database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-07 02:42:49 +03:00
Code Activity

Since we use TLS and not SSL functions and structures were renamed

Browse Source 
from SSL to TLS
This commit is contained in:
Georg Richter
2016-03-16 18:20:08 +01:00
parent f68b89bc46
commit 4b1e94bccc
18 changed files with 329 additions and 1182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/ma_common.h
View File

@@ -49,13 +49,14 @@ struct st_mysql_options_extension {
const char *proc_info,
unsigned int proc_info_length);
MARIADB_DB_DRIVER *db_driver;
char *ssl_fp; /* finger print of server certificate */
char *ssl_fp_list; /* white list of finger prints */
char *ssl_pw; /* password for encrypted certificates */
char *tls_fp; /* finger print of server certificate */
char *tls_fp_list; /* white list of finger prints */
char *tls_pw; /* password for encrypted certificates */
my_bool multi_command; /* indicates if client wants to send multiple
commands in one packet */
char *url; /* for connection handler we need to save URL for reconnect */
unsigned int ssl_cipher_strength;
unsigned int tls_cipher_strength;
char *tls_version;
my_bool read_only;
char *connection_handler;
my_bool (*set_option)(MYSQL *mysql, const char *config_option, const char *config_value);

6
include/ma_pvio.h
View File

@@ -3,9 +3,9 @@
#define cio_defined
#ifdef HAVE_SSL
#include <ma_ssl.h>
#include <ma_tls.h>
#else
#define MARIADB_SSL void
#define MARIADB_TLS void
#endif
#define PVIO_SET_ERROR if (pvio->set_error) \
@@ -78,7 +78,7 @@ struct st_ma_pvio {
enum enum_pvio_type type;
int timeout[3];
int ssl_type; /* todo: change to enum (ssl plugins) */
MARIADB_SSL *cssl;
MARIADB_TLS *ctls;
MYSQL *mysql;
struct mysql_async_context *async_context; /* For non-blocking API */
PVIO_METHODS *methods;

98
include/ma_ssl.h → include/ma_tls.h
View File

@@ -1,7 +1,7 @@
#ifndef _ma_ssl_h_
#define _ma_ssl_h_
#ifndef _ma_tls_h_
#define _ma_tls_h_
enum enum_pvio_ssl_type {
enum enum_pvio_tls_type {
SSL_TYPE_DEFAULT=0,
#ifdef _WIN32
SSL_TYPE_SCHANNEL,
@@ -10,11 +10,11 @@ enum enum_pvio_ssl_type {
SSL_TYPE_GNUTLS
};
typedef struct st_ma_pvio_ssl {
typedef struct st_ma_pvio_tls {
void *data;
MARIADB_PVIO *pvio;
void *ssl;
} MARIADB_SSL;
} MARIADB_TLS;
struct st_ssl_version {
unsigned int iversion;
@@ -23,7 +23,7 @@ struct st_ssl_version {
/* Function prototypes */
/* ma_ssl_start
/* ma_tls_start
initializes the ssl library
Parameter:
errmsg pointer to error message buffer
@@ -32,17 +32,17 @@ struct st_ssl_version {
0 success
1 if an error occured
Notes:
On success the global variable ma_ssl_initialized will be set to 1
On success the global variable ma_tls_initialized will be set to 1
*/
int ma_ssl_start(char *errmsg, size_t errmsg_len);
int ma_tls_start(char *errmsg, size_t errmsg_len);
/* ma_ssl_end
/* ma_tls_end
unloads/deinitializes ssl library and unsets global variable
ma_ssl_initialized
ma_tls_initialized
*/
void ma_ssl_end(void);
void ma_tls_end(void);
/* ma_ssl_init
/* ma_tls_init
creates a new SSL structure for a SSL connection and loads
client certificates
@@ -51,106 +51,106 @@ void ma_ssl_end(void);
Returns:
void * a pointer to internal SSL structure
*/
void * ma_ssl_init(MYSQL *mysql);
void * ma_tls_init(MYSQL *mysql);
/* ma_ssl_connect
/* ma_tls_connect
performs SSL handshake
Parameters:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
0 success
1 error
*/
my_bool ma_ssl_connect(MARIADB_SSL *cssl);
my_bool ma_tls_connect(MARIADB_TLS *ctls);
/* ma_ssl_read
/* ma_tls_read
reads up to length bytes from socket
Parameters:
cssl MariaDB SSL container
ctls MariaDB SSL container
buffer read buffer
length buffer length
Returns:
0-n bytes read
-1 if an error occured
*/
size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length);
size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
/* ma_ssl_write
/* ma_tls_write
write buffer to socket
Parameters:
cssl MariaDB SSL container
ctls MariaDB SSL container
buffer write buffer
length buffer length
Returns:
0-n bytes written
-1 if an error occured
*/
size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length);
size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
/* ma_ssl_close
/* ma_tls_close
closes SSL connection and frees SSL structure which was previously
created by ma_ssl_init call
created by ma_tls_init call
Parameters:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
0 success
1 error
*/
my_bool ma_ssl_close(MARIADB_SSL *cssl);
my_bool ma_tls_close(MARIADB_TLS *ctls);
/* ma_ssl_verify_server_cert
/* ma_tls_verify_server_cert
validation check of server certificate
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
ß success
1 error
*/
int ma_ssl_verify_server_cert(MARIADB_SSL *cssl);
int ma_tls_verify_server_cert(MARIADB_TLS *ctls);
/* ma_ssl_get_cipher
/* ma_tls_get_cipher
returns cipher for current ssl connection
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
Returns:
cipher in use or
NULL on error
*/
const char *ma_ssl_get_cipher(MARIADB_SSL *ssl);
const char *ma_tls_get_cipher(MARIADB_TLS *ssl);
/* ma_ssl_get_finger_print
/* ma_tls_get_finger_print
returns SHA1 finger print of server certificate
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
fp buffer for fingerprint
fp_len buffer length
Returns:
actual size of finger print
*/
unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int fp_len);
unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int fp_len);
/* ma_ssl_get_protocol_version
/* ma_tls_get_protocol_version
returns protocol version in use
Parameter:
MARIADB_SSL MariaDB SSL container
MARIADB_TLS MariaDB SSL container
version pointer to ssl version info
Returns:
0 success
1 error
*/
my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version);
/* Function prototypes */
MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql);
my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl);
size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar *buffer, size_t length);
size_t ma_pvio_ssl_write(MARIADB_SSL *cssl, const uchar *buffer, size_t length);
my_bool ma_pvio_ssl_close(MARIADB_SSL *cssl);
int ma_pvio_ssl_verify_server_cert(MARIADB_SSL *cssl);
const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl);
my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list);
MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql);
my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls);
size_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
size_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
my_bool ma_pvio_tls_close(MARIADB_TLS *ctls);
int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls);
const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls);
my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list);
my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
void ma_pvio_ssl_end();
my_bool ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version);
void ma_pvio_tls_end();
#endif /* _ma_ssl_h_ */
#endif /* _ma_tls_h_ */

4
include/mariadb_async.h
View File

@@ -29,9 +29,9 @@ extern ssize_t my_send_async(MARIADB_PVIO *pvio,
extern my_bool my_io_wait_async(struct mysql_async_context *b,
enum enum_pvio_io_event event, int timeout);
#ifdef HAVE_SSL
extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_SSL *ssl,
extern int my_ssl_read_async(struct mysql_async_context *b, MARIADB_TLS *tls,
void *buf, int size);
extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_SSL *ssl,
extern int my_ssl_write_async(struct mysql_async_context *b, MARIADB_TLS *tls,
const void *buf, int size);
#endif

19
include/mysql.h
View File

@@ -214,13 +214,16 @@ extern unsigned int mariadb_deinitialize_ssl;
MYSQL_OPT_NONBLOCK,
/* MariaDB Connector/C specific */
MYSQL_DATABASE_DRIVER=7000,
MARIADB_OPT_SSL_FP, /* single finger print for server certificate verification */
MARIADB_OPT_SSL_FP_LIST, /* finger print white list for server certificate verification */
MARIADB_OPT_SSL_PASSPHRASE, /* passphrase for encrypted certificates */
MARIADB_OPT_SSL_FP, /* deprecated, use MARIADB_OPT_TLS_PEER_FP instead */
MARIADB_OPT_SSL_FP_LIST, /* deprecated, use MARIADB_OPT_TLS_PEER_FP_LIST instead */
MARIADB_OPT_TLS_PASSPHRASE, /* passphrase for encrypted certificates */
MARIADB_OPT_TLS_CIPHER_STRENGTH,
MARIADB_OPT_TLS_VERSION,
MARIADB_OPT_TLS_PEER_FP, /* single finger print for server certificate verification */
MARIADB_OPT_TLS_PEER_FP_LIST, /* finger print white list for server certificate verification */
MARIADB_OPT_CONNECTION_READ_ONLY,
MYSQL_OPT_CONNECT_ATTRS, /* for mysql_get_optionv */
MARIADB_OPT_USERDATA,
MARIADB_OPT_SSL_CIPHER_STRENGTH,
MARIADB_OPT_CONNECTION_HANDLER,
MARIADB_OPT_PORT,
MARIADB_OPT_UNIXSOCKET,
@@ -259,14 +262,14 @@ extern unsigned int mariadb_deinitialize_ssl;
MARIADB_CONNECTION_SOCKET,
MARIADB_CONNECTION_SQLSTATE,
MARIADB_CONNECTION_SSL_CIPHER,
MARIADB_SSL_LIBRARY,
MARIADB_CONNECTION_SSL_VERSION,
MARIADB_CONNECTION_SSL_VERSION_ID,
MARIADB_TLS_LIBRARY,
MARIADB_CONNECTION_TLS_VERSION,
MARIADB_CONNECTION_TLS_VERSION_ID,
MARIADB_CONNECTION_TYPE,
MARIADB_CONNECTION_UNIX_SOCKET,
MARIADB_CONNECTION_USER,
MARIADB_MAX_ALLOWED_PACKET,
MARIADB_NET_BUFFER_LENGTH
MARIADB_NET_BUFFER_LENGTH,
};
enum mysql_status { MYSQL_STATUS_READY,

2
libmariadb/CMakeLists.txt
View File

@@ -251,7 +251,7 @@ ma_errmsg.c
mariadb_lib.c
ma_list.c
ma_pvio.c
ma_ssl.c
ma_tls.c
ma_alloc.c
ma_compress.c
ma_init.c

