dev-db/mysql-connector-c: Add openssl-1.1 compatibility patch

Closes: https://bugs.gentoo.org/606600
Package-Manager: Portage-2.3.31, Repoman-2.3.9

2 files changed, 289 insertions, 1 deletions

diff --git a/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch
new file mode 100644
index 000000000000..cbca14de60b6
--- /dev/null
+++ b/dev-db/mysql-connector-c/files/6.1.11-openssl-1.1.patch
@@ -0,0 +1,287 @@
+From 7961393dd45e4ad1cdc7544b4bba2e98a5d2760c Mon Sep 17 00:00:00 2001
+From: eroen <eroen@occam.eroen.eu>
+Date: Fri, 20 Jan 2017 14:43:53 +0100
+Subject: [PATCH] Don't use deprecated API with openssl 1.1
+
+If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using
+deprecated APIs causes build errors.
+
+X-Gentoo-Bug: 606600
+X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600
+---
+ mysys_ssl/my_aes_openssl.cc | 54 ++++++++++++++++++++++++++++++++-------------
+ sql-common/client.c         | 16 ++++++++++++--
+ vio/viossl.c                |  8 +++++++
+ vio/viosslfactories.c       | 23 +++++++++++++++++++
+ 4 files changed, 84 insertions(+), 17 deletions(-)
+
+diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc
+index 261ba8a..59a95e3 100644
+--- a/mysys_ssl/my_aes_openssl.cc
++++ b/mysys_ssl/my_aes_openssl.cc
+@@ -22,6 +22,12 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+ #include <openssl/evp.h>
+ #include <openssl/err.h>
+ #include <openssl/bio.h>
++#include <openssl/opensslv.h>
++
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
++#undef OPENSSL_VERSION_NUMBER
++#define OPENSSL_VERSION_NUMBER 0x1000107fL
++#endif
+ 
+ /*
+   xplugin needs BIO_new_bio_pair, but the server does not.
+@@ -122,7 +128,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
+                    enum my_aes_opmode mode, const unsigned char *iv,
+                    bool padding)
+ {
+-  EVP_CIPHER_CTX ctx;
++  EVP_CIPHER_CTX *ctx;
+   const EVP_CIPHER *cipher= aes_evp_type(mode);
+   int u_len, f_len;
+   /* The real key to be used for encryption */
+@@ -132,23 +138,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
+   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
++  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
+     goto aes_error;                             /* Error */
+-  if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
++  if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
+     goto aes_error;                             /* Error */
+-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
++  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
+     goto aes_error;                             /* Error */
+ 
+-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
++  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return u_len + f_len;
+ 
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return MY_AES_BAD_DATA;
+ }
+ 
+@@ -159,7 +173,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
+                    bool padding)
+ {
+ 
+-  EVP_CIPHER_CTX ctx;
++  EVP_CIPHER_CTX *ctx;
+   const EVP_CIPHER *cipher= aes_evp_type(mode);
+   int u_len, f_len;
+ 
+@@ -170,24 +184,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
+   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+     return MY_AES_BAD_DATA;
+ 
+-  EVP_CIPHER_CTX_init(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_init(ctx);
++#endif
+ 
+-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
++  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
+     goto aes_error;                             /* Error */
+-  if (!EVP_CIPHER_CTX_set_padding(&ctx, padding))
++  if (!EVP_CIPHER_CTX_set_padding(ctx, padding))
+     goto aes_error;                             /* Error */
+-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
++  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
+     goto aes_error;                             /* Error */
+-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
++  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
+     goto aes_error;                             /* Error */
+ 
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return u_len + f_len;
+ 
+ aes_error:
+   /* need to explicitly clean up the error if we want to ignore it */
+   ERR_clear_error();
+-  EVP_CIPHER_CTX_cleanup(&ctx);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  EVP_CIPHER_CTX_cleanup(ctx);
++#else
++  EVP_CIPHER_CTX_free(ctx);
++#endif
+   return MY_AES_BAD_DATA;
+ }
+ 
+diff --git a/sql-common/client.c b/sql-common/client.c
