Backport of:
ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0
Bug#13174: SHA2 function
Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
Implement SHA2 functions.
Chad added code to make it work with YaSSL. Also, he removed the
(probable) bug of embedded server never using SSL-dependent
functions. (libmysqld/Makefile.am didn't read ANY autoconf defs.)
Function specification:
SHA2( string cleartext, integer hash_length )
-> string hash, or NULL
where hash_length is one of 224, 256, 384, or 512. If either is
NULL or a length is unsupported, then the result is NULL. The
resulting string is always the length of the hash_length parameter
or is NULL.
Include the canonical hash examples from the NIST in the test
results.
---
Polish and address concerns of reviewers.
.bzrignore:
Added libmysqld/sha2.cc to the ignore list.
client/mysql.cc:
Add condition to remove code for embedded server.
client/mysqltest.cc:
Add condition to remove code for embedded server.
include/Makefile.am:
New header file to header list.
include/mysql_embed.h:
Embedded servers can use SSL-library functions too!
include/sha2.h:
Compatibility layer to make YaSSL behave like OpenSSL.
include/sslopt-case.h:
Remove SSL-communication parameters from command lines.
include/sslopt-longopts.h:
Remove SSL-communication parameters from command lines.
include/sslopt-vars.h:
Don't declare variables that are only used in SSL communication, if
we are compiling the embedded server.
include/violite.h:
Don't even compile the SSL-communication function if we're in the
embedded server.
---
Remove CPP condition indentation.
libmysqld/CMakeLists.txt:
Add new file to source list.
libmysqld/Makefile.am:
Include standard DEFS in embedded compilation. It's an undiscovered
but that it's not there.
Add new file to source list.
libmysqld/examples/Makefile.am:
Include autoconf DEFS.
libmysqld/lib_sql.cc:
Initialize SSL-related variables in embedded server.
mysql-test/include/have_ssl_crypto_functs.inc:
Distinguish between communication and crypto.
Use the tristate value of "have_ssl" variable to know whether to
test or not for SSL-provided crypto functions.
mysql-test/r/func_digest.result:
Test against the sample test vectors in the NIST Secure
Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
mysql-test/r/func_encrypt_nossl.result:
Update results to the new error message text.
mysql-test/r/have_ssl_is_yes_or_disabled_only.require:
Distinguish between communication and crypto.
Use the tristate value of "have_ssl" variable to know whether to
test or not for SSL-provided crypto functions.
mysql-test/suite/rpl/t/rpl_ssl.test:
Distinguish between communication and crypto.
mysql-test/suite/rpl/t/rpl_ssl1.test:
Distinguish between communication and crypto.
mysql-test/t/func_des_encrypt.test:
Distinguish between communication and crypto.
mysql-test/t/func_digest.test:
Test against the sample test vectors in the NIST Secure
Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
Also, test that various parameters (legal and illegal)
do what we expect.
---
Distinguish between communication and crypto.
mysql-test/t/func_encrypt.test:
Distinguish between communication and crypto.
mysql-test/t/openssl_1.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl-big.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl_8k_key.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl_compress.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
mysql-test/t/ssl_connect.test:
Don't test SSL communication if we're in the embedded server.
---
Distinguish between communication and crypto.
sql-common/client.c:
SSL is useful for more functionality than just connecting. Test
for whether we are not embedded server also.
sql/CMakeLists.txt:
Add new source file to source list so that we have access to SHA2
functions.
sql/Makefile.am:
Add new source file to source list so that we have access to SHA2
functions.
sql/item_create.cc:
Bootstrap the SHA2 function into the server.
sql/item_strfunc.cc:
Add new SHA2 Item class methods.
Clean up two minor problems.
---
Remove extraneous debugging.
---
We must check nullness of a parameter only /after/ computing its
value.
sql/item_strfunc.h:
Declare new SHA2 Item class.
sql/mysqld.cc:
For embedded server, don't refer to SSL-communications variables
or values.
---
Remove CPP condition indentation.
sql/sha2.cc:
Compatibility layer to make YaSSL behave like OpenSSL.
