Attachment #460752 for bug #606600




                   const unsigned char *key, uint32 key_length,
                   enum my_aes_opmode mode, const unsigned char *iv)
{
  EVP_CIPHER_CTX *ctx;
  const EVP_CIPHER *cipher= aes_evp_type(mode);
  int u_len, f_len;
  /* The real key to be used for encryption */

  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
    return MY_AES_BAD_DATA;

  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
    goto aes_error;                             /* Error */
  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
    goto aes_error;                             /* Error */
  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
    goto aes_error;                             /* Error */

  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
    goto aes_error;                             /* Error */

#if OPENSSL_VERSION_NUMBER < 0x10100000L
  EVP_CIPHER_CTX_cleanup(ctx);
#else
  EVP_CIPHER_CTX_free(ctx);
#endif
  return u_len + f_len;

aes_error:
  /* need to explicitly clean up the error if we want to ignore it */
  ERR_clear_error();
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  EVP_CIPHER_CTX_cleanup(ctx);
#else
  EVP_CIPHER_CTX_free(ctx);
#endif
  return MY_AES_BAD_DATA;
}


                   enum my_aes_opmode mode, const unsigned char *iv)
{

  EVP_CIPHER_CTX *ctx;
  const EVP_CIPHER *cipher= aes_evp_type(mode);
  int u_len, f_len;


  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
    return MY_AES_BAD_DATA;

#if OPENSSL_VERSION_NUMBER < 0x10100000L
  EVP_CIPHER_CTX_init(ctx);
#endif

  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
    goto aes_error;                             /* Error */
  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
    goto aes_error;                             /* Error */
  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
    goto aes_error;                             /* Error */
  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
    goto aes_error;                             /* Error */

#if OPENSSL_VERSION_NUMBER < 0x10100000L
  EVP_CIPHER_CTX_cleanup(ctx);
#else
  EVP_CIPHER_CTX_free(ctx);
#endif
  return u_len + f_len;

aes_error:
  /* need to explicitly clean up the error if we want to ignore it */
  ERR_clear_error();
#if OPENSSL_VERSION_NUMBER < 0x10100000L
  EVP_CIPHER_CTX_cleanup(ctx);
#else
  EVP_CIPHER_CTX_free(ctx);
#endif
  return MY_AES_BAD_DATA;
}


Lines 24-29 Link Here

(-)a/vio/vio.c (-1 / +7 lines)
24		24
25	#ifdef HAVE_OPENSSL	25	#ifdef HAVE_OPENSSL
26	PSI_memory_key key_memory_vio_ssl_fd;	26	PSI_memory_key key_memory_vio_ssl_fd;
		27
		28	#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
		29	#undef OPENSSL_VERSION_NUMBER
		30	#define OPENSSL_VERSION_NUMBER 0x1000107fL
		31	#endif
		32
27	#endif	33	#endif
28		34
29	PSI_memory_key key_memory_vio;	35	PSI_memory_key key_memory_vio;
Lines 411-417 void vio_end(void) Link Here
411	{	417	{
412	#if defined(HAVE_YASSL)	418	#if defined(HAVE_YASSL)
413	yaSSL_CleanUp();	419	yaSSL_CleanUp();
414	#elif defined(HAVE_OPENSSL)	420	#elif defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
415	// This one is needed on the client side	421	// This one is needed on the client side
416	ERR_remove_state(0);	422	ERR_remove_state(0);
417	ERR_free_strings();	423	ERR_free_strings();

