mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-11-21 15:12:02 +00:00
Fix the build (after boringssl submodule removal)
This commit is contained in:
parent
0608f7662e
commit
dca6e0abbd
@ -455,8 +455,6 @@ endif ()
|
||||
|
||||
enable_testing() # Enable for tests without binary
|
||||
|
||||
option(ENABLE_OPENSSL "This option performs a build with OpenSSL. NOTE! This option is insecure and should never be used. By default, ClickHouse uses and only supports BoringSSL" OFF)
|
||||
|
||||
if (ARCH_S390X)
|
||||
set(ENABLE_OPENSSL_DYNAMIC_DEFAULT ON)
|
||||
else ()
|
||||
|
6
contrib/CMakeLists.txt
vendored
6
contrib/CMakeLists.txt
vendored
@ -37,11 +37,7 @@ function(add_contrib cmake_folder)
|
||||
message(STATUS "Adding contrib module ${base_folders} (configuring with ${cmake_folder})")
|
||||
add_subdirectory (${cmake_folder})
|
||||
endfunction()
|
||||
if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
|
||||
add_contrib (openssl-cmake openssl)
|
||||
else ()
|
||||
add_contrib (boringssl-cmake boringssl)
|
||||
endif ()
|
||||
add_contrib (openssl-cmake openssl)
|
||||
add_contrib (miniselect-cmake miniselect)
|
||||
add_contrib (pdqsort-cmake pdqsort)
|
||||
add_contrib (pocketfft-cmake pocketfft)
|
||||
|
@ -224,6 +224,7 @@ set(ALL_SRCS
|
||||
"${KRB5_SOURCE_DIR}/lib/crypto/krb/prf_rc4.c"
|
||||
"${KRB5_SOURCE_DIR}/lib/crypto/krb/s2k_pbkdf2.c"
|
||||
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/aes.c"
|
||||
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
|
||||
# "${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des.c"
|
||||
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/rc4.c"
|
||||
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/des3.c"
|
||||
@ -474,14 +475,6 @@ set(ALL_SRCS
|
||||
"${KRB5_SOURCE_DIR}/lib/krb5/krb5_libinit.c"
|
||||
)
|
||||
|
||||
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
|
||||
add_compile_definitions(USE_BORINGSSL=1)
|
||||
else()
|
||||
set(ALL_SRCS ${ALL_SRCS}
|
||||
"${KRB5_SOURCE_DIR}/lib/crypto/openssl/enc_provider/camellia.c"
|
||||
)
|
||||
endif()
|
||||
|
||||
add_custom_command(
|
||||
OUTPUT "${CMAKE_CURRENT_BINARY_DIR}/compile_et"
|
||||
COMMAND /bin/sh
|
||||
|
@ -59,11 +59,9 @@ set(SRCS
|
||||
|
||||
add_library(_libpq ${SRCS})
|
||||
|
||||
if (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC)
|
||||
add_definitions(-DHAVE_BIO_METH_NEW)
|
||||
add_definitions(-DHAVE_HMAC_CTX_NEW)
|
||||
add_definitions(-DHAVE_HMAC_CTX_FREE)
|
||||
endif ()
|
||||
add_definitions(-DHAVE_BIO_METH_NEW)
|
||||
add_definitions(-DHAVE_HMAC_CTX_NEW)
|
||||
add_definitions(-DHAVE_HMAC_CTX_FREE)
|
||||
|
||||
target_include_directories (_libpq SYSTEM PUBLIC ${LIBPQ_SOURCE_DIR})
|
||||
target_include_directories (_libpq SYSTEM PUBLIC "${LIBPQ_SOURCE_DIR}/include")
|
||||
|
@ -88,10 +88,6 @@ set(libssh_SRCS
|
||||
${LIB_SOURCE_DIR}/src/bind_config.c
|
||||
)
|
||||
|
||||
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
|
||||
add_compile_definitions(USE_BORINGSSL=1)
|
||||
endif()
|
||||
|
||||
configure_file(${LIB_SOURCE_DIR}/include/libssh/libssh_version.h.cmake ${LIB_BINARY_DIR}/include/libssh/libssh_version.h @ONLY)
|
||||
|
||||
add_library(_ssh STATIC ${libssh_SRCS})
|
||||
|
@ -1,69 +1,71 @@
|
||||
# Note: ClickHouse uses BoringSSL. The presence of OpenSSL is only due to IBM's port of ClickHouse to s390x. BoringSSL does not support
|
||||
# s390x, also FIPS validation provided by the OS vendor (Red Hat, Ubuntu) requires (preferrably dynamic) linking with OS packages which
