From: Nirbhay Choubey
Date: February 15 2012 6:56pm
Subject: bzr push into mysql-trunk branch (nirbhay.choubey:3858 to 3859) WL#5605
List-Archive: http://lists.mysql.com/commits/142898
Message-Id: <201202151856.q1FIuZK6029356@acsmt358.oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

 3859 Nirbhay Choubey	2012-02-16
      WL#5605 : Assert that MySQL uses an approved random
                number generator
      
      Added support for OpenSSL/yaSSL supplied PRNG to
      create_random_string method, which generates a
      random string to be used in MySQL authentication
      protocol.

    added:
      include/my_rnd.h
      sql/my_rnd.cc
    modified:
      libmysql/CMakeLists.txt
      sql/CMakeLists.txt
      sql/password.c
 3858 Inaam Rana	2012-02-15
      Extra info about purge in innodb_monitor output was mistakenly
      directed towards stderr. Should have been file where innodb
      status is being printed.

    modified:
      storage/innobase/lock/lock0lock.cc
=== added file 'include/my_rnd.h'
--- a/include/my_rnd.h	1970-01-01 00:00:00 +0000
+++ b/include/my_rnd.h	2012-02-15 18:54:54 +0000
@@ -0,0 +1,38 @@
+#ifndef MY_RANDOM_INCLUDED
+#define MY_RANDOM_INCLUDED
+
+/*
+   Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/*
+  A wrapper to use OpenSSL/YaSSL PRNGs.
+*/
+
+#include <my_global.h>
+#include <mysql_com.h>
+#include <limits.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+double my_rnd_ssl(struct rand_struct *rand_st);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MY_RANDOM_INCLUDED */

=== modified file 'libmysql/CMakeLists.txt'
--- a/libmysql/CMakeLists.txt	2012-01-30 09:30:13 +0000
+++ b/libmysql/CMakeLists.txt	2012-02-15 18:54:54 +0000
@@ -146,6 +146,7 @@ SET(CLIENT_SOURCES
   ../sql/net_serv.cc
   ../sql-common/pack.c 
   ../sql/password.c
+  ../sql/my_rnd.cc
 )
 ADD_CONVENIENCE_LIBRARY(clientlib ${CLIENT_SOURCES})
 DTRACE_INSTRUMENT(clientlib)

=== modified file 'sql/CMakeLists.txt'
--- a/sql/CMakeLists.txt	2012-01-05 10:14:20 +0000
+++ b/sql/CMakeLists.txt	2012-02-15 18:54:54 +0000
@@ -72,6 +72,7 @@ SET(SQL_SHARED_SOURCES
   mdl.cc
   mf_iocache.cc
   my_decimal.cc
+  my_rnd.cc
   net_serv.cc
   opt_explain.cc
   opt_range.cc

=== added file 'sql/my_rnd.cc'
--- a/sql/my_rnd.cc	1970-01-01 00:00:00 +0000
+++ b/sql/my_rnd.cc	2012-02-15 18:54:54 +0000
@@ -0,0 +1,73 @@
+/*
+   Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; version 2 of the License.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+#include <my_rnd.h>
+
+#if defined(HAVE_YASSL)
+
+#if defined(YASSL_PREFIX)
+#define RAND_bytes yaRAND_bytes
+#endif /* YASSL_PREFIX */
+
+#include <openssl/ssl.h>
+
+#elif defined(HAVE_OPENSSL)
+#include <openssl/rand.h>
+#endif /* HAVE_YASSL */
+
+
+/*
+  A wrapper to use OpenSSL/yaSSL PRNGs.
+*/
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+  Generate a random number using the OpenSSL/yaSSL supplied
+  random number generator if available.
+
+  @param rand_st [INOUT] Structure used for number generation
+                         only if none of the SSL libraries are
+                         available.
+
+  @retval                Generated random number.
+*/
+
+double my_rnd_ssl(struct rand_struct *rand_st)
+{
+
+#if defined(HAVE_YASSL) || defined(HAVE_OPENSSL)
+  int rc;
+  unsigned int res;
+
+#if defined(HAVE_YASSL)
+  rc= yaSSL::RAND_bytes((unsigned char *) &res, sizeof (unsigned int));
+#else
+  rc= RAND_bytes((unsigned char *) &res, sizeof (unsigned int));
+#endif /* HAVE_YASSL */
+
+  if (rc)
+    return (double)res / (double)UINT_MAX;
+  else
+#endif /* defined(HAVE_YASSL) || defined(HAVE_OPENSSL) */
+    return my_rnd(rand_st);
+}
+
+#ifdef __cplusplus
+}
+#endif

=== modified file 'sql/password.c'
--- a/sql/password.c	2011-07-04 00:25:46 +0000
+++ b/sql/password.c	2012-02-15 18:54:54 +0000
@@ -64,6 +64,7 @@
 #include <my_sys.h>
 #include <m_string.h>
 #include <sha1.h>
+#include <my_rnd.h>
 #include "mysql.h"
 
 /************ MySQL 3.23-4.0 authentication routines: untouched ***********/
@@ -321,7 +322,7 @@ void create_random_string(char *to, uint
   char *end= to + length;
   /* Use pointer arithmetics as it is faster way to do so. */
   for (; to < end; to++)
-    *to= (char) (my_rnd(rand_st)*94+33);
+    *to= (char) (my_rnd_ssl(rand_st) * 94 + 33);
   *to= '\0';
 }
 

No bundle (reason: useless for push emails).