Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
eae23d6b
Commit
eae23d6b
authored
Nov 09, 2001
by
unknown
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
des_encrypt()/des_decrypt() work much better now
parent
b88341bb
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
70 additions
and
81 deletions
+70
-81
sql/item_strfunc.cc
sql/item_strfunc.cc
+60
-79
sql/item_strfunc.h
sql/item_strfunc.h
+4
-0
sql/sql_yacc.yy
sql/sql_yacc.yy
+6
-2
No files found.
sql/item_strfunc.cc
View file @
eae23d6b
...
...
@@ -202,127 +202,109 @@ void Item_func_concat::fix_length_and_dec()
}
#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
#define ascii_to_bin(c) ((c)<=57 ? (c)-46 : (c)<=90 ? (c)-53 : (c)-59)
String
*
Item_func_des_encrypt
::
val_str
(
String
*
str
)
{
String
*
res
=
args
[
0
]
->
val_str
(
str
);
#ifdef HAVE_OPENSSL
des_key_schedule
ks1
,
ks2
,
ks3
;
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
union
{
des_cblock
allkeys
[
3
];
des_cblock
key1
;
des_cblock
key2
;
des_cblock
key3
;
des_cblock
allkeys
[
3
];
// 24 bytes (168 bits) total
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
}
key
;
if
((
null_value
=
args
[
0
]
->
null_value
))
return
0
;
if
(
res
->
length
()
==
0
)
return
&
empty_string
;
String
*
in_
str
=
args
[
1
]
->
val_str
(
&
tmp_value
);
char
*
tmp
=
my_malloc
(
res
->
length
()
+
8
,
MYF
(
0
));
DBUG_PRINT
(
"info"
,(
"DES: key string='%s'"
,
in_str
->
c_ptr
()));
DBUG_PRINT
(
"info"
,(
"DES: data string='%s'"
,
res
->
c_ptr
())
);
DBUG_PRINT
(
"info"
,(
"DES: cipher pointer='%x'"
,
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
)));
String
*
key
str
=
args
[
1
]
->
val_str
(
&
tmp_value
);
int32
mode
=
0
;
if
(
arg_count
==
3
&&
!
args
[
2
]
->
null_value
)
mode
=
args
[
2
]
->
val_int
(
);
// We make good 24-byte (168 bit) key from given plaintext key with MD5
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
(
unsigned
char
*
)
in_str
->
c_ptr
(),
in_str
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
(
uchar
*
)
keystr
->
c_ptr
(),
keystr
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
// Here we set all 64-bit (56 actually) one by one
des_set_key_unchecked
(
&
key
.
key1
,
ks1
);
des_set_key_unchecked
(
&
key
.
key2
,
ks2
);
des_set_key_unchecked
(
&
key
.
key3
,
ks3
);
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
/* The problem: DES algorithm requires original data to be in 8-bytes
* chunks. Missing bytes get filled with zeros and result of encryption
* can be up to 7 bytes longer than original string. When decrypted,
* we do not know the size of original string :(
* We add one byte with value 0x0..0x7 to original plaintext marking
* change of string length */
uchar
tail
=
8
-
(
res
->
length
()
%
8
);
// 1..8
for
(
int
i
=
0
;
i
<
(
tail
-
1
)
;
++
i
)
res
->
append
(
'*'
);
res
->
append
(
tail
-
1
);
// Write tail length 0..7 to last pos
// Real encryption
des_ede3_cbc_encrypt
(
(
const
unsigned
char
*
)(
res
->
c_ptr
())
,
(
uchar
*
)
tmp
,
res
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
TRUE
);
res
->
length
(
res
->
length
