3779 Nirbhay Choubey 2012-05-29
WL#5603 : Revise how we handle passwords on
the command line
* Addressed review comments & a suggestion from Tor.
* Improved test case.
* Re-removed mysys/my_aes.c, which slipped back in
accidently in last update to the WL tree.
removed:
mysys/my_aes.c
modified:
client/mysql_config_editor.cc
extra/my_print_defaults.c
extra/yassl/taocrypt/include/misc.hpp
mysql-test/r/mysql_config_editor.result
mysql-test/t/mysql_config_editor.test
mysys/CMakeLists.txt
mysys_ssl/default.c
mysys_ssl/my_default.h
3778 Nirbhay Choubey 2012-05-24
WL#5603 : Revise how we handle passwords on
the command line
* Disabled assumeAligned in YaSSL.
* Fixed login file location on windows.
----
Added mysql_config_editor tool.
Added mysys_ssl library.
Removed MySQL's AES implementation, OpenSSL/YaSSL
implementations would be used instead.
----
Fix some linking problems on various platforms.
All executables which link with mysys_ssl must be linked with C++
SET_TARGET_PROPERTIES(<executable> PROPERTIES LINKER_LANGUAGE CXX)
Add new header file mysys_ssl/my_default.h
MAX_CIPHER_STORE_LEN must be a #define, since it is used
for stack allocation of arrays (windows requirement).
----
Moved all declarations pertaining to default.c
from include/my_sys.h to mysys_ssl/my_default.h.
******
WL#5603 : Revise how we handle passwords on
the command line
Minor modifications.
******
WL#5603 : Revise how we handle passwords on
the command line
Excluded mysql_config_editor.test for embedded
server.
removed:
include/rijndael.h
mysys/rijndael.c
added:
client/mysql_config_editor.cc
mysql-test/r/mysql_config_editor.result
mysql-test/t/mysql_config_editor.test
mysys_ssl/
mysys_ssl/CMakeLists.txt
mysys_ssl/my_aes.cc
mysys_ssl/my_default.h
renamed:
mysys/default.c => mysys_ssl/default.c
mysys/my_getopt.c => mysys_ssl/my_getopt.c
modified:
CMakeLists.txt
client/CMakeLists.txt
client/client_priv.h
client/mysql.cc
client/mysql_upgrade.c
client/mysqladmin.cc
client/mysqlbinlog.cc
client/mysqlcheck.c
client/mysqldump.c
client/mysqlimport.c
client/mysqlshow.c
client/mysqlslap.c
client/mysqltest.cc
extra/CMakeLists.txt
extra/my_print_defaults.c
extra/yassl/taocrypt/include/misc.hpp
include/my_aes.h
include/my_sys.h
libmysql/CMakeLists.txt
libmysqld/CMakeLists.txt
libmysqld/examples/CMakeLists.txt
mysql-test/lib/v1/mysql-test-run.pl
mysql-test/mysql-test-run.pl
mysql-test/r/mysqld--help-notwin.result
mysql-test/r/mysqld--help-win.result
mysys/CMakeLists.txt
sql-common/client.c
sql/CMakeLists.txt
sql/mysqld.cc
sql/sql_plugin.cc
storage/myisam/CMakeLists.txt
storage/myisam/myisamchk.c
storage/myisam/myisampack.c
tests/CMakeLists.txt
tests/mysql_client_test.c
unittest/gunit/CMakeLists.txt
mysys_ssl/default.c
mysys_ssl/my_getopt.c
=== modified file 'client/mysql_config_editor.cc'
--- a/client/mysql_config_editor.cc 2012-05-24 09:31:49 +0000
+++ b/client/mysql_config_editor.cc 2012-05-29 04:43:42 +0000
@@ -34,7 +34,7 @@
#define MYSQL_CONFIG_EDITOR_VERSION "1.0"
#define MY_LINE_MAX 4096
-static int fd;
+static int g_gd;
static size_t file_size;
static char *opt_user= NULL, *opt_password= NULL, *opt_host=NULL,
*opt_login_path= NULL;
@@ -49,7 +49,7 @@ static my_bool check_and_create_login_fi
static void mask_password_and_print(char *buf);
static void reset_login_file(void);