---
Add comment for generated functions.
sql/sql_acl.cc:
For embedded server, don't refer to SSL-communications variables
or values.
sql/sql_connect.cc:
SSL is useful for more functionality than just connecting. Test
for whether we are not embedded server also.
sql/sys_vars.cc:
For embedded server, don't refer to SSL-communications variables
or values.
2010-04-13 17:04:45 +02:00
|
|
|
-- source include/have_ssl_crypto_functs.inc
|
2001-11-26 14:54:33 +01:00
|
|
|
|
2003-01-06 00:48:59 +01:00
|
|
|
--disable_warnings
|
2001-12-13 14:53:18 +01:00
|
|
|
drop table if exists t1;
|
2003-01-06 00:48:59 +01:00
|
|
|
--enable_warnings
|
|
|
|
|
2001-12-13 14:53:18 +01:00
|
|
|
create table t1 (x blob);
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('a','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','a'));
|
|
|
|
insert into t1 values (des_encrypt('ab','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','ab'));
|
|
|
|
insert into t1 values (des_encrypt('abc','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abc'));
|
|
|
|
insert into t1 values (des_encrypt('abcd','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcd'));
|
|
|
|
insert into t1 values (des_encrypt('abcde','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcde'));
|
|
|
|
insert into t1 values (des_encrypt('abcdef','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcdef'));
|
|
|
|
insert into t1 values (des_encrypt('abcdefg','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcdefg'));
|
|
|
|
insert into t1 values (des_encrypt('abcdefgh','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcdefgh'));
|
|
|
|
insert into t1 values (des_encrypt('abcdefghi','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcdefghi'));
|
|
|
|
insert into t1 values (des_encrypt('abcdefghij','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcdefghij'));
|
|
|
|
insert into t1 values (des_encrypt('abcdefghijk','The quick red fox jumped over the lazy brown dog'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','abcdefghijk'));
|
|
|
|
insert into t1 values (des_encrypt('The quick red fox jumped over the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('quick red fox jumped over the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('red fox jumped over the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('fox jumped over the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('jumped over the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('over the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('dog!','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('dog!!','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('dog!!!','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('dog!!!!','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('dog!!!!!','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('jumped over the lazy brown dog','sabakala'));
|
|
|
|
insert into t1 values (des_encrypt('jumped over the lazy brown dog','sabakala'));
|
|
|
|
select hex(x), hex(des_decrypt(x,'sabakala')) from t1;
|
|
|
|
select des_decrypt(x,'sabakala') as s from t1 having s like '%dog%';
|
|
|
|
drop table t1;
|
2001-11-26 14:54:33 +01:00
|
|
|
|
2001-12-13 14:53:18 +01:00
|
|
|
#
|
|
|
|
# Test default keys
|
|
|
|
#
|
|
|
|
select hex(des_encrypt("hello")),des_decrypt(des_encrypt("hello"));
|
|
|
|
select des_decrypt(des_encrypt("hello",4));
