MySQL Bugs: #13174: Patch: SHA2 function

Bug #13174	Patch: SHA2 function
Submitted:	14 Sep 2005 11:21	Modified:	2 Jun 2010 15:46
Reporter:	Ariel Kass	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server	Severity:	S4 (Feature request)
Version:	6.0	OS:	Any
Assigned to:	Konstantin Osipov	CPU Architecture:	Any
Tags:	Contribution

Description:
In the above documentation, it is recommended to use MD5 ans SHA1 encryption algorithms. What are the new solutions planned by the MySQL group, now that the above algorithms have been compromised? It is well known that it has now been made available more secure versions of the above alogrithms using 256 and 512 bits instead of 128.

For more info:
http://www.antsight.com/zsl/rainbowcrack/
http://passcracking.com/
http://eprint.iacr.org/2004/356.pdf
http://www.doxpara.com/md5_someday.pdf
http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new-2-yao.pdf
http://www.win.tue.nl/~bdeweger/CollidingCertificates/CollidingCertificates.pdf
http://www.darksideprogramming.org/archives/2005/09/some_posts_on_m.html
http://www.darksideprogramming.org/archives/criptography/index.html
http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html#trackbacks

How to repeat:
Use any of the above links

Suggested fix:
Convert to algorithms using more bits or choose better algorithms altogether such as WHIRLPOOL (http://en.wikipedia.org/wiki/WHIRLPOOL), RIPEMD (http://en.wikipedia.org/wiki/RIPEMD-160) or SHA-2

We need to document this. I will add the new functions to the roadmap to do.

I have modified the encryption functions section to point out
that MD5 and SHA-1 have been compromised. I have left this
report as Verified and have unassigned myself from it so that
it can be reassigned to a developer to implement stronger
versions of the algorithms.

Changing category to Server.

http://csrc.nist.gov/CryptoToolkit/tkhash.html states:
"March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010."

So you have a time limit to implement some SHA-2 function in MySQL.  ;-)

Also see http://en.wikipedia.org/wiki/SHA for description of the algorithms, including pseudocode for SHA-256.

See also other hashing algorithms currently considered secure:
http://en.wikipedia.org/wiki/WHIRLPOOL (recommended by European NESSIE project)
http://en.wikipedia.org/wiki/RIPEMD-160

I have implemented a built-in function for MySQL 5.1.12:

  SHA2(string, hashbits)

Argument `string` is any string expression.
Argument `hashbits` is 224, 256, 384, or 512.

I'm testing this against the FIPS test cases for SHA-2, and it seems to give the correct results.

Unlike the implementation of SHA-1 and MD5 in the MySQL source, I did not implement the hash digest algorithm natively.  My function calls into the hash digest functions in the openssl library, if MySQL is built with "--with-openssl".  This is similar to the way the DES encryption and decryption functions are currently implemented.

I'd be glad to contribute the diffs for this patch.

Thank you for your contribution patch.

Still trying to find out if Bill actually contributed a patch yet - according to his Blog at http://karwin.blogspot.com/2006/09/working-on-sha-2.html he has one ready.

I have posted my patch.  I tested it against a source snapshot for MySQL 5.0.33.

The patch is at http://www.karwin.com/sha2.patch.gz

It includes a set of tests for SHA-1 and SHA-2 digest algorithms, according to the sample test vectors in the NIST Secure Hash Standard (http://csrc.nist.gov/cryptval/shs.htm).

Sent review to internals@. http://lists.mysql.com/internals/34381 

Awaiting update.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/31896

ChangeSet@1.2550, 2007-07-31 08:56:25-04:00, cmiller@zippy.cornsilk.net +13 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Also, encode explicitly the current (probably) accidental behavior
  of embedded server and SSL-dependent functions.
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.

Should these functions be available in the embedded server, libmysqld, also?  I don't feel comfortable adding new requirements (libssl) for building and linking our embedded server, so I can't answer.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39128

ChangeSet@1.2703, 2007-12-03 12:39:58-05:00, cmiller@zippy.cornsilk.net +34 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Chad added code to make it work with YaSSL.  Also, he removed the 
  (probable) bug of embedded server never using SSL-dependent 
  functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.

Review on commits@ list.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39485

ChangeSet@1.2703, 2007-12-06 22:14:28-05:00, cmiller@zippy.cornsilk.net +40 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Chad added code to make it work with YaSSL.  Also, he removed the 
  (probable) bug of embedded server never using SSL-dependent 
  functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.
  ---
  Polish and address concerns of reviewers.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39533

ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Chad added code to make it work with YaSSL.  Also, he removed the 
  (probable) bug of embedded server never using SSL-dependent 
  functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.
  ---
  Polish and address concerns of reviewers.

Pushed into 6.0.5-alpha

Noted in 6.0.5 changelog, and added to the encryption functions section.

This is not in 5.5, reopening to back-port.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105551

3013 Alexander Nozdrin	2010-04-13
      Post-fix for Bug#13174.

Pushed into 6.0.14-alpha (revid:alik@sun.com-20100427094135-5s49ecp3ckson6e2) (version source revid:alik@sun.com-20100427093843-uekr85qkd7orx12t) (merge vers: 6.0.14-alpha) (pib:16)

Pushed into 5.5.5-m3 (revid:alik@sun.com-20100427093804-a2k3rrjpwu5jegu8) (version source revid:alik@sun.com-20100427093804-a2k3rrjpwu5jegu8) (merge vers: 5.5.5-m3) (pib:16)

Pushed into mysql-next-mr (revid:alik@sun.com-20100427094036-38frbg3famdlvjup) (version source revid:alik@sun.com-20100427093825-92wc8b22d4yg34ju) (pib:16)

Version and Target Version for this bug should be updated to 5.5.

Documentation at http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html should be updated to include SHA2 function.  I'd be happy to draft a paragraph of doc and contribute it.

Noted in 5.5.5 changelog. Also updated functions chapter.

Please document this in 5.5 manual.

Already done.