From 801e59c79ea4469e1dbccf208c4101c3287b184c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Mon, 15 Nov 2021 15:22:26 +0100 Subject: [PATCH 1/4] First commit to remove OpenSSL3 deprecated functions --- lib/MySQL_Protocol.cpp | 33 +++++++++++++++++++++++++++++++++ lib/ProxySQL_Admin.cpp | 9 +++++++++ 2 files changed, 42 insertions(+) diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index 756c28f970..241addf37a 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -144,6 +144,19 @@ void proxy_compute_sha1_hash_multi(uint8_t *digest, const char *buf1, int len1, SHA1_Update(&sha1_context, buf1, len1); SHA1_Update(&sha1_context, buf2, len2); SHA1_Final(digest, &sha1_context); + + uint8_t md[SHA_DIGEST_LENGTH]; + const EVP_MD *evp_digest = EVP_get_digestbyname("sha1"); + assert(evp_digest != NULL); + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + EVP_MD_CTX_init(ctx); + EVP_DigestInit_ex(ctx, evp_digest, NULL); + EVP_DigestUpdate(ctx, buf1, len1); + EVP_DigestUpdate(ctx, buf2, len2); + unsigned int olen = 0; + EVP_DigestFinal(ctx, md, &olen); + EVP_MD_CTX_free(ctx); + assert(memcmp(md, digest, SHA_DIGEST_LENGTH)==0); } void proxy_compute_sha1_hash(uint8_t *digest, const char *buf, int len) { @@ -153,6 +166,18 @@ void proxy_compute_sha1_hash(uint8_t *digest, const char *buf, int len) { SHA1_Init(&sha1_context); SHA1_Update(&sha1_context, buf, len); SHA1_Final(digest, &sha1_context); + + uint8_t md[SHA_DIGEST_LENGTH]; + const EVP_MD *evp_digest = EVP_get_digestbyname("sha1"); + assert(evp_digest != NULL); + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + EVP_MD_CTX_init(ctx); + EVP_DigestInit_ex(ctx, evp_digest, NULL); + EVP_DigestUpdate(ctx, buf, len); + unsigned int olen = 0; + EVP_DigestFinal(ctx, md, &olen); + EVP_MD_CTX_free(ctx); + assert(memcmp(md, digest, SHA_DIGEST_LENGTH)==0); } void proxy_compute_two_stage_sha1_hash(const char *password, size_t pass_len, uint8_t *hash_stage1, uint8_t *hash_stage2) { @@ -2128,6 +2153,14 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned SHA1_Init(&sha1_context); SHA1_Update(&sha1_context,hash_stage1,SHA_DIGEST_LENGTH); SHA1_Final(hash_stage2, &sha1_context); + + unsigned char md1_buf[SHA_DIGEST_LENGTH]; + unsigned char md2_buf[SHA_DIGEST_LENGTH]; + SHA1(pass,pass_len,md1_buf); + assert(memcmp(md1_buf,hash_stage1,SHA_DIGEST_LENGTH)==0); + SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); + assert(memcmp(md2_buf,hash_stage2,SHA_DIGEST_LENGTH)==0); + char *double_hashed_password = sha1_pass_hex((char *)hash_stage2); // note that sha1_pass_hex() returns a new buffer if (strcasecmp(double_hashed_password,password)==0) { diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index 1ef4cbf456..d3200e1b39 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -11150,6 +11150,15 @@ SQLite3_result* ProxySQL_Admin::__add_active_users( SHA1_Init(&sha1_context); SHA1_Update(&sha1_context,hash_stage1,SHA_DIGEST_LENGTH); SHA1_Final(hash_stage2, &sha1_context); + + unsigned char md1_buf[SHA_DIGEST_LENGTH]; + unsigned char md2_buf[SHA_DIGEST_LENGTH]; + SHA1((const unsigned char *)r->fields[1], strlen(r->fields[1]),md1_buf); + assert(memcmp(md1_buf,hash_stage1,SHA_DIGEST_LENGTH)==0); + SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); + assert(memcmp(md2_buf,hash_stage2,SHA_DIGEST_LENGTH)==0); + + password=sha1_pass_hex((char *)hash_stage2); // note that sha1_pass_hex() returns a new buffer } } else { From a31f83473db92540ebd4f84d681278eebf82e192 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Sun, 7 May 2023 11:25:19 +0000 Subject: [PATCH 2/4] Fix several warnings --- include/MySQL_Thread.h | 2 +- include/proxysql_glovars.hpp | 11 +++++--- lib/MySQL_HostGroups_Manager.cpp | 4 +-- lib/MySQL_Protocol.cpp | 44 +++++++++++++++++--------------- lib/MySQL_Session.cpp | 2 +- lib/ProxySQL_Admin.cpp | 23 +++++++++-------- src/proxy_tls.cpp | 20 --------------- 7 files changed, 46 insertions(+), 60 deletions(-) diff --git a/include/MySQL_Thread.h b/include/MySQL_Thread.h index 0eb8437d09..c64a25ff7f 100644 --- a/include/MySQL_Thread.h +++ b/include/MySQL_Thread.h @@ -122,7 +122,7 @@ enum MySQL_Thread_status_variable { st_var_END }; -class MySQL_Thread +class __attribute__((aligned(64))) MySQL_Thread { private: unsigned int servers_table_version_previous; diff --git a/include/proxysql_glovars.hpp b/include/proxysql_glovars.hpp index 70d02cafd9..8a0dbe02c6 100644 --- a/include/proxysql_glovars.hpp +++ b/include/proxysql_glovars.hpp @@ -26,6 +26,9 @@ inline void replace_checksum_zeros(char* checksum) { } } +#ifndef ProxySQL_Checksum_Value_LENGTH +#define ProxySQL_Checksum_Value_LENGTH 20 +#endif class ProxySQL_Checksum_Value { public: char *checksum; @@ -33,15 +36,15 @@ class ProxySQL_Checksum_Value { unsigned long long epoch; bool in_shutdown; ProxySQL_Checksum_Value() { - checksum = (char *)malloc(20); - memset(checksum,0,20); + checksum = (char *)malloc(ProxySQL_Checksum_Value_LENGTH); + memset(checksum,0,ProxySQL_Checksum_Value_LENGTH); version = 0; epoch = 0; in_shutdown = false; } void set_checksum(char *c) { - memset(checksum,0,20); - strncpy(checksum,c,18); + memset(checksum,0,ProxySQL_Checksum_Value_LENGTH); + strncpy(checksum,c,ProxySQL_Checksum_Value_LENGTH); replace_checksum_zeros(checksum); } ~ProxySQL_Checksum_Value() { diff --git a/lib/MySQL_HostGroups_Manager.cpp b/lib/MySQL_HostGroups_Manager.cpp index 3cbe229e30..38e2e52bd2 100644 --- a/lib/MySQL_HostGroups_Manager.cpp +++ b/lib/MySQL_HostGroups_Manager.cpp @@ -1863,7 +1863,7 @@ bool MySQL_HostGroups_Manager::commit( { uint64_t hash1 = 0, hash2 = 0; SpookyHash myhash; - char buf[80]; + char buf[ProxySQL_Checksum_Value_LENGTH]; bool init = false; { mydb->execute("DELETE FROM mysql_servers"); @@ -4762,7 +4762,7 @@ void MySQL_HostGroups_Manager::read_only_action_v2(const std::listsess, user, session_type); + unsigned char md1_buf[SHA_DIGEST_LENGTH]; + unsigned char md2_buf[SHA_DIGEST_LENGTH]; + SHA1(pass,pass_len,md1_buf); + SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); + +#ifdef DEBUG // FIXME: remove this in future release uint8_t hash_stage1[SHA_DIGEST_LENGTH]; uint8_t hash_stage2[SHA_DIGEST_LENGTH]; SHA_CTX sha1_context; @@ -2153,25 +2159,21 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned SHA1_Init(&sha1_context); SHA1_Update(&sha1_context,hash_stage1,SHA_DIGEST_LENGTH); SHA1_Final(hash_stage2, &sha1_context); - - unsigned char md1_buf[SHA_DIGEST_LENGTH]; - unsigned char md2_buf[SHA_DIGEST_LENGTH]; - SHA1(pass,pass_len,md1_buf); assert(memcmp(md1_buf,hash_stage1,SHA_DIGEST_LENGTH)==0); - SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); assert(memcmp(md2_buf,hash_stage2,SHA_DIGEST_LENGTH)==0); +#endif - char *double_hashed_password = sha1_pass_hex((char *)hash_stage2); // note that sha1_pass_hex() returns a new buffer + char *double_hashed_password = sha1_pass_hex((char *)md2_buf); // note that sha1_pass_hex() returns a new buffer if (strcasecmp(double_hashed_password,password)==0) { ret = true; if (sha1_pass==NULL) { // currently proxysql doesn't know any sha1_pass for that specific user, let's set it! - GloMyAuth->set_SHA1((char *)user, USERNAME_FRONTEND,hash_stage1); + GloMyAuth->set_SHA1((char *)user, USERNAME_FRONTEND,md1_buf); } if (userinfo->sha1_pass) free(userinfo->sha1_pass); - userinfo->sha1_pass=sha1_pass_hex((char *)hash_stage1); + userinfo->sha1_pass=sha1_pass_hex((char *)md1_buf); } else { ret = false; } diff --git a/lib/MySQL_Session.cpp b/lib/MySQL_Session.cpp index 7c79886589..613451adcc 100644 --- a/lib/MySQL_Session.cpp +++ b/lib/MySQL_Session.cpp @@ -6436,7 +6436,7 @@ bool MySQL_Session::handler___status_WAITING_CLIENT_DATA___STATE_SLEEP___MYSQL_C // try case listed in #1373 // SET @@SESSION.sql_mode = CONCAT(CONCAT(@@sql_mode, ',STRICT_ALL_TABLES'), ',NO_AUTO_VALUE_ON_ZERO'), @@SESSION.sql_auto_is_null = 0, @@SESSION.wait_timeout = 2147483 // this is not a complete solution. A right solution involves true parsing - int query_no_space_length = nq.length(); + size_t query_no_space_length = nq.length(); char *query_no_space=(char *)malloc(query_no_space_length+1); memcpy(query_no_space,nq.c_str(),query_no_space_length); query_no_space[query_no_space_length]='\0'; diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index d3200e1b39..e4dc815fe1 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -3682,7 +3682,7 @@ void admin_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *pkt) { if (!strncasecmp("LOGENTRY ", query_no_space, strlen("LOGENTRY "))) { proxy_debug(PROXY_DEBUG_ADMIN, 4, "Received command LOGENTRY: %s\n", query_no_space + strlen("LOGENTRY ")); proxy_info("Received command LOGENTRY: %s\n", query_no_space + strlen("LOGENTRY ")); - SPA->send_MySQL_OK(&sess->client_myds->myprot, NULL, NULL); + SPA->send_MySQL_OK(&sess->client_myds->myprot, NULL, 0); run_query=false; goto __run_query; } @@ -7468,7 +7468,7 @@ bool ProxySQL_Admin::ProxySQL_Test___Verify_mysql_query_rules_fast_routing( vector th_hashmaps {}; if (maps_per_thread) { - for (uint32_t i = 0; i < ths; i++) { + for (int i = 0; i < ths; i++) { th_hashmaps.push_back(GloQPro->create_fast_routing_hashmap(resultset2)); } } @@ -7505,7 +7505,7 @@ bool ProxySQL_Admin::ProxySQL_Test___Verify_mysql_query_rules_fast_routing( unsigned long long curtime1 = monotonic_time() / 1000; std::vector workers {}; - for (uint32_t i = 0; i < ths; i++) { + for (int i = 0; i < ths; i++) { khash_t(khStrInt)* hashmap = maps_per_thread ? th_hashmaps[i].rules_fast_routing : nullptr; workers.push_back(std::thread(perform_searches, hashmap, resultset, i, lock)); } @@ -7525,7 +7525,7 @@ bool ProxySQL_Admin::ProxySQL_Test___Verify_mysql_query_rules_fast_routing( for (int i=1 ; i < cnt; i++) { std::vector workers {}; - for (uint32_t i = 0; i < ths; i++) { + for (int i = 0; i < ths; i++) { khash_t(khStrInt)* hashmap = maps_per_thread ? th_hashmaps[i].rules_fast_routing : nullptr; workers.push_back(std::thread(perform_searches, hashmap, resultset, i, lock)); } @@ -11141,6 +11141,12 @@ SQLite3_result* ProxySQL_Admin::__add_active_users( if (r->fields[1][0]=='*') { // the password is already hashed password=strdup(r->fields[1]); } else { // we must hash it + unsigned char md1_buf[SHA_DIGEST_LENGTH]; + unsigned char md2_buf[SHA_DIGEST_LENGTH]; + SHA1((const