Backport of:

ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0
Bug#13174: SHA2 function
Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle

Implement SHA2 functions.

Chad added code to make it work with YaSSL.  Also, he removed the 
(probable) bug of embedded server never using SSL-dependent 
functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)

Function specification:
  SHA2( string cleartext, integer hash_length ) 
    -> string hash, or NULL
where hash_length is one of 224, 256, 384, or 512.  If either is 
NULL or a length is unsupported, then the result is NULL.  The 
resulting string is always the length of the hash_length parameter
or is NULL.

Include the canonical hash examples from the NIST in the test
results.
---
Polish and address concerns of reviewers.


.bzrignore:
  Added libmysqld/sha2.cc to the ignore list.
client/mysql.cc:
  Add condition to remove code for embedded server.
client/mysqltest.cc:
  Add condition to remove code for embedded server.
include/Makefile.am:
  New header file to header list.
include/mysql_embed.h:
  Embedded servers can use SSL-library functions too!
include/sha2.h:
  Compatibility layer to make YaSSL behave like OpenSSL.
include/sslopt-case.h:
  Remove SSL-communication parameters from command lines.
include/sslopt-longopts.h:
  Remove SSL-communication parameters from command lines.
include/sslopt-vars.h:
  Don't declare variables that are only used in SSL communication, if
  we are compiling the embedded server.
include/violite.h:
  Don't even compile the SSL-communication function if we're in the
  embedded server.
  ---
  Remove CPP condition indentation.
libmysqld/CMakeLists.txt:
  Add new file to source list.
libmysqld/Makefile.am:
  Include standard DEFS in embedded compilation.  It's an undiscovered
  but that it's not there.
  
  Add new file to source list.
libmysqld/examples/Makefile.am:
  Include autoconf DEFS.
libmysqld/lib_sql.cc:
  Initialize SSL-related variables in embedded server.
mysql-test/include/have_ssl_crypto_functs.inc:
  Distinguish between communication and crypto.
  Use the tristate value of "have_ssl" variable to know whether to
  test or not for SSL-provided crypto functions.
mysql-test/r/func_digest.result:
  
  Test against the sample test vectors in the NIST Secure
  Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
mysql-test/r/func_encrypt_nossl.result:
  Update results to the new error message text.
mysql-test/r/have_ssl_is_yes_or_disabled_only.require:
  Distinguish between communication and crypto.
  
  Use the tristate value of "have_ssl" variable to know whether to
  test or not for SSL-provided crypto functions.
mysql-test/suite/rpl/t/rpl_ssl.test:
  Distinguish between communication and crypto.
mysql-test/suite/rpl/t/rpl_ssl1.test:
  Distinguish between communication and crypto.
mysql-test/t/func_des_encrypt.test:
  Distinguish between communication and crypto.
mysql-test/t/func_digest.test:
  Test against the sample test vectors in the NIST Secure
  Hash Standard (http://csrc.nist.gov/cryptval/shs.htm)
  
  Also, test that various parameters (legal and illegal)
  do what we expect.
  ---
  Distinguish between communication and crypto.
mysql-test/t/func_encrypt.test:
  Distinguish between communication and crypto.
mysql-test/t/openssl_1.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl-big.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl_8k_key.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl_compress.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
mysql-test/t/ssl_connect.test:
  Don't test SSL communication if we're in the embedded server.
  ---
  Distinguish between communication and crypto.
sql-common/client.c:
  SSL is useful for more functionality than just connecting.  Test
  for whether we are not embedded server also.
sql/CMakeLists.txt:
  Add new source file to source list so that we have access to SHA2
  functions.
sql/Makefile.am:
  Add new source file to source list so that we have access to SHA2
  functions.
sql/item_create.cc:
  Bootstrap the SHA2 function into the server.
sql/item_strfunc.cc:
  Add new SHA2 Item class methods.
  
