From 4b1e94bccce482e979f1f337ba66d8c8a982ee84 Mon Sep 17 00:00:00 2001 From: Georg Richter Date: Wed, 16 Mar 2016 18:20:08 +0100 Subject: [PATCH] Since we use TLS and not SSL functions and structures were renamed from SSL to TLS --- include/ma_common.h | 9 +- include/ma_pvio.h | 6 +- include/{ma_ssl.h => ma_tls.h} | 98 ++-- include/mariadb_async.h | 4 +- include/mysql.h | 19 +- libmariadb/CMakeLists.txt | 2 +- libmariadb/ma_dtoa.c | 861 ------------------------------ libmariadb/ma_pvio.c | 34 +- libmariadb/{ma_ssl.c => ma_tls.c} | 60 +-- libmariadb/mariadb_lib.c | 63 ++- libmariadb/secure/gnutls.c | 90 ++-- libmariadb/secure/ma_schannel.c | 30 +- libmariadb/secure/ma_schannel.h | 3 +- libmariadb/secure/openssl.c | 138 ++--- libmariadb/secure/schannel.c | 78 +-- plugins/auth/my_auth.c | 4 +- unittest/libmariadb/connection.c | 2 +- unittest/libmariadb/ssl.c.in | 10 +- 18 files changed, 329 insertions(+), 1182 deletions(-) rename include/{ma_ssl.h => ma_tls.h} (54%) rename libmariadb/{ma_ssl.c => ma_tls.c} (71%) diff --git a/include/ma_common.h b/include/ma_common.h index ebceedbf..6aed2c13 100644 --- a/include/ma_common.h +++ b/include/ma_common.h @@ -49,13 +49,14 @@ struct st_mysql_options_extension { const char *proc_info, unsigned int proc_info_length); MARIADB_DB_DRIVER *db_driver; - char *ssl_fp; /* finger print of server certificate */ - char *ssl_fp_list; /* white list of finger prints */ - char *ssl_pw; /* password for encrypted certificates */ + char *tls_fp; /* finger print of server certificate */ + char *tls_fp_list; /* white list of finger prints */ + char *tls_pw; /* password for encrypted certificates */ my_bool multi_command; /* indicates if client wants to send multiple commands in one packet */ char *url; /* for connection handler we need to save URL for reconnect */ - unsigned int ssl_cipher_strength; + unsigned int tls_cipher_strength; + char *tls_version; my_bool read_only; char *connection_handler; my_bool (*set_option)(MYSQL *mysql, const char *config_option, const char *config_value); diff --git a/include/ma_pvio.h b/include/ma_pvio.h index 4848bebf..758fd706 100644 --- a/include/ma_pvio.h +++ b/include/ma_pvio.h @@ -3,9 +3,9 @@ #define cio_defined #ifdef HAVE_SSL -#include +#include #else -#define MARIADB_SSL void +#define MARIADB_TLS void #endif #define PVIO_SET_ERROR if (pvio->set_error) \ @@ -78,7 +78,7 @@ struct st_ma_pvio { enum enum_pvio_type type; int timeout[3]; int ssl_type; /* todo: change to enum (ssl plugins) */ - MARIADB_SSL *cssl; + MARIADB_TLS *ctls; MYSQL *mysql; struct mysql_async_context *async_context; /* For non-blocking API */ PVIO_METHODS *methods; diff --git a/include/ma_ssl.h b/include/ma_tls.h similarity index 54% rename from include/ma_ssl.h rename to include/ma_tls.h index b227ac5e..c03d5ce1 100644 --- a/include/ma_ssl.h +++ b/include/ma_tls.h @@ -1,7 +1,7 @@ -#ifndef _ma_ssl_h_ -#define _ma_ssl_h_ +#ifndef _ma_tls_h_ +#define _ma_tls_h_ -enum enum_pvio_ssl_type { +enum enum_pvio_tls_type { SSL_TYPE_DEFAULT=0, #ifdef _WIN32 SSL_TYPE_SCHANNEL, @@ -10,11 +10,11 @@ enum enum_pvio_ssl_type { SSL_TYPE_GNUTLS }; -typedef struct st_ma_pvio_ssl { +typedef struct st_ma_pvio_tls { void *data; MARIADB_PVIO *pvio; void *ssl; -} MARIADB_SSL; +} MARIADB_TLS; struct st_ssl_version { unsigned int iversion; @@ -23,7 +23,7 @@ struct st_ssl_version { /* Function prototypes */ -/* ma_ssl_start +/* ma_tls_start initializes the ssl library Parameter: errmsg pointer to error message buffer @@ -32,17 +32,17 @@ struct st_ssl_version { 0 success 1 if an error occured Notes: - On success the global variable ma_ssl_initialized will be set to 1 + On success the global variable ma_tls_initialized will be set to 1 */ -int ma_ssl_start(char *errmsg, size_t errmsg_len); +int ma_tls_start(char *errmsg, size_t errmsg_len); -/* ma_ssl_end +/* ma_tls_end unloads/deinitializes ssl library and unsets global variable - ma_ssl_initialized + ma_tls_initialized */ -void ma_ssl_end(void); +void ma_tls_end(void); -/* ma_ssl_init +/* ma_tls_init creates a new SSL structure for a SSL connection and loads client certificates @@ -51,106 +51,106 @@ void ma_ssl_end(void); Returns: void * a pointer to internal SSL structure */ -void * ma_ssl_init(MYSQL *mysql); +void * ma_tls_init(MYSQL *mysql); -/* ma_ssl_connect +/* ma_tls_connect performs SSL handshake Parameters: - MARIADB_SSL MariaDB SSL container + MARIADB_TLS MariaDB SSL container Returns: 0 success 1 error */ -my_bool ma_ssl_connect(MARIADB_SSL *cssl); +my_bool ma_tls_connect(MARIADB_TLS *ctls); -/* ma_ssl_read +/* ma_tls_read reads up to length bytes from socket Parameters: - cssl MariaDB SSL container + ctls MariaDB SSL container buffer read buffer length buffer length Returns: 0-n bytes read -1 if an error occured */ -size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length); +size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length); -/* ma_ssl_write +/* ma_tls_write write buffer to socket Parameters: - cssl MariaDB SSL container + ctls MariaDB SSL container buffer write buffer length buffer length Returns: 0-n bytes written -1 if an error occured */ -size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length); +size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length); -/* ma_ssl_close +/* ma_tls_close closes SSL connection and frees SSL structure which was previously - created by ma_ssl_init call + created by ma_tls_init call Parameters: - MARIADB_SSL MariaDB SSL container + MARIADB_TLS MariaDB SSL container Returns: 0 success 1 error */ -my_bool ma_ssl_close(MARIADB_SSL *cssl); +my_bool ma_tls_close(MARIADB_TLS *ctls); -/* ma_ssl_verify_server_cert +/* ma_tls_verify_server_cert validation check of server certificate Parameter: - MARIADB_SSL MariaDB SSL container + MARIADB_TLS MariaDB SSL container Returns: ß success 1 error */ -int ma_ssl_verify_server_cert(MARIADB_SSL *cssl); +int ma_tls_verify_server_cert(MARIADB_TLS *ctls); -/* ma_ssl_get_cipher +/* ma_tls_get_cipher returns cipher for current ssl connection Parameter: - MARIADB_SSL MariaDB SSL container + MARIADB_TLS MariaDB SSL container Returns: cipher in use or NULL on error */ -const char *ma_ssl_get_cipher(MARIADB_SSL *ssl); +const char *ma_tls_get_cipher(MARIADB_TLS *ssl); -/* ma_ssl_get_finger_print +/* ma_tls_get_finger_print returns SHA1 finger print of server certificate Parameter: - MARIADB_SSL MariaDB SSL container + MARIADB_TLS MariaDB SSL container fp buffer for fingerprint fp_len buffer length Returns: actual size of finger print */ -unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int fp_len); +unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int fp_len); -/* ma_ssl_get_protocol_version +/* ma_tls_get_protocol_version returns protocol version in use Parameter: - MARIADB_SSL MariaDB SSL container + MARIADB_TLS MariaDB SSL container version pointer to ssl version info Returns: 0 success 1 error */ -my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version); +my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version); /* Function prototypes */ -MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql); -my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl); -size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar *buffer, size_t length); -size_t ma_pvio_ssl_write(MARIADB_SSL *cssl, const uchar *buffer, size_t length); -my_bool ma_pvio_ssl_close(MARIADB_SSL *cssl); -int ma_pvio_ssl_verify_server_cert(MARIADB_SSL *cssl); -const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl); -my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list); +MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql); +my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls); +size_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length); +size_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length); +my_bool ma_pvio_tls_close(MARIADB_TLS *ctls); +int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls); +const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls); +my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list); my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio); -my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version); -void ma_pvio_ssl_end(); +my_bool ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version); +void ma_pvio_tls_end(); -#endif /* _ma_ssl_h_ */ +#endif /* _ma_tls_h_ */ diff --git a/include/mariadb_async.h b/include/mariadb_async.h index 56d4e2bf..06ce9c9d 100644 --- a/include/mariadb_async.h +++ b/include/mariadb_async.h @@ -29,9 +29,9 @@ extern ssize_t my_send_async(MARIADB_PVIO *pvio, extern my_bool my_io_wait_async(struct mysql_async_context *b, enum enum_pvio_io_event event, int timeout); #ifdef HAVE_SSL -extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_SSL *ssl, +extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_TLS *tls, void *buf, int size); -extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_SSL *ssl, +extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_TLS *tls, const void *buf, int size); #endif diff --git