diff options
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/vio.c | 32 | ||||
| -rw-r--r-- | vio/vio_priv.h | 6 | ||||
| -rw-r--r-- | vio/viosocket.c | 142 | ||||
| -rw-r--r-- | vio/viossl.c | 65 | ||||
| -rw-r--r-- | vio/viosslfactories.c | 119 |
5 files changed, 248 insertions, 116 deletions
diff --git a/vio/vio.c b/vio/vio.c index b8bc7bdae08..bdb21077f44 100644 --- a/vio/vio.c +++ b/vio/vio.c @@ -1,4 +1,5 @@ /* Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2012, Monty Program Ab This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -49,6 +50,25 @@ static my_bool has_no_data(Vio *vio __attribute__((unused))) return FALSE; } +#ifdef _WIN32 +my_bool vio_shared_memory_has_data(Vio *vio) +{ + return (vio->shared_memory_remain > 0); +} + +int vio_shared_memory_shutdown(Vio *vio, int how) +{ + SetEvent(vio->event_conn_closed); + SetEvent(vio->event_server_wrote); + return 0; +} + +int vio_pipe_shutdown(Vio *vio, int how) +{ + return cancel_io(vio->hPipe, vio->thread_id); +} +#endif + /* * Helper to fill most of the Vio* with defaults. */ @@ -89,6 +109,7 @@ static void vio_init(Vio* vio, enum enum_vio_type type, vio->poll_read =no_poll_read; vio->is_connected =vio_is_connected_pipe; vio->has_data =has_no_data; + vio->shutdown =vio_pipe_shutdown; vio->timeout=vio_win32_timeout; /* Set default timeout */ @@ -116,7 +137,8 @@ static void vio_init(Vio* vio, enum enum_vio_type type, vio->poll_read =no_poll_read; vio->is_connected =vio_is_connected_shared_memory; - vio->has_data =has_no_data; + vio->has_data =vio_shared_memory_has_data; + vio->shutdown =vio_shared_memory_shutdown; /* Currently, shared memory is on Windows only, hence the below is ok*/ vio->timeout= vio_win32_timeout; @@ -145,6 +167,7 @@ static void vio_init(Vio* vio, enum enum_vio_type type, vio->poll_read =vio_poll_read; vio->is_connected =vio_is_connected; vio->has_data =vio_ssl_has_data; + vio->shutdown =vio_socket_shutdown; DBUG_VOID_RETURN; } #endif /* HAVE_OPENSSL */ @@ -163,6 +186,7 @@ static void vio_init(Vio* vio, enum enum_vio_type type, vio->timeout =vio_timeout; vio->poll_read =vio_poll_read; vio->is_connected =vio_is_connected; + vio->shutdown =vio_socket_shutdown; vio->has_data= (flags & VIO_BUFFERED_READ) ? vio_buff_has_data : has_no_data; DBUG_VOID_RETURN; @@ -287,5 +311,11 @@ void vio_end(void) { #ifdef HAVE_YASSL yaSSL_CleanUp(); +#elif defined(HAVE_OPENSSL) + // This one is needed on the client side + ERR_remove_state(0); + ERR_free_strings(); + EVP_cleanup(); + CRYPTO_cleanup_all_ex_data(); #endif } diff --git a/vio/vio_priv.h b/vio/vio_priv.h index 702ba4de38a..61a8ab150a9 100644 --- a/vio/vio_priv.h +++ b/vio/vio_priv.h @@ -2,6 +2,7 @@ #define VIO_PRIV_INCLUDED /* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2012, Monty Program Ab This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -39,6 +40,8 @@ size_t vio_read_pipe(Vio *vio, uchar * buf, size_t size); size_t vio_write_pipe(Vio *vio, const uchar * buf, size_t size); my_bool vio_is_connected_pipe(Vio *vio); int vio_close_pipe(Vio * vio); +int cancel_io(HANDLE handle, DWORD thread_id); +int vio_shutdown_pipe(Vio *vio,int how); #endif #ifdef HAVE_SMEM @@ -46,8 +49,11 @@ size_t vio_read_shared_memory(Vio *vio, uchar * buf, size_t size); size_t vio_write_shared_memory(Vio *vio, const uchar * buf, size_t size); my_bool vio_is_connected_shared_memory(Vio *vio); int vio_close_shared_memory(Vio * vio); +my_bool vio_shared_memory_has_data(Vio *vio); +int vio_shutdown_shared_memory(Vio *vio, int how); #endif +int vio_socket_shutdown(Vio *vio, int how); void vio_timeout(Vio *vio,uint which, uint timeout); my_bool vio_buff_has_data(Vio *vio); diff --git a/vio/viosocket.c b/vio/viosocket.c index 56aa84df5fc..baefa1c6d06 100644 --- a/vio/viosocket.c +++ b/vio/viosocket.c @@ -1,5 +1,6 @@ /* - Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2001, 2012, Oracle and/or its affiliates + Copyright (c) 2012, Monty Program Ab This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License @@ -29,6 +30,8 @@ #pragma comment(lib, "ws2_32.lib") #endif #include "vio_priv.h" +#include "my_context.h" +#include <mysql_async.h> #ifdef FIONREAD_IN_SYS_FILIO # include <sys/filio.h> @@ -49,12 +52,26 @@ size_t vio_read(Vio * vio, uchar* buf, size_t size) /* Ensure nobody uses vio_read_buff and vio_read simultaneously */ DBUG_ASSERT(vio->read_end == vio->read_pos); + if (vio->async_context && vio->async_context->active) + r= my_recv_async(vio->async_context, vio->sd, buf, size, vio->read_timeout); + else + { + if (vio->async_context) + { + /* + If switching from non-blocking to blocking API usage, set the socket + back to blocking mode. + */ + my_bool old_mode; + vio_blocking(vio, TRUE, &old_mode); + } #ifdef __WIN__ - r = recv(vio->sd, buf, size,0); + r = recv(vio->sd, buf, size,0); #else - errno=0; /* For linux */ - r = read(vio->sd, buf, size); + errno=0; /* For linux */ + r = read(vio->sd, buf, size); #endif /* __WIN__ */ + } #ifndef DBUG_OFF if (r == (size_t) -1) { @@ -121,11 +138,26 @@ size_t vio_write(Vio * vio, const uchar* buf, size_t size) DBUG_ENTER("vio_write"); DBUG_PRINT("enter", ("sd: %d buf: 0x%lx size: %u", vio->sd, (long) buf, (uint) size)); + if (vio->async_context && vio->async_context->active) + r= my_send_async(vio->async_context, vio->sd, buf, size, + vio->write_timeout); + else + { + if (vio->async_context) + { + /* + If switching from non-blocking to blocking API usage, set the socket + back to blocking mode. + */ + my_bool old_mode; + vio_blocking(vio, TRUE, &old_mode); + } #ifdef __WIN__ - r = send(vio->sd, buf, size,0); + r = send(vio->sd, buf, size,0); #else - r = write(vio->sd, buf, size); + r = write(vio->sd, buf, size); #endif /* __WIN__ */ + } #ifndef DBUG_OFF if (r == (size_t) -1) { @@ -136,6 +168,61 @@ size_t vio_write(Vio * vio, const uchar* buf, size_t size) DBUG_RETURN(r); } +#ifdef _WIN32 +static void CALLBACK cancel_io_apc(ULONG_PTR data) +{ + CancelIo((HANDLE)data); +} + +/* + Cancel IO on Windows. + + On XP, issue CancelIo as asynchronous procedure call to the thread that started + IO. On Vista+, simpler cancelation is done with CancelIoEx. +*/ + +int cancel_io(HANDLE handle, DWORD thread_id) +{ + static BOOL (WINAPI *fp_CancelIoEx) (HANDLE, OVERLAPPED *); + static volatile int first_time= 1; + int rc; + HANDLE thread_handle; + + if (first_time) + { + /* Try to load CancelIoEx using GetProcAddress */ + InterlockedCompareExchangePointer((volatile void *)&fp_CancelIoEx, + GetProcAddress(GetModuleHandle("kernel32"), "CancelIoEx"), NULL); + first_time =0; + } + + if (fp_CancelIoEx) + { + return fp_CancelIoEx(handle, NULL)? 0 :-1; + } + + thread_handle= OpenThread(THREAD_SET_CONTEXT, FALSE, thread_id); + if (thread_handle) + { + rc= QueueUserAPC(cancel_io_apc, thread_handle, (ULONG_PTR)handle); + CloseHandle(thread_handle); + } + return rc; + +} +#endif + +int vio_socket_shutdown(Vio *vio, int how) +{ + int ret= shutdown(vio->sd, how); +#ifdef _WIN32 + /* Cancel possible IO in progress (shutdown does not do that on Windows). */ + (void) cancel_io((HANDLE)vio->sd, vio->thread_id); +#endif + return ret; +} + + int vio_blocking(Vio * vio __attribute__((unused)), my_bool set_blocking_mode, my_bool *old_mode) { @@ -209,6 +296,11 @@ int vio_fastsend(Vio * vio __attribute__((unused))) int r=0; DBUG_ENTER("vio_fastsend"); + if (vio->type == VIO_TYPE_NAMEDPIPE ||vio->type == VIO_TYPE_SHARED_MEMORY) + { + DBUG_RETURN(0); + } + #if defined(IPTOS_THROUGHPUT) { int tos = IPTOS_THROUGHPUT; @@ -244,7 +336,7 @@ int vio_keepalive(Vio* vio, my_bool set_keep_alive) DBUG_ENTER("vio_keepalive"); DBUG_PRINT("enter", ("sd: %d set_keep_alive: %d", vio->sd, (int) set_keep_alive)); - if (vio->type != VIO_TYPE_NAMEDPIPE) + if (vio->type != VIO_TYPE_NAMEDPIPE && vio->type != VIO_TYPE_SHARED_MEMORY) { if (set_keep_alive) opt = 1; @@ -665,6 +757,8 @@ my_bool vio_poll_read(Vio *vio, uint timeout) { my_socket sd= vio->sd; DBUG_ENTER("vio_poll_read"); + if (vio->async_context && vio->async_context->active) + DBUG_RETURN(my_poll_read_async(vio->async_context, timeout)); #ifdef HAVE_OPENSSL if (vio->type == VIO_TYPE_SSL) sd= SSL_get_fd((SSL*) vio->ssl_arg); @@ -753,10 +847,31 @@ void vio_timeout(Vio *vio, uint which, uint timeout) thr_alarm or just run without read/write timeout(s) */ #endif + /* Make timeout values available for async operations. */ + if (which) + vio->write_timeout= timeout; + else + vio->read_timeout= timeout; } #ifdef __WIN__ +/* + Disable posting IO completion event to the port. + In some cases (synchronous timed IO) we want to skip IOCP notifications. +*/ +static void disable_iocp_notification(OVERLAPPED *overlapped) +{ + HANDLE *handle = &(overlapped->hEvent); + *handle = ((HANDLE)((ULONG_PTR) *handle|1)); +} + +/* Enable posting IO completion event to the port */ +static void enable_iocp_notification(OVERLAPPED *overlapped) +{ + HANDLE *handle = &(overlapped->hEvent); + *handle = (HANDLE)((ULONG_PTR) *handle & ~1); +} /* Finish pending IO on pipe. Honor wait timeout @@ -768,7 +883,7 @@ static size_t pipe_complete_io(Vio* vio, char* buf, size_t size, DWORD timeout_m DBUG_ENTER("pipe_complete_io"); - ret= WaitForSingleObject(vio->pipe_overlapped.hEvent, timeout_ms); + ret= WaitForSingleObjectEx(vio->pipe_overlapped.hEvent, timeout_ms, TRUE); /* WaitForSingleObjects will normally return WAIT_OBJECT_O (success, IO completed) or WAIT_TIMEOUT. @@ -798,7 +913,8 @@ size_t vio_read_pipe(Vio * vio, uchar *buf, size_t size) DBUG_ENTER("vio_read_pipe"); DBUG_PRINT("enter", ("sd: %d buf: 0x%lx size: %u", vio->sd, (long) buf, (uint) size)); - + + disable_iocp_notification(&vio->pipe_overlapped); if (ReadFile(vio->hPipe, buf, (DWORD)size, &bytes_read, &(vio->pipe_overlapped))) { @@ -808,13 +924,14 @@ size_t vio_read_pipe(Vio * vio, uchar *buf, size_t size) { if (GetLastError() != ERROR_IO_PENDING) { + enable_iocp_notification(&vio->pipe_overlapped); DBUG_PRINT("error",("ReadFile() returned last error %d", GetLastError())); DBUG_RETURN((size_t)-1); } retval= pipe_complete_io(vio, buf, size,vio->read_timeout_ms); } - + enable_iocp_notification(&vio->pipe_overlapped); DBUG_PRINT("exit", ("%lld", (longlong)retval)); DBUG_RETURN(retval); } @@ -827,7 +944,7 @@ size_t vio_write_pipe(Vio * vio, const uchar* buf, size_t size) DBUG_ENTER("vio_write_pipe"); DBUG_PRINT("enter", ("sd: %d buf: 0x%lx size: %u", vio->sd, (long) buf, (uint) size)); - + disable_iocp_notification(&vio->pipe_overlapped); if (WriteFile(vio->hPipe, buf, (DWORD)size, &bytes_written, &(vio->pipe_overlapped))) { @@ -835,6 +952,7 @@ size_t vio_write_pipe(Vio * vio, const uchar* buf, size_t size) } else { + enable_iocp_notification(&vio->pipe_overlapped); if (GetLastError() != ERROR_IO_PENDING) { DBUG_PRINT("vio_error",("WriteFile() returned last error %d", @@ -843,7 +961,7 @@ size_t vio_write_pipe(Vio * vio, const uchar* buf, size_t size) } retval= pipe_complete_io(vio, (char *)buf, size, vio->write_timeout_ms); } - + enable_iocp_notification(&vio->pipe_overlapped); DBUG_PRINT("exit", ("%lld", (longlong)retval)); DBUG_RETURN(retval); } diff --git a/vio/viossl.c b/vio/viossl.c index f68e20ff64c..5181f496768 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,9 +21,23 @@ */ #include "vio_priv.h" +#include "my_context.h" +#include <mysql_async.h> #ifdef HAVE_OPENSSL +#ifndef HAVE_YASSL +/* + yassl seem to be different here, SSL_get_error() value can be + directly passed to ERR_error_string(), and these errors don't go + into ERR_get_error() stack. + in openssl, apparently, SSL_get_error() values live in a different + namespace, one needs to use ERR_get_error() as an argument + for ERR_error_string(). +*/ +#define SSL_get_error(X,Y) ERR_get_error() +#endif + #ifndef DBUG_OFF static void @@ -44,8 +58,13 @@ report_errors(SSL* ssl) } if (ssl) - DBUG_PRINT("error", ("error: %s", - ERR_error_string(SSL_get_error(ssl, l), buf))); + { +#ifndef DBUG_OFF + int error= SSL_get_error(ssl, l); + DBUG_PRINT("error", ("error: %s (%d)", + ERR_error_string(error, buf), error)); +#endif + } DBUG_PRINT("info", ("socket_errno: %d", socket_errno)); DBUG_VOID_RETURN; @@ -61,7 +80,10 @@ size_t vio_ssl_read(Vio *vio, uchar* buf, size_t size) DBUG_PRINT("enter", ("sd: %d buf: 0x%lx size: %u ssl: 0x%lx", vio->sd, (long) buf, (uint) size, (long) vio->ssl_arg)); - r= SSL_read((SSL*) vio->ssl_arg, buf, size); + if (vio->async_context && vio->async_context->active) + r= my_ssl_read_async(vio->async_context, (SSL *)vio->ssl_arg, buf, size); + else + r= SSL_read((SSL*) vio->ssl_arg, buf, size); #ifndef DBUG_OFF if (r == (size_t) -1) report_errors((SSL*) vio->ssl_arg); @@ -78,7 +100,10 @@ size_t vio_ssl_write(Vio *vio, const uchar* buf, size_t size) DBUG_PRINT("enter", ("sd: %d buf: 0x%lx size: %u", vio->sd, (long) buf, (uint) size)); - r= SSL_write((SSL*) vio->ssl_arg, buf, size); + if (vio->async_context && vio->async_context->active) + r= my_ssl_write_async(vio->async_context, (SSL *)vio->ssl_arg, buf, size); + else + r= SSL_write((SSL*) vio->ssl_arg, buf, size); #ifndef DBUG_OFF if (r == (size_t) -1) report_errors((SSL*) vio->ssl_arg); @@ -119,7 +144,7 @@ int vio_ssl_close(Vio *vio) break; default: /* Shutdown failed */ DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d", - SSL_get_error(ssl, r))); + (int)SSL_get_error(ssl, r))); break; } } @@ -152,11 +177,6 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, SSL *ssl; my_bool unused; my_bool was_blocking; - /* Declared here to make compiler happy */ -#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) - int j, n; -#endif - DBUG_ENTER("ssl_do"); DBUG_PRINT("enter", ("ptr: 0x%lx, sd: %d ctx: 0x%lx", (long) ptr, vio->sd, (long) ptr->ssl_context)); @@ -175,27 +195,8 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, long timeout, SSL_clear(ssl); SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout); SSL_set_fd(ssl, vio->sd); -#if !defined(HAVE_YASSL) && defined(SSL_OP_NO_COMPRESSION) - SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); /* OpenSSL >= 1.0 only */ -#elif OPENSSL_VERSION_NUMBER >= 0x00908000L /* workaround for OpenSSL 0.9.8 */ - sk_SSL_COMP_zero(SSL_COMP_get_compression_methods()); -#endif - -#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) - { - STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; - ssl_comp_methods = SSL_COMP_get_compression_methods(); - n= sk_SSL_COMP_num(ssl_comp_methods); - DBUG_PRINT("info", ("Available compression methods:\n")); - if (n == 0) - DBUG_PRINT("info", ("NONE\n")); - else - for (j = 0; j < n; j++) - { - SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); - DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); - } - } +#if !defined(HAVE_YASSL) && defined(SSL_OP_NO_COMPRESSION) + SSL_set_options(ssl, SSL_OP_NO_COMPRESSION); #endif if ((r= connect_accept_func(ssl)) < 1) diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c index 3aa1c873163..2040c3432b8 100644 --- a/vio/viosslfactories.c +++ b/vio/viosslfactories.c @@ -1,4 +1,5 @@ -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. + Copyright (c) 2011, 2016, MariaDB This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,66 +17,52 @@ #include "vio_priv.h" #ifdef HAVE_OPENSSL +#ifndef HAVE_YASSL +#include <openssl/dh.h> +#include <openssl/bn.h> +#endif static my_bool ssl_algorithms_added = FALSE; static my_bool ssl_error_strings_loaded= FALSE; -/* - Diffie-Hellman key. - Generated using: >openssl dhparam -5 -C 2048 - - -----BEGIN DH PARAMETERS----- - MIIBCAKCAQEAil36wGZ2TmH6ysA3V1xtP4MKofXx5n88xq/aiybmGnReZMviCPEJ - 46+7VCktl/RZ5iaDH1XNG1dVQmznt9pu2G3usU+k1/VB4bQL4ZgW4u0Wzxh9PyXD - glm99I9Xyj4Z5PVE4MyAsxCRGA1kWQpD9/zKAegUBPLNqSo886Uqg9hmn8ksyU9E - BV5eAEciCuawh6V0O+Sj/C3cSfLhgA0GcXp3OqlmcDu6jS5gWjn3LdP1U0duVxMB - h/neTSCSvtce4CAMYMjKNVh9P1nu+2d9ZH2Od2xhRIqMTfAS1KTqF3VmSWzPFCjG - mjxx/bg6bOOjpgZapvB6ABWlWmRmAAWFtwIBBQ== - -----END DH PARAMETERS----- - */ -static unsigned char dh2048_p[]= -{ - 0x8A, 0x5D, 0xFA, 0xC0, 0x66, 0x76, 0x4E, 0x61, 0xFA, 0xCA, 0xC0, 0x37, - 0x57, 0x5C, 0x6D, 0x3F, 0x83, 0x0A, 0xA1, 0xF5, 0xF1, 0xE6, 0x7F, 0x3C, - 0xC6, 0xAF, 0xDA, 0x8B, 0x26, 0xE6, 0x1A, 0x74, 0x5E, 0x64, 0xCB, 0xE2, - 0x08, 0xF1, 0x09, 0xE3, 0xAF, 0xBB, 0x54, 0x29, 0x2D, 0x97, 0xF4, 0x59, - 0xE6, 0x26, 0x83, 0x1F, 0x55, 0xCD, 0x1B, 0x57, 0x55, 0x42, 0x6C, 0xE7, - 0xB7, 0xDA, 0x6E, 0xD8, 0x6D, 0xEE, 0xB1, 0x4F, 0xA4, 0xD7, 0xF5, 0x41, - 0xE1, 0xB4, 0x0B, 0xE1, 0x98, 0x16, 0xE2, 0xED, 0x16, 0xCF, 0x18, 0x7D, - 0x3F, 0x25, 0xC3, 0x82, 0x59, 0xBD, 0xF4, 0x8F, 0x57, 0xCA, 0x3E, 0x19, - 0xE4, 0xF5, 0x44, 0xE0, 0xCC, 0x80, 0xB3, 0x10, 0x91, 0x18, 0x0D, 0x64, - 0x59, 0x0A, 0x43, 0xF7, 0xFC, 0xCA, 0x01, 0xE8, 0x14, 0x04, 0xF2, 0xCD, - 0xA9, 0x2A, 0x3C, 0xF3, 0xA5, 0x2A, 0x83, 0xD8, 0x66, 0x9F, 0xC9, 0x2C, - 0xC9, 0x4F, 0x44, 0x05, 0x5E, 0x5E, 0x00, 0x47, 0x22, 0x0A, 0xE6, 0xB0, - 0x87, 0xA5, 0x74, 0x3B, 0xE4, 0xA3, 0xFC, 0x2D, 0xDC, 0x49, 0xF2, 0xE1, - 0x80, 0x0D, 0x06, 0x71, 0x7A, 0x77, 0x3A, 0xA9, 0x66, 0x70, 0x3B, 0xBA, - 0x8D, 0x2E, 0x60, 0x5A, 0x39, 0xF7, 0x2D, 0xD3, 0xF5, 0x53, 0x47, 0x6E, - 0x57, 0x13, 0x01, 0x87, 0xF9, 0xDE, 0x4D, 0x20, 0x92, 0xBE, 0xD7, 0x1E, - 0xE0, 0x20, 0x0C, 0x60, 0xC8, 0xCA, 0x35, 0x58, 0x7D, 0x3F, 0x59, 0xEE, - 0xFB, 0x67, 0x7D, 0x64, 0x7D, 0x8E, 0x77, 0x6C, 0x61, 0x44, 0x8A, 0x8C, - 0x4D, 0xF0, 0x12, 0xD4, 0xA4, 0xEA, 0x17, 0x75, 0x66, 0x49, 0x6C, 0xCF, - 0x14, 0x28, 0xC6, 0x9A, 0x3C, 0x71, 0xFD, 0xB8, 0x3A, 0x6C, 0xE3, 0xA3, - 0xA6, 0x06, 0x5A, 0xA6, 0xF0, 0x7A, 0x00, 0x15, 0xA5, 0x5A, 0x64, 0x66, - 0x00, 0x05, 0x85, 0xB7, -}; - -static unsigned char dh2048_g[]={ - 0x05, -}; - -static DH *get_dh2048(void) +/* the function below was generated with "openssl dhparam -2 -C 2048" */ +static +DH *get_dh2048() { + static unsigned char dh2048_p[]={ + 0xA1,0xBB,0x7C,0x20,0xC5,0x5B,0xC0,0x7B,0x21,0x8B,0xD6,0xA8, + 0x15,0xFC,0x3B,0xBA,0xAB,0x9F,0xDF,0x68,0xC4,0x79,0x78,0x0D, + 0xC1,0x12,0x64,0xE4,0x15,0xC9,0x66,0xDB,0xF6,0xCB,0xB3,0x39, + 0x02,0x5B,0x78,0x62,0xFB,0x09,0xAE,0x09,0x6B,0xDD,0xD4,0x5D, + 0x97,0xBC,0xDC,0x7F,0xE6,0xD6,0xF1,0xCB,0xF5,0xEB,0xDA,0xA7, + 