-static int encrypt_buffer(char *plain, int plain_len, char cipher[]);
+static int encrypt_buffer(const char *plain, int plain_len, char cipher[]);
static int decrypt_buffer(const char *cipher, int cipher_len, char plain[]);
static int encrypt_and_write_file(DYNAMIC_STRING *file_buf);
static int read_and_decrypt_file(DYNAMIC_STRING *file_buf);
@@ -172,7 +172,7 @@ int execute_commands(int argc, char **ar
switch(find_type(argv[0], &command_typelib, FIND_TYPE_BASIC)) {
case MY_CONFIG_SET :
- verbose_msg("Executing set command..\n");
+ verbose_msg("Executing set command.\n");
if (file_size)
read_and_decrypt_file(&file_buf);
@@ -213,7 +213,7 @@ int execute_commands(int argc, char **ar
break;
case MY_CONFIG_REMOVE :
- verbose_msg("Executing remove command..\n");
+ verbose_msg("Executing remove command.\n");
if (file_size)
read_and_decrypt_file(&file_buf);
else
@@ -225,7 +225,7 @@ int execute_commands(int argc, char **ar
break;
case MY_CONFIG_PRINT :
- verbose_msg("Executing print command..\n");
+ verbose_msg("Executing print command.\n");
if (file_size)
read_and_decrypt_file(&file_buf);
else
@@ -235,12 +235,12 @@ int execute_commands(int argc, char **ar
break;
case MY_CONFIG_RESET :
- verbose_msg("Resetting login file..\n");
+ verbose_msg("Resetting login file.\n");
reset_login_file();
break;
case MY_CONFIG_HELP :
- verbose_msg("Printing usage info..\n");
+ verbose_msg("Printing usage info.\n");
usage();
break;
@@ -250,7 +250,7 @@ int execute_commands(int argc, char **ar
}
dynstr_trunc(&file_buf, file_buf.length);
dynstr_trunc(&path_buf, path_buf.length);
- my_close(fd, MYF(MY_WME));
+ my_close(g_gd, MYF(MY_WME));
}
done:
@@ -293,7 +293,7 @@ static my_bool check_and_create_login_fi
/* Get the login file name. */
if (! set_login_file_name())
{
- verbose_msg("Error! Failed to set login file name..\n");
+ verbose_msg("Error! Failed to set login file name.\n");
goto error;
}
@@ -318,12 +318,12 @@ static my_bool check_and_create_login_fi
/* Now check if directory exists? */
if ( my_stat(login_dir, &stat_info_dir, MYF(0)))
{
- verbose_msg("%s directory exists..\n", login_dir);
+ verbose_msg("%s directory exists.\n", login_dir);
}
else
{
/* Create the login directory. */
- verbose_msg("%s directory doesn't exist, creating it..\n", login_dir);
+ verbose_msg("%s directory doesn't exist, creating it.\n", login_dir);
if (my_mkdir(login_dir, 0, MYF(0)))
goto error;
}
@@ -333,7 +333,7 @@ static my_bool check_and_create_login_fi
/* Check for login file's existence and permissions (0600). */
if (my_stat(my_login_file, &stat_info, MYF(0)))
{
- verbose_msg("File exists..\n");
+ verbose_msg("File exists.\n");
file_size= stat_info.st_size;
@@ -343,34 +343,34 @@ static my_bool check_and_create_login_fi
if (!(create_mode ^ (stat_info.st_mode & create_mode_all)))
#endif
{
- verbose_msg("File has the required permission..\nOpening the file..\n");
- if ((fd= my_open(my_login_file, access_flag, MYF(MY_WME))) == -1)
+ verbose_msg("File has the required permission.\nOpening the file.\n");
+ if ((g_gd= my_open(my_login_file, access_flag, MYF(MY_WME))) == -1)
{
- verbose_msg("Error! Couldn't open the file..\n");
+ verbose_msg("Error! Couldn't open the file.\n");
goto error;
}
}
else
{
- verbose_msg("File does not have the required permission..\n");
+ verbose_msg("File does not have the required permission.\n");
