Attachment #197915 for bug #225888

View | Details | Raw Unified | Return to bug 225888
Collapse All | Expand All

Lines 2-8 Link Here

(-)databases/mysql56-client/Makefile (-1 / +1 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= mysql	4	PORTNAME= mysql
5	PORTREVISION= 0	5	PORTREVISION= 1
6	PKGNAMESUFFIX= 56-client	6	PKGNAMESUFFIX= 56-client
7		7
8	COMMENT= Multithreaded SQL database (client)	8	COMMENT= Multithreaded SQL database (client)




# Backport of https://github.com/mysql/mysql-server/commit/8d81f3b9f1449a7de19aa0b1e1cd7f0b85f56fc6

--- extra/yassl/include/openssl/ssl.h.orig	2018-06-15 13:03:29 UTC
+++ extra/yassl/include/openssl/ssl.h
@@ -179,7 +179,7 @@ enum { /* X509 Constants */
 unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);
 void          ERR_print_errors_fp(FILE*);
 char*         ERR_error_string(unsigned long,char*);
-void          ERR_remove_state(unsigned long);
+void          ERR_remove_thread_state(const void *);
 unsigned long ERR_get_error(void);
 unsigned long ERR_peek_error(void);
 int           ERR_GET_REASON(int);
--- extra/yassl/src/ssl.cpp.orig	2018-06-15 13:03:29 UTC
+++ extra/yassl/src/ssl.cpp
@@ -1516,7 +1516,7 @@ int SSLeay_add_ssl_algorithms()  // comp
 }
 
 
-void ERR_remove_state(unsigned long)
+void ERR_remove_thread_state(const void *)
 {
     GetErrors().Remove();
 }
--- mysys_ssl/my_aes_openssl.cc.orig	2018-06-15 13:03:29 UTC
+++ mysys_ssl/my_aes_openssl.cc
@@ -108,33 +108,46 @@ int my_aes_encrypt(const unsigned char *
                    const unsigned char *key, uint32 key_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
   /* The real key to be used for encryption */
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
   my_aes_create_key(key, key_length, rkey, mode);
 
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
+  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
 
-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
+  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+    EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return MY_AES_BAD_DATA;
 }
 
@@ -145,7 +158,12 @@ int my_aes_decrypt(const unsigned char *
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
 
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
 
@@ -153,27 +171,34 @@ int my_aes_decrypt(const unsigned char *
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
 
   my_aes_create_key(key, key_length, rkey, mode);
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  EVP_CIPHER_CTX_init(&ctx);
-
-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
+  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
+  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return MY_AES_BAD_DATA;
 }
 
--- sql-common/client.c.orig	2018-06-15 13:03:29 UTC
+++ sql-common/client.c
@@ -1967,7 +1967,11 @@ static int ssl_verify_server_cert(Vio *v
     goto error;
   }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   cn= (char *) ASN1_STRING_data(cn_asn1);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  cn= (char *) ASN1_STRING_get0_data(cn_asn1);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 
   // There should not be any NULL embedded in the CN
   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
--- sql/mysqld.cc.orig	2018-06-15 13:03:29 UTC
+++ sql/mysqld.cc
@@ -2779,7 +2779,9 @@ bool one_thread_per_connection_end(THD *
 
   // Clean up errors now, before possibly waiting for a new connection.
 #ifndef EMBEDDED_LIBRARY
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 #endif
 
   delete thd;
@@ -4377,7 +4379,11 @@ static int init_ssl()
 {
 #ifdef HAVE_OPENSSL
 #ifndef HAVE_YASSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   CRYPTO_malloc_init();
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  OPENSSL_malloc_init();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 #endif
   ssl_start();
 #ifndef EMBEDDED_LIBRARY
@@ -4391,7 +4397,9 @@ static int init_ssl()
 					  opt_ssl_cipher, &error,
                                           opt_ssl_crl, opt_ssl_crlpath);
     DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
-    ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
     if (!ssl_acceptor_fd)
     {
       sql_print_warning("Failed to setup SSL");
--- sql/rpl_slave.cc.orig	2018-06-15 13:03:29 UTC
+++ sql/rpl_slave.cc
@@ -5143,7 +5143,9 @@ err:
   mysql_mutex_unlock(&mi->run_lock);
   DBUG_LEAVE;                                   // Must match DBUG_ENTER()
   my_thread_end();
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   pthread_exit(0);
   return(0);                                    // Avoid compiler warnings
 }
@@ -5334,7 +5336,9 @@ err:
   }
 
   my_thread_end();
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   pthread_exit(0);
   DBUG_RETURN(0); 
 }
@@ -6482,7 +6486,9 @@ log '%s' at position %s, relay log '%s' 
 