861
libmariadb/ma_dtoa.c
View File

@@ -746,49 +746,6 @@ static Bigint *multadd(Bigint *b, int m, int a, Stack_alloc *alloc)
return b;
}
/**
Converts a string to Bigint.
Now we have nd0 digits, starting at s, followed by a
decimal point, followed by nd-nd0 digits.
Unless nd0 == nd, in which case we have a number of the form:
".xxxxxx" or "xxxxxx."
@param s Input string, already partially parsed by ma_strtod_int().
@param nd0 Number of digits before decimal point.
@param nd Total number of digits.
@param y9 Pre-computed value of the first nine digits.
@param alloc Stack allocator for Bigints.
*/
static Bigint *s2b(const char *s, int nd0, int nd, ULong y9, Stack_alloc *alloc)
{
Bigint *b;
int i, k;
Long x, y;
x= (nd + 8) / 9;
for (k= 0, y= 1; x > y; y <<= 1, k++) ;
b= Balloc(k, alloc);
b->p.x[0]= y9;
b->wds= 1;
i= 9;
if (9 < nd0)
{
s+= 9;
do
b= multadd(b, 10, *s++ - '0', alloc);
while (++i < nd0);
s++; /* skip '.' */
}
else
s+= 10;
/* now do the fractional part */
for(; i < nd; i++)
b= multadd(b, 10, *s++ - '0', alloc);
return b;
}
static int hi0bits(register ULong x)
{
@@ -1143,57 +1100,6 @@ static Bigint *diff(Bigint *a, Bigint *b, Stack_alloc *alloc)
}
static double ulp(U *x)
{
register Long L;
U u;
L= (word0(x) & Exp_mask) - (P - 1)*Exp_msk1;
word0(&u) = L;
word1(&u) = 0;
return dval(&u);
}
static double b2d(Bigint *a, int *e)
{
ULong *xa, *xa0, w, y, z;
int k;
U d;
#define d0 word0(&d)
#define d1 word1(&d)
xa0= a->p.x;
xa= xa0 + a->wds;
y= *--xa;
k= hi0bits(y);
*e= 32 - k;
if (k < Ebits)
{
d0= Exp_1 | y >> (Ebits - k);
w= xa > xa0 ? *--xa : 0;
d1= y << ((32-Ebits) + k) | w >> (Ebits - k);
goto ret_d;
}
z= xa > xa0 ? *--xa : 0;
if (k-= Ebits)
{
d0= Exp_1 | y << k | z >> (32 - k);
y= xa > xa0 ? *--xa : 0;
d1= z << k | y >> (32 - k);
}
else
{
d0= Exp_1 | y;
d1= z;
}
ret_d:
#undef d0
#undef d1
return dval(&d);
}
static Bigint *d2b(U *d, int *e, int *bits, Stack_alloc *alloc)
{
Bigint *b;
@@ -1244,24 +1150,6 @@ static Bigint *d2b(U *d, int *e, int *bits, Stack_alloc *alloc)
}
static double ratio(Bigint *a, Bigint *b)
{
U da, db;
int k, ka, kb;
dval(&da)= b2d(a, &ka);
dval(&db)= b2d(b, &kb);
k= ka - kb + 32*(a->wds - b->wds);
if (k > 0)
word0(&da)+= k*Exp_msk1;
else
{
k= -k;
word0(&db)+= k*Exp_msk1;
}
return dval(&da) / dval(&db);
}
static const double tens[] =
{
1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6, 1e7, 1e8, 1e9,
@@ -1281,755 +1169,6 @@ static const double tinytens[]=
#define Scale_Bit 0x10
#define n_bigtens 5
/*
strtod for IEEE--arithmetic machines.
This strtod returns a nearest machine number to the input decimal
string (or sets errno to EOVERFLOW). Ties are broken by the IEEE round-even
rule.
Inspired loosely by William D. Clinger's paper "How to Read Floating
Point Numbers Accurately" [Proc. ACM SIGPLAN '90, pp. 92-101].
Modifications:
1. We only require IEEE (not IEEE double-extended).
2. We get by with floating-point arithmetic in a case that
Clinger missed -- when we're computing d * 10^n
for a small integer d and the integer n is not too
much larger than 22 (the maximum integer k for which
we can represent 10^k exactly), we may be able to
compute (d*10^k) * 10^(e-k) with just one roundoff.
3. Rather than a bit-at-a-time adjustment of the binary
result in the hard case, we use floating-point
arithmetic to determine the adjustment to within
one bit; only in really hard cases do we need to
compute a second residual.
4. Because of 3., we don't need a large table of powers of 10
for ten-to-e (just some small tables, e.g. of 10^k
for 0 <= k <= 22).
*/
static double ma_strtod_int(const char *s00, char **se, int *error, char *buf, size_t buf_size)
{
int scale;
int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, UNINIT_VAR(c), dsign,
e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign;
const char *s, *s0, *s1, *end = *se;
double aadj, aadj1;
U aadj2, adj, rv, rv0;
Long L;
ULong y, z;
Bigint *bb, *bb1, *bd, *bd0, *bs, *delta;
#ifdef SET_INEXACT
int inexact, oldinexact;
#endif
#ifdef Honor_FLT_ROUNDS
int rounding;
#endif
Stack_alloc alloc;
*error= 0;
alloc.begin= alloc.free= buf;
alloc.end= buf + buf_size;
memset(alloc.freelist, 0, sizeof(alloc.freelist));
sign= nz0= nz= 0;
dval(&rv)= 0.;
for (s= s00; s < end; s++)
switch (*s) {
case '-':
sign= 1;
/* no break */
case '+':
s++;
goto break2;
case '\t':
case '\n':
case '\v':
case '\f':
case '\r':
case ' ':
continue;
default:
goto break2;
}
break2:
if (s >= end)
goto ret0;
if (*s == '0')
{
nz0= 1;
while (++s < end && *s == '0') ;
if (s >= end)
goto ret;
}
s0= s;
y= z= 0;
for (nd= nf= 0; s < end && (c= *s) >= '0' && c <= '9'; nd++, s++)
if (nd < 9)
y= 10*y + c - '0';
else if (nd < 16)
z= 10*z + c - '0';
nd0= nd;
if (s < end && c == '.')
{
++s;
if (!nd)
{
for (; s < end && (c= *s) == '0'; ++s)
nz++;
if (s < end && (c= *s) > '0' && c <= '9')
{
s0= s;
nf+= nz;
nz= 0;
goto have_dig;
}
goto dig_done;
}
for (; s < end && (c= *s) >= '0' && c <= '9'; ++s)
{
have_dig:
/*
Here we are parsing the fractional part.
We can stop counting digits after a while: the extra digits
will not contribute to the actual result produced by s2b().
We have to continue scanning, in case there is an exponent part.
*/
if (nd < 2 * DBL_DIG)
{
nz++;
if (c-= '0')
{
nf+= nz;
for (i= 1; i < nz; i++)
if (nd++ < 9)
y*= 10;
else if (nd <= DBL_DIG + 1)
z*= 10;
if (nd++ < 9)
y= 10*y + c;
else if (nd <= DBL_DIG + 1)
z= 10*z + c;
nz= 0;
}
}
}
}
dig_done:
e= 0;
if (s < end && (c == 'e' || c == 'E'))
{
if (!nd && !nz && !nz0)
goto ret0;
s00= s;
esign= 0;
if (++s < end)
switch (c= *s) {
case '-':
esign= 1;
case '+':
c= *++s;
}
if (s < end && c >= '0' && c <= '9')
{
while (s < end && c == '0')
c= *++s;
if (s < end && c > '0' && c <= '9') {
L= c - '0';
s1= s;
while (++s < end && (c= *s) >= '0' && c <= '9')
L= 10*L + c - '0';
if (s - s1 > 8 || L > 19999)
/* Avoid confusion from exponents
* so large that e might overflow.
*/
e= 19999; /* safe for 16 bit ints */
else
e= (int)L;
if (esign)
e= -e;
}
else
e= 0;
}
else
s= s00;
}
if (!nd)
{
if (!nz && !nz0)
{
ret0:
s= s00;
sign= 0;
}
goto ret;
}
e1= e -= nf;
/*
Now we have nd0 digits, starting at s0, followed by a
decimal point, followed by nd-nd0 digits. The number we're
after is the integer represented by those digits times
10**e
*/
if (!nd0)
nd0= nd;
k= nd < DBL_DIG + 1 ? nd : DBL_DIG + 1;
dval(&rv)= y;
if (k > 9)
{
#ifdef SET_INEXACT
if (k > DBL_DIG)
oldinexact = get_inexact();
#endif
dval(&rv)= tens[k - 9] * dval(&rv) + z;
}
bd0= 0;
if (nd <= DBL_DIG
#ifndef Honor_FLT_ROUNDS
&& Flt_Rounds == 1
#endif
)
{
if (!e)
goto ret;
if (e > 0)
{
if (e <= Ten_pmax)
{
#ifdef Honor_FLT_ROUNDS
/* round correctly FLT_ROUNDS = 2 or 3 */
if (sign)
{
rv.d= -rv.d;
sign= 0;
}
#endif
/* rv = */ rounded_product(dval(&rv), tens[e]);
goto ret;
}
i= DBL_DIG - nd;
if (e <= Ten_pmax + i)
{
/*
A fancier test would sometimes let us do
this for larger i values.
*/
#ifdef Honor_FLT_ROUNDS
/* round correctly FLT_ROUNDS = 2 or 3 */
if (sign)
{
rv.d= -rv.d;
sign= 0;
}
#endif
e-= i;
dval(&rv)*= tens[i];
/* rv = */ rounded_product(dval(&rv), tens[e]);
goto ret;
}
}
#ifndef Inaccurate_Divide
else if (e >= -Ten_pmax)
{
#ifdef Honor_FLT_ROUNDS
/* round correctly FLT_ROUNDS = 2 or 3 */
if (sign)
{
rv.d= -rv.d;
sign= 0;
}
#endif
/* rv = */ rounded_quotient(dval(&rv), tens[-e]);
goto ret;
}
#endif
}
e1+= nd - k;
#ifdef SET_INEXACT
inexact= 1;
if (k <= DBL_DIG)
oldinexact= get_inexact();
#endif
scale= 0;
#ifdef Honor_FLT_ROUNDS
if ((rounding= Flt_Rounds) >= 2)
{
if (sign)
rounding= rounding == 2 ? 0 : 2;
else
if (rounding != 2)
rounding= 0;
}
#endif
