Fix OpenSSL 3.x compatibility

Resolves: #1962047
This commit is contained in:
Honza Horak 2021-05-21 21:56:12 +02:00
parent 6d39bc1dbb
commit 0a14bc58a2
2 changed files with 171 additions and 1 deletions

163
mariadb-openssl3.patch Normal file
View File

@ -0,0 +1,163 @@
diff -rup mariadb-10.5.9-orig/mysql-test/main/tls_version1.opt mariadb-10.5.9/mysql-test/main/tls_version1.opt
--- mariadb-10.5.9-orig/mysql-test/main/tls_version1.opt 2021-05-19 18:52:49.627469097 +0200
+++ mariadb-10.5.9/mysql-test/main/tls_version1.opt 2021-05-21 22:34:44.131913619 +0200
@@ -1 +1 @@
---tls_version=TLSv1.0
+--tls_version=TLSv1.2
diff -rup mariadb-10.5.9-orig/mysql-test/main/tls_version1.result mariadb-10.5.9/mysql-test/main/tls_version1.result
--- mariadb-10.5.9-orig/mysql-test/main/tls_version1.result 2021-05-19 18:52:49.592468722 +0200
+++ mariadb-10.5.9/mysql-test/main/tls_version1.result 2021-05-21 22:34:44.131913619 +0200
@@ -1,6 +1,6 @@
Variable_name Value
-Ssl_version TLSv1
+Ssl_version TLSv1.2
Variable_name Value
-Ssl_version TLSv1
+Ssl_version TLSv1.2
@@tls_version
-TLSv1.0
+TLSv1.2
diff -rup mariadb-10.5.9-orig/mysql-test/main/tls_version1.test mariadb-10.5.9/mysql-test/main/tls_version1.test
--- mariadb-10.5.9-orig/mysql-test/main/tls_version1.test 2021-05-19 18:52:49.577468561 +0200
+++ mariadb-10.5.9/mysql-test/main/tls_version1.test 2021-05-21 22:34:44.131913619 +0200
@@ -3,10 +3,10 @@
-- source include/have_ssl_communication.inc
--exec $MYSQL --host=localhost --ssl -e "show status like 'ssl_version';"
---error 1
--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2 -e "show status like 'ssl_version';"
--error 1
--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1 -e "show status like 'ssl_version';"
+--error 1
--exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.0 -e "show status like 'ssl_version';"
--exec $MYSQL --host=localhost --ssl -e "select @@tls_version;"
diff -rup mariadb-10.5.9-orig/mysys_ssl/my_crypt.cc mariadb-10.5.9/mysys_ssl/my_crypt.cc
--- mariadb-10.5.9-orig/mysys_ssl/my_crypt.cc 2021-05-19 18:52:49.167464162 +0200
+++ mariadb-10.5.9/mysys_ssl/my_crypt.cc 2021-05-21 22:34:44.132913630 +0200
@@ -38,22 +38,14 @@
class MyCTX
{
public:
- char ctx_buf[EVP_CIPHER_CTX_SIZE + CTX_ALIGN];
- EVP_CIPHER_CTX* ctx;
+ EVP_CIPHER_CTX* ctx= NULL;
MyCTX()
{
-#if CTX_ALIGN > 0
- uintptr_t p= ((uintptr_t)ctx_buf + (CTX_ALIGN - 1)) & ~(CTX_ALIGN - 1);
- ctx = reinterpret_cast<EVP_CIPHER_CTX*>(p);
-#else
- ctx = (EVP_CIPHER_CTX*)ctx_buf;
-#endif
-
- EVP_CIPHER_CTX_init(ctx);
+ ctx = EVP_CIPHER_CTX_new();
}
virtual ~MyCTX()
{
- EVP_CIPHER_CTX_reset(ctx);
+ EVP_CIPHER_CTX_free(ctx);
ERR_remove_state(0);
}
diff -rup mariadb-10.5.9-orig/mysys_ssl/my_md5.cc mariadb-10.5.9/mysys_ssl/my_md5.cc
--- mariadb-10.5.9-orig/mysys_ssl/my_md5.cc 2021-05-19 18:52:49.167464162 +0200
+++ mariadb-10.5.9/mysys_ssl/my_md5.cc 2021-05-24 15:25:11.365769072 +0200
@@ -52,12 +52,13 @@ static void md5_result(EVP_MD_CTX *conte
static void md5_init(EVP_MD_CTX *context)
{
- EVP_MD_CTX_init(context);
+ const EVP_MD *md;
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* Ok to ignore FIPS: MD5 is not used for crypto here */
EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
- EVP_DigestInit_ex(context, EVP_md5(), NULL);
+ md = EVP_get_digestbyname("MD5");
+ EVP_DigestInit_ex(context, md, NULL);
}
static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len)
@@ -68,7 +69,6 @@ static void md5_input(EVP_MD_CTX *contex
static void md5_result(EVP_MD_CTX *context, uchar digest[MD5_HASH_SIZE])
{
EVP_DigestFinal_ex(context, digest, NULL);
- EVP_MD_CTX_reset(context);
}
#endif /* HAVE_WOLFSSL */
@@ -84,11 +84,13 @@ static void md5_result(EVP_MD_CTX *conte
*/
void my_md5(uchar *digest, const char *buf, size_t len)
{
- char ctx_buf[EVP_MD_CTX_SIZE];
- EVP_MD_CTX * const ctx= (EVP_MD_CTX*)ctx_buf;
+ EVP_MD_CTX * const ctx= EVP_MD_CTX_new();
+
md5_init(ctx);
md5_input(ctx, (const uchar *)buf, (uint) len);
md5_result(ctx, digest);
+
+ EVP_MD_CTX_free(ctx);
}
@@ -108,8 +110,7 @@ void my_md5_multi(uchar *digest, ...)
{
va_list args;
const uchar *str;
- char ctx_buf[EVP_MD_CTX_SIZE];
- EVP_MD_CTX * const ctx= (EVP_MD_CTX*)ctx_buf;
+ EVP_MD_CTX * const ctx= EVP_MD_CTX_new();
va_start(args, digest);
md5_init(ctx);
@@ -118,6 +119,7 @@ void my_md5_multi(uchar *digest, ...)
md5_result(ctx, digest);
va_end(args);
+ EVP_MD_CTX_free(ctx);
}
size_t my_md5_context_size()
Only in mariadb-10.5.9-orig/mysys_ssl: my_md5.cc.patchmd5
diff -rup mariadb-10.5.9-orig/mysys_ssl/my_sha.ic mariadb-10.5.9/mysys_ssl/my_sha.ic
--- mariadb-10.5.9-orig/mysys_ssl/my_sha.ic 2021-05-19 18:52:49.167464162 +0200
+++ mariadb-10.5.9/mysys_ssl/my_sha.ic 2021-05-21 22:34:44.132913630 +0200
@@ -146,11 +146,11 @@ static void sha_result(CONTEXT *context,
*/
void my_sha(uchar *digest, const char *buf, size_t len)
{
- CONTEXT context;
+ CONTEXT *context= (CONTEXT *)alloca(sizeof(CONTEXT));
- sha_init_fast(&context);
- sha_input(&context, (const uchar *)buf, (unsigned int)len);
- sha_result(&context, digest);
+ sha_init_fast(context);
+ sha_input(context, (const uchar *)buf, (unsigned int)len);
+ sha_result(context, digest);
}
@@ -171,14 +171,14 @@ void my_sha_multi(uchar *digest, ...)
va_list args;
va_start(args, digest);
- CONTEXT context;
+ CONTEXT *context= (CONTEXT *)alloca(sizeof(CONTEXT));
const uchar *str;
- sha_init_fast(&context);
+ sha_init_fast(context);
for (str= va_arg(args, const uchar*); str; str= va_arg(args, const uchar*))
- sha_input(&context, str, (uint) va_arg(args, size_t));
+ sha_input(context, str, (uint) va_arg(args, size_t));
- sha_result(&context, digest);
+ sha_result(context, digest);
va_end(args);
}