Lines 16-24 Link Here

(-)a/vio/viosslfactories.c (-1 / +25 lines)
16	#include "vio_priv.h"	16	#include "vio_priv.h"
17		17
18	#ifdef HAVE_OPENSSL	18	#ifdef HAVE_OPENSSL
		19	#include <openssl/bn.h>
		20	#include <openssl/dh.h>
19		21
		22	#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
		23	#undef OPENSSL_VERSION_NUMBER
		24	#define OPENSSL_VERSION_NUMBER 0x1000107fL
		25	#endif
		26
		27	#if OPENSSL_VERSION_NUMBER < 0x10100000L
20	static my_bool ssl_algorithms_added = FALSE;	28	static my_bool ssl_algorithms_added = FALSE;
21	static my_bool ssl_error_strings_loaded= FALSE;	29	static my_bool ssl_error_strings_loaded= FALSE;
		30	#endif
22		31
23	/*	32	/*
24	Diffie-Hellman key.	33	Diffie-Hellman key.
Lines 68-77 static DH *get_dh2048(void) Link Here
68	DH *dh;	77	DH *dh;
69	if ((dh=DH_new()))	78	if ((dh=DH_new()))
70	{	79	{
		80	#if OPENSSL_VERSION_NUMBER < 0x10100000L
71	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);	81	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
72	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);	82	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
73	if (! dh->p \|\| ! dh->g)	83	if (! dh->p \|\| ! dh->g)
74	{	84	{
		85	#else
		86	if (! DH_set0_pqg(dh,
		87	BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
		88	BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL),
		89	NULL))
		90	{
		91	#endif
75	DH_free(dh);	92	DH_free(dh);
76	dh=0;	93	dh=0;
77	}	94	}
Lines 177-182 vio_set_cert_stuff(SSL_CTX ctx, const char cert_file, const char *key_file, Link Here
177		194
178	void ssl_start()	195	void ssl_start()
179	{	196	{
		197	#if OPENSSL_VERSION_NUMBER < 0x10100000L
180	if (!ssl_algorithms_added)	198	if (!ssl_algorithms_added)
181	{	199	{
182	ssl_algorithms_added= TRUE;	200	ssl_algorithms_added= TRUE;
Lines 190-195 void ssl_start() Link Here
190	ssl_error_strings_loaded= TRUE;	208	ssl_error_strings_loaded= TRUE;
191	SSL_load_error_strings();	209	SSL_load_error_strings();
192	}	210	}
		211	#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
193	}	212	}
194		213
195	/********************** VioSSLFd ********************************/	214	/********************** VioSSLFd ********************************/
Lines 221-229 new_VioSSLFd(const char key_file, const char cert_file, Link Here
221	sizeof(struct st_VioSSLFd),MYF(0)))))	240	sizeof(struct st_VioSSLFd),MYF(0)))))
222	DBUG_RETURN(0);	241	DBUG_RETURN(0);
223		242
		243	#if OPENSSL_VERSION_NUMBER < 0x10100000L
224	if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?	244	if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
225	TLSv1_client_method() :	245	TLSv1_client_method() :
226	TLSv1_server_method())))	246	TLSv1_server_method())))
		247	#else
		248	if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
		249	TLS_client_method() :
		250	TLS_server_method())))
		251	#endif
227	{	252	{
228	*error= SSL_INITERR_MEMFAIL;	253	*error= SSL_INITERR_MEMFAIL;
229	DBUG_PRINT("error", ("%s", sslGetErrString(*error)));	254	DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
230	-

Return to bug 606600

Lines 108-114 int my_aes_encrypt(const unsigned char *source, uint32 source_length, Link Here

