mirror of
https://github.com/MariaDB/server.git
synced 2025-02-01 11:31:51 +01:00
3227ba706f
ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0 Bug#13174: SHA2 function Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle Implement SHA2 functions. Chad added code to make it work with YaSSL. Also, he removed the (probable) bug of embedded server never using SSL-dependent functions. (libmysqld/Makefile.am didn't read ANY autoconf defs.) Function specification: SHA2( string cleartext, integer hash_length ) -> string hash, or NULL where hash_length is one of 224, 256, 384, or 512. If either is NULL or a length is unsupported, then the result is NULL. The resulting string is always the length of the hash_length parameter or is NULL. Include the canonical hash examples from the NIST in the test results. --- Polish and address concerns of reviewers. .bzrignore: Added libmysqld/sha2.cc to the ignore list. client/mysql.cc: Add condition to remove code for embedded server. client/mysqltest.cc: Add condition to remove code for embedded server. include/Makefile.am: New header file to header list. include/mysql_embed.h: Embedded servers can use SSL-library functions too! include/sha2.h: Compatibility layer to make YaSSL behave like OpenSSL. include/sslopt-case.h: Remove SSL-communication parameters from command lines. include/sslopt-longopts.h: Remove SSL-communication parameters from command lines. include/sslopt-vars.h: Don't declare variables that are only used in SSL communication, if we are compiling the embedded server. include/violite.h: Don't even compile the SSL-communication function if we're in the embedded server. --- Remove CPP condition indentation. libmysqld/CMakeLists.txt: Add new file to source list. libmysqld/Makefile.am: Include standard DEFS in embedded compilation. It's an undiscovered but that it's not there. Add new file to source list. libmysqld/examples/Makefile.am: Include autoconf DEFS. libmysqld/lib_sql.cc: Initialize SSL-related variables in embedded server. mysql-test/include/have_ssl_crypto_functs.inc: Distinguish between communication and crypto. Use the tristate value of "have_ssl" variable to know whether to test or not for SSL-provided crypto functions. mysql-test/r/func_digest.result: Test against the sample test vectors in the NIST Secure Hash Standard (http://csrc.nist.gov/cryptval/shs.htm) mysql-test/r/func_encrypt_nossl.result: Update results to the new error message text. mysql-test/r/have_ssl_is_yes_or_disabled_only.require: Distinguish between communication and crypto. Use the tristate value of "have_ssl" variable to know whether to test or not for SSL-provided crypto functions. mysql-test/suite/rpl/t/rpl_ssl.test: Distinguish between communication and crypto. mysql-test/suite/rpl/t/rpl_ssl1.test: Distinguish between communication and crypto. mysql-test/t/func_des_encrypt.test: Distinguish between communication and crypto. mysql-test/t/func_digest.test: Test against the sample test vectors in the NIST Secure Hash Standard (http://csrc.nist.gov/cryptval/shs.htm) Also, test that various parameters (legal and illegal) do what we expect. --- Distinguish between communication and crypto. mysql-test/t/func_encrypt.test: Distinguish between communication and crypto. mysql-test/t/openssl_1.test: Don't test SSL communication if we're in the embedded server. --- Distinguish between communication and crypto. mysql-test/t/ssl-big.test: Don't test SSL communication if we're in the embedded server. --- Distinguish between communication and crypto. mysql-test/t/ssl.test: Don't test SSL communication if we're in the embedded server. --- Distinguish between communication and crypto. mysql-test/t/ssl_8k_key.test: Don't test SSL communication if we're in the embedded server. --- Distinguish between communication and crypto. mysql-test/t/ssl_compress.test: Don't test SSL communication if we're in the embedded server. --- Distinguish between communication and crypto. mysql-test/t/ssl_connect.test: Don't test SSL communication if we're in the embedded server. --- Distinguish between communication and crypto. sql-common/client.c: SSL is useful for more functionality than just connecting. Test for whether we are not embedded server also. sql/CMakeLists.txt: Add new source file to source list so that we have access to SHA2 functions. sql/Makefile.am: Add new source file to source list so that we have access to SHA2 functions. sql/item_create.cc: Bootstrap the SHA2 function into the server. sql/item_strfunc.cc: Add new SHA2 Item class methods. Clean up two minor problems. --- Remove extraneous debugging. --- We must check nullness of a parameter only /after/ computing its value. sql/item_strfunc.h: Declare new SHA2 Item class. sql/mysqld.cc: For embedded server, don't refer to SSL-communications variables or values. --- Remove CPP condition indentation. sql/sha2.cc: Compatibility layer to make YaSSL behave like OpenSSL. --- Add comment for generated functions. sql/sql_acl.cc: For embedded server, don't refer to SSL-communications variables or values. sql/sql_connect.cc: SSL is useful for more functionality than just connecting. Test for whether we are not embedded server also. sql/sys_vars.cc: For embedded server, don't refer to SSL-communications variables or values.