   DBUG_LEAVE;                            // Must match DBUG_ENTER()
   my_thread_end();
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   pthread_exit(0);
   return 0;                             // Avoid compiler warnings
 }
--- vio/vio.c.orig	2018-06-15 13:03:29 UTC
+++ vio/vio.c
@@ -384,7 +384,9 @@ void vio_end(void)
   yaSSL_CleanUp();
 #elif defined(HAVE_OPENSSL)
   // This one is needed on the client side
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   ERR_free_strings();
   EVP_cleanup();
   CRYPTO_cleanup_all_ex_data();
--- vio/viossl.c.orig	2018-06-15 13:03:29 UTC
+++ vio/viossl.c
@@ -415,7 +415,11 @@ static int ssl_do(struct st_VioSSLFd *pt
       for (j = 0; j < n; j++)
       {
         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
         DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+        DBUG_PRINT("info", ("  %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
       }
   }
 #endif
--- vio/viosslfactories.c.orig	2018-06-15 13:03:29 UTC
+++ vio/viosslfactories.c
@@ -68,13 +68,21 @@ static DH *get_dh2048(void)
   DH *dh;
   if ((dh=DH_new()))
   {
-    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-    if (! dh->p || ! dh->g)
-    {
+    BIGNUM *p= BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+    BIGNUM *g= BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+    if (!p || !g
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        || !DH_set0_pqg(dh, p, NULL, g)
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+    ) {
+      /* DH_free() will free 'p' and 'g' at once. */
       DH_free(dh);
-      dh=0;
+      return NULL;
     }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    dh->p= p;
+    dh->g= g;
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   }
   return(dh);
 }

Lines 3-9 Link Here

(-)databases/mysql56-server/Makefile (-1 / +1 lines)
3		3
4	PORTNAME?= mysql	4	PORTNAME?= mysql
5	PORTVERSION= 5.6.41	5	PORTVERSION= 5.6.41
6	PORTREVISION?= 0	6	PORTREVISION?= 1
7	CATEGORIES= databases ipv6	7	CATEGORIES= databases ipv6
8	MASTER_SITES= MYSQL/MySQL-5.6	8	MASTER_SITES= MYSQL/MySQL-5.6
9	PKGNAMESUFFIX?= 56-server	9	PKGNAMESUFFIX?= 56-server




--- mysys_ssl/my_aes_openssl.cc.orig	2017-12-09 07:33:37 UTC
+++ mysys_ssl/my_aes_openssl.cc
@@ -108,33 +108,47 @@ int my_aes_encrypt(const unsigned char *
                    const unsigned char *key, uint32 key_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
   /* The real key to be used for encryption */
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
   my_aes_create_key(key, key_length, rkey, mode);
 
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
+   if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
 
-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
+   if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+    EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
   return MY_AES_BAD_DATA;
 }
 
@@ -145,7 +159,12 @@ int my_aes_decrypt(const unsigned char *
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
 
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */	
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
 
@@ -156,24 +175,30 @@ int my_aes_decrypt(const unsigned char *
   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  EVP_CIPHER_CTX_init(&ctx);
-
-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
+  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
+  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return MY_AES_BAD_DATA;
 }
 




