1 files changed, 53 insertions, 47 deletions

diff --git a/sql/password.c b/sql/password.c
index 7c0719c7cec..484d6385424 100644
--- a/sql/password.c
+++ b/sql/password.c
@@ -60,12 +60,13 @@
 
 *****************************************************************************/
 
-#include <password.h>
 #include <my_global.h>
 #include <my_sys.h>
 #include <m_string.h>
+#include <password.h>
+#include <mysql.h>
+#include <my_rnd.h>
 #include <sha1.h>
-#include "mysql.h"
 
 /************ MySQL 3.23-4.0 authentication routines: untouched ***********/
 
@@ -278,14 +279,13 @@ void make_password_from_salt_323(char *to, const ulong *salt)
      **************** MySQL 4.1.1 authentication routines *************
 */
 
-/*
-    Generate string of printable random characters of requested length
-  SYNOPSIS
-    create_random_string()
-    to       OUT   buffer for generation; must be at least length+1 bytes
-                   long; result string is always null-terminated
-    length   IN    how many random characters to put in buffer
-    rand_st  INOUT structure used for number generation
+/**
+    Generate string of printable random characters of requested length.
+  
+    @param to[out]  Buffer for generation; must be at least length+1 bytes
+                    long; result string is always null-terminated
+    length[in]      How many random characters to put in buffer
+    rand_st         Structure used for number generation
 */
 
 void create_random_string(char *to, uint length,
@@ -372,6 +372,30 @@ my_crypt(char *to, const uchar *s1, const uchar *s2, uint len)
 }
 
 
+/**
+  Compute two stage SHA1 hash of the password :
+
+    hash_stage1=sha1("password")
+    hash_stage2=sha1(hash_stage1)
+
+  @param password    [IN]   Password string.
+  @param pass_len    [IN]   Length of the password.
+  @param hash_stage1 [OUT]  sha1(password)
+  @param hash_stage2 [OUT]  sha1(hash_stage1)
+*/
+
+inline static
+void compute_two_stage_sha1_hash(const char *password, size_t pass_len,
+                                 uint8 *hash_stage1, uint8 *hash_stage2)
+{
+  /* Stage 1: hash password */
+  compute_sha1_hash(hash_stage1, password, pass_len);
+
+  /* Stage 2 : hash first stage's output. */
+  compute_sha1_hash(hash_stage2, (const char *) hash_stage1, SHA1_HASH_SIZE);
+}
+
+
 /*
     MySQL 4.1.1 password hashing: SHA conversion (see RFC 2289, 3174) twice
     applied to the password string, and then produced octet sequence is
@@ -388,18 +412,11 @@ my_crypt(char *to, const uchar *s1, const uchar *s2, uint len)
 void my_make_scrambled_password(char *to, const char *password,
                                 size_t pass_len)
 {
-  SHA1_CONTEXT sha1_context;
   uint8 hash_stage2[SHA1_HASH_SIZE];
 
-  mysql_sha1_reset(&sha1_context);
-  /* stage 1: hash password */
-  mysql_sha1_input(&sha1_context, (uint8 *) password, (uint) pass_len);
-  mysql_sha1_result(&sha1_context, (uint8 *) to);
-  /* stage 2: hash stage1 output */
-  mysql_sha1_reset(&sha1_context);
-  mysql_sha1_input(&sha1_context, (uint8 *) to, SHA1_HASH_SIZE);
-  /* separate buffer is used to pass 'to' in octet2hex */
-  mysql_sha1_result(&sha1_context, hash_stage2);
+  /* Two stage SHA1 hash of the password. */
+  compute_two_stage_sha1_hash(password, pass_len, (uint8 *) to, hash_stage2);
+
   /* convert hash_stage2 to hex string */
   *to++= PVERSION41_CHAR;
   octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
@@ -425,7 +442,7 @@ void make_scrambled_password(char *to, const char *password)
 
