Attachment #192059 for bug #227178

Lines 1-6 Link Here

(-)databases/mysql56-server/files/mysql-server.in (-1 / +1 lines)
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# $FreeBSD$	3	# $FreeBSD: head/databases/mysql56-server/files/mysql-server.in 461217 2018-02-08 12:42:42Z mmokhi $
4	#	4	#
5		5
6	# PROVIDE: mysql	6	# PROVIDE: mysql




--- mysys_ssl/my_aes_openssl.cc.orig	2017-12-09 07:33:37 UTC
+++ mysys_ssl/my_aes_openssl.cc
@@ -108,33 +108,47 @@ int my_aes_encrypt(const unsigned char *
                    const unsigned char *key, uint32 key_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
   /* The real key to be used for encryption */
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
   my_aes_create_key(key, key_length, rkey, mode);
 
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
+   if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
 
-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
+   if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+    EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
   return MY_AES_BAD_DATA;
 }
 
@@ -145,7 +159,12 @@ int my_aes_decrypt(const unsigned char *
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
 
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */	
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
 
@@ -156,24 +175,30 @@ int my_aes_decrypt(const unsigned char *
   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  EVP_CIPHER_CTX_init(&ctx);
-
-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
+  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
+  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return MY_AES_BAD_DATA;
 }
 




--- vio/viosslfactories.c.orig	2017-12-09 07:33:37 UTC
+++ vio/viosslfactories.c
@@ -68,13 +68,20 @@ static DH *get_dh2048(void)
   DH *dh;
   if ((dh=DH_new()))
   {
-    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-    if (! dh->p || ! dh->g)
-    {
+    BIGNUM *p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+    BIGNUM *g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+    if (!p || !g
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        || !DH_set0_pqg(dh, p, NULL, g)
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+    ) {
       DH_free(dh);
       dh=0;
     }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    dh->p= p;
+    dh->g= g;
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   }
   return(dh);
 }

Return to bug 227178

Line 0 Link Here

(-)databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc (+111 lines)
		1	--- mysys_ssl/my_aes_openssl.cc.orig 2017-12-09 07:33:37 UTC
		2	+++ mysys_ssl/my_aes_openssl.cc
		3	@@ -108,33 +108,47 @@ int my_aes_encrypt(const unsigned char *
		4	const unsigned char *key, uint32 key_length,
		5	enum my_aes_opmode mode, const unsigned char *iv)
		6	{
		7	- EVP_CIPHER_CTX ctx;
		8	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		9	+ EVP_CIPHER_CTX stack_ctx;
		10	+ EVP_CIPHER_CTX *ctx= &stack_ctx;
		11	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		12	+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
		13	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		14	const EVP_CIPHER *cipher= aes_evp_type(mode);
		15	int u_len, f_len;
		16	/* The real key to be used for encryption */
		17	unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
		18	my_aes_create_key(key, key_length, rkey, mode);
		19
		20	- if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
		21	+ if (!ctx \|\| !cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
		22	return MY_AES_BAD_DATA;
		23
		24	- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
		25	+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
		26	goto aes_error; /* Error */
		27	- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
		28	+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
		29	goto aes_error; /* Error */
		30	- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
		31	+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
		32	goto aes_error; /* Error */
		33
		34	- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
		35	+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
		36	goto aes_error; /* Error */
		37
		38	- EVP_CIPHER_CTX_cleanup(&ctx);
		39	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		40	+ EVP_CIPHER_CTX_cleanup(ctx);
		41	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		42	+ EVP_CIPHER_CTX_free(ctx);
		43	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		44	return u_len + f_len;
		45
		46	aes_error:
		47	/* need to explicitly clean up the error if we want to ignore it */
		48	ERR_clear_error();
		49	- EVP_CIPHER_CTX_cleanup(&ctx);
		50	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		51	+ EVP_CIPHER_CTX_cleanup(ctx);
		52	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		53	+ EVP_CIPHER_CTX_free(ctx);
		54	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		55	+
		56	return MY_AES_BAD_DATA;
		57	}
		58
		59	@@ -145,7 +159,12 @@ int my_aes_decrypt(const unsigned char *
		60	enum my_aes_opmode mode, const unsigned char *iv)
		61	{
		62
		63	- EVP_CIPHER_CTX ctx;
		64	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
65	+ EVP_CIPHER_CTX stack_ctx;
66	+ EVP_CIPHER_CTX *ctx= &stack_ctx;
67	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
68	+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
69	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
70	const EVP_CIPHER *cipher= aes_evp_type(mode);
71	int u_len, f_len;
72
73	@@ -156,24 +175,30 @@ int my_aes_decrypt(const unsigned char *
74	if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
75	return MY_AES_BAD_DATA;
76
77	- EVP_CIPHER_CTX_init(&ctx);
78	-
79	- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
80	+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
81	goto aes_error; /* Error */
82	- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
83	+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
84	goto aes_error; /* Error */
85	- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
86	+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
87	goto aes_error; /* Error */
88	- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
89	+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
90	goto aes_error; /* Error */
91
92	- EVP_CIPHER_CTX_cleanup(&ctx);
93	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
94	+ EVP_CIPHER_CTX_cleanup(ctx);
95	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
96	+ EVP_CIPHER_CTX_free(ctx);
97	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
98	return u_len + f_len;
99
100	aes_error:
101	/* need to explicitly clean up the error if we want to ignore it */
102	ERR_clear_error();
103	- EVP_CIPHER_CTX_cleanup(&ctx);
104	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
105	+ EVP_CIPHER_CTX_cleanup(ctx);
106	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
107	+ EVP_CIPHER_CTX_free(ctx);
108	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
109	return MY_AES_BAD_DATA;
110	}
111

Line 0 Link Here

(-)databases/mysql56-server/files/patch-vio_viosslfactories.c (+27 lines)
	1	--- vio/viosslfactories.c.orig 2017-12-09 07:33:37 UTC
	2	+++ vio/viosslfactories.c
	3	@@ -68,13 +68,20 @@ static DH *get_dh2048(void)
	4	DH *dh;
	5	if ((dh=DH_new()))
	6	{
	7	- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
	8	- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
	9	- if (! dh->p \|\| ! dh->g)
	10	- {
	11	+ BIGNUM *p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
	12	+ BIGNUM *g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
	13	+ if (!p \|\| !g
	14	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	15	+ \|\| !DH_set0_pqg(dh, p, NULL, g)
	16	+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
	17	+ ) {
	18	DH_free(dh);
	19	dh=0;
	20	}
	21	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	22	+ dh->p= p;
	23	+ dh->g= g;
	24	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
	25	}
	26	return(dh);
	27	}