# Backport of https://github.com/mysql/mysql-server/commit/8d81f3b9f1449a7de19aa0b1e1cd7f0b85f56fc6

--- extra/yassl/include/openssl/ssl.h.orig	2018-06-15 13:03:29 UTC
+++ extra/yassl/include/openssl/ssl.h
@@ -179,7 +179,7 @@ enum { /* X509 Constants */
 unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *);
 void          ERR_print_errors_fp(FILE*);
 char*         ERR_error_string(unsigned long,char*);
-void          ERR_remove_state(unsigned long);
+void          ERR_remove_thread_state(const void *);
 unsigned long ERR_get_error(void);
 unsigned long ERR_peek_error(void);
 int           ERR_GET_REASON(int);
--- extra/yassl/src/ssl.cpp.orig	2018-06-15 13:03:29 UTC
+++ extra/yassl/src/ssl.cpp
@@ -1516,7 +1516,7 @@ int SSLeay_add_ssl_algorithms()  // comp
 }
 
 
-void ERR_remove_state(unsigned long)
+void ERR_remove_thread_state(const void *)
 {
     GetErrors().Remove();
 }
--- mysys_ssl/my_aes_openssl.cc.orig	2018-06-15 13:03:29 UTC
+++ mysys_ssl/my_aes_openssl.cc
@@ -108,33 +108,46 @@ int my_aes_encrypt(const unsigned char *
                    const unsigned char *key, uint32 key_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
   /* The real key to be used for encryption */
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
   my_aes_create_key(key, key_length, rkey, mode);
 
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
+  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
 
-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
+  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+    EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return MY_AES_BAD_DATA;
 }
 
@@ -145,7 +158,12 @@ int my_aes_decrypt(const unsigned char *
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
 
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX stack_ctx;
+  EVP_CIPHER_CTX *ctx= &stack_ctx;
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
 
@@ -153,27 +171,34 @@ int my_aes_decrypt(const unsigned char *
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
 
   my_aes_create_key(key, key_length, rkey, mode);
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  EVP_CIPHER_CTX_init(&ctx);
-
-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
+  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
+  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  EVP_CIPHER_CTX_free(ctx);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   return MY_AES_BAD_DATA;
 }
 
--- sql-common/client.c.orig	2018-06-15 13:03:29 UTC
+++ sql-common/client.c
@@ -1967,7 +1967,11 @@ static int ssl_verify_server_cert(Vio *v
     goto error;
   }
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   cn= (char *) ASN1_STRING_data(cn_asn1);
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  cn= (char *) ASN1_STRING_get0_data(cn_asn1);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 
   // There should not be any NULL embedded in the CN
   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
--- sql/mysqld.cc.orig	2018-06-15 13:03:29 UTC
+++ sql/mysqld.cc
@@ -2779,7 +2779,9 @@ bool one_thread_per_connection_end(THD *
 
   // Clean up errors now, before possibly waiting for a new connection.
 #ifndef EMBEDDED_LIBRARY
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 #endif
 
   delete thd;
@@ -4377,7 +4379,11 @@ static int init_ssl()
 {
 #ifdef HAVE_OPENSSL
 #ifndef HAVE_YASSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   CRYPTO_malloc_init();
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+  OPENSSL_malloc_init();
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 #endif
   ssl_start();
 #ifndef EMBEDDED_LIBRARY
@@ -4391,7 +4397,9 @@ static int init_ssl()
 					  opt_ssl_cipher, &error,
                                           opt_ssl_crl, opt_ssl_crlpath);
     DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
-    ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
     if (!ssl_acceptor_fd)
     {
       sql_print_warning("Failed to setup SSL");
--- sql/rpl_slave.cc.orig	2018-06-15 13:03:29 UTC
+++ sql/rpl_slave.cc
@@ -5143,7 +5143,9 @@ err:
   mysql_mutex_unlock(&mi->run_lock);
   DBUG_LEAVE;                                   // Must match DBUG_ENTER()
   my_thread_end();
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   pthread_exit(0);
   return(0);                                    // Avoid compiler warnings
 }
@@ -5334,7 +5336,9 @@ err:
   }
 
   my_thread_end();
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   pthread_exit(0);
   DBUG_RETURN(0); 
 }
@@ -6482,7 +6486,9 @@ log '%s' at position %s, relay log '%s' 
 
