thevar1able/ClickHouse
1
0
Fork 0
mirror of https://github.com/ClickHouse/ClickHouse.git synced 2024-09-19 16:20:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix the build (after boringssl submodule removal)

Browse Source
This commit is contained in:
Robert Schulze 2024-02-10 14:35:04 +00:00
parent 0608f7662e
commit dca6e0abbd
No known key found for this signature in database
GPG Key ID: 26703B55FB13728A
19 changed files with 1307 additions and 2219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -455,8 +455,6 @@ endif ()
enable_testing() # Enable for tests without binary
option(ENABLE_OPENSSL "This option performs a build with OpenSSL. NOTE! This option is insecure and should never be used. By default, ClickHouse uses and only supports BoringSSL" OFF)
if (ARCH_S390X)
set(ENABLE_OPENSSL_DYNAMIC_DEFAULT ON)
else ()

6
contrib/CMakeLists.txt vendored
View File

@ -37,11 +37,7 @@ function(add_contrib cmake_folder)
message(STATUS "Adding contrib module ${base_folders} (configuring with ${cmake_folder})")
add_subdirectory (${cmake_folder})
endfunction()
if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
add_contrib (openssl-cmake openssl)
else ()
add_contrib (boringssl-cmake boringssl)
endif ()
add_contrib (openssl-cmake openssl)
add_contrib (miniselect-cmake miniselect)
add_contrib (pdqsort-cmake pdqsort)
add_contrib (pocketfft-cmake pocketfft)

9
contrib/krb5-cmake/CMakeLists.txt
View File

@ -224,6 +224,7 @@ set(ALL_SRCS
"${KRB5_SOURCE_DIR}/lib/crypto/krb/prf_rc4.c"
"${KRB5_SOURCE_DIR}/lib/crypto/krb/s2k_pbkdf2.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/aes.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
# "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/rc4.c"
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des3.c"
@ -474,14 +475,6 @@ set(ALL_SRCS
"${KRB5_SOURCE_DIR}/lib/krb5/krb5_libinit.c"
)
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
add_compile_definitions(USE_BORINGSSL=1)
else()
set(ALL_SRCS ${ALL_SRCS}
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
)
endif()
add_custom_command(
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/compile_et"
COMMAND /bin/sh

8
contrib/libpq-cmake/CMakeLists.txt
View File

@ -59,11 +59,9 @@ set(SRCS
add_library(_libpq ${SRCS})
if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
add_definitions(-DHAVE_BIO_METH_NEW)
add_definitions(-DHAVE_HMAC_CTX_NEW)
add_definitions(-DHAVE_HMAC_CTX_FREE)
endif ()
add_definitions(-DHAVE_BIO_METH_NEW)
add_definitions(-DHAVE_HMAC_CTX_NEW)
add_definitions(-DHAVE_HMAC_CTX_FREE)
target_include_directories (_libpq SYSTEM PUBLIC ${LIBPQ_SOURCE_DIR})
target_include_directories (_libpq SYSTEM PUBLIC "${LIBPQ_SOURCE_DIR}/include")

4
contrib/libssh-cmake/CMakeLists.txt
View File

@ -88,10 +88,6 @@ set(libssh_SRCS
${LIB_SOURCE_DIR}/src/bind_config.c
)
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
add_compile_definitions(USE_BORINGSSL=1)
endif()
configure_file(${LIB_SOURCE_DIR}/include/libssh/libssh_version.h.cmake ${LIB_BINARY_DIR}/include/libssh/libssh_version.h @ONLY)
add_library(_ssh STATIC ${libssh_SRCS})