|
||||
# ClickHouse generally avoids.
|
||||
#
|
||||
# Furthermore, the in-source OpenSSL dump in this directory is due to development purposes and non FIPS-compliant.
|
||||
# Actually, so many 3rd party libraries + unit tests need SSL that we cannot disable it
|
||||
# without breaking the build ...
|
||||
set(ENABLE_SSL 1 CACHE INTERNAL "")
|
||||
# TODO: Making SSL dependent on ENABLE_LIBRARIES is desirable but needs fixing dependent libs + tests.
|
||||
# option(ENABLE_SSL "Enable ssl" ${ENABLE_LIBRARIES})
|
||||
if(NOT ENABLE_SSL)
|
||||
message(STATUS "Not using openssl")
|
||||
return()
|
||||
endif()
|
||||
|
||||
if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
set(ENABLE_SSL 1 CACHE INTERNAL "")
|
||||
set(OPENSSL_SOURCE_DIR ${ClickHouse_SOURCE_DIR}/contrib/openssl)
|
||||
set(OPENSSL_BINARY_DIR ${ClickHouse_BINARY_DIR}/contrib/openssl)
|
||||
set(OPENSSL_SOURCE_DIR ${ClickHouse_SOURCE_DIR}/contrib/openssl)
|
||||
set(OPENSSL_BINARY_DIR ${ClickHouse_BINARY_DIR}/contrib/openssl)
|
||||
|
||||
set(OPENSSLDIR "/etc/ssl" CACHE PATH "Set the default openssl directory")
|
||||
set(OPENSSL_ENGINESDIR "/usr/local/lib/engines-3" CACHE PATH "Set the default openssl directory for engines")
|
||||
set(OPENSSL_MODULESDIR "/usr/local/lib/ossl-modules" CACHE PATH "Set the default openssl directory for modules")
|
||||
set(OPENSSLDIR "/etc/ssl" CACHE PATH "Set the default openssl directory")
|
||||
set(OPENSSL_ENGINESDIR "/usr/local/lib/engines-3" CACHE PATH "Set the default openssl directory for engines")
|
||||
set(OPENSSL_MODULESDIR "/usr/local/lib/ossl-modules" CACHE PATH "Set the default openssl directory for modules")
|
||||
|
||||
add_definitions(-DOPENSSL_NO_SCTP -DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DDEVRANDOM="/dev/urandom")
|
||||
target_compile_options(global-group INTERFACE "-Wno-deprecated-declarations")
|
||||
target_compile_options(global-group INTERFACE "-Wno-poison-system-directories")
|
||||
add_definitions(-DOPENSSL_NO_SCTP -DOPENSSL_NO_KTLS -DOPENSSLDIR="${OPENSSLDIR}" -DENGINESDIR="${OPENSSL_ENGINESDIR}" -DMODULESDIR="${OPENSSL_MODULESDIR}" -DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DDEVRANDOM="/dev/urandom")
|
||||
target_compile_options(global-group INTERFACE "-Wno-deprecated-declarations")
|
||||
target_compile_options(global-group INTERFACE "-Wno-poison-system-directories")
|
||||
|
||||
if(ARCH_AMD64)
|
||||
if(ARCH_AMD64)
|
||||
set(PLATFORM_DIRECTORY linux_x86_64)
|
||||
add_definitions(-DAES_ASM -DBSAES_ASM -DCMLL_ASM -DECP_NISTZ256_ASM -DGHASH_ASM -DKECCAK1600_ASM -DMD5_ASM -DOPENSSL_BN_ASM_GF2m -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DX25519_ASM -DL_ENDIAN)
