SSL_get_version(SSL* ssl)
+{
+ static const char* version3 = "SSLv3";
+ static const char* version31 = "TLSv1";
+ static const char* version32 = "TLSv1.1";
+
+ if (ssl->isTLSv1_1())
+ return version32;
+ else if(ssl->isTLS())
+ return version31;
+ else
+ return version3;
+}
+
+const char* SSLeay_version(int)
+{
+ static const char* version = "SSLeay yaSSL compatibility";
+ return version;
+}
+
+
+int SSL_get_error(SSL* ssl, int /*previous*/)
+{
+ return ssl->getStates().What();
+}
+
+
+
+/* turn on yaSSL zlib compression
+ returns 0 for success, else error (not built in)
+ only need to turn on for client, becuase server on by default if built in
+ but calling for server will tell you whether it's available or not
+*/
+int SSL_set_compression(SSL* ssl) /* Chad didn't rename to ya~ because it is prob. bug. */
+{
+ return ssl->SetCompression();
+}
+
+
+
+X509* X509_Copy(X509 *x)
+{
+ if (x == 0) return NULL;
+
+ X509_NAME* issuer = x->GetIssuer();
+ X509_NAME* subject = x->GetSubject();
+ ASN1_TIME* before = x->GetBefore();
+ ASN1_TIME* after = x->GetAfter();
+
+ X509 *newX509 = NEW_YS X509(issuer->GetName(), issuer->GetLength(),
+ subject->GetName(), subject->GetLength(),
+ before, after,
+ issuer->GetCnPosition(), issuer->GetCnLength(),
+ subject->GetCnPosition(), subject->GetCnLength());
+
+ return newX509;
+}
+
+X509* SSL_get_peer_certificate(SSL* ssl)
+{
+ return X509_Copy(ssl->getCrypto().get_certManager().get_peerX509());
+}
+
+
+void X509_free(X509* x)
+{
+ ysDelete(x);
+}
+
+
+X509* X509_STORE_CTX_get_current_cert(X509_STORE_CTX* ctx)
+{
+ return ctx->current_cert;
+}
+
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX* ctx)
+{
+ return ctx->error;
+}
+
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX* ctx)
+{
+ return ctx->error_depth;
+}
+
+X509* PEM_read_X509(FILE *fp, X509 *x,
+ pem_password_cb cb,
+ void *u)
+{
+ if (fp == NULL)
+ return NULL;
+
+ // Get x509 handle and encryption information
+ x509* ptr = PemToDer(fp, Cert);
+ if (!ptr)
+ return NULL;
+
+ // Now decode x509 object.
+ TaoCrypt::SignerList signers;
+ TaoCrypt::Source source(ptr->get_buffer(), ptr->get_length());
+ TaoCrypt::CertDecoder cert(source, true, &signers, true, TaoCrypt::CertDecoder::CA);
+
+ if (cert.GetError().What()) {
+ ysDelete(ptr);
+ return NULL;
+ }
+
+ // Ok. Now create X509 object.
+ size_t iSz = strlen(cert.GetIssuer()) + 1;
+ size_t sSz = strlen(cert.GetCommonName()) + 1;
+ ASN1_STRING beforeDate, afterDate;
+ beforeDate.data = (unsigned char *) cert.GetBeforeDate();
+ beforeDate.type = cert.GetBeforeDateType();
+ beforeDate.length = strlen((char *) beforeDate.data) + 1;
+ afterDate.data = (unsigned char *) cert.GetAfterDate();
+ afterDate.type = cert.GetAfterDateType();
+ afterDate.length = strlen((char *) afterDate.data) + 1;
+
+ X509 *thisX509 = NEW_YS X509(cert.GetIssuer(), iSz, cert.GetCommonName(),
+ sSz, &beforeDate, &afterDate,
+ cert.GetIssuerCnStart(), cert.GetIssuerCnLength(),
+ cert.GetSubjectCnStart(), cert.GetSubjectCnLength());
+
+
+ ysDelete(ptr);
+ return thisX509;
+}
+
+// copy name into buffer, at most sz bytes, if buffer is null
+// will malloc buffer, caller responsible for freeing
+char* X509_NAME_oneline(X509_NAME* name, char* buffer, int sz)
+{
+ if (!name->GetName()) return buffer;
+
+ int len = (int)strlen(name->GetName()) + 1;
+ int copySz = min(len, sz);
+
+ if (!buffer) {
+ buffer = (char*)malloc(len);
+ if (!buffer) return buffer;
+ copySz = len;
+ }
+
+ if (copySz == 0)
+ return buffer;
+
+ memcpy(buffer, name->GetName(), copySz - 1);
+ buffer[copySz - 1] = 0;
+
+ return buffer;
+}
+
+
+X509_NAME* X509_get_issuer_name(X509* x)
+{
+ return x->GetIssuer();
+}
+
+
+X509_NAME* X509_get_subject_name(X509* x)
+{
+ return x->GetSubject();
+}
+
+
+void SSL_load_error_strings() // compatibility only
+{}
+
+
+void SSL_set_connect_state(SSL*)
+{
+ // already a client by default
+}
+
+
+void SSL_set_accept_state(SSL* ssl)
+{
+ ssl->useSecurity().use_parms().entity_ = server_end;
+}
+
+
+long SSL_get_verify_result(SSL*)
+{
+ // won't get here if not OK
+ return X509_V_OK;
+}
+
+
+long SSL_CTX_sess_set_cache_size(SSL_CTX* /*ctx*/, long /*sz*/)
+{
+ // unlimited size, can't set for now
+ return 0;
+}
+
+
+long SSL_CTX_get_session_cache_mode(SSL_CTX*)
+{
+ // always 0, unlimited size for now
+ return 0;
+}
+
+
+long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH* dh)
+{
+ if (ctx->SetDH(*dh))
+ return SSL_SUCCESS;
+ else
+ return SSL_FAILURE;
+}
+
+
+int SSL_CTX_use_certificate_file(SSL_CTX* ctx, const char* file, int format)
+{
+ return read_file(ctx, file, format, Cert);
+}
+
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX* ctx, const char* file, int format)
+{
+ return read_file(ctx, file, format, PrivateKey);
+}
+
+
+void SSL_CTX_set_verify(SSL_CTX* ctx, int mode, VerifyCallback vc)
+{
+ if (mode & SSL_VERIFY_PEER)
+ ctx->setVerifyPeer();
+
+ if (mode == SSL_VERIFY_NONE)
+ ctx->setVerifyNone();
+
+ if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+ ctx->setFailNoCert();
+
+ ctx->setVerifyCallback(vc);
+}
+
+
+int SSL_CTX_load_verify_locations(SSL_CTX* ctx, const char* file,
+ const char* path)
+{
+ int ret = SSL_FAILURE;
+ const int HALF_PATH = 128;
+
+ if (file) ret = read_file(ctx, file, SSL_FILETYPE_PEM, CA);
+
+ if (ret == SSL_SUCCESS && path) {
+ // call read_file for each reqular file in path
+#ifdef _WIN32
+
+ WIN32_FIND_DATA FindFileData;
+ HANDLE hFind;
+
+ const int DELIMITER_SZ = 2;
+ const int DELIMITER_STAR_SZ = 3;
+ int pathSz = (int)strlen(path);
+ int nameSz = pathSz + DELIMITER_STAR_SZ + 1; // plus 1 for terminator
+ char* name = NEW_YS char[nameSz]; // directory specification
+ memset(name, 0, nameSz);
+ strncpy(name, path, nameSz - DELIMITER_STAR_SZ - 1);
+ strncat(name, "\\*", DELIMITER_STAR_SZ);
+
+ hFind = FindFirstFile(name, &FindFileData);
+ if (hFind == INVALID_HANDLE_VALUE) {
+ ysArrayDelete(name);
+ return SSL_BAD_PATH;
+ }
+
+ do {
+ if (!(FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) {
+ int curSz = (int)strlen(FindFileData.cFileName);
+ if (pathSz + curSz + DELIMITER_SZ + 1 > nameSz) {
+ ysArrayDelete(name);
+ // plus 1 for terminator
+ nameSz = pathSz + curSz + DELIMITER_SZ + 1;
+ name = NEW_YS char[nameSz];
+ }
+ memset(name, 0, nameSz);
+ strncpy(name, path, nameSz - curSz - DELIMITER_SZ - 1);
