You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
301 lines
8.8 KiB
301 lines
8.8 KiB
From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001
|
|
From: eroen <eroen@occam.eroen.eu>
|
|
Date: Fri, 20 Jan 2017 14:43:53 +0100
|
|
Subject: [PATCH] Don't use deprecated API with openssl 1.1
|
|
|
|
If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using
|
|
deprecated APIs causes build errors.
|
|
|
|
X-Gentoo-Bug: 606600
|
|
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600
|
|
---
|
|
mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++-------------
|
|
sql-common/client.c | 16 ++++++++++++--
|
|
vio/viossl.c | 8 +++++++
|
|
vio/viosslfactories.c | 23 +++++++++++++++++++
|
|
4 files changed, 84 insertions(+), 17 deletions(-)
|
|
|
|
diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc
|
|
index 261ba8a..59a95e3 100644
|
|
--- a/mysys_ssl/my_aes_openssl.cc
|
|
+++ b/mysys_ssl/my_aes_openssl.cc
|
|
@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
|
|
#include <openssl/evp.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/bio.h>
|
|
+#include <openssl/opensslv.h>
|
|
+
|
|
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
|
|
+#undef OPENSSL_VERSION_NUMBER
|
|
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
|
|
+#endif
|
|
|
|
/*
|
|
xplugin needs BIO_new_bio_pair, but the server does not.
|
|
@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
|
|
enum my_aes_opmode mode, const unsigned char *iv,
|
|
bool padding)
|
|
{
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx;
|
|
const EVP_CIPHER *cipher= aes_evp_type(mode);
|
|
int u_len, f_len;
|
|
/* The real key to be used for encryption */
|
|
@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
|
|
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
|
|
return MY_AES_BAD_DATA;
|
|
|
|
- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
|
|
+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
|
|
goto aes_error; /* Error */
|
|
- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
|
|
+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
|
|
goto aes_error; /* Error */
|
|
- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
|
|
+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
|
|
goto aes_error; /* Error */
|
|
|
|
- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
|
|
+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
|
|
goto aes_error; /* Error */
|
|
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ EVP_CIPHER_CTX_cleanup(ctx);
|
|
+#else
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
+#endif
|
|
return u_len + f_len;
|
|
|
|
aes_error:
|
|
/* need to explicitly clean up the error if we want to ignore it */
|
|
ERR_clear_error();
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ EVP_CIPHER_CTX_cleanup(ctx);
|
|
+#else
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
+#endif
|
|
return MY_AES_BAD_DATA;
|
|
}
|
|
|
|
@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
|
|
bool padding)
|
|
{
|
|
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx;
|
|
const EVP_CIPHER *cipher= aes_evp_type(mode);
|
|
int u_len, f_len;
|
|
|
|
@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
|
|
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
|
|
return MY_AES_BAD_DATA;
|
|
|
|
- EVP_CIPHER_CTX_init(&ctx);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ EVP_CIPHER_CTX_init(ctx);
|
|
+#endif
|
|
|
|
- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
|
|
+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
|
|
goto aes_error; /* Error */
|
|
- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
|
|
+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
|
|
goto aes_error; /* Error */
|
|
- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
|
|
+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
|
|
goto aes_error; /* Error */
|
|
- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
|
|
+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
|
|
goto aes_error; /* Error */
|
|
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ EVP_CIPHER_CTX_cleanup(ctx);
|
|
+#else
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
+#endif
|
|
return u_len + f_len;
|
|
|
|
aes_error:
|
|
/* need to explicitly clean up the error if we want to ignore it */
|
|
ERR_clear_error();
|
|
- EVP_CIPHER_CTX_cleanup(&ctx);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ EVP_CIPHER_CTX_cleanup(ctx);
|
|
+#else
|
|
+ EVP_CIPHER_CTX_free(ctx);