goto error;
}
}
else
{
- verbose_msg("File does not exist..\nCreating login file..\n");
- if ((fd= my_create(my_login_file, create_mode, access_flag,
+ verbose_msg("File does not exist.\nCreating login file.\n");
+ if ((g_gd= my_create(my_login_file, create_mode, access_flag,
MYF(MY_WME)) == -1))
{
- verbose_msg("Error! Couldn't create the login file..\n");
+ verbose_msg("Error! Couldn't create the login file.\n");
goto error;
}
else
{
- verbose_msg("Login file created..\n");
- verbose_msg("Opening the file..\n");
+ verbose_msg("Login file created.\n");
+ verbose_msg("Opening the file.\n");
- if((fd= my_open(my_login_file, access_flag, MYF(MY_WME))) == -1)
+ if((g_gd= my_open(my_login_file, access_flag, MYF(MY_WME))) == -1)
{
verbose_msg("Error! couldn't open the file.\n");
goto error;
@@ -535,11 +535,11 @@ static void reset_login_file(void)
{
DBUG_ENTER("reset_login_file");
- if (my_chsize(fd, 0, 0, MYF(MY_WME)))
- verbose_msg("Error while truncating the file..\n");
+ if (my_chsize(g_gd, 0, 0, MYF(MY_WME)))
+ verbose_msg("Error while truncating the file.\n");
/* Seek to the beginning of the file. */
- my_seek(fd, 0L, SEEK_SET, MYF(MY_WME));
+ my_seek(g_gd, 0L, SEEK_SET, MYF(MY_WME));
DBUG_VOID_RETURN;
}
@@ -634,7 +634,7 @@ static int encrypt_and_write_file(DYNAMI
if ((enc_len= encrypt_buffer(&file_buf->str[bytes_read],
++ len, cipher + MAX_CIPHER_STORE_LEN)) < 0)
{
- verbose_msg("Error! failed to encrypt the login file buffer..\n");
+ verbose_msg("Error! failed to encrypt the login file buffer.\n");
goto error;
}
@@ -646,15 +646,15 @@ static int encrypt_and_write_file(DYNAMI
/* Store cipher length first. */
int4store(cipher, enc_len);
- if ((my_write(fd, (const uchar *)cipher, enc_len + MAX_CIPHER_STORE_LEN,
+ if ((my_write(g_gd, (const uchar *)cipher, enc_len + MAX_CIPHER_STORE_LEN,
MYF(MY_WME))) != (enc_len + MAX_CIPHER_STORE_LEN))
{
- verbose_msg("Error! couldn't write to the file..\n");
+ verbose_msg("Error! couldn't write to the file.\n");
goto error;
}
}
- verbose_msg("Successfully written encrypted data to the login file..\n");
+ verbose_msg("Successfully written encrypted data to the login file.\n");
DBUG_RETURN(bytes_read);
@@ -685,7 +685,7 @@ static int read_and_decrypt_file(DYNAMIC
int cipher_len= 0, dec_len= 0, total_len= 0;
/* First read the length of the cipher. */
- while (my_read(fd, len_buf, MAX_CIPHER_STORE_LEN,
+ while (my_read(g_gd, len_buf, MAX_CIPHER_STORE_LEN,
MYF(MY_WME)) == MAX_CIPHER_STORE_LEN)
{
cipher_len= sint4korr(len_buf);
@@ -694,11 +694,11 @@ static int read_and_decrypt_file(DYNAMIC
DBUG_RETURN(-1);
/* Now read 'cipher_len' bytes from the file. */
- if ((int) my_read(fd, (uchar *) cipher, cipher_len, MYF(MY_WME)) == cipher_len)
+ if ((int) my_read(g_gd, (uchar *) cipher, cipher_len, MYF(MY_WME)) == cipher_len)
{
if ((dec_len= decrypt_buffer(cipher, cipher_len, plain)) < 0)
{
- verbose_msg("Error! failed to decrypt the file..\n");
+ verbose_msg("Error! failed to decrypt the file.\n");
DBUG_RETURN(-1);
}
@@ -708,7 +708,7 @@ static int read_and_decrypt_file(DYNAMIC
}
}
- verbose_msg("Successfully decrypted the login file..\n");
+ verbose_msg("Successfully decrypted the login file.\n");
DBUG_RETURN(total_len);
}
@@ -724,7 +724,7 @@ static int read_and_decrypt_file(DYNAMIC
length encrypted, otherwise.