a/include/mysql.h b/include/mysql.h index 594b7864..3068d13a 100644 --- a/include/mysql.h +++ b/include/mysql.h @@ -214,13 +214,16 @@ extern unsigned int mariadb_deinitialize_ssl; MYSQL_OPT_NONBLOCK, /* MariaDB Connector/C specific */ MYSQL_DATABASE_DRIVER=7000, - MARIADB_OPT_SSL_FP, /* single finger print for server certificate verification */ - MARIADB_OPT_SSL_FP_LIST, /* finger print white list for server certificate verification */ - MARIADB_OPT_SSL_PASSPHRASE, /* passphrase for encrypted certificates */ + MARIADB_OPT_SSL_FP, /* deprecated, use MARIADB_OPT_TLS_PEER_FP instead */ + MARIADB_OPT_SSL_FP_LIST, /* deprecated, use MARIADB_OPT_TLS_PEER_FP_LIST instead */ + MARIADB_OPT_TLS_PASSPHRASE, /* passphrase for encrypted certificates */ + MARIADB_OPT_TLS_CIPHER_STRENGTH, + MARIADB_OPT_TLS_VERSION, + MARIADB_OPT_TLS_PEER_FP, /* single finger print for server certificate verification */ + MARIADB_OPT_TLS_PEER_FP_LIST, /* finger print white list for server certificate verification */ MARIADB_OPT_CONNECTION_READ_ONLY, MYSQL_OPT_CONNECT_ATTRS, /* for mysql_get_optionv */ MARIADB_OPT_USERDATA, - MARIADB_OPT_SSL_CIPHER_STRENGTH, MARIADB_OPT_CONNECTION_HANDLER, MARIADB_OPT_PORT, MARIADB_OPT_UNIXSOCKET, @@ -259,14 +262,14 @@ extern unsigned int mariadb_deinitialize_ssl; MARIADB_CONNECTION_SOCKET, MARIADB_CONNECTION_SQLSTATE, MARIADB_CONNECTION_SSL_CIPHER, - MARIADB_SSL_LIBRARY, - MARIADB_CONNECTION_SSL_VERSION, - MARIADB_CONNECTION_SSL_VERSION_ID, + MARIADB_TLS_LIBRARY, + MARIADB_CONNECTION_TLS_VERSION, + MARIADB_CONNECTION_TLS_VERSION_ID, MARIADB_CONNECTION_TYPE, MARIADB_CONNECTION_UNIX_SOCKET, MARIADB_CONNECTION_USER, MARIADB_MAX_ALLOWED_PACKET, - MARIADB_NET_BUFFER_LENGTH + MARIADB_NET_BUFFER_LENGTH, }; enum mysql_status { MYSQL_STATUS_READY, diff --git a/libmariadb/CMakeLists.txt b/libmariadb/CMakeLists.txt index eb23ee91..789eed51 100644 --- a/libmariadb/CMakeLists.txt +++ b/libmariadb/CMakeLists.txt @@ -251,7 +251,7 @@ ma_errmsg.c mariadb_lib.c ma_list.c ma_pvio.c -ma_ssl.c +ma_tls.c ma_alloc.c ma_compress.c ma_init.c diff --git a/libmariadb/ma_dtoa.c b/libmariadb/ma_dtoa.c index 7ea4e5c3..bfc0c962 100644 --- a/libmariadb/ma_dtoa.c +++ b/libmariadb/ma_dtoa.c @@ -746,49 +746,6 @@ static Bigint *multadd(Bigint *b, int m, int a, Stack_alloc *alloc) return b; } -/** - Converts a string to Bigint. - - Now we have nd0 digits, starting at s, followed by a - decimal point, followed by nd-nd0 digits. - Unless nd0 == nd, in which case we have a number of the form: - ".xxxxxx" or "xxxxxx." - - @param s Input string, already partially parsed by ma_strtod_int(). - @param nd0 Number of digits before decimal point. - @param nd Total number of digits. - @param y9 Pre-computed value of the first nine digits. - @param alloc Stack allocator for Bigints. - */ -static Bigint *s2b(const char *s, int nd0, int nd, ULong y9, Stack_alloc *alloc) -{ - Bigint *b; - int i, k; - Long x, y; - - x= (nd + 8) / 9; - for (k= 0, y= 1; x > y; y <<= 1, k++) ; - b= Balloc(k, alloc); - b->p.x[0]= y9; - b->wds= 1; - - i= 9; - if (9 < nd0) - { - s+= 9; - do - b= multadd(b, 10, *s++ - '0', alloc); - while (++i < nd0); - s++; /* skip '.' */ - } - else - s+= 10; - /* now do the fractional part */ - for(; i < nd; i++) - b= multadd(b, 10, *s++ - '0', alloc); - return b; -} - static int hi0bits(register ULong x) { @@ -1143,57 +1100,6 @@ static Bigint *diff(Bigint *a, Bigint *b, Stack_alloc *alloc) } -static double ulp(U *x) -{ - register Long L; - U u; - - L= (word0(x) & Exp_mask) - (P - 1)*Exp_msk1; - word0(&u) = L; - word1(&u) = 0; - return dval(&u); -} - - -static double b2d(Bigint *a, int *e) -{ - ULong *xa, *xa0, w, y, z; - int k; - U d; -#define d0 word0(&d) -#define d1 word1(&d) - - xa0= a->p.x; - xa= xa0 + a->wds; - y= *--xa; - k= hi0bits(y); - *e= 32 - k; - if (k < Ebits) - { - d0= Exp_1 | y >> (Ebits - k); - w= xa > xa0 ? *--xa : 0; - d1= y << ((32-Ebits) + k) | w >> (Ebits - k); - goto ret_d; - } - z= xa > xa0 ? *--xa : 0; - if (k-= Ebits) - { - d0= Exp_1 | y << k | z >> (32 - k); - y= xa > xa0 ? *--xa : 0; - d1= z << k | y >> (32 - k); - } - else - { - d0= Exp_1 | y; - d1= z; - } - ret_d: -#undef d0 -#undef d1 - return dval(&d); -} - - static Bigint *d2b(U *d, int *e, int *bits, Stack_alloc *alloc) { Bigint *b; @@ -1244,24 +1150,6 @@ static Bigint *d2b(U *d, int *e, int *bits, Stack_alloc *alloc) } -static double ratio(Bigint *a, Bigint *b) -{ - U da, db; - int k, ka, kb; - - dval(&da)= b2d(a, &ka); - dval(&db)= b2d(b, &kb); - k= ka - kb + 32*(a->wds - b->wds); - if (k > 0) - word0(&da)+= k*Exp_msk1; - else - { - k= -k; - word0(&db)+= k*Exp_msk1; - } - return dval(&da) / dval(&db); -} - static const double tens[] = { 1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6, 1e7, 1e8, 1e9, @@ -1281,755 +1169,6 @@ static const double tinytens[]= #define Scale_Bit 0x10 #define n_bigtens 5 -/* - strtod for IEEE--arithmetic machines. - - This strtod returns a nearest machine number to the input decimal - string (or sets errno to EOVERFLOW). Ties are broken by the IEEE round-even - rule. - - Inspired loosely by William D. Clinger's paper "How to Read Floating - Point Numbers Accurately" [Proc. ACM SIGPLAN '90, pp. 92-101]. - - Modifications: - - 1. We only require IEEE (not IEEE double-extended). - 2. We get by with floating-point arithmetic in a case that - Clinger missed -- when we're computing d * 10^n - for a small integer d and the integer n is not too - much larger than 22 (the maximum integer k for which - we can represent 10^k exactly), we may be able to - compute (d*10^k) * 10^(e-k) with just one roundoff. - 3. Rather than a bit-at-a-time adjustment of the binary - result in the hard case, we use floating-point - arithmetic to determine the adjustment to within - one bit; only in really hard cases do we need to - compute a second residual. - 4. Because of 3., we don't need a large table of powers of 10 - for ten-to-e (just some small tables, e.g. of 10^k - for 0 <= k <= 22). -*/ - -static double ma_strtod_int(const char *s00, char **se, int *error, char *buf, size_t buf_size) -{ - int scale; - int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, UNINIT_VAR(c), dsign, - e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign; - const char *s, *s0, *s1, *end = *se; - double aadj, aadj1; - U aadj2, adj, rv, rv0; - Long L; - ULong y, z; - Bigint *bb, *bb1, *bd, *bd0, *bs, *delta; -#ifdef SET_INEXACT - int inexact, oldinexact; -#endif -#ifdef Honor_FLT_ROUNDS - int rounding; -#endif - Stack_alloc alloc; - - *error= 0; - - alloc.begin= alloc.free= buf; - alloc.end= buf + buf_size; - memset(alloc.freelist, 0, sizeof(alloc.freelist)); - - sign= nz0= nz= 0; - dval(&rv)= 0.; - for (s= s00; s < end; s++) - switch (*s) { - case '-': - sign= 1; - /* no break */ - case '+': - s++; - goto break2; - case '\t': - case '\n': - case '\v': - case '\f': - case '\r': - case ' ': - continue; - default: - goto break2; - } - break2: - if (s >= end) - goto ret0; - - if (*s == '0') - { - nz0= 1; - while (++s < end && *s == '0') ; - if (s >= end) - goto ret; - } - s0= s; - y= z= 0; - for (nd= nf= 0; s < end && (c= *s) >= '0' && c <= '9'; nd++, s++) - if (nd < 9) - y= 10*y + c - '0'; - else if (nd < 16) - z= 10*z + c - '0'; - nd0= nd; - if (s < end && c == '.') - { - ++s; - if (!nd) - { - for (; s < end && (c= *s) == '0'; ++s) - nz++; - if (s < end && (c= *s) > '0' && c <= '9') - { - s0= s; - nf+= nz; - nz= 0; - goto have_dig; - } - goto dig_done; - } - for (; s < end && (c= *s) >= '0' && c <= '9'; ++s) - { - have_dig: - /* - Here we are parsing the fractional part. - We can stop counting digits after a while: the extra digits - will not contribute to the actual result produced by s2b(). - We have to continue scanning, in case there is an exponent part. - */ - if (nd < 2 * DBL_DIG) - { - nz++; - if (c-= '0') - { - nf+= nz; - for (i= 1; i < nz; i++) - if (nd++ < 9) - y*= 10; - else if (nd <= DBL_DIG + 1) - z*= 10; - if (nd++ < 9) - y= 10*y + c; - else if (nd <= DBL_DIG + 1) - z= 10*z + c; - nz= 0; - } - } - } - } - dig_done: - e= 0; - if (s < end && (c == 'e' || c == 'E')) - { - if (!nd && !nz && !nz0) - goto ret0; - s00= s; - esign= 0; - if (++s < end) - switch (c= *s) { - case '-': - esign= 1; - case '+': - c= *++s; - } - if (s < end && c >= '0' && c <= '9') - { - while (s < end && c == '0') - c= *++s; - if (s < end && c > '0' && c <= '9') { - L= c - '0'; - s1= s; - while (++s < end && (c= *s) >= '0' && c <= '9') - L= 10*L + c - '0'; - if (s - s1 > 8 || L > 19999) - /* Avoid confusion from exponents - * so large that e might overflow. - */ - e= 19999; /* safe for 16 bit ints */ - else - e= (int)L; - if (esign) - e= -e; - } - else - e= 0; - } - else - s= s00; - } - if (!nd) - { - if (!nz && !nz0) - { - ret0: - s= s00; - sign= 0; - } - goto ret; - } - e1= e -= nf; - - /* - Now we have nd0 digits, starting at s0, followed by a - decimal point, followed by nd-nd0 digits. The number we're - after is the integer represented by those digits times - 10**e - */ - - if (!nd0) - nd0= nd; - k= nd < DBL_DIG + 1 ? nd : DBL_DIG + 1; - dval(&rv)= y; - if (k > 9) - { -#ifdef SET_INEXACT - if (k > DBL_DIG) - oldinexact = get_inexact(); -#endif - dval(&rv)= tens[k - 9] * dval(&rv) + z; - } - bd0= 0; - if (nd <= DBL_DIG -#ifndef Honor_FLT_ROUNDS - && Flt_Rounds == 1 -#endif - ) - { - if (!e) - goto ret; - if (e > 0) - { - if (e <= Ten_pmax) - { -#ifdef Honor_FLT_ROUNDS - /* round correctly FLT_ROUNDS = 2 or 3 */ - if (sign) - { - rv.d= -rv.d; - sign= 0; - } -#endif - /* rv = */ rounded_product(dval(&rv), tens[e]); - goto ret; - } - i= DBL_DIG - nd; - if (e <= Ten_pmax + i) - { - /* - A fancier test would sometimes let us do - this for larger i values. - */ -#ifdef Honor_FLT_ROUNDS - /* round correctly FLT_ROUNDS = 2 or 3 */ - if (sign) - { - rv.d= -rv.d; - sign= 0; - } -#endif - e-= i; - dval(&rv)*= tens[i]; - /* rv = */ rounded_product(dval(&rv), tens[e]); - goto ret; - } - } -#ifndef Inaccurate_Divide - else if (e >= -Ten_pmax) - { -#ifdef Honor_FLT_ROUNDS - /* round correctly FLT_ROUNDS = 2 or 3 */ - if (sign) - { - rv.d= -rv.d; - sign= 0; - } -#endif - /* rv = */ rounded_quotient(dval(&rv), tens[-e]); - goto ret; - } -#endif - } - e1+= nd - k; - -#ifdef SET_INEXACT - inexact= 1; - if (k <= DBL_DIG) - oldinexact= get_inexact(); -#endif - scale= 0; -#ifdef Honor_FLT_ROUNDS - if ((rounding= Flt_Rounds) >= 2) - { - if (sign) - rounding= rounding == 2 ? 