MFH: r528272
This fix a Problem, when MySQL build with libressl /var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:230:25: error: use of undeclared identifier 'SSL_OP_NO_TLSv1_3' SSL_OP_NO_TLSv1_3 | ^ /var/ports/usr/ports/databases/mysql56-client/work/mysql-5.6.47/vio/viosslfactories.c:275:12: warning: implicit declaration of function 'SSL_CTX_set_ciphersuites' is invalid in C99 [-Wimplicit-function-declaration] if (0 == SSL_CTX_set_ciphersuites(ssl_fd->ssl_context, "")) Special thanks for his help to: fluffy PR: 244320 Sponsored by: Netzkommune GmbH Approved by: ports-secteam (joneum)
This commit is contained in:
parent
5cfd4e8b48
commit
25f1ebfadd
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/branches/2020Q1/; revision=528273
@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= mysql
|
||||
PORTREVISION= 0
|
||||
PORTREVISION= 1
|
||||
PKGNAMESUFFIX= 56-client
|
||||
|
||||
COMMENT= Multithreaded SQL database (client)
|
||||
|
@ -1,11 +1,25 @@
|
||||
--- cmake/ssl.cmake.orig 2016-11-28 13:36:22 UTC
|
||||
--- cmake/ssl.cmake.orig 2019-11-26 16:53:45 UTC
|
||||
+++ cmake/ssl.cmake
|
||||
@@ -176,7 +176,7 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
@@ -189,13 +189,20 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
|
||||
)
|
||||
ENDIF()
|
||||
- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
|
||||
+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
|
||||
+ IF(HAVE_TLS1_3_VERSION)
|
||||
ADD_DEFINITIONS(-DHAVE_TLSv13)
|
||||
ENDIF()
|
||||
IF(OPENSSL_INCLUDE_DIR AND
|
||||
OPENSSL_LIBRARY AND
|
||||
CRYPTO_LIBRARY AND
|
||||
- OPENSSL_MAJOR_VERSION STREQUAL "1"
|
||||
+ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
|
||||
+ )
|
||||
+ SET(OPENSSL_FOUND TRUE)
|
||||
+ ELSEIF(OPENSSL_INCLUDE_DIR AND
|
||||
+ OPENSSL_LIBRARY AND
|
||||
+ CRYPTO_LIBRARY AND
|
||||
+ OPENSSL_MAJOR_VERSION STREQUAL "2"
|
||||
)
|
||||
SET(OPENSSL_FOUND TRUE)
|
||||
ELSE()
|
||||
|
@ -0,0 +1,74 @@
|
||||
--- mysys_ssl/my_aes_openssl.cc.orig 2019-11-26 16:53:45 UTC
|
||||
+++ mysys_ssl/my_aes_openssl.cc
|
||||
@@ -120,7 +120,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
const unsigned char *key, uint32 key_length,
|
||||
enum my_aes_opmode mode, const unsigned char *iv)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX stack_ctx;
|
||||
EVP_CIPHER_CTX *ctx= &stack_ctx;
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
@@ -135,7 +135,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
|
||||
return MY_AES_BAD_DATA;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
|
||||
@@ -148,7 +148,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
|
||||
goto aes_error; /* Error */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
@@ -158,7 +158,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
aes_error:
|
||||
/* need to explicitly clean up the error if we want to ignore it */
|
||||
ERR_clear_error();
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
@@ -172,7 +172,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
const unsigned char *key, uint32 key_length,
|
||||
enum my_aes_opmode mode, const unsigned char *iv)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX stack_ctx;
|
||||
EVP_CIPHER_CTX *ctx= &stack_ctx;
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
@@ -188,7 +188,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
|
||||
return MY_AES_BAD_DATA;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
|
||||
@@ -201,7 +201,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
|
||||
goto aes_error; /* Error */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
@@ -211,7 +211,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
aes_error:
|
||||
/* need to explicitly clean up the error if we want to ignore it */
|
||||
ERR_clear_error();
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
15
databases/mysql56-client/files/patch-sql-common_client.c
Normal file
15
databases/mysql56-client/files/patch-sql-common_client.c
Normal file
@ -0,0 +1,15 @@
|
||||
--- sql-common/client.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ sql-common/client.c
|
||||
@@ -1980,7 +1980,11 @@ static int ssl_verify_server_cert(Vio *vio, const char
|
||||
goto error;
|
||||
}
|
||||
|
||||
- cn= (char *) ASN1_STRING_data(cn_asn1);
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ cn= (const char *) ASN1_STRING_data(cn_asn1);
|
||||
+#else
|
||||
+ cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
|
||||
+#endif
|
||||
|
||||
// There should not be any NULL embedded in the CN
|
||||
if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
|
65
databases/mysql56-client/files/patch-sql_mysqld.cc
Normal file
65
databases/mysql56-client/files/patch-sql_mysqld.cc
Normal file
@ -0,0 +1,65 @@
|
||||
--- sql/mysqld.cc.orig 2019-11-26 16:53:45 UTC
|
||||
+++ sql/mysqld.cc
|
||||
@@ -1258,7 +1258,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ss
|
||||
*opt_ssl_crlpath= NULL;
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#include <openssl/crypto.h>
|
||||
typedef struct CRYPTO_dynlock_value
|
||||
{
|
||||
@@ -2029,7 +2029,7 @@ static void clean_up_mutexes()
|
||||
mysql_mutex_destroy(&LOCK_connection_count);
|
||||
#ifdef HAVE_OPENSSL
|
||||
mysql_mutex_destroy(&LOCK_des_key_file);
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
for (int i= 0; i < CRYPTO_num_locks(); ++i)
|
||||
mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
|
||||
OPENSSL_free(openssl_stdlocks);
|
||||
@@ -2768,7 +2768,7 @@ bool one_thread_per_connection_end(THD *thd, bool bloc
|
||||
|
||||
// Clean up errors now, before possibly waiting for a new connection.
