Lines 1-286
Link Here
|
1 |
--- extra/yassl/include/openssl/ssl.h.orig 2019-07-16 14:08:43 UTC |
|
|
2 |
+++ extra/yassl/include/openssl/ssl.h |
3 |
@@ -1,5 +1,5 @@ |
4 |
/* |
5 |
- Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. |
6 |
+ Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. |
7 |
|
8 |
This program is free software; you can redistribute it and/or modify |
9 |
it under the terms of the GNU General Public License as published by |
10 |
@@ -179,7 +179,7 @@ enum { /* X509 Constants */ |
11 |
unsigned long ERR_get_error_line_data(const char**, int*, const char**, int *); |
12 |
void ERR_print_errors_fp(FILE*); |
13 |
char* ERR_error_string(unsigned long,char*); |
14 |
-void ERR_remove_state(unsigned long); |
15 |
+void ERR_remove_thread_state(const void *); |
16 |
unsigned long ERR_get_error(void); |
17 |
unsigned long ERR_peek_error(void); |
18 |
int ERR_GET_REASON(int); |
19 |
--- extra/yassl/src/ssl.cpp.orig 2019-07-16 14:08:43 UTC |
20 |
+++ extra/yassl/src/ssl.cpp |
21 |
@@ -1,5 +1,5 @@ |
22 |
/* |
23 |
- Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. |
24 |
+ Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. |
25 |
|
26 |
This program is free software; you can redistribute it and/or modify |
27 |
it under the terms of the GNU General Public License as published by |
28 |
@@ -1516,7 +1516,7 @@ int SSLeay_add_ssl_algorithms() // compatibility only |
29 |
} |
30 |
|
31 |
|
32 |
-void ERR_remove_state(unsigned long) |
33 |
+void ERR_remove_thread_state(const void *) |
34 |
{ |
35 |
GetErrors().Remove(); |
36 |
} |
37 |
--- mysys_ssl/my_aes_openssl.cc.orig 2019-07-16 14:08:43 UTC |
38 |
+++ mysys_ssl/my_aes_openssl.cc |
39 |
@@ -1,4 +1,4 @@ |
40 |
-/* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. |
41 |
+/* Copyright (c) 2015, 2018 Oracle and/or its affiliates. All rights reserved. |
42 |
|
43 |
This program is free software; you can redistribute it and/or modify |
44 |
it under the terms of the GNU General Public License as published by |
45 |
@@ -108,33 +108,46 @@ int my_aes_encrypt(const unsigned char *source, uint32 |
46 |
const unsigned char *key, uint32 key_length, |
47 |
enum my_aes_opmode mode, const unsigned char *iv) |
48 |
{ |
49 |
- EVP_CIPHER_CTX ctx; |
50 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
51 |
+ EVP_CIPHER_CTX stack_ctx; |
52 |
+ EVP_CIPHER_CTX *ctx= &stack_ctx; |
53 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
54 |
+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new(); |
55 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
56 |
const EVP_CIPHER *cipher= aes_evp_type(mode); |
57 |
int u_len, f_len; |
58 |
/* The real key to be used for encryption */ |
59 |
unsigned char rkey[MAX_AES_KEY_LENGTH / 8]; |
60 |
my_aes_create_key(key, key_length, rkey, mode); |
61 |
|
62 |
- if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) |
63 |
+ if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) |
64 |
return MY_AES_BAD_DATA; |
65 |
|
66 |
- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv)) |
67 |
+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv)) |
68 |
goto aes_error; /* Error */ |
69 |
- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1)) |
70 |
+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1)) |
71 |
goto aes_error; /* Error */ |
72 |
- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length)) |
73 |
+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length)) |
74 |
goto aes_error; /* Error */ |
75 |
|
76 |
- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len)) |
77 |
+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len)) |
78 |
goto aes_error; /* Error */ |
79 |
|
80 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
81 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
82 |
+ EVP_CIPHER_CTX_cleanup(ctx); |
83 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
84 |
+ EVP_CIPHER_CTX_free(ctx); |
85 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
86 |
return u_len + f_len; |
87 |
|
88 |
aes_error: |
89 |
