2 files changed, 138 insertions, 0 deletions

diff --git a/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc b/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc
new file mode 100644
index 000000000000..5a938fe6fc14
--- /dev/null
+++ b/databases/mysql56-server/files/patch-mysys__ssl_my__aes__openssl.cc
@@ -0,0 +1,111 @@
+--- mysys_ssl/my_aes_openssl.cc.orig	2017-12-09 07:33:37 UTC
++++ mysys_ssl/my_aes_openssl.cc
+@@ -108,33 +108,47 @@ int my_aes_encrypt(const unsigned char *
+                    const unsigned char *key, uint32 key_length,
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+-  EVP_CIPHER_CTX ctx;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX stack_ctx;
++  EVP_CIPHER_CTX *ctx= &stack_ctx;
++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   const EVP_CIPHER *cipher= aes_evp_type(mode);
+   int u_len, f_len;
+   /* The real key to be used for encryption */
+   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
+   my_aes_create_key(key, key_length, rkey, mode);
+ 
+-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
++  if (!ctx || !cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
++   if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
+     goto aes_error;                             /* Error */
+-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
++  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
+     goto aes_error;                             /* Error */
+-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
++  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
+     goto aes_error;                             /* Error */
+ 
+-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
++   if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++  EVP_CIPHER_CTX_free(ctx);
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   return u_len + f_len;
+ 
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++    EVP_CIPHER_CTX_cleanup(ctx);
++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++    EVP_CIPHER_CTX_free(ctx);
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++
+   return MY_AES_BAD_DATA;
+ }
+ 
+@@ -145,7 +159,12 @@ int my_aes_decrypt(const unsigned char *
+                    enum my_aes_opmode mode, const unsigned char *iv)
+ {
+ 
+-  EVP_CIPHER_CTX ctx;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX stack_ctx;
++  EVP_CIPHER_CTX *ctx= &stack_ctx;
++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */	
+   const EVP_CIPHER *cipher= aes_evp_type(mode);
+   int u_len, f_len;
+ 
+@@ -156,24 +175,30 @@ int my_aes_decrypt(const unsigned char *
+   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-  EVP_CIPHER_CTX_init(&ctx);
+-
+-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
++  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
+     goto aes_error;                             /* Error */
+-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
++  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
+     goto aes_error;                             /* Error */
+-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
++  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
+     goto aes_error;                             /* Error */
+-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
++  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++  EVP_CIPHER_CTX_free(ctx);
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   return u_len + f_len;
+ 
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++  EVP_CIPHER_CTX_free(ctx);
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   return MY_AES_BAD_DATA;
+ }
+ 
diff --git a/databases/mysql56-server/files/patch-vio_viosslfactories.c b/databases/mysql56-server/files/patch-vio_viosslfactories.c
new file mode 100644
index 000000000000..316be960c4ec
--- /dev/null
+++ b/databases/mysql56-server/files/patch-vio_viosslfactories.c
@@ -0,0 +1,27 @@
+--- vio/viosslfactories.c.orig	2017-12-09 07:33:37 UTC
++++ vio/viosslfactories.c
+@@ -68,13 +68,20 @@ static DH *get_dh2048(void)
+   DH *dh;
+   if ((dh=DH_new()))
+   {
+-    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+-    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+-    if (! dh->p || ! dh->g)
+-    {
++    BIGNUM *p= BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++    BIGNUM *g= BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++    if (!p || !g
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++        || !DH_set0_pqg(dh, p, NULL, g)
++#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
++    ) {
+       DH_free(dh);
+       dh=0;
+     }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++    dh->p= p;
++    dh->g= g;
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   }
+   return(dh);
+ }