/* Get starting approximation = rv * 10**e1 */
if (e1 > 0)
{
if ((i= e1 & 15))
dval(&rv)*= tens[i];
if (e1&= ~15)
{
if (e1 > DBL_MAX_10_EXP)
{
ovfl:
*error= EOVERFLOW;
/* Can't trust HUGE_VAL */
#ifdef Honor_FLT_ROUNDS
switch (rounding)
{
case 0: /* toward 0 */
case 3: /* toward -infinity */
word0(&rv)= Big0;
word1(&rv)= Big1;
break;
default:
word0(&rv)= Exp_mask;
word1(&rv)= 0;
}
#else /*Honor_FLT_ROUNDS*/
word0(&rv)= Exp_mask;
word1(&rv)= 0;
#endif /*Honor_FLT_ROUNDS*/
#ifdef SET_INEXACT
/* set overflow bit */
dval(&rv0)= 1e300;
dval(&rv0)*= dval(&rv0);
#endif
if (bd0)
goto retfree;
goto ret;
}
e1>>= 4;
for(j= 0; e1 > 1; j++, e1>>= 1)
if (e1 & 1)
dval(&rv)*= bigtens[j];
/* The last multiplication could overflow. */
word0(&rv)-= P*Exp_msk1;
dval(&rv)*= bigtens[j];
if ((z= word0(&rv) & Exp_mask) > Exp_msk1 * (DBL_MAX_EXP + Bias - P))
goto ovfl;
if (z > Exp_msk1 * (DBL_MAX_EXP + Bias - 1 - P))
{
/* set to largest number (Can't trust DBL_MAX) */
word0(&rv)= Big0;
word1(&rv)= Big1;
}
else
word0(&rv)+= P*Exp_msk1;
}
}
else if (e1 < 0)
{
e1= -e1;
if ((i= e1 & 15))
dval(&rv)/= tens[i];
if ((e1>>= 4))
{
if (e1 >= 1 << n_bigtens)
goto undfl;
if (e1 & Scale_Bit)
scale= 2 * P;
for(j= 0; e1 > 0; j++, e1>>= 1)
if (e1 & 1)
dval(&rv)*= tinytens[j];
if (scale && (j = 2 * P + 1 - ((word0(&rv) & Exp_mask) >> Exp_shift)) > 0)
{
/* scaled rv is denormal; zap j low bits */
if (j >= 32)
{
word1(&rv)= 0;
if (j >= 53)
word0(&rv)= (P + 2) * Exp_msk1;
else
word0(&rv)&= 0xffffffff << (j - 32);
}
else
word1(&rv)&= 0xffffffff << j;
}
if (!dval(&rv))
{
undfl:
dval(&rv)= 0.;
if (bd0)
goto retfree;
goto ret;
}
}
}
/* Now the hard part -- adjusting rv to the correct value.*/
/* Put digits into bd: true value = bd * 10^e */
bd0= s2b(s0, nd0, nd, y, &alloc);
for(;;)
{
bd= Balloc(bd0->k, &alloc);
Bcopy(bd, bd0);
bb= d2b(&rv, &bbe, &bbbits, &alloc); /* rv = bb * 2^bbe */
bs= i2b(1, &alloc);
if (e >= 0)
{
bb2= bb5= 0;
bd2= bd5= e;
}
else
{
bb2= bb5= -e;
bd2= bd5= 0;
}
if (bbe >= 0)
bb2+= bbe;
else
bd2-= bbe;
bs2= bb2;
#ifdef Honor_FLT_ROUNDS
if (rounding != 1)
bs2++;
#endif
j= bbe - scale;
i= j + bbbits - 1; /* logb(rv) */
if (i < Emin) /* denormal */
j+= P - Emin;
else
j= P + 1 - bbbits;
bb2+= j;
bd2+= j;
bd2+= scale;
i= bb2 < bd2 ? bb2 : bd2;
if (i > bs2)
i= bs2;
if (i > 0)
{
bb2-= i;
bd2-= i;
bs2-= i;
}
if (bb5 > 0)
{
bs= pow5mult(bs, bb5, &alloc);
bb1= mult(bs, bb, &alloc);
Bfree(bb, &alloc);
bb= bb1;
}
if (bb2 > 0)
bb= lshift(bb, bb2, &alloc);
if (bd5 > 0)
bd= pow5mult(bd, bd5, &alloc);
if (bd2 > 0)
bd= lshift(bd, bd2, &alloc);
if (bs2 > 0)
bs= lshift(bs, bs2, &alloc);
delta= diff(bb, bd, &alloc);
dsign= delta->sign;
delta->sign= 0;
i= cmp(delta, bs);
#ifdef Honor_FLT_ROUNDS
if (rounding != 1)
{
if (i < 0)
{
/* Error is less than an ulp */
if (!delta->p.x[0] && delta->wds <= 1)
{
/* exact */
#ifdef SET_INEXACT
inexact= 0;
#endif
break;
}
if (rounding)
{
if (dsign)
{
adj.d= 1.;
goto apply_adj;
}
}
else if (!dsign)
{
adj.d= -1.;
if (!word1(&rv) && !(word0(&rv) & Frac_mask))
{
y= word0(&rv) & Exp_mask;
if (!scale || y > 2*P*Exp_msk1)
{
delta= lshift(delta, Log2P, &alloc);
if (cmp(delta, bs) <= 0)
adj.d= -0.5;
}
}
apply_adj:
if (scale && (y= word0(&rv) & Exp_mask) <= 2 * P * Exp_msk1)
word0(&adj)+= (2 * P + 1) * Exp_msk1 - y;
dval(&rv)+= adj.d * ulp(&rv);
}
break;
}
adj.d= ratio(delta, bs);
if (adj.d < 1.)
adj.d= 1.;
if (adj.d <= 0x7ffffffe)
{
/* adj = rounding ? ceil(adj) : floor(adj); */
y= adj.d;
if (y != adj.d)
{
if (!((rounding >> 1) ^ dsign))
y++;
adj.d= y;
}
}
if (scale && (y= word0(&rv) & Exp_mask) <= 2 * P * Exp_msk1)
word0(&adj)+= (2 * P + 1) * Exp_msk1 - y;
adj.d*= ulp(&rv);
if (dsign)
dval(&rv)+= adj.d;
else
dval(&rv)-= adj.d;
goto cont;
}
#endif /*Honor_FLT_ROUNDS*/
if (i < 0)
{
/*
Error is less than half an ulp -- check for special case of mantissa
a power of two.
*/
if (dsign || word1(&rv) || word0(&rv) & Bndry_mask ||
(word0(&rv) & Exp_mask) <= (2 * P + 1) * Exp_msk1)
{
#ifdef SET_INEXACT
if (!delta->x[0] && delta->wds <= 1)
inexact= 0;
#endif
break;
}
if (!delta->p.x[0] && delta->wds <= 1)
{
/* exact result */
#ifdef SET_INEXACT
inexact= 0;
#endif
break;
}
delta= lshift(delta, Log2P, &alloc);
if (cmp(delta, bs) > 0)
goto drop_down;
break;
}
if (i == 0)
{
/* exactly half-way between */
if (dsign)
{
if ((word0(&rv) & Bndry_mask1) == Bndry_mask1 &&
word1(&rv) ==
((scale && (y = word0(&rv) & Exp_mask) <= 2 * P * Exp_msk1) ?
(0xffffffff & (0xffffffff << (2*P+1-(y>>Exp_shift)))) :
0xffffffff))
{
/*boundary case -- increment exponent*/
word0(&rv)= (word0(&rv) & Exp_mask) + Exp_msk1;
word1(&rv) = 0;
dsign = 0;
break;
}
}
else if (!(word0(&rv) & Bndry_mask) && !word1(&rv))
{
drop_down:
/* boundary case -- decrement exponent */
if (scale)
{
L= word0(&rv) & Exp_mask;
if (L <= (2 *P + 1) * Exp_msk1)
{
if (L > (P + 2) * Exp_msk1)
/* round even ==> accept rv */
break;
/* rv = smallest denormal */
goto undfl;
}
}
L= (word0(&rv) & Exp_mask) - Exp_msk1;
word0(&rv)= L | Bndry_mask1;
word1(&rv)= 0xffffffff;
break;
}
if (!(word1(&rv) & LSB))
break;
if (dsign)
dval(&rv)+= ulp(&rv);
else
{
dval(&rv)-= ulp(&rv);
if (!dval(&rv))
goto undfl;
}
dsign= 1 - dsign;
break;
}
if ((aadj= ratio(delta, bs)) <= 2.)
{
if (dsign)
aadj= aadj1= 1.;
else if (word1(&rv) || word0(&rv) & Bndry_mask)
{
if (word1(&rv) == Tiny1 && !word0(&rv))
goto undfl;
aadj= 1.;
aadj1= -1.;
}
else
{
/* special case -- power of FLT_RADIX to be rounded down... */
if (aadj < 2. / FLT_RADIX)
aadj= 1. / FLT_RADIX;
else
aadj*= 0.5;
aadj1= -aadj;
}
}
else
{
aadj*= 0.5;
aadj1= dsign ? aadj : -aadj;
#ifdef Check_FLT_ROUNDS
switch (Rounding)
{
case 2: /* towards +infinity */
aadj1-= 0.5;
break;
case 0: /* towards 0 */
case 3: /* towards -infinity */
aadj1+= 0.5;
}
#else
if (Flt_Rounds == 0)
aadj1+= 0.5;
#endif /*Check_FLT_ROUNDS*/
}
y= word0(&rv) & Exp_mask;
/* Check for overflow */
if (y == Exp_msk1 * (DBL_MAX_EXP + Bias - 1))
{
dval(&rv0)= dval(&rv);
word0(&rv)-= P * Exp_msk1;
adj.d= aadj1 * ulp(&rv);
dval(&rv)+= adj.d;
if ((word0(&rv) & Exp_mask) >= Exp_msk1 * (DBL_MAX_EXP + Bias - P))
{
if (word0(&rv0) == Big0 && word1(&rv0) == Big1)
goto ovfl;
word0(&rv)= Big0;
word1(&rv)= Big1;
goto cont;
}
else
word0(&rv)+= P * Exp_msk1;
}
else
{
if (scale && y <= 2 * P * Exp_msk1)
{
if (aadj <= 0x7fffffff)
{
if ((z= (ULong) aadj) <= 0)
z= 1;
aadj= z;
aadj1= dsign ? aadj : -aadj;
}
dval(&aadj2) = aadj1;
word0(&aadj2)+= (2 * P + 1) * Exp_msk1 - y;
aadj1= dval(&aadj2);
adj.d= aadj1 * ulp(&rv);
dval(&rv)+= adj.d;
if (rv.d == 0.)
goto undfl;
}
else
{
adj.d= aadj1 * ulp(&rv);
dval(&rv)+= adj.d;
}
}
z= word0(&rv) & Exp_mask;
#ifndef SET_INEXACT
if (!scale)
if (y == z)
{
/* Can we stop now? */
L= (Long)aadj;
aadj-= L;
/* The tolerances below are conservative. */
if (dsign || word1(&rv) || word0(&rv) & Bndry_mask)
{
if (aadj < .4999999 || aadj > .5000001)
break;
}
else if (aadj < .4999999 / FLT_RADIX)
break;
}
#endif
cont:
Bfree(bb, &alloc);
Bfree(bd, &alloc);
Bfree(bs, &alloc);
Bfree(delta, &alloc);
}
#ifdef SET_INEXACT
if (inexact)
{
if (!oldinexact)
{
word0(&rv0)= Exp_1 + (70 << Exp_shift);
word1(&rv0)= 0;
dval(&rv0)+= 1.;
}
}
else if (!oldinexact)
clear_inexact();
#endif
if (scale)
{
word0(&rv0)= Exp_1 - 2 * P * Exp_msk1;
word1(&rv0)= 0;
dval(&rv)*= dval(&rv0);
}
#ifdef SET_INEXACT
if (inexact && !(word0(&rv) & Exp_mask))
{
/* set underflow bit */
dval(&rv0)= 1e-300;
dval(&rv0)*= dval(&rv0);
}
#endif
retfree:
Bfree(bb, &alloc);
Bfree(bd, &alloc);
Bfree(bs, &alloc);
Bfree(bd0, &alloc);
Bfree(delta, &alloc);
ret:
*se= (char *)s;
return sign ? -dval(&rv) : dval(&rv);
}
static int quorem(Bigint *b, Bigint *S)
{

