forked from gentoo/gentoo
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dev-db/mysql-connector-c: Add openssl-1.1 compatibility patch
Closes: https://bugs.gentoo.org/606600 Package-Manager: Portage-2.3.31, Repoman-2.3.9
- Loading branch information
Brian Evans
committed
May 2, 2018
1 parent
e17eb47
commit 5d874ef
Showing
2 changed files
with
289 additions
and
1 deletion.
There are no files selected for viewing
287 changes: 287 additions & 0 deletions
287
dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,287 @@ | ||
From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001 | ||
From: eroen <[email protected]> | ||
Date: Fri, 20 Jan 2017 14:43:53 +0100 | ||
Subject: [PATCH] Don't use deprecated API with openssl 1.1 | ||
|
||
If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using | ||
deprecated APIs causes build errors. | ||
|
||
X-Gentoo-Bug: 606600 | ||
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600 | ||
--- | ||
mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++------------- | ||
sql-common/client.c | 16 ++++++++++++-- | ||
vio/viossl.c | 8 +++++++ | ||
vio/viosslfactories.c | 23 +++++++++++++++++++ | ||
4 files changed, 84 insertions(+), 17 deletions(-) | ||
|
||
diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc | ||
index 261ba8a..59a95e3 100644 | ||
--- a/mysys_ssl/my_aes_openssl.cc | ||
+++ b/mysys_ssl/my_aes_openssl.cc | ||
@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ | ||
#include <openssl/evp.h> | ||
#include <openssl/err.h> | ||
#include <openssl/bio.h> | ||
+#include <openssl/opensslv.h> | ||
+ | ||
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) | ||
+#undef OPENSSL_VERSION_NUMBER | ||
+#define OPENSSL_VERSION_NUMBER 0x1000107fL | ||
+#endif | ||
|
||
/* | ||
xplugin needs BIO_new_bio_pair, but the server does not. | ||
@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, | ||
enum my_aes_opmode mode, const unsigned char *iv, | ||
bool padding) | ||
{ | ||
- EVP_CIPHER_CTX ctx; | ||
+ EVP_CIPHER_CTX *ctx; | ||
const EVP_CIPHER *cipher= aes_evp_type(mode); | ||
int u_len, f_len; | ||
/* The real key to be used for encryption */ | ||
@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length, | ||
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) | ||
return MY_AES_BAD_DATA; | ||
|
||
- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv)) | ||
+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv)) | ||
goto aes_error; /* Error */ | ||
- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) | ||
+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) | ||
goto aes_error; /* Error */ | ||
- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length)) | ||
+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length)) | ||
goto aes_error; /* Error */ | ||
|
||
- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len)) | ||
+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) | ||
goto aes_error; /* Error */ | ||
|
||
- EVP_CIPHER_CTX_cleanup(&ctx); | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+ EVP_CIPHER_CTX_cleanup(ctx); | ||
+#else | ||
+ EVP_CIPHER_CTX_free(ctx); | ||
+#endif | ||
return u_len + f_len; | ||
|
||
aes_error: | ||
/* need to explicitly clean up the error if we want to ignore it */ | ||
ERR_clear_error(); | ||
- EVP_CIPHER_CTX_cleanup(&ctx); | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+ EVP_CIPHER_CTX_cleanup(ctx); | ||
+#else | ||
+ EVP_CIPHER_CTX_free(ctx); | ||
+#endif | ||
return MY_AES_BAD_DATA; | ||
} | ||
|
||
@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, | ||
bool padding) | ||
{ | ||
|
||
- EVP_CIPHER_CTX ctx; | ||
+ EVP_CIPHER_CTX *ctx; | ||
const EVP_CIPHER *cipher= aes_evp_type(mode); | ||
int u_len, f_len; | ||
|
||
@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length, | ||
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) | ||
return MY_AES_BAD_DATA; | ||
|
||
- EVP_CIPHER_CTX_init(&ctx); | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+ EVP_CIPHER_CTX_init(ctx); | ||
+#endif | ||
|
||
- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv)) | ||
+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv)) | ||
goto aes_error; /* Error */ | ||
- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding)) | ||
+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding)) | ||
goto aes_error; /* Error */ | ||
- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length)) | ||
+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length)) | ||
goto aes_error; /* Error */ | ||
- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len)) | ||
+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) | ||
goto aes_error; /* Error */ | ||
|
||
