mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-19 13:32:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/vio/viossl.c
monty@mysql.com/narttu.mysql.fi 088e2395f1 WL#3817: Simplify string / memory area types and make things more consistent (first part) 
The following type conversions was done:

- Changed byte to uchar
- Changed gptr to uchar*
- Change my_string to char *
- Change my_size_t to size_t
- Change size_s to size_t

Removed declaration of byte, gptr, my_string, my_size_t and size_s. 

Following function parameter changes was done:
- All string functions in mysys/strings was changed to use size_t
  instead of uint for string lengths.
- All read()/write() functions changed to use size_t (including vio).
- All protocoll functions changed to use size_t instead of uint
- Functions that used a pointer to a string length was changed to use size_t*
- Changed malloc(), free() and related functions from using gptr to use void *
  as this requires fewer casts in the code and is more in line with how the
  standard functions work.
- Added extra length argument to dirname_part() to return the length of the
  created string.
- Changed (at least) following functions to take uchar* as argument:
  - db_dump()
  - my_net_write()
  - net_write_command()
  - net_store_data()
  - DBUG_DUMP()
  - decimal2bin() & bin2decimal()
- Changed my_compress() and my_uncompress() to use size_t. Changed one
  argument to my_uncompress() from a pointer to a value as we only return
  one value (makes function easier to use).
- Changed type of 'pack_data' argument to packfrm() to avoid casts.
- Changed in readfrm() and writefrom(), ha_discover and handler::discover()
  the type for argument 'frmdata' to uchar** to avoid casts.
- Changed most Field functions to use uchar* instead of char* (reduced a lot of
  casts).
- Changed field->val_xxx(xxx, new_ptr) to take const pointers.

Other changes:
- Removed a lot of not needed casts
- Added a few new cast required by other changes
- Added some cast to my_multi_malloc() arguments for safety (as string lengths
  needs to be uint, not size_t).
- Fixed all calls to hash-get-key functions to use size_t*. (Needed to be done
  explicitely as this conflict was often hided by casting the function to
  hash_get_key).
- Changed some buffers to memory regions to uchar* to avoid casts.
- Changed some string lengths from uint to size_t.
- Changed field->ptr to be uchar* instead of char*. This allowed us to
  get rid of a lot of casts.
- Some changes from true -> TRUE, false -> FALSE, unsigned char -> uchar
- Include zlib.h in some files as we needed declaration of crc32()
- Changed MY_FILE_ERROR to be (size_t) -1.
- Changed many variables to hold the result of my_read() / my_write() to be
  size_t. This was needed to properly detect errors (which are
  returned as (size_t) -1).
- Removed some very old VMS code
- Changed packfrm()/unpackfrm() to not be depending on uint size
  (portability fix)
- Removed windows specific code to restore cursor position as this
  causes slowdown on windows and we should not mix read() and pread()
  calls anyway as this is not thread safe. Updated function comment to
  reflect this. Changed function that depended on original behavior of
  my_pwrite() to itself restore the cursor position (one such case).
- Added some missing checking of return value of malloc().
- Changed definition of MOD_PAD_CHAR_TO_FULL_LENGTH to avoid 'long' overflow.
- Changed type of table_def::m_size from my_size_t to ulong to reflect that
  m_size is the number of elements in the array, not a string/memory
  length.
- Moved THD::max_row_length() to table.cc (as it's not depending on THD).
  Inlined max_row_length_blob() into this function.
- More function comments
- Fixed some compiler warnings when compiled without partitions.
- Removed setting of LEX_STRING() arguments in declaration (portability fix).
- Some trivial indentation/variable name changes.
- Some trivial code simplifications:
  - Replaced some calls to alloc_root + memcpy to use
    strmake_root()/strdup_root().
  - Changed some calls from memdup() to strmake() (Safety fix)
  - Simpler loops in client-simple.c
2007-05-10 12:59:39 +03:00