unsigned char *)r->fields[1], strlen(r->fields[1]),md1_buf); + SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); + +#ifdef DEBUG // FIXME: remove this in future release uint8 hash_stage1[SHA_DIGEST_LENGTH]; uint8 hash_stage2[SHA_DIGEST_LENGTH]; SHA_CTX sha1_context; @@ -11150,16 +11156,11 @@ SQLite3_result* ProxySQL_Admin::__add_active_users( SHA1_Init(&sha1_context); SHA1_Update(&sha1_context,hash_stage1,SHA_DIGEST_LENGTH); SHA1_Final(hash_stage2, &sha1_context); - - unsigned char md1_buf[SHA_DIGEST_LENGTH]; - unsigned char md2_buf[SHA_DIGEST_LENGTH]; - SHA1((const unsigned char *)r->fields[1], strlen(r->fields[1]),md1_buf); assert(memcmp(md1_buf,hash_stage1,SHA_DIGEST_LENGTH)==0); - SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); assert(memcmp(md2_buf,hash_stage2,SHA_DIGEST_LENGTH)==0); +#endif - - password=sha1_pass_hex((char *)hash_stage2); // note that sha1_pass_hex() returns a new buffer + password=sha1_pass_hex((char *)md2_buf); // note that sha1_pass_hex() returns a new buffer } } else { password=strdup((char *)""); // we also generate a new string if hash_passwords is set diff --git a/src/proxy_tls.cpp b/src/proxy_tls.cpp index 44143b01cb..d43f25f8c1 100644 --- a/src/proxy_tls.cpp +++ b/src/proxy_tls.cpp @@ -1,25 +1,5 @@ -//#include -//#include #include "proxysql.h" - -//#include -//#include - #include "cpp.h" - -//#include "ProxySQL_Statistics.hpp" -//#include "MySQL_PreparedStatement.h" -//#include "ProxySQL_Cluster.hpp" -//#include "MySQL_Logger.hpp" -//#include "SQLite3_Server.h" -//#include "query_processor.h" -//#include "MySQL_Authentication.hpp" -//#include "MySQL_LDAP_Authentication.hpp" -//#include "proxysql_restapi.h" -//#include "Web_Interface.hpp" - - - #include static long From d8a7e99bc33cbf5255792e7caddf9e7a3a06edec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Mon, 8 May 2023 06:08:05 +0000 Subject: [PATCH 3/4] Removed code deprecated in previous commit --- lib/MySQL_Protocol.cpp | 29 ----------------------------- lib/ProxySQL_Admin.cpp | 14 -------------- 2 files changed, 43 deletions(-) diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index 8fe60c9ec8..40bdc9e420 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -149,14 +149,6 @@ void proxy_compute_sha1_hash_multi(uint8_t *digest, const char *buf1, int len1, unsigned int olen = 0; EVP_DigestFinal(ctx, md, &olen); EVP_MD_CTX_free(ctx); -#ifdef DEBUG // FIXME: remove this in future release - SHA_CTX sha1_context; - SHA1_Init(&sha1_context); - SHA1_Update(&sha1_context, buf1, len1); - SHA1_Update(&sha1_context, buf2, len2); - SHA1_Final(digest, &sha1_context); - assert(memcmp(md, digest, SHA_DIGEST_LENGTH)==0); -#endif } void proxy_compute_sha1_hash(uint8_t *digest, const char *buf, int len) { @@ -171,13 +163,6 @@ void proxy_compute_sha1_hash(uint8_t *digest, const char *buf, int len) { unsigned int olen = 0; EVP_DigestFinal(ctx, md, &olen); EVP_MD_CTX_free(ctx); -#ifdef DEBUG // FIXME: remove this in future release - SHA_CTX sha1_context; - SHA1_Init(&sha1_context); - SHA1_Update(&sha1_context, buf, len); - SHA1_Final(digest, &sha1_context); - assert(memcmp(md, digest, SHA_DIGEST_LENGTH)==0); -#endif } void proxy_compute_two_stage_sha1_hash(const char *password, size_t pass_len, uint8_t *hash_stage1, uint8_t *hash_stage2) { @@ -2149,20 +2134,6 @@ bool MySQL_Protocol::process_pkt_handshake_response(unsigned char *pkt, unsigned