[MDEV-10953] Replace yassl Created: 2016-10-04  Updated: 2019-05-24  Resolved: 2018-06-12

Status: Closed
Project: MariaDB Server
Component/s: Encryption, SSL
Fix Version/s: N/A

Type: Task Priority: Major
Reporter: Georg Richter Assignee: Georg Richter
Resolution: Won't Fix Votes: 1
Labels: None

Issue Links:
PartOf
includes MDEV-10726 Official Windows builds do not suppor... Closed
Relates
relates to MDEV-18331 Use Libressl instead of yassl for WIT... Closed
relates to MDEV-18531 Use WolfSSL instead of YaSSL as "bund... Closed
relates to MDEV-16475 Remove yassl Closed

 Description   

Since yassl doesn't support TLS v1.2 protcol and lacks of certain cipher and modes, it should be replaced by GnuTLS and Windows native libraries (bcrypt, schannel).

Yassl is currently used for crypto (hash and encryption) and TLS communication, so we need to support the following components:

Hashing:

Replace existing hash functions (currently we have multiple function for different hash types) with generic wrapper functions:

ma_crypto_hash(hash_algorithm,digest,source,length)

Affects: server plugins, my_md5, my_sha1, my_sha2

Encryption/Decryption:

Instead of yassl the nettle library (used by GnuTLS) or bcrypt on Windows will be used. GnuTLS itself doesn't support all block cipher modes (like ECB).

Affects: server plugins, mysys_ssl, des_encrypt, des_decrypt

TLS communication

Both GNUTLS and Schannel support TLS protocols v1.0, v1.1 and v1.2, session caching and handshake renegotiation. Most parts could be ported from Connector/C which already supports GnuTLS and SChannel in client mode.

Affects: vio, status variables

 Comments   
Comment by Sergei Golubchik [ 2018-06-12 ]

Superseded by MDEV-16475

Generated at Thu Feb 08 07:46:11 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.