mirror of
https://github.com/microsoft/vcpkg.git
synced 2024-12-11 05:49:16 +08:00
407bc79b39
* Create package openssl3 * Create package openssl3 * Delete openssl3 * update version to 3.0.1 * Delete openssl3 * Update manifests to 3.0.1 * Fix download url * Update port version * Update version * Remove wrong port version * Fix errors * Fix license * Remove empty folders * Fix post-build errors * Add license field * Fix cmake for uwp * Remove patch file * format manifest * Update version file * Fix port version * version * Test: remove vcvarsall * version * fix version * version * Fix docs in cmake files as well * wrong branch * Add port openssl-1 * Fix directories * delete openssl-1 * [openssl-1] Add port * version * Fix UWP build * version * migrate uthenticode * version * Fix UWP build for librabbitmq * version * Fix UWP warnings * version * Fix patch * version * Disable C4996 on UWP * version * [idevicerestore] disable C4996 * remove warning fixes * Revert uthenticode * Final newlines * version * Remove winsock replace * version * [libwebsockets] Disable /WX on Windows * version * Typo * version * Disable C4996 in patch instead * version * [luasec] Use openssl-1 * version * revert luasec * migrate luasec * version * revert winsock * version * revert winsock * version * revert revert * version * Fix platform for luasec * Fix supports * version * . * version * uthenticode * libmysql * azure-c-shared-utility * version * remove azure-c-shared-utility * revert all * uthenticode * version * azure * version * libmysql * version * remove mysql * [libdatachannel] disable warnings on UWP * version * Fix patches * version * Add openssl-1 to CI baseline * openssl-1: check if copyright exists * version * revert azure * [libssh2] disable c4996 * version * [aws-sdk-cpp] -Wno-deprecated * version * fix aws patch * version * fix aws patch * version * [qpid-proton] disable warning * version * Fix patch * version * [librtmp] disable c4996 * version * [libu2f-server] disablec4996 * switch version scheme * version * [idevicerestore] disable c4996 * version * typo * version * fix cmake * version * fix cmake again * version * [uthenticode] patch to support Openssl 3 * version * fix idevicerestore * version * search for conflicting copyrights * version * Fix luasec * fix version * version * fix azure * version * Remove debug stuff * version * [open62541] patch * update port version * version * [libmysql] patch * version * Fix patch * version * Format openssl * Format openssl portfiles * Check for conflicting copyrights * Fix typo * Rename openssl-1 to openssl1 * Rename openssl-1 to openssl1 * version * Update ci baseline * version * resolve conflicting port versions * version * apply latest openssl security fix * version * Fix qpid-proton * version * retrigger Bbuild of qtbase * version * revert qtbase * Remove openssl1 * version * version * fix openssl_version_fix Co-authored-by: nicole mazzuca <mazzucan@outlook.com>
126 lines
4.1 KiB
Diff
126 lines
4.1 KiB
Diff
diff --git a/mysys/my_md5.cc b/mysys/my_md5.cc
|
|
index dea997b252c..81484f0652b 100644
|
|
--- a/mysys/my_md5.cc
|
|
+++ b/mysys/my_md5.cc
|
|
@@ -35,6 +35,10 @@
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/md5.h>
|
|
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
+#include <openssl/evp.h>
|
|
+#endif
|
|
+
|
|
static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
|
|
int len) {
|
|
MD5_CTX ctx;
|
|
@@ -56,7 +60,11 @@ static void my_md5_hash(unsigned char *digest, unsigned const char *buf,
|
|
int compute_md5_hash(char *digest, const char *buf, int len) {
|
|
int retval = 0;
|
|
int fips_mode = 0;
|
|
