From 72e7f011b29998d8a3e15eb5b381ef962af5fe5b Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Fri, 5 Apr 2019 10:30:58 +0300 Subject: Upgrade to 8.0.15 --- mysql/extra/yassl/README | 786 ----------------------------------------------- 1 file changed, 786 deletions(-) delete mode 100644 mysql/extra/yassl/README (limited to 'mysql/extra/yassl/README') diff --git a/mysql/extra/yassl/README b/mysql/extra/yassl/README deleted file mode 100644 index de1bf51..0000000 --- a/mysql/extra/yassl/README +++ /dev/null @@ -1,786 +0,0 @@ -*** Note, Please read *** - -yaSSL takes a different approach to certificate verification than OpenSSL does. -The default policy for the client is to verify the server, this means that if -you don't load CAs to verify the server you'll get a connect error, unable to -verify. It you want to mimic OpenSSL behavior of not verifying the server and -reducing security you can do this by calling: - -SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); - -before calling SSL_new(); - -*** end Note *** - -yaSSL Release notes, version 2.4.4 (8/8/2017) - This release of yaSSL fixes an interop issue. A fix for detecting cipher - suites with non leading zeros is included as yaSSL only supports cipher - suites with leading zeros. Thanks for the report from Security Innovation - and Oracle. - - Users interoping with other SSL stacks should update. - -yaSSL Release notes, version 2.4.2 (9/22/2016) - This release of yaSSL fixes a medium security vulnerability. A fix for - potential AES side channel leaks is included that a local user monitoring - the same CPU core cache could exploit. VM users, hyper-threading users, - and users where potential attackers have access to the CPU cache will need - to update if they utilize AES. - - DSA padding fixes for unusual sizes is included as well. Users with DSA - certficiates should update. - -yaSSL Release notes, version 2.4.0 (5/20/2016) - This release of yaSSL fixes the OpenSSL compatibility function - SSL_CTX_load_verify_locations() when using the path directory to allow - unlimited path sizes. Minor Windows build fixes are included. - No high level security fixes in this version but we always recommend - updating. - - -yaSSL Release notes, version 2.3.9b (2/03/2016) - This release of yaSSL fixes the OpenSSL compatibility function - X509_NAME_get_index_by_NID() to use the actual index of the common name - instead of searching on the format prefix. Thanks for the report from - yashwant.sahu@oracle.com . Anyone using this function should update. - -yaSSL Release notes, version 2.3.9 (12/01/2015) - This release of yaSSL fixes two client side Diffie-Hellman problems. - yaSSL was only handling the cases of zero or one leading zeros for the key - agreement instead of potentially any number. This caused about 1 in 50,000 - connections to fail when using DHE cipher suites. The second problem was - the case where a server would send a public value shorter than the prime - value, causing about 1 in 128 client connections to fail, and also - caused the yaSSL client to read off the end of memory. All client side - DHE cipher suite users should update. - Thanks to Adam Langely (agl@imperialviolet.org) for the detailed report! - -yaSSL Release notes, version 2.3.8 (9/17/2015) - This release of yaSSL fixes a high security vulnerability. All users - SHOULD update. If using yaSSL for TLS on the server side with private - RSA keys allowing ephemeral key exchange you MUST update and regenerate - the RSA private keys. This report is detailed in: - https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf - yaSSL now detects RSA signature faults and returns an error. - -yaSSL Patch notes, version 2.3.7e (6/26/2015) - This release of yaSSL includes a fix for Date less than comparison. - Previously yaSSL would return true on less than comparisons if the Dates - were equal. Reported by Oracle. No security problem, but if a cert was - generated right now, a server started using it in the same second, and a - client tried to verify it in the same second it would report not yet valid. - -yaSSL Patch notes, version 2.3.7d (6/22/2015) - This release of yaSSL includes a fix for input_buffer set_current with - index 0. SSL_peek() at front of waiting data could trigger. Robert - Golebiowski of Oracle identified and suggested a fix, thanks! - -yaSSL Patch notes, version 2.3.7c (6/12/2015) - This release of yaSSL does certificate DATE comparisons to the second - instead of to the minute, helpful when using freshly generated certs. - Though keep in mind that time sync differences could still show up. - -yaSSL Patch notes, version 2.3.7b (3/18/2015) - This release of yaSSL fixes a potential crash with corrupted private keys. - Also detects bad keys earlier for user. - -yaSSL Release notes, version 