*/
-static int encrypt_buffer(char *plain, int plain_len, char cipher[])
+static int encrypt_buffer(const char *plain, int plain_len, char cipher[])
{
DBUG_ENTER("encrypt_buffer");
int aes_len;
@@ -737,7 +737,7 @@ static int encrypt_buffer(char *plain, i
}
else
{
- fprintf(stderr, "Error! failed to encrypt..\n");
+ fprintf(stderr, "Error! failed to encrypt.\n");
}
DBUG_RETURN(-1); /* Error */
}
@@ -766,7 +766,7 @@ static int decrypt_buffer(const char *ci
}
else
{
- fprintf(stderr, "Error! failed to decrypt..\n");
+ fprintf(stderr, "Error! failed to decrypt.\n");
}
DBUG_RETURN(-1); /* Error */
}
=== modified file 'extra/my_print_defaults.c'
--- a/extra/my_print_defaults.c 2012-05-24 09:31:49 +0000
+++ b/extra/my_print_defaults.c 2012-05-29 04:43:42 +0000
@@ -83,6 +83,9 @@ static struct my_option my_long_options[
{"no-defaults", 'n', "Ignore reading of default option file(s), "
"except for login file.", 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0,
0, 0, 0},
+ {"login-path", 'l', "Path to be read from under the login file.",
+ &my_login_path, &my_login_path, 0, GET_STR, REQUIRED_ARG,
+ 0, 0, 0, 0, 0, 0},
{"help", '?', "Display this help message and exit.",
0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0},
{"verbose", 'v', "Increase the output level",
=== modified file 'extra/yassl/taocrypt/include/misc.hpp'
--- a/extra/yassl/taocrypt/include/misc.hpp 2012-05-24 09:31:49 +0000
+++ b/extra/yassl/taocrypt/include/misc.hpp 2012-05-29 04:43:42 +0000
@@ -672,7 +672,6 @@ inline void UnalignedPutWord(ByteOrder o
template <class T>
inline T GetWord(bool assumeAligned, ByteOrder order, const byte *block)
{
- assumeAligned= false;
if (assumeAligned)
return ByteReverseIf(*reinterpret_cast<const T *>(block), order);
else
@@ -690,7 +689,6 @@ template <class T>
inline void PutWord(bool assumeAligned, ByteOrder order, byte* block, T value,
const byte *xorBlock = 0)
{
- assumeAligned= false;
if (assumeAligned)
{
if (xorBlock)
@@ -703,7 +701,12 @@ inline void PutWord(bool assumeAligned,
UnalignedPutWord(order, block, value, xorBlock);
}
-template <class T, class B, bool A=true>
+
+/*
+ XXX MYSQL: Setting A (assumeAligned) to false,
+ keeping it true might trigger segfault on SPARC.
+*/
+template <class T, class B, bool A= false>
class GetBlock
{
public:
@@ -723,7 +726,11 @@ private:
const byte *m_block;
};
-template <class T, class B, bool A = true>
+/*
+ XXX MYSQL: Setting A (assumeAligned) to false,
+ keeping it true might trigger segfault on SPARC.
+*/
+template <class T, class B, bool A= false>
class PutBlock
{
public:
=== modified file 'mysql-test/r/mysql_config_editor.result'
--- a/mysql-test/r/mysql_config_editor.result 2012-05-24 09:31:49 +0000
+++ b/mysql-test/r/mysql_config_editor.result 2012-05-29 04:43:42 +0000
@@ -74,9 +74,9 @@ user = test_user5
[test-login-path2]
user = test_user4
-################################################
-# Tests for mysql_config_editor's remove command
-################################################
+###############################################
+# Tests for mysql_config_editor's reset command
+###############################################
# done..
# Print-all to check if everything got deleted.
@@ -126,17 +126,17 @@ Where command can be any one of the foll
######################
#
# Inserting login paths default & test-login-path1
-File exists..
-File has the required permission..
-Opening the file..
-Executing set command..
-Successfully written encrypted data to the login file..
-File exists..
-File has the required permission..
-Opening the file..
-Executing set command..
-Successfully decrypted the login file..
-Successfully written encrypted data to the login file..
+File exists.
+File has the required permission.
+Opening the file.
+Executing set command.
+Successfully written encrypted data to the login file.
+File exists.
+File has the required permission.
+Opening the file.
+Executing set command.
+Successfully decrypted the login file.
+Successfully written encrypted data to the login file.