(-)a/mysys_ssl/my_aes_openssl.cc (-15 / +33 lines)
108	const unsigned char *key, uint32 key_length,	108	const unsigned char *key, uint32 key_length,
109	enum my_aes_opmode mode, const unsigned char *iv)	109	enum my_aes_opmode mode, const unsigned char *iv)
110	{	110	{
111	EVP_CIPHER_CTX ctx;	111	EVP_CIPHER_CTX *ctx;
112	const EVP_CIPHER *cipher= aes_evp_type(mode);	112	const EVP_CIPHER *cipher= aes_evp_type(mode);
113	int u_len, f_len;	113	int u_len, f_len;
114	/* The real key to be used for encryption */	114	/* The real key to be used for encryption */
Lines 118-140 int my_aes_encrypt(const unsigned char *source, uint32 source_length, Link Here
118	if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))	118	if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
119	return MY_AES_BAD_DATA;	119	return MY_AES_BAD_DATA;
120		120
121	if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))	121	if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
122	goto aes_error; /* Error */	122	goto aes_error; /* Error */
123	if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))	123	if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
124	goto aes_error; /* Error */	124	goto aes_error; /* Error */
125	if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))	125	if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
126	goto aes_error; /* Error */	126	goto aes_error; /* Error */
127		127
128	if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))	128	if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
129	goto aes_error; /* Error */	129	goto aes_error; /* Error */
130		130
131	EVP_CIPHER_CTX_cleanup(&ctx);	131	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		132	EVP_CIPHER_CTX_cleanup(ctx);
		133	#else
		134	EVP_CIPHER_CTX_free(ctx);
		135	#endif
132	return u_len + f_len;	136	return u_len + f_len;
133		137
134	aes_error:	138	aes_error:
135	/* need to explicitly clean up the error if we want to ignore it */	139	/* need to explicitly clean up the error if we want to ignore it */
136	ERR_clear_error();	140	ERR_clear_error();
137	EVP_CIPHER_CTX_cleanup(&ctx);	141	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		142	EVP_CIPHER_CTX_cleanup(ctx);
		143	#else
		144	EVP_CIPHER_CTX_free(ctx);
		145	#endif
138	return MY_AES_BAD_DATA;	146	return MY_AES_BAD_DATA;
139	}	147	}
140		148
Lines 145-151 int my_aes_decrypt(const unsigned char *source, uint32 source_length, Link Here
145	enum my_aes_opmode mode, const unsigned char *iv)	153	enum my_aes_opmode mode, const unsigned char *iv)
146	{	154	{
147		155
148	EVP_CIPHER_CTX ctx;	156	EVP_CIPHER_CTX *ctx;
149	const EVP_CIPHER *cipher= aes_evp_type(mode);	157	const EVP_CIPHER *cipher= aes_evp_type(mode);
150	int u_len, f_len;	158	int u_len, f_len;
151		159
Lines 156-179 int my_aes_decrypt(const unsigned char *source, uint32 source_length, Link Here
156	if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))	164	if (!cipher \|\| (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
157	return MY_AES_BAD_DATA;	165	return MY_AES_BAD_DATA;
158		166
159	EVP_CIPHER_CTX_init(&ctx);	167	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		168	EVP_CIPHER_CTX_init(ctx);
		169	#endif
160		170
161	if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))	171	if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
162	goto aes_error; /* Error */	172	goto aes_error; /* Error */
163	if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))	173	if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
164	goto aes_error; /* Error */	174	goto aes_error; /* Error */
165	if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))	175	if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
166	goto aes_error; /* Error */	176	goto aes_error; /* Error */
167	if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))	177	if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
168	goto aes_error; /* Error */	178	goto aes_error; /* Error */
169		179
170	EVP_CIPHER_CTX_cleanup(&ctx);	180	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		181	EVP_CIPHER_CTX_cleanup(ctx);
		182	#else
		183	EVP_CIPHER_CTX_free(ctx);
		184	#endif
171	return u_len + f_len;	185	return u_len + f_len;
172		186
173	aes_error:	187	aes_error:
174	/* need to explicitly clean up the error if we want to ignore it */	188	/* need to explicitly clean up the error if we want to ignore it */
175	ERR_clear_error();	189	ERR_clear_error();
176	EVP_CIPHER_CTX_cleanup(&ctx);	190	#if OPENSSL_VERSION_NUMBER < 0x10100000L
		191	EVP_CIPHER_CTX_cleanup(ctx);
		192	#else
		193	EVP_CIPHER_CTX_free(ctx);
		194	#endif
177	return MY_AES_BAD_DATA;	195	return MY_AES_BAD_DATA;
178	}	196	}
179		197