   DBUG_LEAVE;                            // Must match DBUG_ENTER()
   my_thread_end();
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   pthread_exit(0);
   return 0;                             // Avoid compiler warnings
 }
--- vio/vio.c.orig	2018-06-15 13:03:29 UTC
+++ vio/vio.c
@@ -384,7 +384,9 @@ void vio_end(void)
   yaSSL_CleanUp();
 #elif defined(HAVE_OPENSSL)
   // This one is needed on the client side
-  ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_remove_thread_state(0);
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   ERR_free_strings();
   EVP_cleanup();
   CRYPTO_cleanup_all_ex_data();
--- vio/viossl.c.orig	2018-06-15 13:03:29 UTC
+++ vio/viossl.c
@@ -415,7 +415,11 @@ static int ssl_do(struct st_VioSSLFd *pt
       for (j = 0; j < n; j++)
       {
         SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
         DBUG_PRINT("info", ("  %d: %s\n", c->id, c->name));
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+        DBUG_PRINT("info", ("  %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
       }
   }
 #endif
--- vio/viosslfactories.c.orig	2018-06-15 13:03:29 UTC
+++ vio/viosslfactories.c
@@ -68,13 +68,21 @@ static DH *get_dh2048(void)
   DH *dh;
   if ((dh=DH_new()))
   {
-    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-    if (! dh->p || ! dh->g)
-    {
+    BIGNUM *p= BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+    BIGNUM *g= BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+    if (!p || !g
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        || !DH_set0_pqg(dh, p, NULL, g)
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+    ) {
+      /* DH_free() will free 'p' and 'g' at once. */
       DH_free(dh);
-      dh=0;
+      return NULL;
     }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    dh->p= p;
+    dh->g= g;
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   }
   return(dh);
 }




--- vio/viosslfactories.c.orig	2017-12-09 07:33:37 UTC
+++ vio/viosslfactories.c
@@ -68,13 +68,20 @@ static DH *get_dh2048(void)
   DH *dh;
   if ((dh=DH_new()))
   {
-    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-    if (! dh->p || ! dh->g)
-    {
+    BIGNUM *p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+    BIGNUM *g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+    if (!p || !g
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+        || !DH_set0_pqg(dh, p, NULL, g)
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+    ) {
       DH_free(dh);
       dh=0;
     }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    dh->p= p;
+    dh->g= g;
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
   }
   return(dh);
 }

