Merge branch 'master' of myrepo.no.oracle.com:mysql-connector-cpp

Author: Bogdan Degtyariov

cdk/extra/wolfssl/CMakeLists.txt

@@ -35,6 +35,42 @@ endif()
 INCLUDE_DIRECTORIES("${WOLFSSL_SOURCE_DIR}")
 
 
+#
+# Determine WolfSSL version
+#
+
+set(GETWOLFSSLVERSION_SOURCEFILE "${CMAKE_CURRENT_BINARY_DIR}/getwolfsslversion.c")
+file(WRITE "${GETWOLFSSLVERSION_SOURCEFILE}"
+       "#include <stdio.h>\n"
+       "#include <wolfssl/ssl.h>\n"
+       "int main() {\n"
+       "  printf(\"%s\",LIBWOLFSSL_VERSION_STRING);\n"
+       "}\n"
+)
+
+# Compile and run the created executable, store output in MYSQL_VERSION
+try_run(_run_result _compile_result
+  "${CMAKE_BINARY_DIR}"
+  "${GETWOLFSSLVERSION_SOURCEFILE}"
+  CMAKE_FLAGS "-DINCLUDE_DIRECTORIES:STRING=${WOLFSSL_SOURCE_DIR}"
+  RUN_OUTPUT_VARIABLE _WOLFSSL_VERSION
+)
+
+UNSET(OPENSSL_VERSION_GLOBAL CACHE)
+IF (_WOLFSSL_VERSION)
+  SET(WOLFSSL_VERSION_GLOBAL ${_WOLFSSL_VERSION} CACHE INTERNAL "WolfSSL Version")
+ENDIF()
+
+
+if (${WOLFSSL_VERSION_GLOBAL} VERSION_GREATER "3.15.6")
+    set(WOLFSSL_HAS_TLS13 true)
+    MESSAGE(STATUS "WOLFSSL TLSv1.3 enabled")
+else()
+    set(WOLFSSL_HAS_TLS13 false)
+    MESSAGE(STATUS "WOLFSSL TLSv1.3 disabled")
+endif()
+
+
 CHECK_TYPE_SIZE("long"      SIZEOF_LONG)
 CHECK_TYPE_SIZE("long long" SIZEOF_LONG_LONG)
 ADD_DEFINITIONS(-DSIZEOF_LONG=${SIZEOF_LONG} -DSIZEOF_LONG_LONG=${SIZEOF_LONG_LONG})
@@ -63,6 +99,25 @@ ADD_DEFINITIONS(
   -DWOLFSSL_CERT_GEN
 )
 
+if (WOLFSSL_HAS_TLS13)
+  ADD_DEFINITIONS(
+    -DWOLFSSL_TLS13
+    -DHAVE_TLS_EXTENSIONS
+    -DHAVE_SUPPORTED_CURVES
+    -DHAVE_FFDHE_2048
+    -DHAVE_HKDF
+    -DWC_RSA_PSS
+    -DHAVE_POLY1305
+    -DHAVE_ONE_TIME_AUTH
+    -DHAVE_CHACHA
+    -DHAVE_AESGCM
+    -DHAVE_AESCCM
+    -DSESSION_CERTS
+    )
+
+endif()
+
+
 SET(WOLFSSL_SOURCES ${WOLFSSL_SOURCE_DIR}/src/crl.c
                     ${WOLFSSL_SOURCE_DIR}/src/internal.c
                     ${WOLFSSL_SOURCE_DIR}/src/keys.c
@@ -72,6 +127,10 @@ SET(WOLFSSL_SOURCES ${WOLFSSL_SOURCE_DIR}/src/crl.c
                     ${WOLFSSL_SOURCE_DIR}/src/ocsp.c
                     ${WOLFSSL_SOURCE_DIR}/src/ssl.c )
 
+if (WOLFSSL_HAS_TLS13)
+  list(APPEND WOLFSSL_SOURCES ${WOLFSSL_SOURCE_DIR}/src/tls13.c)
+endif()
+
 add_library(wolfssl STATIC ${WOLFSSL_SOURCES})
 
 target_include_directories(wolfssl
@@ -175,29 +234,3 @@ add_library(wolfcrypto STATIC ${WOLFCRYPT_SOURCES})
 target_link_libraries(wolfssl INTERFACE wolfcrypto)
 