View File

@ -161,7 +161,7 @@
Name: mariadb Name: mariadb
Version: 10.5.9 Version: 10.5.9
Release: 8%{?with_debug:.debug}%{?dist} Release: 9%{?with_debug:.debug}%{?dist}
Epoch: 3 Epoch: 3
Summary: A very fast and robust SQL database server Summary: A very fast and robust SQL database server
@ -221,6 +221,8 @@ Patch10: %{pkgnamepatch}-ssl-cipher-tests.patch
Patch11: %{pkgnamepatch}-pcdir.patch Patch11: %{pkgnamepatch}-pcdir.patch
# Patch15: Add option to edit groonga's and groonga-normalizer-mysql install path # Patch15: Add option to edit groonga's and groonga-normalizer-mysql install path
Patch15: %{pkgnamepatch}-groonga.patch Patch15: %{pkgnamepatch}-groonga.patch
# Patch16: Fix openssl 3.0 compatibility at least partially (some tests still fail)
Patch16: %{pkgnamepatch}-openssl3.patch
BuildRequires: make BuildRequires: make
BuildRequires: cmake gcc-c++ BuildRequires: cmake gcc-c++
@ -766,6 +768,7 @@ rm -r storage/rocksdb/
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1
# generate a list of tests that fail, but are not disabled by upstream # generate a list of tests that fail, but are not disabled by upstream
cat %{SOURCE50} | tee -a mysql-test/unstable-tests cat %{SOURCE50} | tee -a mysql-test/unstable-tests
@ -1680,6 +1683,10 @@ fi
%endif %endif
%changelog %changelog
* Fri May 21 2021 Honza Horak <hhorak@redhat.com> - 3:10.5.9-9
- Fix OpenSSL 3.x compatibility
Resolves: #1962047
* Mon May 03 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.9-8 * Mon May 03 2021 Michal Schorm <mschorm@redhat.com> - 3:10.5.9-8
- Fix package Conflicts - Fix package Conflicts