[MDEV-10953] Replace yassl - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Won't Fix
Fix Version/s: N/A
Component/s: Encryption, SSL
Labels:
None

Description

Since yassl doesn't support TLS v1.2 protcol and lacks of certain cipher and modes, it should be replaced by GnuTLS and Windows native libraries (bcrypt, schannel).

Yassl is currently used for crypto (hash and encryption) and TLS communication, so we need to support the following components:

Hashing:

Replace existing hash functions (currently we have multiple function for different hash types) with generic wrapper functions:

ma_crypto_hash(hash_algorithm,digest,source,length)

Affects: server plugins, my_md5, my_sha1, my_sha2

Encryption/Decryption:

Instead of yassl the nettle library (used by GnuTLS) or bcrypt on Windows will be used. GnuTLS itself doesn't support all block cipher modes (like ECB).

Affects: server plugins, mysys_ssl, des_encrypt, des_decrypt

TLS communication

Both GNUTLS and Schannel support TLS protocols v1.0, v1.1 and v1.2, session caching and handshake renegotiation. Most parts could be ported from Connector/C which already supports GnuTLS and SChannel in client mode.

Affects: vio, status variables

Attachments

Issue Links

includes

MDEV-10726 Official Windows builds do not support TLS 1.2

Closed

relates to

MDEV-18331 Use Libressl instead of yassl for WITH_SSL=bundled

Closed

MDEV-18531 Use WolfSSL instead of YaSSL as "bundled" SSL

Closed

MDEV-16475 Remove yassl

Closed

Activity

People

Assignee:: Georg Richter

Reporter:: Georg Richter

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2016-10-04 10:38

Updated:: 2019-05-24 00:26

Resolved:: 2018-06-12 16:51

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.