1 files changed, 161 insertions, 0 deletions

diff --git a/libmariadb/include/ma_tls.h b/libmariadb/include/ma_tls.h
new file mode 100644
index 00000000..9ce49e7c
--- /dev/null
+++ b/libmariadb/include/ma_tls.h
@@ -0,0 +1,161 @@
+#ifndef _ma_tls_h_
+#define _ma_tls_h_
+
+enum enum_pvio_tls_type {
+  SSL_TYPE_DEFAULT=0,
+#ifdef _WIN32
+  SSL_TYPE_SCHANNEL,
+#endif
+  SSL_TYPE_OPENSSL,
+  SSL_TYPE_GNUTLS
+};
+
+#define PROTOCOL_SSLV3    0
+#define PROTOCOL_TLS_1_0  1
+#define PROTOCOL_TLS_1_1  2
+#define PROTOCOL_TLS_1_2  3
+#define PROTOCOL_TLS_1_3  4
+#define PROTOCOL_UNKNOWN  5
+#define PROTOCOL_MAX PROTOCOL_TLS_1_3
+
+#define TLS_VERSION_LENGTH 64
+extern char tls_library_version[TLS_VERSION_LENGTH];
+
+typedef struct st_ma_pvio_tls {
+  void *data;
+  MARIADB_PVIO *pvio;
+  void *ssl;
+} MARIADB_TLS;
+
+/* Function prototypes */
+
+/* ma_tls_start
+   initializes the ssl library
+   Parameter:
+     errmsg      pointer to error message buffer
+     errmsg_len  length of error message buffer
+   Returns:
+     0           success
+     1           if an error occurred
+   Notes:
+     On success the global variable ma_tls_initialized will be set to 1
+*/
+int ma_tls_start(char *errmsg, size_t errmsg_len);
+
+/* ma_tls_end
+   unloads/deinitializes ssl library and unsets global variable
+   ma_tls_initialized
+*/
+void ma_tls_end(void);
+
+/* ma_tls_init
+   creates a new SSL structure for a SSL connection and loads
+   client certificates
+
+   Parameters:
+     MYSQL        a mysql structure
+   Returns:
+     void *       a pointer to internal SSL structure
+*/
+void * ma_tls_init(MYSQL *mysql);
+
+/* ma_tls_connect
+   performs SSL handshake
+   Parameters:
+     MARIADB_TLS   MariaDB SSL container
+   Returns:
+     0             success
+     1             error
+*/
+my_bool ma_tls_connect(MARIADB_TLS *ctls);
+
+/* ma_tls_read
+   reads up to length bytes from socket
+   Parameters:
+     ctls         MariaDB SSL container
+     buffer       read buffer
+     length       buffer length
+   Returns:
+     0-n          bytes read
+     -1           if an error occurred
+*/
+ssize_t ma_tls_read(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
+
+/* ma_tls_write
+   write buffer to socket
+   Parameters:
+     ctls         MariaDB SSL container
+     buffer       write buffer
+     length       buffer length
+   Returns:
+     0-n          bytes written
+     -1           if an error occurred
+*/
+ssize_t ma_tls_write(MARIADB_TLS *ctls, const uchar* buffer, size_t length);
+
+/* ma_tls_close
+   closes SSL connection and frees SSL structure which was previously
+   created by ma_tls_init call
+   Parameters:
+     MARIADB_TLS  MariaDB SSL container
+   Returns:
+     0            success
+     1            error
+*/
+my_bool ma_tls_close(MARIADB_TLS *ctls);
+
+/* ma_tls_verify_server_cert
+   validation check of server certificate
+   Parameter:
+     MARIADB_TLS  MariaDB SSL container
+   Returns:
+     ß            success
+     1            error
+*/
+int ma_tls_verify_server_cert(MARIADB_TLS *ctls);
+
+/* ma_tls_get_cipher
+   returns cipher for current ssl connection
+   Parameter:
+     MARIADB_TLS  MariaDB SSL container
+   Returns: 
+     cipher in use or
+     NULL on error
+*/
+const char *ma_tls_get_cipher(MARIADB_TLS *ssl);
+
+/* ma_tls_get_finger_print
+   returns SHA1 finger print of server certificate
+   Parameter:
+     MARIADB_TLS  MariaDB SSL container
+     fp           buffer for fingerprint
+     fp_len       buffer length
+   Returns:
+     actual size of finger print
+*/
+unsigned int ma_tls_get_finger_print(MARIADB_TLS *ctls, char *fp, unsigned int fp_len);
+
+/* ma_tls_get_protocol_version 
+   returns protocol version number in use
+   Parameter:
+     MARIADB_TLS    MariaDB SSL container
+   Returns:
+     protocol number
+*/
+int ma_tls_get_protocol_version(MARIADB_TLS *ctls);
+const char *ma_pvio_tls_get_protocol_version(MARIADB_TLS *ctls);
+int ma_pvio_tls_get_protocol_version_id(MARIADB_TLS *ctls);
+
+/* Function prototypes */
+MARIADB_TLS *ma_pvio_tls_init(MYSQL *mysql);
+my_bool ma_pvio_tls_connect(MARIADB_TLS *ctls);
+ssize_t ma_pvio_tls_read(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
+ssize_t ma_pvio_tls_write(MARIADB_TLS *ctls, const uchar *buffer, size_t length);
+my_bool ma_pvio_tls_close(MARIADB_TLS *ctls);
+int ma_pvio_tls_verify_server_cert(MARIADB_TLS *ctls);
+const char *ma_pvio_tls_cipher(MARIADB_TLS *ctls);
+my_bool ma_pvio_tls_check_fp(MARIADB_TLS *ctls, const char *fp, const char *fp_list);
+my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
+void ma_pvio_tls_end();
+
+#endif /* _ma_tls_h_ */