312 lines
7.9 KiB
C
Raw Blame History

/* Copyright (C) 2000 MySQL AB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
/*
Note that we can't have assertion on file descriptors; The reason for
this is that during mysql shutdown, another thread can close a file
we are working on. In this case we should just return read errors from
the file descriptior.
*/
#include "vio_priv.h"
#ifdef HAVE_OPENSSL
#ifdef __NETWARE__
/* yaSSL already uses BSD sockets */
#ifndef HAVE_YASSL
/*
The default OpenSSL implementation on NetWare uses WinSock.
This code allows us to use the BSD sockets.
*/
static int SSL_set_fd_bsd(SSL *s, int fd)
{
int result= -1;
BIO_METHOD *BIO_s_bsdsocket();
BIO *bio;
if ((bio= BIO_new(BIO_s_bsdsocket())))
{
result= BIO_set_fd(bio, fd, BIO_NOCLOSE);
SSL_set_bio(s, bio, bio);
}
return result;
}
#define SSL_set_fd(A, B) SSL_set_fd_bsd((A), (B))
#endif /* HAVE_YASSL */
#endif /* __NETWARE__ */
static void
report_errors(SSL* ssl)
{
unsigned long l;
const char *file;
const char *data;
int line, flags;
#ifndef DBUG_OFF
char buf[512];
#endif
DBUG_ENTER("report_errors");
while ((l= ERR_get_error_line_data(&file,&line,&data,&flags)))
{
DBUG_PRINT("error", ("OpenSSL: %s:%s:%d:%s\n", ERR_error_string(l,buf),
file,line,(flags&ERR_TXT_STRING)?data:"")) ;
}
if (ssl)
DBUG_PRINT("error", ("error: %s",
ERR_error_string(SSL_get_error(ssl, l), buf)));
DBUG_PRINT("info", ("socket_errno: %d", socket_errno));
DBUG_VOID_RETURN;
}
size_t vio_ssl_read(Vio *vio, uchar* buf, size_t size)
{
size_t r;
DBUG_ENTER("vio_ssl_read");
DBUG_PRINT("enter", ("sd: %d buf: 0x%lx size: %u ssl: 0x%lx",
vio->sd, (long) buf, (uint) size, (long) vio->ssl_arg));
r= SSL_read((SSL*) vio->ssl_arg, buf, size);
#ifndef DBUG_OFF
if (r == (size_t) -1)
report_errors((SSL*) vio->ssl_arg);
#endif
DBUG_PRINT("exit", ("%u", (uint) r));
DBUG_RETURN(r);
}
size_t vio_ssl_write(Vio *vio, const uchar* buf, size_t size)
{
size_t r;
DBUG_ENTER("vio_ssl_write");
DBUG_PRINT("enter", ("sd: %d buf: 0x%lx size: %u", vio->sd,
(long) buf, (uint) size));
r= SSL_write((SSL*) vio->ssl_arg, buf, size);
#ifndef DBUG_OFF
if (r == (size_t) -1)
report_errors((SSL*) vio->ssl_arg);
#endif
DBUG_PRINT("exit", ("%u", (uint) r));
DBUG_RETURN(r);
}
int vio_ssl_close(Vio *vio)
{
int r= 0;
SSL *ssl= (SSL*)vio->ssl_arg;
DBUG_ENTER("vio_ssl_close");
if (ssl)
{
switch ((r= SSL_shutdown(ssl))) {
case 1:
/* Shutdown successful */
break;
case 0:
/*
Shutdown not yet finished - since the socket is going to
be closed there is no need to call SSL_shutdown() a second
time to wait for the other side to respond
*/
break;
default: /* Shutdown failed */
DBUG_PRINT("vio_error", ("SSL_shutdown() failed, error: %d",
SSL_get_error(ssl, r)));
break;
}
}
DBUG_RETURN(vio_close(vio));
}
void vio_ssl_delete(Vio *vio)
{
if (!vio)
return; /* It must be safe to delete null pointer */
if (vio->type == VIO_TYPE_SSL)
vio_ssl_close(vio); /* Still open, close connection first */
if (vio->ssl_arg)
{
SSL_free((SSL*) vio->ssl_arg);
vio->ssl_arg= 0;
}
vio_delete(vio);
}
int sslaccept(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
SSL *ssl;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslaccept");