()
+
8
-
(
res
->
length
()
%
8
));
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
DBUG_PRINT
(
"info"
,(
"DES: string length='%d' versus '%d'"
,
res
->
length
(),
strlen
(
res
->
c_ptr
())));
DBUG_PRINT
(
"info"
,(
"DES: crypted data string='%s'"
,
tmp
));
(
const
uchar
*
)(
res
->
c_ptr
()),
(
uchar
*
)(
res
->
c_ptr
()),
res
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
TRUE
);
if
(
mode
)
{
// In case of ASCII mode we should convert binary string into ASCII
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
++
i
)
{
str
->
append
(
tmp
[
i
]);
// str->append(bin_to_ascii(tmp[i] & 0x3f));
// str->append(bin_to_ascii((tmp[i] >> 5) & 0x3f));
}
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
str
->
copy
();
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
my_free
(
tmp
,
MYF
(
0
));
return
str
;
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
++
i
)
{
str
->
append
(
bin_to_ascii
((
uchar
)
res
->
c_ptr
()[
i
]
&
0x3f
));
str
->
append
(
bin_to_ascii
(((
uchar
)
res
->
c_ptr
()[
i
]
>>
5
)
&
0x3f
));
}
return
str
;
}
else
return
res
;
#else
null_value
=
1
;
return
0
;
#endif
/* HAVE_OPENSSL */
}
String
*
Item_func_des_decrypt
::
val_str
(
String
*
str
)
{
String
*
res
=
args
[
0
]
->
val_str
(
str
);
#ifdef HAVE_OPENSSL
des_key_schedule
ks1
,
ks2
,
ks3
;
des_cblock
ivec
=
{
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
,
0x00
};
union
{
des_cblock
allkeys
[
3
];
des_cblock
key1
;
des_cblock
key2
;
des_cblock
key3
;
des_cblock
allkeys
[
3
];
// 24 bytes total
des_cblock
key1
,
key2
,
key3
;
// 8 bytes each
}
key
;
if
((
null_value
=
args
[
0
]
->
null_value
))
return
0
;
if
(
res
->
length
()
==
0
)
return
&
empty_string
;
String
*
in_str
=
args
[
1
]
->
val_str
(
&
tmp_value
);
char
*
tmp
=
my_malloc
(
res
->
length
()
+
8
,
MYF
(
0
));
DBUG_PRINT
(
"info"
,(
"DES: key string='%s'"
,
in_str
->
c_ptr
()));
DBUG_PRINT
(
"info"
,(
"DES: data string='%s'"
,
res
->
c_ptr
()));
/* int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
const unsigned char *salt, const unsigned char *data, int datal,
int count, unsigned char *key, unsigned char *iv)
*/
String
*
keystr
=
args
[
1
]
->
val_str
(
&
tmp_value
);
int32
mode
=
0
;
if
(
arg_count
==
3
&&
!
args
[
2
]
->
null_value
)
mode
=
args
[
2
]
->
val_int
();
// We make good 24-byte (168 bit) key from given plaintext key with MD5
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
(
unsigned
char
*
)
in_str
->
c_ptr
(),
in_str
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
(
uchar
*
)
keystr
->
c_ptr
(),
keystr
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
// Here we set all 64-bit keys (56 effective) one by one
des_set_key_unchecked
(
&
key
.
key1
,
ks1
);
des_set_key_unchecked
(
&
key
.
key2
,
ks2
);
des_set_key_unchecked
(
&
key
.
key3
,
ks3
);
DBUG_PRINT
(
"info"
,(
"DES: cipher pointer='%x'"
,
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
)));
EVP_BytesToKey
(
EVP_get_cipherbyname
(
"DES-EDE3-CBC"
),
EVP_md5
(),
NULL
,
(
unsigned
char
*
)
in_str
->
c_ptr
(),
in_str
->
length
(),
1
,(
uchar
*
)
&
key
.