/* need to explicitly clean up the error if we want to ignore it */ |
90 |
ERR_clear_error(); |
91 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
92 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
93 |
+ EVP_CIPHER_CTX_cleanup(ctx); |
94 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
95 |
+ EVP_CIPHER_CTX_free(ctx); |
96 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
97 |
return MY_AES_BAD_DATA; |
98 |
} |
99 |
|
100 |
@@ -145,7 +158,12 @@ int my_aes_decrypt(const unsigned char *source, uint32 |
101 |
enum my_aes_opmode mode, const unsigned char *iv) |
102 |
{ |
103 |
|
104 |
- EVP_CIPHER_CTX ctx; |
105 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
106 |
+ EVP_CIPHER_CTX stack_ctx; |
107 |
+ EVP_CIPHER_CTX *ctx= &stack_ctx; |
108 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
109 |
+ EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new(); |
110 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
111 |
const EVP_CIPHER *cipher= aes_evp_type(mode); |
112 |
int u_len, f_len; |
113 |
|
114 |
@@ -153,27 +171,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 |
115 |
unsigned char rkey[MAX_AES_KEY_LENGTH / 8]; |
116 |
|
117 |
my_aes_create_key(key, key_length, rkey, mode); |
118 |
- if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) |
119 |
+ if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv)) |
120 |
return MY_AES_BAD_DATA; |
121 |
|
122 |
- EVP_CIPHER_CTX_init(&ctx); |
123 |
- |
124 |
- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv)) |
125 |
+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv)) |
126 |
goto aes_error; /* Error */ |
127 |
- if (!EVP_CIPHER_CTX_set_padding(&ctx, 1)) |
128 |
+ if (!EVP_CIPHER_CTX_set_padding(ctx, 1)) |
129 |
goto aes_error; /* Error */ |
130 |
- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length)) |
131 |
+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length)) |
132 |
goto aes_error; /* Error */ |
133 |
- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len)) |
134 |
+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len)) |
135 |
goto aes_error; /* Error */ |
136 |
|
137 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
138 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
139 |
+ EVP_CIPHER_CTX_cleanup(ctx); |
140 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
141 |
+ EVP_CIPHER_CTX_free(ctx); |
142 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
143 |
+ |
144 |
return u_len + f_len; |
145 |
|
146 |
aes_error: |
147 |
/* need to explicitly clean up the error if we want to ignore it */ |
148 |
ERR_clear_error(); |
149 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
150 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
151 |
+ EVP_CIPHER_CTX_cleanup(ctx); |
152 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
153 |
+ EVP_CIPHER_CTX_free(ctx); |
154 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
155 |
return MY_AES_BAD_DATA; |
156 |
} |
157 |
|
158 |
--- sql-common/client.c.orig 2019-07-16 14:08:43 UTC |
159 |
+++ sql-common/client.c |
160 |
@@ -1968,7 +1968,11 @@ static int ssl_verify_server_cert(Vio *vio, const char |
161 |
goto error; |
162 |
} |
163 |
|
164 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
165 |
cn= (char *) ASN1_STRING_data(cn_asn1); |
166 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
167 |
+ cn= (char *) ASN1_STRING_get0_data(cn_asn1); |
168 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
169 |
|
170 |
// There should not be any NULL embedded in the CN |
171 |
if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn)) |
172 |
--- sql/mysqld.cc.orig 2019-07-16 14:08:43 UTC |
173 |
+++ sql/mysqld.cc |
174 |
@@ -4511,7 +4511,11 @@ static int init_ssl() |
175 |
{ |
176 |
#ifdef HAVE_OPENSSL |
177 |
#ifndef HAVE_YASSL |
178 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
179 |
CRYPTO_malloc_init(); |
180 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
181 |
+ OPENSSL_malloc_init(); |
182 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
183 |
#endif |
184 |
ssl_start(); |
185 |