|
||||
#ifndef EMBEDDED_LIBRARY
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ERR_remove_thread_state(0);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
#endif
|
||||
@@ -4252,7 +4252,7 @@ static int init_thread_environment()
|
||||
#ifdef HAVE_OPENSSL
|
||||
mysql_mutex_init(key_LOCK_des_key_file,
|
||||
&LOCK_des_key_file, MY_MUTEX_INIT_FAST);
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
|
||||
sizeof(openssl_lock_t));
|
||||
for (int i= 0; i < CRYPTO_num_locks(); ++i)
|
||||
@@ -4301,7 +4301,7 @@ static int init_thread_environment()
|
||||
OpenSSL 1.1 supports native platform threads,
|
||||
so we don't need the following callback functions.
|
||||
*/
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
static unsigned long openssl_id_function()
|
||||
{
|
||||
@@ -4375,7 +4375,7 @@ static void openssl_lock(int mode, openssl_lock_t *loc
|
||||
static int init_ssl()
|
||||
{
|
||||
#ifdef HAVE_OPENSSL
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
CRYPTO_malloc_init();
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
OPENSSL_malloc_init();
|
||||
@@ -4392,7 +4392,7 @@ static int init_ssl()
|
||||
opt_ssl_cipher, &error,
|
||||
opt_ssl_crl, opt_ssl_crlpath);
|
||||
DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ERR_remove_thread_state(0);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
if (!ssl_acceptor_fd)
|
11
databases/mysql56-client/files/patch-vio_vio.c
Normal file
11
databases/mysql56-client/files/patch-vio_vio.c
Normal file
@ -0,0 +1,11 @@
|
||||
--- vio/vio.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ vio/vio.c
|
||||
@@ -394,7 +394,7 @@ void vio_end(void)
|
||||
{
|
||||
#if defined(HAVE_OPENSSL)
|
||||
// This one is needed on the client side
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ERR_remove_thread_state(0);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
ERR_free_strings();
|
11
databases/mysql56-client/files/patch-vio_viossl.c
Normal file
11
databases/mysql56-client/files/patch-vio_viossl.c
Normal file
@ -0,0 +1,11 @@
|
||||
--- vio/viossl.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ vio/viossl.c
|
||||
@@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
|
||||
for (j = 0; j < n; j++)
|
||||
{
|
||||
SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
DBUG_PRINT("info", (" %d: %s\n", c->id, c->name));
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));
|
20
databases/mysql56-client/files/patch-vio_viosslfactories.c
Normal file
20
databases/mysql56-client/files/patch-vio_viosslfactories.c
Normal file
@ -0,0 +1,20 @@
|
||||
--- vio/viosslfactories.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ vio/viosslfactories.c
|
||||
@@ -91,7 +91,7 @@ static DH *get_dh2048(void)
|
||||
DH_free(dh);
|
||||
return NULL;
|
||||
}
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
dh->p= p;
|
||||
dh->g= g;
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
@@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
|
||||
DBUG_RETURN(0);
|
||||
|
||||
if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSLv23_client_method() :
|
||||
SSLv23_server_method()
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME?= mysql
|
||||
PORTVERSION= 5.6.47
|
||||
PORTREVISION?= 0
|
||||
PORTREVISION?= 1
|
||||
CATEGORIES= databases
|
||||
MASTER_SITES= MYSQL/MySQL-5.6
|
||||
PKGNAMESUFFIX?= 56-server
|
||||
|
@ -1,11 +1,25 @@
|
||||
--- cmake/ssl.cmake.orig 2016-11-28 13:36:22 UTC
|
||||
--- cmake/ssl.cmake.orig 2019-11-26 16:53:45 UTC
|
||||
+++ cmake/ssl.cmake
|
||||
@@ -176,7 +176,7 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
@@ -189,13 +189,20 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
OPENSSL_FIX_VERSION "${OPENSSL_VERSION_NUMBER}"
|
||||
)
|
||||
ENDIF()
|
||||
- IF("${OPENSSL_MAJOR_VERSION}.${OPENSSL_MINOR_VERSION}.${OPENSSL_FIX_VERSION}" VERSION_GREATER "1.1.0")
|
||||
+ CHECK_SYMBOL_EXISTS(TLS1_3_VERSION "openssl/tls1.h" HAVE_TLS1_3_VERSION)
|
||||
+ IF(HAVE_TLS1_3_VERSION)
|
||||
ADD_DEFINITIONS(-DHAVE_TLSv13)
|
||||
ENDIF()
|
||||
IF(OPENSSL_INCLUDE_DIR AND
|
||||
OPENSSL_LIBRARY AND
|
||||
CRYPTO_LIBRARY AND
|
||||
- OPENSSL_MAJOR_VERSION STREQUAL "1"
|
||||
+ OPENSSL_MAJOR_VERSION VERSION_GREATER_EQUAL "1"
