yuzu/externals/vcpkg/ports/libmysql/openssl.patch

diff --git a/mysys/my_md5.cc b/mysys/my_md5.cc
index dea997b252c..81484f0652b 100644
--- a/mysys/my_md5.cc
+++ b/mysys/my_md5.cc
@@ -35,6 +35,10 @@
 #include <openssl/crypto.h>
 #include <openssl/md5.h>
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
+
 static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
                         int len) {
   MD5_CTX ctx;
@@ -56,7 +60,11 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
 int compute_md5_hash(char *digest, const char *buf, int len) {
   int retval = 0;
   int fips_mode = 0;
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
   fips_mode = FIPS_mode();
+  #else
+  fips_mode = EVP_default_properties_is_fips_enabled(NULL);
+  #endif
   /* If fips mode is ON/STRICT restricted method calls will result into abort,
    * skipping call. */
   if (fips_mode == 0) {
diff --git a/plugin/x/client/xconnection_impl.cc b/plugin/x/client/xconnection_impl.cc
index 13bc6794ea5..8752bcea9bf 100644
--- a/plugin/x/client/xconnection_impl.cc
+++ b/plugin/x/client/xconnection_impl.cc
@@ -51,6 +51,10 @@
 #include "plugin/x/src/config/config.h"
 #include "sql-common/net_ns.h"
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
+
 #ifndef WIN32
 #include <netdb.h>
 #include <sys/socket.h>
@@ -524,12 +528,20 @@ int set_fips_mode(const uint32_t fips_mode,
   if (fips_mode > 2) {
     goto EXIT;
   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
   fips_mode_old = FIPS_mode();
+  #else
+  fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);
+  #endif
   if (fips_mode_old == fips_mode) {
     rc = 1;
     goto EXIT;
   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
   if (!(rc = FIPS_mode_set(fips_mode))) {
+  #else
+  if (!(rc = EVP_default_properties_enable_fips(fips_mode))) {
+  #endif
     err_library = ERR_get_error();
     ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);
     err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';
diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
index 6c04029ccb0..164b727e3dc 100644
--- a/vio/viosslfactories.cc
+++ b/vio/viosslfactories.cc
@@ -40,6 +40,10 @@
 
 #include <openssl/dh.h>
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
+
 #if OPENSSL_VERSION_NUMBER < 0x10002000L
 #include <openssl/ec.h>
 #endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
@@ -498,12 +502,20 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {
   if (fips_mode > 2) {
     goto EXIT;
   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
   fips_mode_old = FIPS_mode();
+  #else
+  fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);
+  #endif
   if (fips_mode_old == fips_mode) {
     rc = 1;
     goto EXIT;
   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
   if (!(rc = FIPS_mode_set(fips_mode))) {
+  #else
+  if (!(rc = EVP_default_properties_enable_fips(NULL, fips_mode))) {
+  #endif
     /*
       If OS doesn't have FIPS enabled openssl library and user sets FIPS mode
       ON, It fails with proper error. But in the same time it doesn't allow to
@@ -511,7 +523,11 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {
       error, setting old working FIPS mode value in the OpenSSL library. It will
       allow successful cryptographic operation and will not abort the server.
     */
+    #if OPENSSL_VERSION_NUMBER < 0x30000000L
     FIPS_mode_set(fips_mode_old);
+    #else
+    EVP_default_properties_enable_fips(NULL, fips_mode_old);
+    #endif
     err_library = ERR_get_error();
     ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);
     err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';
@@ -525,7 +541,13 @@ EXIT:
 
   @returns openssl current fips mode
 */
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 uint get_fips_mode() { return FIPS_mode(); }
+#else
+uint get_fips_mode() {
+  return EVP_default_properties_is_fips_enabled(NULL);
+}
+#endif
 
 long process_tls_version(const char *tls_version) {
   const char *separator = ",";
early-access version 2853 2022-07-23 03:01:36 +02:00			`diff --git a/mysys/my_md5.cc b/mysys/my_md5.cc`
			`index dea997b252c..81484f0652b 100644`
			`--- a/mysys/my_md5.cc`
			`+++ b/mysys/my_md5.cc`
			`@@ -35,6 +35,10 @@`
			`#include <openssl/crypto.h>`
			`#include <openssl/md5.h>`

