Bug #13174 Patch: SHA2 function
Submitted: 14 Sep 2005 11:21 Modified: 2 Jun 2010 15:46
Reporter: Ariel Kass Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S4 (Feature request)
Version:6.0 OS:Any
Assigned to: Konstantin Osipov CPU Architecture:Any
Tags: Contribution
Triage: D5 (Feature request)

[14 Sep 2005 11:21] Ariel Kass
Description:
In the above documentation, it is recommended to use MD5 ans SHA1 encryption algorithms. What are the new solutions planned by the MySQL group, now that the above algorithms have been compromised? It is well known that it has now been made available more secure versions of the above alogrithms using 256 and 512 bits instead of 128.

For more info:
http://www.antsight.com/zsl/rainbowcrack/
http://passcracking.com/
http://eprint.iacr.org/2004/356.pdf
http://www.doxpara.com/md5_someday.pdf
http://www.infosec.sdu.edu.cn/paper/sha1-crypto-auth-new-2-yao.pdf
http://www.win.tue.nl/~bdeweger/CollidingCertificates/CollidingCertificates.pdf
http://www.darksideprogramming.org/archives/2005/09/some_posts_on_m.html
http://www.darksideprogramming.org/archives/criptography/index.html
http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html#trackbacks

How to repeat:
Use any of the above links

Suggested fix:
Convert to algorithms using more bits or choose better algorithms altogether such as WHIRLPOOL (http://en.wikipedia.org/wiki/WHIRLPOOL), RIPEMD (http://en.wikipedia.org/wiki/RIPEMD-160) or SHA-2
[16 Sep 2005 22:55] Brian Aker
We need to document this. I will add the new functions to the roadmap to do.
[21 Jan 2006 0:51] Paul Dubois
I have modified the encryption functions section to point out
that MD5 and SHA-1 have been compromised. I have left this
report as Verified and have unassigned myself from it so that
it can be reassigned to a developer to implement stronger
versions of the algorithms.
[25 Jan 2006 20:06] Paul Dubois
Changing category to Server.
[30 Jul 2006 2:00] Bill Karwin
http://csrc.nist.gov/CryptoToolkit/tkhash.html states:
"March 15, 2006: The SHA-2 family of hash functions (i.e., SHA-224, SHA-256, SHA-384 and SHA-512) may be used by Federal agencies for all applications using secure hash algorithms. Federal agencies should stop using SHA-1 for digital signatures, digital time stamping and other applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010."

So you have a time limit to implement some SHA-2 function in MySQL.  ;-)

Also see http://en.wikipedia.org/wiki/SHA for description of the algorithms, including pseudocode for SHA-256.

See also other hashing algorithms currently considered secure:
http://en.wikipedia.org/wiki/WHIRLPOOL (recommended by European NESSIE project)
http://en.wikipedia.org/wiki/RIPEMD-160
[22 Sep 2006 0:43] Bill Karwin
I have implemented a built-in function for MySQL 5.1.12:

  SHA2(string, hashbits)

Argument `string` is any string expression.
Argument `hashbits` is 224, 256, 384, or 512.

I'm testing this against the FIPS test cases for SHA-2, and it seems to give the correct results.

Unlike the implementation of SHA-1 and MD5 in the MySQL source, I did not implement the hash digest algorithm natively.  My function calls into the hash digest functions in the openssl library, if MySQL is built with "--with-openssl".  This is similar to the way the DES encryption and decryption functions are currently implemented.

I'd be glad to contribute the diffs for this patch.
[5 Dec 2006 19:38] Godofredo Miguel Solorzano
Thank you for your contribution patch.
[5 Dec 2006 21:25] Lenz Grimmer
Still trying to find out if Bill actually contributed a patch yet - according to his Blog at http://karwin.blogspot.com/2006/09/working-on-sha-2.html he has one ready.
[5 Feb 2007 17:42] Bill Karwin
I have posted my patch.  I tested it against a source snapshot for MySQL 5.0.33.