|
||||
+ )
|
||||
+ SET(OPENSSL_FOUND TRUE)
|
||||
+ ELSEIF(OPENSSL_INCLUDE_DIR AND
|
||||
+ OPENSSL_LIBRARY AND
|
||||
+ CRYPTO_LIBRARY AND
|
||||
+ OPENSSL_MAJOR_VERSION STREQUAL "2"
|
||||
)
|
||||
SET(OPENSSL_FOUND TRUE)
|
||||
ELSE()
|
||||
|
@ -0,0 +1,74 @@
|
||||
--- mysys_ssl/my_aes_openssl.cc.orig 2019-11-26 16:53:45 UTC
|
||||
+++ mysys_ssl/my_aes_openssl.cc
|
||||
@@ -120,7 +120,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
const unsigned char *key, uint32 key_length,
|
||||
enum my_aes_opmode mode, const unsigned char *iv)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX stack_ctx;
|
||||
EVP_CIPHER_CTX *ctx= &stack_ctx;
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
@@ -135,7 +135,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
|
||||
return MY_AES_BAD_DATA;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
|
||||
@@ -148,7 +148,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
|
||||
goto aes_error; /* Error */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
@@ -158,7 +158,7 @@ int my_aes_encrypt(const unsigned char *source, uint32
|
||||
aes_error:
|
||||
/* need to explicitly clean up the error if we want to ignore it */
|
||||
ERR_clear_error();
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
@@ -172,7 +172,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
const unsigned char *key, uint32 key_length,
|
||||
enum my_aes_opmode mode, const unsigned char *iv)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX stack_ctx;
|
||||
EVP_CIPHER_CTX *ctx= &stack_ctx;
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
@@ -188,7 +188,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
|
||||
return MY_AES_BAD_DATA;
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_init(ctx);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
|
||||
@@ -201,7 +201,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
|
||||
goto aes_error; /* Error */
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
@@ -211,7 +211,7 @@ int my_aes_decrypt(const unsigned char *source, uint32
|
||||
aes_error:
|
||||
/* need to explicitly clean up the error if we want to ignore it */
|
||||
ERR_clear_error();
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
EVP_CIPHER_CTX_cleanup(ctx);
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
EVP_CIPHER_CTX_free(ctx);
|
15
databases/mysql56-server/files/patch-sql-common_client.c
Normal file
15
databases/mysql56-server/files/patch-sql-common_client.c
Normal file
@ -0,0 +1,15 @@
|
||||
--- sql-common/client.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ sql-common/client.c
|
||||
@@ -1980,7 +1980,11 @@ static int ssl_verify_server_cert(Vio *vio, const char
|
||||
goto error;
|
||||
}
|
||||
|
||||
- cn= (char *) ASN1_STRING_data(cn_asn1);
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
+ cn= (const char *) ASN1_STRING_data(cn_asn1);
|
||||
+#else
|
||||
+ cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
|
||||
+#endif
|
||||
|
||||
// There should not be any NULL embedded in the CN
|
||||
if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
|
65
databases/mysql56-server/files/patch-sql_mysqld.cc
Normal file
65
databases/mysql56-server/files/patch-sql_mysqld.cc
Normal file
@ -0,0 +1,65 @@
|
||||
--- sql/mysqld.cc.orig 2019-11-26 16:53:45 UTC
|
||||
+++ sql/mysqld.cc
|
||||
@@ -1258,7 +1258,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ss
|
||||
*opt_ssl_crlpath= NULL;
|
||||
|
||||
#ifdef HAVE_OPENSSL
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#include <openssl/crypto.h>
|
||||
typedef struct CRYPTO_dynlock_value
|
||||
{
|
||||
@@ -2029,7 +2029,7 @@ static void clean_up_mutexes()
|
||||
mysql_mutex_destroy(&LOCK_connection_count);
|
||||
#ifdef HAVE_OPENSSL
|
||||
mysql_mutex_destroy(&LOCK_des_key_file);
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
for (int i= 0; i < CRYPTO_num_locks(); ++i)
|
||||
mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
|
||||
OPENSSL_free(openssl_stdlocks);
|
||||
@@ -2768,7 +2768,7 @@ bool one_thread_per_connection_end(THD *thd, bool bloc
|
||||
|
||||
// Clean up errors now, before possibly waiting for a new connection.