+ strncat(name, "\\", DELIMITER_SZ);
+ strncat(name, FindFileData.cFileName,
+ nameSz - pathSz - DELIMITER_SZ - 1);
+ ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
+ }
+ } while (ret == SSL_SUCCESS && FindNextFile(hFind, &FindFileData));
+
+ ysArrayDelete(name);
+ FindClose(hFind);
+
+#else // _WIN32
+ DIR* dir = opendir(path);
+ if (!dir) return SSL_BAD_PATH;
+
+ struct dirent* entry;
+ struct stat buf;
+ const int DELIMITER_SZ = 1;
+ int pathSz = (int)strlen(path);
+ int nameSz = pathSz + DELIMITER_SZ + 1; //plus 1 for null terminator
+ char* name = NEW_YS char[nameSz]; // directory specification
+
+ while (ret == SSL_SUCCESS && (entry = readdir(dir))) {
+ int curSz = (int)strlen(entry->d_name);
+ if (pathSz + curSz + DELIMITER_SZ + 1 > nameSz) {
+ ysArrayDelete(name);
+ nameSz = pathSz + DELIMITER_SZ + curSz + 1;
+ name = NEW_YS char[nameSz];
+ }
+ memset(name, 0, nameSz);
+ strncpy(name, path, nameSz - curSz - 1);
+ strncat(name, "/", DELIMITER_SZ);
+ strncat(name, entry->d_name, nameSz - pathSz - DELIMITER_SZ - 1);
+
+ if (stat(name, &buf) < 0) {
+ ysArrayDelete(name);
+ closedir(dir);
+ return SSL_BAD_STAT;
+ }
+
+ if (S_ISREG(buf.st_mode))
+ ret = read_file(ctx, name, SSL_FILETYPE_PEM, CA);
+ }
+
+ ysArrayDelete(name);
+ closedir(dir);
+
+#endif
+ }
+
+ return ret;
+}
+
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX* /*ctx*/)
+{
+ // TODO: figure out way to set/store default path, then call load_verify
+ return SSL_NOT_IMPLEMENTED;
+}
+
+
+int SSL_CTX_set_session_id_context(SSL_CTX*, const unsigned char*,
+ unsigned int)
+{
+ // No application specific context needed for yaSSL
+ return SSL_SUCCESS;
+}
+
+
+int SSL_CTX_check_private_key(SSL_CTX* /*ctx*/)
+{
+ // TODO: check private against public for RSA match
+ return SSL_NOT_IMPLEMENTED;
+}
+
+
+// TODO: all session stats
+long SSL_CTX_sess_accept(SSL_CTX* ctx)
+{
+ return ctx->GetStats().accept_;
+}
+
+
+long SSL_CTX_sess_connect(SSL_CTX* ctx)
+{
+ return ctx->GetStats().connect_;
+}
+
+
+long SSL_CTX_sess_accept_good(SSL_CTX* ctx)
+{
+ return ctx->GetStats().acceptGood_;
+}
+
+
+long SSL_CTX_sess_connect_good(SSL_CTX* ctx)
+{
+ return ctx->GetStats().connectGood_;
+}
+
+
+long SSL_CTX_sess_accept_renegotiate(SSL_CTX* ctx)
+{
+ return ctx->GetStats().acceptRenegotiate_;
+}
+
+
+long SSL_CTX_sess_connect_renegotiate(SSL_CTX* ctx)
+{
+ return ctx->GetStats().connectRenegotiate_;
+}
+
+
+long SSL_CTX_sess_hits(SSL_CTX* ctx)
+{
+ return ctx->GetStats().hits_;
+}
+
+
+long SSL_CTX_sess_cb_hits(SSL_CTX* ctx)
+{
+ return ctx->GetStats().cbHits_;
+}
+
+
+long SSL_CTX_sess_cache_full(SSL_CTX* ctx)
+{
+ return ctx->GetStats().cacheFull_;
+}
+
+
+long SSL_CTX_sess_misses(SSL_CTX* ctx)
+{
+ return ctx->GetStats().misses_;
+}
+
+
+long SSL_CTX_sess_timeouts(SSL_CTX* ctx)
+{
+ return ctx->GetStats().timeouts_;
+}
+
+
+long SSL_CTX_sess_number(SSL_CTX* ctx)
+{
+ return ctx->GetStats().number_;
+}
+
+
+long SSL_CTX_sess_get_cache_size(SSL_CTX* ctx)
+{
+ return ctx->GetStats().getCacheSize_;
+}
+// end session stats TODO:
+
+
+int SSL_CTX_get_verify_mode(SSL_CTX* ctx)
+{
+ return ctx->GetStats().verifyMode_;
+}
+
+
+int SSL_get_verify_mode(SSL* ssl)
+{
+ return ssl->getSecurity().GetContext()->GetStats().verifyMode_;
+}
+
+
+int SSL_CTX_get_verify_depth(SSL_CTX* ctx)
+{
+ return ctx->GetStats().verifyDepth_;
+}
+
+
+int SSL_get_verify_depth(SSL* ssl)
+{
+ return ssl->getSecurity().GetContext()->GetStats().verifyDepth_;
+}
+
+
+long SSL_CTX_set_options(SSL_CTX* ctx, long options)
+{
+ ProtocolVersion pv= ctx->getMethod()->getVersion();
+ bool multi_proto= ctx->getMethod()->multipleProtocol();
+ unsigned long ssl_ctx_mask= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1;
+
+ do
+ {
+ if (options == 0)
+ break;
+ // only TLSv1.1
+ if ((options & ssl_ctx_mask) == ssl_ctx_mask)
+ {
+ pv.minor_= 2;
+ multi_proto= false;
+ break;
+ }
+ // only TLSv1
+ ssl_ctx_mask= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_1;
+ if((options & ssl_ctx_mask) == ssl_ctx_mask)
+ {
+ pv.minor_= 1;
+ multi_proto= false;
+ break;
+ }
+ // TLSv1.1 and TLSv1
+ ssl_ctx_mask= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+ if((options & ssl_ctx_mask) == ssl_ctx_mask)
+ {
+ pv.minor_= 2;
+ multi_proto= true;
+ break;
+ }
+ }while(0);
+
+ SSL_METHOD *meth= NEW_YS SSL_METHOD(ctx->getMethod()->getSide(), ProtocolVersion(3,pv.minor_), multi_proto);
+ ctx->SetMethod(meth);
+ return SSL_SUCCESS;
+}
+
+
+void SSL_CTX_set_info_callback(SSL_CTX*, void (*)())
+{
+ // TDOD:
+}
+
+
+void OpenSSL_add_all_algorithms() // compatibility only
+{}
+
+
+int SSL_library_init() // compatiblity only
+{
+ return 1;
+}
+
+
+DH* DH_new(void)
+{
+ DH* dh = NEW_YS DH;
+ if (dh)
+ dh->p = dh->g = 0;
+ return dh;
+}
+
+
+void DH_free(DH* dh)
+{
+ ysDelete(dh->g);
+ ysDelete(dh->p);
+ ysDelete(dh);
+}
+
+
+// convert positive big-endian num of length sz into retVal, which may need to
+// be created
+BIGNUM* BN_bin2bn(const unsigned char* num, int sz, BIGNUM* retVal)
+{
+ bool created = false;
+ mySTL::auto_ptr<BIGNUM> bn;
+
+ if (!retVal) {
+ created = true;
+ bn.reset(NEW_YS BIGNUM);
+ retVal = bn.get();
+ }
+
+ retVal->assign(num, sz);
+
+ if (created)
+ return bn.release();
+ else
+ return retVal;
+}
+
+
+unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *)
+{
+ //return SSL_NOT_IMPLEMENTED;
+ return 0;
+}
+
+
+void ERR_print_errors_fp(FILE* /*fp*/)
+{
+ // need ssl access to implement TODO:
+ //fprintf(fp, "%s", ssl.get_states().errorString_.c_str());
+}
+
+
+char* ERR_error_string(unsigned long errNumber, char* buffer)
+{
+ static char* msg = (char*)"Please supply a buffer for error string";
+
+ if (buffer) {
+ SetErrorString(YasslError(errNumber), buffer);
+ return buffer;
+ }
+
+ return msg;
+}
+
+
+const char* X509_verify_cert_error_string(long /* error */)
+{
+ // TODO:
+ static const char* msg = "Not Implemented";
+ return msg;
+}
+
+
+const EVP_MD* EVP_md5(void)
+{
+ static const char* type = "MD5";
+ return type;
+}
+
+
+const EVP_CIPHER* EVP_des_ede3_cbc(void)
+{
+ static const char* type = "DES-EDE3-CBC";
+ return type;
+}
+
+
+int EVP_BytesToKey(const EVP_CIPHER* type, const EVP_MD* md, const byte* salt,
+ const byte* data, int sz, int count, byte* key, byte* iv)
+{
+ // only support MD5 for now
+ if (strncmp(md, "MD5", 3)) return 0;
+
+ int keyLen = 0;
+ int ivLen = 0;
+
+ // only support CBC DES and AES for now
+ if (strncmp(type, "DES-CBC", 7) == 0) {
+ keyLen = DES_KEY_SZ;
+ ivLen = DES_IV_SZ;
+ }
+ else if (strncmp(type, "DES-EDE3-CBC", 12) == 0) {
+ keyLen = DES_EDE_KEY_SZ;
+ ivLen = DES_IV_SZ;
+ }
+ else if (strncmp(type, "AES-128-CBC", 11) == 0) {
+ keyLen = AES_128_KEY_SZ;
+ ivLen = AES_IV_SZ;
+ }
+ else if (strncmp(type, "AES-192-CBC", 11) == 0) {
+ keyLen = AES_192_KEY_SZ;
+ ivLen = AES_IV_SZ;
+ }
+ else if (strncmp(type, "AES-256-CBC", 11) == 0) {
+ keyLen = AES_256_KEY_SZ;
+ ivLen = AES_IV_SZ;
+ }
+ else
+ return 0;
+
+ yaSSL::MD5 myMD;
+ uint digestSz = myMD.get_digestSize();
+ byte digest[SHA_LEN]; // max size
+
+ int keyLeft = keyLen;
+ int ivLeft = ivLen;
+ int keyOutput = 0;
+
+ while (keyOutput < (keyLen + ivLen)) {
+ int digestLeft = digestSz;
+ // D_(i - 1)
+ if (keyOutput) // first time D_0 is empty
+ myMD.update(digest, digestSz);
+ // data
+ myMD.update(data, sz);
+ // salt
+ if (salt)
+ myMD.update(salt, EVP_SALT_SZ);
+ myMD.get_digest(digest);
+ // count
+ for (int j = 1; j < count; j++) {
+ myMD.update(digest, digestSz);
+ myMD.get_digest(digest);
+ }
+
+ if (keyLeft) {
+ int store = min(keyLeft, static_cast<int>(digestSz));
+ memcpy(&key[keyLen - keyLeft], digest, store);
+
+ keyOutput += store;
+ keyLeft -= store;
+ digestLeft -= store;
+ }
+
+ if (ivLeft && digestLeft) {
+ int store = min(ivLeft, digestLeft);
+ memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store);
+
+ keyOutput += store;
+ ivLeft -= store;
+ }
+ }
+ return keyOutput;
+}
+
+
+
+void DES_set_key_unchecked(const_DES_cblock* key, DES_key_schedule* schedule)
+{
+ memcpy(schedule, key, sizeof(const_DES_cblock));
+}
+
+
+void DES_ede3_cbc_encrypt(const byte* input, byte* output, long sz,
+ DES_key_schedule* ks1, DES_key_schedule* ks2,
+ DES_key_schedule* ks3, DES_cblock* ivec, int enc)
+{
+ DES_EDE des;
+ byte key[DES_EDE_KEY_SZ];
+
+ memcpy(key, *ks1, DES_BLOCK);
+ memcpy(&key[DES_BLOCK], *ks2, DES_BLOCK);
+ memcpy(&key[DES_BLOCK * 2], *ks3, DES_BLOCK);
+
+ if (enc) {
+ des.set_encryptKey(key, *ivec);
+ des.encrypt(output, input, sz);
+ }
+ else {
+ des.set_decryptKey(key, *ivec);
+ des.decrypt(output, input, sz);
+ }
+}
+
+
+// functions for libcurl
+int RAND_status()
+{
+ return 1; /* TaoCrypt provides enough seed */
+}
+
+
+int DES_set_key(const_DES_cblock* key, DES_key_schedule* schedule)
+{
+ memcpy(schedule, key, sizeof(const_DES_cblock));
+ return 1;
+}
+
+
+void DES_set_odd_parity(DES_cblock* key)
+{
+ // not needed now for TaoCrypt
+}
+
+
+void DES_ecb_encrypt(DES_cblock* input, DES_cblock* output,
+ DES_key_schedule* key, int enc)
+{
+ DES des;
+
+ if (enc) {
+ des.set_encryptKey(*key, 0);
+ des.encrypt(*output, *input, DES_BLOCK);
+ }
+ else {
+ des.set_decryptKey(*key, 0);
+ des.decrypt(*output, *input, DES_BLOCK);
+ }
+}
+
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX* ctx, void* userdata)
+{
+ ctx->SetUserData(userdata);
+}
+
+
+X509* SSL_get_certificate(SSL* ssl)
+{
+ return ssl->getCrypto().get_certManager().get_selfX509();
+}
+
+
+EVP_PKEY* SSL_get_privatekey(SSL* ssl)
+{
+ // only called, not used
+ return 0;
+}
+
+
+void SSL_SESSION_free(SSL_SESSION* session)
+{
+ // managed by singleton
+}
+
+
+
+EVP_PKEY* X509_get_pubkey(X509* x)
+{
+ // called, not used though
+ return 0;
+}
+
+
+int EVP_PKEY_copy_parameters(EVP_PKEY* to, const EVP_PKEY* from)
+{
+ // called, not used though
+ return 0;
+}
+
+
+void EVP_PKEY_free(EVP_PKEY* pkey)
+{
+ // never allocated from above
+}
+
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+ if (len) ERR_error_string(e, buf);
+}
+
+
+void ERR_free_strings(void)
+{
+ // handled internally
+}
+
+
+void EVP_cleanup(void)
+{
+ // nothing to do yet
+}
+
+
+ASN1_TIME* X509_get_notBefore(X509* x)
+{
+ if (x) return x->GetBefore();
+ return 0;
+}
+
+
+ASN1_TIME* X509_get_notAfter(X509* x)
+{
+ if (x) return x->GetAfter();
+ return 0;
+}
+
+
+SSL_METHOD* SSLv2_client_method(void) /* will never work, no v 2 */
+{
+ return 0;
+}
+
+
+SSL_SESSION* SSL_get1_session(SSL* ssl) /* what's ref count */
+{
+ return SSL_get_session(ssl);
+}
+
+
+void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *x)
+{
+ // no extension names supported yet
+}
+
+
+int sk_GENERAL_NAME_num(STACK_OF(GENERAL_NAME) *x)
+{
+ // no extension names supported yet
+ return 0;
+}
+
+
+GENERAL_NAME* sk_GENERAL_NAME_value(STACK_OF(GENERAL_NAME) *x, int i)
+{
+ // no extension names supported yet
+ return 0;
+}
+
+
+unsigned char* ASN1_STRING_data(ASN1_STRING* x)
+{
+ if (x) return x->data;
+ return 0;
+}
+
+
+int ASN1_STRING_length(ASN1_STRING* x)
+{
+ if (x) return x->length;
+ return 0;
+}
+
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{
+ if (x) return x->type;
+ return 0;
+}
+
+
+int X509_NAME_get_index_by_NID(X509_NAME* name,int nid, int lastpos)
+{
+ int idx = -1; // not found
+ int cnPos = -1;
+
+ switch (nid) {
+ case NID_commonName:
+ cnPos = name->GetCnPosition();
+ if (lastpos < cnPos)
+ idx = cnPos;
+ break;
+ }
+
+ return idx;
+}
+
+
+ASN1_STRING* X509_NAME_ENTRY_get_data(X509_NAME_ENTRY* ne)
+{
+ // the same in yaSSL
+ return ne;
+}
+
+
+X509_NAME_ENTRY* X509_NAME_get_entry(X509_NAME* name, int loc)
+{
+ return name->GetEntry(loc);
+}
+
+
+// already formatted, caller responsible for freeing *out
+int ASN1_STRING_to_UTF8(unsigned char** out, ASN1_STRING* in)
+{
+ if (!in) return 0;
+
+ *out = (unsigned char*)malloc(in->length + 1);
+ if (*out) {
+ memcpy(*out, in->data, in->length);
+ (*out)[in->length] = 0;
+ }
+ return in->length;
+}
+
+
+void* X509_get_ext_d2i(X509* x, int nid, int* crit, int* idx)
+{
+ // no extensions supported yet
+ return 0;
+}
+
+
+void MD4_Init(MD4_CTX* md4)
+{
+ // make sure we have a big enough buffer
+ typedef char ok[sizeof(md4->buffer) >= sizeof(TaoCrypt::MD4) ? 1 : -1];
+ (void) sizeof(ok);
+
+ // using TaoCrypt since no dynamic memory allocated
+ // and no destructor will be called
+ new (reinterpret_cast<yassl_pointer>(md4->buffer)) TaoCrypt::MD4();
+}
+
+
+void MD4_Update(MD4_CTX* md4, const void* data, unsigned long sz)
+{
+ reinterpret_cast<TaoCrypt::MD4*>(md4->buffer)->Update(
+ static_cast<const byte*>(data), static_cast<unsigned int>(sz));
+}
+
+
+void MD4_Final(unsigned char* hash, MD4_CTX* md4)
+{
+ reinterpret_cast<TaoCrypt::MD4*>(md4->buffer)->Final(hash);