|
|
|
|
select des_decrypt(des_encrypt("hello",'test'),'test');
|
|
|
|
select hex(des_encrypt("hello")),hex(des_encrypt("hello",5)),hex(des_encrypt("hello",'default_password'));
|
|
|
|
select des_decrypt(des_encrypt("hello"),'default_password');
|
|
|
|
select des_decrypt(des_encrypt("hello",4),'password4');
|
2001-11-26 14:54:33 +01:00
|
|
|
|
2005-06-17 18:07:46 +02:00
|
|
|
# Test use of invalid parameters
|
|
|
|
select des_encrypt("hello",10);
|
|
|
|
select des_encrypt(NULL);
|
|
|
|
select des_encrypt(NULL, 10);
|
|
|
|
select des_encrypt(NULL, NULL);
|
|
|
|
select des_encrypt(10, NULL);
|
|
|
|
select des_encrypt("hello", NULL);
|
|
|
|
|
|
|
|
select des_decrypt("hello",10);
|
|
|
|
select des_decrypt(NULL);
|
|
|
|
select des_decrypt(NULL, 10);
|
|
|
|
select des_decrypt(NULL, NULL);
|
|
|
|
select des_decrypt(10, NULL);
|
|
|
|
select des_decrypt("hello", NULL);
|
|
|
|
|
|
|
|
|
2001-12-13 14:53:18 +01:00
|
|
|
# Test flush
|
|
|
|
SET @a=des_decrypt(des_encrypt("hello"));
|
|
|
|
flush des_key_file;
|
|
|
|
select @a = des_decrypt(des_encrypt("hello"));
|
|
|
|
|
|
|
|
# Test usage of wrong password
|
|
|
|
select hex("hello");
|
|
|
|
select hex(des_decrypt(des_encrypt("hello",4),'password2'));
|
|
|
|
select hex(des_decrypt(des_encrypt("hello","hidden")));
|
2003-11-07 08:43:24 +01:00
|
|
|
|
|
|
|
explain extended select des_decrypt(des_encrypt("hello",4),'password2'), des_decrypt(des_encrypt("hello","hidden"));
|
2005-07-28 02:22:47 +02:00
|
|
|
|
|
|
|
# End of 4.1 tests
|
2009-04-23 09:47:54 +02:00
|
|
|
|
|
|
|
#
|
|
|
|
# Bug#44365 valgrind warnings with encrypt() function
|
|
|
|
#
|
|
|
|
--disable_warnings
|
|
|
|
drop table if exists t1;
|
|
|
|
--enable_warnings
|
|
|
|
create table t1 (f1 smallint(6) default null, f2 mediumtext character set utf8)
|
|
|
|
engine=myisam default charset=latin1;
|
|
|
|
insert into t1 values (null,'contraction\'s');
|
|
|
|
insert into t1 values (-15818,'requirement\'s');
|
2009-04-27 12:05:01 +02:00
|
|
|
--disable_result_log
|
2009-04-23 09:47:54 +02:00
|
|
|
select encrypt(f1,f2) as a from t1,(select encrypt(f1,f2) as b from t1) a;
|
2009-04-27 12:05:01 +02:00
|
|
|
--enable_result_log
|
2009-04-23 09:47:54 +02:00
|
|
|
drop table t1;
|
2015-09-11 13:41:53 +02:00
|
|
|
|
|
|
|
--echo #
|
|
|
|
--echo # Start of 10.1 tests
|
|
|
|
--echo #
|
|
|
|
|
|
|
|
--echo #
|
|
|
|
--echo # MDEV-8369 Unexpected impossible WHERE for a condition on a ZEROFILL field
|
|
|
|
--echo #
|
|
|
|
CREATE TABLE t1 (a INT(6) ZEROFILL);
|
|
|
|
INSERT INTO t1 VALUES (1),(2);
|
|
|
|
# This should not propagate a=1 into DES_ENCRYPT
|
|
|
|
EXPLAIN EXTENDED
|
|
|
|
SELECT * FROM t1 WHERE a=1 AND DES_ENCRYPT('test',a)=_latin1 'abc' COLLATE latin1_bin;
|
|
|
|
DROP TABLE t1;
|
|
|
|
|
|
|
|
--echo #
|
|
|
|
--echo # End of 10.1 tests
|
|
|
|
--echo #
|
2016-06-10 12:09:05 +02:00
|
|
|
|
|
|
|
--echo #
|
|
|
|
--echo # Start of 10.2 tests
|
|
|
|
--echo #
|
|
|
|
|
|
|
|
--echo #
|
|
|
|
--echo # MDEV-10134 Add full support for DEFAULT
|
|
|
|
--echo #
|
|
|
|
|
|
|
|
CREATE TABLE t1 (
|
|
|
|
a VARCHAR(30),
|
|
|
|
b BLOB DEFAULT DES_ENCRYPT(a, 'passwd'),
|
|
|
|
c TEXT DEFAULT DES_DECRYPT(b, 'passwd')
|
|
|
|
);
|
|
|
|
INSERT INTO t1 (a) VALUES ('test');
|
|
|
|
SELECT c FROM t1;
|
|
|
|
DROP TABLE t1;
|
|
|
|
|
|
|
|
--echo #
|
|
|
|
--echo # End of 10.2 tests
|
|
|
|
--echo #
|