+index 9e88e9f..fe7daf7 100644
+--- a/sql-common/client.c
++++ b/sql-common/client.c
+@@ -86,6 +86,14 @@ my_bool	net_flush(NET *net);
+ #  include <sys/un.h>
+ #endif
+ 
++#ifdef HAVE_OPENSSL
++#include <openssl/opensslv.h>
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
++#undef OPENSSL_VERSION_NUMBER
++#define OPENSSL_VERSION_NUMBER 0x1000107fL
++#endif
++#endif
++
+ #ifndef _WIN32
+ #include <errno.h>
+ #define SOCKET_ERROR -1
+@@ -2685,7 +2693,7 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
+ {
+   SSL *ssl;
+   X509 *server_cert= NULL;
+-  char *cn= NULL;
++  const char *cn= NULL;
+   int cn_loc= -1;
+   ASN1_STRING *cn_asn1= NULL;
+   X509_NAME_ENTRY *cn_entry= NULL;
+@@ -2757,7 +2765,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
+     goto error;
+   }
+ 
+-  cn= (char *) ASN1_STRING_data(cn_asn1);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++  cn= (const char *) ASN1_STRING_data(cn_asn1);
++#else
++  cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
++#endif
+ 
+   // There should not be any NULL embedded in the CN
+   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
+diff --git a/vio/viossl.c b/vio/viossl.c
+index 5622cb7..94b0f09 100644
+--- a/vio/viossl.c
++++ b/vio/viossl.c
+@@ -24,6 +24,12 @@
+ 
+ #ifdef HAVE_OPENSSL
+ 
++#include <openssl/opensslv.h>
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
++#undef OPENSSL_VERSION_NUMBER
++#define OPENSSL_VERSION_NUMBER 0x1000107fL
++#endif
++
+ #ifndef DBUG_OFF
+ 
+ static void
+@@ -310,8 +316,10 @@ void vio_ssl_delete(Vio *vio)
+   }
+ 
+ #ifndef HAVE_YASSL
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   ERR_remove_thread_state(0);
+ #endif
++#endif
+ 
+   vio_delete(vio);
+ }
+diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
+index da5449a..87b30c3 100644
+--- a/vio/viosslfactories.c
++++ b/vio/viosslfactories.c
+@@ -16,6 +16,14 @@
+ #include "vio_priv.h"
+ 
+ #ifdef HAVE_OPENSSL
++#include <openssl/bn.h>
++#include <openssl/dh.h>
++#include <openssl/opensslv.h>
++
++#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
++#undef OPENSSL_VERSION_NUMBER
++#define OPENSSL_VERSION_NUMBER 0x1000107fL
++#endif
+ 
+ #define TLS_VERSION_OPTION_SIZE 256
+ #define SSL_CIPHER_LIST_SIZE 4096
+@@ -121,10 +129,18 @@ static DH *get_dh2048(void)
+   DH *dh;
+   if ((dh=DH_new()))
+   {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+     dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+     if (! dh->p || ! dh->g)
+     {
++#else
++    if (! DH_set0_pqg(dh,
++              BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
++              BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL),
++              NULL))
++    {
++#endif
+       DH_free(dh);
+       dh=0;
+     }
+@@ -247,6 +263,8 @@ typedef struct CRYPTO_dynlock_value
+ } openssl_lock_t;
+ 
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
+ /* Array of locks used by openssl internally for thread synchronization.
+    The number of locks is equal to CRYPTO_num_locks.
+ */
+@@ -389,9 +407,11 @@ static void deinit_lock_callback_functions()
+ {
+   set_lock_callback_functions(FALSE);
+ }
++#endif
+ 
+ void vio_ssl_end()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   int i= 0;
+ 
+   if (ssl_initialized) {
+@@ -409,6 +429,7 @@ void vio_ssl_end()
+ 
+     ssl_initialized= FALSE;
+   }
++#endif
+ }
+ 
+ #endif //OpenSSL specific
+@@ -419,6 +440,7 @@ void ssl_start()
+   {
+     ssl_initialized= TRUE;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     SSL_library_init();
+     OpenSSL_add_all_algorithms();
+     SSL_load_error_strings();
+@@ -427,6 +449,7 @@ void ssl_start()
+     init_ssl_locks();
+     init_lock_callback_functions();
+ #endif
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+   }
+ }
+ 
+-- 
+2.11.0
+
diff --git a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild b/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild
index 0895cd112ad4..c865a0fc652c 100644
--- a/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild
+++ b/dev-db/mysql-connector-c/mysql-connector-c-6.1.11-r1.ebuild
@@ -45,6 +45,7 @@ DOCS=( README )
 PATCHES=(
 	"${FILESDIR}/mysql_com.patch"
 	"${FILESDIR}/20028_all_mysql-5.6-gcc7.patch"
+	"${FILESDIR}/6.1.11-openssl-1.1.patch"
 )
 
 src_prepare() {
@@ -57,7 +58,7 @@ src_prepare() {
 }
 
 multilib_src_configure() {
-	mycmakeargs+=(
+	local mycmakeargs=(
 		-DINSTALL_LAYOUT=RPM
 		-DINSTALL_LIBDIR=$(get_libdir)
 		-DWITH_DEFAULT_COMPILER_OPTIONS=OFF