Return to bug 225888

Line 0 Link Here

(-)databases/mysql56-client/files/patch-openssl111 (+280 lines)
		1	# Backport of https://github.com/mysql/mysql-server/commit/8d81f3b9f1449a7de19aa0b1e1cd7f0b85f56fc6
		2
		3	--- extra/yassl/include/openssl/ssl.h.orig 2018-06-15 13:03:29 UTC
		4	+++ extra/yassl/include/openssl/ssl.h
		5	@@ -179,7 +179,7 @@ enum { /* X509 Constants */
		6	unsigned long ERR_get_error_line_data(const char*, int, const char*, int );
		7	void ERR_print_errors_fp(FILE*);
		8	char* ERR_error_string(unsigned long,char*);
		9	-void ERR_remove_state(unsigned long);
		10	+void ERR_remove_thread_state(const void *);
		11	unsigned long ERR_get_error(void);
		12	unsigned long ERR_peek_error(void);
		13	int ERR_GET_REASON(int);
		14	--- extra/yassl/src/ssl.cpp.orig 2018-06-15 13:03:29 UTC
		15	+++ extra/yassl/src/ssl.cpp
		16	@@ -1516,7 +1516,7 @@ int SSLeay_add_ssl_algorithms() // comp
		17	}
		18
		19
		20	-void ERR_remove_state(unsigned long)
		21	+void ERR_remove_thread_state(const void *)
		22	{
		23	GetErrors().Remove();
		24	}
		25	--- mysys_ssl/my_aes_openssl.cc.orig 2018-06-15 13:03:29 UTC
		26	+++ mysys_ssl/my_aes_openssl.cc
		27	@@ -108,33 +108,46 @@ int my_aes_encrypt(const unsigned char *
		28	const unsigned char *key, uint32 key_length,
		29	enum my_aes_opmode mode, const unsigned char *iv)
		30	{
		31	- EVP_CIPHER_CTX ctx;
		32	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		33	+ EVP_CIPHER_CTX stack_ctx;
		34	+ EVP_CIPHER_CTX *ctx= &stack_ctx;
		35	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		36	+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
		37	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
		38	const EVP_CIPHER *cipher= aes_evp_type(mode);
		39	int u_len, f_len;
		40	/* The real key to be used for encryption */
		41	unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
		42	my_aes_create_key(key, key_length, rkey, mode);
		43
		44	- if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
		45	+ if (!ctx \|\| !cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
		46	return MY_AES_BAD_DATA;
		47
		48	- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
		49	+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
		50	goto aes_error; /* Error */
		51	- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
		52	+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
		53	goto aes_error; /* Error */
		54	- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
		55	+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
		56	goto aes_error; /* Error */
		57
		58	- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
		59	+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
		60	goto aes_error; /* Error */
		61
		62	- EVP_CIPHER_CTX_cleanup(&ctx);
		63	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		64	+ EVP_CIPHER_CTX_cleanup(ctx);
65	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
66	+ EVP_CIPHER_CTX_free(ctx);
67	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
68	return u_len + f_len;
69
70	aes_error:
71	/* need to explicitly clean up the error if we want to ignore it */
72	ERR_clear_error();
73	- EVP_CIPHER_CTX_cleanup(&ctx);
74	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
75	+ EVP_CIPHER_CTX_cleanup(ctx);
76	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
77	+ EVP_CIPHER_CTX_free(ctx);
78	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
79	return MY_AES_BAD_DATA;
80	}
81
82	@@ -145,7 +158,12 @@ int my_aes_decrypt(const unsigned char *
83	enum my_aes_opmode mode, const unsigned char *iv)
84	{
85
86	- EVP_CIPHER_CTX ctx;
87	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
88	+ EVP_CIPHER_CTX stack_ctx;
89	+ EVP_CIPHER_CTX *ctx= &stack_ctx;
90	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
91	+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
92	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
93	const EVP_CIPHER *cipher= aes_evp_type(mode);
94	int u_len, f_len;
95
96	@@ -153,27 +171,34 @@ int my_aes_decrypt(const unsigned char *
97	unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
98
99	my_aes_create_key(key, key_length, rkey, mode);
100	- if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
101	+ if (!ctx \|\| !cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
102	return MY_AES_BAD_DATA;
103
104	- EVP_CIPHER_CTX_init(&ctx);
105	-
106	- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
107	+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
108	goto aes_error; /* Error */
109	- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
110	+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
111	goto aes_error; /* Error */
112	- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
113	+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
114	goto aes_error; /* Error */
115	- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
116	+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
117	goto aes_error; /* Error */
118
119	- EVP_CIPHER_CTX_cleanup(&ctx);
120	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
121	+ EVP_CIPHER_CTX_cleanup(ctx);
122	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
123	+ EVP_CIPHER_CTX_free(ctx);
124	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
125	+
126	return u_len + f_len;
127
128	aes_error:
