Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement ED25519 auth for mysqlnd #14258

Open
h3ssan opened this issue May 17, 2024 · 3 comments
Open

Implement ED25519 auth for mysqlnd #14258

h3ssan opened this issue May 17, 2024 · 3 comments
Assignees
@SakiTakamachi
Labels
Extension: mysqlnd Feature

Comments

@h3ssan
Copy link

h3ssan commented May 17, 2024

Description

Overview

Since MariaDB 10.4 (released ~5 years ago) introduced an authentication method called auth_ed25519 and still supported till now in the latest versions of MariaDB which is now 11.3, here's official to read more about auth_ed25519

Right now, all MariaDB supported versions are support auth_ed25519 which as I said, since MariaDB 10.4

The Problem

As this code of PHP 8.1.0 ( Located in https://github.com/php/php-src/blob/php-8.1.0/ext/mysqlnd/mysqlnd_auth.c#L1315-L1326 ) mentioned below that auth_ed25519 is not supported yet.

/* {{{ mysqlnd_register_builtin_authentication_plugins */
void
mysqlnd_register_builtin_authentication_plugins(void)
{
	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_native_auth_plugin);
	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_pam_authentication_plugin);
#ifdef MYSQLND_HAVE_SSL
	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_caching_sha2_auth_plugin);
	mysqlnd_plugin_register_ex((struct st_mysqlnd_plugin_header *) &mysqlnd_sha256_authentication_plugin);
#endif
}
/* }}} */

Also, here's what official MariaDB said about mysql_native_password:

The Requested Features

  • Implement ED25519 authentication for MySQL Native Driver (mysqlnd)

More on this
@SakiTakamachi SakiTakamachi self-assigned this May 17, 2024
@nielsdos
Copy link
Member

I remember looking into this some time ago. And I noped out when I learned that MariaDB invented their own variant of ED25519: https://jira.mariadb.org/browse/MDEV-19217

@h3ssan
Copy link
Author

h3ssan commented May 18, 2024
edited

I remember looking into this some time ago. And I noped out when I learned that MariaDB invented their own variant of ED25519: https://jira.mariadb.org/browse/MDEV-19217

Hey @nielsdos
At some point MySQL will eventually implement ed25519 too. Since sha-1 is freaking weak nowadays they must implement a stronger mechanism for authentication.

@SakiTakamachi
Copy link
Member

SakiTakamachi commented May 20, 2024
edited

At least, MariaDB's deviates from standard ed25519, so I'm not sure if we should rush to deal with it now...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SakiTakamachi SakiTakamachi

Labels
Extension: mysqlnd Feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nielsdos @SakiTakamachi @h3ssan