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
fips_mode = FIPS_mode();
|
|
+ #else
|
|
+ fips_mode = EVP_default_properties_is_fips_enabled(NULL);
|
|
+ #endif
|
|
/* If fips mode is ON/STRICT restricted method calls will result into abort,
|
|
* skipping call. */
|
|
if (fips_mode == 0) {
|
|
diff --git a/plugin/x/client/xconnection_impl.cc b/plugin/x/client/xconnection_impl.cc
|
|
index 13bc6794ea5..8752bcea9bf 100644
|
|
--- a/plugin/x/client/xconnection_impl.cc
|
|
+++ b/plugin/x/client/xconnection_impl.cc
|
|
@@ -51,6 +51,10 @@
|
|
#include "plugin/x/src/config/config.h"
|
|
#include "sql-common/net_ns.h"
|
|
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
+#include <openssl/evp.h>
|
|
+#endif
|
|
+
|
|
#ifndef WIN32
|
|
#include <netdb.h>
|
|
#include <sys/socket.h>
|
|
@@ -524,12 +528,20 @@ int set_fips_mode(const uint32_t fips_mode,
|
|
if (fips_mode > 2) {
|
|
goto EXIT;
|
|
}
|
|
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
fips_mode_old = FIPS_mode();
|
|
+ #else
|
|
+ fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);
|
|
+ #endif
|
|
if (fips_mode_old == fips_mode) {
|
|
rc = 1;
|
|
goto EXIT;
|
|
}
|
|
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
if (!(rc = FIPS_mode_set(fips_mode))) {
|
|
+ #else
|
|
+ if (!(rc = EVP_default_properties_enable_fips(fips_mode))) {
|
|
+ #endif
|
|
err_library = ERR_get_error();
|
|
ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);
|
|
err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';
|
|
diff --git a/vio/viosslfactories.cc b/vio/viosslfactories.cc
|
|
index 6c04029ccb0..164b727e3dc 100644
|
|
--- a/vio/viosslfactories.cc
|
|
+++ b/vio/viosslfactories.cc
|
|
@@ -40,6 +40,10 @@
|
|
|
|
#include <openssl/dh.h>
|
|
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
+#include <openssl/evp.h>
|
|
+#endif
|
|
+
|
|
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
|
#include <openssl/ec.h>
|
|
#endif /* OPENSSL_VERSION_NUMBER < 0x10002000L */
|
|
@@ -498,12 +502,20 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {
|
|
if (fips_mode > 2) {
|
|
goto EXIT;
|
|
}
|
|
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
fips_mode_old = FIPS_mode();
|
|
+ #else
|
|
+ fips_mode_old = EVP_default_properties_is_fips_enabled(NULL);
|
|
+ #endif
|
|
if (fips_mode_old == fips_mode) {
|
|
rc = 1;
|
|
goto EXIT;
|
|
}
|
|
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
if (!(rc = FIPS_mode_set(fips_mode))) {
|
|
+ #else
|
|
+ if (!(rc = EVP_default_properties_enable_fips(NULL, fips_mode))) {
|
|
+ #endif
|
|
/*
|
|
If OS doesn't have FIPS enabled openssl library and user sets FIPS mode
|
|
ON, It fails with proper error. But in the same time it doesn't allow to
|
|
@@ -511,7 +523,11 @@ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {
|
|
error, setting old working FIPS mode value in the OpenSSL library. It will
|
|
allow successful cryptographic operation and will not abort the server.
|
|
*/
|
|
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
FIPS_mode_set(fips_mode_old);
|
|
+ #else
|
|
+ EVP_default_properties_enable_fips(NULL, fips_mode_old);
|
|
+ #endif
|
|
err_library = ERR_get_error();
|
|
ERR_error_string_n(err_library, err_string, OPENSSL_ERROR_LENGTH - 1);
|
|
err_string[OPENSSL_ERROR_LENGTH - 1] = '\0';
|
|
@@ -525,7 +541,13 @@ EXIT:
|
|
|
|
@returns openssl current fips mode
|
|
*/
|
|
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
uint get_fips_mode() { return FIPS_mode(); }
|
|
+#else
|
|
+uint get_fips_mode() {
|
|
+ return EVP_default_properties_is_fips_enabled(NULL);
|
|
+}
|
|
+#endif
|
|
|
|
long process_tls_version(const char *tls_version) {
|
|
const char *separator = ",";
|