135
contrib/openssl-cmake/CMakeLists.txt
View File

@ -1,69 +1,71 @@
# Note: ClickHouse uses BoringSSL. The presence of OpenSSL is only due to IBM's port of ClickHouse to s390x. BoringSSL does not support
# s390x, also FIPS validation provided by the OS vendor (Red Hat, Ubuntu) requires (preferrably dynamic) linking with OS packages which
# ClickHouse generally avoids.
#
# Furthermore, the in-source OpenSSL dump in this directory is due to development purposes and non FIPS-compliant.
# Actually, so many 3rd party libraries + unit tests need SSL that we cannot disable it
# without breaking the build ...
set(ENABLE_SSL 1 CACHE INTERNAL "")
# TODO: Making SSL dependent on ENABLE_LIBRARIES is desirable but needs fixing dependent libs + tests.
# option(ENABLE_SSL "Enable ssl" ${ENABLE_LIBRARIES})
if(NOT ENABLE_SSL)
message(STATUS "Not using openssl")
return()
endif()
if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
set(ENABLE_SSL 1 CACHE INTERNAL "")
set(OPENSSL_SOURCE_DIR ${ClickHouse_SOURCE_DIR}/contrib/openssl)
set(OPENSSL_BINARY_DIR ${ClickHouse_BINARY_DIR}/contrib/openssl)
set(OPENSSL_SOURCE_DIR ${ClickHouse_SOURCE_DIR}/contrib/openssl)
set(OPENSSL_BINARY_DIR ${ClickHouse_BINARY_DIR}/contrib/openssl)
set(OPENSSLDIR "/etc/ssl" CACHE PATH "Set the default openssl directory")
set(OPENSSL_ENGINESDIR "/usr/local/lib/engines-3" CACHE PATH "Set the default openssl directory for engines")
set(OPENSSL_MODULESDIR "/usr/local/lib/ossl-modules" CACHE PATH "Set the default openssl directory for modules")
set(OPENSSLDIR "/etc/ssl" CACHE PATH "Set the default openssl directory")
set(OPENSSL_ENGINESDIR "/usr/local/lib/engines-3" CACHE PATH "Set the default openssl directory for engines")
set(OPENSSL_MODULESDIR "/usr/local/lib/ossl-modules" CACHE PATH "Set the default openssl directory for modules")
add_definitions(-DOPENSSL_NO_SCTP -DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DDEVRANDOM="/dev/urandom")
target_compile_options(global-group INTERFACE "-Wno-deprecated-declarations")
target_compile_options(global-group INTERFACE "-Wno-poison-system-directories")
add_definitions(-DOPENSSL_NO_SCTP -DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DDEVRANDOM="/dev/urandom")
target_compile_options(global-group INTERFACE "-Wno-deprecated-declarations")
target_compile_options(global-group INTERFACE "-Wno-poison-system-directories")
if(ARCH_AMD64)
if(ARCH_AMD64)
set(PLATFORM_DIRECTORY linux_x86_64)
add_definitions(-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -DL_ENDIAN)
elseif(ARCH_AARCH64)
elseif(ARCH_AARCH64)
set(PLATFORM_DIRECTORY linux_aarch64)
add_definitions(-DECP_NISTZ256_ASM -DKECCAK1600_ASM -DOPENSSL_BN_ASM_MONT -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DOPENSSL_USE_NODELETE -DL_ENDIAN)
elseif(ARCH_PPC64LE)
elseif(ARCH_PPC64LE)
set(PLATFORM_DIRECTORY linux_ppc64le)
add_definitions(-DAES_ASM -DECP_NISTP521_ASM -DECP_NISTZ256_ASM -DKECCAK1600_ASM -DOPENSSL_BN_ASM_MONT -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DX25519_ASM -DL_ENDIAN)
elseif(ARCH_S390X)
elseif(ARCH_S390X)
set(PLATFORM_DIRECTORY linux_s390x)
add_definitions(-DAES_ASM -DAES_CTR_ASM -DAES_XTS_ASM -DGHASH_ASM -DKECCAK1600_ASM -DOPENSSL_BN_ASM_MONT -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DS390X_EC_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DB_ENDIAN)
endif()
endif()
file(STRINGS "${PLATFORM_DIRECTORY}/include/openssl/opensslv.h" OPENSSL_VERSION_STR
file(STRINGS "${PLATFORM_DIRECTORY}/include/openssl/opensslv.h" OPENSSL_VERSION_STR
REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_STR[\t ]+\"([0-9])+\\.([0-9])+\\.([0-9])+\".*")
string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$"
string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$"
"\\1" OPENSSL_VERSION_STR "${OPENSSL_VERSION_STR}")
set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}")
set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}")
string(REGEX MATCHALL "([0-9])+" OPENSSL_VERSION_NUMBER "${OPENSSL_VERSION}")
list(POP_FRONT OPENSSL_VERSION_NUMBER
string(REGEX MATCHALL "([0-9])+" OPENSSL_VERSION_NUMBER "${OPENSSL_VERSION}")
list(POP_FRONT OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_FIX)
unset(OPENSSL_VERSION_NUMBER)
unset(OPENSSL_VERSION_STR)
unset(OPENSSL_VERSION_NUMBER)
unset(OPENSSL_VERSION_STR)
message(STATUS "OpenSSL version ${OPENSSL_VERSION}")
message(STATUS "OpenSSL version ${OPENSSL_VERSION}")
set(VERSION_MAJOR ${OPENSSL_VERSION_MAJOR})
set(VERSION_MINOR ${OPENSSL_VERSION_MINOR})
set(VERSION_PATCH ${OPENSSL_VERSION_FIX})
set(VERSION_MAJOR ${OPENSSL_VERSION_MAJOR})
set(VERSION_MINOR ${OPENSSL_VERSION_MINOR})
set(VERSION_PATCH ${OPENSSL_VERSION_FIX})
set(VERSION_STRING ${OPENSSL_VERSION})
set(LIB_VERSION ${VERSION_MAJOR})
set(LIB_SOVERSION ${VERSION_MAJOR})
set(VERSION_STRING ${OPENSSL_VERSION})
set(LIB_VERSION ${VERSION_MAJOR})
set(LIB_SOVERSION ${VERSION_MAJOR})
enable_language(ASM)
enable_language(ASM)
if(COMPILER_CLANG)
if(COMPILER_CLANG)
add_definitions(-Wno-unused-command-line-argument)
endif()
endif()
if(ARCH_AMD64)
if(ARCH_AMD64)
if(OS_DARWIN)
set(OPENSSL_SYSTEM "macosx")
endif()
@ -104,7 +106,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-x86_64.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-x86_64.s) # This is not a mistake
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-x86_64.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512-x86_64.s)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/whrlpool/asm/wp-x86_64.pl ${OPENSSL_BINARY_DIR}/crypto/whrlpool/wp-x86_64.s)
elseif(ARCH_AARCH64)
elseif(ARCH_AARCH64)
macro(perl_generate_asm FILE_IN FILE_OUT)
add_custom_command(OUTPUT ${FILE_OUT}
COMMAND /usr/bin/env perl ${FILE_IN} "linux64" ${FILE_OUT})
@ -123,7 +125,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-armv8.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-armv8.S) # This is not a mistake
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-armv8.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512-armv8.S)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/modes/asm/aes-gcm-armv8_64.pl ${OPENSSL_BINARY_DIR}/crypto/modes/asm/aes-gcm-armv8_64.S)
elseif(ARCH_PPC64LE)
elseif(ARCH_PPC64LE)
macro(perl_generate_asm FILE_IN FILE_OUT)
add_custom_command(OUTPUT ${FILE_OUT}
COMMAND /usr/bin/env perl ${FILE_IN} "linux64v2" ${FILE_OUT})
@ -150,7 +152,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-ppc.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-ppc.s)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512p8-ppc.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512p8-ppc.s)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512p8-ppc.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256p8-ppc.s)
elseif(ARCH_S390X)
elseif(ARCH_S390X)
macro(perl_generate_asm FILE_IN FILE_OUT)
add_custom_command(OUTPUT ${FILE_OUT}
COMMAND /usr/bin/env perl ${FILE_IN} "linux64" ${FILE_OUT})
@ -168,9 +170,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha1-s390x.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha1-s390x.S)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-s390x.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512-s390x.S)
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-s390x.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-s390x.S)
endif()
endif()
set(CRYPTO_SRC
set(CRYPTO_SRC
der_digests_gen.c
der_dsa_gen.c
der_ec_gen.c
@ -201,8 +203,8 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/ciphercommon_hw.c
${OPENSSL_SOURCE_DIR}/providers/implementations/digests/digestcommon.c
${OPENSSL_SOURCE_DIR}/ssl/record/tls_pad.c
)
set(CRYPTO_SRC ${CRYPTO_SRC}
)
set(CRYPTO_SRC ${CRYPTO_SRC}
${OPENSSL_SOURCE_DIR}/providers/common/der/der_rsa_sig.c
${OPENSSL_SOURCE_DIR}/providers/implementations/asymciphers/rsa_enc.c
${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aes.c
@ -340,8 +342,8 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_SOURCE_DIR}/providers/implementations/storemgmt/file_store.c
${OPENSSL_SOURCE_DIR}/providers/implementations/storemgmt/file_store_any2obj.c
${OPENSSL_SOURCE_DIR}/ssl/s3_cbc.c
)
set(CRYPTO_SRC ${CRYPTO_SRC}
)
set(CRYPTO_SRC ${CRYPTO_SRC}
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cfb.c
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_ecb.c
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_ige.c
@ -1070,9 +1072,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_SOURCE_DIR}/providers/defltprov.c
${OPENSSL_SOURCE_DIR}/providers/nullprov.c
${OPENSSL_SOURCE_DIR}/providers/prov_running.c
)
)
if(ARCH_AMD64)
if(ARCH_AMD64)
set(CRYPTO_SRC ${CRYPTO_SRC}
${OPENSSL_SOURCE_DIR}/crypto/bn/asm/x86_64-gcc.c
${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp.c
@ -1111,7 +1113,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_BINARY_DIR}/crypto/sha/sha256-x86_64.s
${OPENSSL_BINARY_DIR}/crypto/sha/sha512-x86_64.s
${OPENSSL_BINARY_DIR}/crypto/whrlpool/wp-x86_64.s)
elseif(ARCH_AARCH64)
elseif(ARCH_AARCH64)
set(CRYPTO_SRC ${CRYPTO_SRC}
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c
@ -1139,7 +1141,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_BINARY_DIR}/crypto/sha/sha256-armv8.S
${OPENSSL_BINARY_DIR}/crypto/sha/sha512-armv8.S
${OPENSSL_BINARY_DIR}/crypto/modes/asm/aes-gcm-armv8_64.S)
elseif(ARCH_PPC64LE)
elseif(ARCH_PPC64LE)
set(CRYPTO_SRC ${CRYPTO_SRC}
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c
@ -1179,7 +1181,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c
)
elseif(ARCH_S390X)
elseif(ARCH_S390X)
set(CRYPTO_SRC ${CRYPTO_SRC}
${OPENSSL_SOURCE_DIR}/crypto/s390xcap.c
${OPENSSL_BINARY_DIR}/crypto/aes/aesv8-armx.S
@ -1202,9 +1204,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c
)
endif()
endif()
set(SSL_SRC
set(SSL_SRC
${OPENSSL_SOURCE_DIR}/crypto/packet.c
${OPENSSL_SOURCE_DIR}/ssl/bio_ssl.c
${OPENSSL_SOURCE_DIR}/ssl/d1_lib.c
@ -1253,9 +1255,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
${OPENSSL_SOURCE_DIR}/ssl/statem/statem_dtls.c
${OPENSSL_SOURCE_DIR}/ssl/statem/statem_lib.c
${OPENSSL_SOURCE_DIR}/ssl/statem/statem_srvr.c
)
)
if(ENABLE_OPENSSL_DYNAMIC)
if(ENABLE_OPENSSL_DYNAMIC)
add_library(crypto SHARED ${CRYPTO_SRC})
set_target_properties(crypto PROPERTIES VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}")
set_target_properties(crypto PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/programs)
@ -1263,16 +1265,16 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
add_library(ssl SHARED ${SSL_SRC})
set_target_properties(ssl PROPERTIES VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}")
set_target_properties(ssl PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/programs)
else()
else()
add_library(crypto ${CRYPTO_SRC})
add_library(ssl ${SSL_SRC})
endif()
endif()
target_include_directories(crypto
target_include_directories(crypto
SYSTEM PUBLIC "${PLATFORM_DIRECTORY}/include"
PRIVATE "${PLATFORM_DIRECTORY}/include_private")
target_include_directories(crypto
target_include_directories(crypto
SYSTEM PUBLIC ${OPENSSL_SOURCE_DIR}/include
PRIVATE ${OPENSSL_SOURCE_DIR}/providers/common/include
PRIVATE ${OPENSSL_SOURCE_DIR}/providers/implementations/include
@ -1283,15 +1285,12 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
PRIVATE ${OPENSSL_SOURCE_DIR}/crypto/ec/curve448/arch_64
PRIVATE ${OPENSSL_SOURCE_DIR})
target_include_directories(ssl
target_include_directories(ssl
PRIVATE ${OPENSSL_SOURCE_DIR})
target_link_libraries(ssl crypto)
target_link_libraries(ssl crypto)
add_library(OpenSSL::Crypto ALIAS crypto)
add_library(OpenSSL::SSL ALIAS ssl)
add_library(OpenSSL::Crypto ALIAS crypto)
add_library(OpenSSL::SSL ALIAS ssl)
if(ENABLE_OPENSSL)
install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse)
endif()
endif()
install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse)

160
contrib/openssl-cmake/linux_x86_64/der_digests_gen.c
View File

@ -1,160 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_digests_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_digests.h"
/* Well known OIDs precompiled */
/*
* sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
*/
const unsigned char ossl_der_oid_sigAlgs[DER_OID_SZ_sigAlgs] = {
DER_OID_V_sigAlgs
};
/*
* id-sha1 OBJECT IDENTIFIER ::= { iso(1)
* identified-organization(3) oiw(14)
* secsig(3) algorithms(2) 26 }
*/
const unsigned char ossl_der_oid_id_sha1[DER_OID_SZ_id_sha1] = {
DER_OID_V_id_sha1
};
/*
* id-md2 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
*/
const unsigned char ossl_der_oid_id_md2[DER_OID_SZ_id_md2] = {
DER_OID_V_id_md2
};
/*
* id-md5 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }
*/
const unsigned char ossl_der_oid_id_md5[DER_OID_SZ_id_md5] = {
DER_OID_V_id_md5
};
/*
* id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
*/
const unsigned char ossl_der_oid_id_sha256[DER_OID_SZ_id_sha256] = {
DER_OID_V_id_sha256
};
/*
* id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
*/
const unsigned char ossl_der_oid_id_sha384[DER_OID_SZ_id_sha384] = {
DER_OID_V_id_sha384
};
/*
* id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
*/
const unsigned char ossl_der_oid_id_sha512[DER_OID_SZ_id_sha512] = {
DER_OID_V_id_sha512
};
/*
* id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
*/
const unsigned char ossl_der_oid_id_sha224[DER_OID_SZ_id_sha224] = {
DER_OID_V_id_sha224
};
/*
* id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }
*/
const unsigned char ossl_der_oid_id_sha512_224[DER_OID_SZ_id_sha512_224] = {
DER_OID_V_id_sha512_224
};
/*
* id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }
*/
const unsigned char ossl_der_oid_id_sha512_256[DER_OID_SZ_id_sha512_256] = {
DER_OID_V_id_sha512_256
};
/*
* id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }
*/
const unsigned char ossl_der_oid_id_sha3_224[DER_OID_SZ_id_sha3_224] = {
DER_OID_V_id_sha3_224
};
/*
* id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }
*/
const unsigned char ossl_der_oid_id_sha3_256[DER_OID_SZ_id_sha3_256] = {
DER_OID_V_id_sha3_256
};
/*
* id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }
*/
const unsigned char ossl_der_oid_id_sha3_384[DER_OID_SZ_id_sha3_384] = {
DER_OID_V_id_sha3_384
};
/*
* id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }
*/
const unsigned char ossl_der_oid_id_sha3_512[DER_OID_SZ_id_sha3_512] = {
DER_OID_V_id_sha3_512
};
/*
* id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }
*/
const unsigned char ossl_der_oid_id_shake128[DER_OID_SZ_id_shake128] = {
DER_OID_V_id_shake128
};
/*
* id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }
*/
const unsigned char ossl_der_oid_id_shake256[DER_OID_SZ_id_shake256] = {
DER_OID_V_id_shake256
};
/*
* id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }
*/
const unsigned char ossl_der_oid_id_shake128_len[DER_OID_SZ_id_shake128_len] = {
DER_OID_V_id_shake128_len
};
/*
* id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }
*/
const unsigned char ossl_der_oid_id_shake256_len[DER_OID_SZ_id_shake256_len] = {
DER_OID_V_id_shake256_len
};
/*
* id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19}
*/
const unsigned char ossl_der_oid_id_KMACWithSHAKE128[DER_OID_SZ_id_KMACWithSHAKE128] = {
DER_OID_V_id_KMACWithSHAKE128
};
/*
* id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20}
*/
const unsigned char ossl_der_oid_id_KMACWithSHAKE256[DER_OID_SZ_id_KMACWithSHAKE256] = {
DER_OID_V_id_KMACWithSHAKE256
};

94
contrib/openssl-cmake/linux_x86_64/der_dsa_gen.c
View File

@ -1,94 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_dsa_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* DSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include "prov/der_dsa.h"
/* Well known OIDs precompiled */
/*
* id-dsa OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
*/
const unsigned char ossl_der_oid_id_dsa[DER_OID_SZ_id_dsa] = {
DER_OID_V_id_dsa
};
/*
* id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha1[DER_OID_SZ_id_dsa_with_sha1] = {
DER_OID_V_id_dsa_with_sha1
};
/*
* id-dsa-with-sha224 OBJECT IDENTIFIER ::= { sigAlgs 1 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha224[DER_OID_SZ_id_dsa_with_sha224] = {
DER_OID_V_id_dsa_with_sha224
};
/*
* id-dsa-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 2 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha256[DER_OID_SZ_id_dsa_with_sha256] = {
DER_OID_V_id_dsa_with_sha256
};
/*
* id-dsa-with-sha384 OBJECT IDENTIFIER ::= { sigAlgs 3 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha384[DER_OID_SZ_id_dsa_with_sha384] = {
DER_OID_V_id_dsa_with_sha384
};
/*
* id-dsa-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 4 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha512[DER_OID_SZ_id_dsa_with_sha512] = {
DER_OID_V_id_dsa_with_sha512
};
/*
* id-dsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 5 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_224[DER_OID_SZ_id_dsa_with_sha3_224] = {
DER_OID_V_id_dsa_with_sha3_224
};
/*
* id-dsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 6 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_256[DER_OID_SZ_id_dsa_with_sha3_256] = {
DER_OID_V_id_dsa_with_sha3_256
};
/*
* id-dsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 7 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_384[DER_OID_SZ_id_dsa_with_sha3_384] = {
DER_OID_V_id_dsa_with_sha3_384
};
/*
* id-dsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 8 }
*/
const unsigned char ossl_der_oid_id_dsa_with_sha3_512[DER_OID_SZ_id_dsa_with_sha3_512] = {
DER_OID_V_id_dsa_with_sha3_512
};

279
contrib/openssl-cmake/linux_x86_64/der_ec_gen.c
View File

@ -1,279 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_ec_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ec.h"
/* Well known OIDs precompiled */
/*
* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA1[DER_OID_SZ_ecdsa_with_SHA1] = {
DER_OID_V_ecdsa_with_SHA1
};
/*
* id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
*/
const unsigned char ossl_der_oid_id_ecPublicKey[DER_OID_SZ_id_ecPublicKey] = {
DER_OID_V_id_ecPublicKey
};
/*
* c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 }
*/
const unsigned char ossl_der_oid_c2pnb163v1[DER_OID_SZ_c2pnb163v1] = {
DER_OID_V_c2pnb163v1
};
/*
* c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 }
*/
const unsigned char ossl_der_oid_c2pnb163v2[DER_OID_SZ_c2pnb163v2] = {
DER_OID_V_c2pnb163v2
};
/*
* c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 }
*/
const unsigned char ossl_der_oid_c2pnb163v3[DER_OID_SZ_c2pnb163v3] = {
DER_OID_V_c2pnb163v3
};
/*
* c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 }
*/
const unsigned char ossl_der_oid_c2pnb176w1[DER_OID_SZ_c2pnb176w1] = {
DER_OID_V_c2pnb176w1
};
/*
* c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 }
*/
const unsigned char ossl_der_oid_c2tnb191v1[DER_OID_SZ_c2tnb191v1] = {
DER_OID_V_c2tnb191v1
};
/*
* c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 }
*/
const unsigned char ossl_der_oid_c2tnb191v2[DER_OID_SZ_c2tnb191v2] = {
DER_OID_V_c2tnb191v2
};
/*
* c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 }
*/
const unsigned char ossl_der_oid_c2tnb191v3[DER_OID_SZ_c2tnb191v3] = {
DER_OID_V_c2tnb191v3
};
/*
* c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 }
*/
const unsigned char ossl_der_oid_c2onb191v4[DER_OID_SZ_c2onb191v4] = {
DER_OID_V_c2onb191v4
};
/*
* c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 }
*/
const unsigned char ossl_der_oid_c2onb191v5[DER_OID_SZ_c2onb191v5] = {
DER_OID_V_c2onb191v5
};
/*
* c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 }
*/