0 : 2; - else - if (rounding != 2) - rounding= 0; - } -#endif - - /* Get starting approximation = rv * 10**e1 */ - - if (e1 > 0) - { - if ((i= e1 & 15)) - dval(&rv)*= tens[i]; - if (e1&= ~15) - { - if (e1 > DBL_MAX_10_EXP) - { - ovfl: - *error= EOVERFLOW; - /* Can't trust HUGE_VAL */ -#ifdef Honor_FLT_ROUNDS - switch (rounding) - { - case 0: /* toward 0 */ - case 3: /* toward -infinity */ - word0(&rv)= Big0; - word1(&rv)= Big1; - break; - default: - word0(&rv)= Exp_mask; - word1(&rv)= 0; - } -#else /*Honor_FLT_ROUNDS*/ - word0(&rv)= Exp_mask; - word1(&rv)= 0; -#endif /*Honor_FLT_ROUNDS*/ -#ifdef SET_INEXACT - /* set overflow bit */ - dval(&rv0)= 1e300; - dval(&rv0)*= dval(&rv0); -#endif - if (bd0) - goto retfree; - goto ret; - } - e1>>= 4; - for(j= 0; e1 > 1; j++, e1>>= 1) - if (e1 & 1) - dval(&rv)*= bigtens[j]; - /* The last multiplication could overflow. */ - word0(&rv)-= P*Exp_msk1; - dval(&rv)*= bigtens[j]; - if ((z= word0(&rv) & Exp_mask) > Exp_msk1 * (DBL_MAX_EXP + Bias - P)) - goto ovfl; - if (z > Exp_msk1 * (DBL_MAX_EXP + Bias - 1 - P)) - { - /* set to largest number (Can't trust DBL_MAX) */ - word0(&rv)= Big0; - word1(&rv)= Big1; - } - else - word0(&rv)+= P*Exp_msk1; - } - } - else if (e1 < 0) - { - e1= -e1; - if ((i= e1 & 15)) - dval(&rv)/= tens[i]; - if ((e1>>= 4)) - { - if (e1 >= 1 << n_bigtens) - goto undfl; - if (e1 & Scale_Bit) - scale= 2 * P; - for(j= 0; e1 > 0; j++, e1>>= 1) - if (e1 & 1) - dval(&rv)*= tinytens[j]; - if (scale && (j = 2 * P + 1 - ((word0(&rv) & Exp_mask) >> Exp_shift)) > 0) - { - /* scaled rv is denormal; zap j low bits */ - if (j >= 32) - { - word1(&rv)= 0; - if (j >= 53) - word0(&rv)= (P + 2) * Exp_msk1; - else - word0(&rv)&= 0xffffffff << (j - 32); - } - else - word1(&rv)&= 0xffffffff << j; - } - if (!dval(&rv)) - { - undfl: - dval(&rv)= 0.; - if (bd0) - goto retfree; - goto ret; - } - } - } - - /* Now the hard part -- adjusting rv to the correct value.*/ - - /* Put digits into bd: true value = bd * 10^e */ - - bd0= s2b(s0, nd0, nd, y, &alloc); - - for(;;) - { - bd= Balloc(bd0->k, &alloc); - Bcopy(bd, bd0); - bb= d2b(&rv, &bbe, &bbbits, &alloc); /* rv = bb * 2^bbe */ - bs= i2b(1, &alloc); - - if (e >= 0) - { - bb2= bb5= 0; - bd2= bd5= e; - } - else - { - bb2= bb5= -e; - bd2= bd5= 0; - } - if (bbe >= 0) - bb2+= bbe; - else - bd2-= bbe; - bs2= bb2; -#ifdef Honor_FLT_ROUNDS - if (rounding != 1) - bs2++; -#endif - j= bbe - scale; - i= j + bbbits - 1; /* logb(rv) */ - if (i < Emin) /* denormal */ - j+= P - Emin; - else - j= P + 1 - bbbits; - bb2+= j; - bd2+= j; - bd2+= scale; - i= bb2 < bd2 ? bb2 : bd2; - if (i > bs2) - i= bs2; - if (i > 0) - { - bb2-= i; - bd2-= i; - bs2-= i; - } - if (bb5 > 0) - { - bs= pow5mult(bs, bb5, &alloc); - bb1= mult(bs, bb, &alloc); - Bfree(bb, &alloc); - bb= bb1; - } - if (bb2 > 0) - bb= lshift(bb, bb2, &alloc); - if (bd5 > 0) - bd= pow5mult(bd, bd5, &alloc); - if (bd2 > 0) - bd= lshift(bd, bd2, &alloc); - if (bs2 > 0) - bs= lshift(bs, bs2, &alloc); - delta= diff(bb, bd, &alloc); - dsign= delta->sign; - delta->sign= 0; - i= cmp(delta, bs); -#ifdef Honor_FLT_ROUNDS - if (rounding != 1) - { - if (i < 0) - { - /* Error is less than an ulp */ - if (!delta->p.x[0] && delta->wds <= 1) - { - /* exact */ -#ifdef SET_INEXACT - inexact= 0; -#endif - break; - } - if (rounding) - { - if (dsign) - { - adj.d= 1.; - goto apply_adj; - } - } - else if (!dsign) - { - adj.d= -1.; - if (!word1(&rv) && !(word0(&rv) & Frac_mask)) - { - y= word0(&rv) & Exp_mask; - if (!scale || y > 2*P*Exp_msk1) - { - delta= lshift(delta, Log2P, &alloc); - if (cmp(delta, bs) <= 0) - adj.d= -0.5; - } - } - apply_adj: - if (scale && (y= word0(&rv) & Exp_mask) <= 2 * P * Exp_msk1) - word0(&adj)+= (2 * P + 1) * Exp_msk1 - y; - dval(&rv)+= adj.d * ulp(&rv); - } - break; - } - adj.d= ratio(delta, bs); - if (adj.d < 1.) - adj.d= 1.; - if (adj.d <= 0x7ffffffe) - { - /* adj = rounding ? ceil(adj) : floor(adj); */ - y= adj.d; - if (y != adj.d) - { - if (!((rounding >> 1) ^ dsign)) - y++; - adj.d= y; - } - } - if (scale && (y= word0(&rv) & Exp_mask) <= 2 * P * Exp_msk1) - word0(&adj)+= (2 * P + 1) * Exp_msk1 - y; - adj.d*= ulp(&rv); - if (dsign) - dval(&rv)+= adj.d; - else - dval(&rv)-= adj.d; - goto cont; - } -#endif /*Honor_FLT_ROUNDS*/ - - if (i < 0) - { - /* - Error is less than half an ulp -- check for special case of mantissa - a power of two. - */ - if (dsign || word1(&rv) || word0(&rv) & Bndry_mask || - (word0(&rv) & Exp_mask) <= (2 * P + 1) * Exp_msk1) - { -#ifdef SET_INEXACT - if (!delta->x[0] && delta->wds <= 1) - inexact= 0; -#endif - break; - } - if (!delta->p.x[0] && delta->wds <= 1) - { - /* exact result */ -#ifdef SET_INEXACT - inexact= 0; -#endif - break; - } - delta= lshift(delta, Log2P, &alloc); - if (cmp(delta, bs) > 0) - goto drop_down; - break; - } - if (i == 0) - { - /* exactly half-way between */ - if (dsign) - { - if ((word0(&rv) & Bndry_mask1) == Bndry_mask1 && - word1(&rv) == - ((scale && (y = word0(&rv) & Exp_mask) <= 2 * P * Exp_msk1) ? - (0xffffffff & (0xffffffff << (2*P+1-(y>>Exp_shift)))) : - 0xffffffff)) - { - /*boundary case -- increment exponent*/ - word0(&rv)= (word0(&rv) & Exp_mask) + Exp_msk1; - word1(&rv) = 0; - dsign = 0; - break; - } - } - else if (!(word0(&rv) & Bndry_mask) && !word1(&rv)) - { - drop_down: - /* boundary case -- decrement exponent */ - if (scale) - { - L= word0(&rv) & Exp_mask; - if (L <= (2 *P + 1) * Exp_msk1) - { - if (L > (P + 2) * Exp_msk1) - /* round even ==> accept rv */ - break; - /* rv = smallest denormal */ - goto undfl; - } - } - L= (word0(&rv) & Exp_mask) - Exp_msk1; - word0(&rv)= L | Bndry_mask1; - word1(&rv)= 0xffffffff; - break; - } - if (!(word1(&rv) & LSB)) - break; - if (dsign) - dval(&rv)+= ulp(&rv); - else - { - dval(&rv)-= ulp(&rv); - if (!dval(&rv)) - goto undfl; - } - dsign= 1 - dsign; - break; - } - if ((aadj= ratio(delta, bs)) <= 2.) - { - if (dsign) - aadj= aadj1= 1.; - else if (word1(&rv) || word0(&rv) & Bndry_mask) - { - if (word1(&rv) == Tiny1 && !word0(&rv)) - goto undfl; - aadj= 1.; - aadj1= -1.; - } - else - { - /* special case -- power of FLT_RADIX to be rounded down... */ - if (aadj < 2. / FLT_RADIX) - aadj= 1. / FLT_RADIX; - else - aadj*= 0.5; - aadj1= -aadj; - } - } - else - { - aadj*= 0.5; - aadj1= dsign ? aadj : -aadj; -#ifdef Check_FLT_ROUNDS - switch (Rounding) - { - case 2: /* towards +infinity */ - aadj1-= 0.5; - break; - case 0: /* towards 0 */ - case 3: /* towards -infinity */ - aadj1+= 0.5; - } -#else - if (Flt_Rounds == 0) - aadj1+= 0.5; -#endif /*Check_FLT_ROUNDS*/ - } - y= word0(&rv) & Exp_mask; - - /* Check for overflow */ - - if (y == Exp_msk1 * (DBL_MAX_EXP + Bias - 1)) - { - dval(&rv0)= dval(&rv); - word0(&rv)-= P * Exp_msk1; - adj.d= aadj1 * ulp(&rv); - dval(&rv)+= adj.d; - if ((word0(&rv) & Exp_mask) >= Exp_msk1 * (DBL_MAX_EXP + Bias - P)) - { - if (word0(&rv0) == Big0 && word1(&rv0) == Big1) - goto ovfl; - word0(&rv)= Big0; - word1(&rv)= Big1; - goto cont; - } - else - word0(&rv)+= P * Exp_msk1; - } - else - { - if (scale && y <= 2 * P * Exp_msk1) - { - if (aadj <= 0x7fffffff) - { - if ((z= (ULong) aadj) <= 0) - z= 1; - aadj= z; - aadj1= dsign ? aadj : -aadj; - } - dval(&aadj2) = aadj1; - word0(&aadj2)+= (2 * P + 1) * Exp_msk1 - y; - aadj1= dval(&aadj2); - adj.d= aadj1 * ulp(&rv); - dval(&rv)+= adj.d; - if (rv.d == 0.) - goto undfl; - } - else - { - adj.d= aadj1 * ulp(&rv); - dval(&rv)+= adj.d; - } - } - z= word0(&rv) & Exp_mask; -#ifndef SET_INEXACT - if (!scale) - if (y == z) - { - /* Can we stop now? */ - L= (Long)aadj; - aadj-= L; - /* The tolerances below are conservative. */ - if (dsign || word1(&rv) || word0(&rv) & Bndry_mask) - { - if (aadj < .4999999 || aadj > .5000001) - break; - } - else if (aadj < .4999999 / FLT_RADIX) - break; - } -#endif - cont: - Bfree(bb, &alloc); - Bfree(bd, &alloc); - Bfree(bs, &alloc); - Bfree(delta, &alloc); - } -#ifdef SET_INEXACT - if (inexact) - { - if (!oldinexact) - { - word0(&rv0)= Exp_1 + (70 << Exp_shift); - word1(&rv0)= 0; - dval(&rv0)+= 1.; - } - } - else if (!oldinexact) - clear_inexact(); -#endif - if (scale) - { - word0(&rv0)= Exp_1 - 2 * P * Exp_msk1; - word1(&rv0)= 0; - dval(&rv)*= dval(&rv0); - } -#ifdef SET_INEXACT - if (inexact && !