# done..
# Connecting using 'test_user1'
@@ -180,6 +180,30 @@ user = test_user3
# paths 'client' (default) and
# client_suffix1 will be read..
ERROR 1045 (28000): Access denied for user 'test_user3'@'localhost' (using password: NO)
+## Running my_print_defaults ##
+#
+# (a) With --no-defaults option..
+# It should print the options under the default
+# login path 'client'.
+--user=test_user1
+--host=localhost
+
+# (b) With --no-defaults & --login-path
+--user=test_user1
+--host=localhost
+--user=test_user2
+--host=127.0.0.1
+
+# (c) With --no-defaults & --defaults-group-suffix
+--user=test_user1
+--host=localhost
+--user=test_user3
+
+# (d) With --no-defaults, --login-path & --defaults-group-suffix
+--user=test_user1
+--host=localhost
+--user=test_user2
+--host=127.0.0.1
# Dropping users 'test_user1' & 'test_user2'
DROP USER test_user1, test_user2;
=== modified file 'mysql-test/t/mysql_config_editor.test'
--- a/mysql-test/t/mysql_config_editor.test 2012-05-24 09:31:49 +0000
+++ b/mysql-test/t/mysql_config_editor.test 2012-05-29 04:43:42 +0000
@@ -72,9 +72,9 @@
--exec $MYSQL_CONFIG_EDITOR print --all
--echo
---echo ################################################
---echo # Tests for mysql_config_editor's remove command
---echo ################################################
+--echo ###############################################
+--echo # Tests for mysql_config_editor's reset command
+--echo ###############################################
--exec $MYSQL_CONFIG_EDITOR reset
--echo # done..
--echo # Print-all to check if everything got deleted.
@@ -139,7 +139,22 @@ FLUSH PRIVILEGES;
--error 1
--exec $MYSQL --defaults-group-suffix=_suffix1 2>&1
-
+--echo ## Running my_print_defaults ##
+--echo #
+--echo # (a) With --no-defaults option..
+--echo # It should print the options under the default
+--echo # login path 'client'.
+--exec $MYSQL_MY_PRINT_DEFAULTS --no-defaults client 2>&1
+--echo
+--echo # (b) With --no-defaults & --login-path
+--exec $MYSQL_MY_PRINT_DEFAULTS --no-defaults --login-path=test-login-path1 client 2>&1
+--echo
+--echo # (c) With --no-defaults & --defaults-group-suffix
+--exec $MYSQL_MY_PRINT_DEFAULTS --no-defaults --defaults-group-suffix=_suffix1 client 2>&1
+--echo
+--echo # (d) With --no-defaults, --login-path & --defaults-group-suffix
+--exec $MYSQL_MY_PRINT_DEFAULTS --no-defaults --login-path=test-login-path --defaults-group-suffix=1 client 2>&1
+#--exec xterm -e gdb --args $MYSQL_MY_PRINT_DEFAULTS --no-defaults --login-path=test-login-path --defaults-group-suffix=1 client 2>&1
# Cleanup
--echo
=== modified file 'mysys/CMakeLists.txt'
--- a/mysys/CMakeLists.txt 2012-05-24 09:31:49 +0000
+++ b/mysys/CMakeLists.txt 2012-05-29 04:43:42 +0000
@@ -15,10 +15,6 @@
INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIR} ${CMAKE_SOURCE_DIR}/include ${CMAKE_SOURCE_DIR}/mysys)
-IF(SSL_DEFINES)
-ADD_DEFINITIONS(${SSL_DEFINES})
-ENDIF()
-
SET(MYSYS_SOURCES array.c charset-def.c charset.c checksum.c
errors.c hash.c list.c mf_cache.c mf_dirname.c mf_fn_ext.c
mf_format.c mf_getdate.c mf_iocache.c mf_iocache2.c mf_keycache.c
=== removed file 'mysys/my_aes.c'
--- a/mysys/my_aes.c 2011-09-06 12:43:05 +0000
+++ b/mysys/my_aes.c 1970-01-01 00:00:00 +0000
@@ -1,227 +0,0 @@
-/* Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
-
-
-/*
- Implementation of AES Encryption for MySQL
- Initial version by Peter Zaitsev June 2002
-*/
-
-
-#include <my_global.h>
-#include <m_string.h>
-#include "my_aes.h"
-
-enum encrypt_dir { AES_ENCRYPT, AES_DECRYPT };
-
-#define AES_BLOCK_SIZE 16 /* Block size in bytes */
-
-#define AES_BAD_DATA -1 /* If bad data discovered during decoding */
-
-
-/* The structure for key information */
-typedef struct {