129	/* need to explicitly clean up the error if we want to ignore it */
130	ERR_clear_error();
131	- EVP_CIPHER_CTX_cleanup(&ctx);
132	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
133	+ EVP_CIPHER_CTX_cleanup(ctx);
134	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
135	+ EVP_CIPHER_CTX_free(ctx);
136	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
137	return MY_AES_BAD_DATA;
138	}
139
140	--- sql-common/client.c.orig 2018-06-15 13:03:29 UTC
141	+++ sql-common/client.c
142	@@ -1967,7 +1967,11 @@ static int ssl_verify_server_cert(Vio *v
143	goto error;
144	}
145
146	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
147	cn= (char *) ASN1_STRING_data(cn_asn1);
148	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
149	+ cn= (char *) ASN1_STRING_get0_data(cn_asn1);
150	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
151
152	// There should not be any NULL embedded in the CN
153	if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
154	--- sql/mysqld.cc.orig 2018-06-15 13:03:29 UTC
155	+++ sql/mysqld.cc
156	@@ -2779,7 +2779,9 @@ bool one_thread_per_connection_end(THD *
157
158	// Clean up errors now, before possibly waiting for a new connection.
159	#ifndef EMBEDDED_LIBRARY
160	- ERR_remove_state(0);
161	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
162	+ ERR_remove_thread_state(0);
163	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
164	#endif
165
166	delete thd;
167	@@ -4377,7 +4379,11 @@ static int init_ssl()
168	{
169	#ifdef HAVE_OPENSSL
170	#ifndef HAVE_YASSL
171	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
172	CRYPTO_malloc_init();
173	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
174	+ OPENSSL_malloc_init();
175	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
176	#endif
177	ssl_start();
178	#ifndef EMBEDDED_LIBRARY
179	@@ -4391,7 +4397,9 @@ static int init_ssl()
180	opt_ssl_cipher, &error,
181	opt_ssl_crl, opt_ssl_crlpath);
182	DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
183	- ERR_remove_state(0);
184	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
185	+ ERR_remove_thread_state(0);
186	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
187	if (!ssl_acceptor_fd)
188	{
189	sql_print_warning("Failed to setup SSL");
190	--- sql/rpl_slave.cc.orig 2018-06-15 13:03:29 UTC
191	+++ sql/rpl_slave.cc
192	@@ -5143,7 +5143,9 @@ err:
193	mysql_mutex_unlock(&mi->run_lock);
194	DBUG_LEAVE; // Must match DBUG_ENTER()
195	my_thread_end();
196	- ERR_remove_state(0);
197	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
198	+ ERR_remove_thread_state(0);
199	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
200	pthread_exit(0);
201	return(0); // Avoid compiler warnings
202	}
203	@@ -5334,7 +5336,9 @@ err:
204	}
205
206	my_thread_end();
207	- ERR_remove_state(0);
208	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
209	+ ERR_remove_thread_state(0);
210	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
211	pthread_exit(0);
212	DBUG_RETURN(0);
213	}
214	@@ -6482,7 +6486,9 @@ log '%s' at position %s, relay log '%s'
215
216	DBUG_LEAVE; // Must match DBUG_ENTER()
217	my_thread_end();
218	- ERR_remove_state(0);
219	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
220	+ ERR_remove_thread_state(0);
221	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
222	pthread_exit(0);
223	return 0; // Avoid compiler warnings
224	}
225	--- vio/vio.c.orig 2018-06-15 13:03:29 UTC
226	+++ vio/vio.c
227	@@ -384,7 +384,9 @@ void vio_end(void)
228	yaSSL_CleanUp();
229	#elif defined(HAVE_OPENSSL)
230	// This one is needed on the client side
231	- ERR_remove_state(0);
232	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
233	+ ERR_remove_thread_state(0);
234	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
235	ERR_free_strings();
236	EVP_cleanup();
237	CRYPTO_cleanup_all_ex_data();
238	--- vio/viossl.c.orig 2018-06-15 13:03:29 UTC
239	+++ vio/viossl.c
240	@@ -415,7 +415,11 @@ static int ssl_do(struct st_VioSSLFd *pt
241	for (j = 0; j < n; j++)
242	{
243	SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
244	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
245	DBUG_PRINT("info", (" %d: %s\n", c->id, c->name));
246	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
247	+ DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));
248	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
249	}
250	}
251	#endif
252	--- vio/viosslfactories.c.orig 2018-06-15 13:03:29 UTC
253	+++ vio/viosslfactories.c
254	@@ -68,13 +68,21 @@ static DH *get_dh2048(void)
255	DH *dh;
256	if ((dh=DH_new()))
257	{
258	- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
259	- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
260	- if (! dh->p \|\| ! dh->g)
261	- {
262	+ BIGNUM *p= BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
263	+ BIGNUM *g= BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
264	+ if (!p \|\| !g
265	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
266	+ \|\| !DH_set0_pqg(dh, p, NULL, g)
267	+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
268	+ ) {
269	+ /* DH_free() will free 'p' and 'g' at once. */
270	DH_free(dh);
271	- dh=0;
272	+ return NULL;
273	}
274	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
275	+ dh->p= p;
276	+ dh->g= g;
277	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
278	}
279	return(dh);
280	}