2.3.7 (12/10/2014) - This release of yaSSL fixes the potential to process duplicate handshake - messages by explicitly marking/checking received handshake messages. - -yaSSL Release notes, version 2.3.6 (11/25/2014) - - This release of yaSSL fixes some valgrind warnings/errors including - uninitialized reads and off by one index errors induced from fuzzing - the handshake. These were reported by Oracle. - -yaSSL Release notes, version 2.3.5 (9/29/2014) - - This release of yaSSL fixes an RSA Padding check vulnerability reported by - Intel Security Advanced Threat Research team - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -yaSSL Release notes, version 2.3.4 (8/15/2014) - - This release of yaSSL adds checking to the input_buffer class itself. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -yaSSL Release notes, version 2.3.2 (7/25/2014) - - This release of yaSSL updates test certs. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 2.3.0 (12/5/2013) - - This release of yaSSL updates asm for newer GCC versions. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 2.2.3 (4/23/2013) - - This release of yaSSL updates the test certificates as they were expired - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 2.2.2d (2/5/2013) - - This release of yaSSL contains countermeasuers for the Lucky 13 TLS 1.1 - CBC timing padding attack identified by Nadhem AlFardan and Kenneth Paterson - see: http://www.isg.rhul.ac.uk/tls/ - - It also adds SHA2 certificate verification and better checks for malicious - input. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 2.2.2 (7/5/2012) - - This release of yaSSL contains bug fixes and more security checks around - malicious certificates. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 2.1.2 (9/2/2011) - - This release of yaSSL contains bug fixes, better non-blocking support with - SSL_write, and OpenSSL RSA public key format support. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 2.0.0 (7/6/2010) - - This release of yaSSL contains bug fixes, new testing certs, - and a security patch for a potential heap overflow on forged application - data processing. Vulnerability discovered by Matthieu Bonetti from VUPEN - Security http://www.vupen.com. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.9.9 (1/26/2010) - - This release of yaSSL contains bug fixes, the removal of assert() s and - a security patch for a buffer overflow possibility in certificate name - processing. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.9.8 (10/14/09) - - This release of yaSSL contains bug fixes and adds new stream ciphers - Rabbit and HC-128 - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.9.6 (11/13/08) - - This release of yaSSL contains bug fixes, adds autconf shared library - support and has better server suite detection based on certficate and - private key. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.9.2 (9/24/08) - - This release of yaSSL contains bug fixes and improved certificate verify - callback support. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.8.8 (5/7/08) - - This release of yaSSL contains bug fixes, and better socket handling. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.8.6 (1/31/08) - - This release of yaSSL contains bug fixes, and fixes security problems - associated with using SSL 2.0 client hellos and improper input handling. - Please upgrade to this version if you are using a previous one. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.7.5 (10/15/07) - - This release of yaSSL contains bug fixes, adds MSVC 2005 project support, - GCC 4.2 support, IPV6 support and test, and new test certificates. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.7.2 (8/20/07) - - This release of yaSSL contains bug fixes and adds initial OpenVPN support. - Just configure at this point and beginning of build. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.6.8 (4/16/07) - - This release of yaSSL contains bug fixes and adds SHA-256, SHA-512, SHA-224, - and SHA-384. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - - -*****************yaSSL Release notes, version 1.6.0 (2/22/07) - - This release of yaSSL contains bug fixes, portability enhancements, and - better X509 support. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0 and note in 1.5.8. - -*****************yaSSL Release notes, version 1.5.8 (1/10/07) - - This release of yaSSL contains bug fixes, portability enhancements, and - support for GCC 4.1.1 and vs2005 sp1. - - - - Since yaSSL now supports zlib, as does libcurl, the libcurl build test can - fail if yaSSL is built with zlib support since the zlib library isn't - passed. You can do two things to fix this: - - 1) build yaSSL w/o zlib --without-zlib - 2) or add flags to curl configure LDFLAGS="-lm -lz" - - - -*****************yaSSL Release notes, version 1.5.0 (11/09/06) - - This release of yaSSL contains bug fixes, portability enhancements, - and full TLS 1.1 support. Use the functions: - - SSL_METHOD *TLSv1_1_server_method(void); - SSL_METHOD *TLSv1_1_client_method(void); - - or the SSLv23 versions (even though yaSSL doesn't support SSL 2.0 the v23 - means to pick the highest of SSL 3.0, TLS 1.0, or TLS 1.1). - - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0. - - - -****************yaSSL Release notes, version 1.4.5 (10/15/06) - - - This release of yaSSL contains bug fixes, portability enhancements, - zlib compression support, removal of assembly instructions at runtime if - not supported, and initial TLS 1.1 support. - - - Compression Notes: yaSSL uses zlib for compression and the compression - should only be used if yaSSL is at both ends because the implementation - details aren't yet standard. If you'd like to turn compression on use - the SSL_set_compression() function on the client before calling - SSL_connect(). If both the client and server were built with zlib support - then the connection will use compression. If the client isn't built with - support then SSL_set_compression() will return an error (-1). - - To build yaSSL with zlib support on Unix simply have zlib support on your - system and configure will find it if it's in the standard locations. If - it's somewhere else use the option ./configure --with-zlib=DIR. If you'd - like to disable compression support in yaSSL use ./configure --without-zlib. - - To build yaSSL with zlib support on Windows: - - 1) download zlib from http://www.zlib.net/ - 2) follow the instructions in zlib from projects/visualc6/README.txt - for how to add the zlib project into the yaSSL workspace noting that - you'll need to add configuration support for "Win32 Debug" and - "Win32 Release" in note 3 under "To use:". - 3) define HAVE_LIBZ when building yaSSL - - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0. - - -********************yaSSL Release notes, version 1.4.0 (08/13/06) - - - This release of yaSSL contains bug fixes, portability enhancements, - nonblocking connect and accept, better OpenSSL error mapping, and - certificate caching for session resumption. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0. - - -********************yaSSL Release notes, version 1.3.7 (06/26/06) - - - This release of yaSSL contains bug fixes, portability enhancements, - and libcurl 7.15.4 support (any newer versions may not build). - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0. - - -********************yaSSL Release notes, version 1.3.5 (06/01/06) - - - This release of yaSSL contains bug fixes, portability enhancements, - better libcurl support, and improved non-blocking I/O. - -See normal build instructions below under 1.0.6. -See libcurl build instructions below under 1.3.0. - - -********************yaSSL Release notes, version 1.3.0 (04/26/06) - - - This release of yaSSL contains minor bug fixes, portability enhancements, - and libcurl support. - -See normal build instructions below under 1.0.6. - - ---To build for libcurl on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - To build for libcurl the library needs to be built without C++ globals since - the linker will be called in a C context, also libcurl configure will expect - OpenSSL library names so some symbolic links are created. - - ./configure --enable-pure-c - make - make openssl-links - - (then go to your libcurl home and tell libcurl about yaSSL build dir) - ./configure --with-ssl=/yaSSL-BuildDir LDFLAGS=-lm - make - - ---To build for libcurl on Win32: - - Simply add the yaSSL project as a dependency to libcurl, add - yaSSL-Home\include and yaSSL-Home\include\openssl to the include list, and - define USE_SSLEAY and USE_OPENSSL - - please email todd@yassl.com if you have any questions. - - -*******************yaSSL Release notes, version 1.2.2 (03/27/06) - - - This release of yaSSL contains minor bug fixes and portability enhancements. - -See build instructions below under 1.0.6: - - - -*******************yaSSL Release notes, version 1.2.0 - - - This release of yaSSL contains minor bug fixes, portability enhancements, - Diffie-Hellman compatibility fixes for other servers and client, - optimization improvements, and x86 ASM changes. - -See build instructions below under 1.0.6: - - - -*****************yaSSL Release notes, version 1.1.5 - - This release of yaSSL contains minor bug fixes, portability enhancements, - and user requested changes including the ability to add all certificates in - a directory, more robust socket handling, no new overloading unless - requested, and an SSL_VERIFY_NONE option. - - -See build instructions below under 1.0.6: - - - -******************yaSSL Release