SHA1(pass,pass_len,md1_buf); SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); -#ifdef DEBUG // FIXME: remove this in future release - uint8_t hash_stage1[SHA_DIGEST_LENGTH]; - uint8_t hash_stage2[SHA_DIGEST_LENGTH]; - SHA_CTX sha1_context; - SHA1_Init(&sha1_context); - SHA1_Update(&sha1_context, pass, pass_len); - SHA1_Final(hash_stage1, &sha1_context); - SHA1_Init(&sha1_context); - SHA1_Update(&sha1_context,hash_stage1,SHA_DIGEST_LENGTH); - SHA1_Final(hash_stage2, &sha1_context); - assert(memcmp(md1_buf,hash_stage1,SHA_DIGEST_LENGTH)==0); - assert(memcmp(md2_buf,hash_stage2,SHA_DIGEST_LENGTH)==0); -#endif - char *double_hashed_password = sha1_pass_hex((char *)md2_buf); // note that sha1_pass_hex() returns a new buffer if (strcasecmp(double_hashed_password,password)==0) { diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index e4dc815fe1..0f72c3e5b0 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -11146,20 +11146,6 @@ SQLite3_result* ProxySQL_Admin::__add_active_users( SHA1((const unsigned char *)r->fields[1], strlen(r->fields[1]),md1_buf); SHA1(md1_buf,SHA_DIGEST_LENGTH,md2_buf); -#ifdef DEBUG // FIXME: remove this in future release - uint8 hash_stage1[SHA_DIGEST_LENGTH]; - uint8 hash_stage2[SHA_DIGEST_LENGTH]; - SHA_CTX sha1_context; - SHA1_Init(&sha1_context); - SHA1_Update(&sha1_context, r->fields[1], strlen(r->fields[1])); - SHA1_Final(hash_stage1, &sha1_context); - SHA1_Init(&sha1_context); - SHA1_Update(&sha1_context,hash_stage1,SHA_DIGEST_LENGTH); - SHA1_Final(hash_stage2, &sha1_context); - assert(memcmp(md1_buf,hash_stage1,SHA_DIGEST_LENGTH)==0); - assert(memcmp(md2_buf,hash_stage2,SHA_DIGEST_LENGTH)==0); -#endif - password=sha1_pass_hex((char *)md2_buf); // note that sha1_pass_hex() returns a new buffer } } else { From 65f7e20eae0f716bf2bfc4b4b498f7f83f6cf234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Canna=C3=B2?= Date: Mon, 8 May 2023 07:34:43 +0000 Subject: [PATCH 4/4] Fixed mistake introduced in the previous commit --- lib/MySQL_Protocol.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/MySQL_Protocol.cpp b/lib/MySQL_Protocol.cpp index 40bdc9e420..00aac86d4d 100644 --- a/lib/MySQL_Protocol.cpp +++ b/lib/MySQL_Protocol.cpp @@ -138,7 +138,6 @@ static inline int write_encoded_length_and_string(unsigned char *p, uint64_t val void proxy_compute_sha1_hash_multi(uint8_t *digest, const char *buf1, int len1, const char *buf2, int len2) { PROXY_TRACE(); - uint8_t md[SHA_DIGEST_LENGTH]; const EVP_MD *evp_digest = EVP_get_digestbyname("sha1"); assert(evp_digest != NULL); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); @@ -147,13 +146,12 @@ void proxy_compute_sha1_hash_multi(uint8_t *digest, const char *buf1, int len1, EVP_DigestUpdate(ctx, buf1, len1); EVP_DigestUpdate(ctx, buf2, len2); unsigned int olen = 0; - EVP_DigestFinal(ctx, md, &olen); + EVP_DigestFinal(ctx, digest, &olen); EVP_MD_CTX_free(ctx); } void proxy_compute_sha1_hash(uint8_t *digest, const char *buf, int len) { PROXY_TRACE(); - uint8_t md[SHA_DIGEST_LENGTH]; const EVP_MD *evp_digest = EVP_get_digestbyname("sha1"); assert(evp_digest != NULL); EVP_MD_CTX *ctx = EVP_MD_CTX_new(); @@ -161,7 +159,7 @@ void proxy_compute_sha1_hash(uint8_t *digest, const char *buf, int len) { EVP_DigestInit_ex(ctx, evp_digest, NULL); EVP_DigestUpdate(ctx, buf, len); unsigned int olen = 0; - EVP_DigestFinal(ctx, md, &olen); + EVP_DigestFinal(ctx, digest, &olen); EVP_MD_CTX_free(ctx); }