diff options
Diffstat (limited to 'mysql-dh1024.patch')
| -rw-r--r-- | mysql-dh1024.patch | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/mysql-dh1024.patch b/mysql-dh1024.patch new file mode 100644 index 0000000..fed7cf8 --- /dev/null +++ b/mysql-dh1024.patch @@ -0,0 +1,104 @@ +diff -rup mysql-5.1.73.orig/include/violite.h mysql-5.1.73/include/violite.h +--- mysql-5.1.73.orig/include/violite.h 2013-11-04 13:52:27.000000000 -0500 ++++ mysql-5.1.73/include/violite.h 2015-06-15 10:07:58.366985983 -0400 +@@ -118,7 +118,7 @@ enum enum_ssl_init_error + { + SSL_INITERR_NOERROR= 0, SSL_INITERR_CERT, SSL_INITERR_KEY, + SSL_INITERR_NOMATCH, SSL_INITERR_BAD_PATHS, SSL_INITERR_CIPHERS, +- SSL_INITERR_MEMFAIL, SSL_INITERR_LASTERR ++ SSL_INITERR_MEMFAIL, SSL_INITERR_DHFAIL, SSL_INITERR_LASTERR + }; + const char* sslGetErrString(enum enum_ssl_init_error err); + +diff -rup mysql-5.1.73.orig/vio/viosslfactories.c mysql-5.1.73/vio/viosslfactories.c +--- mysql-5.1.73.orig/vio/viosslfactories.c 2015-06-15 10:07:04.870976371 -0400 ++++ mysql-5.1.73/vio/viosslfactories.c 2015-06-15 10:25:37.759373094 -0400 +@@ -22,27 +22,45 @@ + static my_bool ssl_algorithms_added = FALSE; + static my_bool ssl_error_strings_loaded= FALSE; + +-static unsigned char dh512_p[]= +-{ +- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75, +- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, +- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3, +- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, +- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C, +- 0x47,0x74,0xE8,0x33, ++/* ++ Diffie-Hellman key. ++ Generated using: >openssl dhparam -5 -C 1024 ++ ++ -----BEGIN DH PARAMETERS----- ++ MIIBCAKCAQEAil36wGZ2TmH6ysA3V1xtP4MKofXx5n88xq/aiybmGnReZMviCPEJ ++ 46+7VCktl/RZ5iaDH1XNG1dVQmznt9pu2G3usU+k1/VB4bQL4ZgW4u0Wzxh9PyXD ++ glm99I9Xyj4Z5PVE4MyAsxCRGA1kWQpD9/zKAegUBPLNqSo886Uqg9hmn8ksyU9E ++ BV5eAEciCuawh6V0O+Sj/C3cSfLhgA0GcXp3OqlmcDu6jS5gWjn3LdP1U0duVxMB ++ h/neTSCSvtce4CAMYMjKNVh9P1nu+2d9ZH2Od2xhRIqMTfAS1KTqF3VmSWzPFCjG ++ mjxx/bg6bOOjpgZapvB6ABWlWmRmAAWFtwIBBQ== ++ -----END DH PARAMETERS----- ++ */ ++static unsigned char dh1024_p[]= ++{ ++ 0x8F,0xF8,0xDD,0xDD,0x5A,0xC2,0xC1,0xB1,0xE6,0x94,0x57,0x25, ++ 0x04,0xD0,0x81,0xF1,0x1B,0x93,0x0F,0x7C,0x8E,0xD2,0x72,0xC4, ++ 0xE6,0x8A,0x14,0x2C,0xCE,0x42,0x45,0x0D,0x82,0xD1,0x9D,0x91, ++ 0xD7,0x29,0x1D,0x24,0xC0,0x2B,0xB8,0xC6,0x94,0xC9,0xE7,0xA0, ++ 0x32,0xA7,0x38,0xC5,0xD1,0xBA,0xB8,0x5F,0x3A,0x20,0x73,0x32, ++ 0x52,0x79,0x54,0x23,0xB6,0x09,0x59,0x4C,0xC7,0x8D,0x20,0x09, ++ 0x9F,0x3D,0x2B,0x1A,0xF9,0xF7,0x82,0x91,0x2A,0x41,0xC0,0xB7, ++ 0x4C,0xBD,0xE5,0x75,0xAE,0x3A,0x31,0x70,0x14,0x26,0xCD,0x2C, ++ 0xC3,0xBA,0xFB,0x6F,0x18,0xA7,0xD1,0x3F,0xEE,0xE0,0x89,0x72, ++ 0x47,0xB0,0x7A,0x52,0x99,0x93,0xEA,0x3B,0x47,0xCF,0x4E,0xFE, ++ 0x15,0x8E,0xAC,0x2D,0x16,0xC4,0x71,0x7F, + }; + +-static unsigned char dh512_g[]={ +- 0x02, ++static unsigned char dh1024_g[]={ ++ 0x05, + }; + +-static DH *get_dh512(void) ++static DH *get_dh1024(void) + { + DH *dh; + if ((dh=DH_new())) + { +- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); +- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); ++ dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); ++ dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); + if (! dh->p || ! dh->g) + { + DH_free(dh); +@@ -83,7 +101,8 @@ ssl_error_string[] = + "Private key does not match the certificate public key", + "SSL_CTX_set_default_verify_paths failed", + "Failed to set ciphers to use", +- "SSL_CTX_new failed" ++ "SSL_CTX_new failed", ++ "SSL_CTX_set_tmp_dh failed" + }; + + const char* +@@ -291,8 +310,17 @@ new_VioSSLFd(const char *key_file, const + } + + /* DH stuff */ +- dh=get_dh512(); +- SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh); ++ dh=get_dh1024(); ++ if (SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh) == 0) ++ { ++ *error= SSL_INITERR_DHFAIL; ++ DBUG_PRINT("error", ("%s", sslGetErrString(*error))); ++ report_errors(); ++ DH_free(dh); ++ SSL_CTX_free(ssl_fd->ssl_context); ++ my_free((void*)ssl_fd,MYF(0)); ++ DBUG_RETURN(0); ++ } + DH_free(dh); + + DBUG_PRINT("exit", ("OK 1")); |