Some research show that X18 is mentioned as a platform-reserved
register on most non-linux platforms, including MacOS, Windows, and
FreeBSD. So only put it in the clobber list in Linux.
Note that the ma_context.c code does not itself use the X18 register
in any way. On platforms where X18 is reserved, the co-routine code
will preserve it. On platforms where co-routine code can modify X18,
it does not need to be preserved. Putting X18 in the clobber list is
only to avoid GCC itself generating code that requires that X18 is
preserved.
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
X18 is a platform-reserved register on Android, not a callee-save
register. So it will not be touched by the spawned/resumed co-routine
and must not be included in the GCC asm clobber list on this platform.
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
Fixed different behavior of pvio_is_alive (which was first used
with fix of CONC-589). Both for sockets and named pipe the function
now returns true if the connection is alive, otherwise false.
Increase the default stack size for co-routines to 256 kByte. It was 60
kByte, which was too small for glibc getaddrinfo() when using mdns.
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
Also CONC-754.
Depending on compiler options (eg. -fno-dwarf2-cfi-asm), the compiler may
not output .cfi_startproc / .cfi_endproc in generated assember, and this
causes a build error on the .cfi_escape directive put in my_context_spawn()
on systems with DWARF support.
Fix by using the proper preprocessor macro __GCC_HAVE_DWARF2_CFI_ASM to test
for .cfi_escape support, rather than crafted check for various compiler
brands and versions. Though this macro is only available in clang since
version 13.0.0, so unconditionally include the .cfi_escape in earlier clang
versions.
Thanks to Rainer Orth for the suggested fix.
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
If automatic reconnect is enabled (MYSQL_OPT_RECONNECT) it is
mandatory to check if the connection/socket is still alive before
sending a command to the server (unless the command is COM_QUIT).
Since Item_result enumerations are also used by MariaDB server, we
moved them back to mariadb_com.h.
Item_result is not used in Connector/C 3.3 and above for replication
api.
- Added TLSv1.3 ciphers to cipher map.
- Fixed retrieval of cipher suite: Since gnutls_cipher_suite_get_name
supports only TLSv1.2 (and lower) cipher suites, we have to call
gnutls_ciphersuite_get() (requires GnuTLS 3.7.4 or newer).
If a resultset in binary protpcpl doesn't contain data
(fields equal zero) and there are no more pending
result sets we need to change the statement status to
FETCH_DONE, otherwise it will be impossible to execute
other commands until the statement was closed.
FROM_UNIXTIME() function always returns AUTO_SEC_PART_DIGITS
(value=39). In case the microsecond value was set in MYSQL_TIME,
the decimal part should be SEC_PART_DIGITS (=6).
Add fallback if CryptAcquireContext fails with ERROR_ACCESS_DENIED,
as seen in Jenkins CI.
The fallback, also suggested by https://stackoverflow.com/a/14053718/547065,
is to retry with machine-wide key container, if user-specific fails.
Follow-up patch to fix copy-paste error that causes incorrect restore of
registers in my_context_continue which can cause crashes on arm64.
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
declare plugin structures using their correct type.
Fixes errors like
./libmariadb/libmariadb/ma_client_plugin.c:86:39: error: type of ‘pvio_socket_client_plugin’ does not match original declaration [-Werror=lto-type-mismatch]
./libmariadb/plugins/pvio/pvio_socket.c:141:21: note: type ‘struct MARIADB_PVIO_PLUGIN’ should match type ‘struct st_mysql_client_plugin’
Approved by: Georg Richter <georg@mariadb.com>
The non-blocking API has native (assembler) implementations for x86_64,
i386, and (with recent patch) aarch64; these implementations are the most
efficient. For other architectures, a fallback to ucontext is supported.
But ucontext is not the most efficient, and it is not available on all
platforms (it has been deprecated in POSIX). The boost::context library
provides an alternative fallback that is available on more architectures and
should be more efficient than ucontext (if still not quite as fast as the
native support).
This patch adds a CMake option -DWITH_BOOST_CONTEXT=ON that adds
boost::context as a dependency of libmariadb to provide a fallback on
non-natively supported architectures. Boost::context is preferred over
ucontext when both are available.
The option is off by default and must be explicitly enabled by the
user. This avoids introducing a C++ dependency (including dependency
on a C++ compiler and on libstdc++) unless explicitly requested by the
user (libmariadb is otherwise C-only).
Tested-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
Implement native my_context for arm64 (aarch64). This is more
efficient than ucontext, and also makes the non-blocking API available
on arm64 platforms that do not have ucontext such as OpenBSD.
Tested-by: Brad Smith <brad@comstyle.com>
Signed-off-by: Kristian Nielsen <knielsen@knielsen-hq.org>
Use SCH_CREDENTIAL structure, to support TLSv1.3
Allow TLSv1.3 starting with Windows 11 / Server 2022, which are
first Windows releases to officially support latest TLS version
There is no real renegotiation in TLSv1.3 protocol, so it is
some internal schannel thing, that makes DecryptMessage() to return
SEC_I_RENEGOTIATE, to replay a handshake step.
This pops up when TLSv1.3 is enabled.
The bug happens only when connecting with SSL with client certificates.
Apparently if client certificates are used in TLS handshake,
private keys for cert should be loaded into named persistent
container.This is because AcquireCredentialsHandle is done partically
out-of-process in lsass.exe, and lsass wants to read private keys from disk
See discussion in https://github.com/dotnet/runtime/issues/23749
Schannel has legacy behavior for ephemeral keys, not involving lsass,
and this is why it worked for us so far, however there are limitations.
It appears to only use rsa_sha1 for signature verification, and newer
OpenSSL no longer allows SHA1 for it, and this ends up in
"algorithm mismatch" message from schannel.
The above is just my understanding of how it works, because there is no
real documentation, the conclusion is based on discussion in
https://github.com/dotnet/runtime/issues/23749
The fix:
So storing the key in persistent named container evidently fixes it,
and this is what is done in this patch. Care is takes to destroy
key container after key is no longer needed, to
avoid filling %AppData%\Roaming\Microsoft\Crypto\RSA with tiny encrypted
key files. Thus the "persistency window" of the key in container on disk
is only for duration of AcquireCredentialsHandle
