1 #ifndef _ma_tls_h_ 2 #define _ma_tls_h_ 3 4 enum enum_pvio_tls_type { 5 SSL_TYPE_DEFAULT=0, 6 #ifdef _WIN32 7 SSL_TYPE_SCHANNEL, 8 #endif 9 SSL_TYPE_OPENSSL, 10 SSL_TYPE_GNUTLS 11 }; 12 13 #define PROTOCOL_SSLV3 0 14 #define PROTOCOL_TLS_1_0 1 15 #define PROTOCOL_TLS_1_1 2 16 #define PROTOCOL_TLS_1_2 3 17 #define PROTOCOL_TLS_1_3 4 18 #define PROTOCOL_UNKNOWN 5 19 #define PROTOCOL_MAX PROTOCOL_TLS_1_3 20 21 #define TLS_VERSION_LENGTH 64 22 extern char tls_library_version[TLS_VERSION_LENGTH]; 23 24 typedef struct st_ma_pvio_tls { 25 void *data; 26 MARIADB_PVIO *pvio; 27 void *ssl; 28 } MARIADB_TLS; 29 30 /* Function prototypes */ 31 32 /* ma_tls_start 33 initializes the ssl library 34 Parameter: 35 errmsg pointer to error message buffer 36 errmsg_len length of error message buffer 37 Returns: 38 0 success 39 1 if an error occurred 40 Notes: 41 On success the global variable ma_tls_initialized will be set to 1 42 */ 43 int ma_tls_start(char *errmsg, size_t errmsg_len); 44 45 /* ma_tls_end 46 unloads/deinitializes ssl library and unsets global variable 47 ma_tls_initialized 48 */ 49 void ma_tls_end(void); 50 51 /* ma_tls_init 52 creates a new SSL structure for a SSL connection and loads 53 client certificates 54 55 Parameters: 56 MYSQL a mysql structure 57 Returns: 58 void * a pointer to internal SSL structure 59 */ 60 void * ma_tls_init(MYSQL *mysql); 61 62 /* ma_tls_connect 63 performs SSL handshake 64 Parameters: 65 MARIADB_TLS MariaDB SSL container 66 Returns: 67 0 success 68 1 error 69 */ 70 my_bool ma_tls_connect(MARIADB_TLS *ctls); 71 72 /* ma_tls_read 73 reads up to length bytes from socket 74 Parameters: 75 ctls MariaDB SSL container 76 buffer read buffer 77 length buffer length 78 Returns: 79 0-n bytes read 80 -1 if an error occurred 81 */ 82 ssize_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length); 83 84 /* ma_tls_write 85 write buffer to socket 86 Parameters: 87 ctls MariaDB SSL container 88 buffer write buffer 89 length buffer length 90 Returns: 91 0-n bytes written 92 -1 if an error occurred 93 */ 94 ssize_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length); 95 96 /* ma_tls_close 97 closes SSL connection and frees SSL structure which was previously 98 created by ma_tls_init call 99 Parameters: 100 MARIADB_TLS MariaDB SSL container 101 Returns: 102 0 success 103 1 error 104 */ 105 my_bool ma_tls_close(MARIADB_TLS *ctls); 106 107 /* ma_tls_verify_server_cert 108 validation check of server certificate 109 Parameter: 110 MARIADB_TLS MariaDB SSL container 111 Returns: 112 ß success 113 1 error 114 */ 115 int ma_tls_verify_server_cert(MARIADB_TLS *ctls); 116 117 /* ma_tls_get_cipher 118 returns cipher for current ssl connection 119 Parameter: 120 MARIADB_TLS MariaDB SSL container 121 Returns: 122 cipher in use or 123 NULL on error 124 */ 125 const char *ma_tls_get_cipher(MARIADB_TLS *ssl); 126 127 /* ma_tls_get_finger_print 128 returns SHA1 finger print of server certificate 129 Parameter: 130 MARIADB_TLS MariaDB SSL container 131 fp buffer for fingerprint 132 fp_len buffer length 133 Returns: 134 actual size of finger print 135 */ 136 unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, char *fp, unsigned int fp_len); 137 138 /* ma_tls_get_protocol_version 139 returns protocol version number in use 140 Parameter: 141 MARIADB_TLS MariaDB SSL container 142 Returns: 143 protocol number 144 */ 145 int ma_tls_get_protocol_version(MARIADB_TLS *ctls); 146 const char *ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls); 147 int ma_pvio_tls_get_protocol_version_id(MARIADB_TLS *ctls); 148 149 /* Function prototypes */ 150 MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql); 151 my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls); 152 ssize_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length); 153 ssize_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length); 154 my_bool ma_pvio_tls_close(MARIADB_TLS *ctls); 155 int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls); 156 const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls); 157 my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list); 158 my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio); 159 void ma_pvio_tls_end(); 160 161 #endif /* _ma_tls_h_ */ 162