The patch is at http://www.karwin.com/sha2.patch.gz

It includes a set of tests for SHA-1 and SHA-2 digest algorithms, according to the sample test vectors in the NIST Secure Hash Standard (http://csrc.nist.gov/cryptval/shs.htm).
[9 Mar 2007 17:43] Chad MILLER
Sent review to internals@. http://lists.mysql.com/internals/34381 

Awaiting update.
[31 Jul 2007 12:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/31896

ChangeSet@1.2550, 2007-07-31 08:56:25-04:00, cmiller@zippy.cornsilk.net +13 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Also, encode explicitly the current (probably) accidental behavior
  of embedded server and SSL-dependent functions.
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.
[31 Aug 2007 19:42] Chad MILLER
Should these functions be available in the embedded server, libmysqld, also?  I don't feel comfortable adding new requirements (libssl) for building and linking our embedded server, so I can't answer.
[3 Dec 2007 17:40] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39128

ChangeSet@1.2703, 2007-12-03 12:39:58-05:00, cmiller@zippy.cornsilk.net +34 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Chad added code to make it work with YaSSL.  Also, he removed the 
  (probable) bug of embedded server never using SSL-dependent 
  functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.
[5 Dec 2007 5:10] Timothy Smith
Review on commits@ list.
[7 Dec 2007 3:15] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39485

ChangeSet@1.2703, 2007-12-06 22:14:28-05:00, cmiller@zippy.cornsilk.net +40 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Chad added code to make it work with YaSSL.  Also, he removed the 
  (probable) bug of embedded server never using SSL-dependent 
  functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.
  ---
  Polish and address concerns of reviewers.
[7 Dec 2007 14:36] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/39533

ChangeSet@1.2703, 2007-12-07 09:35:28-05:00, cmiller@zippy.cornsilk.net +40 -0
  Bug#13174: SHA2 function
  Patch contributed from Bill Karwin, paper unnumbered CLA in Seattle
  
  Implement SHA2 functions.
  
  Chad added code to make it work with YaSSL.  Also, he removed the 
  (probable) bug of embedded server never using SSL-dependent 
  functions.  (libmysqld/Makefile.am didn't read ANY autoconf defs.)
  
  Function specification:
    SHA2( string cleartext, integer hash_length ) 
      -> string hash, or NULL
  where hash_length is one of 224, 256, 384, or 512.  If either is 
  NULL or a length is unsupported, then the result is NULL.  The 
  resulting string is always the length of the hash_length parameter
  or is NULL.
  
  Include the canonical hash examples from the NIST in the test
  results.
  ---
  Polish and address concerns of reviewers.
[11 Dec 2007 14:51] Bugs System
Pushed into 6.0.5-alpha
[12 Dec 2007 21:52] Paul Dubois
Noted in 6.0.5 changelog, and added to the encryption functions section.
[12 Apr 2010 18:37] Konstantin Osipov
This is not in 5.5, reopening to back-port.
[13 Apr 2010 16:11] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/105551

3013 Alexander Nozdrin	2010-04-13
      Post-fix for Bug#13174.
[27 Apr 2010 9:46] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100427094135-5s49ecp3ckson6e2) (version source revid:alik@sun.com-20100427093843-uekr85qkd7orx12t) (merge vers: 6.0.14-alpha) (pib:16)
[27 Apr 2010 9:48] Bugs System
Pushed into 5.5.5-m3 (revid:alik@sun.com-20100427093804-a2k3rrjpwu5jegu8) (version source revid:alik@sun.com-20100427093804-a2k3rrjpwu5jegu8) (merge vers: 5.5.5-m3) (pib:16)
[27 Apr 2010 9:51] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100427094036-38frbg3famdlvjup) (version source revid:alik@sun.com-20100427093825-92wc8b22d4yg34ju) (pib:16)
[1 Jun 2010 21:31] Bill Karwin
Version and Target Version for this bug should be updated to 5.5.

Documentation at http://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html should be updated to include SHA2 function.  I'd be happy to draft a paragraph of doc and contribute it.
[2 Jun 2010 14:09] Paul Dubois
Noted in 5.5.5 changelog. Also updated functions chapter.
[2 Jun 2010 15:45] Konstantin Osipov
Please document this in 5.5 manual.
[2 Jun 2010 15:46] Konstantin Osipov
Already done.