- EVP_CIPHER_CTX_cleanup(&ctx); | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+ EVP_CIPHER_CTX_cleanup(ctx); | ||
+#else | ||
+ EVP_CIPHER_CTX_free(ctx); | ||
+#endif | ||
return u_len + f_len; | ||
|
||
aes_error: | ||
/* need to explicitly clean up the error if we want to ignore it */ | ||
ERR_clear_error(); | ||
- EVP_CIPHER_CTX_cleanup(&ctx); | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+ EVP_CIPHER_CTX_cleanup(ctx); | ||
+#else | ||
+ EVP_CIPHER_CTX_free(ctx); | ||
+#endif | ||
return MY_AES_BAD_DATA; | ||
} | ||
|
||
diff --git a/sql-common/client.c b/sql-common/client.c | ||
index 9e88e9f..fe7daf7 100644 | ||
--- a/sql-common/client.c | ||
+++ b/sql-common/client.c | ||
@@ -86,6 +86,14 @@ my_bool net_flush(NET *net); | ||
# include <sys/un.h> | ||
#endif | ||
|
||
+#ifdef HAVE_OPENSSL | ||
+#include <openssl/opensslv.h> | ||
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) | ||
+#undef OPENSSL_VERSION_NUMBER | ||
+#define OPENSSL_VERSION_NUMBER 0x1000107fL | ||
+#endif | ||
+#endif | ||
+ | ||
#ifndef _WIN32 | ||
#include <errno.h> | ||
#define SOCKET_ERROR -1 | ||
@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c | ||
{ | ||
SSL *ssl; | ||
X509 *server_cert= NULL; | ||
- char *cn= NULL; | ||
+ const char *cn= NULL; | ||
int cn_loc= -1; | ||
ASN1_STRING *cn_asn1= NULL; | ||
X509_NAME_ENTRY *cn_entry= NULL; | ||
@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c | ||
goto error; | ||
} | ||
|
||
- cn= (char *) ASN1_STRING_data(cn_asn1); | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+ cn= (const char *) ASN1_STRING_data(cn_asn1); | ||
+#else | ||
+ cn= (const char *) ASN1_STRING_get0_data(cn_asn1); | ||
+#endif | ||
|
||
// There should not be any NULL embedded in the CN | ||
if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) | ||
diff --git a/vio/viossl.c b/vio/viossl.c | ||
index 5622cb7..94b0f09 100644 | ||
--- a/vio/viossl.c | ||
+++ b/vio/viossl.c | ||
@@ -24,6 +24,12 @@ | ||
|
||
#ifdef HAVE_OPENSSL | ||
|
||
+#include <openssl/opensslv.h> | ||
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) | ||
+#undef OPENSSL_VERSION_NUMBER | ||
+#define OPENSSL_VERSION_NUMBER 0x1000107fL | ||
+#endif | ||
+ | ||
#ifndef DBUG_OFF | ||
|
||
static void | ||
@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio) | ||
} | ||
|
||
#ifndef HAVE_YASSL | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
ERR_remove_thread_state(0); | ||
#endif | ||
+#endif | ||
|
||
vio_delete(vio); | ||
} | ||
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c | ||
index da5449a..87b30c3 100644 | ||
--- a/vio/viosslfactories.c | ||
+++ b/vio/viosslfactories.c | ||
@@ -16,6 +16,14 @@ | ||
#include "vio_priv.h" | ||
|
||
#ifdef HAVE_OPENSSL | ||
+#include <openssl/bn.h> | ||
+#include <openssl/dh.h> | ||
+#include <openssl/opensslv.h> | ||
+ | ||
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) | ||
+#undef OPENSSL_VERSION_NUMBER | ||
+#define OPENSSL_VERSION_NUMBER 0x1000107fL | ||
+#endif | ||
|
||
#define TLS_VERSION_OPTION_SIZE 256 | ||
#define SSL_CIPHER_LIST_SIZE 4096 | ||
@@ -121,10 +129,18 @@ static DH *get_dh2048(void) | ||
DH *dh; | ||
if ((dh=DH_new())) | ||
{ | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); | ||
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); | ||
if (! dh->p || ! dh->g) | ||
{ | ||
+#else | ||
+ if (! DH_set0_pqg(dh, | ||
+ BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL), | ||
+ BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL), | ||
+ NULL)) | ||
+ { | ||
+#endif | ||
DH_free(dh); | ||
dh=0; | ||
} | ||
@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value | ||
} openssl_lock_t; | ||
|
||
|
||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
+ | ||
/* Array of locks used by openssl internally for thread synchronization. | ||
The number of locks is equal to CRYPTO_num_locks. | ||
*/ | ||
@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions() | ||
{ | ||
set_lock_callback_functions(FALSE); | ||
} | ||
+#endif | ||
|
||
void vio_ssl_end() | ||
{ | ||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
int i= 0; | ||
|
||
if (ssl_initialized) { | ||
@@ -409,6 +429,7 @@ void vio_ssl_end() | ||
|
||
ssl_initialized= FALSE; | ||
} | ||
+#endif | ||
} | ||
|
||
#endif //OpenSSL specific | ||
@@ -419,6 +440,7 @@ void ssl_start() | ||
{ | ||
ssl_initialized= TRUE; | ||
|
||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
SSL_library_init(); | ||
OpenSSL_add_all_algorithms(); | ||
SSL_load_error_strings(); | ||
@@ -427,6 +449,7 @@ void ssl_start() | ||
init_ssl_locks(); | ||
init_lock_callback_functions(); | ||
#endif | ||
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ | ||
} | ||
} | ||
|
||
-- | ||
2.11.0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters