thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-11-21 15:12:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix the build (after boringssl submodule removal)

Browse Source
This commit is contained in:
Robert Schulze 2024-02-10 14:35:04 +00:00
parent 0608f7662e
commit dca6e0abbd
No known key found for this signature in database
GPG Key ID: 26703B55FB13728A
19 changed files with 1307 additions and 2219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -455,8 +455,6 @@ endif ()
enable_testing() # Enable for tests without binary
option(ENABLE_OPENSSL "This option performs a build with OpenSSL. NOTE! This option is insecure and should never be used. By default, ClickHouse uses and only supports BoringSSL" OFF)
if (ARCH_S390X)
set(ENABLE_OPENSSL_DYNAMIC_DEFAULT ON)
else ()

4
contrib/CMakeLists.txt vendored
View File

@ -37,11 +37,7 @@ function(add_contrib cmake_folder)
message(STATUS "Adding contrib module ${base_folders} (configuring with ${cmake_folder})")
add_subdirectory (${cmake_folder})
endfunction()
if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
add_contrib (openssl-cmake openssl)
else ()
add_contrib (boringssl-cmake boringssl)
endif ()
add_contrib (miniselect-cmake miniselect)
add_contrib (pdqsort-cmake pdqsort)
add_contrib (pocketfft-cmake pocketfft)

9
contrib/krb5-cmake/CMakeLists.txt
View File

@ -224,6 +224,7 @@ set(ALL_SRCS
"${KRB5_SOURCE_DIR}/lib/crypto/krb/prf_rc4.c"
"${KRB5_SOURCE_DIR}/lib/crypto/krb/s2k_pbkdf2.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/aes.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
# "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/rc4.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des3.c"
@ -474,14 +475,6 @@ set(ALL_SRCS
"${KRB5_SOURCE_DIR}/lib/krb5/krb5_libinit.c"
)
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
add_compile_definitions(USE_BORINGSSL=1)
else()
set(ALL_SRCS ${ALL_SRCS}
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
)
endif()
add_custom_command(
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/compile_et"
COMMAND /bin/sh

2
contrib/libpq-cmake/CMakeLists.txt
View File

@ -59,11 +59,9 @@ set(SRCS
add_library(_libpq ${SRCS})
if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
add_definitions(-DHAVE_BIO_METH_NEW)
add_definitions(-DHAVE_HMAC_CTX_NEW)
add_definitions(-DHAVE_HMAC_CTX_FREE)
endif ()
target_include_directories (_libpq SYSTEM PUBLIC ${LIBPQ_SOURCE_DIR})
target_include_directories (_libpq SYSTEM PUBLIC "${LIBPQ_SOURCE_DIR}/include")

4
contrib/libssh-cmake/CMakeLists.txt
View File

@ -88,10 +88,6 @@ set(libssh_SRCS
${LIB_SOURCE_DIR}/src/bind_config.c
)
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
add_compile_definitions(USE_BORINGSSL=1)
endif()
configure_file(${LIB_SOURCE_DIR}/include/libssh/libssh_version.h.cmake ${LIB_BINARY_DIR}/include/libssh/libssh_version.h @ONLY)
add_library(_ssh STATIC ${libssh_SRCS})

19
contrib/openssl-cmake/CMakeLists.txt
View File

@ -1,11 +1,13 @@
# Note: ClickHouse uses BoringSSL. The presence of OpenSSL is only due to IBM's port of ClickHouse to s390x. BoringSSL does not support
# s390x, also FIPS validation provided by the OS vendor (Red Hat, Ubuntu) requires (preferrably dynamic) linking with OS packages which
# ClickHouse generally avoids.
#
# Furthermore, the in-source OpenSSL dump in this directory is due to development purposes and non FIPS-compliant.
if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
# Actually, so many 3rd party libraries + unit tests need SSL that we cannot disable it
# without breaking the build ...
set(ENABLE_SSL 1 CACHE INTERNAL "")
# TODO: Making SSL dependent on ENABLE_LIBRARIES is desirable but needs fixing dependent libs + tests.
# option(ENABLE_SSL "Enable ssl" ${ENABLE_LIBRARIES})
if(NOT ENABLE_SSL)
message(STATUS "Not using openssl")
return()
endif()
set(OPENSSL_SOURCE_DIR ${ClickHouse_SOURCE_DIR}/contrib/openssl)
set(OPENSSL_BINARY_DIR ${ClickHouse_BINARY_DIR}/contrib/openssl)
@ -1291,7 +1293,4 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
add_library(OpenSSL::Crypto ALIAS crypto)
add_library(OpenSSL::SSL ALIAS ssl)
if(ENABLE_OPENSSL)
install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse)
endif()
endif()

160
contrib/openssl-cmake/linux_x86_64/der_digests_gen.c
View File

@ -1,160 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_digests_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_digests.h"
/* Well known OIDs precompiled */
/*
* sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
*/
const unsigned char ossl_der_oid_sigAlgs[DER_OID_SZ_sigAlgs] = {
DER_OID_V_sigAlgs
};
/*
* id-sha1 OBJECT IDENTIFIER ::= { iso(1)
* identified-organization(3) oiw(14)
* secsig(3) algorithms(2) 26 }
*/
const unsigned char ossl_der_oid_id_sha1[DER_OID_SZ_id_sha1] = {
DER_OID_V_id_sha1
};
/*
* id-md2 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
*/
const unsigned char ossl_der_oid_id_md2[DER_OID_SZ_id_md2] = {
DER_OID_V_id_md2
};
/*
* id-md5 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }
*/
const unsigned char ossl_der_oid_id_md5[DER_OID_SZ_id_md5] = {
DER_OID_V_id_md5
};
/*
* id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
*/
const unsigned char ossl_der_oid_id_sha256[DER_OID_SZ_id_sha256] = {
DER_OID_V_id_sha256
};
/*
* id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
*/
const unsigned char ossl_der_oid_id_sha384[DER_OID_SZ_id_sha384] = {
DER_OID_V_id_sha384
};
/*
* id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
*/
const unsigned char ossl_der_oid_id_sha512[DER_OID_SZ_id_sha512] = {
DER_OID_V_id_sha512
};
/*
* id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
*/
const unsigned char ossl_der_oid_id_sha224[DER_OID_SZ_id_sha224] = {
DER_OID_V_id_sha224
};
/*
* id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }
*/
const unsigned char ossl_der_oid_id_sha512_224[DER_OID_SZ_id_sha512_224] = {
DER_OID_V_id_sha512_224
};
/*
* id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }
*/
const unsigned char ossl_der_oid_id_sha512_256[DER_OID_SZ_id_sha512_256] = {
DER_OID_V_id_sha512_256
};
/*
* id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }
*/
const unsigned char ossl_der_oid_id_sha3_224[DER_OID_SZ_id_sha3_224] = {
DER_OID_V_id_sha3_224
};
/*
* id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }
*/
const unsigned char ossl_der_oid_id_sha3_256[DER_OID_SZ_id_sha3_256] = {
DER_OID_V_id_sha3_256
};
/*
* id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }
*/
const unsigned char ossl_der_oid_id_sha3_384[DER_OID_SZ_id_sha3_384] = {
DER_OID_V_id_sha3_384
};
/*
* id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }
*/
const unsigned char ossl_der_oid_id_sha3_512[DER_OID_SZ_id_sha3_512] = {
DER_OID_V_id_sha3_512
};
/*
* id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }
*/
const unsigned char ossl_der_oid_id_shake128[DER_OID_SZ_id_shake128] = {
DER_OID_V_id_shake128
};
/*
* id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }
*/
const unsigned char ossl_der_oid_id_shake256[DER_OID_SZ_id_shake256] = {
DER_OID_V_id_shake256
};
/*
* id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }
*/
const unsigned char ossl_der_oid_id_shake128_len[DER_OID_SZ_id_shake128_len] = {
DER_OID_V_id_shake128_len
};
/*
* id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }
*/
const unsigned char ossl_der_oid_id_shake256_len[DER_OID_SZ_id_shake256_len] = {
DER_OID_V_id_shake256_len
};
/*
* id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19}
*/
const unsigned char ossl_der_oid_id_KMACWithSHAKE128[DER_OID_SZ_id_KMACWithSHAKE128] = {
DER_OID_V_id_KMACWithSHAKE128
};
/*
* id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20}
*/
const unsigned char ossl_der_oid_id_KMACWithSHAKE256[DER_OID_SZ_id_KMACWithSHAKE256] = {
DER_OID_V_id_KMACWithSHAKE256
};

94
contrib/openssl-cmake/linux_x86_64/der_dsa_gen.c
View File

@ -1,94 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_dsa_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "prov/der_dsa.h"
/* Well known OIDs precompiled */
/*
* id-dsa OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
*/
const unsigned char ossl_der_oid_id_dsa[DER_OID_SZ_id_dsa] = {
DER_OID_V_id_dsa
};
/*
* id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha1[DER_OID_SZ_id_dsa_with_sha1] = {
DER_OID_V_id_dsa_with_sha1
};
/*
* id-dsa-with-sha224 OBJECT IDENTIFIER ::= { sigAlgs 1 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha224[DER_OID_SZ_id_dsa_with_sha224] = {
DER_OID_V_id_dsa_with_sha224
};
/*
* id-dsa-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 2 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha256[DER_OID_SZ_id_dsa_with_sha256] = {
DER_OID_V_id_dsa_with_sha256
};
/*
* id-dsa-with-sha384 OBJECT IDENTIFIER ::= { sigAlgs 3 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha384[DER_OID_SZ_id_dsa_with_sha384] = {
DER_OID_V_id_dsa_with_sha384
};
/*
* id-dsa-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 4 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha512[DER_OID_SZ_id_dsa_with_sha512] = {
DER_OID_V_id_dsa_with_sha512
};
/*
* id-dsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 5 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_224[DER_OID_SZ_id_dsa_with_sha3_224] = {
DER_OID_V_id_dsa_with_sha3_224
};
/*
* id-dsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 6 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_256[DER_OID_SZ_id_dsa_with_sha3_256] = {
DER_OID_V_id_dsa_with_sha3_256
};
/*
* id-dsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 7 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_384[DER_OID_SZ_id_dsa_with_sha3_384] = {
DER_OID_V_id_dsa_with_sha3_384
};
/*
* id-dsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 8 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_512[DER_OID_SZ_id_dsa_with_sha3_512] = {
DER_OID_V_id_dsa_with_sha3_512
};

279
contrib/openssl-cmake/linux_x86_64/der_ec_gen.c
View File

@ -1,279 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_ec_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ec.h"
/* Well known OIDs precompiled */
/*
* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA1[DER_OID_SZ_ecdsa_with_SHA1] = {
DER_OID_V_ecdsa_with_SHA1
};
/*
* id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
*/
const unsigned char ossl_der_oid_id_ecPublicKey[DER_OID_SZ_id_ecPublicKey] = {
DER_OID_V_id_ecPublicKey
};
/*
* c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 }
*/
const unsigned char ossl_der_oid_c2pnb163v1[DER_OID_SZ_c2pnb163v1] = {
DER_OID_V_c2pnb163v1
};
/*
* c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 }
*/
const unsigned char ossl_der_oid_c2pnb163v2[DER_OID_SZ_c2pnb163v2] = {
DER_OID_V_c2pnb163v2
};
/*
* c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 }
*/
const unsigned char ossl_der_oid_c2pnb163v3[DER_OID_SZ_c2pnb163v3] = {
DER_OID_V_c2pnb163v3
};
/*
* c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 }
*/
const unsigned char ossl_der_oid_c2pnb176w1[DER_OID_SZ_c2pnb176w1] = {
DER_OID_V_c2pnb176w1
};
/*
* c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 }
*/
const unsigned char ossl_der_oid_c2tnb191v1[DER_OID_SZ_c2tnb191v1] = {
DER_OID_V_c2tnb191v1
};
/*
* c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 }
*/
const unsigned char ossl_der_oid_c2tnb191v2[DER_OID_SZ_c2tnb191v2] = {
DER_OID_V_c2tnb191v2
};
/*
* c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 }
*/
const unsigned char ossl_der_oid_c2tnb191v3[DER_OID_SZ_c2tnb191v3] = {
DER_OID_V_c2tnb191v3
};
/*
* c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 }
*/
const unsigned char ossl_der_oid_c2onb191v4[DER_OID_SZ_c2onb191v4] = {
DER_OID_V_c2onb191v4
};
/*
* c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 }
*/
const unsigned char ossl_der_oid_c2onb191v5[DER_OID_SZ_c2onb191v5] = {
DER_OID_V_c2onb191v5
};
/*
* c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 }
*/
const unsigned char ossl_der_oid_c2pnb208w1[DER_OID_SZ_c2pnb208w1] = {
DER_OID_V_c2pnb208w1
};
/*
* c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 }
*/
const unsigned char ossl_der_oid_c2tnb239v1[DER_OID_SZ_c2tnb239v1] = {
DER_OID_V_c2tnb239v1
};
/*
* c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 }
*/
const unsigned char ossl_der_oid_c2tnb239v2[DER_OID_SZ_c2tnb239v2] = {
DER_OID_V_c2tnb239v2
};
/*
* c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 }
*/
const unsigned char ossl_der_oid_c2tnb239v3[DER_OID_SZ_c2tnb239v3] = {
DER_OID_V_c2tnb239v3
};
/*
* c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 }
*/
const unsigned char ossl_der_oid_c2onb239v4[DER_OID_SZ_c2onb239v4] = {
DER_OID_V_c2onb239v4
};
/*
* c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 }
*/
const unsigned char ossl_der_oid_c2onb239v5[DER_OID_SZ_c2onb239v5] = {
DER_OID_V_c2onb239v5
};
/*
* c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 }
*/
const unsigned char ossl_der_oid_c2pnb272w1[DER_OID_SZ_c2pnb272w1] = {
DER_OID_V_c2pnb272w1
};
/*
* c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 }
*/
const unsigned char ossl_der_oid_c2pnb304w1[DER_OID_SZ_c2pnb304w1] = {
DER_OID_V_c2pnb304w1
};
/*
* c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 }
*/
const unsigned char ossl_der_oid_c2tnb359v1[DER_OID_SZ_c2tnb359v1] = {
DER_OID_V_c2tnb359v1
};
/*
* c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 }
*/
const unsigned char ossl_der_oid_c2pnb368w1[DER_OID_SZ_c2pnb368w1] = {
DER_OID_V_c2pnb368w1
};
/*
* c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 }
*/
const unsigned char ossl_der_oid_c2tnb431r1[DER_OID_SZ_c2tnb431r1] = {
DER_OID_V_c2tnb431r1
};
/*
* prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 }
*/
const unsigned char ossl_der_oid_prime192v1[DER_OID_SZ_prime192v1] = {
DER_OID_V_prime192v1
};
/*
* prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 }
*/
const unsigned char ossl_der_oid_prime192v2[DER_OID_SZ_prime192v2] = {
DER_OID_V_prime192v2
};
/*
* prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 }
*/
const unsigned char ossl_der_oid_prime192v3[DER_OID_SZ_prime192v3] = {
DER_OID_V_prime192v3
};
/*
* prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 }
*/
const unsigned char ossl_der_oid_prime239v1[DER_OID_SZ_prime239v1] = {
DER_OID_V_prime239v1
};
/*
* prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 }
*/
const unsigned char ossl_der_oid_prime239v2[DER_OID_SZ_prime239v2] = {
DER_OID_V_prime239v2
};
/*
* prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 }
*/
const unsigned char ossl_der_oid_prime239v3[DER_OID_SZ_prime239v3] = {
DER_OID_V_prime239v3
};
/*
* prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 }
*/
const unsigned char ossl_der_oid_prime256v1[DER_OID_SZ_prime256v1] = {
DER_OID_V_prime256v1
};
/*
* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA224[DER_OID_SZ_ecdsa_with_SHA224] = {
DER_OID_V_ecdsa_with_SHA224
};
/*
* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA256[DER_OID_SZ_ecdsa_with_SHA256] = {
DER_OID_V_ecdsa_with_SHA256
};
/*
* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA384[DER_OID_SZ_ecdsa_with_SHA384] = {
DER_OID_V_ecdsa_with_SHA384
};
/*
* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA512[DER_OID_SZ_ecdsa_with_SHA512] = {
DER_OID_V_ecdsa_with_SHA512
};
/*
* id-ecdsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 9 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_224[DER_OID_SZ_id_ecdsa_with_sha3_224] = {
DER_OID_V_id_ecdsa_with_sha3_224
};
/*
* id-ecdsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 10 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_256[DER_OID_SZ_id_ecdsa_with_sha3_256] = {
DER_OID_V_id_ecdsa_with_sha3_256
};
/*
* id-ecdsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 11 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_384[DER_OID_SZ_id_ecdsa_with_sha3_384] = {
DER_OID_V_id_ecdsa_with_sha3_384
};
/*
* id-ecdsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 12 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_512[DER_OID_SZ_id_ecdsa_with_sha3_512] = {
DER_OID_V_id_ecdsa_with_sha3_512
};

44
contrib/openssl-cmake/linux_x86_64/der_ecx_gen.c
View File

@ -1,44 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_ecx_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ecx.h"
/* Well known OIDs precompiled */
/*
* id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 }
*/
const unsigned char ossl_der_oid_id_X25519[DER_OID_SZ_id_X25519] = {
DER_OID_V_id_X25519
};
/*
* id-X448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 }
*/
const unsigned char ossl_der_oid_id_X448[DER_OID_SZ_id_X448] = {
DER_OID_V_id_X448
};
/*
* id-Ed25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 }
*/
const unsigned char ossl_der_oid_id_Ed25519[DER_OID_SZ_id_Ed25519] = {
DER_OID_V_id_Ed25519
};
/*
* id-Ed448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 }
*/
const unsigned char ossl_der_oid_id_Ed448[DER_OID_SZ_id_Ed448] = {
DER_OID_V_id_Ed448
};

174
contrib/openssl-cmake/linux_x86_64/der_rsa_gen.c
View File

@ -1,174 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_rsa_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_rsa.h"
/* Well known OIDs precompiled */
/*
* hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }
*/
const unsigned char ossl_der_oid_hashAlgs[DER_OID_SZ_hashAlgs] = {
DER_OID_V_hashAlgs
};
/*
* rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
*/
const unsigned char ossl_der_oid_rsaEncryption[DER_OID_SZ_rsaEncryption] = {
DER_OID_V_rsaEncryption
};
/*
* id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 }
*/
const unsigned char ossl_der_oid_id_RSAES_OAEP[DER_OID_SZ_id_RSAES_OAEP] = {
DER_OID_V_id_RSAES_OAEP
};
/*
* id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 }
*/
const unsigned char ossl_der_oid_id_pSpecified[DER_OID_SZ_id_pSpecified] = {
DER_OID_V_id_pSpecified
};
/*
* id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 }
*/
const unsigned char ossl_der_oid_id_RSASSA_PSS[DER_OID_SZ_id_RSASSA_PSS] = {
DER_OID_V_id_RSASSA_PSS
};
/*
* md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
*/
const unsigned char ossl_der_oid_md2WithRSAEncryption[DER_OID_SZ_md2WithRSAEncryption] = {
DER_OID_V_md2WithRSAEncryption
};
/*
* md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
*/
const unsigned char ossl_der_oid_md5WithRSAEncryption[DER_OID_SZ_md5WithRSAEncryption] = {
DER_OID_V_md5WithRSAEncryption
};
/*
* sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
*/
const unsigned char ossl_der_oid_sha1WithRSAEncryption[DER_OID_SZ_sha1WithRSAEncryption] = {
DER_OID_V_sha1WithRSAEncryption
};
/*
* sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
*/
const unsigned char ossl_der_oid_sha224WithRSAEncryption[DER_OID_SZ_sha224WithRSAEncryption] = {
DER_OID_V_sha224WithRSAEncryption
};
/*
* sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
*/
const unsigned char ossl_der_oid_sha256WithRSAEncryption[DER_OID_SZ_sha256WithRSAEncryption] = {
DER_OID_V_sha256WithRSAEncryption
};
/*
* sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
*/
const unsigned char ossl_der_oid_sha384WithRSAEncryption[DER_OID_SZ_sha384WithRSAEncryption] = {
DER_OID_V_sha384WithRSAEncryption
};
/*
* sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
*/
const unsigned char ossl_der_oid_sha512WithRSAEncryption[DER_OID_SZ_sha512WithRSAEncryption] = {
DER_OID_V_sha512WithRSAEncryption
};
/*
* sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 }
*/
const unsigned char ossl_der_oid_sha512_224WithRSAEncryption[DER_OID_SZ_sha512_224WithRSAEncryption] = {
DER_OID_V_sha512_224WithRSAEncryption
};
/*
* sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 }
*/
const unsigned char ossl_der_oid_sha512_256WithRSAEncryption[DER_OID_SZ_sha512_256WithRSAEncryption] = {
DER_OID_V_sha512_256WithRSAEncryption
};
/*
* id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 }
*/
const unsigned char ossl_der_oid_id_mgf1[DER_OID_SZ_id_mgf1] = {
DER_OID_V_id_mgf1
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_224] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_224
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_256] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_256
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_384] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_384
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_512] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_512
};
/*
* md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
*/
const unsigned char ossl_der_oid_md4WithRSAEncryption[DER_OID_SZ_md4WithRSAEncryption] = {
DER_OID_V_md4WithRSAEncryption
};
/*
* ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2
* }
*/
const unsigned char ossl_der_oid_ripemd160WithRSAEncryption[DER_OID_SZ_ripemd160WithRSAEncryption] = {
DER_OID_V_ripemd160WithRSAEncryption
};
/*
* mdc2WithRSASignature OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14)
* }
*/
const unsigned char ossl_der_oid_mdc2WithRSASignature[DER_OID_SZ_mdc2WithRSASignature] = {
DER_OID_V_mdc2WithRSASignature
};

46
contrib/openssl-cmake/linux_x86_64/der_wrap_gen.c
View File

@ -1,46 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_wrap_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_wrap.h"
/* Well known OIDs precompiled */
/*
* id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6
* }
*/
const unsigned char ossl_der_oid_id_alg_CMS3DESwrap[DER_OID_SZ_id_alg_CMS3DESwrap] = {
DER_OID_V_id_alg_CMS3DESwrap
};
/*
* id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
*/
const unsigned char ossl_der_oid_id_aes128_wrap[DER_OID_SZ_id_aes128_wrap] = {
DER_OID_V_id_aes128_wrap
};
/*
* id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
*/
const unsigned char ossl_der_oid_id_aes192_wrap[DER_OID_SZ_id_aes192_wrap] = {
DER_OID_V_id_aes192_wrap
};
/*
* id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }
*/
const unsigned char ossl_der_oid_id_aes256_wrap[DER_OID_SZ_id_aes256_wrap] = {
DER_OID_V_id_aes256_wrap
};

4
docs/en/development/build-cross-s390x.md
View File

@ -10,11 +10,11 @@ As of writing (2023/3/10) building for s390x considered to be experimental. Not
## Building
As s390x does not support boringssl, it uses OpenSSL and has two related build options.
s390x has two OpenSSL-related build options.
- By default, the s390x build will dynamically link to OpenSSL libraries. It will build OpenSSL shared objects, so it's not necessary to install OpenSSL beforehand. (This option is recommended in all cases.)
- Another option is to build OpenSSL in-tree. In this case two build flags need to be supplied to cmake
```bash
-DENABLE_OPENSSL_DYNAMIC=0 -DENABLE_OPENSSL=1
-DENABLE_OPENSSL_DYNAMIC=0
```
These instructions assume that the host machine is x86_64 and has all the tooling required to build natively based on the [build instructions](../development/build.md). It also assumes that the host is Ubuntu 22.04 but the following instructions should also work on Ubuntu 20.04.

7
programs/server/Server.cpp
View File

@ -648,23 +648,22 @@ try
}
#endif
#if USE_OPENSSL_INTREE
/// When building openssl into clickhouse, clickhouse owns the configuration
/// Therefore, the clickhouse openssl configuration should be kept separate from
/// the OS. Default to the one in the standard config directory, unless overridden
/// by a key in the config.
/// Note: this has to be done once at server initialization, because 'setenv' is not thread-safe.
if (config().has("opensslconf"))
{
std::string opensslconf_path = config().getString("opensslconf");
setenv("OPENSSL_CONF", opensslconf_path.c_str(), true);
setenv("OPENSSL_CONF", opensslconf_path.c_str(), true); /// NOLINT
}
else
{
const String config_path = config().getString("config-file", "config.xml");
const auto config_dir = std::filesystem::path{config_path}.replace_filename("openssl.conf");
setenv("OPENSSL_CONF", config_dir.c_str(), true);
setenv("OPENSSL_CONF", config_dir.c_str(), true); /// NOLINT
}
#endif
registerInterpreters();
registerFunctions();

2
src/Common/config.h.in
View File

@ -55,11 +55,9 @@
#cmakedefine01 USE_KRB5
#cmakedefine01 USE_FILELOG
#cmakedefine01 USE_ODBC
#cmakedefine01 USE_BORINGSSL
#cmakedefine01 USE_BLAKE3
#cmakedefine01 USE_SKIM
#cmakedefine01 USE_PRQL
#cmakedefine01 USE_OPENSSL_INTREE
#cmakedefine01 USE_ULID
#cmakedefine01 FIU_ENABLE
#cmakedefine01 USE_BCRYPT

78
src/Compression/CompressionCodecEncrypted.cpp
View File

@ -9,17 +9,11 @@
#include <Common/logger_useful.h>
#include <Common/safe_cast.h>
// This depends on BoringSSL-specific API, notably <openssl/aead.h>.
#if USE_SSL
# include <openssl/err.h>
# include <boost/algorithm/hex.hpp>
# if USE_BORINGSSL
# include <openssl/digest.h>
# include <openssl/aead.h>
# else
# include <openssl/evp.h>
#endif
#endif
// Common part for both parts (with SSL and without)
namespace DB
@ -107,77 +101,6 @@ std::string lastErrorString()
return std::string(buffer.data());
}
#if USE_BORINGSSL
/// Get encryption/decryption algorithms.
auto getMethod(EncryptionMethod Method)
{
if (Method == AES_128_GCM_SIV)
return EVP_aead_aes_128_gcm_siv;
else if (Method == AES_256_GCM_SIV)
return EVP_aead_aes_256_gcm_siv;
else
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Unknown encryption method. Got {}", getMethodName(Method));
}
/// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
/// This function get key and nonce and encrypt text with their help.
/// If something went wrong (can't init context or can't encrypt data) it throws exception.
/// It returns length of encrypted text.
size_t encrypt(std::string_view plaintext, char * ciphertext_and_tag, EncryptionMethod method, const String & key, const String & nonce)
{
/// Init context for encryption, using key.
EVP_AEAD_CTX encrypt_ctx;
EVP_AEAD_CTX_zero(&encrypt_ctx);
const int ok_init = EVP_AEAD_CTX_init(&encrypt_ctx, getMethod(method)(),
reinterpret_cast<const uint8_t*>(key.data()), key.size(),
tag_size, nullptr);
if (!ok_init)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
/// encrypt data using context and given nonce.
size_t out_len;
const int ok_open = EVP_AEAD_CTX_seal(&encrypt_ctx,
reinterpret_cast<uint8_t *>(ciphertext_and_tag),
&out_len, plaintext.size() + tag_size,
reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
reinterpret_cast<const uint8_t *>(plaintext.data()), plaintext.size(),
nullptr, 0);
if (!ok_open)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
return out_len;
}
/// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
/// This function get key and nonce and encrypt text with their help.
/// If something went wrong (can't init context or can't encrypt data) it throws exception.
/// It returns length of encrypted text.
size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod method, const String & key, const String & nonce)
{
/// Init context for decryption with given key.
EVP_AEAD_CTX decrypt_ctx;
EVP_AEAD_CTX_zero(&decrypt_ctx);
const int ok_init = EVP_AEAD_CTX_init(&decrypt_ctx, getMethod(method)(),
reinterpret_cast<const uint8_t*>(key.data()), key.size(),
tag_size, nullptr);
if (!ok_init)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
/// decrypt data using given nonce
size_t out_len;
const int ok_open = EVP_AEAD_CTX_open(&decrypt_ctx,
reinterpret_cast<uint8_t *>(plaintext),
&out_len, ciphertext.size(),
reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
reinterpret_cast<const uint8_t *>(ciphertext.data()), ciphertext.size(),
nullptr, 0);
if (!ok_open)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
return out_len;
}
#else
/// Get encryption/decryption algorithms.
auto getMethod(EncryptionMethod Method)
{
@ -324,7 +247,6 @@ size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod m
return plaintext_len + out_len;
}
#endif
/// Register codec in factory
void registerEncryptionCodec(CompressionCodecFactory & factory, EncryptionMethod Method)

4
src/Core/MySQL/Authentication.cpp
View File

@ -184,11 +184,7 @@ void Sha256Password::authenticate(
const auto * ciphertext = reinterpret_cast<const unsigned char *>(unpack_auth_response.data());
unsigned char plaintext[RSA_size(&private_key)];
#if USE_BORINGSSL
int plaintext_size = RSA_private_decrypt(unpack_auth_response.size(), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
#else
int plaintext_size = RSA_private_decrypt(static_cast<int>(unpack_auth_response.size()), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
#endif
if (plaintext_size == -1)
{
if (!sent_public_key)

4
src/Functions/FunctionsStringHashFixedString.cpp
View File

@ -17,12 +17,8 @@
# include <openssl/md4.h>
# include <openssl/md5.h>
# include <openssl/sha.h>
# if USE_BORINGSSL
# include <openssl/digest.h>
# else
# include <openssl/evp.h>
#endif
#endif
/// Instatiating only the functions that require FunctionStringHashFixedString in a separate file
/// to better parallelize the build procedure and avoid MSan build failure

6
src/configure_config.cmake
View File

@ -158,12 +158,6 @@ endif()
if (TARGET ch_contrib::bcrypt)
set(USE_BCRYPT 1)
endif()
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
set(USE_BORINGSSL 1)
endif ()
if (ENABLE_OPENSSL)
set(USE_OPENSSL_INTREE 1)
endif ()
if (TARGET ch_contrib::ssh)
set(USE_SSH 1)
endif()