Commit graph

14 commits

Author SHA1 Message Date
Vladislav Vaintroub
62fd7b4cd2 OpenSSL - set all heap functions in CRYPTO_set_mem_functions.
The reason is that on Windows, OpenSSL can be built with different C runtime
than the server (e.g Debug runtime in debug vcpkg build).

Overwriting only malloc(), with CRT that server is using can cause
mixup of incompatible malloc() and free() inside openssl.

To fix, overwrite all memory functions.
2024-08-09 01:15:45 +02:00
Sergei Golubchik
4da80a41f6 Fix double definition of CRYPTO_cleanup_all_ex_data 2023-07-31 17:44:07 +02:00
Sergei Golubchik
9c0e91a27c Adjust OpenSSL context sizes for CiscoSSL
also, add static
2023-06-22 15:26:23 +02:00
Sergei Golubchik
1f72450260 Revert "MDEV-23925: Fixed warnings generated during compilation of mysys_ssl/openssl.c on MacOS"
This reverts commit a1b6691f93.

because #ifdef checks the symbol defined in ssl_compat.h,
so #include <ssl_compat.h> cannot be inside #ifdef
2023-06-22 15:25:34 +02:00
Marko Mäkelä
e3d692aa09 Merge 10.2 into 10.3 2020-10-22 08:26:28 +03:00
Dmitry Shulga
a1b6691f93 MDEV-23925: Fixed warnings generated during compilation of mysys_ssl/openssl.c on MacOS
Compiler warnings like one listed below are generated during server build on MacOS:
In file included from server-10.2-MDEV-23564/mysys_ssl/openssl.c:33:
In file included from /usr/local/include/openssl/evp.h:16:
In file included from /usr/local/include/openssl/bio.h:20:
/usr/local/include/openssl/crypto.h:206:10: warning: 'CRYPTO_cleanup_all_ex_data' macro redefined [-Wmacro-redefined]
           ^
  /mariadb/server-10.2-MDEV-23564/include/ssl_compat.h:46:9: note: previous definition is here
          ^

In case MariaDB serer is build with -DCMAKE_BUILD_TYPE=Debug it results in
build error.

The reason of compiler warnings is that header file <ssl_compat.h>
included before the openssl system header files. File ssl_compat.h
contains some macros with the same names as SSL API functions declared
in the openssl system header files. It resulted in duplicate
symbols that produces compiler warnings.

To fix the issue the header file ssl_compat.h should be included
after a line where openssl system header is included.
2020-10-21 17:43:23 +07:00
Vladislav Vaintroub
4c0d391c92 Windows : fix broken build with OpenSSL 2018-09-08 20:36:31 +01:00
Alexander Kuleshov
00eb5bf3bb MDEV-15513 use EVP_MD_CTX_{new,free} instead of EVP_MD_CTX_{create, destroy}
for consistency with EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().

As the EVP_DIGESTINIT(3) man page says:

EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to
EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.

Closes #621
2018-05-21 16:34:10 +00:00
Daniel Black
d743b61f89 MDEV-14567: CRYPTO_set_mem_functions fails in FIPS mode
If the CRYPTO_set_mem_functions fails just return success
from check_openssl_compatibility. The only case where
CRYPTO_set_mem_functions fails is the allow_customize==0 (aka FIPS
mode). The check_openssl_compatibility isn't able to complete unless
this function returns success.

ref: https://github.com/openssl/openssl/blob/OpenSSL_1_1_0g/crypto/mem.c#L34
2018-02-07 11:45:01 +01:00
Sergei Golubchik
203e2176fe MDEV-13698 stack overflow (OpenSSL on Windows)
avoid CRYPTO_free recursively calling itself on Windows
2017-09-18 10:12:23 +02:00
Sergei Golubchik
7fc75c420a fix compilation with OpenSSL 1.1 2017-07-13 09:14:17 +02:00
Sergei Golubchik
93a95c0a76 cleanup: check_openssl_compatibility()
CRYPTO_set_mem_functions() works only until the first allocation is done:
* remove the second CRYPTO_set_mem_functions() call
* check whether the first CRYPTO_set_mem_functions() call worked
* stricter memory checks (==1, not >1, etc)
* as coc_malloc cannot be removed, make the counter a bit cheaper
* only do the check for OpenSSL 1.1 (because of OpenSSL 1.0 bug)
2017-07-05 17:15:57 +02:00
Sergei Golubchik
2980b0c348 fix crashes with openssl fips builds
Apparently openssl ignores CRYPTO_set_mem_functions() in fips mode,
so we cannot detect structure sizes. Don't freak out when
no mallocs were detected.
2017-05-10 01:33:03 +02:00
Sergei Golubchik
ccca4f43c9 MDEV-10332 support for OpenSSL 1.1 and LibreSSL
post-review fixes:
* move all ssl implementation related ifdefs/defines to one file
  (ssl_compat.h)
* work around OpenSSL-1.1 desire to malloc every EVP context by
  run-time checking that context allocated on the stack is big enough
  (openssl.c)
* use newer version of the AWS SDK for OpenSSL 1.1
* use get_dh2048() function as generated by openssl 1.1
  (viosslfactories.c)
2017-05-09 18:53:10 +02:00