+}
+
+
+void MD5_Init(MD5_CTX* md5)
+{
+ // make sure we have a big enough buffer
+ typedef char ok[sizeof(md5->buffer) >= sizeof(TaoCrypt::MD5) ? 1 : -1];
+ (void) sizeof(ok);
+
+ // using TaoCrypt since no dynamic memory allocated
+ // and no destructor will be called
+ new (reinterpret_cast<yassl_pointer>(md5->buffer)) TaoCrypt::MD5();
+}
+
+
+void MD5_Update(MD5_CTX* md5, const void* data, unsigned long sz)
+{
+ reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Update(
+ static_cast<const byte*>(data), static_cast<unsigned int>(sz));
+}
+
+
+void MD5_Final(unsigned char* hash, MD5_CTX* md5)
+{
+ reinterpret_cast<TaoCrypt::MD5*>(md5->buffer)->Final(hash);
+}
+
+
+int RAND_bytes(unsigned char* buf, int num)
+{
+ RandomPool ran;
+
+ if (ran.GetError()) return 0;
+
+ ran.Fill(buf, num);
+ return 1;
+}
+
+
+int SSL_peek(SSL* ssl, void* buffer, int sz)
+{
+ Data data(min(sz, MAX_RECORD_SIZE), static_cast<opaque*>(buffer));
+ return receiveData(*ssl, data, true);
+}
+
+
+int SSL_pending(SSL* ssl)
+{
+ // Just in case there's pending data that hasn't been processed yet...
+ char c;
+ SSL_peek(ssl, &c, 1);
+
+ return ssl->bufferedData();
+}
+
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX* ctx, pem_password_cb cb)
+{
+ ctx->SetPasswordCb(cb);
+}
+
+
+int SSLeay_add_ssl_algorithms() // compatibility only
+{
+ return 1;
+}
+
+
+void ERR_remove_state(unsigned long)
+{
+ GetErrors().Remove();
+}
+
+
+int ERR_GET_REASON(int l)
+{
+ return l & 0xfff;
+}
+
+
+unsigned long err_helper(bool peek = false)
+{
+ int ysError = GetErrors().Lookup(peek);
+
+ // translate cert error for libcurl, it uses OpenSSL hex code
+ switch (ysError) {
+ case TaoCrypt::SIG_OTHER_E:
+ return CERTFICATE_ERROR;
+ break;
+ default :
+ return 0;
+ }
+
+ return 0; // shut up compiler
+}
+
+
+unsigned long ERR_peek_error()
+{
+ return err_helper(true);
+}
+
+
+unsigned long ERR_get_error()
+{
+ return err_helper();
+}
+
+
+ // functions for stunnel
+
+ void RAND_screen()
+ {
+ // TODO:
+ }
+
+
+ const char* RAND_file_name(char*, size_t)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ int RAND_write_file(const char*)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ int RAND_load_file(const char*, long)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ void RSA_free(RSA*)
+ {
+ // TODO:
+ }
+
+
+ RSA* RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ int X509_LOOKUP_add_dir(X509_LOOKUP*, const char*, long)
+ {
+ // TODO:
+ return SSL_SUCCESS;
+ }
+
+
+ int X509_LOOKUP_load_file(X509_LOOKUP*, const char*, long)
+ {
+ // TODO:
+ return SSL_SUCCESS;
+ }
+
+
+ X509_LOOKUP_METHOD* X509_LOOKUP_hash_dir(void)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ X509_LOOKUP_METHOD* X509_LOOKUP_file(void)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ X509_LOOKUP* X509_STORE_add_lookup(X509_STORE*, X509_LOOKUP_METHOD*)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ int X509_STORE_get_by_subject(X509_STORE_CTX*, int, X509_NAME*, X509_OBJECT*)
+ {
+ // TODO:
+ return SSL_SUCCESS;
+ }
+
+
+ X509_STORE* X509_STORE_new(void)
+ {
+ // TODO:
+ return 0;
+ }
+
+ char* SSL_alert_type_string_long(int)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ char* SSL_alert_desc_string_long(int)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ char* SSL_state_string_long(SSL*)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX*, RSA*(*)(SSL*, int, int))
+ {
+ // TDOD:
+ }
+
+
+ long SSL_CTX_set_timeout(SSL_CTX*, long)
+ {
+ // TDOD:
+ return SSL_SUCCESS;
+ }
+
+
+ int SSL_CTX_use_certificate_chain_file(SSL_CTX*, const char*)
+ {
+ // TDOD:
+ return SSL_SUCCESS;
+ }
+
+
+ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX*, const char*, int)
+ {
+ // TDOD:
+ return SSL_SUCCESS;
+ }
+
+
+ int SSL_set_rfd(SSL*, int)
+ {
+ return SSL_SUCCESS; // TODO:
+ }
+
+
+ int SSL_set_wfd(SSL*, int)
+ {
+ return SSL_SUCCESS; // TODO:
+ }
+
+
+ int SSL_want_read(SSL*)
+ {
+ return 0; // TODO:
+ }
+
+
+ int SSL_want_write(SSL*)
+ {
+ return 0; // TODO:
+ }
+
+
+ void SSL_set_shutdown(SSL*, int)
+ {
+ // TODO:
+ }
+
+
+ SSL_CIPHER* SSL_get_current_cipher(SSL*)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+ char* SSL_CIPHER_description(SSL_CIPHER*, char*, int)
+ {
+ // TODO:
+ return 0;
+ }
+
+
+
+ // end stunnel needs
+
+ char *yaSSL_ASN1_TIME_to_string(ASN1_TIME *time, char *buf, size_t len)
+ {
+ tm t;
+ static const char *month_names[12]=
+ {
+ "Jan","Feb","Mar","Apr","May","Jun",
+ "Jul","Aug","Sep","Oct","Nov","Dec"
+ };
+
+ TaoCrypt::ASN1_TIME_extract(time->data, time->type, &t);
+#ifdef _WIN32
+ _snprintf(buf, len, "%s %2d %02d:%02d:%02d %d GMT",
+#else
+ snprintf(buf, len, "%s %2d %02d:%02d:%02d %d GMT",
+#endif
+ month_names[t.tm_mon], t.tm_mday, t.tm_hour, t.tm_min,
+ t.tm_sec, t.tm_year + 1900);
+ return buf;
+ }
+
+
+ void yaSSL_transport_set_ptr(SSL *ssl, void *ptr)
+ {
+ ssl->useSocket().set_transport_ptr(ptr);
+ }
+
+
+ void yaSSL_transport_set_recv_function(SSL *ssl, yaSSL_recv_func_t func)
+ {
+ ssl->useSocket().set_transport_recv_function(func);
+ }
+
+
+ void yaSSL_transport_set_send_function(SSL *ssl, yaSSL_send_func_t func)
+ {
+ ssl->useSocket().set_transport_send_function(func);
+ }
+
+} // extern "C"
+} // namespace
diff --git a/mysql/extra/yassl/src/timer.cpp b/mysql/extra/yassl/src/timer.cpp
new file mode 100644
index 0000000..a1b9063
--- /dev/null
+++ b/mysql/extra/yassl/src/timer.cpp
@@ -0,0 +1,80 @@
+/*
+ Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* timer.cpp implements a high res and low res timer
+ *
+*/
+
+#include "runtime.hpp"
+#include "timer.hpp"
+
+#ifdef _WIN32
+#include <windows.h>
+#else
+#include <sys/time.h>
+#endif
+
+namespace yaSSL {
+
+#ifdef _WIN32
+
+ timer_d timer()
+ {
+ static bool init(false);
+ static LARGE_INTEGER freq;
+
+ if (!init) {
+ QueryPerformanceFrequency(&freq);
+ init = true;
+ }
+
+ LARGE_INTEGER count;
+ QueryPerformanceCounter(&count);
+
+ return static_cast<double>(count.QuadPart) / freq.QuadPart;
+ }
+
+
+ uint lowResTimer()
+ {
+ return static_cast<uint>(timer());
+ }
+
+#else // _WIN32
+
+ timer_d timer()
+ {
+ struct timeval tv;
+ gettimeofday(&tv, 0);
+
+ return static_cast<double>(tv.tv_sec)
+ + static_cast<double>(tv.tv_usec) / 1000000;
+ }
+
+
+ uint lowResTimer()
+ {
+ struct timeval tv;
+ gettimeofday(&tv, 0);
+
+ return tv.tv_sec;
+ }
+
+
+#endif // _WIN32
+} // namespace yaSSL
diff --git a/mysql/extra/yassl/src/yassl_error.cpp b/mysql/extra/yassl/src/yassl_error.cpp
new file mode 100644
index 0000000..5169b7d
--- /dev/null
+++ b/mysql/extra/yassl/src/yassl_error.cpp
@@ -0,0 +1,288 @@
+/*
+ Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+
+/* yaSSL error implements and an exception class
+ */
+
+#include "runtime.hpp"
+#include "yassl_error.hpp"
+#include "error.hpp" // TaoCrypt error numbers
+#include "openssl/ssl.h" // SSL_ERROR_WANT_READ
+#include <string.h> // strncpy
+
+#ifdef _MSC_VER
+ // 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy
+ #pragma warning(disable: 4996)
+#endif
+
+namespace yaSSL {
+
+
+/* may bring back in future
+Error::Error(const char* s, YasslError e, Library l)
+ : mySTL::runtime_error(s), error_(e), lib_(l)
+{
+}
+
+
+YasslError Error::get_number() const
+{
+ return error_;
+}
+
+
+Library Error::get_lib() const
+{
+
+ return lib_;
+}
+*/
+
+
+void SetErrorString(YasslError error, char* buffer)
+{
+ using namespace TaoCrypt;
+ const int max = MAX_ERROR_SZ; // shorthand
+ int localError = error; // errors from a few enums
+
+ switch (localError) {
+
+ // yaSSL proper errors
+ case range_error :
+ strncpy(buffer, "buffer index error, out of range", max);
+ break;
+
+ case realloc_error :
+ strncpy(buffer, "trying to realloc a fixed buffer", max);
+ break;
+
+ case factory_error :
+ strncpy(buffer, "unknown factory create request", max);
+ break;
+
+ case unknown_cipher :
+ strncpy(buffer, "trying to use an unknown cipher", max);
+ break;
+
+ case prefix_error :
+ strncpy(buffer, "bad master secret derivation, prefix too big", max);
+ break;
+
+ case record_layer :
+ strncpy(buffer, "record layer not ready yet", max);
+ break;
+
+ case handshake_layer :
+ strncpy(buffer, "handshake layer not ready yet", max);
+ break;
+
+ case out_of_order :
+ strncpy(buffer, "handshake message received in wrong order", max);
+ break;
+
+ case bad_input :
+ strncpy(buffer, "bad cipher suite input", max);
+ break;
+
+ case match_error :
+ strncpy(buffer, "unable to match a supported cipher suite", max);
+ break;
+
+ case no_key_file :
+ strncpy(buffer, "the server needs a private key file", max);
+ break;
+
+ case verify_error :
+ strncpy(buffer, "unable to verify peer checksum", max);
+ break;
+
+ case send_error :
+ strncpy(buffer, "socket layer send error", max);
+ break;
+
+ case receive_error :
+ strncpy(buffer, "socket layer receive error", max);
+ break;
+
+ case certificate_error :
+ strncpy(buffer, "unable to proccess cerificate", max);
+ break;
+
+ case privateKey_error :
+ strncpy(buffer, "unable to proccess private key, bad format", max);
+ break;
+
+ case badVersion_error :
+ strncpy(buffer, "protocol version mismatch", max);
+ break;
+
+ case compress_error :
+ strncpy(buffer, "compression error", max);
+ break;
+
+ case decompress_error :
+ strncpy(buffer, "decompression error", max);
+ break;
+
+ case pms_version_error :
+ strncpy(buffer, "bad PreMasterSecret version error", max);
+ break;
+
+ case sanityCipher_error :
+ strncpy(buffer, "sanity check on cipher text size error", max);
+ break;
+
+ case rsaSignFault_error:
+ strncpy(buffer, "rsa signature fault error", max);
+ break;
+
+ // openssl errors
+ case SSL_ERROR_WANT_READ :
+ strncpy(buffer, "the read operation would block", max);
+ break;
+
+ case SSL_ERROR_WANT_WRITE :
+ strncpy(buffer, "the write operation would block", max);
+ break;
+
+ case CERTFICATE_ERROR :
+ strncpy(buffer, "Unable to verify certificate", max);
+ break;
+
+ // TaoCrypt errors
+ case NO_ERROR_E :
+ strncpy(buffer, "not in error state", max);
+ break;
+
+ case WINCRYPT_E :
+ strncpy(buffer, "bad wincrypt acquire", max);
+ break;
+
+ case CRYPTGEN_E :
+ strncpy(buffer, "CryptGenRandom error", max);
+ break;
+
+ case OPEN_RAN_E :
+ strncpy(buffer, "unable to use random device", max);
+ break;
+
+ case READ_RAN_E :
+ strncpy(buffer, "unable to use random device", max);
+ break;
+
+ case INTEGER_E :
+ strncpy(buffer, "ASN: bad DER Integer Header", max);
+ break;
+
+ case SEQUENCE_E :
+ strncpy(buffer, "ASN: bad Sequence Header", max);
+ break;
+
+ case SET_E :
+ strncpy(buffer, "ASN: bad Set Header", max);
+ break;
+
+ case VERSION_E :
+ strncpy(buffer, "ASN: version length not 1", max);
+ break;
+
+ case SIG_OID_E :
+ strncpy(buffer, "ASN: signature OID mismatch", max);
+ break;
+
+ case BIT_STR_E :
+ strncpy(buffer, "ASN: bad BitString Header", max);
+ break;
+
+ case UNKNOWN_OID_E :
+ strncpy(buffer, "ASN: unknown key OID type", max);
+ break;
+
+ case OBJECT_ID_E :
+ strncpy(buffer, "ASN: bad Ojbect ID Header", max);
+ break;
+
+ case TAG_NULL_E :
+ strncpy(buffer, "ASN: expected TAG NULL", max);
+ break;
+
+ case EXPECT_0_E :
+ strncpy(buffer, "ASN: expected 0", max);
+ break;
+
+ case OCTET_STR_E :
+ strncpy(buffer, "ASN: bad Octet String Header", max);
+ break;
+
+ case TIME_E :
+ strncpy(buffer, "ASN: bad TIME", max);
+ break;
+
+ case DATE_SZ_E :
+ strncpy(buffer, "ASN: bad Date Size", max);
+ break;
+
+ case SIG_LEN_E :
+ strncpy(buffer, "ASN: bad Signature Length", max);
+ break;
+
+ case UNKOWN_SIG_E :
+ strncpy(buffer, "ASN: unknown signature OID", max);
+ break;
+
+ case UNKOWN_HASH_E :
+ strncpy(buffer, "ASN: unknown hash OID", max);
+ break;
+
+ case DSA_SZ_E :
+ strncpy(buffer, "ASN: bad DSA r or s size", max);
+ break;
+
+ case BEFORE_DATE_E :
+ strncpy(buffer, "ASN: before date in the future", max);
+ break;
+
+ case AFTER_DATE_E :
+ strncpy(buffer, "ASN: after date in the past", max);
+ break;
+
+ case SIG_CONFIRM_E :
+ strncpy(buffer, "ASN: bad self signature confirmation", max);
+ break;
+
+ case SIG_OTHER_E :
+ strncpy(buffer, "ASN: bad other signature confirmation", max);
+ break;
+
+ case CONTENT_E :
+ strncpy(buffer, "bad content processing", max);
+ break;
+
+ case PEM_E :
+ strncpy(buffer, "bad PEM format processing", max);
+ break;
+
+ default :
+ strncpy(buffer, "unknown error number", max);
+ }
+}
+
+
+
+} // namespace yaSSL
diff --git a/mysql/extra/yassl/src/yassl_imp.cpp b/mysql/extra/yassl/src/yassl_imp.cpp
new file mode 100644
index 0000000..ea09777
--- /dev/null
+++ b/mysql/extra/yassl/src/yassl_imp.cpp
@@ -0,0 +1,2642 @@
+/*
+ Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301 USA.