(word0(&rv) & Exp_mask)) - { - /* set underflow bit */ - dval(&rv0)= 1e-300; - dval(&rv0)*= dval(&rv0); - } -#endif - retfree: - Bfree(bb, &alloc); - Bfree(bd, &alloc); - Bfree(bs, &alloc); - Bfree(bd0, &alloc); - Bfree(delta, &alloc); - ret: - *se= (char *)s; - return sign ? -dval(&rv) : dval(&rv); -} - static int quorem(Bigint *b, Bigint *S) { diff --git a/libmariadb/ma_pvio.c b/libmariadb/ma_pvio.c index 9b3178a5..42d65044 100644 --- a/libmariadb/ma_pvio.c +++ b/libmariadb/ma_pvio.c @@ -243,9 +243,9 @@ size_t ma_pvio_read(MARIADB_PVIO *pvio, uchar *buffer, size_t length) /* secure connection */ #ifdef HAVE_SSL - if (pvio->cssl) + if (pvio->ctls) { - r= ma_pvio_ssl_read(pvio->cssl, buffer, length); + r= ma_pvio_tls_read(pvio->ctls, buffer, length); goto end; } #endif @@ -348,9 +348,9 @@ size_t ma_pvio_write(MARIADB_PVIO *pvio, const uchar *buffer, size_t length) /* secure connection */ #ifdef HAVE_SSL - if (pvio->cssl) + if (pvio->ctls) { - r= ma_pvio_ssl_write(pvio->cssl, buffer, length); + r= ma_pvio_tls_write(pvio->ctls, buffer, length); goto end; } else @@ -389,10 +389,10 @@ void ma_pvio_close(MARIADB_PVIO *pvio) { /* free internal structures and close connection */ #ifdef HAVE_SSL - if (pvio && pvio->cssl) + if (pvio && pvio->ctls) { - ma_pvio_ssl_close(pvio->cssl); - free(pvio->cssl); + ma_pvio_tls_close(pvio->ctls); + free(pvio->ctls); } #endif if (pvio && pvio->methods->close) @@ -511,14 +511,14 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio) if (!pvio || !pvio->mysql) return 1; CLEAR_CLIENT_ERROR(pvio->mysql); - if (!(pvio->cssl= ma_pvio_ssl_init(pvio->mysql))) + if (!(pvio->ctls= ma_pvio_tls_init(pvio->mysql))) { return 1; } - if (ma_pvio_ssl_connect(pvio->cssl)) + if (ma_pvio_tls_connect(pvio->ctls)) { - free(pvio->cssl); - pvio->cssl= NULL; + free(pvio->ctls); + pvio->ctls= NULL; return 1; } @@ -529,17 +529,17 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio) */ if ((pvio->mysql->options.ssl_ca || pvio->mysql->options.ssl_capath) && (pvio->mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) && - ma_pvio_ssl_verify_server_cert(pvio->cssl)) + ma_pvio_tls_verify_server_cert(pvio->ctls)) return 1; if (pvio->mysql->options.extension && - (pvio->mysql->options.extension->ssl_fp && pvio->mysql->options.extension->ssl_fp[0]) || - (pvio->mysql->options.extension->ssl_fp_list && pvio->mysql->options.extension->ssl_fp_list[0])) + (pvio->mysql->options.extension->tls_fp && pvio->mysql->options.extension->tls_fp[0]) || + (pvio->mysql->options.extension->tls_fp_list && pvio->mysql->options.extension->tls_fp_list[0])) { - if (ma_pvio_ssl_check_fp(pvio->cssl, - pvio->mysql->options.extension->ssl_fp, - pvio->mysql->options.extension->ssl_fp_list)) + if (ma_pvio_tls_check_fp(pvio->ctls, + pvio->mysql->options.extension->tls_fp, + pvio->mysql->options.extension->tls_fp_list)) return 1; } diff --git a/libmariadb/ma_ssl.c b/libmariadb/ma_tls.c similarity index 71% rename from libmariadb/ma_ssl.c rename to libmariadb/ma_tls.c index 4c220872..418a16a9 100644 --- a/libmariadb/ma_ssl.c +++ b/libmariadb/ma_tls.c @@ -38,7 +38,7 @@ #include #include #include -#include +#include #include #include @@ -48,26 +48,26 @@ #endif /* Errors should be handled via pvio callback function */ -my_bool ma_ssl_initialized= FALSE; +my_bool ma_tls_initialized= FALSE; unsigned int mariadb_deinitialize_ssl= 1; char *ssl_protocol_version[5]= {"unknown", "SSL3", "TLS1.0", "TLS1.1", "TLS1.2"}; -MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql) +MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql) { - MARIADB_SSL *cssl= NULL; + MARIADB_TLS *cssl= NULL; - if (!ma_ssl_initialized) - ma_ssl_start(mysql->net.last_error, MYSQL_ERRMSG_SIZE); + if (!ma_tls_initialized) + ma_tls_start(mysql->net.last_error, MYSQL_ERRMSG_SIZE); - if (!(cssl= (MARIADB_SSL *)calloc(1, sizeof(MARIADB_SSL)))) + if (!(cssl= (MARIADB_TLS *)calloc(1, sizeof(MARIADB_TLS)))) { return NULL; } /* register error routine and methods */ cssl->pvio= mysql->net.pvio; - if (!(cssl->ssl= ma_ssl_init(mysql))) + if (!(cssl->ssl= ma_tls_init(mysql))) { free(cssl); cssl= NULL; @@ -75,51 +75,51 @@ MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql) return cssl; } -my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl) +my_bool ma_pvio_tls_connect(MARIADB_TLS *cssl) { my_bool rc; - if ((rc= ma_ssl_connect(cssl))) - ma_ssl_close(cssl); + if ((rc= ma_tls_connect(cssl))) + ma_tls_close(cssl); return rc; } -size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_pvio_tls_read(MARIADB_TLS *cssl, const uchar* buffer, size_t length) { - return ma_ssl_read(cssl, buffer, length); + return ma_tls_read(cssl, buffer, length); } -size_t ma_pvio_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_pvio_tls_write(MARIADB_TLS *cssl, const uchar* buffer, size_t length) { - return ma_ssl_write(cssl, buffer, length); + return ma_tls_write(cssl, buffer, length); } -my_bool ma_pvio_ssl_close(MARIADB_SSL *cssl) +my_bool ma_pvio_tls_close(MARIADB_TLS *cssl) { - return ma_ssl_close(cssl); + return ma_tls_close(cssl); } -int ma_pvio_ssl_verify_server_cert(MARIADB_SSL *cssl) +int ma_pvio_tls_verify_server_cert(MARIADB_TLS *cssl) { - return ma_ssl_verify_server_cert(cssl); + return ma_tls_verify_server_cert(cssl); } -const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl) +const char *ma_pvio_tls_cipher(MARIADB_TLS *cssl) { - return ma_ssl_get_cipher(cssl); + return ma_tls_get_cipher(cssl); } -void ma_pvio_ssl_end() +void ma_pvio_tls_end() { - ma_ssl_end(); + ma_tls_end(); } -my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version) +my_bool ma_pvio_tls_get_protocol_version(MARIADB_TLS *cssl, struct st_ssl_version *version) { - return ma_ssl_get_protocol_version(cssl, version); + return ma_tls_get_protocol_version(cssl, version); } -static my_bool ma_pvio_ssl_compare_fp(char *fp1, unsigned int fp1_len, +static my_bool ma_pvio_tls_compare_fp(char *fp1, unsigned int fp1_len, char *fp2, unsigned int fp2_len) { char hexstr[64]; @@ -134,17 +134,17 @@ static my_bool ma_pvio_ssl_compare_fp(char *fp1, unsigned int fp1_len, return 0; } -my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list) +my_bool ma_pvio_tls_check_fp(MARIADB_TLS *cssl, const char *fp, const char *fp_list) { unsigned int cert_fp_len= 64; unsigned char cert_fp[64]; my_bool rc=1; MYSQL *mysql= cssl->pvio->mysql; - if ((cert_fp_len= ma_ssl_get_finger_print(cssl, cert_fp, cert_fp_len)) < 1) + if ((cert_fp_len= ma_tls_get_finger_print(cssl, cert_fp, cert_fp_len)) < 1) goto end; if (fp) - rc= ma_pvio_ssl_compare_fp(cert_fp, cert_fp_len, (char *)fp, (unsigned int)strlen(fp)); + rc= ma_pvio_tls_compare_fp(cert_fp, cert_fp_len, (char *)fp, (unsigned int)strlen(fp)); else if (fp_list) { MA_FILE *fp; @@ -164,7 +164,7 @@ my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_l if (pos) *pos= '\0'; - if (!ma_pvio_ssl_compare_fp(cert_fp, cert_fp_len, buff, (unsigned int)strlen(buff))) + if (!ma_pvio_tls_compare_fp(cert_fp, cert_fp_len, buff, (unsigned int)strlen(buff))) { /* finger print is valid: close file and exit */ ma_close(fp); diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c index 2bfee6a8..33d7b9f8 100644 --- a/libmariadb/mariadb_lib.c +++ b/libmariadb/mariadb_lib.c @@ -64,7 +64,7 @@ #endif #include #ifdef HAVE_SSL -#include +#include #endif #include @@ -610,7 +610,7 @@ struct st_default_options mariadb_defaults[] = {MARIADB_OPT_SSL_FP, MARIADB_OPTION_STR, "ssl-fp"}, {MARIADB_OPT_SSL_FP_LIST, MARIADB_OPTION_STR, "ssl-fp-list"}, {MARIADB_OPT_SSL_FP_LIST, MARIADB_OPTION_STR, "ssl-fplist"}, - {MARIADB_OPT_SSL_PASSPHRASE, MARIADB_OPTION_STR, "ssl_passphrase"}, + {MARIADB_OPT_TLS_PASSPHRASE, MARIADB_OPTION_STR, "ssl_passphrase"}, {MYSQL_OPT_BIND, MARIADB_OPTION_STR, "bind-address"}, {0, 0, NULL} }; @@ -1014,9 +1014,9 @@ const char * STDCALL mysql_get_ssl_cipher(MYSQL *mysql) { #ifdef HAVE_SSL - if (mysql->net.pvio && mysql->net.pvio->cssl) + if (mysql->net.pvio && mysql->net.pvio->ctls) { - return ma_pvio_ssl_cipher(mysql->net.pvio->cssl); + return ma_pvio_tls_cipher(mysql->net.pvio->ctls); } #endif return(NULL); @@ -1795,9 +1795,10 @@ static void mysql_close_options(MYSQL *mysql) free(mysql->options.extension->db_driver); free(mysql->options.extension->ssl_crl); free(mysql->options.extension->ssl_crlpath); - free(mysql->options.extension->ssl_fp); - free(mysql->options.extension->ssl_fp_list); - free(mysql->options.extension->ssl_pw); + free(mysql->options.extension->tls_fp); + free(mysql->options.extension->tls_fp_list); + free(mysql->options.extension->tls_pw); + free(mysql->options.extension->tls_version); free(mysql->options.extension->url); free(mysql->options.extension->connection_handler); if(hash_inited(&mysql->options.extension->connect_attrs)) @@ -2776,17 +2777,19 @@ mysql_optionsv(MYSQL *mysql,enum mysql_option option, ...) case MYSQL_OPT_BIND: OPT_SET_VALUE_STR(&mysql->options, bind_address, arg1); break; - case MARIADB_OPT_SSL_CIPHER_STRENGTH: - OPT_SET_EXTENDED_VALUE_INT(&mysql->options, ssl_cipher_strength, *((unsigned int *)arg1)); + case MARIADB_OPT_TLS_CIPHER_STRENGTH: + OPT_SET_EXTENDED_VALUE_INT(&mysql->options, tls_cipher_strength, *((unsigned int *)arg1)); break; case MARIADB_OPT_SSL_FP: - OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_fp, (char *)arg1); + case MARIADB_OPT_TLS_PEER_FP: + OPT_SET_EXTENDED_VALUE_STR(&mysql->options, tls_fp, (char *)arg1); break; case MARIADB_OPT_SSL_FP_LIST: - OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_fp_list, (char *)arg1); + case MARIADB_OPT_TLS_PEER_FP_LIST: + OPT_SET_EXTENDED_VALUE_STR(&mysql->options, tls_fp_list, (char *)arg1); break; - case MARIADB_OPT_SSL_PASSPHRASE: - OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_pw, (char *)arg1); + case MARIADB_OPT_TLS_PASSPHRASE: + OPT_SET_EXTENDED_VALUE_STR(&mysql->options, tls_pw, (char *)arg1); break; case MARIADB_OPT_COM_MULTI: if (&mysql->net.pvio && @@ -3000,17 +3003,19 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...) case MYSQL_OPT_BIND: *((char **)arg)= mysql->options.bind_address; break; - case MARIADB_OPT_SSL_CIPHER_STRENGTH: - *((unsigned int *)arg) = mysql->options.extension ? mysql->options.extension->ssl_cipher_strength : 0; + case MARIADB_OPT_TLS_CIPHER_STRENGTH: + *((unsigned int *)arg) = mysql->options.extension ? mysql->options.extension->tls_cipher_strength : 0; break; case MARIADB_OPT_SSL_FP: - *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_fp : NULL; + case MARIADB_OPT_TLS_PEER_FP: + *((char **)arg)= mysql->options.extension ? mysql->options.extension->tls_fp : NULL; break; case MARIADB_OPT_SSL_FP_LIST: - *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_fp_list : NULL; + case MARIADB_OPT_TLS_PEER_FP_LIST: + *((char **)arg)= mysql->options.extension ? mysql->options.extension->tls_fp_list : NULL; break; - case MARIADB_OPT_SSL_PASSPHRASE: - *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_pw : NULL; + case MARIADB_OPT_TLS_PASSPHRASE: + *((char **)arg)= mysql->options.extension ? mysql->options.extension->tls_pw : NULL; break; case MARIADB_OPT_CONNECTION_READ_ONLY: *((my_bool *)arg)= mysql->options.extension ? mysql->options.extension->read_only : 0; @@ -3340,7 +3345,7 @@ void STDCALL mysql_server_end(void) if (ma_init_done) ma_end(0); #ifdef HAVE_SSL - ma_pvio_ssl_end(); + ma_pvio_tls_end(); #endif mysql_client_init= 0; ma_init_done= 0; @@ -3461,31 +3466,31 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void * goto error; *((char **)arg)= mysql->net.sqlstate; break; - case MARIADB_CONNECTION_SSL_VERSION: + case MARIADB_CONNECTION_TLS_VERSION: #ifdef HAVE_SSL - if (mysql && mysql->net.pvio && mysql->net.pvio->cssl) + if (mysql && mysql->net.pvio && mysql->net.pvio->ctls) { struct st_ssl_version version; - if (!ma_pvio_ssl_get_protocol_version(mysql->net.pvio->cssl, &version)) + if (!ma_pvio_tls_get_protocol_version(mysql->net.pvio->ctls, &version)) *((char **)arg)= version.cversion; } else #endif goto error; break; - case MARIADB_CONNECTION_SSL_VERSION_ID: + case MARIADB_CONNECTION_TLS_VERSION_ID: #ifdef HAVE_SSL - if (mysql && mysql->net.pvio && mysql->net.pvio->cssl) + if (mysql && mysql->net.pvio && mysql->net.pvio->ctls) { struct st_ssl_version version; - if (!ma_pvio_ssl_get_protocol_version(mysql->net.pvio->cssl, &version)) + if (!ma_pvio_tls_get_protocol_version(mysql->net.pvio->ctls, &version)) *((unsigned int *)arg)= version.iversion; } else #endif goto error; break; - case MARIADB_SSL_LIBRARY: + case MARIADB_TLS_LIBRARY: #ifdef HAVE_SSL #ifdef HAVE_GNUTLS *((char **)arg)= "GNUTLS"; @@ -3579,8 +3584,8 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void * break; case MARIADB_CONNECTION_SSL_CIPHER: #ifdef HAVE_SSL - if (mysql && mysql->net.pvio && mysql->net.pvio->cssl) - *((char **)arg)= (char *)ma_pvio_ssl_cipher(mysql->net.pvio->cssl); + if (mysql && mysql->net.pvio && mysql->net.pvio->ctls) + *((char **)arg)= (char *)ma_pvio_tls_cipher(mysql->net.pvio->ctls); else #endif goto error; diff --git a/libmariadb/secure/gnutls.c b/libmariadb/secure/gnutls.c index ba8d0742..e217c383 100644 --- a/libmariadb/secure/gnutls.c +++ b/libmariadb/secure/gnutls.c @@ -29,19 +29,19 @@ #include #include #include -#include +#include pthread_mutex_t LOCK_gnutls_config; static gnutls_certificate_credentials_t GNUTLS_xcred; -extern my_bool ma_ssl_initialized; +extern my_bool ma_tls_initialized; extern unsigned int mariadb_deinitialize_ssl; static int my_verify_callback(gnutls_session_t ssl); #define MAX_SSL_ERR_LEN 100 -static void ma_ssl_set_error(MYSQL *mysql, int ssl_errno) +static void ma_tls_set_error(MYSQL *mysql, int ssl_errno) { char ssl_error[MAX_SSL_ERR_LEN]; const char *ssl_error_reason; @@ -64,7 +64,7 @@ static void ma_ssl_set_error(MYSQL *mysql, int ssl_errno) } -static void ma_ssl_get_error(char *errmsg, size_t length, int ssl_errno) +static void ma_tls_get_error(char *errmsg, size_t length, int ssl_errno) { const char *ssl_error_reason; @@ -93,11 +93,11 @@ static void ma_ssl_get_error(char *errmsg, size_t length, int ssl_errno) 0 success 1 error */ -int ma_ssl_start(char *errmsg, size_t errmsg_len) +int ma_tls_start(char *errmsg, size_t errmsg_len) { int rc= 0; - if (ma_ssl_initialized) + if (ma_tls_initialized) return 0; pthread_mutex_init(&LOCK_gnutls_config,MY_MUTEX_INIT_FAST); @@ -105,12 +105,12 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len) if ((rc= gnutls_global_init()) != GNUTLS_E_SUCCESS) { - ma_ssl_get_error(errmsg, errmsg_len, rc); + ma_tls_get_error(errmsg, errmsg_len, rc); goto end; } /* Allocate a global context for credentials */ rc= gnutls_certificate_allocate_credentials(&GNUTLS_xcred); - ma_ssl_initialized= TRUE; + ma_tls_initialized= TRUE; end: pthread_mutex_unlock(&LOCK_gnutls_config); return rc; @@ -128,9 +128,9 @@ end: RETURN VALUES void */ -void ma_ssl_end() +void ma_tls_end() { - if (ma_ssl_initialized) + if (ma_tls_initialized) { pthread_mutex_lock(&LOCK_gnutls_config); gnutls_certificate_free_keys(GNUTLS_xcred); @@ -140,14 +140,14 @@ void ma_ssl_end() gnutls_certificate_free_credentials(GNUTLS_xcred); if (mariadb_deinitialize_ssl) gnutls_global_deinit(); - ma_ssl_initialized= FALSE; + ma_tls_initialized= FALSE; pthread_mutex_unlock(&LOCK_gnutls_config); pthread_mutex_destroy(&LOCK_gnutls_config); } return; } -static int ma_ssl_set_certs(MYSQL *mysql) +static int ma_tls_set_certs(MYSQL *mysql) { char *certfile= mysql->options.ssl_cert, *keyfile= mysql->options.ssl_key; @@ -179,7 +179,7 @@ static int ma_ssl_set_certs(MYSQL *mysql) if ((ssl_error= gnutls_certificate_set_x509_key_file2(GNUTLS_xcred, certfile, keyfile, GNUTLS_X509_FMT_PEM, - OPT_HAS_EXT_VAL(mysql, ssl_pw) ? mysql->options.extension->ssl_pw : NULL, + OPT_HAS_EXT_VAL(mysql, tls_pw) ? mysql->options.extension->tls_pw : NULL, 0)) < 0) goto error; } @@ -191,7 +191,7 @@ error: return ssl_error; } -void *ma_ssl_init(MYSQL *mysql) +void *ma_tls_init(MYSQL *mysql) { gnutls_session_t ssl= NULL; int ssl_error= 0; @@ -199,7 +199,7 @@ void *ma_ssl_init(MYSQL *mysql) pthread_mutex_lock(&LOCK_gnutls_config); - if ((ssl_error= ma_ssl_set_certs(mysql)) < 0) + if ((ssl_error= ma_tls_set_certs(mysql)) < 0) goto error; if ((ssl_error = gnutls_init(&ssl, GNUTLS_CLIENT & GNUTLS_NONBLOCK)) < 0) @@ -216,36 +216,36 @@ void *ma_ssl_init(MYSQL *mysql) pthread_mutex_unlock(&LOCK_gnutls_config); return (void *)ssl; error: - ma_ssl_set_error(mysql, ssl_error); + ma_tls_set_error(mysql, ssl_error); if (ssl) gnutls_deinit(ssl); pthread_mutex_unlock(&LOCK_gnutls_config); return NULL; } -ssize_t ma_ssl_push(gnutls_transport_ptr_t ptr, const void* data, size_t len) +ssize_t ma_tls_push(gnutls_transport_ptr_t ptr, const void* data, size_t len) { MARIADB_PVIO *pvio= (MARIADB_PVIO *)ptr; ssize_t rc= pvio->methods->write(pvio, data, len); return rc; } -ssize_t ma_ssl_pull(gnutls_transport_ptr_t ptr, void* data, size_t len) +ssize_t ma_tls_pull(gnutls_transport_ptr_t ptr, void* data, size_t len) { MARIADB_PVIO *pvio= (MARIADB_PVIO *)ptr; ssize_t rc= pvio->methods->read(pvio, data, len); return rc; } -static int ma_ssl_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms) +static int ma_tls_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms) { MARIADB_PVIO *pvio= (MARIADB_PVIO *)ptr; return pvio->methods->wait_io_or_timeout(pvio, 0, ms); } -my_bool ma_ssl_connect(MARIADB_SSL *cssl) +my_bool ma_tls_connect(MARIADB_TLS *ctls) { - gnutls_session_t ssl = (gnutls_session_t)cssl->ssl; + gnutls_session_t ssl = (gnutls_session_t)ctls->ssl; my_bool blocking; MYSQL *mysql; MARIADB_PVIO *pvio; @@ -263,9 +263,9 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) /* we don't use GnuTLS read/write functions */ gnutls_transport_set_ptr(ssl, pvio); - gnutls_transport_set_push_function(ssl, ma_ssl_push); - gnutls_transport_set_pull_function(ssl, ma_ssl_pull); - gnutls_transport_set_pull_timeout_function(ssl, ma_ssl_pull_timeout); + gnutls_transport_set_push_function(ssl, ma_tls_push); + gnutls_transport_set_pull_function(ssl, ma_tls_pull); + gnutls_transport_set_pull_timeout_function(ssl, ma_tls_pull_timeout); gnutls_handshake_set_timeout(ssl, pvio->timeout[PVIO_CONNECT_TIMEOUT]); do { @@ -274,47 +274,47 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) if (ret < 0) { - ma_ssl_set_error(mysql, ret); + ma_tls_set_error(mysql, ret); /* restore blocking mode */ if (!blocking) pvio->methods->blocking(pvio, FALSE, 0); return 1; } - cssl->ssl= (void *)ssl; + ctls->ssl= (void *)ssl; return 0; } -size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length) { - return gnutls_record_recv((gnutls_session_t )cssl->ssl, (void *)buffer, length); + return gnutls_record_recv((gnutls_session_t )ctls->ssl, (void *)buffer, length); } -size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length) { - return gnutls_record_send((gnutls_session_t )cssl->ssl, (void *)buffer, length); + return gnutls_record_send((gnutls_session_t )ctls->ssl, (void *)buffer, length); } -my_bool ma_ssl_close(MARIADB_SSL *cssl) +my_bool ma_tls_close(MARIADB_TLS *ctls) { - gnutls_bye((gnutls_session_t )cssl->ssl, GNUTLS_SHUT_WR); - gnutls_deinit((gnutls_session_t )cssl->ssl); - cssl->ssl= NULL; + gnutls_bye((gnutls_session_t )ctls->ssl, GNUTLS_SHUT_WR); + gnutls_deinit((gnutls_session_t )ctls->ssl); + ctls->ssl= NULL; return 0; } -int ma_ssl_verify_server_cert(MARIADB_SSL *cssl) +int ma_tls_verify_server_cert(MARIADB_TLS *ctls) { /* server verification is already handled before */ return 0; } -const char *ma_ssl_get_cipher(MARIADB_SSL *cssl) +const char *ma_tls_get_cipher(MARIADB_TLS *ctls) { - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return NULL; - return gnutls_cipher_get_name (gnutls_cipher_get((gnutls_session_t )cssl->ssl)); + return gnutls_cipher_get_name (gnutls_cipher_get((gnutls_session_t )ctls->ssl)); } static int my_verify_callback(gnutls_session_t ssl) @@ -388,19 +388,19 @@ static int my_verify_callback(gnutls_session_t ssl) return 0; } -unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int len) +unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int len) { MYSQL *mysql; size_t fp_len= len; const gnutls_datum_t *cert_list; unsigned int cert_list_size; - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return 0; - mysql= (MYSQL *)gnutls_session_get_ptr(cssl->ssl); + mysql= (MYSQL *)gnutls_session_get_ptr(ctls->ssl); - cert_list = gnutls_certificate_get_peers (cssl->ssl, &cert_list_size); + cert_list = gnutls_certificate_get_peers (ctls->ssl, &cert_list_size); if (cert_list == NULL) { my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, @@ -420,12 +420,12 @@ unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsig } } -my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version) +my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version) { - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return 1; - version->iversion= gnutls_protocol_get_version(cssl->ssl); + version->iversion= gnutls_protocol_get_version(ctls->ssl); version->cversion= (char *)gnutls_protocol_get_name(version->iversion); return 0; } diff --git a/libmariadb/secure/ma_schannel.c b/libmariadb/secure/ma_schannel.c index bb54d223..2cf3afcd 100644 --- a/libmariadb/secure/ma_schannel.c +++ b/libmariadb/secure/ma_schannel.c @@ -396,8 +396,8 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe SECURITY_STATUS rc; PUCHAR IoBuffer; BOOL fDoRead; - MARIADB_SSL *cssl= pvio->cssl; - SC_CTX *sctx= (SC_CTX *)cssl->ssl; + MARIADB_TLS *ctls= pvio->ctls; + SC_CTX *sctx= (SC_CTX *)ctls->ssl; dwSSPIFlags = ISC_REQ_SEQUENCE_DETECT | @@ -562,13 +562,13 @@ loopend: } /* }}} */ -/* {{{ SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl) */ +/* {{{ SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls) */ /* performs client side handshake SYNOPSIS ma_schannel_client_handshake() - cssl Pointer to a MARIADB_SSL structure + ctls Pointer to a MARIADB_TLS structure DESCRIPTION initiates a client/server handshake. This function can be used @@ -578,7 +578,7 @@ loopend: SEC_E_OK on success */ -SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl) +SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls) { MARIADB_PVIO *pvio; SECURITY_STATUS sRet; @@ -594,11 +594,11 @@ SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl) SecBufferDesc BufferOut; SecBuffer BuffersOut; - if (!cssl || !cssl->pvio) + if (!ctls || !ctls->pvio) return 1; - pvio= cssl->pvio; - sctx= (SC_CTX *)cssl->ssl; + pvio= ctls->pvio; + sctx= (SC_CTX *)ctls->ssl; /* Initialie securifty context */ BuffersOut.BufferType= SECBUFFER_TOKEN; @@ -701,10 +701,10 @@ SECURITY_STATUS ma_schannel_read_decrypt(MARIADB_PVIO *pvio, *pData, *pExtra; int i; - if (!pvio || !pvio->methods || !pvio->methods->read || !pvio->cssl || !DecryptLength) + if (!pvio || !pvio->methods || !pvio->methods->read || !pvio->ctls || !DecryptLength) return SEC_E_INTERNAL_ERROR; - sctx= (SC_CTX *)pvio->cssl->ssl; + sctx= (SC_CTX *)pvio->ctls->ssl; *DecryptLength= 0; while (1) @@ -880,7 +880,7 @@ size_t ma_schannel_write_encrypt(MARIADB_PVIO *pvio, SecBuffer Buffers[4]; DWORD cbMessage; PBYTE pbMessage; - SC_CTX *sctx= (SC_CTX *)pvio->cssl->ssl; + SC_CTX *sctx= (SC_CTX *)pvio->ctls->ssl; size_t payload; payload= MIN(WriteBufferSize, sctx->IoBufferSize); @@ -920,15 +920,15 @@ size_t ma_schannel_write_encrypt(MARIADB_PVIO *pvio, extern char *ssl_protocol_version[5]; -/* {{{ ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version) */ -my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version) +/* {{{ ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version) */ +my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version) { SC_CTX *sctx; SecPkgContext_ConnectionInfo ConnectionInfo; - if (!cssl->ssl) + if (!ctls->ssl) return 1; - sctx= (SC_CTX *)cssl->ssl; + sctx= (SC_CTX *)ctls->ssl; if (QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_CONNECTION_INFO, &ConnectionInfo) != SEC_E_OK) return 1; diff --git a/libmariadb/secure/ma_schannel.h b/libmariadb/secure/ma_schannel.h index e2fe6391..79865c44 100644 --- a/libmariadb/secure/ma_schannel.h +++ b/libmariadb/secure/ma_schannel.h @@ -56,7 +56,6 @@ struct st_schannel { PUCHAR IoBuffer; DWORD IoBufferSize; SecPkgContext_StreamSizes Sizes; - CtxtHandle ctxt; MYSQL *mysql; }; @@ -67,7 +66,7 @@ extern HCERTSTORE ca_CertStore, crl_CertStore; extern my_bool ca_Check, crl_Check; CERT_CONTEXT *ma_schannel_create_cert_context(MARIADB_PVIO *pvio, const char *pem_file); -SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl); +SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls); SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRead, SecBuffer *pExtraData); my_bool ma_schannel_load_private_key(MARIADB_PVIO *pvio, CERT_CONTEXT *ctx, char *key_file); PCCRL_CONTEXT ma_schannel_create_crl_context(MARIADB_PVIO *pvio, const char *pem_file); diff --git a/libmariadb/secure/openssl.c b/libmariadb/secure/openssl.c index 56d61b40..8065d014 100644 --- a/libmariadb/secure/openssl.c +++ b/libmariadb/secure/openssl.c @@ -42,7 +42,7 @@ #endif #include -extern my_bool ma_ssl_initialized; +extern my_bool ma_tls_initialized; extern unsigned int mariadb_deinitialize_ssl; static SSL_CTX *SSL_context= NULL; @@ -52,7 +52,7 @@ static pthread_mutex_t LOCK_openssl_config; static pthread_mutex_t *LOCK_crypto= NULL; -static void ma_ssl_set_error(MYSQL *mysql) +static void ma_tls_set_error(MYSQL *mysql) { ulong ssl_errno= ERR_get_error(); char ssl_error[MAX_SSL_ERR_LEN]; @@ -76,7 +76,7 @@ static void ma_ssl_set_error(MYSQL *mysql) } -static void ma_ssl_get_error(char *errmsg, size_t length) +static void ma_tls_get_error(char *errmsg, size_t length) { ulong ssl_errno= ERR_get_error(); const char *ssl_error_reason; @@ -113,13 +113,13 @@ static void my_cb_threadid(CRYPTO_THREADID *id) #endif #ifdef HAVE_SSL_SESSION_CACHE -typedef struct st_ma_ssl_session { +typedef struct st_ma_tls_session { char md4_hash[17]; SSL_SESSION *session; } MA_SSL_SESSION; -MA_SSL_SESSION *ma_ssl_sessions= NULL; -unsigned int ma_ssl_session_cache_size= 128; +MA_SSL_SESSION *ma_tls_sessions= NULL; +unsigned int ma_tls_session_cache_size= 128; static char *ma_md4_hash(const char *host, const char *user, unsigned int port, char *md4) { @@ -130,28 +130,28 @@ static char *ma_md4_hash(const char *host, const char *user, unsigned int port, return md4; } -MA_SSL_SESSION *ma_ssl_get_session(MYSQL *mysql) +MA_SSL_SESSION *ma_tls_get_session(MYSQL *mysql) { char md4[17]; int i; - if (!ma_ssl_sessions) + if (!ma_tls_sessions) return NULL; memset(md4, 0, 16); ma_md4_hash(mysql->host, mysql->user, mysql->port, md4); - for (i=0; i < ma_ssl_session_cache_size; i++) + for (i=0; i < ma_tls_session_cache_size; i++) { - if (ma_ssl_sessions[i].session && - !strncmp(ma_ssl_sessions[i].md4_hash, md4, 16)) + if (ma_tls_sessions[i].session && + !strncmp(ma_tls_sessions[i].md4_hash, md4, 16)) { - return &ma_ssl_sessions[i]; + return &ma_tls_sessions[i]; } } return NULL; } -static int ma_ssl_session_cb(SSL *ssl, SSL_SESSION *session) +static int ma_tls_session_cb(SSL *ssl, SSL_SESSION *session) { MYSQL *mysql; MA_SSL_SESSION *stored_session; @@ -160,34 +160,34 @@ static int ma_ssl_session_cb(SSL *ssl, SSL_SESSION *session) mysql= (MYSQL *)SSL_get_app_data(ssl); /* check if we already stored session key */ - if ((stored_session= ma_ssl_get_session(mysql))) + if ((stored_session= ma_tls_get_session(mysql))) { SSL_SESSION_free(stored_session->session); stored_session->session= session; return 1; } - for (i=0; i < ma_ssl_session_cache_size; i++) + for (i=0; i < ma_tls_session_cache_size; i++) { - if (!ma_ssl_sessions[i].session) + if (!ma_tls_sessions[i].session) { - ma_md4_hash(mysql->host, mysql->user, mysql->port, ma_ssl_sessions[i].md4_hash); - ma_ssl_sessions[i].session= session; + ma_md4_hash(mysql->host, mysql->user, mysql->port, ma_tls_sessions[i].md4_hash); + ma_tls_sessions[i].session= session; } return 1; } return 0; } -static void ma_ssl_remove_session_cb(SSL_CTX* ctx, SSL_SESSION* session) +static void ma_tls_remove_session_cb(SSL_CTX* ctx, SSL_SESSION* session) { int i; - for (i=0; i < ma_ssl_session_cache_size; i++) - if (session == ma_ssl_sessions[i].session) + for (i=0; i < ma_tls_session_cache_size; i++) + if (session == ma_tls_sessions[i].session) { - ma_ssl_sessions[i].md4_hash[0]= 0; - SSL_SESSION_free(ma_ssl_sessions[i].session); - ma_ssl_sessions[i].session= NULL; + ma_tls_sessions[i].md4_hash[0]= 0; + SSL_SESSION_free(ma_tls_sessions[i].session); + ma_tls_sessions[i].session= NULL; } } #endif @@ -238,10 +238,10 @@ static int ssl_thread_init() 0 success 1 error */ -int ma_ssl_start(char *errmsg, size_t errmsg_len) +int ma_tls_start(char *errmsg, size_t errmsg_len) { int rc= 1; - if (ma_ssl_initialized) + if (ma_tls_initialized) return 0; /* lock mutex to prevent multiple initialization */ @@ -267,17 +267,17 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len) if (!(SSL_context= SSL_CTX_new(SSLv23_client_method()))) #endif { - ma_ssl_get_error(errmsg, errmsg_len); + ma_tls_get_error(errmsg, errmsg_len); goto end; } #ifdef HAVE_SSL_SESSION_CACHE SSL_CTX_set_session_cache_mode(SSL_context, SSL_SESS_CACHE_CLIENT); - ma_ssl_sessions= (MA_SSL_SESSION *)calloc(1, sizeof(struct st_ma_ssl_session) * ma_ssl_session_cache_size); - SSL_CTX_sess_set_new_cb(SSL_context, ma_ssl_session_cb); - SSL_CTX_sess_set_remove_cb(SSL_context, ma_ssl_remove_session_cb); + ma_tls_sessions= (MA_SSL_SESSION *)calloc(1, sizeof(struct st_ma_tls_session) * ma_tls_session_cache_size); + SSL_CTX_sess_set_new_cb(SSL_context, ma_tls_session_cb); + SSL_CTX_sess_set_remove_cb(SSL_context, ma_tls_remove_session_cb); #endif rc= 0; - ma_ssl_initialized= TRUE; + ma_tls_initialized= TRUE; end: pthread_mutex_unlock(&LOCK_openssl_config); return rc; @@ -295,9 +295,9 @@ end: RETURN VALUES void */ -void ma_ssl_end() +void ma_tls_end() { - if (ma_ssl_initialized) + if (ma_tls_initialized) { int i; pthread_mutex_lock(&LOCK_openssl_config); @@ -325,14 +325,14 @@ void ma_ssl_end() CONF_modules_unload(1); sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); } - ma_ssl_initialized= FALSE; + ma_tls_initialized= FALSE; pthread_mutex_unlock(&LOCK_openssl_config); pthread_mutex_destroy(&LOCK_openssl_config); } return; } -int ma_ssl_get_password(char *buf, int size, int rwflag, void *userdata) +int ma_tls_get_password(char *buf, int size, int rwflag, void *userdata) { memset(buf, 0, size); if (userdata) @@ -341,7 +341,7 @@ int ma_ssl_get_password(char *buf, int size, int rwflag, void *userdata) } -static int ma_ssl_set_certs(MYSQL *mysql) +static int ma_tls_set_certs(MYSQL *mysql) { char *certfile= mysql->options.ssl_cert, *keyfile= mysql->options.ssl_key; @@ -375,10 +375,10 @@ static int ma_ssl_set_certs(MYSQL *mysql) /* If the private key file is encrypted, we need to register a callback function * for providing password. */ - if (OPT_HAS_EXT_VAL(mysql, ssl_pw)) + if (OPT_HAS_EXT_VAL(mysql, tls_pw)) { - SSL_CTX_set_default_passwd_cb_userdata(SSL_context, (void *)mysql->options.extension->ssl_pw); - SSL_CTX_set_default_passwd_cb(SSL_context, ma_ssl_get_password); + SSL_CTX_set_default_passwd_cb_userdata(SSL_context, (void *)mysql->options.extension->tls_pw); + SSL_CTX_set_default_passwd_cb(SSL_context, ma_tls_get_password); } if (keyfile && keyfile[0]) @@ -391,7 +391,7 @@ static int ma_ssl_set_certs(MYSQL *mysql) goto error; } } - if (OPT_HAS_EXT_VAL(mysql, ssl_pw)) + if (OPT_HAS_EXT_VAL(mysql, tls_pw)) { SSL_CTX_set_default_passwd_cb_userdata(SSL_context, NULL); SSL_CTX_set_default_passwd_cb(SSL_context, NULL); @@ -416,7 +416,7 @@ static int ma_ssl_set_certs(MYSQL *mysql) return 0; error: - ma_ssl_set_error(mysql); + ma_tls_set_error(mysql); return 1; } @@ -450,16 +450,16 @@ static int my_verify_callback(int ok, X509_STORE_CTX *ctx) } -void *ma_ssl_init(MYSQL *mysql) +void *ma_tls_init(MYSQL *mysql) { int verify; SSL *ssl= NULL; #ifdef HAVE_SSL_SESSION_CACHE - MA_SSL_SESSION *session= ma_ssl_get_session(mysql); + MA_SSL_SESSION *session= ma_tls_get_session(mysql); #endif pthread_mutex_lock(&LOCK_openssl_config); - if (ma_ssl_set_certs(mysql)) + if (ma_tls_set_certs(mysql)) { goto error; } @@ -490,9 +490,9 @@ error: return NULL; } -my_bool ma_ssl_connect(MARIADB_SSL *cssl) +my_bool ma_tls_connect(MARIADB_TLS *ctls) { - SSL *ssl = (SSL *)cssl->ssl; + SSL *ssl = (SSL *)ctls->ssl; my_bool blocking; MYSQL *mysql; MARIADB_PVIO *pvio; @@ -512,7 +512,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) if (SSL_connect(ssl) != 1) { - ma_ssl_set_error(mysql); + ma_tls_set_error(mysql); /* restore blocking mode */ if (!blocking) pvio->methods->blocking(pvio, FALSE, 0); @@ -532,29 +532,29 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) return 1; } } - pvio->cssl->ssl= cssl->ssl= (void *)ssl; + pvio->ctls->ssl= ctls->ssl= (void *)ssl; return 0; } -size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length) { - return SSL_read((SSL *)cssl->ssl, (void *)buffer, (int)length); + return SSL_read((SSL *)ctls->ssl, (void *)buffer, (int)length); } -size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length) { - return SSL_write((SSL *)cssl->ssl, (void *)buffer, (int)length); + return SSL_write((SSL *)ctls->ssl, (void *)buffer, (int)length); } -my_bool ma_ssl_close(MARIADB_SSL *cssl) +my_bool ma_tls_close(MARIADB_TLS *ctls) { int i, rc; SSL *ssl; - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return 1; - ssl= (SSL *)cssl->ssl; + ssl= (SSL *)ctls->ssl; SSL_set_quiet_shutdown(ssl, 1); /* 2 x pending + 2 * data = 4 */ @@ -563,12 +563,12 @@ my_bool ma_ssl_close(MARIADB_SSL *cssl) break; SSL_free(ssl); - cssl->ssl= NULL; + ctls->ssl= NULL; return rc; } -int ma_ssl_verify_server_cert(MARIADB_SSL *cssl) +int ma_tls_verify_server_cert(MARIADB_TLS *ctls) { X509 *cert; MYSQL *mysql; @@ -580,9 +580,9 @@ int ma_ssl_verify_server_cert(MARIADB_SSL *cssl) SSL *ssl; MARIADB_PVIO *pvio; - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return 1; - ssl= (SSL *)cssl->ssl; + ssl= (SSL *)ctls->ssl; mysql= (MYSQL *)SSL_get_app_data(ssl); pvio= mysql->net.pvio; @@ -632,26 +632,26 @@ error: return 1; } -const char *ma_ssl_get_cipher(MARIADB_SSL *cssl) +const char *ma_tls_get_cipher(MARIADB_TLS *ctls) { - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return NULL; - return SSL_get_cipher_name(cssl->ssl); + return SSL_get_cipher_name(ctls->ssl); } -unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int len) +unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int len) { EVP_MD *digest= (EVP_MD *)EVP_sha1(); X509 *cert; MYSQL *mysql; unsigned int fp_len; - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return 0; - mysql= SSL_get_app_data(cssl->ssl); + mysql= SSL_get_app_data(ctls->ssl); - if (!(cert= SSL_get_peer_certificate(cssl->ssl))) + if (!