diff -rup mariadb-10.5.9-orig/mysql-test/main/tls_version1.opt mariadb-10.5.9/mysql-test/main/tls_version1.opt --- mariadb-10.5.9-orig/mysql-test/main/tls_version1.opt 2021-05-19 18:52:49.627469097 +0200 +++ mariadb-10.5.9/mysql-test/main/tls_version1.opt 2021-05-21 22:34:44.131913619 +0200 @@ -1 +1 @@ ---tls_version=TLSv1.0 +--tls_version=TLSv1.2 diff -rup mariadb-10.5.9-orig/mysql-test/main/tls_version1.result mariadb-10.5.9/mysql-test/main/tls_version1.result --- mariadb-10.5.9-orig/mysql-test/main/tls_version1.result 2021-05-19 18:52:49.592468722 +0200 +++ mariadb-10.5.9/mysql-test/main/tls_version1.result 2021-05-21 22:34:44.131913619 +0200 @@ -1,6 +1,6 @@ Variable_name Value -Ssl_version TLSv1 +Ssl_version TLSv1.2 Variable_name Value -Ssl_version TLSv1 +Ssl_version TLSv1.2 @@tls_version -TLSv1.0 +TLSv1.2 diff -rup mariadb-10.5.9-orig/mysql-test/main/tls_version1.test mariadb-10.5.9/mysql-test/main/tls_version1.test --- mariadb-10.5.9-orig/mysql-test/main/tls_version1.test 2021-05-19 18:52:49.577468561 +0200 +++ mariadb-10.5.9/mysql-test/main/tls_version1.test 2021-05-21 22:34:44.131913619 +0200 @@ -3,10 +3,10 @@ -- source include/have_ssl_communication.inc --exec $MYSQL --host=localhost --ssl -e "show status like 'ssl_version';" ---error 1 --exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.2 -e "show status like 'ssl_version';" --error 1 --exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.1 -e "show status like 'ssl_version';" +--error 1 --exec $MYSQL --host=localhost --ssl --tls_version=TLSv1.0 -e "show status like 'ssl_version';" --exec $MYSQL --host=localhost --ssl -e "select @@tls_version;" diff -rup mariadb-10.5.9-orig/mysys_ssl/my_crypt.cc mariadb-10.5.9/mysys_ssl/my_crypt.cc --- mariadb-10.5.9-orig/mysys_ssl/my_crypt.cc 2021-05-19 18:52:49.167464162 +0200 +++ mariadb-10.5.9/mysys_ssl/my_crypt.cc 2021-05-21 22:34:44.132913630 +0200 @@ -38,22 +38,14 @@ class MyCTX { public: - char ctx_buf[EVP_CIPHER_CTX_SIZE + CTX_ALIGN]; - EVP_CIPHER_CTX* ctx; + EVP_CIPHER_CTX* ctx= NULL; MyCTX() { -#if CTX_ALIGN > 0 - uintptr_t p= ((uintptr_t)ctx_buf + (CTX_ALIGN - 1)) & ~(CTX_ALIGN - 1); - ctx = reinterpret_cast(p); -#else - ctx = (EVP_CIPHER_CTX*)ctx_buf; -#endif - - EVP_CIPHER_CTX_init(ctx); + ctx = EVP_CIPHER_CTX_new(); } virtual ~MyCTX() { - EVP_CIPHER_CTX_reset(ctx); + EVP_CIPHER_CTX_free(ctx); ERR_remove_state(0); } diff -rup mariadb-10.5.9-orig/mysys_ssl/my_md5.cc mariadb-10.5.9/mysys_ssl/my_md5.cc --- mariadb-10.5.9-orig/mysys_ssl/my_md5.cc 2021-05-19 18:52:49.167464162 +0200 +++ mariadb-10.5.9/mysys_ssl/my_md5.cc 2021-05-24 15:25:11.365769072 +0200 @@ -52,12 +52,13 @@ static void md5_result(EVP_MD_CTX *conte static void md5_init(EVP_MD_CTX *context) { - EVP_MD_CTX_init(context); + const EVP_MD *md; #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW /* Ok to ignore FIPS: MD5 is not used for crypto here */ EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); #endif - EVP_DigestInit_ex(context, EVP_md5(), NULL); + md = EVP_get_digestbyname("MD5"); + EVP_DigestInit_ex(context, md, NULL); } static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len) @@ -68,7 +69,6 @@ static void md5_input(EVP_MD_CTX *contex static void md5_result(EVP_MD_CTX *context, uchar digest[MD5_HASH_SIZE]) { EVP_DigestFinal_ex(context, digest, NULL); - EVP_MD_CTX_reset(context); } #endif /* HAVE_WOLFSSL */ @@ -84,11 +84,13 @@ static void md5_result(EVP_MD_CTX *conte */ void my_md5(uchar *digest, const char *buf, size_t len) { - char ctx_buf[EVP_MD_CTX_SIZE]; - EVP_MD_CTX * const ctx= (EVP_MD_CTX*)ctx_buf; + EVP_MD_CTX * const ctx= EVP_MD_CTX_new(); + md5_init(ctx); md5_input(ctx, (const uchar *)buf, (uint) len); md5_result(ctx, digest); + + EVP_MD_CTX_free(ctx); } @@ -108,8 +110,7 @@ void my_md5_multi(uchar *digest, ...) { va_list args; const uchar *str; - char ctx_buf[EVP_MD_CTX_SIZE]; - EVP_MD_CTX * const ctx= (EVP_MD_CTX*)ctx_buf; + EVP_MD_CTX * const ctx= EVP_MD_CTX_new(); va_start(args, digest); md5_init(ctx); @@ -118,6 +119,7 @@ void my_md5_multi(uchar *digest, ...) md5_result(ctx, digest); va_end(args); + EVP_MD_CTX_free(ctx); } size_t my_md5_context_size() Only in mariadb-10.5.9-orig/mysys_ssl: my_md5.cc.patchmd5 diff -rup mariadb-10.5.9-orig/mysys_ssl/my_sha.ic mariadb-10.5.9/mysys_ssl/my_sha.ic --- mariadb-10.5.9-orig/mysys_ssl/my_sha.ic 2021-05-19 18:52:49.167464162 +0200 +++ mariadb-10.5.9/mysys_ssl/my_sha.ic 2021-05-21 22:34:44.132913630 +0200 @@ -146,11 +146,11 @@ static void sha_result(CONTEXT *context, */ void my_sha(uchar *digest, const char *buf, size_t len) { - CONTEXT context; + CONTEXT *context= (CONTEXT *)alloca(sizeof(CONTEXT)); - sha_init_fast(&context); - sha_input(&context, (const uchar *)buf, (unsigned int)len); - sha_result(&context, digest); + sha_init_fast(context); + sha_input(context, (const uchar *)buf, (unsigned int)len); + sha_result(context, digest); } @@ -171,14 +171,14 @@ void my_sha_multi(uchar *digest, ...) va_list args; va_start(args, digest); - CONTEXT context; + CONTEXT *context= (CONTEXT *)alloca(sizeof(CONTEXT)); const uchar *str; - sha_init_fast(&context); + sha_init_fast(context); for (str= va_arg(args, const uchar*); str; str= va_arg(args, const uchar*)) - sha_input(&context, str, (uint) va_arg(args, size_t)); + sha_input(context, str, (uint) va_arg(args, size_t)); - sha_result(&context, digest); + sha_result(context, digest); va_end(args); }