Lines 1-111 Link Here

(-)databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc (-111 lines)
1	--- mysys_ssl/my_aes_openssl.cc.orig 2017-12-09 07:33:37 UTC
2	+++ mysys_ssl/my_aes_openssl.cc
3	@@ -108,33 +108,47 @@ int my_aes_encrypt(const unsigned char *
4	const unsigned char *key, uint32 key_length,
5	enum my_aes_opmode mode, const unsigned char *iv)
6	{
7	- EVP_CIPHER_CTX ctx;
8	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
9	+ EVP_CIPHER_CTX stack_ctx;
10	+ EVP_CIPHER_CTX *ctx= &stack_ctx;
11	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
12	+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
13	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
14	const EVP_CIPHER *cipher= aes_evp_type(mode);
15	int u_len, f_len;
16	/* The real key to be used for encryption */
17	unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
18	my_aes_create_key(key, key_length, rkey, mode);
19
20	- if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
21	+ if (!ctx \|\| !cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
22	return MY_AES_BAD_DATA;
23
24	- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
25	+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
26	goto aes_error; /* Error */
27	- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
28	+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
29	goto aes_error; /* Error */
30	- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
31	+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
32	goto aes_error; /* Error */
33
34	- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
35	+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
36	goto aes_error; /* Error */
37
38	- EVP_CIPHER_CTX_cleanup(&ctx);
39	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
40	+ EVP_CIPHER_CTX_cleanup(ctx);
41	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
42	+ EVP_CIPHER_CTX_free(ctx);
43	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
44	return u_len + f_len;
45
46	aes_error:
47	/* need to explicitly clean up the error if we want to ignore it */
48	ERR_clear_error();
49	- EVP_CIPHER_CTX_cleanup(&ctx);
50	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
51	+ EVP_CIPHER_CTX_cleanup(ctx);
52	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
53	+ EVP_CIPHER_CTX_free(ctx);
54	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
55	+
56	return MY_AES_BAD_DATA;
57	}
58
59	@@ -145,7 +159,12 @@ int my_aes_decrypt(const unsigned char *
60	enum my_aes_opmode mode, const unsigned char *iv)
61	{
62
63	- EVP_CIPHER_CTX ctx;
64	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
65	+ EVP_CIPHER_CTX stack_ctx;
66	+ EVP_CIPHER_CTX *ctx= &stack_ctx;
67	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
68	+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
69	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
70	const EVP_CIPHER *cipher= aes_evp_type(mode);
71	int u_len, f_len;
72
73	@@ -156,24 +175,30 @@ int my_aes_decrypt(const unsigned char *
74	if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
75	return MY_AES_BAD_DATA;
76
77	- EVP_CIPHER_CTX_init(&ctx);
78	-
79	- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
80	+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
81	goto aes_error; /* Error */
82	- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
83	+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
84	goto aes_error; /* Error */
85	- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
86	+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
87	goto aes_error; /* Error */
88	- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
89	+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
90	goto aes_error; /* Error */
91
92	- EVP_CIPHER_CTX_cleanup(&ctx);
93	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
94	+ EVP_CIPHER_CTX_cleanup(ctx);
95	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
96	+ EVP_CIPHER_CTX_free(ctx);
97	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
98	return u_len + f_len;
99
100	aes_error:
101	/* need to explicitly clean up the error if we want to ignore it */
102	ERR_clear_error();
103	- EVP_CIPHER_CTX_cleanup(&ctx);
104	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
105	+ EVP_CIPHER_CTX_cleanup(ctx);
106	+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
107	+ EVP_CIPHER_CTX_free(ctx);
108	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
109	return MY_AES_BAD_DATA;
110	}
111

Lines 1-27 Link Here

(-)databases/mysql56-server/files/patch-vio_viosslfactories.c (-27 lines)
1	--- vio/viosslfactories.c.orig 2017-12-09 07:33:37 UTC
2	+++ vio/viosslfactories.c
3	@@ -68,13 +68,20 @@ static DH *get_dh2048(void)
4	DH *dh;
5	if ((dh=DH_new()))
6	{
7	- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
8	- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
9	- if (! dh->p \|\| ! dh->g)
10	- {
11	+ BIGNUM *p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
12	+ BIGNUM *g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
13	+ if (!p \|\| !g
14	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
15	+ \|\| !DH_set0_pqg(dh, p, NULL, g)
16	+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
17	+ ) {
18	DH_free(dh);
19	dh=0;
20	}
21	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
22	+ dh->p= p;
23	+ dh->g= g;
24	+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
25	}
26	return(dh);
27	}