Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/mysql-extras:master commit in: /
Date: Sat, 17 Aug 2019 00:24:33
Message-Id: 1566001422.e8f3654620e584011f2d2f7f793b2ecdc01b2522.whissi@gentoo
1 commit: e8f3654620e584011f2d2f7f793b2ecdc01b2522
2 Author: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
3 AuthorDate: Sat Aug 17 00:22:44 2019 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Sat Aug 17 00:23:42 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/mysql-extras.git/commit/?id=e8f36546
7
8 Add OpenSSL 1.1 support (compile only) for MySQL 5.6.x
9
10 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
11
12 ..._all_mysql-5.6.44-add-openssl-1.1-support.patch | 221 +++++++++++++++++++++
13 1 file changed, 221 insertions(+)
14
15 diff --git a/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch b/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch
16 new file mode 100644
17 index 0000000..bffcb31
18 --- /dev/null
19 +++ b/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch
20 @@ -0,0 +1,221 @@
21 +--- a/mysys_ssl/my_aes_openssl.cc
22 ++++ b/mysys_ssl/my_aes_openssl.cc
23 +@@ -108,33 +108,54 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
24 + const unsigned char *key, uint32 key_length,
25 + enum my_aes_opmode mode, const unsigned char *iv)
26 + {
27 +- EVP_CIPHER_CTX ctx;
28 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
29 ++ EVP_CIPHER_CTX ctx_value;
30 ++ EVP_CIPHER_CTX *ctx= &ctx_value;
31 ++#else
32 ++ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
33 ++ if (unlikely(!ctx))
34 ++ return MY_AES_BAD_DATA;
35 ++#endif
36 + const EVP_CIPHER *cipher= aes_evp_type(mode);
37 + int u_len, f_len;
38 + /* The real key to be used for encryption */
39 + unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
40 + my_aes_create_key(key, key_length, rkey, mode);
41 +
42 +- if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
43 ++ if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
44 ++ && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
45 ++ {
46 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
47 ++ EVP_CIPHER_CTX_free(ctx);
48 ++#endif
49 + return MY_AES_BAD_DATA;
50 ++ }
51 +
52 +- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
53 ++ if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
54 + goto aes_error; /* Error */
55 +- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
56 ++ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
57 + goto aes_error; /* Error */
58 +- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
59 ++ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
60 + goto aes_error; /* Error */
61 +
62 +- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
63 ++ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
64 + goto aes_error; /* Error */
65 +
66 +- EVP_CIPHER_CTX_cleanup(&ctx);
67 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
68 ++ EVP_CIPHER_CTX_cleanup(ctx);
69 ++#else
70 ++ EVP_CIPHER_CTX_free(ctx);
71 ++#endif
72 + return u_len + f_len;
73 +
74 + aes_error:
75 + /* need to explicitly clean up the error if we want to ignore it */
76 + ERR_clear_error();
77 +- EVP_CIPHER_CTX_cleanup(&ctx);
78 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
79 ++ EVP_CIPHER_CTX_cleanup(ctx);
80 ++#else
81 ++ EVP_CIPHER_CTX_free(ctx);
82 ++#endif
83 + return MY_AES_BAD_DATA;
84 + }
85 +
86 +@@ -145,7 +166,14 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
87 + enum my_aes_opmode mode, const unsigned char *iv)
88 + {
89 +
90 +- EVP_CIPHER_CTX ctx;
91 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L
92 ++ EVP_CIPHER_CTX ctx_value;
93 ++ EVP_CIPHER_CTX *ctx= &ctx_value;
94 ++#else
95 ++ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
96 ++ if (unlikely(!ctx))
97 ++ return MY_AES_BAD_DATA;
98 ++#endif
99 + const EVP_CIPHER *cipher= aes_evp_type(mode);
100 + int u_len, f_len;
101 +
102 +@@ -153,27 +181,41 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
103 + unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
104 +
105 + my_aes_create_key(key, key_length, rkey, mode);
106 +- if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
107 ++ if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
108 ++ && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
109 ++ {
110 ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
111 ++ EVP_CIPHER_CTX_free(ctx);
112 ++#endif
113 + return MY_AES_BAD_DATA;
114 ++ }
115 +
116 +- EVP_CIPHER_CTX_init(&ctx);
117 ++ EVP_CIPHER_CTX_init(ctx);
118 +
119 +- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
120 ++ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
121 + goto aes_error; /* Error */
122 +- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
123 ++ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
124 + goto aes_error; /* Error */
125 +- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
126 ++ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
127 + goto aes_error; /* Error */
128 +- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
129 ++ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
130 + goto aes_error; /* Error */
131 +
132 +- EVP_CIPHER_CTX_cleanup(&ctx);
133 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
134 ++ EVP_CIPHER_CTX_cleanup(ctx);
135 ++#else
136 ++ EVP_CIPHER_CTX_free(ctx);
137 ++#endif
138 + return u_len + f_len;
139 +
140 + aes_error:
141 + /* need to explicitly clean up the error if we want to ignore it */
142 + ERR_clear_error();
143 +- EVP_CIPHER_CTX_cleanup(&ctx);
144 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
145 ++ EVP_CIPHER_CTX_cleanup(ctx);
146 ++#else
147 ++ EVP_CIPHER_CTX_free(ctx);
148 ++#endif
149 + return MY_AES_BAD_DATA;
150 + }
151 +
152 +--- a/sql-common/client.c
153 ++++ b/sql-common/client.c
154 +@@ -1968,7 +1968,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
155 + goto error;
156 + }
157 +
158 +- cn= (char *) ASN1_STRING_data(cn_asn1);
159 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
160 ++ cn= (const char *) ASN1_STRING_data(cn_asn1);
161 ++#else
162 ++ cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
163 ++#endif
164 +
165 + // There should not be any NULL embedded in the CN
166 + if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
167 +--- a/sql/mysqld.cc
168 ++++ b/sql/mysqld.cc
169 +@@ -1252,7 +1252,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ssl_cert= NULL,
170 +
171 + #ifdef HAVE_OPENSSL
172 + #include <openssl/crypto.h>
173 +-#ifndef HAVE_YASSL
174 ++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
175 + typedef struct CRYPTO_dynlock_value
176 + {
177 + mysql_rwlock_t lock;
178 +@@ -2021,7 +2021,7 @@ static void clean_up_mutexes()
179 + mysql_mutex_destroy(&LOCK_connection_count);
180 + #ifdef HAVE_OPENSSL
181 + mysql_mutex_destroy(&LOCK_des_key_file);
182 +-#ifndef HAVE_YASSL
183 ++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
184 + for (int i= 0; i < CRYPTO_num_locks(); ++i)
185 + mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
186 + OPENSSL_free(openssl_stdlocks);
187 +@@ -4242,7 +4242,7 @@ static int init_thread_environment()
188 + #ifdef HAVE_OPENSSL
189 + mysql_mutex_init(key_LOCK_des_key_file,
190 + &LOCK_des_key_file, MY_MUTEX_INIT_FAST);
191 +-#ifndef HAVE_YASSL
192 ++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
193 + openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
194 + sizeof(openssl_lock_t));
195 + for (int i= 0; i < CRYPTO_num_locks(); ++i)
196 +@@ -4285,7 +4285,8 @@ static int init_thread_environment()
197 + }
198 +
199 +
200 +-#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL)
201 ++#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL) && \
202 ++ (OPENSSL_VERSION_NUMBER < 0x10100000L)
203 + static unsigned long openssl_id_function()
204 + {
205 + return (unsigned long) pthread_self();
206 +--- a/vio/vio.c
207 ++++ b/vio/vio.c
208 +@@ -383,8 +383,10 @@ void vio_end(void)
209 + #if defined(HAVE_YASSL)
210 + yaSSL_CleanUp();
211 + #elif defined(HAVE_OPENSSL)
212 ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
213 + // This one is needed on the client side
214 + ERR_remove_state(0);
215 ++#endif
216 + ERR_free_strings();
217 + EVP_cleanup();
218 + CRYPTO_cleanup_all_ex_data();
219 +--- a/vio/viossl.c
220 ++++ b/vio/viossl.c
221 +@@ -380,7 +380,8 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
222 + my_socket sd= mysql_socket_getfd(vio->mysql_socket);
223 +
224 + /* Declared here to make compiler happy */
225 +-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
226 ++#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
227 ++ (OPENSSL_VERSION_NUMBER < 0x10100000L)
228 + int j, n;
229 + #endif
230 +
231 +@@ -403,7 +404,9 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
232 + sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
233 + #endif
234 +
235 +-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
236 ++#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
237 ++ (OPENSSL_VERSION_NUMBER < 0x10100000L)
238 ++
239 + {
240 + STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
241 + ssl_comp_methods = SSL_COMP_get_compression_methods();
Report Message
Find on MARC Find on Google Groups