#At file:///Users/kgeorge/mysql/work/B11753167-trunk/ based on revid:dmitry.lenev@stripped
3224 Georgi Kodinov 2011-06-20
Bug #11753167: 44559: SSL KEYS WITH PASSPHRASES
Implemented a default password reading callback for yaSSL
using mysql client's get_tty_password().
It uses the C preprocessor to re-define my_strdup() and
to rename get_tty_password() function to a name prefixed
with yassl and internal to the library.
Since the password can't be read from a file, only a manual
test performed and no automatic test case added.
modified:
extra/yassl/CMakeLists.txt
extra/yassl/src/yassl_int.cpp
=== modified file 'extra/yassl/CMakeLists.txt'
--- a/extra/yassl/CMakeLists.txt 2011-04-04 08:47:25 +0000
+++ b/extra/yassl/CMakeLists.txt 2011-06-20 16:07:28 +0000
@@ -21,9 +21,15 @@ INCLUDE_DIRECTORIES(
ADD_DEFINITIONS(${SSL_DEFINES})
+# Substitute my_strdup so that we can re-use get_password.c
+ADD_DEFINITIONS(-Dmy_strdup=yassl_mysql_strdup)
+# rename get_tty_password to avoid collisions with the main binary
+ADD_DEFINITIONS(-Dget_tty_password=yassl_mysql_get_tty_password)
+
SET(YASSL_SOURCES src/buffer.cpp src/cert_wrapper.cpp src/crypto_wrapper.cpp src/handshake.cpp src/lock.cpp
src/log.cpp src/socket_wrapper.cpp src/ssl.cpp src/timer.cpp src/yassl_error.cpp
- src/yassl_imp.cpp src/yassl_int.cpp)
+ src/yassl_imp.cpp src/yassl_int.cpp
+ ../../client/get_password.c )
ADD_CONVENIENCE_LIBRARY(yassl ${YASSL_SOURCES})
RESTRICT_SYMBOL_EXPORTS(yassl)
=== modified file 'extra/yassl/src/yassl_int.cpp'
--- a/extra/yassl/src/yassl_int.cpp 2011-04-04 08:47:25 +0000
+++ b/extra/yassl/src/yassl_int.cpp 2011-06-20 16:07:28 +0000
@@ -68,6 +68,8 @@
#endif // YASSL_PURE_C
+/* for the definition of get_tty_password() */
+#include <mysql.h>
namespace yaSSL {
@@ -1799,8 +1801,40 @@ bool SSL_METHOD::multipleProtocol() cons
}
+/** Implement a my_strdup replacement, so we can reuse get_password() */
+extern "C" char *yassl_mysql_strdup(const char *from, int my_flags)
+{
+ return from ? strdup(from) : NULL;
+}
+
+static int
+default_password_callback(char * buffer, int size, int rwflag,
+ void * callback_data __attribute__((unused)))
+{
+ char *passwd;
+ size_t passwd_len, ssize= (size_t) size;
+
+ passwd= yassl_mysql_get_tty_password("Enter PEM pass phrase:");
+ passwd_len= strlen(passwd);
+
+ if (!passwd_len)
+ return 0;
+
+ if (ssize > 0)
+ {
+ size_t result_len= ssize - 1 > passwd_len ?
+ passwd_len : ssize - 1;
+ memcpy(buffer, passwd, result_len);
+ buffer[result_len]= 0;
+ }
+ free(passwd);
+ return passwd_len;
+}
+
+
SSL_CTX::SSL_CTX(SSL_METHOD* meth)
- : method_(meth), certificate_(0), privateKey_(0), passwordCb_(0),
+ : method_(meth), certificate_(0), privateKey_(0),
+ passwordCb_(default_password_callback),
userData_(0), sessionCacheOff_(false), sessionCacheFlushOff_(false),
verifyCallback_(0)
{}
Attachment: [text/bzr-bundle] bzr/georgi.kodinov@oracle.com-20110620160728-umv85jp9jrf9gsfe.bundle