34
libmariadb/ma_pvio.c
View File

@@ -243,9 +243,9 @@ size_t ma_pvio_read(MARIADB_PVIO *pvio, uchar *buffer, size_t length)
/* secure connection */
#ifdef HAVE_SSL
if (pvio->cssl)
if (pvio->ctls)
{
r= ma_pvio_ssl_read(pvio->cssl, buffer, length);
r= ma_pvio_tls_read(pvio->ctls, buffer, length);
goto end;
}
#endif
@@ -348,9 +348,9 @@ size_t ma_pvio_write(MARIADB_PVIO *pvio, const uchar *buffer, size_t length)
/* secure connection */
#ifdef HAVE_SSL
if (pvio->cssl)
if (pvio->ctls)
{
r= ma_pvio_ssl_write(pvio->cssl, buffer, length);
r= ma_pvio_tls_write(pvio->ctls, buffer, length);
goto end;
}
else
@@ -389,10 +389,10 @@ void ma_pvio_close(MARIADB_PVIO *pvio)
{
/* free internal structures and close connection */
#ifdef HAVE_SSL
if (pvio && pvio->cssl)
if (pvio && pvio->ctls)
{
ma_pvio_ssl_close(pvio->cssl);
free(pvio->cssl);
ma_pvio_tls_close(pvio->ctls);
free(pvio->ctls);
}
#endif
if (pvio && pvio->methods->close)
@@ -511,14 +511,14 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio)
if (!pvio || !pvio->mysql)
return 1;
CLEAR_CLIENT_ERROR(pvio->mysql);
if (!(pvio->cssl= ma_pvio_ssl_init(pvio->mysql)))
if (!(pvio->ctls= ma_pvio_tls_init(pvio->mysql)))
{
return 1;
}
if (ma_pvio_ssl_connect(pvio->cssl))
if (ma_pvio_tls_connect(pvio->ctls))
{
free(pvio->cssl);
pvio->cssl= NULL;
free(pvio->ctls);
pvio->ctls= NULL;
return 1;
}
@@ -529,17 +529,17 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio)
*/
if ((pvio->mysql->options.ssl_ca || pvio->mysql->options.ssl_capath) &&
(pvio->mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
ma_pvio_ssl_verify_server_cert(pvio->cssl))
ma_pvio_tls_verify_server_cert(pvio->ctls))
return 1;
if (pvio->mysql->options.extension &&
(pvio->mysql->options.extension->ssl_fp && pvio->mysql->options.extension->ssl_fp[0]) ||
(pvio->mysql->options.extension->ssl_fp_list && pvio->mysql->options.extension->ssl_fp_list[0]))
(pvio->mysql->options.extension->tls_fp && pvio->mysql->options.extension->tls_fp[0]) ||
(pvio->mysql->options.extension->tls_fp_list && pvio->mysql->options.extension->tls_fp_list[0]))
{
if (ma_pvio_ssl_check_fp(pvio->cssl,
pvio->mysql->options.extension->ssl_fp,
pvio->mysql->options.extension->ssl_fp_list))
if (ma_pvio_tls_check_fp(pvio->ctls,
pvio->mysql->options.extension->tls_fp,
pvio->mysql->options.extension->tls_fp_list))
return 1;
}

60
libmariadb/ma_ssl.c → libmariadb/ma_tls.c
View File

@@ -38,7 +38,7 @@
#include <string.h>
#include <ma_errmsg.h>
#include <ma_pvio.h>
#include <ma_ssl.h>
#include <ma_tls.h>
#include <mysql/client_plugin.h>
#include <mariadb/ma_io.h>
@@ -48,26 +48,26 @@
#endif
/* Errors should be handled via pvio callback function */
my_bool ma_ssl_initialized= FALSE;
my_bool ma_tls_initialized= FALSE;
unsigned int mariadb_deinitialize_ssl= 1;
char *ssl_protocol_version[5]= {"unknown", "SSL3", "TLS1.0", "TLS1.1", "TLS1.2"};
MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql)
MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql)
{
MARIADB_SSL *cssl= NULL;
MARIADB_TLS *cssl= NULL;
if (!ma_ssl_initialized)
ma_ssl_start(mysql->net.last_error, MYSQL_ERRMSG_SIZE);
if (!ma_tls_initialized)
ma_tls_start(mysql->net.last_error, MYSQL_ERRMSG_SIZE);
if (!(cssl= (MARIADB_SSL *)calloc(1, sizeof(MARIADB_SSL))))
if (!(cssl= (MARIADB_TLS *)calloc(1, sizeof(MARIADB_TLS))))
{
return NULL;
}
/* register error routine and methods */
cssl->pvio= mysql->net.pvio;
if (!(cssl->ssl= ma_ssl_init(mysql)))
if (!(cssl->ssl= ma_tls_init(mysql)))
{
free(cssl);
cssl= NULL;
@@ -75,51 +75,51 @@ MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql)
return cssl;
}
my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl)
my_bool ma_pvio_tls_connect(MARIADB_TLS *cssl)
{
my_bool rc;
if ((rc= ma_ssl_connect(cssl)))
ma_ssl_close(cssl);
if ((rc= ma_tls_connect(cssl)))
ma_tls_close(cssl);
return rc;
}
size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_pvio_tls_read(MARIADB_TLS *cssl, const uchar* buffer, size_t length)
{
return ma_ssl_read(cssl, buffer, length);
return ma_tls_read(cssl, buffer, length);
}
size_t ma_pvio_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_pvio_tls_write(MARIADB_TLS *cssl, const uchar* buffer, size_t length)
{
return ma_ssl_write(cssl, buffer, length);
return ma_tls_write(cssl, buffer, length);
}
my_bool ma_pvio_ssl_close(MARIADB_SSL *cssl)
my_bool ma_pvio_tls_close(MARIADB_TLS *cssl)
{
return ma_ssl_close(cssl);
return ma_tls_close(cssl);
}
int ma_pvio_ssl_verify_server_cert(MARIADB_SSL *cssl)
int ma_pvio_tls_verify_server_cert(MARIADB_TLS *cssl)
{
return ma_ssl_verify_server_cert(cssl);
return ma_tls_verify_server_cert(cssl);
}
const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl)
const char *ma_pvio_tls_cipher(MARIADB_TLS *cssl)
{
return ma_ssl_get_cipher(cssl);
return ma_tls_get_cipher(cssl);
}
void ma_pvio_ssl_end()
void ma_pvio_tls_end()
{
ma_ssl_end();
ma_tls_end();
}
my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version)
my_bool ma_pvio_tls_get_protocol_version(MARIADB_TLS *cssl, struct st_ssl_version *version)
{
return ma_ssl_get_protocol_version(cssl, version);
return ma_tls_get_protocol_version(cssl, version);
}
static my_bool ma_pvio_ssl_compare_fp(char *fp1, unsigned int fp1_len,
static my_bool ma_pvio_tls_compare_fp(char *fp1, unsigned int fp1_len,
char *fp2, unsigned int fp2_len)
{
char hexstr[64];
@@ -134,17 +134,17 @@ static my_bool ma_pvio_ssl_compare_fp(char *fp1, unsigned int fp1_len,
return 0;
}
my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list)
my_bool ma_pvio_tls_check_fp(MARIADB_TLS *cssl, const char *fp, const char *fp_list)
{
unsigned int cert_fp_len= 64;
unsigned char cert_fp[64];
my_bool rc=1;
MYSQL *mysql= cssl->pvio->mysql;
if ((cert_fp_len= ma_ssl_get_finger_print(cssl, cert_fp, cert_fp_len)) < 1)
if ((cert_fp_len= ma_tls_get_finger_print(cssl, cert_fp, cert_fp_len)) < 1)
goto end;
if (fp)
rc= ma_pvio_ssl_compare_fp(cert_fp, cert_fp_len, (char *)fp, (unsigned int)strlen(fp));
rc= ma_pvio_tls_compare_fp(cert_fp, cert_fp_len, (char *)fp, (unsigned int)strlen(fp));
else if (fp_list)
{
MA_FILE *fp;
@@ -164,7 +164,7 @@ my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_l
if (pos)
*pos= '\0';
if (!ma_pvio_ssl_compare_fp(cert_fp, cert_fp_len, buff, (unsigned int)strlen(buff)))
if (!ma_pvio_tls_compare_fp(cert_fp, cert_fp_len, buff, (unsigned int)strlen(buff)))
{
/* finger print is valid: close file and exit */
ma_close(fp);

