Parsec support for Windows uses bcrypt for deriving key from
hash value (using PBKDF2) and ma_crypto_sign from bundled ed25519
ref10 implementation for signing.
ed25519 ref10 implementation is now built as a separate object
library. Depending on the plugin configuration (dynamic or static)
it will be linked against plugin or against libmariadb.
This commit also fixes CONC-723 (CMake error when disabling
client_ed25519 plugin) and static build of client_ed25519
plugin.
realloc can't be done for mysql->passwd. There's also no pretty way to
pass the ext-salt into hash_password, so let's use thread_local instead.
For GCC < 4.9 (SLES 12, CentOS 7), which don't support _Thread_local,
pk will be recalculated instead
* extend the client auth plugin API with a new callback
* relax the plugin version check to allow load a plugin with the
same major version, even if the minor versions differ
* implement the protocol extension:
- don't abort at once if the certificate is self signed and
no CA was explicitly specified
- allow it if it passes fingerprint check
- allow it if plugin has hash_password_bin callback, password was
non-empty and the control hash matches server's
To avoid conflicts (and possible crashes) by duplicate symbols the function
crypto_sign was renamed to ma_crypto_sign.
Kudos to Peter van Dijk for reporting this issue.
By default Windows builds now use the native system crypto libraries used
by ed25519, caching_sha2_password and sha256_password authentication plugins.
Even if configuration option WITH_SSL=OFF was specified (or no TLS library was found) authentication plugins using crypto will be available.
