early-access version 2853

2022-07-23 03:01:36 +02:00
parent 1f2b5081b5
commit 1f111bb69c
8955 changed files with 418777 additions and 999 deletions
--- a/externals/vcpkg/ports/libmysql/openssl.patch
+++ b/externals/vcpkg/ports/libmysql/openssl.patch
@@ -0,0 +1,125 @@
+diff --git a/mysys/my_md5.cc b/mysys/my_md5.cc
+index dea997b252c..81484f0652b 100644
+--- a/mysys/my_md5.cc
+++ b/mysys/my_md5.cc
+@@ -35,6 +35,10 @@
+ #include <openssl/crypto.h>
+ #include <openssl/md5.h>
+ 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
+
+ static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
+                         int len) {
+   MD5_CTX ctx;
+@@ -56,7 +60,11 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
+ int compute_md5_hash(char *digest, const char *buf, int len) {
+   int retval = 0;
+   int fips_mode = 0;
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
+   fips_mode = FIPS_mode();
+  #else
+  fips_mode = EVP_default_properties_is_fips_enabled(NULL);
+  #endif
+   /* If fips mode is ON/STRICT restricted method calls will result into abort,
+    * skipping call. */
+   if (fips_mode == 0) {
+diff --git a/plugin/x/client/xconnection_impl.cc b/plugin/x/client/xconnection_impl.cc
+index 13bc6794ea5..8752bcea9bf 100644
+--- a/plugin/x/client/xconnection_impl.cc
+++ b/plugin/x/client/xconnection_impl.cc
+@@ -51,6 +51,10 @@
+ #include "plugin/x/src/config/config.h"
+ #include "sql-common/net_ns.h"
+ 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
+
+ #ifndef WIN32
+ #include <netdb.h>
+ #include <sys/socket.h>
+@@ -524,12 +528,20 @@ int set_fips_mode(const uint32_t fips_mode,
+   if (fips_mode > 2) {
+     goto EXIT;
+   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
+   fips_mode_old = FIPS_mode();
+  #else
+  fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);
+  #endif
+   if (fips_mode_old == fips_mode) {
+     rc = 1;
+     goto EXIT;
+   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
+   if (!(rc = FIPS_mode_set(fips_mode))) {
+  #else
+  if (!(rc = EVP_default_properties_enable_fips(fips_mode))) {
+  #endif
+     err_library = ERR_get_error();
+     ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);
+     err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';
+diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
+index 6c04029ccb0..164b727e3dc 100644
+--- a/vio/viosslfactories.cc
+++ b/vio/viosslfactories.cc
+@@ -40,6 +40,10 @@
+ 
+ #include <openssl/dh.h>
+ 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
+
+ #if OPENSSL_VERSION_NUMBER < 0x10002000L
+ #include <openssl/ec.h>
+ #endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
+@@ -498,12 +502,20 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {
+   if (fips_mode > 2) {
+     goto EXIT;
+   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
+   fips_mode_old = FIPS_mode();
+  #else
+  fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);
+  #endif
+   if (fips_mode_old == fips_mode) {
+     rc = 1;
+     goto EXIT;
+   }
+  #if OPENSSL_VERSION_NUMBER < 0x30000000L
+   if (!(rc = FIPS_mode_set(fips_mode))) {
+  #else
+  if (!(rc = EVP_default_properties_enable_fips(NULL, fips_mode))) {
+  #endif
+     /*
+       If OS doesn't have FIPS enabled openssl library and user sets FIPS mode
+       ON, It fails with proper error. But in the same time it doesn't allow to
+@@ -511,7 +523,11 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {
+       error, setting old working FIPS mode value in the OpenSSL library. It will
+       allow successful cryptographic operation and will not abort the server.
+     */
+    #if OPENSSL_VERSION_NUMBER < 0x30000000L
+     FIPS_mode_set(fips_mode_old);
+    #else
+    EVP_default_properties_enable_fips(NULL, fips_mode_old);
+    #endif
+     err_library = ERR_get_error();
+     ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);
+     err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';
+@@ -525,7 +541,13 @@ EXIT:
+ 
+   @returns openssl current fips mode
+ */
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ uint get_fips_mode() { return FIPS_mode(); }
+#else
+uint get_fips_mode() {
+  return EVP_default_properties_is_fips_enabled(NULL);
+}
+#endif
+ 
+ long process_tls_version(const char *tls_version) {
+   const char *separator = ",";