allkeys
,
ivec
);
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
des_ede3_cbc_encrypt
(
(
const
unsigned
char
*
)(
res
->
c_ptr
())
,
(
uchar
*
)
tmp
,
res
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
FALSE
);
DBUG_PRINT
(
"info"
,(
"DES: checkpoint"
));
DBUG_PRINT
(
"info"
,(
"DES: string length='%d' versus '%d'"
,
res
->
length
(),
strlen
(
res
->
c_ptr
())));
DBUG_PRINT
(
"info"
,(
"DES: crypted data string='%s'"
,
tmp
));
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
++
i
)
{
str
->
append
(
tmp
[
i
]);
// str->append(bin_to_ascii(tmp[i] & 0x3f));
// str->append(bin_to_ascii((tmp[i] >> 5) & 0x3f));
str
->
set
((
const
char
*
)
0
,(
uint
)
0
);
if
(
mode
)
{
for
(
uint
i
=
0
;
i
<
res
->
length
()
;
i
+=
2
)
{
str
->
append
((
ascii_to_bin
(
res
->
c_ptr
()[
i
]))
|
(
ascii_to_bin
(
res
->
c_ptr
()[
i
+
1
])
<<
5
));
}
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
str
->
copy
();
DBUG_PRINT
(
"info"
,(
"DES: crypted data plain string='%s'"
,
str
->
c_ptr
()));
my_free
(
tmp
,
MYF
(
0
));
return
str
;
}
else
str
->
copy
(
res
->
c_ptr
());
// Real decryption
des_ede3_cbc_encrypt
(
(
const
uchar
*
)(
str
->
c_ptr
()),
(
uchar
*
)(
res
->
c_ptr
()),
str
->
length
(),
ks1
,
ks2
,
ks3
,
&
ivec
,
FALSE
);
uchar
tail
=
(
res
->
c_ptr
()[
str
->
length
()
-
1
])
&
0x7
;
res
->
length
(
str
->
length
()
-
tail
-
1
);
return
res
;
#else
null_value
=
1
;
return
0
;
...
...
@@ -331,7 +313,6 @@ String *Item_func_des_decrypt::val_str(String *str)
/*
** concat with separator. First arg is the separator
** concat_ws takes at least two arguments.
...
...
sql/item_strfunc.h
View file @
eae23d6b
...
...
@@ -228,8 +228,10 @@ class Item_func_des_encrypt :public Item_str_func
public:
Item_func_des_encrypt
(
Item
*
a
)
:
Item_str_func
(
a
)
{}
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_encrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
String
*
val_str
(
String
*
);
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
13
;
}
const
char
*
func_name
()
const
{
return
"des_encrypt"
;
}
};
class
Item_func_des_decrypt
:
public
Item_str_func
...
...
@@ -238,8 +240,10 @@ class Item_func_des_decrypt :public Item_str_func
public:
Item_func_des_decrypt
(
Item
*
a
)
:
Item_str_func
(
a
)
{}
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
)
:
Item_str_func
(
a
,
b
)
{}
Item_func_des_decrypt
(
Item
*
a
,
Item
*
b
,
Item
*
c
)
:
Item_str_func
(
a
,
b
,
c
)
{}
String
*
val_str
(
String
*
);
void
fix_length_and_dec
()
{
maybe_null
=
1
;
max_length
=
13
;
}
const
char
*
func_name
()
const
{
return
"des_decrypt"
;
}
};
class
Item_func_encrypt
:
public
Item_str_func
...
...
sql/sql_yacc.yy
View file @
eae23d6b
...
...
@@ -1612,8 +1612,12 @@ simple_expr:
{ $$= new Item_func_decode($3,$5.str); }
| ENCODE_SYM '(' expr ',' TEXT_STRING ')'
{ $$= new Item_func_encode($3,$5.str); }
| DES_ENCRYPT '(' expr ',' expr ')' { $$= new Item_func_des_encrypt($3,$5); }
| DES_DECRYPT '(' expr ',' expr ')' { $$= new Item_func_des_decrypt($3,$5); }
| DES_ENCRYPT '(' expr ')' { $$= new Item_func_des_encrypt($3); }
| DES_DECRYPT '(' expr ')' { $$= new Item_func_des_decrypt($3); }
| DES_ENCRYPT '(' expr ',' expr ')' { $$= new Item_func_des_encrypt($3,$5); }
| DES_DECRYPT '(' expr ',' expr ')' { $$= new Item_func_des_decrypt($3,$5); }
| DES_ENCRYPT '(' expr ',' expr ',' expr ')' { $$= new Item_func_des_encrypt($3,$5,$7); }
| DES_DECRYPT '(' expr ',' expr ',' expr ')' { $$= new Item_func_des_decrypt($3,$5,$7); }
| EXPORT_SET '(' expr ',' expr ',' expr ')'
{ $$= new Item_func_export_set($3, $5, $7); }
| EXPORT_SET '(' expr ',' expr ',' expr ',' expr ')'
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment