MySQL 8.0.40
Source Code Documentation
viosslfactories.cc File Reference
#include <memory>
#include <sstream>
#include <string>
#include "m_ctype.h"
#include "my_dbug.h"
#include "my_inttypes.h"
#include "my_loglevel.h"
#include "mysql/service_mysql_alloc.h"
#include "mysys_err.h"
#include "vio/vio_priv.h"
#include <dh_ecdh_config.h>
#include "my_openssl_fips.h"

Classes

struct  CRYPTO_dynlock_value
 

Macros

#define TLS_VERSION_OPTION_SIZE   256
 

Typedefs

typedef struct CRYPTO_dynlock_value openssl_lock_t
 

Functions

static void report_errors ()
 
const char * sslGetErrString (enum enum_ssl_init_error e)
 
static int vio_set_cert_stuff (SSL_CTX *ctx, const char *cert_file, const char *key_file, enum enum_ssl_init_error *error)
 
static void openssl_lock (int mode, openssl_lock_t *lock, const char *file, int line)
 
static void openssl_lock_function (int mode, int n, const char *file, int line)
 
static openssl_lock_topenssl_dynlock_create (const char *file, int line)
 
static void openssl_dynlock_destroy (openssl_lock_t *lock, const char *file, int line)
 
static unsigned long openssl_id_function ()
 
static void init_ssl_locks ()
 
static void set_lock_callback_functions (bool init)
 
static void init_lock_callback_functions ()
 
static void deinit_lock_callback_functions ()
 
void vio_ssl_end ()
 
void ssl_start ()
 
long process_tls_version (const char *tls_version)
 
static struct st_VioSSLFdnew_VioSSLFd (const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *cipher, const char *ciphersuites, bool is_client, enum enum_ssl_init_error *error, const char *crl_file, const char *crl_path, const long ssl_ctx_flags, const char *server_host)
 
struct st_VioSSLFdnew_VioSSLConnectorFd (const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *cipher, const char *ciphersuites, enum enum_ssl_init_error *error, const char *crl_file, const char *crl_path, const long ssl_ctx_flags, const char *server_host)
 
struct st_VioSSLFdnew_VioSSLAcceptorFd (const char *key_file, const char *cert_file, const char *ca_file, const char *ca_path, const char *cipher, const char *ciphersuites, enum enum_ssl_init_error *error, const char *crl_file, const char *crl_path, const long ssl_ctx_flags)
 
void free_vio_ssl_acceptor_fd (struct st_VioSSLFd *fd)
 

Variables

static const char mandatory_p1 []
 
static const char optional_a1 []
 
static const char optional_a2 []
 
static const char optional_d1 []
 
static const char tls_cipher_blocked []
 
static bool ssl_initialized = false
 
static const char * ssl_error_string []
 
static PSI_rwlock_key key_rwlock_openssl
 
static PSI_rwlock_info openssl_rwlocks []
 
static openssl_lock_topenssl_stdlocks
 

Macro Definition Documentation

◆ TLS_VERSION_OPTION_SIZE

#define TLS_VERSION_OPTION_SIZE   256

Typedef Documentation

◆ openssl_lock_t

Function Documentation

◆ deinit_lock_callback_functions()

static void deinit_lock_callback_functions ( )
static

◆ free_vio_ssl_acceptor_fd()

void free_vio_ssl_acceptor_fd ( struct st_VioSSLFd fd)

◆ init_lock_callback_functions()

static void init_lock_callback_functions ( )
static

◆ init_ssl_locks()

static void init_ssl_locks ( )
static

◆ new_VioSSLAcceptorFd()

struct st_VioSSLFd * new_VioSSLAcceptorFd ( const char *  key_file,
const char *  cert_file,
const char *  ca_file,
const char *  ca_path,
const char *  cipher,
const char *  ciphersuites,
enum enum_ssl_init_error error,
const char *  crl_file,
const char *  crl_path,
const long  ssl_ctx_flags 
)

◆ new_VioSSLConnectorFd()

struct st_VioSSLFd * new_VioSSLConnectorFd ( const char *  key_file,
const char *  cert_file,
const char *  ca_file,
const char *  ca_path,
const char *  cipher,
const char *  ciphersuites,
enum enum_ssl_init_error error,
const char *  crl_file,
const char *  crl_path,
const long  ssl_ctx_flags,
const char *  server_host 
)

◆ new_VioSSLFd()

static struct st_VioSSLFd * new_VioSSLFd ( const char *  key_file,
const char *  cert_file,
const char *  ca_file,
const char *  ca_path,
const char *  cipher,
const char *  ciphersuites,
bool  is_client,
enum enum_ssl_init_error error,
const char *  crl_file,
const char *  crl_path,
const long  ssl_ctx_flags,
const char *  server_host 
)
static

◆ openssl_dynlock_create()

static openssl_lock_t * openssl_dynlock_create ( const char *  file,
int  line 
)
static

◆ openssl_dynlock_destroy()

static void openssl_dynlock_destroy ( openssl_lock_t lock,
const char *  file,
int  line 
)
static

◆ openssl_id_function()

static unsigned long openssl_id_function ( )
static

◆ openssl_lock()

static void openssl_lock ( int  mode,
openssl_lock_t lock,
const char *  file,
int  line 
)
static

◆ openssl_lock_function()

static void openssl_lock_function ( int  mode,
int  n,
const char *  file,
int  line 
)
static

◆ process_tls_version()

long process_tls_version ( const char *  tls_version)