 
-#
-# Determine WolfSSL version
-#
-
-set(GETWOLFSSLVERSION_SOURCEFILE "${CMAKE_CURRENT_BINARY_DIR}/getwolfsslversion.c")
-file(WRITE "${GETWOLFSSLVERSION_SOURCEFILE}"
-       "#include <stdio.h>\n"
-       "#include <ssl.h>\n"
-       "int main() {\n"
-       "  printf(\"%s\", LIBWOLFSSL_VERSION_STRING);\n"
-       "}\n"
-)
-
-# Compile and run the created executable, store output in MYSQL_VERSION
-try_run(_run_result _compile_result
-  "${CMAKE_BINARY_DIR}"
-  "${GETWOLFSSLVERSION_SOURCEFILE}"
-  CMAKE_FLAGS "-DINCLUDE_DIRECTORIES:STRING=${SSL_INCLUDES}"
-  RUN_OUTPUT_VARIABLE _WOLFSSL_VERSION
-)
-
-
-UNSET(OPENSSL_VERSION_GLOBAL CACHE)
-IF (_WOLFSSL_VERSION)
-  SET(WOLFSSL_VERSION_GLOBAL ${_WOLFSSL_VERSION} CACHE INTERNAL "WolfSSL Version")
-ENDIF()

cdk/foundation/connection_openssl.cc

@@ -41,7 +41,8 @@ PUSH_SYS_WARNINGS_CDK
 #ifdef _WIN32
 #undef close
 #endif
-
+// Wolfssl needs this include because of the NID_commonName enum
+#include <wolfssl/wolfcrypt/asn.h>
 #else
 #include <openssl/err.h>
 #endif
@@ -153,6 +154,12 @@ static const char tls_cipher_blocked[]= "!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!DES:!R
                                         "!ECDH-RSA-DES-CBC3-SHA:!ECDH-ECDSA-DES-CBC3-SHA:"
                                         "!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:";
 
+static const char tls_cipher_suites[] ="TLS_AES_128_GCM_SHA256:"
+                                       "TLS_AES_256_GCM_SHA384:"
+                                       "TLS_CHACHA20_POLY1305_SHA256:"
+                                       "TLS_AES_128_CCM_SHA256:"
+                                       "TLS_AES_128_CCM_8_SHA256:";
+
 static void throw_openssl_error_msg(const char* msg)
 {
   throw cdk::foundation::Error(cdk::foundation::cdkerrc::tls_error,
@@ -275,6 +282,7 @@ void connection_TLS_impl::do_connect()
 #ifndef WITH_SSL_WOLFSSL
     const
 #endif
+
     SSL_METHOD* method = SSLv23_client_method();
 
     if (!method)
@@ -288,9 +296,19 @@ void connection_TLS_impl::do_connect()
     std::string cipher_list;
     cipher_list.append(tls_cipher_blocked);
     cipher_list.append(tls_ciphers_list);
+#ifdef WITH_SSL_WOLFSSL
+    cipher_list.append(tls_cipher_suites);
+#endif
 
     SSL_CTX_set_cipher_list(m_tls_ctx, cipher_list.c_str());
 
+#if !defined (WITH_SSL_WOLFSSL) && (OPENSSL_VERSION_NUMBER>=0x1010100fL)
+    //OpenSSL TLSv1.3
+    SSL_CTX_set_ciphersuites(m_tls_ctx, tls_cipher_suites);
+#endif
+
+
+
     if (m_options.ssl_mode()
         >=
         cdk::foundation::connection::TLS::Options::SSL_MODE::VERIFY_CA
@@ -436,6 +454,7 @@ void connection_TLS_impl::verify_server_cert()
   subject= X509_get_subject_name((X509 *) server_cert);
   // Find the CN location in the subject
   cn_loc= X509_NAME_get_index_by_NID(subject, NID_commonName, -1);
+
   if (cn_loc < 0)
   {
     throw_openssl_error_msg("Failed to get CN location in the certificate subject");
@@ -458,7 +477,7 @@ void connection_TLS_impl::verify_server_cert()
 #if OPENSSL_VERSION_NUMBER > 0x10100000L
   cn= ASN1_STRING_get0_data(cn_asn1);
 #else
-  cn= ASN1_STRING_data(cn_asn1);
+  cn= (const unsigned char*)(ASN1_STRING_data(cn_asn1));
 #endif
 
   // There should not be any NULL embedded in the CN

include/mysqlx/xapi.h

@@ -2836,7 +2836,9 @@ mysqlx_column_get_type(mysqlx_result_t *res, uint32_t pos);
   @param res result handle
   @param pos zero-based column number
 
-  @return column collation number. TODO: specify these
+  @return column collation number. The number matches the ID
+          in the INFORMATION_SCHEMA.COLLATIONS table.
+  @see https://dev.mysql.com/doc/mysql/en/collations-table.html
 
   @ingroup xapi_md
 */