|
|
+#endif
|
|
return MY_AES_BAD_DATA;
|
|
}
|
|
|
|
diff --git a/sql-common/client.c b/sql-common/client.c
|
|
index 9e88e9f..fe7daf7 100644
|
|
--- a/sql-common/client.c
|
|
+++ b/sql-common/client.c
|
|
@@ -86,6 +86,14 @@ my_bool net_flush(NET *net);
|
|
# include <sys/un.h>
|
|
#endif
|
|
|
|
+#ifdef HAVE_OPENSSL
|
|
+#include <openssl/opensslv.h>
|
|
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
|
|
+#undef OPENSSL_VERSION_NUMBER
|
|
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
|
|
+#endif
|
|
+#endif
|
|
+
|
|
#ifndef _WIN32
|
|
#include <errno.h>
|
|
#define SOCKET_ERROR -1
|
|
@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
|
|
{
|
|
SSL *ssl;
|
|
X509 *server_cert= NULL;
|
|
- char *cn= NULL;
|
|
+ const char *cn= NULL;
|
|
int cn_loc= -1;
|
|
ASN1_STRING *cn_asn1= NULL;
|
|
X509_NAME_ENTRY *cn_entry= NULL;
|
|
@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
|
|
goto error;
|
|
}
|
|
|
|
- cn= (char *) ASN1_STRING_data(cn_asn1);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+ cn= (const char *) ASN1_STRING_data(cn_asn1);
|
|
+#else
|
|
+ cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
|
|
+#endif
|
|
|
|
// There should not be any NULL embedded in the CN
|
|
if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
|
|
diff --git a/vio/viossl.c b/vio/viossl.c
|
|
index 5622cb7..94b0f09 100644
|
|
--- a/vio/viossl.c
|
|
+++ b/vio/viossl.c
|
|
@@ -24,6 +24,12 @@
|
|
|
|
#ifdef HAVE_OPENSSL
|
|
|
|
+#include <openssl/opensslv.h>
|
|
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
|
|
+#undef OPENSSL_VERSION_NUMBER
|
|
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
|
|
+#endif
|
|
+
|
|
#ifndef DBUG_OFF
|
|
|
|
static void
|
|
@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio)
|
|
}
|
|
|
|
#ifndef HAVE_YASSL
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
ERR_remove_thread_state(0);
|
|
#endif
|
|
+#endif
|
|
|
|
vio_delete(vio);
|
|
}
|
|
@@ -427,7 +427,12 @@
|
|
for (j = 0; j < n; j++)
|
|
{
|
|
SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
DBUG_PRINT("info", (" %d: %s\n", c->id, c->name));
|
|
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
|
+ DBUG_PRINT("info",
|
|
+ (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));
|
|
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
|
}
|
|
}
|
|
#endif
|
|
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
|
|
index da5449a..87b30c3 100644
|
|
--- a/vio/viosslfactories.c
|
|
+++ b/vio/viosslfactories.c
|
|
@@ -16,6 +16,14 @@
|
|
#include "vio_priv.h"
|
|
|
|
#ifdef HAVE_OPENSSL
|
|
+#include <openssl/bn.h>
|
|
+#include <openssl/dh.h>
|
|
+#include <openssl/opensslv.h>
|
|
+
|
|
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
|
|
+#undef OPENSSL_VERSION_NUMBER
|
|
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
|
|
+#endif
|
|
|
|
#define TLS_VERSION_OPTION_SIZE 256
|
|
#define SSL_CIPHER_LIST_SIZE 4096
|
|
@@ -121,10 +129,18 @@ static DH *get_dh2048(void)
|
|
DH *dh;
|
|
if ((dh=DH_new()))
|
|
{
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
|
|
dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
|
|
if (! dh->p || ! dh->g)
|
|
{
|
|
+#else
|
|
+ if (! DH_set0_pqg(dh,
|
|
+ BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
|
|
+ NULL,
|
|
+ BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL)))
|
|
+ {
|
|
+#endif
|
|
DH_free(dh);
|
|
dh=0;
|
|
}
|
|
@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value
|
|
} openssl_lock_t;
|
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
+
|
|
/* Array of locks used by openssl internally for thread synchronization.
|
|
The number of locks is equal to CRYPTO_num_locks.
|
|
*/
|
|
@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions()
|
|
{
|
|
set_lock_callback_functions(FALSE);
|
|
}
|
|
+#endif
|
|
|
|
void vio_ssl_end()
|
|
{
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
int i= 0;
|
|
|
|
if (ssl_initialized) {
|
|
@@ -409,6 +429,7 @@ void vio_ssl_end()
|
|
|
|
ssl_initialized= FALSE;
|
|
}
|
|
+#endif
|
|
}
|
|
|
|
#endif //OpenSSL specific
|
|
@@ -419,6 +440,7 @@ void ssl_start()
|
|
{
|
|
ssl_initialized= TRUE;
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
SSL_library_init();
|
|
OpenSSL_add_all_algorithms();
|
|
SSL_load_error_strings();
|
|
@@ -427,6 +449,7 @@ void ssl_start()
|
|
init_ssl_locks();
|
|
init_lock_callback_functions();
|
|
#endif
|
|
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
|
}
|
|
}
|
|
|
|
--
|
|
2.11.0
|
|
|