DBUG_PRINT("enter", ("sd: %d ptr: 0x%lx, timeout: %ld",
vio->sd, (long) ptr, timeout));
old_type= vio->type;
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors(ssl);
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
if (SSL_accept(ssl) < 1)
{
DBUG_PRINT("error", ("SSL_accept failure"));
report_errors(ssl);
SSL_free(ssl);
vio->ssl_arg= 0;
vio_reset(vio, old_type,vio->sd,0,FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
{
char buf[1024];
X509 *client_cert;
DBUG_PRINT("info",("cipher_name= '%s'", SSL_get_cipher_name(ssl)));
if ((client_cert= SSL_get_peer_certificate (ssl)))
{
DBUG_PRINT("info",("Client certificate:"));
X509_NAME_oneline (X509_get_subject_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: %s", buf));
X509_NAME_oneline (X509_get_issuer_name (client_cert),
buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: %s", buf));
X509_free (client_cert);
}
else
DBUG_PRINT("info",("Client does not have certificate."));
if (SSL_get_shared_ciphers(ssl, buf, sizeof(buf)))
{
DBUG_PRINT("info",("shared_ciphers: '%s'", buf));
}
else
DBUG_PRINT("info",("no shared ciphers!"));
}
#endif
DBUG_RETURN(0);
}
int sslconnect(struct st_VioSSLFd *ptr, Vio *vio, long timeout)
{
SSL *ssl;
my_bool unused;
my_bool net_blocking;
enum enum_vio_type old_type;
DBUG_ENTER("sslconnect");
DBUG_PRINT("enter", ("sd: %d ptr: 0x%lx ctx: 0x%lx",
vio->sd, (long) ptr, (long) ptr->ssl_context));
old_type= vio->type;
net_blocking= vio_is_blocking(vio);
vio_blocking(vio, 1, &unused); /* Must be called before reset */
vio_reset(vio, VIO_TYPE_SSL, vio->sd, 0, FALSE);
if (!(ssl= SSL_new(ptr->ssl_context)))
{
DBUG_PRINT("error", ("SSL_new failure"));
report_errors(ssl);
vio_reset(vio, old_type, vio->sd, 0, FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
vio->ssl_arg= (void*)ssl;
DBUG_PRINT("info", ("ssl: 0x%lx timeout: %ld", (long) ssl, timeout));
SSL_clear(ssl);
SSL_SESSION_set_timeout(SSL_get_session(ssl), timeout);
SSL_set_fd(ssl, vio->sd);
if (SSL_connect(ssl) < 1)
{
DBUG_PRINT("error", ("SSL_connect failure"));
report_errors(ssl);
SSL_free(ssl);
vio->ssl_arg= 0;
vio_reset(vio, old_type, vio->sd, 0, FALSE);
vio_blocking(vio, net_blocking, &unused);
DBUG_RETURN(1);
}
#ifndef DBUG_OFF
{
X509 *server_cert;
DBUG_PRINT("info",("cipher_name: '%s'" , SSL_get_cipher_name(ssl)));
if ((server_cert= SSL_get_peer_certificate (ssl)))
{
char buf[256];
DBUG_PRINT("info",("Server certificate:"));
X509_NAME_oneline(X509_get_subject_name(server_cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t subject: %s", buf));
X509_NAME_oneline (X509_get_issuer_name(server_cert), buf, sizeof(buf));
DBUG_PRINT("info",("\t issuer: %s", buf));
X509_free (server_cert);
}
else
DBUG_PRINT("info",("Server does not have certificate."));
}
#endif
DBUG_RETURN(0);
}
int vio_ssl_blocking(Vio *vio __attribute__((unused)),
my_bool set_blocking_mode,
my_bool *old_mode)
{
/* Mode is always blocking */
*old_mode= 1;
/* Return error if we try to change to non_blocking mode */
return (set_blocking_mode ? 0 : 1);
}
#endif /* HAVE_OPENSSL */
Reference in a new issue View git blame Copy permalink