commit: e8f3654620e584011f2d2f7f793b2ecdc01b2522
Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 17 00:22:44 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Aug 17 00:23:42 2019 +0000
URL: https://gitweb.gentoo.org/proj/mysql-extras.git/commit/?id=e8f36546
Add OpenSSL 1.1 support (compile only) for MySQL 5.6.x
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
..._all_mysql-5.6.44-add-openssl-1.1-support.patch | 221 +++++++++++++++++++++
1 file changed, 221 insertions(+)
diff --git a/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch
b/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch
new file mode 100644
index 0000000..bffcb31
--- /dev/null
+++ b/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch
@@ -0,0 +1,221 @@
+--- a/mysys_ssl/my_aes_openssl.cc
++++ b/mysys_ssl/my_aes_openssl.cc
+@@ -108,33 +108,54 @@ int my_aes_encrypt(const unsigned char *source, uint32
source_length,
+ const unsigned char *key, uint32 key_length,
+ enum my_aes_opmode mode, const unsigned char *iv)
+ {
+- EVP_CIPHER_CTX ctx;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ EVP_CIPHER_CTX ctx_value;
++ EVP_CIPHER_CTX *ctx= &ctx_value;
++#else
++ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
++ if (unlikely(!ctx))
++ return MY_AES_BAD_DATA;
++#endif
+ const EVP_CIPHER *cipher= aes_evp_type(mode);
+ int u_len, f_len;
+ /* The real key to be used for encryption */
+ unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
+ my_aes_create_key(key, key_length, rkey, mode);
+
+- if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
++ if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
++ && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
++ {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_CIPHER_CTX_free(ctx);
++#endif
+ return MY_AES_BAD_DATA;
++ }
+
+- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
++ if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
+ goto aes_error; /* Error */
+- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
++ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
+ goto aes_error; /* Error */
+- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
++ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
+ goto aes_error; /* Error */
+
+- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
++ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
+ goto aes_error; /* Error */
+
+- EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ EVP_CIPHER_CTX_cleanup(ctx);
++#else
++ EVP_CIPHER_CTX_free(ctx);
++#endif
+ return u_len + f_len;
+
+ aes_error:
+ /* need to explicitly clean up the error if we want to ignore it */
+ ERR_clear_error();
+- EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ EVP_CIPHER_CTX_cleanup(ctx);
++#else
++ EVP_CIPHER_CTX_free(ctx);
++#endif
+ return MY_AES_BAD_DATA;
+ }
+
+@@ -145,7 +166,14 @@ int my_aes_decrypt(const unsigned char *source, uint32
source_length,
+ enum my_aes_opmode mode, const unsigned char *iv)
+ {
+
+- EVP_CIPHER_CTX ctx;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ EVP_CIPHER_CTX ctx_value;
++ EVP_CIPHER_CTX *ctx= &ctx_value;
++#else
++ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
++ if (unlikely(!ctx))
++ return MY_AES_BAD_DATA;
++#endif
+ const EVP_CIPHER *cipher= aes_evp_type(mode);
+ int u_len, f_len;
+
+@@ -153,27 +181,41 @@ int my_aes_decrypt(const unsigned char *source, uint32
source_length,
+ unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
+
+ my_aes_create_key(key, key_length, rkey, mode);
+- if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
++ if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
++ && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
++ {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_CIPHER_CTX_free(ctx);
++#endif
+ return MY_AES_BAD_DATA;
++ }
+
+- EVP_CIPHER_CTX_init(&ctx);
++ EVP_CIPHER_CTX_init(ctx);
+
+- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
++ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
+ goto aes_error; /* Error */
+- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
++ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
+ goto aes_error; /* Error */
+- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
++ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
+ goto aes_error; /* Error */
+- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
++ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
+ goto aes_error; /* Error */
+
+- EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ EVP_CIPHER_CTX_cleanup(ctx);
++#else
++ EVP_CIPHER_CTX_free(ctx);
++#endif
+ return u_len + f_len;
+
+ aes_error:
+ /* need to explicitly clean up the error if we want to ignore it */
+ ERR_clear_error();
+- EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ EVP_CIPHER_CTX_cleanup(ctx);
++#else
++ EVP_CIPHER_CTX_free(ctx);
++#endif
+ return MY_AES_BAD_DATA;
+ }
+
+--- a/sql-common/client.c
++++ b/sql-common/client.c
+@@ -1968,7 +1968,11 @@ static int ssl_verify_server_cert(Vio *vio, const char*
server_hostname, const c
+ goto error;
+ }
+
+- cn= (char *) ASN1_STRING_data(cn_asn1);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ cn= (const char *) ASN1_STRING_data(cn_asn1);
++#else
++ cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
++#endif
+
+ // There should not be any NULL embedded in the CN
+ if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
+--- a/sql/mysqld.cc
++++ b/sql/mysqld.cc
+@@ -1252,7 +1252,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL,
*opt_ssl_cert= NULL,
+
+ #ifdef HAVE_OPENSSL
+ #include <openssl/crypto.h>
+-#ifndef HAVE_YASSL
++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ typedef struct CRYPTO_dynlock_value
+ {
+ mysql_rwlock_t lock;
+@@ -2021,7 +2021,7 @@ static void clean_up_mutexes()
+ mysql_mutex_destroy(&LOCK_connection_count);
+ #ifdef HAVE_OPENSSL
+ mysql_mutex_destroy(&LOCK_des_key_file);
+-#ifndef HAVE_YASSL
++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ for (int i= 0; i < CRYPTO_num_locks(); ++i)
+ mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
+ OPENSSL_free(openssl_stdlocks);
+@@ -4242,7 +4242,7 @@ static int init_thread_environment()
+ #ifdef HAVE_OPENSSL
+ mysql_mutex_init(key_LOCK_des_key_file,
+ &LOCK_des_key_file, MY_MUTEX_INIT_FAST);
+-#ifndef HAVE_YASSL
++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
+ sizeof(openssl_lock_t));
+ for (int i= 0; i < CRYPTO_num_locks(); ++i)
+@@ -4285,7 +4285,8 @@ static int init_thread_environment()
+ }
+
+
+-#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL)
++#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL) && \
++ (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ static unsigned long openssl_id_function()
+ {
+ return (unsigned long) pthread_self();
+--- a/vio/vio.c
++++ b/vio/vio.c
+@@ -383,8 +383,10 @@ void vio_end(void)
+ #if defined(HAVE_YASSL)
+ yaSSL_CleanUp();
+ #elif defined(HAVE_OPENSSL)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ // This one is needed on the client side
+ ERR_remove_state(0);
++#endif
+ ERR_free_strings();
+ EVP_cleanup();
+ CRYPTO_cleanup_all_ex_data();
+--- a/vio/viossl.c
++++ b/vio/viossl.c
+@@ -380,7 +380,8 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+ my_socket sd= mysql_socket_getfd(vio->mysql_socket);
+
+ /* Declared here to make compiler happy */
+-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
++#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
++ (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ int j, n;
+ #endif
+
+@@ -403,7 +404,9 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+ sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+ #endif
+
+-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
++#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
++ (OPENSSL_VERSION_NUMBER < 0x10100000L)
++
+ {
+ STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+ ssl_comp_methods = SSL_COMP_get_compression_methods();