const unsigned char ossl_der_oid_c2pnb208w1[DER_OID_SZ_c2pnb208w1] = {
DER_OID_V_c2pnb208w1
};
/*
* c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 }
*/
const unsigned char ossl_der_oid_c2tnb239v1[DER_OID_SZ_c2tnb239v1] = {
DER_OID_V_c2tnb239v1
};
/*
* c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 }
*/
const unsigned char ossl_der_oid_c2tnb239v2[DER_OID_SZ_c2tnb239v2] = {
DER_OID_V_c2tnb239v2
};
/*
* c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 }
*/
const unsigned char ossl_der_oid_c2tnb239v3[DER_OID_SZ_c2tnb239v3] = {
DER_OID_V_c2tnb239v3
};
/*
* c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 }
*/
const unsigned char ossl_der_oid_c2onb239v4[DER_OID_SZ_c2onb239v4] = {
DER_OID_V_c2onb239v4
};
/*
* c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 }
*/
const unsigned char ossl_der_oid_c2onb239v5[DER_OID_SZ_c2onb239v5] = {
DER_OID_V_c2onb239v5
};
/*
* c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 }
*/
const unsigned char ossl_der_oid_c2pnb272w1[DER_OID_SZ_c2pnb272w1] = {
DER_OID_V_c2pnb272w1
};
/*
* c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 }
*/
const unsigned char ossl_der_oid_c2pnb304w1[DER_OID_SZ_c2pnb304w1] = {
DER_OID_V_c2pnb304w1
};
/*
* c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 }
*/
const unsigned char ossl_der_oid_c2tnb359v1[DER_OID_SZ_c2tnb359v1] = {
DER_OID_V_c2tnb359v1
};
/*
* c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 }
*/
const unsigned char ossl_der_oid_c2pnb368w1[DER_OID_SZ_c2pnb368w1] = {
DER_OID_V_c2pnb368w1
};
/*
* c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 }
*/
const unsigned char ossl_der_oid_c2tnb431r1[DER_OID_SZ_c2tnb431r1] = {
DER_OID_V_c2tnb431r1
};
/*
* prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 }
*/
const unsigned char ossl_der_oid_prime192v1[DER_OID_SZ_prime192v1] = {
DER_OID_V_prime192v1
};
/*
* prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 }
*/
const unsigned char ossl_der_oid_prime192v2[DER_OID_SZ_prime192v2] = {
DER_OID_V_prime192v2
};
/*
* prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 }
*/
const unsigned char ossl_der_oid_prime192v3[DER_OID_SZ_prime192v3] = {
DER_OID_V_prime192v3
};
/*
* prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 }
*/
const unsigned char ossl_der_oid_prime239v1[DER_OID_SZ_prime239v1] = {
DER_OID_V_prime239v1
};
/*
* prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 }
*/
const unsigned char ossl_der_oid_prime239v2[DER_OID_SZ_prime239v2] = {
DER_OID_V_prime239v2
};
/*
* prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 }
*/
const unsigned char ossl_der_oid_prime239v3[DER_OID_SZ_prime239v3] = {
DER_OID_V_prime239v3
};
/*
* prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 }
*/
const unsigned char ossl_der_oid_prime256v1[DER_OID_SZ_prime256v1] = {
DER_OID_V_prime256v1
};
/*
* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA224[DER_OID_SZ_ecdsa_with_SHA224] = {
DER_OID_V_ecdsa_with_SHA224
};
/*
* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA256[DER_OID_SZ_ecdsa_with_SHA256] = {
DER_OID_V_ecdsa_with_SHA256
};
/*
* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA384[DER_OID_SZ_ecdsa_with_SHA384] = {
DER_OID_V_ecdsa_with_SHA384
};
/*
* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
*/
const unsigned char ossl_der_oid_ecdsa_with_SHA512[DER_OID_SZ_ecdsa_with_SHA512] = {
DER_OID_V_ecdsa_with_SHA512
};
/*
* id-ecdsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 9 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_224[DER_OID_SZ_id_ecdsa_with_sha3_224] = {
DER_OID_V_id_ecdsa_with_sha3_224
};
/*
* id-ecdsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 10 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_256[DER_OID_SZ_id_ecdsa_with_sha3_256] = {
DER_OID_V_id_ecdsa_with_sha3_256
};
/*
* id-ecdsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 11 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_384[DER_OID_SZ_id_ecdsa_with_sha3_384] = {
DER_OID_V_id_ecdsa_with_sha3_384
};
/*
* id-ecdsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 12 }
*/
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_512[DER_OID_SZ_id_ecdsa_with_sha3_512] = {
DER_OID_V_id_ecdsa_with_sha3_512
};

44
contrib/openssl-cmake/linux_x86_64/der_ecx_gen.c
View File

@ -1,44 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_ecx_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_ecx.h"
/* Well known OIDs precompiled */
/*
* id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 }
*/
const unsigned char ossl_der_oid_id_X25519[DER_OID_SZ_id_X25519] = {
DER_OID_V_id_X25519
};
/*
* id-X448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 }
*/
const unsigned char ossl_der_oid_id_X448[DER_OID_SZ_id_X448] = {
DER_OID_V_id_X448
};
/*
* id-Ed25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 }
*/
const unsigned char ossl_der_oid_id_Ed25519[DER_OID_SZ_id_Ed25519] = {
DER_OID_V_id_Ed25519
};
/*
* id-Ed448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 }
*/
const unsigned char ossl_der_oid_id_Ed448[DER_OID_SZ_id_Ed448] = {
DER_OID_V_id_Ed448
};

174
contrib/openssl-cmake/linux_x86_64/der_rsa_gen.c
View File

@ -1,174 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_rsa_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_rsa.h"
/* Well known OIDs precompiled */
/*
* hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }
*/
const unsigned char ossl_der_oid_hashAlgs[DER_OID_SZ_hashAlgs] = {
DER_OID_V_hashAlgs
};
/*
* rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
*/
const unsigned char ossl_der_oid_rsaEncryption[DER_OID_SZ_rsaEncryption] = {
DER_OID_V_rsaEncryption
};
/*
* id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 }
*/
const unsigned char ossl_der_oid_id_RSAES_OAEP[DER_OID_SZ_id_RSAES_OAEP] = {
DER_OID_V_id_RSAES_OAEP
};
/*
* id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 }
*/
const unsigned char ossl_der_oid_id_pSpecified[DER_OID_SZ_id_pSpecified] = {
DER_OID_V_id_pSpecified
};
/*
* id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 }
*/
const unsigned char ossl_der_oid_id_RSASSA_PSS[DER_OID_SZ_id_RSASSA_PSS] = {
DER_OID_V_id_RSASSA_PSS
};
/*
* md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
*/
const unsigned char ossl_der_oid_md2WithRSAEncryption[DER_OID_SZ_md2WithRSAEncryption] = {
DER_OID_V_md2WithRSAEncryption
};
/*
* md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
*/
const unsigned char ossl_der_oid_md5WithRSAEncryption[DER_OID_SZ_md5WithRSAEncryption] = {
DER_OID_V_md5WithRSAEncryption
};
/*
* sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
*/
const unsigned char ossl_der_oid_sha1WithRSAEncryption[DER_OID_SZ_sha1WithRSAEncryption] = {
DER_OID_V_sha1WithRSAEncryption
};
/*
* sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
*/
const unsigned char ossl_der_oid_sha224WithRSAEncryption[DER_OID_SZ_sha224WithRSAEncryption] = {
DER_OID_V_sha224WithRSAEncryption
};
/*
* sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
*/
const unsigned char ossl_der_oid_sha256WithRSAEncryption[DER_OID_SZ_sha256WithRSAEncryption] = {
DER_OID_V_sha256WithRSAEncryption
};
/*
* sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
*/
const unsigned char ossl_der_oid_sha384WithRSAEncryption[DER_OID_SZ_sha384WithRSAEncryption] = {
DER_OID_V_sha384WithRSAEncryption
};
/*
* sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
*/
const unsigned char ossl_der_oid_sha512WithRSAEncryption[DER_OID_SZ_sha512WithRSAEncryption] = {
DER_OID_V_sha512WithRSAEncryption
};
/*
* sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 }
*/
const unsigned char ossl_der_oid_sha512_224WithRSAEncryption[DER_OID_SZ_sha512_224WithRSAEncryption] = {
DER_OID_V_sha512_224WithRSAEncryption
};
/*
* sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 }
*/
const unsigned char ossl_der_oid_sha512_256WithRSAEncryption[DER_OID_SZ_sha512_256WithRSAEncryption] = {
DER_OID_V_sha512_256WithRSAEncryption
};
/*
* id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 }
*/
const unsigned char ossl_der_oid_id_mgf1[DER_OID_SZ_id_mgf1] = {
DER_OID_V_id_mgf1
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_224] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_224
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_256] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_256
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_384] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_384
};
/*
* id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 }
*/
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_512] = {
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_512
};
/*
* md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
*/
const unsigned char ossl_der_oid_md4WithRSAEncryption[DER_OID_SZ_md4WithRSAEncryption] = {
DER_OID_V_md4WithRSAEncryption
};
/*
* ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2
* }
*/
const unsigned char ossl_der_oid_ripemd160WithRSAEncryption[DER_OID_SZ_ripemd160WithRSAEncryption] = {
DER_OID_V_ripemd160WithRSAEncryption
};
/*
* mdc2WithRSASignature OBJECT IDENTIFIER ::= {
* iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14)
* }
*/
const unsigned char ossl_der_oid_mdc2WithRSASignature[DER_OID_SZ_mdc2WithRSASignature] = {
DER_OID_V_mdc2WithRSASignature
};

46
contrib/openssl-cmake/linux_x86_64/der_wrap_gen.c
View File

@ -1,46 +0,0 @@
/*
* WARNING: do not edit!
* Generated by Makefile from ../providers/common/der/der_wrap_gen.c.in
*
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "prov/der_wrap.h"
/* Well known OIDs precompiled */
/*
* id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6
* }
*/
const unsigned char ossl_der_oid_id_alg_CMS3DESwrap[DER_OID_SZ_id_alg_CMS3DESwrap] = {
DER_OID_V_id_alg_CMS3DESwrap
};
/*
* id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
*/
const unsigned char ossl_der_oid_id_aes128_wrap[DER_OID_SZ_id_aes128_wrap] = {
DER_OID_V_id_aes128_wrap
};
/*
* id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
*/
const unsigned char ossl_der_oid_id_aes192_wrap[DER_OID_SZ_id_aes192_wrap] = {
DER_OID_V_id_aes192_wrap
};
/*
* id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }
*/
const unsigned char ossl_der_oid_id_aes256_wrap[DER_OID_SZ_id_aes256_wrap] = {
DER_OID_V_id_aes256_wrap
};

4
docs/en/development/build-cross-s390x.md
View File

@ -10,11 +10,11 @@ As of writing (2023/3/10) building for s390x considered to be experimental. Not
## Building
As s390x does not support boringssl, it uses OpenSSL and has two related build options.
s390x has two OpenSSL-related build options.
- By default, the s390x build will dynamically link to OpenSSL libraries. It will build OpenSSL shared objects, so it's not necessary to install OpenSSL beforehand. (This option is recommended in all cases.)
- Another option is to build OpenSSL in-tree. In this case two build flags need to be supplied to cmake
```bash
-DENABLE_OPENSSL_DYNAMIC=0 -DENABLE_OPENSSL=1
-DENABLE_OPENSSL_DYNAMIC=0
```
These instructions assume that the host machine is x86_64 and has all the tooling required to build natively based on the [build instructions](../development/build.md). It also assumes that the host is Ubuntu 22.04 but the following instructions should also work on Ubuntu 20.04.

7
programs/server/Server.cpp
View File

@ -648,23 +648,22 @@ try
}
#endif
#if USE_OPENSSL_INTREE
/// When building openssl into clickhouse, clickhouse owns the configuration
/// Therefore, the clickhouse openssl configuration should be kept separate from
/// the OS. Default to the one in the standard config directory, unless overridden
/// by a key in the config.
/// Note: this has to be done once at server initialization, because 'setenv' is not thread-safe.
if (config().has("opensslconf"))
{
std::string opensslconf_path = config().getString("opensslconf");
setenv("OPENSSL_CONF", opensslconf_path.c_str(), true);
setenv("OPENSSL_CONF", opensslconf_path.c_str(), true); /// NOLINT
}
else
{
const String config_path = config().getString("config-file", "config.xml");
const auto config_dir = std::filesystem::path{config_path}.replace_filename("openssl.conf");
setenv("OPENSSL_CONF", config_dir.c_str(), true);
setenv("OPENSSL_CONF", config_dir.c_str(), true); /// NOLINT
}
#endif
registerInterpreters();
registerFunctions();

2
src/Common/config.h.in
View File

@ -55,11 +55,9 @@
#cmakedefine01 USE_KRB5
#cmakedefine01 USE_FILELOG
#cmakedefine01 USE_ODBC
#cmakedefine01 USE_BORINGSSL
#cmakedefine01 USE_BLAKE3
#cmakedefine01 USE_SKIM
#cmakedefine01 USE_PRQL
#cmakedefine01 USE_OPENSSL_INTREE
#cmakedefine01 USE_ULID
#cmakedefine01 FIU_ENABLE
#cmakedefine01 USE_BCRYPT

78
src/Compression/CompressionCodecEncrypted.cpp
View File

@ -9,16 +9,10 @@
#include <Common/logger_useful.h>
#include <Common/safe_cast.h>
// This depends on BoringSSL-specific API, notably <openssl/aead.h>.
#if USE_SSL
# include <openssl/err.h>
# include <boost/algorithm/hex.hpp>
# if USE_BORINGSSL
# include <openssl/digest.h>
# include <openssl/aead.h>
# else
# include <openssl/evp.h>
# endif
#endif
// Common part for both parts (with SSL and without)
@ -107,77 +101,6 @@ std::string lastErrorString()
return std::string(buffer.data());
}
#if USE_BORINGSSL
/// Get encryption/decryption algorithms.
auto getMethod(EncryptionMethod Method)
{
if (Method == AES_128_GCM_SIV)
return EVP_aead_aes_128_gcm_siv;
else if (Method == AES_256_GCM_SIV)
return EVP_aead_aes_256_gcm_siv;
else
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Unknown encryption method. Got {}", getMethodName(Method));
}
/// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
/// This function get key and nonce and encrypt text with their help.
/// If something went wrong (can't init context or can't encrypt data) it throws exception.
/// It returns length of encrypted text.
size_t encrypt(std::string_view plaintext, char * ciphertext_and_tag, EncryptionMethod method, const String & key, const String & nonce)
{
/// Init context for encryption, using key.
EVP_AEAD_CTX encrypt_ctx;
EVP_AEAD_CTX_zero(&encrypt_ctx);
const int ok_init = EVP_AEAD_CTX_init(&encrypt_ctx, getMethod(method)(),
reinterpret_cast<const uint8_t*>(key.data()), key.size(),
tag_size, nullptr);
if (!ok_init)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
/// encrypt data using context and given nonce.
size_t out_len;
const int ok_open = EVP_AEAD_CTX_seal(&encrypt_ctx,
reinterpret_cast<uint8_t *>(ciphertext_and_tag),
&out_len, plaintext.size() + tag_size,
reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
reinterpret_cast<const uint8_t *>(plaintext.data()), plaintext.size(),
nullptr, 0);
if (!ok_open)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
return out_len;
}
/// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
/// This function get key and nonce and encrypt text with their help.
/// If something went wrong (can't init context or can't encrypt data) it throws exception.
/// It returns length of encrypted text.
size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod method, const String & key, const String & nonce)
{
/// Init context for decryption with given key.
EVP_AEAD_CTX decrypt_ctx;
EVP_AEAD_CTX_zero(&decrypt_ctx);
const int ok_init = EVP_AEAD_CTX_init(&decrypt_ctx, getMethod(method)(),
reinterpret_cast<const uint8_t*>(key.data()), key.size(),
tag_size, nullptr);
if (!ok_init)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
/// decrypt data using given nonce
size_t out_len;
const int ok_open = EVP_AEAD_CTX_open(&decrypt_ctx,
reinterpret_cast<uint8_t *>(plaintext),
&out_len, ciphertext.size(),
reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
reinterpret_cast<const uint8_t *>(ciphertext.data()), ciphertext.size(),
nullptr, 0);
if (!ok_open)
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
return out_len;
}
#else
/// Get encryption/decryption algorithms.
auto getMethod(EncryptionMethod Method)
{
@ -324,7 +247,6 @@ size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod m
return plaintext_len + out_len;
}
#endif
/// Register codec in factory
void registerEncryptionCodec(CompressionCodecFactory & factory, EncryptionMethod Method)

4
src/Core/MySQL/Authentication.cpp
View File

@ -184,11 +184,7 @@ void Sha256Password::authenticate(
const auto * ciphertext = reinterpret_cast<const unsigned char *>(unpack_auth_response.data());
unsigned char plaintext[RSA_size(&private_key)];
#if USE_BORINGSSL
int plaintext_size = RSA_private_decrypt(unpack_auth_response.size(), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
#else
int plaintext_size = RSA_private_decrypt(static_cast<int>(unpack_auth_response.size()), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
#endif
if (plaintext_size == -1)
{
if (!sent_public_key)

4
src/Functions/FunctionsStringHashFixedString.cpp
View File

@ -17,11 +17,7 @@
# include <openssl/md4.h>
# include <openssl/md5.h>
# include <openssl/sha.h>
# if USE_BORINGSSL
# include <openssl/digest.h>
# else
# include <openssl/evp.h>
# endif
#endif
/// Instatiating only the functions that require FunctionStringHashFixedString in a separate file

6
src/configure_config.cmake
View File

@ -158,12 +158,6 @@ endif()
if (TARGET ch_contrib::bcrypt)
set(USE_BCRYPT 1)
endif()
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
set(USE_BORINGSSL 1)
endif ()
if (ENABLE_OPENSSL)
set(USE_OPENSSL_INTREE 1)
endif ()
if (TARGET ch_contrib::ssh)
set(USE_SSH 1)
endif()