(cert= SSL_get_peer_certificate(ctls->ssl))) { my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, ER(CR_SSL_CONNECTION_ERROR), @@ -681,14 +681,14 @@ unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsig extern char *ssl_protocol_version[5]; -my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version) +my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version) { SSL *ssl; - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return 1; - ssl = (SSL *)cssl->ssl; + ssl = (SSL *)ctls->ssl; switch(ssl->version) { #ifdef SSL3_VERSION diff --git a/libmariadb/secure/schannel.c b/libmariadb/secure/schannel.c index f1df8f25..07fe9906 100644 --- a/libmariadb/secure/schannel.c +++ b/libmariadb/secure/schannel.c @@ -24,7 +24,7 @@ //#define VOID void -extern my_bool ma_ssl_initialized; +extern my_bool ma_tls_initialized; static pthread_mutex_t LOCK_schannel_config; static pthread_mutex_t *LOCK_crypto= NULL; @@ -97,15 +97,15 @@ static int ssl_thread_init() context SSL_context SYNOPSIS - ma_ssl_start + ma_tls_start RETURN VALUES 0 success 1 error */ -int ma_ssl_start(char *errmsg, size_t errmsg_len) +int ma_tls_start(char *errmsg, size_t errmsg_len) { - if (!ma_ssl_initialized) + if (!ma_tls_initialized) { pthread_mutex_init(&LOCK_schannel_config,MY_MUTEX_INIT_FAST); pthread_mutex_lock(&LOCK_schannel_config); @@ -119,7 +119,7 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len) } } - ma_ssl_initialized = TRUE; + ma_tls_initialized = TRUE; pthread_mutex_unlock(&LOCK_schannel_config); } return 0; @@ -131,15 +131,15 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len) mysql_server_end() function SYNOPSIS - ma_ssl_end() + ma_tls_end() void RETURN VALUES void */ -void ma_ssl_end() +void ma_tls_end() { - if (ma_ssl_initialized) + if (ma_tls_initialized) { pthread_mutex_lock(&LOCK_schannel_config); if (ca_CertStore) @@ -152,25 +152,25 @@ void ma_ssl_end() CertCloseStore(crl_CertStore, 0); crl_CertStore = 0; } - ma_ssl_initialized= FALSE; + ma_tls_initialized= FALSE; pthread_mutex_unlock(&LOCK_schannel_config); pthread_mutex_destroy(&LOCK_schannel_config); } return; } -/* {{{ static int ma_ssl_set_client_certs(MARIADB_SSL *cssl) */ -static int ma_ssl_set_client_certs(MARIADB_SSL *cssl) +/* {{{ static int ma_tls_set_client_certs(MARIADB_TLS *ctls) */ +static int ma_tls_set_client_certs(MARIADB_TLS *ctls) { - MYSQL *mysql= cssl->pvio->mysql; + MYSQL *mysql= ctls->pvio->mysql; char *certfile= mysql->options.ssl_cert, *keyfile= mysql->options.ssl_key, *cafile= mysql->options.ssl_ca; PCERT_CONTEXT ca_ctx= NULL; PCRL_CONTEXT crl_ctx = NULL; - SC_CTX *sctx= (SC_CTX *)cssl->ssl; - MARIADB_PVIO *pvio= cssl->pvio; + SC_CTX *sctx= (SC_CTX *)ctls->ssl; + MARIADB_PVIO *pvio= ctls->pvio; if (cafile) { @@ -194,7 +194,7 @@ static int ma_ssl_set_client_certs(MARIADB_SSL *cssl) keyfile= certfile; if (certfile && certfile[0]) - if (!(sctx->client_cert_ctx = ma_schannel_create_cert_context(cssl->pvio, certfile))) + if (!(sctx->client_cert_ctx = ma_schannel_create_cert_context(ctls->pvio, certfile))) goto end; if (sctx->client_cert_ctx && keyfile[0]) @@ -229,8 +229,8 @@ end: } /* }}} */ -/* {{{ void *ma_ssl_init(MARIADB_SSL *cssl, MYSQL *mysql) */ -void *ma_ssl_init(MYSQL *mysql) +/* {{{ void *ma_tls_init(MARIADB_TLS *ctls, MYSQL *mysql) */ +void *ma_tls_init(MYSQL *mysql) { SC_CTX *sctx= NULL; @@ -249,7 +249,7 @@ void *ma_ssl_init(MYSQL *mysql) -my_bool ma_ssl_connect(MARIADB_SSL *cssl) +my_bool ma_tls_connect(MARIADB_TLS *ctls) { my_bool blocking; MYSQL *mysql; @@ -262,11 +262,11 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) pLocalCertContext= NULL; ALG_ID AlgId[MAX_ALG_ID]= {0}; - if (!cssl || !cssl->pvio) + if (!ctls || !ctls->pvio) return 1;; - pvio= cssl->pvio; - sctx= (SC_CTX *)cssl->ssl; + pvio= ctls->pvio; + sctx= (SC_CTX *)ctls->ssl; /* Set socket to blocking if not already set */ if (!(blocking= pvio->methods->is_blocking(pvio))) @@ -274,7 +274,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) mysql= pvio->mysql; - if (ma_ssl_set_client_certs(cssl)) + if (ma_tls_set_client_certs(ctls)) goto end; ZeroMemory(&Cred, sizeof(SCHANNEL_CRED)); @@ -302,7 +302,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) Cred.dwVersion= SCHANNEL_CRED_VERSION; if (mysql->options.extension) - Cred.dwMinimumCipherStrength = MAX(128, mysql->options.extension->ssl_cipher_strength); + Cred.dwMinimumCipherStrength = MAX(128, mysql->options.extension->tls_cipher_strength); else Cred.dwMinimumCipherStrength = 128; Cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK | SCH_SEND_ROOT_CERT | @@ -323,7 +323,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl) } sctx->FreeCredHdl= 1; - if (ma_schannel_client_handshake(cssl) != SEC_E_OK) + if (ma_schannel_client_handshake(ctls) != SEC_E_OK) goto end; sRet= QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (PVOID)&pRemoteCertContext); @@ -350,9 +350,9 @@ end: return 1; } -size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length) { - SC_CTX *sctx= (SC_CTX *)cssl->ssl; + SC_CTX *sctx= (SC_CTX *)ctls->ssl; MARIADB_PVIO *pvio= sctx->mysql->net.pvio; DWORD dlength= -1; @@ -360,9 +360,9 @@ size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length) return dlength; } -size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length) +size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length) { - SC_CTX *sctx= (SC_CTX *)cssl->ssl; + SC_CTX *sctx= (SC_CTX *)ctls->ssl; MARIADB_PVIO *pvio= sctx->mysql->net.pvio; size_t rc, wlength= 0; size_t remain= length; @@ -377,10 +377,10 @@ size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length) return length; } -/* {{{ my_bool ma_ssl_close(MARIADB_PVIO *pvio) */ -my_bool ma_ssl_close(MARIADB_SSL *cssl) +/* {{{ my_bool ma_tls_close(MARIADB_PVIO *pvio) */ +my_bool ma_tls_close(MARIADB_TLS *ctls) { - SC_CTX *sctx= (SC_CTX *)cssl->ssl; + SC_CTX *sctx= (SC_CTX *)ctls->ssl; if (sctx) { @@ -396,10 +396,10 @@ my_bool ma_ssl_close(MARIADB_SSL *cssl) } /* }}} */ -int ma_ssl_verify_server_cert(MARIADB_SSL *cssl) +int ma_tls_verify_server_cert(MARIADB_TLS *ctls) { - SC_CTX *sctx= (SC_CTX *)cssl->ssl; - MARIADB_PVIO *pvio= cssl->pvio; + SC_CTX *sctx= (SC_CTX *)ctls->ssl; + MARIADB_PVIO *pvio= ctls->pvio; int rc= 1; char *szName= NULL; char *pszServerName= pvio->mysql->host; @@ -461,17 +461,17 @@ end: return rc; } -const char *ma_ssl_get_cipher(MARIADB_SSL *cssl) +const char *ma_tls_get_cipher(MARIADB_TLS *ctls) { SecPkgContext_ConnectionInfo cinfo; SECURITY_STATUS sRet; SC_CTX *sctx; DWORD i= 0; - if (!cssl || !cssl->ssl) + if (!ctls || !ctls->ssl) return NULL; - sctx= (SC_CTX *)cssl->ssl; + sctx= (SC_CTX *)ctls->ssl; sRet= QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_CONNECTION_INFO, (PVOID)&cinfo); if (sRet != SEC_E_OK) @@ -486,9 +486,9 @@ const char *ma_ssl_get_cipher(MARIADB_SSL *cssl) return NULL; } -unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int len) +unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int len) { - SC_CTX *sctx= (SC_CTX *)cssl->ssl; + SC_CTX *sctx= (SC_CTX *)ctls->ssl; PCCERT_CONTEXT pRemoteCertContext = NULL; if (QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (PVOID)&pRemoteCertContext) != SEC_E_OK) return 0; diff --git a/plugins/auth/my_auth.c b/plugins/auth/my_auth.c index c400991f..8498e77d 100644 --- a/plugins/auth/my_auth.c +++ b/plugins/auth/my_auth.c @@ -189,8 +189,8 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio, if (mysql->options.use_ssl && !(mysql->server_capabilities & CLIENT_SSL)) { if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) || - (mysql->options.extension && (mysql->options.extension->ssl_fp || - mysql->options.extension->ssl_fp_list))) + (mysql->options.extension && (mysql->options.extension->tls_fp || + mysql->options.extension->tls_fp_list))) { my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN, ER(CR_SSL_CONNECTION_ERROR), diff --git a/unittest/libmariadb/connection.c b/unittest/libmariadb/connection.c index 2b88305e..75fd3184 100644 --- a/unittest/libmariadb/connection.c +++ b/unittest/libmariadb/connection.c @@ -841,7 +841,7 @@ static int test_get_options(MYSQL *my) int options_char[]= {MYSQL_READ_DEFAULT_FILE, MYSQL_READ_DEFAULT_GROUP, MYSQL_SET_CHARSET_NAME, MYSQL_OPT_SSL_KEY, MYSQL_OPT_SSL_CA, MYSQL_OPT_SSL_CERT, MYSQL_OPT_SSL_CAPATH, MYSQL_OPT_SSL_CIPHER, MYSQL_OPT_BIND, MARIADB_OPT_SSL_FP, MARIADB_OPT_SSL_FP_LIST, - MARIADB_OPT_SSL_PASSPHRASE, 0}; + MARIADB_OPT_TLS_PASSPHRASE, 0}; char *init_command[3]= {"SET @a:=1", "SET @b:=2", "SET @c:=3"}; int elements= 0; diff --git a/unittest/libmariadb/ssl.c.in b/unittest/libmariadb/ssl.c.in index 11a51a4c..fec4116a 100644 --- a/unittest/libmariadb/ssl.c.in +++ b/unittest/libmariadb/ssl.c.in @@ -379,7 +379,7 @@ static int test_password_protected(MYSQL *my) "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/client-cert.pem", "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/ca-cert.pem", 0, 0); - mysql_options(mysql, MARIADB_OPT_SSL_PASSPHRASE, "qwerty"); + mysql_options(mysql, MARIADB_OPT_TLS_PASSPHRASE, "qwerty"); FAIL_IF(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema, port, socketname, 0), mysql_error(mysql)); @@ -780,12 +780,12 @@ static int test_ssl_version(MYSQL *mysql) port, socketname, 0), mysql_error(my)); diag("cipher: %s", mysql_get_ssl_cipher(my)); - mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION_ID, &iversion); + mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION_ID, &iversion); diag("protocol: %d", iversion); - mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION, &version); + mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION, &version); diag("protocol: %s", version); - mariadb_get_infov(my, MARIADB_SSL_LIBRARY, &library); + mariadb_get_infov(my, MARIADB_TLS_LIBRARY, &library); diag("library: %s", library); mysql_close(my); @@ -806,7 +806,7 @@ static int test_schannel_cipher(MYSQL *mysql) FAIL_IF(!my, "mysql_init() failed"); mysql_ssl_set(my,0, 0, "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/ca-cert.pem", 0, 0); - mysql_options(my, MARIADB_OPT_SSL_CIPHER_STRENGTH, &cipher_strength); + mysql_options(my, MARIADB_OPT_TLS_CIPHER_STRENGTH, &cipher_strength); FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema, port, socketname, 0), mysql_error(my));