63
libmariadb/mariadb_lib.c
View File

@@ -64,7 +64,7 @@
#endif
#include <ma_pvio.h>
#ifdef HAVE_SSL
#include <ma_ssl.h>
#include <ma_tls.h>
#endif
#include <mysql/client_plugin.h>
@@ -610,7 +610,7 @@ struct st_default_options mariadb_defaults[] =
{MARIADB_OPT_SSL_FP, MARIADB_OPTION_STR, "ssl-fp"},
{MARIADB_OPT_SSL_FP_LIST, MARIADB_OPTION_STR, "ssl-fp-list"},
{MARIADB_OPT_SSL_FP_LIST, MARIADB_OPTION_STR, "ssl-fplist"},
{MARIADB_OPT_SSL_PASSPHRASE, MARIADB_OPTION_STR, "ssl_passphrase"},
{MARIADB_OPT_TLS_PASSPHRASE, MARIADB_OPTION_STR, "ssl_passphrase"},
{MYSQL_OPT_BIND, MARIADB_OPTION_STR, "bind-address"},
{0, 0, NULL}
};
@@ -1014,9 +1014,9 @@ const char * STDCALL
mysql_get_ssl_cipher(MYSQL *mysql)
{
#ifdef HAVE_SSL
if (mysql->net.pvio && mysql->net.pvio->cssl)
if (mysql->net.pvio && mysql->net.pvio->ctls)
{
return ma_pvio_ssl_cipher(mysql->net.pvio->cssl);
return ma_pvio_tls_cipher(mysql->net.pvio->ctls);
}
#endif
return(NULL);
@@ -1795,9 +1795,10 @@ static void mysql_close_options(MYSQL *mysql)
free(mysql->options.extension->db_driver);
free(mysql->options.extension->ssl_crl);
free(mysql->options.extension->ssl_crlpath);
free(mysql->options.extension->ssl_fp);
free(mysql->options.extension->ssl_fp_list);
free(mysql->options.extension->ssl_pw);
free(mysql->options.extension->tls_fp);
free(mysql->options.extension->tls_fp_list);
free(mysql->options.extension->tls_pw);
free(mysql->options.extension->tls_version);
free(mysql->options.extension->url);
free(mysql->options.extension->connection_handler);
if(hash_inited(&mysql->options.extension->connect_attrs))
@@ -2776,17 +2777,19 @@ mysql_optionsv(MYSQL *mysql,enum mysql_option option, ...)
case MYSQL_OPT_BIND:
OPT_SET_VALUE_STR(&mysql->options, bind_address, arg1);
break;
case MARIADB_OPT_SSL_CIPHER_STRENGTH:
OPT_SET_EXTENDED_VALUE_INT(&mysql->options, ssl_cipher_strength, *((unsigned int *)arg1));
case MARIADB_OPT_TLS_CIPHER_STRENGTH:
OPT_SET_EXTENDED_VALUE_INT(&mysql->options, tls_cipher_strength, *((unsigned int *)arg1));
break;
case MARIADB_OPT_SSL_FP:
OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_fp, (char *)arg1);
case MARIADB_OPT_TLS_PEER_FP:
OPT_SET_EXTENDED_VALUE_STR(&mysql->options, tls_fp, (char *)arg1);
break;
case MARIADB_OPT_SSL_FP_LIST:
OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_fp_list, (char *)arg1);
case MARIADB_OPT_TLS_PEER_FP_LIST:
OPT_SET_EXTENDED_VALUE_STR(&mysql->options, tls_fp_list, (char *)arg1);
break;
case MARIADB_OPT_SSL_PASSPHRASE:
OPT_SET_EXTENDED_VALUE_STR(&mysql->options, ssl_pw, (char *)arg1);
case MARIADB_OPT_TLS_PASSPHRASE:
OPT_SET_EXTENDED_VALUE_STR(&mysql->options, tls_pw, (char *)arg1);
break;
case MARIADB_OPT_COM_MULTI:
if (&mysql->net.pvio &&
@@ -3000,17 +3003,19 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...)
case MYSQL_OPT_BIND:
*((char **)arg)= mysql->options.bind_address;
break;
case MARIADB_OPT_SSL_CIPHER_STRENGTH:
*((unsigned int *)arg) = mysql->options.extension ? mysql->options.extension->ssl_cipher_strength : 0;
case MARIADB_OPT_TLS_CIPHER_STRENGTH:
*((unsigned int *)arg) = mysql->options.extension ? mysql->options.extension->tls_cipher_strength : 0;
break;
case MARIADB_OPT_SSL_FP:
*((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_fp : NULL;
case MARIADB_OPT_TLS_PEER_FP:
*((char **)arg)= mysql->options.extension ? mysql->options.extension->tls_fp : NULL;
break;
case MARIADB_OPT_SSL_FP_LIST:
*((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_fp_list : NULL;
case MARIADB_OPT_TLS_PEER_FP_LIST:
*((char **)arg)= mysql->options.extension ? mysql->options.extension->tls_fp_list : NULL;
break;
case MARIADB_OPT_SSL_PASSPHRASE:
*((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_pw : NULL;
case MARIADB_OPT_TLS_PASSPHRASE:
*((char **)arg)= mysql->options.extension ? mysql->options.extension->tls_pw : NULL;
break;
case MARIADB_OPT_CONNECTION_READ_ONLY:
*((my_bool *)arg)= mysql->options.extension ? mysql->options.extension->read_only : 0;
@@ -3340,7 +3345,7 @@ void STDCALL mysql_server_end(void)
if (ma_init_done)
ma_end(0);
#ifdef HAVE_SSL
ma_pvio_ssl_end();
ma_pvio_tls_end();
#endif
mysql_client_init= 0;
ma_init_done= 0;
@@ -3461,31 +3466,31 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
goto error;
*((char **)arg)= mysql->net.sqlstate;
break;
case MARIADB_CONNECTION_SSL_VERSION:
case MARIADB_CONNECTION_TLS_VERSION:
#ifdef HAVE_SSL
if (mysql && mysql->net.pvio && mysql->net.pvio->cssl)
if (mysql && mysql->net.pvio && mysql->net.pvio->ctls)
{
struct st_ssl_version version;
if (!ma_pvio_ssl_get_protocol_version(mysql->net.pvio->cssl, &version))
if (!ma_pvio_tls_get_protocol_version(mysql->net.pvio->ctls, &version))
*((char **)arg)= version.cversion;
}
else
#endif
goto error;
break;
case MARIADB_CONNECTION_SSL_VERSION_ID:
case MARIADB_CONNECTION_TLS_VERSION_ID:
#ifdef HAVE_SSL
if (mysql && mysql->net.pvio && mysql->net.pvio->cssl)
if (mysql && mysql->net.pvio && mysql->net.pvio->ctls)
{
struct st_ssl_version version;
if (!ma_pvio_ssl_get_protocol_version(mysql->net.pvio->cssl, &version))
if (!ma_pvio_tls_get_protocol_version(mysql->net.pvio->ctls, &version))
*((unsigned int *)arg)= version.iversion;
}
else
#endif
goto error;
break;
case MARIADB_SSL_LIBRARY:
case MARIADB_TLS_LIBRARY:
#ifdef HAVE_SSL
#ifdef HAVE_GNUTLS
*((char **)arg)= "GNUTLS";
@@ -3579,8 +3584,8 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
break;
case MARIADB_CONNECTION_SSL_CIPHER:
#ifdef HAVE_SSL
if (mysql && mysql->net.pvio && mysql->net.pvio->cssl)
*((char **)arg)= (char *)ma_pvio_ssl_cipher(mysql->net.pvio->cssl);
if (mysql && mysql->net.pvio && mysql->net.pvio->ctls)
*((char **)arg)= (char *)ma_pvio_tls_cipher(mysql->net.pvio->ctls);
else
#endif
goto error;

90
libmariadb/secure/gnutls.c
View File

@@ -29,19 +29,19 @@
#include <ma_pthread.h>
#include <mysql/client_plugin.h>
#include <string.h>
#include <ma_ssl.h>
#include <ma_tls.h>
pthread_mutex_t LOCK_gnutls_config;
static gnutls_certificate_credentials_t GNUTLS_xcred;
extern my_bool ma_ssl_initialized;
extern my_bool ma_tls_initialized;
extern unsigned int mariadb_deinitialize_ssl;
static int my_verify_callback(gnutls_session_t ssl);
#define MAX_SSL_ERR_LEN 100
static void ma_ssl_set_error(MYSQL *mysql, int ssl_errno)
static void ma_tls_set_error(MYSQL *mysql, int ssl_errno)
{
char ssl_error[MAX_SSL_ERR_LEN];
const char *ssl_error_reason;
@@ -64,7 +64,7 @@ static void ma_ssl_set_error(MYSQL *mysql, int ssl_errno)
}
static void ma_ssl_get_error(char *errmsg, size_t length, int ssl_errno)
static void ma_tls_get_error(char *errmsg, size_t length, int ssl_errno)
{
const char *ssl_error_reason;
@@ -93,11 +93,11 @@ static void ma_ssl_get_error(char *errmsg, size_t length, int ssl_errno)
0 success
1 error
*/
int ma_ssl_start(char *errmsg, size_t errmsg_len)
int ma_tls_start(char *errmsg, size_t errmsg_len)
{
int rc= 0;
if (ma_ssl_initialized)
if (ma_tls_initialized)
return 0;
pthread_mutex_init(&LOCK_gnutls_config,MY_MUTEX_INIT_FAST);
@@ -105,12 +105,12 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len)
if ((rc= gnutls_global_init()) != GNUTLS_E_SUCCESS)
{
ma_ssl_get_error(errmsg, errmsg_len, rc);
ma_tls_get_error(errmsg, errmsg_len, rc);
goto end;
}
/* Allocate a global context for credentials */
rc= gnutls_certificate_allocate_credentials(&GNUTLS_xcred);
ma_ssl_initialized= TRUE;
ma_tls_initialized= TRUE;
end:
pthread_mutex_unlock(&LOCK_gnutls_config);
return rc;
@@ -128,9 +128,9 @@ end:
RETURN VALUES
void
*/
void ma_ssl_end()
void ma_tls_end()
{
if (ma_ssl_initialized)
if (ma_tls_initialized)
{
pthread_mutex_lock(&LOCK_gnutls_config);
gnutls_certificate_free_keys(GNUTLS_xcred);
@@ -140,14 +140,14 @@ void ma_ssl_end()
gnutls_certificate_free_credentials(GNUTLS_xcred);
if (mariadb_deinitialize_ssl)
gnutls_global_deinit();
ma_ssl_initialized= FALSE;
ma_tls_initialized= FALSE;
pthread_mutex_unlock(&LOCK_gnutls_config);
pthread_mutex_destroy(&LOCK_gnutls_config);
}
return;
}
static int ma_ssl_set_certs(MYSQL *mysql)
static int ma_tls_set_certs(MYSQL *mysql)
{
char *certfile= mysql->options.ssl_cert,
*keyfile= mysql->options.ssl_key;
@@ -179,7 +179,7 @@ static int ma_ssl_set_certs(MYSQL *mysql)
if ((ssl_error= gnutls_certificate_set_x509_key_file2(GNUTLS_xcred,
certfile, keyfile,
GNUTLS_X509_FMT_PEM,
OPT_HAS_EXT_VAL(mysql, ssl_pw) ? mysql->options.extension->ssl_pw : NULL,
OPT_HAS_EXT_VAL(mysql, tls_pw) ? mysql->options.extension->tls_pw : NULL,
0)) < 0)
goto error;
}
@@ -191,7 +191,7 @@ error:
return ssl_error;
}
void *ma_ssl_init(MYSQL *mysql)
void *ma_tls_init(MYSQL *mysql)
{
gnutls_session_t ssl= NULL;
int ssl_error= 0;
@@ -199,7 +199,7 @@ void *ma_ssl_init(MYSQL *mysql)
pthread_mutex_lock(&LOCK_gnutls_config);
if ((ssl_error= ma_ssl_set_certs(mysql)) < 0)
if ((ssl_error= ma_tls_set_certs(mysql)) < 0)
goto error;
if ((ssl_error = gnutls_init(&ssl, GNUTLS_CLIENT & GNUTLS_NONBLOCK)) < 0)
@@ -216,36 +216,36 @@ void *ma_ssl_init(MYSQL *mysql)
pthread_mutex_unlock(&LOCK_gnutls_config);
return (void *)ssl;
error:
ma_ssl_set_error(mysql, ssl_error);
ma_tls_set_error(mysql, ssl_error);
if (ssl)
gnutls_deinit(ssl);
pthread_mutex_unlock(&LOCK_gnutls_config);
return NULL;
}
ssize_t ma_ssl_push(gnutls_transport_ptr_t ptr, const void* data, size_t len)
ssize_t ma_tls_push(gnutls_transport_ptr_t ptr, const void* data, size_t len)
{
MARIADB_PVIO *pvio= (MARIADB_PVIO *)ptr;
ssize_t rc= pvio->methods->write(pvio, data, len);
return rc;
}
ssize_t ma_ssl_pull(gnutls_transport_ptr_t ptr, void* data, size_t len)
ssize_t ma_tls_pull(gnutls_transport_ptr_t ptr, void* data, size_t len)
{
MARIADB_PVIO *pvio= (MARIADB_PVIO *)ptr;
ssize_t rc= pvio->methods->read(pvio, data, len);
return rc;
}
static int ma_ssl_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
static int ma_tls_pull_timeout(gnutls_transport_ptr_t ptr, unsigned int ms)
{
MARIADB_PVIO *pvio= (MARIADB_PVIO *)ptr;
return pvio->methods->wait_io_or_timeout(pvio, 0, ms);
}
my_bool ma_ssl_connect(MARIADB_SSL *cssl)
my_bool ma_tls_connect(MARIADB_TLS *ctls)
{
gnutls_session_t ssl = (gnutls_session_t)cssl->ssl;
gnutls_session_t ssl = (gnutls_session_t)ctls->ssl;
my_bool blocking;
MYSQL *mysql;
MARIADB_PVIO *pvio;
@@ -263,9 +263,9 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
/* we don't use GnuTLS read/write functions */
gnutls_transport_set_ptr(ssl, pvio);
gnutls_transport_set_push_function(ssl, ma_ssl_push);
gnutls_transport_set_pull_function(ssl, ma_ssl_pull);
gnutls_transport_set_pull_timeout_function(ssl, ma_ssl_pull_timeout);
gnutls_transport_set_push_function(ssl, ma_tls_push);
gnutls_transport_set_pull_function(ssl, ma_tls_pull);
gnutls_transport_set_pull_timeout_function(ssl, ma_tls_pull_timeout);
gnutls_handshake_set_timeout(ssl, pvio->timeout[PVIO_CONNECT_TIMEOUT]);
do {
@@ -274,47 +274,47 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
if (ret < 0)
{
ma_ssl_set_error(mysql, ret);
ma_tls_set_error(mysql, ret);
/* restore blocking mode */
if (!blocking)
pvio->methods->blocking(pvio, FALSE, 0);
return 1;
}
cssl->ssl= (void *)ssl;
ctls->ssl= (void *)ssl;
return 0;
}
size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length)
{
return gnutls_record_recv((gnutls_session_t )cssl->ssl, (void *)buffer, length);
return gnutls_record_recv((gnutls_session_t )ctls->ssl, (void *)buffer, length);
}
size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length)
{
return gnutls_record_send((gnutls_session_t )cssl->ssl, (void *)buffer, length);
return gnutls_record_send((gnutls_session_t )ctls->ssl, (void *)buffer, length);
}
my_bool ma_ssl_close(MARIADB_SSL *cssl)
my_bool ma_tls_close(MARIADB_TLS *ctls)
{
gnutls_bye((gnutls_session_t )cssl->ssl, GNUTLS_SHUT_WR);
gnutls_deinit((gnutls_session_t )cssl->ssl);
cssl->ssl= NULL;
gnutls_bye((gnutls_session_t )ctls->ssl, GNUTLS_SHUT_WR);
gnutls_deinit((gnutls_session_t )ctls->ssl);
ctls->ssl= NULL;
return 0;
}
int ma_ssl_verify_server_cert(MARIADB_SSL *cssl)
int ma_tls_verify_server_cert(MARIADB_TLS *ctls)
{
/* server verification is already handled before */
return 0;
}
const char *ma_ssl_get_cipher(MARIADB_SSL *cssl)
const char *ma_tls_get_cipher(MARIADB_TLS *ctls)
{
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return NULL;
return gnutls_cipher_get_name (gnutls_cipher_get((gnutls_session_t )cssl->ssl));
return gnutls_cipher_get_name (gnutls_cipher_get((gnutls_session_t )ctls->ssl));
}
static int my_verify_callback(gnutls_session_t ssl)
@@ -388,19 +388,19 @@ static int my_verify_callback(gnutls_session_t ssl)
return 0;
}
unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int len)
unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int len)
{
MYSQL *mysql;
size_t fp_len= len;
const gnutls_datum_t *cert_list;
unsigned int cert_list_size;
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return 0;
mysql= (MYSQL *)gnutls_session_get_ptr(cssl->ssl);
mysql= (MYSQL *)gnutls_session_get_ptr(ctls->ssl);
cert_list = gnutls_certificate_get_peers (cssl->ssl, &cert_list_size);
cert_list = gnutls_certificate_get_peers (ctls->ssl, &cert_list_size);
if (cert_list == NULL)
{
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
@@ -420,12 +420,12 @@ unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsig
}
}
my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version)
my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version)
{
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return 1;
version->iversion= gnutls_protocol_get_version(cssl->ssl);
version->iversion= gnutls_protocol_get_version(ctls->ssl);
version->cversion= (char *)gnutls_protocol_get_name(version->iversion);
return 0;
}