+*/
+
+/* yaSSL source implements all SSL.v3 secification structures.
+ */
+
+#include "runtime.hpp"
+#include "yassl_int.hpp"
+#include "handshake.hpp"
+
+#include "asn.hpp" // provide crypto wrapper??
+
+
+
+namespace yaSSL {
+
+
+namespace { // locals
+
+bool isTLS(ProtocolVersion pv)
+{
+ if (pv.major_ >= 3 && pv.minor_ >= 1)
+ return true;
+
+ return false;
+}
+
+
+} // namespace (locals)
+
+
+void hashHandShake(SSL&, const input_buffer&, uint);
+
+
+ProtocolVersion::ProtocolVersion(uint8 maj, uint8 min)
+ : major_(maj), minor_(min)
+{}
+
+
+// construct key exchange with known ssl parms
+void ClientKeyExchange::createKey(SSL& ssl)
+{
+ const ClientKeyFactory& ckf = ssl.getFactory().getClientKey();
+ client_key_ = ckf.CreateObject(ssl.getSecurity().get_parms().kea_);
+
+ if (!client_key_)
+ ssl.SetError(factory_error);
+}
+
+
+// construct key exchange with known ssl parms
+void ServerKeyExchange::createKey(SSL& ssl)
+{
+ const ServerKeyFactory& skf = ssl.getFactory().getServerKey();
+ server_key_ = skf.CreateObject(ssl.getSecurity().get_parms().kea_);
+
+ if (!server_key_)
+ ssl.SetError(factory_error);
+}
+
+
+// build/set PreMaster secret and encrypt, client side
+void EncryptedPreMasterSecret::build(SSL& ssl)
+{
+ opaque tmp[SECRET_LEN];
+ memset(tmp, 0, sizeof(tmp));
+ ssl.getCrypto().get_random().Fill(tmp, SECRET_LEN);
+ ProtocolVersion pv = ssl.getSecurity().get_connection().chVersion_;
+ tmp[0] = pv.major_;
+ tmp[1] = pv.minor_;
+ ssl.set_preMaster(tmp, SECRET_LEN);
+
+ const CertManager& cert = ssl.getCrypto().get_certManager();
+ RSA rsa(cert.get_peerKey(), cert.get_peerKeyLength());
+ bool tls = ssl.isTLS(); // if TLS, put length for encrypted data
+ alloc(rsa.get_cipherLength() + (tls ? 2 : 0));
+ byte* holder = secret_;
+ if (tls) {
+ byte len[2];
+ c16toa(rsa.get_cipherLength(), len);
+ memcpy(secret_, len, sizeof(len));
+ holder += 2;
+ }
+ rsa.encrypt(holder, tmp, SECRET_LEN, ssl.getCrypto().get_random());
+}
+
+
+// build/set premaster and Client Public key, client side
+void ClientDiffieHellmanPublic::build(SSL& ssl)
+{
+ DiffieHellman& dhServer = ssl.useCrypto().use_dh();
+ DiffieHellman dhClient(dhServer);
+
+ uint keyLength = dhClient.get_agreedKeyLength(); // pub and agree same
+
+ alloc(keyLength, true);
+ dhClient.makeAgreement(dhServer.get_publicKey(),
+ dhServer.get_publicKeyLength());
+ c16toa(keyLength, Yc_);
+ memcpy(Yc_ + KEY_OFFSET, dhClient.get_publicKey(), keyLength);
+
+ ssl.set_preMaster(dhClient.get_agreedKey(), keyLength);
+}
+
+
+// build server exhange, server side
+void DH_Server::build(SSL& ssl)
+{
+ DiffieHellman& dhServer = ssl.useCrypto().use_dh();
+
+ int pSz, gSz, pubSz;
+ dhServer.set_sizes(pSz, gSz, pubSz);
+ dhServer.get_parms(parms_.alloc_p(pSz), parms_.alloc_g(gSz),
+ parms_.alloc_pub(pubSz));
+
+ short sigSz = 0;
+ mySTL::auto_ptr<Auth> auth;
+ const CertManager& cert = ssl.getCrypto().get_certManager();
+
+ if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
+ if (cert.get_keyType() != rsa_sa_algo) {
+ ssl.SetError(privateKey_error);
+ return;
+ }
+ auth.reset(NEW_YS RSA(cert.get_privateKey(),
+ cert.get_privateKeyLength(), false));
+ }
+ else {
+ if (cert.get_keyType() != dsa_sa_algo) {
+ ssl.SetError(privateKey_error);
+ return;
+ }
+ auth.reset(NEW_YS DSS(cert.get_privateKey(),
+ cert.get_privateKeyLength(), false));
+ sigSz += DSS_ENCODED_EXTRA;
+ }
+
+ sigSz += auth->get_signatureLength();
+ if (!sigSz) {
+ ssl.SetError(privateKey_error);
+ return;
+ }
+
+ length_ = 8; // pLen + gLen + YsLen + SigLen
+ length_ += pSz + gSz + pubSz + sigSz;
+
+ output_buffer tmp(length_);
+ byte len[2];
+ // P
+ c16toa(pSz, len);
+ tmp.write(len, sizeof(len));
+ tmp.write(parms_.get_p(), pSz);
+ // G
+ c16toa(gSz, len);
+ tmp.write(len, sizeof(len));
+ tmp.write(parms_.get_g(), gSz);
+ // Ys
+ c16toa(pubSz, len);
+ tmp.write(len, sizeof(len));
+ tmp.write(parms_.get_pub(), pubSz);
+
+ // Sig
+ byte hash[FINISHED_SZ];
+ MD5 md5;
+ SHA sha;
+ signature_ = NEW_YS byte[sigSz];
+
+ const Connection& conn = ssl.getSecurity().get_connection();
+ // md5
+ md5.update(conn.client_random_, RAN_LEN);
+ md5.update(conn.server_random_, RAN_LEN);
+ md5.update(tmp.get_buffer(), tmp.get_size());
+ md5.get_digest(hash);
+
+ // sha
+ sha.update(conn.client_random_, RAN_LEN);
+ sha.update(conn.server_random_, RAN_LEN);
+ sha.update(tmp.get_buffer(), tmp.get_size());
+ sha.get_digest(&hash[MD5_LEN]);
+
+ if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
+ auth->sign(signature_, hash, sizeof(hash),
+ ssl.getCrypto().get_random());
+ // check for rsa signautre fault
+ if (!auth->verify(hash, sizeof(hash), signature_,
+ auth->get_signatureLength())) {
+ ssl.SetError(rsaSignFault_error);
+ return;
+ }
+ }
+ else {
+ auth->sign(signature_, &hash[MD5_LEN], SHA_LEN,
+ ssl.getCrypto().get_random());
+ byte encoded[DSS_SIG_SZ + DSS_ENCODED_EXTRA];
+ TaoCrypt::EncodeDSA_Signature(signature_, encoded);
+ memcpy(signature_, encoded, sizeof(encoded));
+ }
+
+ c16toa(sigSz, len);
+ tmp.write(len, sizeof(len));
+ tmp.write(signature_, sigSz);
+
+ // key message
+ keyMessage_ = NEW_YS opaque[length_];
+ memcpy(keyMessage_, tmp.get_buffer(), tmp.get_size());
+}
+
+
+// read PreMaster secret and decrypt, server side
+void EncryptedPreMasterSecret::read(SSL& ssl, input_buffer& input)
+{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ const CertManager& cert = ssl.getCrypto().get_certManager();
+ RSA rsa(cert.get_privateKey(), cert.get_privateKeyLength(), false);
+ uint16 cipherLen = rsa.get_cipherLength();
+ if (ssl.isTLS()) {
+ byte len[2];
+ len[0] = input[AUTO];
+ len[1] = input[AUTO];
+ ato16(len, cipherLen);
+ }
+ alloc(cipherLen);
+ input.read(secret_, length_);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ opaque preMasterSecret[SECRET_LEN];
+ memset(preMasterSecret, 0, sizeof(preMasterSecret));
+ rsa.decrypt(preMasterSecret, secret_, length_,
+ ssl.getCrypto().get_random());
+
+ ProtocolVersion pv = ssl.getSecurity().get_connection().chVersion_;
+ if (pv.major_ != preMasterSecret[0] || pv.minor_ != preMasterSecret[1])
+ ssl.SetError(pms_version_error); // continue deriving for timing attack
+
+ ssl.set_preMaster(preMasterSecret, SECRET_LEN);
+ ssl.makeMasterSecret();
+}
+
+
+EncryptedPreMasterSecret::EncryptedPreMasterSecret()
+ : secret_(0), length_(0)
+{}
+
+
+EncryptedPreMasterSecret::~EncryptedPreMasterSecret()
+{
+ ysArrayDelete(secret_);
+}
+
+
+int EncryptedPreMasterSecret::get_length() const
+{
+ return length_;