#ifndef EMBEDDED_LIBRARY |
186 |
@@ -4525,7 +4529,9 @@ static int init_ssl() |
187 |
opt_ssl_cipher, &error, |
188 |
opt_ssl_crl, opt_ssl_crlpath); |
189 |
DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd)); |
190 |
- ERR_remove_state(0); |
191 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
192 |
+ ERR_remove_thread_state(0); |
193 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
194 |
if (!ssl_acceptor_fd) |
195 |
{ |
196 |
sql_print_warning("Failed to setup SSL"); |
197 |
--- sql/rpl_slave.cc.orig 2019-07-16 14:08:43 UTC |
198 |
+++ sql/rpl_slave.cc |
199 |
@@ -5258,7 +5258,9 @@ err: |
200 |
mysql_mutex_unlock(&mi->run_lock); |
201 |
DBUG_LEAVE; // Must match DBUG_ENTER() |
202 |
my_thread_end(); |
203 |
- ERR_remove_state(0); |
204 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
205 |
+ ERR_remove_thread_state(0); |
206 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
207 |
pthread_exit(0); |
208 |
return(0); // Avoid compiler warnings |
209 |
} |
210 |
@@ -5449,7 +5451,9 @@ err: |
211 |
} |
212 |
|
213 |
my_thread_end(); |
214 |
- ERR_remove_state(0); |
215 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
216 |
+ ERR_remove_thread_state(0); |
217 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
218 |
pthread_exit(0); |
219 |
DBUG_RETURN(0); |
220 |
} |
221 |
@@ -6663,7 +6667,9 @@ log '%s' at position %s, relay log '%s' position: %s", |
222 |
|
223 |
DBUG_LEAVE; // Must match DBUG_ENTER() |
224 |
my_thread_end(); |
225 |
- ERR_remove_state(0); |
226 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
227 |
+ ERR_remove_thread_state(0); |
228 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
229 |
pthread_exit(0); |
230 |
return 0; // Avoid compiler warnings |
231 |
} |
232 |
--- vio/viossl.c.orig 2019-07-16 14:08:43 UTC |
233 |
+++ vio/viossl.c |
234 |
@@ -1,4 +1,4 @@ |
235 |
-/* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved. |
236 |
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. |
237 |
|
238 |
This program is free software; you can redistribute it and/or modify |
239 |
it under the terms of the GNU General Public License as published by |
240 |
@@ -415,7 +415,11 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio, |
241 |
for (j = 0; j < n; j++) |
242 |
{ |
243 |
SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j); |
244 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
245 |
DBUG_PRINT("info", (" %d: %s\n", c->id, c->name)); |
246 |
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
247 |
+ DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c))); |
248 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
249 |
} |
250 |
} |
251 |
#endif |
252 |
--- vio/viosslfactories.c.orig 2019-07-16 14:08:43 UTC |
253 |
+++ vio/viosslfactories.c |
254 |
@@ -1,4 +1,4 @@ |
255 |
-/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. |
256 |
+/* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. |
257 |
|
258 |
This program is free software; you can redistribute it and/or modify |
259 |
it under the terms of the GNU General Public License as published by |
260 |
@@ -68,13 +68,21 @@ static DH *get_dh2048(void) |
261 |
DH *dh; |
262 |
if ((dh=DH_new())) |
263 |
{ |
264 |
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); |
265 |
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); |
266 |
- if (! dh->p || ! dh->g) |
267 |
- { |
268 |
+ BIGNUM *p= BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); |
269 |
+ BIGNUM *g= BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); |
270 |
+ if (!p || !g |
271 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
272 |
+ || !DH_set0_pqg(dh, p, NULL, g) |
273 |
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ |
274 |
+ ) { |
275 |
+ /* DH_free() will free 'p' and 'g' at once. */ |
276 |
DH_free(dh); |
277 |
- dh=0; |
278 |
+ return NULL; |
279 |
} |
280 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
281 |
+ dh->p= p; |
282 |
+ dh->g= g; |
283 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
284 |
} |
285 |
return(dh); |
286 |
} |