30
libmariadb/secure/ma_schannel.c
View File

@@ -396,8 +396,8 @@ SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRe
SECURITY_STATUS rc;
PUCHAR IoBuffer;
BOOL fDoRead;
MARIADB_SSL *cssl= pvio->cssl;
SC_CTX *sctx= (SC_CTX *)cssl->ssl;
MARIADB_TLS *ctls= pvio->ctls;
SC_CTX *sctx= (SC_CTX *)ctls->ssl;
dwSSPIFlags = ISC_REQ_SEQUENCE_DETECT |
@@ -562,13 +562,13 @@ loopend:
}
/* }}} */
/* {{{ SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl) */
/* {{{ SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls) */
/*
performs client side handshake
SYNOPSIS
ma_schannel_client_handshake()
cssl Pointer to a MARIADB_SSL structure
ctls Pointer to a MARIADB_TLS structure
DESCRIPTION
initiates a client/server handshake. This function can be used
@@ -578,7 +578,7 @@ loopend:
SEC_E_OK on success
*/
SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl)
SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls)
{
MARIADB_PVIO *pvio;
SECURITY_STATUS sRet;
@@ -594,11 +594,11 @@ SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl)
SecBufferDesc BufferOut;
SecBuffer BuffersOut;
if (!cssl || !cssl->pvio)
if (!ctls || !ctls->pvio)
return 1;
pvio= cssl->pvio;
sctx= (SC_CTX *)cssl->ssl;
pvio= ctls->pvio;
sctx= (SC_CTX *)ctls->ssl;
/* Initialie securifty context */
BuffersOut.BufferType= SECBUFFER_TOKEN;
@@ -701,10 +701,10 @@ SECURITY_STATUS ma_schannel_read_decrypt(MARIADB_PVIO *pvio,
*pData, *pExtra;
int i;
if (!pvio || !pvio->methods || !pvio->methods->read || !pvio->cssl || !DecryptLength)
if (!pvio || !pvio->methods || !pvio->methods->read || !pvio->ctls || !DecryptLength)
return SEC_E_INTERNAL_ERROR;
sctx= (SC_CTX *)pvio->cssl->ssl;
sctx= (SC_CTX *)pvio->ctls->ssl;
*DecryptLength= 0;
while (1)
@@ -880,7 +880,7 @@ size_t ma_schannel_write_encrypt(MARIADB_PVIO *pvio,
SecBuffer Buffers[4];
DWORD cbMessage;
PBYTE pbMessage;
SC_CTX *sctx= (SC_CTX *)pvio->cssl->ssl;
SC_CTX *sctx= (SC_CTX *)pvio->ctls->ssl;
size_t payload;
payload= MIN(WriteBufferSize, sctx->IoBufferSize);
@@ -920,15 +920,15 @@ size_t ma_schannel_write_encrypt(MARIADB_PVIO *pvio,
extern char *ssl_protocol_version[5];
/* {{{ ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version) */
my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version)
/* {{{ ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version) */
my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version)
{
SC_CTX *sctx;
SecPkgContext_ConnectionInfo ConnectionInfo;
if (!cssl->ssl)
if (!ctls->ssl)
return 1;
sctx= (SC_CTX *)cssl->ssl;
sctx= (SC_CTX *)ctls->ssl;
if (QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_CONNECTION_INFO, &ConnectionInfo) != SEC_E_OK)
return 1;

3
libmariadb/secure/ma_schannel.h
View File

@@ -56,7 +56,6 @@ struct st_schannel {
PUCHAR IoBuffer;
DWORD IoBufferSize;
SecPkgContext_StreamSizes Sizes;
CtxtHandle ctxt;
MYSQL *mysql;
};
@@ -67,7 +66,7 @@ extern HCERTSTORE ca_CertStore, crl_CertStore;
extern my_bool ca_Check, crl_Check;
CERT_CONTEXT *ma_schannel_create_cert_context(MARIADB_PVIO *pvio, const char *pem_file);
SECURITY_STATUS ma_schannel_client_handshake(MARIADB_SSL *cssl);
SECURITY_STATUS ma_schannel_client_handshake(MARIADB_TLS *ctls);
SECURITY_STATUS ma_schannel_handshake_loop(MARIADB_PVIO *pvio, my_bool InitialRead, SecBuffer *pExtraData);
my_bool ma_schannel_load_private_key(MARIADB_PVIO *pvio, CERT_CONTEXT *ctx, char *key_file);
PCCRL_CONTEXT ma_schannel_create_crl_context(MARIADB_PVIO *pvio, const char *pem_file);