+}
+
+
+opaque* EncryptedPreMasterSecret::get_clientKey() const
+{
+ return secret_;
+}
+
+
+void EncryptedPreMasterSecret::alloc(int sz)
+{
+ length_ = sz;
+ secret_ = NEW_YS opaque[sz];
+}
+
+
+// read client's public key, server side
+void ClientDiffieHellmanPublic::read(SSL& ssl, input_buffer& input)
+{
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ DiffieHellman& dh = ssl.useCrypto().use_dh();
+
+ uint16 keyLength;
+ byte tmp[2];
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
+ ato16(tmp, keyLength);
+
+ if (keyLength < dh.get_agreedKeyLength()/2) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ alloc(keyLength);
+ input.read(Yc_, keyLength);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+ dh.makeAgreement(Yc_, keyLength);
+
+ ssl.set_preMaster(dh.get_agreedKey(), dh.get_agreedKeyLength());
+ ssl.makeMasterSecret();
+}
+
+
+ClientDiffieHellmanPublic::ClientDiffieHellmanPublic()
+ : length_(0), Yc_(0)
+{}
+
+
+ClientDiffieHellmanPublic::~ClientDiffieHellmanPublic()
+{
+ ysArrayDelete(Yc_);
+}
+
+
+int ClientDiffieHellmanPublic::get_length() const
+{
+ return length_;
+}
+
+
+opaque* ClientDiffieHellmanPublic::get_clientKey() const
+{
+ return Yc_;
+}
+
+
+void ClientDiffieHellmanPublic::alloc(int sz, bool offset)
+{
+ length_ = sz + (offset ? KEY_OFFSET : 0);
+ Yc_ = NEW_YS opaque[length_];
+}
+
+
+// read server's p, g, public key and sig, client side
+void DH_Server::read(SSL& ssl, input_buffer& input)
+{
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
+ uint16 length, messageTotal = 6; // pSz + gSz + pubSz
+ byte tmp[2];
+
+ // p
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
+ ato16(tmp, length);
+ messageTotal += length;
+
+ input.read(parms_.alloc_p(length), length);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ // g
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
+ ato16(tmp, length);
+ messageTotal += length;
+
+ input.read(parms_.alloc_g(length), length);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ // pub
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
+ ato16(tmp, length);
+ messageTotal += length;
+
+ input.read(parms_.alloc_pub(length), length);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ // save message for hash verify
+ input_buffer message(messageTotal);
+ input.set_current(input.get_current() - messageTotal);
+ input.read(message.get_buffer(), messageTotal);
+ message.add_size(messageTotal);
+ if (input.get_error() || input.get_remaining() < (uint)LENGTH_SZ) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ // signature
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
+ ato16(tmp, length);
+
+ if (length == 0) {
+ ssl.SetError(bad_input);
+ return;
+ }
+ signature_ = NEW_YS byte[length];
+ input.read(signature_, length);
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ // verify signature
+ byte hash[FINISHED_SZ];
+ MD5 md5;
+ SHA sha;
+
+ const Connection& conn = ssl.getSecurity().get_connection();
+ // md5
+ md5.update(conn.client_random_, RAN_LEN);
+ md5.update(conn.server_random_, RAN_LEN);
+ md5.update(message.get_buffer(), message.get_size());
+ md5.get_digest(hash);
+
+ // sha
+ sha.update(conn.client_random_, RAN_LEN);
+ sha.update(conn.server_random_, RAN_LEN);
+ sha.update(message.get_buffer(), message.get_size());
+ sha.get_digest(&hash[MD5_LEN]);
+
+ const CertManager& cert = ssl.getCrypto().get_certManager();
+
+ if (ssl.getSecurity().get_parms().sig_algo_ == rsa_sa_algo) {
+ RSA rsa(cert.get_peerKey(), cert.get_peerKeyLength());
+ if (!rsa.verify(hash, sizeof(hash), signature_, length))
+ ssl.SetError(verify_error);
+ }
+ else {
+ byte decodedSig[DSS_SIG_SZ];
+ length = TaoCrypt::DecodeDSA_Signature(decodedSig, signature_, length);
+
+ DSS dss(cert.get_peerKey(), cert.get_peerKeyLength());
+ if (!dss.verify(&hash[MD5_LEN], SHA_LEN, decodedSig, length))
+ ssl.SetError(verify_error);
+ }
+
+ // save input
+ ssl.useCrypto().SetDH(NEW_YS DiffieHellman(parms_.get_p(),
+ parms_.get_pSize(), parms_.get_g(), parms_.get_gSize(),
+ parms_.get_pub(), parms_.get_pubSize(),
+ ssl.getCrypto().get_random()));
+}
+
+
+DH_Server::DH_Server()
+ : signature_(0), length_(0), keyMessage_(0)
+{}
+
+
+DH_Server::~DH_Server()
+{
+ ysArrayDelete(keyMessage_);
+ ysArrayDelete(signature_);
+}
+
+
+int DH_Server::get_length() const
+{
+ return length_;
+}
+
+
+opaque* DH_Server::get_serverKey() const
+{
+ return keyMessage_;
+}
+
+
+// set available suites
+Parameters::Parameters(ConnectionEnd ce, const Ciphers& ciphers,
+ ProtocolVersion pv, bool haveDH) : entity_(ce)
+{
+ pending_ = true; // suite not set yet
+ strncpy(cipher_name_, "NONE", 5);
+
+ removeDH_ = !haveDH; // only use on server side for set suites
+
+ if (ciphers.setSuites_) { // use user set list
+ suites_size_ = ciphers.suiteSz_;
+ memcpy(suites_, ciphers.suites_, ciphers.suiteSz_);
+ SetCipherNames();
+ }
+ else
+ SetSuites(pv, ce == server_end && removeDH_); // defaults
+
+}
+
+
+void Parameters::SetSuites(ProtocolVersion pv, bool removeDH, bool removeRSA,
+ bool removeDSA)
+{
+ int i = 0;
+ // available suites, best first
+ // when adding more, make sure cipher_names is updated and
+ // MAX_CIPHERS is big enough
+
+ if (isTLS(pv)) {
+ if (!removeDH) {
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
+ }
+ if (!removeDSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_DSS_WITH_AES_256_CBC_SHA;
+ }
+ }
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_RSA_WITH_AES_256_CBC_SHA;
+ }
+ if (!removeDH) {
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
+ }
+ if (!removeDSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_DSS_WITH_AES_128_CBC_SHA;
+ }
+ }
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_RSA_WITH_AES_128_CBC_SHA;
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_RSA_WITH_AES_256_CBC_RMD160;
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_RSA_WITH_AES_128_CBC_RMD160;
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_RSA_WITH_3DES_EDE_CBC_RMD160;
+ }
+ if (!removeDH) {
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_RSA_WITH_AES_256_CBC_RMD160;
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_RSA_WITH_AES_128_CBC_RMD160;
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD160;
+ }
+ if (!removeDSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_DSS_WITH_AES_256_CBC_RMD160;
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_DSS_WITH_AES_128_CBC_RMD160;
+ suites_[i++] = 0x00;
+ suites_[i++] = TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD160;
