pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: openssl strikes yet again! This time it's chat/hexchat
On 16/02/18 01:15, Martin Husemann wrote:
> It also kills databases/mysql57-client:
>
> /usr/pkgobj/databases/mysql57-client/work/mysql-5.7.21/vio/viosslfactories.c: In
> function 'get_dh2048':
> /usr/pkgobj/databases/mysql57-client/work/mysql-5.7.21/vio/viosslfactories.c:124:7: error: dereferencing pointer to incomplete type 'DH {aka struct dh_st}'
> dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
> ^
Attached are patches that make mysql5.7 work with openssl 1.1 (at least
on archlinux) but the patches need to be conditionalised to still work
with older openssl's and I haven't had a chance to do that yet.
cheers
mark
$NetBSD$
support openssl 1.1
--- mysys_ssl/my_aes_openssl.cc.orig 2017-12-28 03:46:26.000000000 +0000
+++ mysys_ssl/my_aes_openssl.cc
@@ -122,7 +122,7 @@ int my_aes_encrypt(const unsigned char *
enum my_aes_opmode mode, const unsigned char *iv,
bool padding)
{
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *cipher= aes_evp_type(mode);
int u_len, f_len;
/* The real key to be used for encryption */
@@ -132,23 +132,23 @@ int my_aes_encrypt(const unsigned char *
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
return MY_AES_BAD_DATA;
- if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
+ if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
goto aes_error; /* Error */
- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
goto aes_error; /* Error */
- if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
+ if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
goto aes_error; /* Error */
- if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
+ if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
goto aes_error; /* Error */
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return u_len + f_len;
aes_error:
/* need to explicitly clean up the error if we want to ignore it */
ERR_clear_error();
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return MY_AES_BAD_DATA;
}
@@ -159,7 +159,7 @@ int my_aes_decrypt(const unsigned char *
bool padding)
{
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
const EVP_CIPHER *cipher= aes_evp_type(mode);
int u_len, f_len;
@@ -170,24 +170,22 @@ int my_aes_decrypt(const unsigned char *
if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
return MY_AES_BAD_DATA;
- EVP_CIPHER_CTX_init(&ctx);
-
- if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
+ if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
goto aes_error; /* Error */
- if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
+ if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
goto aes_error; /* Error */
- if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
+ if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
goto aes_error; /* Error */
- if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
+ if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
goto aes_error; /* Error */
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return u_len + f_len;
aes_error:
/* need to explicitly clean up the error if we want to ignore it */
ERR_clear_error();
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return MY_AES_BAD_DATA;
}
$NetBSD$
support openssl 1.1
--- rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c.orig 2017-12-28 03:46:26.000000000 +0000
+++ rapid/plugin/group_replication/libmysqlgcs/src/bindings/xcom/xcom/xcom_ssl_transport.c
@@ -104,7 +104,7 @@ static const char* tls_cipher_blocked= "
mjxx/bg6bOOjpgZapvB6ABWlWmRmAAWFtwIBBQ==
-----END DH PARAMETERS-----
*/
-static unsigned char dh2048_p[]=
+static unsigned char dhp_2048[]=
{
0x8A, 0x5D, 0xFA, 0xC0, 0x66, 0x76, 0x4E, 0x61, 0xFA, 0xCA, 0xC0, 0x37,
0x57, 0x5C, 0x6D, 0x3F, 0x83, 0x0A, 0xA1, 0xF5, 0xF1, 0xE6, 0x7F, 0x3C,
@@ -131,20 +131,24 @@ static unsigned char dh2048_p[]=
};
-static unsigned char dh2048_g[]={
+static unsigned char dhg_2048[]={
0x05,
};
static DH *get_dh2048(void)
{
- DH *dh;
- if ((dh=DH_new()))
+ DH *dh = DH_new();
+ BIGNUM *dhp_bn, *dhg_bn;
+ if (dh != NULL)
{
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if (! dh->p || ! dh->g)
+ dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
+ dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
+ if (dhp_bn == NULL || dhg_bn == NULL
+ || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
{
DH_free(dh);
+ BN_free(dhp_bn);
+ BN_free(dhg_bn);
dh=0;
}
}
$NetBSD$
support openssl 1.1
--- sql/mysqld.cc.orig 2017-12-28 03:46:26.000000000 +0000
+++ sql/mysqld.cc
@@ -3398,7 +3398,7 @@ static int init_ssl()
{
#ifdef HAVE_OPENSSL
#ifndef HAVE_YASSL
- CRYPTO_malloc_init();
+ OPENSSL_malloc_init();
#endif
ssl_start();
#ifndef EMBEDDED_LIBRARY
$NetBSD$
support openssl 1.1
--- vio/viosslfactories.c.orig 2017-12-28 03:46:26.000000000 +0000
+++ vio/viosslfactories.c
@@ -86,7 +86,7 @@ static my_bool ssl_initialized
mjxx/bg6bOOjpgZapvB6ABWlWmRmAAWFtwIBBQ==
-----END DH PARAMETERS-----
*/
-static unsigned char dh2048_p[]=
+static unsigned char dhp_2048[]=
{
0x8A, 0x5D, 0xFA, 0xC0, 0x66, 0x76, 0x4E, 0x61, 0xFA, 0xCA, 0xC0, 0x37,
0x57, 0x5C, 0x6D, 0x3F, 0x83, 0x0A, 0xA1, 0xF5, 0xF1, 0xE6, 0x7F, 0x3C,
@@ -112,20 +112,25 @@ static unsigned char dh2048_p[]=
0x00, 0x05, 0x85, 0xB7,
};
-static unsigned char dh2048_g[]={
+static unsigned char dhg_2048[]={
0x05,
};
static DH *get_dh2048(void)
{
- DH *dh;
- if ((dh=DH_new()))
+ DH *dh = DH_new();
+ BIGNUM *dhp_bn, *dhg_bn;
+
+ if (dh != NULL)
{
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if (! dh->p || ! dh->g)
+ dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
+ dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
+ if (dhp_bn == NULL || dhg_bn == NULL
+ || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
{
DH_free(dh);
+ BN_free(dhp_bn);
+ BN_free(dhg_bn);
dh=0;
}
}
Home |
Main Index |
Thread Index |
Old Index