138
libmariadb/secure/openssl.c
View File

@@ -42,7 +42,7 @@
#endif
#include <ma_pthread.h>
extern my_bool ma_ssl_initialized;
extern my_bool ma_tls_initialized;
extern unsigned int mariadb_deinitialize_ssl;
static SSL_CTX *SSL_context= NULL;
@@ -52,7 +52,7 @@ static pthread_mutex_t LOCK_openssl_config;
static pthread_mutex_t *LOCK_crypto= NULL;
static void ma_ssl_set_error(MYSQL *mysql)
static void ma_tls_set_error(MYSQL *mysql)
{
ulong ssl_errno= ERR_get_error();
char ssl_error[MAX_SSL_ERR_LEN];
@@ -76,7 +76,7 @@ static void ma_ssl_set_error(MYSQL *mysql)
}
static void ma_ssl_get_error(char *errmsg, size_t length)
static void ma_tls_get_error(char *errmsg, size_t length)
{
ulong ssl_errno= ERR_get_error();
const char *ssl_error_reason;
@@ -113,13 +113,13 @@ static void my_cb_threadid(CRYPTO_THREADID *id)
#endif
#ifdef HAVE_SSL_SESSION_CACHE
typedef struct st_ma_ssl_session {
typedef struct st_ma_tls_session {
char md4_hash[17];
SSL_SESSION *session;
} MA_SSL_SESSION;
MA_SSL_SESSION *ma_ssl_sessions= NULL;
unsigned int ma_ssl_session_cache_size= 128;
MA_SSL_SESSION *ma_tls_sessions= NULL;
unsigned int ma_tls_session_cache_size= 128;
static char *ma_md4_hash(const char *host, const char *user, unsigned int port, char *md4)
{
@@ -130,28 +130,28 @@ static char *ma_md4_hash(const char *host, const char *user, unsigned int port,
return md4;
}
MA_SSL_SESSION *ma_ssl_get_session(MYSQL *mysql)
MA_SSL_SESSION *ma_tls_get_session(MYSQL *mysql)
{
char md4[17];
int i;
if (!ma_ssl_sessions)
if (!ma_tls_sessions)
return NULL;
memset(md4, 0, 16);
ma_md4_hash(mysql->host, mysql->user, mysql->port, md4);
for (i=0; i < ma_ssl_session_cache_size; i++)
for (i=0; i < ma_tls_session_cache_size; i++)
{
if (ma_ssl_sessions[i].session &&
!strncmp(ma_ssl_sessions[i].md4_hash, md4, 16))
if (ma_tls_sessions[i].session &&
!strncmp(ma_tls_sessions[i].md4_hash, md4, 16))
{
return &ma_ssl_sessions[i];
return &ma_tls_sessions[i];
}
}
return NULL;
}
static int ma_ssl_session_cb(SSL *ssl, SSL_SESSION *session)
static int ma_tls_session_cb(SSL *ssl, SSL_SESSION *session)
{
MYSQL *mysql;
MA_SSL_SESSION *stored_session;
@@ -160,34 +160,34 @@ static int ma_ssl_session_cb(SSL *ssl, SSL_SESSION *session)
mysql= (MYSQL *)SSL_get_app_data(ssl);
/* check if we already stored session key */
if ((stored_session= ma_ssl_get_session(mysql)))
if ((stored_session= ma_tls_get_session(mysql)))
{
SSL_SESSION_free(stored_session->session);
stored_session->session= session;
return 1;
}
for (i=0; i < ma_ssl_session_cache_size; i++)
for (i=0; i < ma_tls_session_cache_size; i++)
{
if (!ma_ssl_sessions[i].session)
if (!ma_tls_sessions[i].session)
{
ma_md4_hash(mysql->host, mysql->user, mysql->port, ma_ssl_sessions[i].md4_hash);
ma_ssl_sessions[i].session= session;
ma_md4_hash(mysql->host, mysql->user, mysql->port, ma_tls_sessions[i].md4_hash);
ma_tls_sessions[i].session= session;
}
return 1;
}
return 0;
}
static void ma_ssl_remove_session_cb(SSL_CTX* ctx, SSL_SESSION* session)
static void ma_tls_remove_session_cb(SSL_CTX* ctx, SSL_SESSION* session)
{
int i;
for (i=0; i < ma_ssl_session_cache_size; i++)
if (session == ma_ssl_sessions[i].session)
for (i=0; i < ma_tls_session_cache_size; i++)
if (session == ma_tls_sessions[i].session)
{
ma_ssl_sessions[i].md4_hash[0]= 0;
SSL_SESSION_free(ma_ssl_sessions[i].session);
ma_ssl_sessions[i].session= NULL;
ma_tls_sessions[i].md4_hash[0]= 0;
SSL_SESSION_free(ma_tls_sessions[i].session);
ma_tls_sessions[i].session= NULL;
}
}
#endif
@@ -238,10 +238,10 @@ static int ssl_thread_init()
0 success
1 error
*/
int ma_ssl_start(char *errmsg, size_t errmsg_len)
int ma_tls_start(char *errmsg, size_t errmsg_len)
{
int rc= 1;
if (ma_ssl_initialized)
if (ma_tls_initialized)
return 0;
/* lock mutex to prevent multiple initialization */
@@ -267,17 +267,17 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len)
if (!(SSL_context= SSL_CTX_new(SSLv23_client_method())))
#endif
{
ma_ssl_get_error(errmsg, errmsg_len);
ma_tls_get_error(errmsg, errmsg_len);
goto end;
}
#ifdef HAVE_SSL_SESSION_CACHE
SSL_CTX_set_session_cache_mode(SSL_context, SSL_SESS_CACHE_CLIENT);
ma_ssl_sessions= (MA_SSL_SESSION *)calloc(1, sizeof(struct st_ma_ssl_session) * ma_ssl_session_cache_size);
SSL_CTX_sess_set_new_cb(SSL_context, ma_ssl_session_cb);
SSL_CTX_sess_set_remove_cb(SSL_context, ma_ssl_remove_session_cb);
ma_tls_sessions= (MA_SSL_SESSION *)calloc(1, sizeof(struct st_ma_tls_session) * ma_tls_session_cache_size);
SSL_CTX_sess_set_new_cb(SSL_context, ma_tls_session_cb);
SSL_CTX_sess_set_remove_cb(SSL_context, ma_tls_remove_session_cb);
#endif
rc= 0;
ma_ssl_initialized= TRUE;
ma_tls_initialized= TRUE;
end:
pthread_mutex_unlock(&LOCK_openssl_config);
return rc;
@@ -295,9 +295,9 @@ end:
RETURN VALUES
void
*/
void ma_ssl_end()
void ma_tls_end()
{
if (ma_ssl_initialized)
if (ma_tls_initialized)
{
int i;
pthread_mutex_lock(&LOCK_openssl_config);
@@ -325,14 +325,14 @@ void ma_ssl_end()
CONF_modules_unload(1);
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
}
ma_ssl_initialized= FALSE;
ma_tls_initialized= FALSE;
pthread_mutex_unlock(&LOCK_openssl_config);
pthread_mutex_destroy(&LOCK_openssl_config);
}
return;
}
int ma_ssl_get_password(char *buf, int size, int rwflag, void *userdata)
int ma_tls_get_password(char *buf, int size, int rwflag, void *userdata)
{
memset(buf, 0, size);
if (userdata)
@@ -341,7 +341,7 @@ int ma_ssl_get_password(char *buf, int size, int rwflag, void *userdata)
}
static int ma_ssl_set_certs(MYSQL *mysql)
static int ma_tls_set_certs(MYSQL *mysql)
{
char *certfile= mysql->options.ssl_cert,
*keyfile= mysql->options.ssl_key;
@@ -375,10 +375,10 @@ static int ma_ssl_set_certs(MYSQL *mysql)
/* If the private key file is encrypted, we need to register a callback function
* for providing password. */
if (OPT_HAS_EXT_VAL(mysql, ssl_pw))
if (OPT_HAS_EXT_VAL(mysql, tls_pw))
{
SSL_CTX_set_default_passwd_cb_userdata(SSL_context, (void *)mysql->options.extension->ssl_pw);
SSL_CTX_set_default_passwd_cb(SSL_context, ma_ssl_get_password);
SSL_CTX_set_default_passwd_cb_userdata(SSL_context, (void *)mysql->options.extension->tls_pw);
SSL_CTX_set_default_passwd_cb(SSL_context, ma_tls_get_password);
}
if (keyfile && keyfile[0])
@@ -391,7 +391,7 @@ static int ma_ssl_set_certs(MYSQL *mysql)
goto error;
}
}
if (OPT_HAS_EXT_VAL(mysql, ssl_pw))
if (OPT_HAS_EXT_VAL(mysql, tls_pw))
{
SSL_CTX_set_default_passwd_cb_userdata(SSL_context, NULL);
SSL_CTX_set_default_passwd_cb(SSL_context, NULL);
@@ -416,7 +416,7 @@ static int ma_ssl_set_certs(MYSQL *mysql)
return 0;
error:
ma_ssl_set_error(mysql);
ma_tls_set_error(mysql);
return 1;
}
@@ -450,16 +450,16 @@ static int my_verify_callback(int ok, X509_STORE_CTX *ctx)
}
void *ma_ssl_init(MYSQL *mysql)
void *ma_tls_init(MYSQL *mysql)
{
int verify;
SSL *ssl= NULL;
#ifdef HAVE_SSL_SESSION_CACHE
MA_SSL_SESSION *session= ma_ssl_get_session(mysql);
MA_SSL_SESSION *session= ma_tls_get_session(mysql);
#endif
pthread_mutex_lock(&LOCK_openssl_config);
if (ma_ssl_set_certs(mysql))
if (ma_tls_set_certs(mysql))
{
goto error;
}
@@ -490,9 +490,9 @@ error:
return NULL;
}
my_bool ma_ssl_connect(MARIADB_SSL *cssl)
my_bool ma_tls_connect(MARIADB_TLS *ctls)
{
SSL *ssl = (SSL *)cssl->ssl;
SSL *ssl = (SSL *)ctls->ssl;
my_bool blocking;
MYSQL *mysql;
MARIADB_PVIO *pvio;
@@ -512,7 +512,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
if (SSL_connect(ssl) != 1)
{
ma_ssl_set_error(mysql);
ma_tls_set_error(mysql);
/* restore blocking mode */
if (!blocking)
pvio->methods->blocking(pvio, FALSE, 0);
@@ -532,29 +532,29 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
return 1;
}
}
pvio->cssl->ssl= cssl->ssl= (void *)ssl;
pvio->ctls->ssl= ctls->ssl= (void *)ssl;
return 0;
}
size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length)
{
return SSL_read((SSL *)cssl->ssl, (void *)buffer, (int)length);
return SSL_read((SSL *)ctls->ssl, (void *)buffer, (int)length);
}
size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length)
{
return SSL_write((SSL *)cssl->ssl, (void *)buffer, (int)length);
return SSL_write((SSL *)ctls->ssl, (void *)buffer, (int)length);
}
my_bool ma_ssl_close(MARIADB_SSL *cssl)
my_bool ma_tls_close(MARIADB_TLS *ctls)
{
int i, rc;
SSL *ssl;
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return 1;
ssl= (SSL *)cssl->ssl;
ssl= (SSL *)ctls->ssl;
SSL_set_quiet_shutdown(ssl, 1);
/* 2 x pending + 2 * data = 4 */
@@ -563,12 +563,12 @@ my_bool ma_ssl_close(MARIADB_SSL *cssl)
break;
SSL_free(ssl);
cssl->ssl= NULL;
ctls->ssl= NULL;
return rc;
}
int ma_ssl_verify_server_cert(MARIADB_SSL *cssl)
int ma_tls_verify_server_cert(MARIADB_TLS *ctls)
{
X509 *cert;
MYSQL *mysql;
@@ -580,9 +580,9 @@ int ma_ssl_verify_server_cert(MARIADB_SSL *cssl)
SSL *ssl;
MARIADB_PVIO *pvio;
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return 1;
ssl= (SSL *)cssl->ssl;
ssl= (SSL *)ctls->ssl;
mysql= (MYSQL *)SSL_get_app_data(ssl);
pvio= mysql->net.pvio;
@@ -632,26 +632,26 @@ error:
return 1;
}
const char *ma_ssl_get_cipher(MARIADB_SSL *cssl)
const char *ma_tls_get_cipher(MARIADB_TLS *ctls)
{
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return NULL;
return SSL_get_cipher_name(cssl->ssl);
return SSL_get_cipher_name(ctls->ssl);
}
unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int len)
unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int len)
{
EVP_MD *digest= (EVP_MD *)EVP_sha1();
X509 *cert;
MYSQL *mysql;
unsigned int fp_len;
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return 0;
mysql= SSL_get_app_data(cssl->ssl);
mysql= SSL_get_app_data(ctls->ssl);
if (!(cert= SSL_get_peer_certificate(cssl->ssl)))
if (!(cert= SSL_get_peer_certificate(ctls->ssl)))
{
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
ER(CR_SSL_CONNECTION_ERROR),
@@ -681,14 +681,14 @@ unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsig
extern char *ssl_protocol_version[5];
my_bool ma_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version)
my_bool ma_tls_get_protocol_version(MARIADB_TLS *ctls, struct st_ssl_version *version)
{
SSL *ssl;
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return 1;
ssl = (SSL *)cssl->ssl;
ssl = (SSL *)ctls->ssl;
switch(ssl->version)
{
#ifdef SSL3_VERSION