+ }
+ }
+ }
+
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_RSA_WITH_RC4_128_SHA;
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_RSA_WITH_RC4_128_MD5;
+
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_RSA_WITH_DES_CBC_SHA;
+ }
+ if (!removeDH) {
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
+ }
+ if (!removeDSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA;
+ }
+ if (!removeRSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_DHE_RSA_WITH_DES_CBC_SHA;
+ }
+ if (!removeDSA) {
+ suites_[i++] = 0x00;
+ suites_[i++] = SSL_DHE_DSS_WITH_DES_CBC_SHA;
+ }
+ }
+
+ suites_size_ = i;
+
+ SetCipherNames();
+}
+
+
+void Parameters::SetCipherNames()
+{
+ const int suites = suites_size_ / 2;
+ int pos = 0;
+
+ for (int j = 0; j < suites; j++) {
+ int index = suites_[j*2 + 1]; // every other suite is suite id
+ size_t len = strlen(cipher_names[index]) + 1;
+ strncpy(cipher_list_[pos++], cipher_names[index], len);
+ }
+ cipher_list_[pos][0] = 0;
+}
+
+
+// input operator for RecordLayerHeader, adjust stream
+input_buffer& operator>>(input_buffer& input, RecordLayerHeader& hdr)
+{
+ hdr.type_ = ContentType(input[AUTO]);
+ hdr.version_.major_ = input[AUTO];
+ hdr.version_.minor_ = input[AUTO];
+
+ // length
+ byte tmp[2];
+ tmp[0] = input[AUTO];
+ tmp[1] = input[AUTO];
+ ato16(tmp, hdr.length_);
+
+ return input;
+}
+
+
+// output operator for RecordLayerHeader
+output_buffer& operator<<(output_buffer& output, const RecordLayerHeader& hdr)
+{
+ output[AUTO] = hdr.type_;
+ output[AUTO] = hdr.version_.major_;
+ output[AUTO] = hdr.version_.minor_;
+
+ // length
+ byte tmp[2];
+ c16toa(hdr.length_, tmp);
+ output[AUTO] = tmp[0];
+ output[AUTO] = tmp[1];
+
+ return output;
+}
+
+
+// virtual input operator for Messages
+input_buffer& operator>>(input_buffer& input, Message& msg)
+{
+ return msg.set(input);
+}
+
+// virtual output operator for Messages
+output_buffer& operator<<(output_buffer& output, const Message& msg)
+{
+ return msg.get(output);
+}
+
+
+// input operator for HandShakeHeader
+input_buffer& operator>>(input_buffer& input, HandShakeHeader& hs)
+{
+ hs.type_ = HandShakeType(input[AUTO]);
+
+ hs.length_[0] = input[AUTO];
+ hs.length_[1] = input[AUTO];
+ hs.length_[2] = input[AUTO];
+
+ return input;
+}
+
+
+// output operator for HandShakeHeader
+output_buffer& operator<<(output_buffer& output, const HandShakeHeader& hdr)
+{
+ output[AUTO] = hdr.type_;
+ output.write(hdr.length_, sizeof(hdr.length_));
+ return output;
+}
+
+
+// HandShake Header Processing function
+void HandShakeHeader::Process(input_buffer& input, SSL& ssl)
+{
+ ssl.verifyState(*this);
+ if (ssl.GetError()) return;
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+ const HandShakeFactory& hsf = ssl.getFactory().getHandShake();
+ mySTL::auto_ptr<HandShakeBase> hs(hsf.CreateObject(type_));
+ if (!hs.get()) {
+ ssl.SetError(factory_error);
+ return;
+ }
+
+ uint len = c24to32(length_);
+ if (len > input.get_remaining()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+ hashHandShake(ssl, input, len);
+
+ hs->set_length(len);
+ input >> *hs;
+ hs->Process(input, ssl);
+}
+
+
+ContentType HandShakeHeader::get_type() const
+{
+ return handshake;
+}
+
+
+uint16 HandShakeHeader::get_length() const
+{
+ return c24to32(length_);
+}
+
+
+HandShakeType HandShakeHeader::get_handshakeType() const
+{
+ return type_;
+}
+
+
+void HandShakeHeader::set_type(HandShakeType hst)
+{
+ type_ = hst;
+}
+
+
+void HandShakeHeader::set_length(uint32 u32)
+{
+ c32to24(u32, length_);
+}
+
+
+input_buffer& HandShakeHeader::set(input_buffer& in)
+{
+ return in >> *this;
+}
+
+
+output_buffer& HandShakeHeader::get(output_buffer& out) const
+{
+ return out << *this;
+}
+
+
+
+int HandShakeBase::get_length() const
+{
+ return length_;
+}
+
+
+void HandShakeBase::set_length(int l)
+{
+ length_ = l;
+}
+
+
+// for building buffer's type field
+HandShakeType HandShakeBase::get_type() const
+{
+ return no_shake;
+}
+
+
+input_buffer& HandShakeBase::set(input_buffer& in)
+{
+ return in;
+}
+
+
+output_buffer& HandShakeBase::get(output_buffer& out) const
+{
+ return out;
+}
+
+
+void HandShakeBase::Process(input_buffer&, SSL&)
+{}
+
+
+input_buffer& HelloRequest::set(input_buffer& in)
+{
+ return in;
+}
+
+
+output_buffer& HelloRequest::get(output_buffer& out) const
+{
+ return out;
+}
+
+
+void HelloRequest::Process(input_buffer&, SSL&)
+{}
+
+
+HandShakeType HelloRequest::get_type() const
+{
+ return hello_request;
+}
+
+
+// input operator for CipherSpec
+input_buffer& operator>>(input_buffer& input, ChangeCipherSpec& cs)
+{
+ cs.type_ = CipherChoice(input[AUTO]);
+ return input;
+}
+
+// output operator for CipherSpec
+output_buffer& operator<<(output_buffer& output, const ChangeCipherSpec& cs)
+{
+ output[AUTO] = cs.type_;
+ return output;
+}
+
+
+ChangeCipherSpec::ChangeCipherSpec()
+ : type_(change_cipher_spec_choice)
+{}
+
+
+input_buffer& ChangeCipherSpec::set(input_buffer& in)
+{
+ return in >> *this;
+}
+
+
+output_buffer& ChangeCipherSpec::get(output_buffer& out) const
+{
+ return out << *this;
+}
+
+
+ContentType ChangeCipherSpec::get_type() const
+{
+ return change_cipher_spec;
+}
+
+
+uint16 ChangeCipherSpec::get_length() const
+{
+ return SIZEOF_ENUM;
+}
+
+
+// CipherSpec processing handler
+void ChangeCipherSpec::Process(input_buffer& input, SSL& ssl)
+{
+ if (input.get_error()) {
+ ssl.SetError(bad_input);
+ return;
+ }
+
+ // detect duplicate change_cipher
+ if (ssl.getSecurity().get_parms().pending_ == false) {
+ ssl.order_error();
+ return;
+ }
+
+ ssl.useSecurity().use_parms().pending_ = false;
+ if (ssl.getSecurity().get_resuming()) {
+ if (ssl.getSecurity().get_parms().entity_ == client_end)
+ buildFinished(ssl, ssl.useHashes().use_verify(), server); // server
+ }
+ else if (ssl.getSecurity().get_parms().entity_ == server_end)
+ buildFinished(ssl, ssl.useHashes().use_verify(), client); // client
+}
+
+
+Alert::Alert(AlertLevel al, AlertDescription ad)
+ : level_(al), description_(ad)
+{}
+
+
+ContentType Alert::get_type() const
+{
+ return alert;
+}
+
+
+uint16 Alert::get_length() const
+{
+ return SIZEOF_ENUM * 2;
+}
+
+
+input_buffer& Alert::set(input_buffer& in)
+{
+ return in >> *this;
+}
+
+
+output_buffer& Alert::get(output_buffer& out) const
+{
+ return out << *this;
+}
+
+
+// input operator for Alert
+input_buffer& operator>>(input_buffer& input, Alert& a)
+{
+ a.level_ = AlertLevel(input[AUTO]);
+ a.description_ = AlertDescription(i