|
||||
#ifndef EMBEDDED_LIBRARY
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ERR_remove_thread_state(0);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
#endif
|
||||
@@ -4252,7 +4252,7 @@ static int init_thread_environment()
|
||||
#ifdef HAVE_OPENSSL
|
||||
mysql_mutex_init(key_LOCK_des_key_file,
|
||||
&LOCK_des_key_file, MY_MUTEX_INIT_FAST);
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
|
||||
sizeof(openssl_lock_t));
|
||||
for (int i= 0; i < CRYPTO_num_locks(); ++i)
|
||||
@@ -4301,7 +4301,7 @@ static int init_thread_environment()
|
||||
OpenSSL 1.1 supports native platform threads,
|
||||
so we don't need the following callback functions.
|
||||
*/
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
||||
static unsigned long openssl_id_function()
|
||||
{
|
||||
@@ -4375,7 +4375,7 @@ static void openssl_lock(int mode, openssl_lock_t *loc
|
||||
static int init_ssl()
|
||||
{
|
||||
#ifdef HAVE_OPENSSL
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
CRYPTO_malloc_init();
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
OPENSSL_malloc_init();
|
||||
@@ -4392,7 +4392,7 @@ static int init_ssl()
|
||||
opt_ssl_cipher, &error,
|
||||
opt_ssl_crl, opt_ssl_crlpath);
|
||||
DBUG_PRINT("info",("ssl_acceptor_fd: 0x%lx", (long) ssl_acceptor_fd));
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ERR_remove_thread_state(0);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
if (!ssl_acceptor_fd)
|
11
databases/mysql56-server/files/patch-vio_vio.c
Normal file
11
databases/mysql56-server/files/patch-vio_vio.c
Normal file
@ -0,0 +1,11 @@
|
||||
--- vio/vio.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ vio/vio.c
|
||||
@@ -394,7 +394,7 @@ void vio_end(void)
|
||||
{
|
||||
#if defined(HAVE_OPENSSL)
|
||||
// This one is needed on the client side
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
ERR_remove_thread_state(0);
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
ERR_free_strings();
|
11
databases/mysql56-server/files/patch-vio_viossl.c
Normal file
11
databases/mysql56-server/files/patch-vio_viossl.c
Normal file
@ -0,0 +1,11 @@
|
||||
--- vio/viossl.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ vio/viossl.c
|
||||
@@ -403,7 +403,7 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
|
||||
for (j = 0; j < n; j++)
|
||||
{
|
||||
SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
DBUG_PRINT("info", (" %d: %s\n", c->id, c->name));
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
DBUG_PRINT("info", (" %d: %s\n", SSL_COMP_get_id(c), SSL_COMP_get0_name(c)));
|
20
databases/mysql56-server/files/patch-vio_viosslfactories.c
Normal file
20
databases/mysql56-server/files/patch-vio_viosslfactories.c
Normal file
@ -0,0 +1,20 @@
|
||||
--- vio/viosslfactories.c.orig 2019-11-26 16:53:45 UTC
|
||||
+++ vio/viosslfactories.c
|
||||
@@ -91,7 +91,7 @@ static DH *get_dh2048(void)
|
||||
DH_free(dh);
|
||||
return NULL;
|
||||
}
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
dh->p= p;
|
||||
dh->g= g;
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
@@ -250,7 +250,7 @@ new_VioSSLFd(const char *key_file, const char *cert_fi
|
||||
DBUG_RETURN(0);
|
||||
|
||||
if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
SSLv23_client_method() :
|
||||
SSLv23_server_method()
|
||||
#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
Loading…
Reference in New Issue
Block a user