			`+#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
			`+#include <openssl/evp.h>`
			`+#endif`
			`+`
			`static void my_md5_hash(unsigned char digest, unsigned const char buf,`
			`int len) {`
			`MD5_CTX ctx;`
			`@@ -56,7 +60,11 @@ static void my_md5_hash(unsigned char digest, unsigned const char buf,`
			`int compute_md5_hash(char digest, const char buf, int len) {`
			`int retval = 0;`
			`int fips_mode = 0;`
			`+ #if OPENSSL_VERSION_NUMBER < 0x30000000L`
			`fips_mode = FIPS_mode();`
			`+ #else`
			`+ fips_mode = EVP_default_properties_is_fips_enabled(NULL);`
			`+ #endif`
			`/* If fips mode is ON/STRICT restricted method calls will result into abort,`
			`* skipping call. */`
			`if (fips_mode == 0) {`
			`diff --git a/plugin/x/client/xconnection_impl.cc b/plugin/x/client/xconnection_impl.cc`
			`index 13bc6794ea5..8752bcea9bf 100644`
			`--- a/plugin/x/client/xconnection_impl.cc`
			`+++ b/plugin/x/client/xconnection_impl.cc`
			`@@ -51,6 +51,10 @@`
			`#include "plugin/x/src/config/config.h"`
			`#include "sql-common/net_ns.h"`

			`+#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
			`+#include <openssl/evp.h>`
			`+#endif`
			`+`
			`#ifndef WIN32`
			`#include <netdb.h>`
			`#include <sys/socket.h>`
			`@@ -524,12 +528,20 @@ int set_fips_mode(const uint32_t fips_mode,`
			`if (fips_mode > 2) {`
			`goto EXIT;`
			`}`
			`+ #if OPENSSL_VERSION_NUMBER < 0x30000000L`
			`fips_mode_old = FIPS_mode();`
			`+ #else`
			`+ fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);`
			`+ #endif`
			`if (fips_mode_old == fips_mode) {`
			`rc = 1;`
			`goto EXIT;`
			`}`
			`+ #if OPENSSL_VERSION_NUMBER < 0x30000000L`
			`if (!(rc = FIPS_mode_set(fips_mode))) {`
			`+ #else`
			`+ if (!(rc = EVP_default_properties_enable_fips(fips_mode))) {`
			`+ #endif`
			`err_library = ERR_get_error();`
			`ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);`
			`err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';`
			`diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc`
			`index 6c04029ccb0..164b727e3dc 100644`
			`--- a/vio/viosslfactories.cc`
			`+++ b/vio/viosslfactories.cc`
			`@@ -40,6 +40,10 @@`

			`#include <openssl/dh.h>`

			`+#if OPENSSL_VERSION_NUMBER >= 0x30000000L`
			`+#include <openssl/evp.h>`
			`+#endif`
			`+`
			`#if OPENSSL_VERSION_NUMBER < 0x10002000L`
			`#include <openssl/ec.h>`
			`#endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */`
			`@@ -498,12 +502,20 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {`
			`if (fips_mode > 2) {`
			`goto EXIT;`
			`}`
			`+ #if OPENSSL_VERSION_NUMBER < 0x30000000L`
			`fips_mode_old = FIPS_mode();`
			`+ #else`
			`+ fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);`
			`+ #endif`
			`if (fips_mode_old == fips_mode) {`
			`rc = 1;`
			`goto EXIT;`
			`}`
			`+ #if OPENSSL_VERSION_NUMBER < 0x30000000L`
			`if (!(rc = FIPS_mode_set(fips_mode))) {`
			`+ #else`
			`+ if (!(rc = EVP_default_properties_enable_fips(NULL, fips_mode))) {`
			`+ #endif`
			`/*`
			`If OS doesn't have FIPS enabled openssl library and user sets FIPS mode`
			`ON, It fails with proper error. But in the same time it doesn't allow to`
			`@@ -511,7 +523,11 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {`
			`error, setting old working FIPS mode value in the OpenSSL library. It will`
			`allow successful cryptographic operation and will not abort the server.`
			`*/`
			`+ #if OPENSSL_VERSION_NUMBER < 0x30000000L`
			`FIPS_mode_set(fips_mode_old);`
			`+ #else`
			`+ EVP_default_properties_enable_fips(NULL, fips_mode_old);`
			`+ #endif`
			`err_library = ERR_get_error();`
			`ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);`
			`err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';`
			`@@ -525,7 +541,13 @@ EXIT:`

			`@returns openssl current fips mode`
			`*/`
			`+#if OPENSSL_VERSION_NUMBER < 0x30000000L`
			`uint get_fips_mode() { return FIPS_mode(); }`
			`+#else`
			`+uint get_fips_mode() {`
			`+ return EVP_default_properties_is_fips_enabled(NULL);`
			`+}`
			`+#endif`

			`long process_tls_version(const char *tls_version) {`
			`const char *separator = ",";`