[CONC-312] Implement caching_sha2_password plugin - Jira

Details

Type: Task
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.8, 3.1.0
Component/s: None
Labels:
None

Description

MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin:

Workflow:

1) Server sends scramble packet
2) Clients generates a sha256 hashed authentication string with the following mechanism:

  digest1= sha256(password)

  digest2= sha256(digest1)

  digest3= sha256(digest2, scramble)

  digest4= xor(digest1, digest3)

3) Client sends digest4 as authentication string

On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP.

Attachments

Issue Links

relates to

CONC-229 SHA256 authentication plugin

Closed

CONJ-327 Handle sha256_password plugin

Closed

CONJ-663 Implement caching_sha2_password plugin

Closed

CONJS-76 Implement sha256_password support

Closed

CONJS-77 Implement caching_sha256_password support

Closed

MDEV-9804 Implement a caching_sha256_password plugin

Open

MXS-1325 Add sha256_password authenticator

Closed

ODBC-241 Add parameter that corresponds to MYSQL_SERVER_PUBLIC_KEY option from MariaDB Connector/C

Closed

(3 relates to)

Activity

Ascending order - Click to sort in descending order

Georg Richter created issue - 2018-02-20 20:31

Georg Richter made changes - 2018-02-20 20:32

Field	Original Value	New Value
Description	MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin: Workflow: 1) Server sends scramble packet 2) Clients generates a sha256 hashed authentication string with the following mechanism: digest1= sha256(password) digest2= sha256(digest1) digest3= sha256(digest2, scramble) digest4= xor(digest1, digest3) 3) Client sends digest4 as authentication string On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP.	MySQL 8.0 introduced a new authentication plugin "caching_sha2_password" plugin, which is enabled by default and will be used as standard plugin: Workflow: 1) Server sends scramble packet 2) Clients generates a sha256 hashed authentication string with the following mechanism: {noformat} digest1= sha256(password) digest2= sha256(digest1) digest3= sha256(digest2, scramble) digest4= xor(digest1, digest3) {noformat} 3) Client sends digest4 as authentication string On success server sends a packet with length=1 and content=3. In case the password was not cached, server requires same authentication mechanism as in sha256_password with a little difference, the padding algorithm is PKCS1 v1.5 padding instead of OAEP.

Georg Richter added a comment - 2018-03-06 10:36

https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd

Georg Richter added a comment - 2018-03-06 10:36 https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd

Georg Richter made changes - 2018-03-06 10:36

Status

Open [ 1 ]

In Progress [ 3 ]

Georg Richter added a comment - 2018-03-06 10:36

commit: https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd

Georg Richter added a comment - 2018-03-06 10:36 commit: https://github.com/9EOR9/mariadb-connector-c/commit/aeb411107797179f2a725362ba86ab48665230fd

Georg Richter made changes - 2018-03-06 10:36

Assignee	Georg Richter [ georg ]	Vladislav Vaintroub [ wlad ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Vladislav Vaintroub made changes - 2018-03-06 11:15

Assignee	Vladislav Vaintroub [ wlad ]	Georg Richter [ georg ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Georg Richter made changes - 2018-04-18 11:22

Fix Version/s		3.0.5 [ 23023 ]
Fix Version/s	3.0.4 [ 22922 ]

Georg Richter made changes - 2018-06-14 06:01

Resolution		Won't Fix [ 2 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Honza Horak added a comment - 2018-08-01 07:00

Georg, I'm wondering what was the reason to close this issue as WONTFIX. It would make sense to me to have this capability in the mariadb connector. This way, the mariadb connector cannot connect to the MySQL that is run with the default configuration.

Honza Horak added a comment - 2018-08-01 07:00 Georg, I'm wondering what was the reason to close this issue as WONTFIX. It would make sense to me to have this capability in the mariadb connector. This way, the mariadb connector cannot connect to the MySQL that is run with the default configuration.

Sergei Golubchik made changes - 2018-10-02 10:02

Resolution	Won't Fix [ 2 ]
Status	Closed [ 6 ]	Stalled [ 10000 ]

Sergei Golubchik added a comment - 2018-10-02 10:03

Reopened. Let's have caching_sha2_password plugin for compatibility reasons

Sergei Golubchik added a comment - 2018-10-02 10:03 Reopened. Let's have caching_sha2_password plugin for compatibility reasons

Georg Richter made changes - 2018-10-02 10:26

Fix Version/s		3.1.0 [ 22519 ]
Fix Version/s	3.0.5 [ 23023 ]

Georg Richter made changes - 2018-10-04 15:11

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Rasmus Johansson (Inactive) made changes - 2018-10-08 11:39

Priority

Major [ 3 ]

Critical [ 2 ]

Georg Richter added a comment - 2018-10-10 13:51

The caching_sha2_plugin doesn't work with GnuTLS, since neither GnuTLS nor libnettle provide the required rsa encryption with OAEP padding functionality.

Georg Richter added a comment - 2018-10-10 13:51 The caching_sha2_plugin doesn't work with GnuTLS, since neither GnuTLS nor libnettle provide the required rsa encryption with OAEP padding functionality.

Georg Richter made changes - 2018-10-10 13:51

issue.field.resolutiondate

2018-10-10 13:51:08.0

2018-10-10 13:51:08.722

Georg Richter made changes - 2018-10-10 13:51

Resolution		Fixed [ 1 ]
Status	In Progress [ 3 ]	Closed [ 6 ]

Georg Richter made changes - 2018-11-27 06:54

Fix Version/s

3.0.8 [ 23233 ]

Georg Richter added a comment - 2018-12-01 07:58

Pushed into 3.0 branch (will be available in C/C 3.0.8)

Georg Richter added a comment - 2018-12-01 07:58 Pushed into 3.0 branch (will be available in C/C 3.0.8)

Ryan Leach made changes - 2018-12-02 15:25

Link

This issue relates to ~~CONJ-663~~ [ ~~CONJ-663~~ ]

Geoff Montee (Inactive) made changes - 2019-01-17 20:00

Link

This issue relates to MDEV-9804 [ MDEV-9804 ]

Geoff Montee (Inactive) made changes - 2019-01-17 20:00

Link

This issue relates to ~~CONC-229~~ [ ~~CONC-229~~ ]

Geoff Montee (Inactive) made changes - 2019-04-04 22:38

Link

This issue relates to ~~ODBC-241~~ [ ~~ODBC-241~~ ]

Geoff Montee (Inactive) made changes - 2019-04-04 22:39

Link

This issue relates to ~~CONJ-327~~ [ ~~CONJ-327~~ ]

Geoff Montee (Inactive) made changes - 2019-04-04 22:41

Link

This issue relates to ~~MXS-1325~~ [ ~~MXS-1325~~ ]

Geoff Montee (Inactive) made changes - 2019-05-20 22:40

Link

This issue relates to ~~CONJS-77~~ [ ~~CONJS-77~~ ]

Geoff Montee (Inactive) made changes - 2019-05-20 22:40

Link

This issue relates to ~~CONJS-76~~ [ ~~CONJS-76~~ ]

Julien Fritsch made changes - 2022-01-11 15:33

Workflow

MariaDB connectors [ 85671 ]

MariaDB v4 [ 161100 ]

People

Assignee:: Georg Richter

Reporter:: Georg Richter

Votes:: 3 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 2018-02-20 20:31

Updated:: 2019-05-20 22:40

Resolved:: 2018-10-10 13:51

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.