  Clean up two minor problems.
  ---
  Remove extraneous debugging.
  ---
  We must check nullness of a parameter only /after/ computing its
  value.
sql/item_strfunc.h:
  Declare new SHA2 Item class.
sql/mysqld.cc:
  For embedded server, don't refer to SSL-communications variables
  or values.
  ---
  Remove CPP condition indentation.
sql/sha2.cc:
  Compatibility layer to make YaSSL behave like OpenSSL.
  ---
  Add comment for generated functions.
sql/sql_acl.cc:
  For embedded server, don't refer to SSL-communications variables
  or values.
sql/sql_connect.cc:
  SSL is useful for more functionality than just connecting.  Test
  for whether we are not embedded server also.
sql/sys_vars.cc:
  For embedded server, don't refer to SSL-communications variables
  or values.

1 files changed, 12 insertions, 12 deletions

diff --git a/sql-common/client.c b/sql-common/client.c
index cbd3477d58a..ba8923097a6 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1275,7 +1275,7 @@ void mysql_read_default_options(struct st_mysql_options *options,
 	case 12:			/* return-found-rows */
 	  options->client_flag|=CLIENT_FOUND_ROWS;
 	  break;
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
 	case 13:			/* ssl_key */
 	  my_free(options->ssl_key, MYF(MY_ALLOW_ZERO_PTR));
           options->ssl_key = my_strdup(opt_arg, MYF(MY_WME));
@@ -1303,7 +1303,7 @@ void mysql_read_default_options(struct st_mysql_options *options,
 	case 16:
         case 23:
 	  break;
-#endif /* HAVE_OPENSSL */
+#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
 	case 17:			/* charset-lib */
 	  my_free(options->charset_dir,MYF(MY_ALLOW_ZERO_PTR));
           options->charset_dir = my_strdup(opt_arg, MYF(MY_WME));
@@ -1736,13 +1736,13 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
 	      const char *cipher __attribute__((unused)))
 {
   DBUG_ENTER("mysql_ssl_set");
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
   mysql->options.ssl_key=    strdup_if_not_null(key);
   mysql->options.ssl_cert=   strdup_if_not_null(cert);
   mysql->options.ssl_ca=     strdup_if_not_null(ca);
   mysql->options.ssl_capath= strdup_if_not_null(capath);
   mysql->options.ssl_cipher= strdup_if_not_null(cipher);
-#endif /* HAVE_OPENSSL */
+#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
   DBUG_RETURN(0);
 }
 
@@ -1752,7 +1752,7 @@ mysql_ssl_set(MYSQL *mysql __attribute__((unused)) ,
   NB! Errors are not reported until you do mysql_real_connect.
 */
 
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
 
 static void
 mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
@@ -1778,7 +1778,7 @@ mysql_ssl_free(MYSQL *mysql __attribute__((unused)))
   DBUG_VOID_RETURN;
 }
 
-#endif /* HAVE_OPENSSL */
+#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
 
 /*
   Return the SSL cipher (if any) used for current
@@ -1794,10 +1794,10 @@ const char * STDCALL
 mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))
 {
   DBUG_ENTER("mysql_get_ssl_cipher");
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
   if (mysql->net.vio && mysql->net.vio->ssl_arg)
     DBUG_RETURN(SSL_get_cipher_name((SSL*)mysql->net.vio->ssl_arg));
-#endif /* HAVE_OPENSSL */
+#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
   DBUG_RETURN(NULL);
 }
 
@@ -1817,7 +1817,7 @@ mysql_get_ssl_cipher(MYSQL *mysql __attribute__((unused)))
 
  */
 
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
 
 static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)
 {
@@ -1875,7 +1875,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname)
   DBUG_RETURN(1);
 }
 
-#endif /* HAVE_OPENSSL */
+#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
 
 
 /*
@@ -3036,9 +3036,9 @@ static void mysql_close_free_options(MYSQL *mysql)
     delete_dynamic(init_commands);
     my_free((char*)init_commands,MYF(MY_WME));
   }
-#ifdef HAVE_OPENSSL
+#if defined(HAVE_OPENSSL) && !defined(EMBEDDED_LIBRARY)
   mysql_ssl_free(mysql);
-#endif /* HAVE_OPENSSL */
+#endif /* HAVE_OPENSSL && !EMBEDDED_LIBRARY */
 #ifdef HAVE_SMEM
   if (mysql->options.shared_memory_base_name != def_shared_memory_base_name)
     my_free(mysql->options.shared_memory_base_name,MYF(MY_ALLOW_ZERO_PTR));