101 lines
2.7 KiB
Text
101 lines
2.7 KiB
Text
source include/have_ssl_communication.inc;
|
|
source include/master-slave.inc;
|
|
|
|
# create a user for replication that requires ssl encryption
|
|
connection master;
|
|
grant replication slave on *.* to replssl@localhost require ssl;
|
|
create table t1 (t int auto_increment, KEY(t));
|
|
|
|
sync_slave_with_master;
|
|
|
|
# Set slave to use SSL for connection to master
|
|
stop slave;
|
|
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
|
|
eval change master to
|
|
master_user='replssl',
|
|
master_password='',
|
|
master_ssl=1,
|
|
master_ssl_ca ='$MYSQL_TEST_DIR/std_data/cacert.pem',
|
|
master_ssl_cert='$MYSQL_TEST_DIR/std_data/client-cert.pem',
|
|
master_ssl_key='$MYSQL_TEST_DIR/std_data/client-key.pem';
|
|
start slave;
|
|
|
|
# Switch to master and insert one record, then sync it to slave
|
|
connection master;
|
|
insert into t1 values(1);
|
|
sync_slave_with_master;
|
|
|
|
# The record should now be on slave
|
|
select * from t1;
|
|
|
|
# The slave is synced and waiting/reading from master
|
|
# SHOW SLAVE STATUS will show "Waiting for master to send event"
|
|
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
|
|
--replace_column 1 # 7 # 8 # 9 # 22 # 23 # 33 # 35 # 36 #
|
|
query_vertical show slave status;
|
|
|
|
# Stop the slave, as reported in bug#21871 it would hang
|
|
STOP SLAVE;
|
|
|
|
select * from t1;
|
|
|
|
# Do the same thing a number of times
|
|
disable_query_log;
|
|
disable_result_log;
|
|
# 2007-11-27 mats Bug #32756 Starting and stopping the slave in a loop can lose rows
|
|
# After discussions with Engineering, I'm disabling this part of the test to avoid it causing
|
|
# red trees.
|
|
disable_parsing;
|
|
let $i= 100;
|
|
while ($i)
|
|
{
|
|
start slave;
|
|
connection master;
|
|
insert into t1 values (NULL);
|
|
select * from t1; # Some variance
|
|
connection slave;
|
|
select * from t1; # Some variance
|
|
stop slave;
|
|
dec $i;
|
|
}
|
|
enable_parsing;
|
|
START SLAVE;
|
|
enable_query_log;
|
|
enable_result_log;
|
|
connection master;
|
|
# INSERT one more record to make sure
|
|
# the sync has something to do
|
|
insert into t1 values (NULL);
|
|
let $master_count= `select count(*) from t1`;
|
|
|
|
sync_slave_with_master;
|
|
--source include/wait_for_slave_to_start.inc
|
|
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR $MASTER_MYPORT MASTER_MYPORT
|
|
--replace_column 1 # 7 # 8 # 9 # 22 # 23 # 33 # 35 # 36 #
|
|
query_vertical show slave status;
|
|
|
|
let $slave_count= `select count(*) from t1`;
|
|
|
|
if (`select $slave_count != $master_count`)
|
|
{
|
|
echo master and slave differed in number of rows;
|
|
echo master: $master_count;
|
|
echo slave: $slave_count;
|
|
|
|
connection master;
|
|
echo === master ===;
|
|
select count(*) t1;
|
|
select * from t1;
|
|
connection slave;
|
|
echo === slave ===;
|
|
select count(*) t1;
|
|
select * from t1;
|
|
query_vertical show slave status;
|
|
}
|
|
|
|
connection master;
|
|
drop user replssl@localhost;
|
|
drop table t1;
|
|
sync_slave_with_master;
|
|
|
|
--echo End of 5.0 tests
|