1 #ifndef _ma_tls_h_
2 #define _ma_tls_h_
3 
4 enum enum_pvio_tls_type {
5   SSL_TYPE_DEFAULT=0,
6 #ifdef _WIN32
7   SSL_TYPE_SCHANNEL,
8 #endif
9   SSL_TYPE_OPENSSL,
10   SSL_TYPE_GNUTLS
11 };
12 
13 #define PROTOCOL_SSLV3    0
14 #define PROTOCOL_TLS_1_0  1
15 #define PROTOCOL_TLS_1_1  2
16 #define PROTOCOL_TLS_1_2  3
17 #define PROTOCOL_TLS_1_3  4
18 #define PROTOCOL_UNKNOWN  5
19 #define PROTOCOL_MAX PROTOCOL_TLS_1_3
20 
21 #define TLS_VERSION_LENGTH 64
22 extern char tls_library_version[TLS_VERSION_LENGTH];
23 
24 typedef struct st_ma_pvio_tls {
25   void *data;
26   MARIADB_PVIO *pvio;
27   void *ssl;
28 } MARIADB_TLS;
29 
30 /* Function prototypes */
31 
32 /* ma_tls_start
33    initializes the ssl library
34    Parameter:
35      errmsg      pointer to error message buffer
36      errmsg_len  length of error message buffer
37    Returns:
38      0           success
39      1           if an error occurred
40    Notes:
41      On success the global variable ma_tls_initialized will be set to 1
42 */
43 int ma_tls_start(char *errmsg, size_t errmsg_len);
44 
45 /* ma_tls_end
46    unloads/deinitializes ssl library and unsets global variable
47    ma_tls_initialized
48 */
49 void ma_tls_end(void);
50 
51 /* ma_tls_init
52    creates a new SSL structure for a SSL connection and loads
53    client certificates
54 
55    Parameters:
56      MYSQL        a mysql structure
57    Returns:
58      void *       a pointer to internal SSL structure
59 */
60 void * ma_tls_init(MYSQL *mysql);
61 
62 /* ma_tls_connect
63    performs SSL handshake
64    Parameters:
65      MARIADB_TLS   MariaDB SSL container
66    Returns:
67      0             success
68      1             error
69 */
70 my_bool ma_tls_connect(MARIADB_TLS *ctls);
71 
72 /* ma_tls_read
73    reads up to length bytes from socket
74    Parameters:
75      ctls         MariaDB SSL container
76      buffer       read buffer
77      length       buffer length
78    Returns:
79      0-n          bytes read
80      -1           if an error occurred
81 */
82 ssize_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
83 
84 /* ma_tls_write
85    write buffer to socket
86    Parameters:
87      ctls         MariaDB SSL container
88      buffer       write buffer
89      length       buffer length
90    Returns:
91      0-n          bytes written
92      -1           if an error occurred
93 */
94 ssize_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
95 
96 /* ma_tls_close
97    closes SSL connection and frees SSL structure which was previously
98    created by ma_tls_init call
99    Parameters:
100      MARIADB_TLS  MariaDB SSL container
101    Returns:
102      0            success
103      1            error
104 */
105 my_bool ma_tls_close(MARIADB_TLS *ctls);
106 
107 /* ma_tls_verify_server_cert
108    validation check of server certificate
109    Parameter:
110      MARIADB_TLS  MariaDB SSL container
111    Returns:
112      ß            success
113      1            error
114 */
115 int ma_tls_verify_server_cert(MARIADB_TLS *ctls);
116 
117 /* ma_tls_get_cipher
118    returns cipher for current ssl connection
119    Parameter:
120      MARIADB_TLS  MariaDB SSL container
121    Returns:
122      cipher in use or
123      NULL on error
124 */
125 const char *ma_tls_get_cipher(MARIADB_TLS *ssl);
126 
127 /* ma_tls_get_finger_print
128    returns SHA1 finger print of server certificate
129    Parameter:
130      MARIADB_TLS  MariaDB SSL container
131      fp           buffer for fingerprint
132      fp_len       buffer length
133    Returns:
134      actual size of finger print
135 */
136 unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, char *fp, unsigned int fp_len);
137 
138 /* ma_tls_get_protocol_version
139    returns protocol version number in use
140    Parameter:
141      MARIADB_TLS    MariaDB SSL container
142    Returns:
143      protocol number
144 */
145 int ma_tls_get_protocol_version(MARIADB_TLS *ctls);
146 const char *ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls);
147 int ma_pvio_tls_get_protocol_version_id(MARIADB_TLS *ctls);
148 
149 /* Function prototypes */
150 MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql);
151 my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls);
152 ssize_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
153 ssize_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
154 my_bool ma_pvio_tls_close(MARIADB_TLS *ctls);
155 int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls);
156 const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls);
157 my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list);
158 my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
159 void ma_pvio_tls_end();
160 
161 #endif /* _ma_tls_h_ */
162