◆ report_errors()

static void report_errors ( )
static

◆ set_lock_callback_functions()

static void set_lock_callback_functions ( bool  init)
static

◆ ssl_start()

void ssl_start ( void  )

◆ sslGetErrString()

const char * sslGetErrString ( enum enum_ssl_init_error  e)

◆ vio_set_cert_stuff()

static int vio_set_cert_stuff ( SSL_CTX *  ctx,
const char *  cert_file,
const char *  key_file,
enum enum_ssl_init_error error 
)
static

◆ vio_ssl_end()

void vio_ssl_end ( )

Variable Documentation

◆ key_rwlock_openssl

PSI_rwlock_key key_rwlock_openssl
static

◆ mandatory_p1

const char mandatory_p1[]
static
Initial value:
= {
"ECDHE-ECDSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES256-GCM-SHA384:"
"ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-AES128-SHA256:"
"ECDHE-RSA-AES128-SHA256"}

◆ openssl_rwlocks

PSI_rwlock_info openssl_rwlocks[]
static
Initial value:
= {
{&key_rwlock_openssl, "CRYPTO_dynlock_value::lock", 0, 0, nullptr}}
static PSI_rwlock_key key_rwlock_openssl
Definition: viosslfactories.cc:237

◆ openssl_stdlocks

openssl_lock_t* openssl_stdlocks
static

◆ optional_a1

const char optional_a1[]
static
Initial value:
= {
"ECDHE-RSA-AES256-GCM-SHA384:"
"ECDHE-ECDSA-AES256-SHA384:"
"ECDHE-RSA-AES256-SHA384:"
"DHE-RSA-AES128-GCM-SHA256:"
"DHE-DSS-AES128-GCM-SHA256:"
"DHE-RSA-AES128-SHA256:"
"DHE-DSS-AES128-SHA256:"
"DHE-DSS-AES256-GCM-SHA384:"
"DHE-RSA-AES256-SHA256:"
"DHE-DSS-AES256-SHA256:"
"DHE-RSA-AES256-GCM-SHA384"}

◆ optional_a2

const char optional_a2[]
static
Initial value:
= {
"DH-DSS-AES128-GCM-SHA256:"
"ECDH-ECDSA-AES128-GCM-SHA256:"
"DH-DSS-AES256-GCM-SHA384:"
"ECDH-ECDSA-AES256-GCM-SHA384:"
"DH-DSS-AES128-SHA256:"
"ECDH-ECDSA-AES128-SHA256:"
"DH-DSS-AES256-SHA256:"
"ECDH-ECDSA-AES256-SHA384:"
"DH-RSA-AES128-GCM-SHA256:"
"ECDH-RSA-AES128-GCM-SHA256:"
"DH-RSA-AES256-GCM-SHA384:"
"ECDH-RSA-AES256-GCM-SHA384:"
"DH-RSA-AES128-SHA256:"
"ECDH-RSA-AES128-SHA256:"
"DH-RSA-AES256-SHA256:"
"ECDH-RSA-AES256-SHA384"}

◆ optional_d1

const char optional_d1[]
static
Initial value:
= {
"ECDHE-RSA-AES128-SHA:"
"ECDHE-ECDSA-AES128-SHA:"
"ECDHE-RSA-AES256-SHA:"
"ECDHE-ECDSA-AES256-SHA:"
"DHE-DSS-AES128-SHA:"
"DHE-RSA-AES128-SHA:"
"DHE-DSS-AES256-SHA:"
"DHE-RSA-AES256-SHA:"
"DH-DSS-AES128-SHA:"
"ECDH-ECDSA-AES128-SHA:"
"AES256-SHA:"
"DH-DSS-AES256-SHA:"
"ECDH-ECDSA-AES256-SHA:"
"DH-RSA-AES128-SHA:"
"ECDH-RSA-AES128-SHA:"
"DH-RSA-AES256-SHA:"
"ECDH-RSA-AES256-SHA:"
"CAMELLIA256-SHA:"
"CAMELLIA128-SHA:"
"AES128-GCM-SHA256:"
"AES256-GCM-SHA384:"
"AES128-SHA256:"
"AES256-SHA256:"
"AES128-SHA"}

◆ ssl_error_string

const char* ssl_error_string[]
static
Initial value:
= {
"No error",
"Unable to get certificate",
"Unable to get private key",
"Private key does not match the certificate public key",
"SSL_CTX_set_default_verify_paths failed",
"Failed to set ciphers to use",
"SSL_CTX_new failed",
"SSL context is not usable without certificate and private key",
"SSL_CTX_set_tmp_dh failed",
"TLS version is invalid",
"Failed to set ecdh information",
"Failed to set X509 verification parameter"}

◆ ssl_initialized

bool ssl_initialized = false
static

◆ tls_cipher_blocked

const char tls_cipher_blocked[]
static
Initial value:
= {
"!aNULL:"
"!eNULL:"
"!EXPORT:"
"!LOW:"
"!MD5:"
"!DES:"
"!RC2:"
"!RC4:"
"!PSK:"
"!DES-CBC3-SHA:"
"!DHE-DSS-DES-CBC3-SHA:"
"!DHE-RSA-DES-CBC3-SHA:"
"!ECDH-RSA-DES-CBC3-SHA:"
"!ECDH-ECDSA-DES-CBC3-SHA:"
"!ECDHE-RSA-DES-CBC3-SHA:"
"!ECDHE-ECDSA-DES-CBC3-SHA:"
"!DH-RSA-DES-CBC3-SHA:"
"!DH-DSS-DES-CBC3-SHA"}