78
libmariadb/secure/schannel.c
View File

@@ -24,7 +24,7 @@
//#define VOID void
extern my_bool ma_ssl_initialized;
extern my_bool ma_tls_initialized;
static pthread_mutex_t LOCK_schannel_config;
static pthread_mutex_t *LOCK_crypto= NULL;
@@ -97,15 +97,15 @@ static int ssl_thread_init()
context SSL_context
SYNOPSIS
ma_ssl_start
ma_tls_start
RETURN VALUES
0 success
1 error
*/
int ma_ssl_start(char *errmsg, size_t errmsg_len)
int ma_tls_start(char *errmsg, size_t errmsg_len)
{
if (!ma_ssl_initialized)
if (!ma_tls_initialized)
{
pthread_mutex_init(&LOCK_schannel_config,MY_MUTEX_INIT_FAST);
pthread_mutex_lock(&LOCK_schannel_config);
@@ -119,7 +119,7 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len)
}
}
ma_ssl_initialized = TRUE;
ma_tls_initialized = TRUE;
pthread_mutex_unlock(&LOCK_schannel_config);
}
return 0;
@@ -131,15 +131,15 @@ int ma_ssl_start(char *errmsg, size_t errmsg_len)
mysql_server_end() function
SYNOPSIS
ma_ssl_end()
ma_tls_end()
void
RETURN VALUES
void
*/
void ma_ssl_end()
void ma_tls_end()
{
if (ma_ssl_initialized)
if (ma_tls_initialized)
{
pthread_mutex_lock(&LOCK_schannel_config);
if (ca_CertStore)
@@ -152,25 +152,25 @@ void ma_ssl_end()
CertCloseStore(crl_CertStore, 0);
crl_CertStore = 0;
}
ma_ssl_initialized= FALSE;
ma_tls_initialized= FALSE;
pthread_mutex_unlock(&LOCK_schannel_config);
pthread_mutex_destroy(&LOCK_schannel_config);
}
return;
}
/* {{{ static int ma_ssl_set_client_certs(MARIADB_SSL *cssl) */
static int ma_ssl_set_client_certs(MARIADB_SSL *cssl)
/* {{{ static int ma_tls_set_client_certs(MARIADB_TLS *ctls) */
static int ma_tls_set_client_certs(MARIADB_TLS *ctls)
{
MYSQL *mysql= cssl->pvio->mysql;
MYSQL *mysql= ctls->pvio->mysql;
char *certfile= mysql->options.ssl_cert,
*keyfile= mysql->options.ssl_key,
*cafile= mysql->options.ssl_ca;
PCERT_CONTEXT ca_ctx= NULL;
PCRL_CONTEXT crl_ctx = NULL;
SC_CTX *sctx= (SC_CTX *)cssl->ssl;
MARIADB_PVIO *pvio= cssl->pvio;
SC_CTX *sctx= (SC_CTX *)ctls->ssl;
MARIADB_PVIO *pvio= ctls->pvio;
if (cafile)
{
@@ -194,7 +194,7 @@ static int ma_ssl_set_client_certs(MARIADB_SSL *cssl)
keyfile= certfile;
if (certfile && certfile[0])
if (!(sctx->client_cert_ctx = ma_schannel_create_cert_context(cssl->pvio, certfile)))
if (!(sctx->client_cert_ctx = ma_schannel_create_cert_context(ctls->pvio, certfile)))
goto end;
if (sctx->client_cert_ctx && keyfile[0])
@@ -229,8 +229,8 @@ end:
}
/* }}} */
/* {{{ void *ma_ssl_init(MARIADB_SSL *cssl, MYSQL *mysql) */
void *ma_ssl_init(MYSQL *mysql)
/* {{{ void *ma_tls_init(MARIADB_TLS *ctls, MYSQL *mysql) */
void *ma_tls_init(MYSQL *mysql)
{
SC_CTX *sctx= NULL;
@@ -249,7 +249,7 @@ void *ma_ssl_init(MYSQL *mysql)
my_bool ma_ssl_connect(MARIADB_SSL *cssl)
my_bool ma_tls_connect(MARIADB_TLS *ctls)
{
my_bool blocking;
MYSQL *mysql;
@@ -262,11 +262,11 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
pLocalCertContext= NULL;
ALG_ID AlgId[MAX_ALG_ID]= {0};
if (!cssl || !cssl->pvio)
if (!ctls || !ctls->pvio)
return 1;;
pvio= cssl->pvio;
sctx= (SC_CTX *)cssl->ssl;
pvio= ctls->pvio;
sctx= (SC_CTX *)ctls->ssl;
/* Set socket to blocking if not already set */
if (!(blocking= pvio->methods->is_blocking(pvio)))
@@ -274,7 +274,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
mysql= pvio->mysql;
if (ma_ssl_set_client_certs(cssl))
if (ma_tls_set_client_certs(ctls))
goto end;
ZeroMemory(&Cred, sizeof(SCHANNEL_CRED));
@@ -302,7 +302,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
Cred.dwVersion= SCHANNEL_CRED_VERSION;
if (mysql->options.extension)
Cred.dwMinimumCipherStrength = MAX(128, mysql->options.extension->ssl_cipher_strength);
Cred.dwMinimumCipherStrength = MAX(128, mysql->options.extension->tls_cipher_strength);
else
Cred.dwMinimumCipherStrength = 128;
Cred.dwFlags |= SCH_CRED_NO_SERVERNAME_CHECK | SCH_SEND_ROOT_CERT |
@@ -323,7 +323,7 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
}
sctx->FreeCredHdl= 1;
if (ma_schannel_client_handshake(cssl) != SEC_E_OK)
if (ma_schannel_client_handshake(ctls) != SEC_E_OK)
goto end;
sRet= QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (PVOID)&pRemoteCertContext);
@@ -350,9 +350,9 @@ end:
return 1;
}
size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length)
{
SC_CTX *sctx= (SC_CTX *)cssl->ssl;
SC_CTX *sctx= (SC_CTX *)ctls->ssl;
MARIADB_PVIO *pvio= sctx->mysql->net.pvio;
DWORD dlength= -1;
@@ -360,9 +360,9 @@ size_t ma_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
return dlength;
}
size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
size_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length)
{
SC_CTX *sctx= (SC_CTX *)cssl->ssl;
SC_CTX *sctx= (SC_CTX *)ctls->ssl;
MARIADB_PVIO *pvio= sctx->mysql->net.pvio;
size_t rc, wlength= 0;
size_t remain= length;
@@ -377,10 +377,10 @@ size_t ma_ssl_write(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
return length;
}
/* {{{ my_bool ma_ssl_close(MARIADB_PVIO *pvio) */
my_bool ma_ssl_close(MARIADB_SSL *cssl)
/* {{{ my_bool ma_tls_close(MARIADB_PVIO *pvio) */
my_bool ma_tls_close(MARIADB_TLS *ctls)
{
SC_CTX *sctx= (SC_CTX *)cssl->ssl;
SC_CTX *sctx= (SC_CTX *)ctls->ssl;
if (sctx)
{
@@ -396,10 +396,10 @@ my_bool ma_ssl_close(MARIADB_SSL *cssl)
}
/* }}} */
int ma_ssl_verify_server_cert(MARIADB_SSL *cssl)
int ma_tls_verify_server_cert(MARIADB_TLS *ctls)
{
SC_CTX *sctx= (SC_CTX *)cssl->ssl;
MARIADB_PVIO *pvio= cssl->pvio;
SC_CTX *sctx= (SC_CTX *)ctls->ssl;
MARIADB_PVIO *pvio= ctls->pvio;
int rc= 1;
char *szName= NULL;
char *pszServerName= pvio->mysql->host;
@@ -461,17 +461,17 @@ end:
return rc;
}
const char *ma_ssl_get_cipher(MARIADB_SSL *cssl)
const char *ma_tls_get_cipher(MARIADB_TLS *ctls)
{
SecPkgContext_ConnectionInfo cinfo;
SECURITY_STATUS sRet;
SC_CTX *sctx;
DWORD i= 0;
if (!cssl || !cssl->ssl)
if (!ctls || !ctls->ssl)
return NULL;
sctx= (SC_CTX *)cssl->ssl;
sctx= (SC_CTX *)ctls->ssl;
sRet= QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_CONNECTION_INFO, (PVOID)&cinfo);
if (sRet != SEC_E_OK)
@@ -486,9 +486,9 @@ const char *ma_ssl_get_cipher(MARIADB_SSL *cssl)
return NULL;
}
unsigned int ma_ssl_get_finger_print(MARIADB_SSL *cssl, unsigned char *fp, unsigned int len)
unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, unsigned char *fp, unsigned int len)
{
SC_CTX *sctx= (SC_CTX *)cssl->ssl;
SC_CTX *sctx= (SC_CTX *)ctls->ssl;
PCCERT_CONTEXT pRemoteCertContext = NULL;
if (QueryContextAttributes(&sctx->ctxt, SECPKG_ATTR_REMOTE_CERT_CONTEXT, (PVOID)&pRemoteCertContext) != SEC_E_OK)
return 0;

4
plugins/auth/my_auth.c
View File

@@ -189,8 +189,8 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
if (mysql->options.use_ssl && !(mysql->server_capabilities & CLIENT_SSL))
{
if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) ||
(mysql->options.extension && (mysql->options.extension->ssl_fp ||
mysql->options.extension->ssl_fp_list)))
(mysql->options.extension && (mysql->options.extension->tls_fp ||
mysql->options.extension->tls_fp_list)))
{
my_set_error(mysql, CR_SSL_CONNECTION_ERROR, SQLSTATE_UNKNOWN,
ER(CR_SSL_CONNECTION_ERROR),

2
unittest/libmariadb/connection.c
View File

@@ -841,7 +841,7 @@ static int test_get_options(MYSQL *my)
int options_char[]= {MYSQL_READ_DEFAULT_FILE, MYSQL_READ_DEFAULT_GROUP, MYSQL_SET_CHARSET_NAME,
MYSQL_OPT_SSL_KEY, MYSQL_OPT_SSL_CA, MYSQL_OPT_SSL_CERT, MYSQL_OPT_SSL_CAPATH,
MYSQL_OPT_SSL_CIPHER, MYSQL_OPT_BIND, MARIADB_OPT_SSL_FP, MARIADB_OPT_SSL_FP_LIST,
MARIADB_OPT_SSL_PASSPHRASE, 0};
MARIADB_OPT_TLS_PASSPHRASE, 0};
char *init_command[3]= {"SET @a:=1", "SET @b:=2", "SET @c:=3"};
int elements= 0;

10
unittest/libmariadb/ssl.c.in
View File

@@ -379,7 +379,7 @@ static int test_password_protected(MYSQL *my)
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/client-cert.pem",
"@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/ca-cert.pem", 0, 0);
mysql_options(mysql, MARIADB_OPT_SSL_PASSPHRASE, "qwerty");
mysql_options(mysql, MARIADB_OPT_TLS_PASSPHRASE, "qwerty");
FAIL_IF(!mysql_real_connect(mysql, hostname, ssluser, sslpw, schema,
port, socketname, 0), mysql_error(mysql));
@@ -780,12 +780,12 @@ static int test_ssl_version(MYSQL *mysql)
port, socketname, 0), mysql_error(my));
diag("cipher: %s", mysql_get_ssl_cipher(my));
mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION_ID, &iversion);
mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION_ID, &iversion);
diag("protocol: %d", iversion);
mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION, &version);
mariadb_get_infov(my, MARIADB_CONNECTION_TLS_VERSION, &version);
diag("protocol: %s", version);
mariadb_get_infov(my, MARIADB_SSL_LIBRARY, &library);
mariadb_get_infov(my, MARIADB_TLS_LIBRARY, &library);
diag("library: %s", library);
mysql_close(my);
@@ -806,7 +806,7 @@ static int test_schannel_cipher(MYSQL *mysql)
FAIL_IF(!my, "mysql_init() failed");
mysql_ssl_set(my,0, 0, "@CMAKE_SOURCE_DIR@/unittest/libmariadb/certs/ca-cert.pem", 0, 0);
mysql_options(my, MARIADB_OPT_SSL_CIPHER_STRENGTH, &cipher_strength);
mysql_options(my, MARIADB_OPT_TLS_CIPHER_STRENGTH, &cipher_strength);
FAIL_IF(!mysql_real_connect(my, hostname, ssluser, sslpw, schema,
port, socketname, 0), mysql_error(my));