0x2E,0x5A,0x43,0x2B,0xE9,0x40,0xE2,0x85,0x00,0x1C,0xC0,0x0A, + 0x98,0x77,0xA9,0x31,0xDE,0x0B,0x75,0x4D,0x1E,0x1F,0x16,0x83, + 0xCA,0xDE,0xBD,0x21,0xFC,0xC1,0x82,0x37,0x36,0x33,0x0B,0x66, + 0x06,0x3C,0xF3,0xAF,0x21,0x57,0x57,0x80,0xF6,0x94,0x1B,0xA9, + 0xD4,0xF6,0x8F,0x18,0x62,0x0E,0xC4,0x22,0xF9,0x5B,0x62,0xCC, + 0x3F,0x19,0x95,0xCF,0x4B,0x00,0xA6,0x6C,0x0B,0xAF,0x9F,0xD5, + 0xFA,0x3D,0x6D,0xDA,0x30,0x83,0x07,0x91,0xAC,0x15,0xFF,0x8F, + 0x59,0x54,0xEA,0x25,0xBC,0x4E,0xEB,0x6A,0x54,0xDF,0x75,0x09, + 0x72,0x0F,0xEF,0x23,0x70,0xE0,0xA8,0x04,0xEA,0xFF,0x90,0x54, + 0xCD,0x84,0x18,0xC0,0x75,0x91,0x99,0x0F,0xA1,0x78,0x0C,0x07, + 0xB7,0xC5,0xDE,0x55,0x06,0x7B,0x95,0x68,0x2C,0x33,0x39,0xBC, + 0x2C,0xD0,0x6D,0xDD,0xFA,0xDC,0xB5,0x8F,0x82,0x39,0xF8,0x67, + 0x44,0xF1,0xD8,0xF7,0x78,0x11,0x9A,0x77,0x9B,0x53,0x47,0xD6, + 0x2B,0x5D,0x67,0xB8,0xB7,0xBC,0xC1,0xD7,0x79,0x62,0x15,0xC2, + 0xC5,0x83,0x97,0xA7,0xF8,0xB4,0x9C,0xF6,0x8F,0x9A,0xC7,0xDA, + 0x1B,0xBB,0x87,0x07,0xA7,0x71,0xAD,0xB2,0x8A,0x50,0xF8,0x26, + 0x12,0xB7,0x3E,0x0B, + }; + static unsigned char dh2048_g[]={ + 0x02, + }; DH *dh; - if ((dh=DH_new())) - { - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); - if (! dh->p || ! dh->g) - { - DH_free(dh); - dh=0; - } - } + + if ((dh=DH_new()) == NULL) return(NULL); + dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); + dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); + if ((dh->p == NULL) || (dh->g == NULL)) + { DH_free(dh); return(NULL); } return(dh); } @@ -110,8 +97,7 @@ ssl_error_string[] = "Private key does not match the certificate public key", "SSL_CTX_set_default_verify_paths failed", "Failed to set ciphers to use", - "SSL_CTX_new failed", - "SSL_CTX_set_tmp_dh failed" + "SSL_CTX_new failed" }; const char* @@ -136,7 +122,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file, key_file= cert_file; if (cert_file && - SSL_CTX_use_certificate_file(ctx, cert_file, SSL_FILETYPE_PEM) <= 0) + SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) { *error= SSL_INITERR_CERT; DBUG_PRINT("error",("%s from file '%s'", sslGetErrString(*error), cert_file)); @@ -221,8 +207,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file, DBUG_RETURN(0); if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client_method ? - TLSv1_client_method() : - TLSv1_server_method()))) + SSLv23_client_method() : + SSLv23_server_method()))) { *error= SSL_INITERR_MEMFAIL; DBUG_PRINT("error", ("%s", sslGetErrString(*error))); @@ -288,17 +274,8 @@ new_VioSSLFd(const char *key_file, const char *cert_file, } /* DH stuff */ - dh= get_dh2048(); - if (SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh) == 0) - { - *error= SSL_INITERR_DHFAIL; - DBUG_PRINT("error", ("%s", sslGetErrString(*error))); - report_errors(); - DH_free(dh); - SSL_CTX_free(ssl_fd->ssl_context); - my_free(ssl_fd); - DBUG_RETURN(0); - } + dh=get_dh2048(); + SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh); DH_free(dh); DBUG_PRINT("exit", ("OK 1")); |