- int nr; /* Number of rounds */
- uint32 rk[4*(AES_MAXNR + 1)]; /* key schedule */
-} KEYINSTANCE;
-
-
-/*
- This is internal function just keeps joint code of Key generation
-
- SYNOPSIS
- my_aes_create_key()
- aes_key Address of Key Instance to be created
- direction Direction (are we encoding or decoding)
- key Key to use for real key creation
- key_length Length of the key
-
- DESCRIPTION
-
- RESULT
- 0 ok
- -1 Error Note: The current impementation never returns this
-*/
-
-static int my_aes_create_key(KEYINSTANCE *aes_key,
- enum encrypt_dir direction, const char *key,
- int key_length)
-{
- uint8 rkey[AES_KEY_LENGTH/8]; /* The real key to be used for encryption */
- uint8 *rkey_end=rkey+AES_KEY_LENGTH/8; /* Real key boundary */
- uint8 *ptr; /* Start of the real key*/
- const char *sptr; /* Start of the working key */
- const char *key_end=key+key_length; /* Working key boundary*/
-
- memset(rkey, 0, AES_KEY_LENGTH/8); /* Set initial key */
-
- for (ptr= rkey, sptr= key; sptr < key_end; ptr++,sptr++)
- {
- if (ptr == rkey_end)
- ptr= rkey; /* Just loop over tmp_key until we used all key */
- *ptr^= (uint8) *sptr;
- }
-#ifdef AES_USE_KEY_BITS
- /*
- This block is intended to allow more weak encryption if application
- build with libmysqld needs to correspond to export regulations
- It should be never used in normal distribution as does not give
- any speed improvement.
- To get worse security define AES_USE_KEY_BITS to number of bits
- you want key to be. It should be divisible by 8
-
- WARNING: Changing this value results in changing of enryption for
- all key lengths so altering this value will result in impossibility
- to decrypt data encrypted with previous value
- */
-#define AES_USE_KEY_BYTES (AES_USE_KEY_BITS/8)
- /*
- To get weaker key we use first AES_USE_KEY_BYTES bytes of created key
- and cyclically copy them until we created all required key length
- */
- for (ptr= rkey+AES_USE_KEY_BYTES, sptr=rkey ; ptr < rkey_end;
- ptr++,sptr++)
- {
- if (sptr == rkey+AES_USE_KEY_BYTES)
- sptr=rkey;
- *ptr=*sptr;
- }
-#endif
- if (direction == AES_DECRYPT)
- aes_key->nr = rijndaelKeySetupDec(aes_key->rk, rkey, AES_KEY_LENGTH);
- else
- aes_key->nr = rijndaelKeySetupEnc(aes_key->rk, rkey, AES_KEY_LENGTH);
- return 0;
-}
-
-
-/*
- Crypt buffer with AES encryption algorithm.
-
- SYNOPSIS
- my_aes_encrypt()
- source Pointer to data for encryption
- source_length Size of encryption data
- dest Buffer to place encrypted data (must be large enough)
- key Key to be used for encryption
- key_length Length of the key. Will handle keys of any length
-
- RETURN
- >= 0 Size of encrypted data
- < 0 Error
-*/
-
-int my_aes_encrypt(const char* source, int source_length, char* dest,
- const char* key, int key_length)
-{
- KEYINSTANCE aes_key;
- uint8 block[AES_BLOCK_SIZE]; /* 128 bit block used for padding */
- int rc; /* result codes */
- int num_blocks; /* number of complete blocks */
- char pad_len; /* pad size for the last block */
- int i;
-
- if ((rc= my_aes_create_key(&aes_key,AES_ENCRYPT,key,key_length)))
- return rc;
-
- num_blocks = source_length/AES_BLOCK_SIZE;
-
- for (i = num_blocks; i > 0; i--) /* Encode complete blocks */
- {
- rijndaelEncrypt(aes_key.rk, aes_key.nr, (const uint8*) source,
- (uint8*) dest);
- source+= AES_BLOCK_SIZE;
- dest+= AES_BLOCK_SIZE;
- }
-
- /* Encode the rest. We always have incomplete block */
- pad_len = AES_BLOCK_SIZE - (source_length - AES_BLOCK_SIZE*num_blocks);
- memcpy(block, source, 16 - pad_len);
- memset(block + AES_BLOCK_SIZE - pad_len, pad_len, pad_len);
- rijndaelEncrypt(aes_key.rk, aes_key.nr, block, (uint8*) dest);
- return AES_BLOCK_SIZE*(num_blocks + 1);
-}
-
-
-/*
- DeCrypt buffer with AES encryption algorithm.
-
- SYNOPSIS
- my_aes_decrypt()
- source Pointer to data for decryption
- source_length Size of encrypted data
- dest Buffer to place decrypted data (must be large enough)
- key Key to be used for decryption
- key_length Length of the key. Will handle keys of any length
-
- RETURN
- >= 0 Size of encrypted data
- < 0 Error
-*/
-
-int my_aes_decrypt(const char *source, int source_length, char *dest,
- const char *key, int key_length)
-{
- KEYINSTANCE aes_key;
- uint8 block[AES_BLOCK_SIZE]; /* 128 bit block used for padding */
- int rc; /* Result codes */
- int num_blocks; /* Number of complete blocks */
- uint pad_len; /* Pad size for the last block */
- int i;
-
- if ((rc=my_aes_create_key(&aes_key,AES_DECRYPT,key,key_length)))
- return rc;
-
- num_blocks = source_length/AES_BLOCK_SIZE;
-
- if ((source_length != num_blocks*AES_BLOCK_SIZE) || num_blocks ==0 )
- return AES_BAD_DATA; /* Input size has to be even and at least one block */
-
- for (i = num_blocks-1; i > 0; i--) /* Decode all but last blocks */
- {
- rijndaelDecrypt(aes_key.rk, aes_key.nr, (const uint8*) source,
- (uint8*) dest);
- source+= AES_BLOCK_SIZE;
- dest+= AES_BLOCK_SIZE;
- }
-
- rijndaelDecrypt(aes_key.rk, aes_key.nr, (const uint8*) source, block);
- /* Use last char in the block as size */
- pad_len = (uint) (uchar) block[AES_BLOCK_SIZE-1];
-
- if (pad_len > AES_BLOCK_SIZE)
- return AES_BAD_DATA;
- /* We could also check whole padding but we do not really need this */
-
- memcpy(dest, block, AES_BLOCK_SIZE - pad_len);
- return AES_BLOCK_SIZE*num_blocks - pad_len;
-}
-
-
-/*
- Get size of buffer which will be large enough for encrypted data
-
- SYNOPSIS
- my_aes_get_size()
- source_length Length of data to be encrypted
-
- RETURN
- Size of buffer required to store encrypted data
-*/
-
-int my_aes_get_size(int source_length)
-{
- return AES_BLOCK_SIZE*(source_length/AES_BLOCK_SIZE)+AES_BLOCK_SIZE;
-}
=== modified file 'mysys_ssl/default.c'
--- a/mysys_ssl/default.c 2012-05-24 09:31:49 +0000
+++ b/mysys_ssl/default.c 2012-05-29 04:43:42 +0000
@@ -338,7 +338,7 @@ int my_search_option_files(const char *c
TYPELIB *group= ctx->group;
if (!(extra_groups= (const char**)alloc_root(ctx->alloc,
- (group->count + 2)
+ (group->count + 3)
* sizeof(char *))))
DBUG_RETURN(2);
=== modified file 'mysys_ssl/my_default.h'
--- a/mysys_ssl/my_default.h 2012-05-24 09:31:49 +0000
+++ b/mysys_ssl/my_default.h 2012-05-29 04:43:42 +0000
@@ -28,6 +28,7 @@ extern const char *my_defaults_extra_fil
extern const char *my_defaults_group_suffix;
extern const char *my_defaults_file;
extern const char* my_login_file;
+extern const char* my_login_path;
extern const char* my_key;
extern my_bool my_getopt_use_args_separator;
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-trunk branch (nirbhay.choubey:3778 to 3779) WL#5603 | Nirbhay Choubey | 29 May |