notes, version 1.0.6 - -This release of yaSSL contains minor bug fixes, portability enhancements, -x86 assembly for ARC4, SHA, MD5, and RIPEMD, --enable-ia32-asm configure -option, and a security patch for certificate chain processing. - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - run testsuite from yaSSL-Home/testsuite to test the build - -to make a release build: - - ./configure --disable-debug - make - - run testsuite from yaSSL-Home/testsuite to test the build - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build - - - -***************** yaSSL Release notes, version 1.0.5 - -This release of yaSSL contains minor bug fixes, portability enhancements, -x86 assembly for AES, 3DES, BLOWFISH, and TWOFISH, --without-debug configure -option, and --enable-kernel-mode configure option for using TaoCrypt with -kernel modules. - ---To build on Linux, Solaris, *BSD, Mac OS X, or Cygwin: - - ./configure - make - - run testsuite from yaSSL-Home/testsuite to test the build - -to make a release build: - - ./configure --without-debug - make - - run testsuite from yaSSL-Home/testsuite to test the build - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build - - -******************yaSSL Release notes, version 1.0.1 - -This release of yaSSL contains minor bug fixes, portability enhancements, -GCC 3.4.4 support, MSVC 2003 support, and more documentation. - -Please see build instructions in the release notes for 0.9.6 below. - - -******************yaSSL Release notes, version 1.0 - -This release of yaSSL contains minor bug fixes, portability enhancements, -GCC 4.0 support, testsuite, improvements, and API additions. - -Please see build instructions in the release notes for 0.9.6 below. - - -******************yaSSL Release notes, version 0.9.9 - -This release of yaSSL contains minor bug fixes, portability enchancements, -MSVC 7 support, memory improvements, and API additions. - -Please see build instructions in the release notes for 0.9.6 below. - - -******************yaSSL Release notes, version 0.9.8 - -This release of yaSSL contains minor bug fixes and portability enchancements. - -Please see build instructions in the release notes for 0.9.6 below. - - -******************yaSSL Release notes, version 0.9.6 - -This release of yaSSL contains minor bug fixes, removal of STL support, and -removal of exceptions and rtti so that the library can be linked without the -std c++ library. - ---To build on Linux, Solaris, FreeBSD, Mac OS X, or Cygwin - -./configure -make - -run testsuite from yaSSL-Home/testsuite to test the build - - ---To build on Win32 - -Choose (Re)Build All from the project workspace - -run Debug\testsuite.exe from yaSSL-Home\testsuite to test the build - - - -******************yaSSL Release notes, version 0.9.2 - -This release of yaSSL contains minor bug fixes, expanded certificate -verification and chaining, and improved documentation. - -Please see build instructions in release notes 0.3.0. - - - -******************yaSSL Release notes, version 0.9.0 - -This release of yaSSL contains minor bug fixes, client verification handling, -hex and base64 encoing/decoding, and an improved test suite. - -Please see build instructions in release notes 0.3.0. - - -******************yaSSL Release notes, version 0.8.0 - -This release of yaSSL contains minor bug fixes, and initial porting effort to -64bit, BigEndian, and more UNIX systems. - -Please see build instructions in release notes 0.3.0. - - -******************yaSSL Release notes, version 0.6.0 - -This release of yaSSL contains minor bug fixes, source cleanup, and binary beta -(1) of the yaSSL libraries. - -Please see build instructions in release notes 0.3.0. - - - -******************yaSSL Release notes, version 0.5.0 - -This release of yaSSL contains minor bug fixes, full session resumption -support, and initial testing suite support. - - - -Please see build instructions in release notes 0.3.0. - - - -******************yaSSL Release notes, version 0.4.0 - -This release of yaSSL contains minor bug fixes, an optional memory tracker, -an echo client and server with input/output redirection for load testing, -and initial session caching support. - - -Please see build instructions in release notes 0.3.0. - - -******************yaSSL Release notes, version 0.3.5 - -This release of yaSSL contains minor bug fixes and extensions to the crypto -library including a full test suite. - - -*******************yaSSL Release notes, version 0.3.0 - -This release of yaSSL contains minor bug fixes and extensions to the crypto -library including AES and an improved random number generator. GNU autoconf -and automake are now used to simplify the build process on Linux. - -*** Linux Build process - -./configure -make - -*** Windows Build process - -open the yassl workspace and