Add OpenSSL 1.1 support (compile only) for MySQL 5.6.xmysql-extras-20190817-0024Z

Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
author: Thomas Deutschmann <whissi@gentoo.org> 2019-08-17 02:22:44 +0200
committer: Thomas Deutschmann <whissi@gentoo.org> 2019-08-17 02:23:42 +0200
commit: e8f3654620e584011f2d2f7f793b2ecdc01b2522 (patch)
tree: 4f347e8492d764e5163678d6078cd9e292a643da
parent: Fix 20018_all_mysql-5.6.44-fix-libressl-support.patch (diff)
download: mysql-extras-e8f3654620e584011f2d2f7f793b2ecdc01b2522.tar.gz
mysql-extras-e8f3654620e584011f2d2f7f793b2ecdc01b2522.tar.bz2
mysql-extras-e8f3654620e584011f2d2f7f793b2ecdc01b2522.zip
1 files changed, 221 insertions, 0 deletions
diff --git a/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch b/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch
new file mode 100644
index 0000000..bffcb31
--- /dev/null
+++ b/20018_all_mysql-5.6.44-add-openssl-1.1-support.patch
@@ -0,0 +1,221 @@
+--- a/mysys_ssl/my_aes_openssl.cc
++++ b/mysys_ssl/my_aes_openssl.cc
+@@ -108,33 +108,54 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
+                    const unsigned char *key, uint32 key_length,
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+-  EVP_CIPHER_CTX ctx;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  EVP_CIPHER_CTX ctx_value;
++  EVP_CIPHER_CTX *ctx= &ctx_value;
++#else
++  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
++  if (unlikely(!ctx))
++    return MY_AES_BAD_DATA;
++#endif
+   const EVP_CIPHER *cipher= aes_evp_type(mode);
+   int u_len, f_len;
+   /* The real key to be used for encryption */
+   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
+   my_aes_create_key(key, key_length, rkey, mode);
+ 
+-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
++  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
++                  && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
++  {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    EVP_CIPHER_CTX_free(ctx);
++#endif
+     return MY_AES_BAD_DATA;
++  }
+ 
+-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
++  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
+     goto aes_error;                             /* Error */
+-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
++  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
+     goto aes_error;                             /* Error */
+-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
++  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
+     goto aes_error;                             /* Error */
+ 
+-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
++  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return u_len + f_len;
+ 
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return MY_AES_BAD_DATA;
+ }
+ 
+@@ -145,7 +166,14 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+ 
+-  EVP_CIPHER_CTX ctx;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX ctx_value;
++  EVP_CIPHER_CTX *ctx= &ctx_value;
++#else
++  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
++  if (unlikely(!ctx))
++    return MY_AES_BAD_DATA;
++#endif
+   const EVP_CIPHER *cipher= aes_evp_type(mode);
+   int u_len, f_len;
+ 
+@@ -153,27 +181,41 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
+   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
+ 
+   my_aes_create_key(key, key_length, rkey, mode);
+-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
++  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
++                  && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
++  {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    EVP_CIPHER_CTX_free(ctx);
++#endif
+     return MY_AES_BAD_DATA;
++  }
+ 
+-  EVP_CIPHER_CTX_init(&ctx);
++  EVP_CIPHER_CTX_init(ctx);
+ 
+-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
++  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
+     goto aes_error;                             /* Error */
+-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
++  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
+     goto aes_error;                             /* Error */
+-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
++  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
+     goto aes_error;                             /* Error */
+-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
++  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return u_len + f_len;
+ 
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return MY_AES_BAD_DATA;
+ }
+ 
+--- a/sql-common/client.c
++++ b/sql-common/client.c
+@@ -1968,7 +1968,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
+     goto error;
+   }
+ 
+-  cn= (char *) ASN1_STRING_data(cn_asn1);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++  cn= (const char *) ASN1_STRING_data(cn_asn1);
++#else
++  cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
++#endif
+ 
+   // There should not be any NULL embedded in the CN
+   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
+--- a/sql/mysqld.cc
++++ b/sql/mysqld.cc
+@@ -1252,7 +1252,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ssl_cert= NULL,
+ 
+ #ifdef HAVE_OPENSSL
+ #include <openssl/crypto.h>
+-#ifndef HAVE_YASSL
++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ typedef struct CRYPTO_dynlock_value
+ {
+   mysql_rwlock_t lock;
+@@ -2021,7 +2021,7 @@ static void clean_up_mutexes()
+   mysql_mutex_destroy(&LOCK_connection_count);
+ #ifdef HAVE_OPENSSL
+   mysql_mutex_destroy(&LOCK_des_key_file);
+-#ifndef HAVE_YASSL
++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+   for (int i= 0; i < CRYPTO_num_locks(); ++i)
+     mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
+   OPENSSL_free(openssl_stdlocks);
+@@ -4242,7 +4242,7 @@ static int init_thread_environment()
+ #ifdef HAVE_OPENSSL
+   mysql_mutex_init(key_LOCK_des_key_file,
+                    &LOCK_des_key_file, MY_MUTEX_INIT_FAST);
+-#ifndef HAVE_YASSL
++#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
+   openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
+                                                      sizeof(openssl_lock_t));
+   for (int i= 0; i < CRYPTO_num_locks(); ++i)
+@@ -4285,7 +4285,8 @@ static int init_thread_environment()
+ }
+ 
+ 
+-#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL)
++#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL) && \
++    (OPENSSL_VERSION_NUMBER < 0x10100000L)
+ static unsigned long openssl_id_function()
+ {
+   return (unsigned long) pthread_self();
+--- a/vio/vio.c
++++ b/vio/vio.c
+@@ -383,8 +383,10 @@ void vio_end(void)
+ #if defined(HAVE_YASSL)
+   yaSSL_CleanUp();
+ #elif defined(HAVE_OPENSSL)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+   // This one is needed on the client side
+   ERR_remove_state(0);
++#endif
+   ERR_free_strings();
+   EVP_cleanup();
+   CRYPTO_cleanup_all_ex_data();
+--- a/vio/viossl.c
++++ b/vio/viossl.c
+@@ -380,7 +380,8 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+   my_socket sd= mysql_socket_getfd(vio->mysql_socket);
+ 
+   /* Declared here to make compiler happy */
+-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
++#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
++    (OPENSSL_VERSION_NUMBER < 0x10100000L)
+   int j, n;
+ #endif
+ 
+@@ -403,7 +404,9 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
+   sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
+ #endif
+ 
+-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
++#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
++    (OPENSSL_VERSION_NUMBER < 0x10100000L)
++
+   {
+     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+     ssl_comp_methods = SSL_COMP_get_compression_methods();
author	Thomas Deutschmann <whissi@gentoo.org>	2019-08-17 02:22:44 +0200
committer	Thomas Deutschmann <whissi@gentoo.org>	2019-08-17 02:23:42 +0200
commit	e8f3654620e584011f2d2f7f793b2ecdc01b2522 (patch)
tree	4f347e8492d764e5163678d6078cd9e292a643da
parent	Fix 20018_all_mysql-5.6.44-fix-libressl-support.patch (diff)
download	mysql-extras-e8f3654620e584011f2d2f7f793b2ecdc01b2522.tar.gz mysql-extras-e8f3654620e584011f2d2f7f793b2ecdc01b2522.tar.bz2 mysql-extras-e8f3654620e584011f2d2f7f793b2ecdc01b2522.zip