 /*
     Produce an obscure octet sequence from password and random
-    string, recieved from the server. This sequence corresponds to the
+    string, received from the server. This sequence corresponds to the
     password, but password can not be easily restored from it. The sequence
     is then sent to the server for validation. Trailing zero is not stored
     in the buf as it is not needed.
@@ -443,31 +460,23 @@ void make_scrambled_password(char *to, const char *password)
 void
 scramble(char *to, const char *message, const char *password)
 {
-  SHA1_CONTEXT sha1_context;
   uint8 hash_stage1[SHA1_HASH_SIZE];
   uint8 hash_stage2[SHA1_HASH_SIZE];
 
-  mysql_sha1_reset(&sha1_context);
-  /* stage 1: hash password */
-  mysql_sha1_input(&sha1_context, (uint8 *) password, (uint) strlen(password));
-  mysql_sha1_result(&sha1_context, hash_stage1);
-  /* stage 2: hash stage 1; note that hash_stage2 is stored in the database */
-  mysql_sha1_reset(&sha1_context);
-  mysql_sha1_input(&sha1_context, hash_stage1, SHA1_HASH_SIZE);
-  mysql_sha1_result(&sha1_context, hash_stage2);
+  /* Two stage SHA1 hash of the password. */
+  compute_two_stage_sha1_hash(password, strlen(password), hash_stage1,
+                              hash_stage2);
+
   /* create crypt string as sha1(message, hash_stage2) */;
-  mysql_sha1_reset(&sha1_context);
-  mysql_sha1_input(&sha1_context, (const uint8 *) message, SCRAMBLE_LENGTH);
-  mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
-  /* xor allows 'from' and 'to' overlap: lets take advantage of it */
-  mysql_sha1_result(&sha1_context, (uint8 *) to);
+  compute_sha1_hash_multi((uint8 *) to, message, SCRAMBLE_LENGTH,
+                          (const char *) hash_stage2, SHA1_HASH_SIZE);
   my_crypt(to, (const uchar *) to, hash_stage1, SCRAMBLE_LENGTH);
 }
 
 
 /*
     Check that scrambled message corresponds to the password; the function
-    is used by server to check that recieved reply is authentic.
+    is used by server to check that received reply is authentic.
     This function does not check lengths of given strings: message must be
     null-terminated, reply and hash_stage2 must be at least SHA1_HASH_SIZE
     long (if not, something fishy is going on).
@@ -489,24 +498,20 @@ my_bool
 check_scramble(const uchar *scramble_arg, const char *message,
                const uint8 *hash_stage2)
 {
-  SHA1_CONTEXT sha1_context;
   uint8 buf[SHA1_HASH_SIZE];
   uint8 hash_stage2_reassured[SHA1_HASH_SIZE];
 
-  mysql_sha1_reset(&sha1_context);
   /* create key to encrypt scramble */
-  mysql_sha1_input(&sha1_context, (const uint8 *) message, SCRAMBLE_LENGTH);
-  mysql_sha1_input(&sha1_context, hash_stage2, SHA1_HASH_SIZE);
-  mysql_sha1_result(&sha1_context, buf);
+  compute_sha1_hash_multi(buf, message, SCRAMBLE_LENGTH,
+                          (const char *) hash_stage2, SHA1_HASH_SIZE);
   /* encrypt scramble */
-    my_crypt((char *) buf, buf, scramble_arg, SCRAMBLE_LENGTH);
+  my_crypt((char *) buf, buf, scramble_arg, SCRAMBLE_LENGTH);
+
   /* now buf supposedly contains hash_stage1: so we can get hash_stage2 */
-  mysql_sha1_reset(&sha1_context);
-  mysql_sha1_input(&sha1_context, buf, SHA1_HASH_SIZE);
-  mysql_sha1_result(&sha1_context, hash_stage2_reassured);
-  return test(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
-}
+  compute_sha1_hash(hash_stage2_reassured, (const char *) buf, SHA1_HASH_SIZE);
 
+  return MY_TEST(memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE));
+}
 
 /*
   Convert scrambled password from asciiz hex string to binary form.
@@ -536,3 +541,4 @@ void make_password_from_salt(char *to, const uint8 *hash_stage2)
   *to++= PVERSION41_CHAR;
   octet2hex(to, (const char*) hash_stage2, SHA1_HASH_SIZE);
 }
+