build the project - - -*******************yaSSL Release notes, version 0.2.9 - -This release of yaSSL contains minor bug fixes and extensions to the crypto -library. - -See the notes at the bottom of this page for build instructions. - - -*******************yaSSL Release notes, version 0.2.5 - -This release of yaSSL contains minor bug fixes and a beta binary of the yaSSL -libraries for win32 and linux. - -See the notes at the bottom of this page for build instructions. - - - -*******************yaSSL Release notes, version 0.2.0 - -This release of yaSSL contains minor bug fixes and initial alternate crypto -functionality. - -*** Complete Build *** - -See the notes in Readme.txt for build instructions. - -*** Update Build *** - -If you have already done a complete build of yaSSL as described in the release -0.0.1 - 0.1.0 notes and downloaded the update to 0.2.0, place the update file -yassl-update-0.2.0.tar.gz in the yaSSL home directory and issue the command: - -gzip -cd yassl-update-0.2.0.tar.gz | tar xvf - - -to update the previous release. - -Then issue the make command on linux or rebuild the yaSSL project on Windows. - -*******************yaSSL Release notes, version 0.1.0 - -This release of yaSSL contains minor bug fixes, full client and server TLSv1 -support including full ephemeral Diffie-Hellman support, SSL type RSA and DSS -signing and verification, and initial stunnel 4.05 build support. - - - -*********************yaSSL Release notes, version 0.0.3 - -The third release of yaSSL contains minor bug fixes, client certificate -enhancements, and initial ephemeral Diffie-Hellman integration: - - - -********************* - -yaSSL Release notes, version 0.0.2 - -The second release of yaSSL contains minor bug fixes, client certificate -enhancements, session resumption, and improved TLS support including: - -- HMAC for MD5 and SHA-1 -- PRF (pseudo random function) -- Master Secret and Key derivation routines -- Record Authentication codes -- Finish verify data check - -Once ephemeral RSA and DH are added yaSSL will be fully complaint with TLS. - - - -********************** - -yassl Release notes, version 0.0.1 - -The first release of yassl supports normal RSA mode SSLv3 connections with -support for SHA-1 and MD5 digests. Ciphers include DES, 3DES, and RC4. - -yassl uses the CryptoPP library for cryptography, the source is available at -www.cryptopp.com . - -yassl uses CML (the Certificate Management Library) for x509 support. More -features will be in future versions. The CML source is available for download -from www.digitalnet.com/knowledge/cml_home.htm . - -The next release of yassl will support the 3 lesser-used SSL connection modes; -HandShake resumption, Ephemeral RSA (or DH), and Client Authentication as well -as full support for TLS. Backwards support for SSLv2 is not planned at this -time. - - -********************** - -Building yassl on linux: - -use the ./buildall script to build everything. - -buildall will configure and build CML, CryptoPP, and yassl. Testing was -preformed with gcc version 3.3.2 on kernel 2.4.22. - - -********************** - -Building yassl on Windows: - -Testing was preformed on Windows 2000 with Visual C++ 6 sp5. - -1) decompress esnacc_r16.tgz in place, see buildall for syntax if unsure - -2) decompress smp_r23.tgz in place - -3) unzip cryptopp51/crypto51.zip in place - -4) Build SNACC (part of CML) using snacc_builds.dsw in the SNACC directory - -5) Build SMP (part of CMP) using smp.dsw in the smp directory - -6) Build yassl using yassl.dsw - - -********************** - -examples, server and client: - -Please see the server and client examples in both versions to see how to link -to yassl and the support libraries. On linux do 'make server' and 'make -client' to build them. On Windows you will find the example projects in the -main workspace, yassl.dsw. - -The example server and client are compatible with openssl. - - -********************** - -Building yassl into mysql on linux: - -Testing was done using mysql version 4.0.17. - -alter openssl_libs in the configure file, line 21056. Change '-lssl -lcrypto' -to '-lyassl -lcryptopp -lcmapi -lcmlasn -lctil -lc++asn1'. - -see build/config_command for the configure command used to configure mysql -please change /home/touska/ to the relevant directory of course. - -add yassl/lib to the LD_LIBRARY_PATH because libmysql/conf_to_src does not -use the ssl lib directory though it does use the ssl libraries. - -make - -make install - - -********************* - -License: yassl is currently under the GPL, please see license information -in the source and include files. - - -********************* - -Contact: please send comments or questions to Todd A Ouska at todd@yassl.com -and/or Larry Stefonic at larry@yassl.com. - - - -- cgit v1.1