|
||||
elseif(ARCH_AARCH64)
|
||||
elseif(ARCH_AARCH64)
|
||||
set(PLATFORM_DIRECTORY linux_aarch64)
|
||||
add_definitions(-DECP_NISTZ256_ASM -DKECCAK1600_ASM -DOPENSSL_BN_ASM_MONT -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DOPENSSL_USE_NODELETE -DL_ENDIAN)
|
||||
elseif(ARCH_PPC64LE)
|
||||
elseif(ARCH_PPC64LE)
|
||||
set(PLATFORM_DIRECTORY linux_ppc64le)
|
||||
add_definitions(-DAES_ASM -DECP_NISTP521_ASM -DECP_NISTZ256_ASM -DKECCAK1600_ASM -DOPENSSL_BN_ASM_MONT -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DVPAES_ASM -DX25519_ASM -DL_ENDIAN)
|
||||
elseif(ARCH_S390X)
|
||||
elseif(ARCH_S390X)
|
||||
set(PLATFORM_DIRECTORY linux_s390x)
|
||||
add_definitions(-DAES_ASM -DAES_CTR_ASM -DAES_XTS_ASM -DGHASH_ASM -DKECCAK1600_ASM -DOPENSSL_BN_ASM_MONT -DOPENSSL_CPUID_OBJ -DPOLY1305_ASM -DS390X_EC_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DB_ENDIAN)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
file(STRINGS "${PLATFORM_DIRECTORY}/include/openssl/opensslv.h" OPENSSL_VERSION_STR
|
||||
file(STRINGS "${PLATFORM_DIRECTORY}/include/openssl/opensslv.h" OPENSSL_VERSION_STR
|
||||
REGEX "^#[\t ]*define[\t ]+OPENSSL_VERSION_STR[\t ]+\"([0-9])+\\.([0-9])+\\.([0-9])+\".*")
|
||||
string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$"
|
||||
string(REGEX REPLACE "^.*OPENSSL_VERSION_STR[\t ]+\"([0-9]+\\.[0-9]+\\.[0-9]+)\".*$"
|
||||
"\\1" OPENSSL_VERSION_STR "${OPENSSL_VERSION_STR}")
|
||||
|
||||
set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}")
|
||||
set(OPENSSL_VERSION "${OPENSSL_VERSION_STR}")
|
||||
|
||||
string(REGEX MATCHALL "([0-9])+" OPENSSL_VERSION_NUMBER "${OPENSSL_VERSION}")
|
||||
list(POP_FRONT OPENSSL_VERSION_NUMBER
|
||||
string(REGEX MATCHALL "([0-9])+" OPENSSL_VERSION_NUMBER "${OPENSSL_VERSION}")
|
||||
list(POP_FRONT OPENSSL_VERSION_NUMBER
|
||||
OPENSSL_VERSION_MAJOR
|
||||
OPENSSL_VERSION_MINOR
|
||||
OPENSSL_VERSION_FIX)
|
||||
|
||||
unset(OPENSSL_VERSION_NUMBER)
|
||||
unset(OPENSSL_VERSION_STR)
|
||||
unset(OPENSSL_VERSION_NUMBER)
|
||||
unset(OPENSSL_VERSION_STR)
|
||||
|
||||
message(STATUS "OpenSSL version ${OPENSSL_VERSION}")
|
||||
message(STATUS "OpenSSL version ${OPENSSL_VERSION}")
|
||||
|
||||
set(VERSION_MAJOR ${OPENSSL_VERSION_MAJOR})
|
||||
set(VERSION_MINOR ${OPENSSL_VERSION_MINOR})
|
||||
set(VERSION_PATCH ${OPENSSL_VERSION_FIX})
|
||||
set(VERSION_MAJOR ${OPENSSL_VERSION_MAJOR})
|
||||
set(VERSION_MINOR ${OPENSSL_VERSION_MINOR})
|
||||
set(VERSION_PATCH ${OPENSSL_VERSION_FIX})
|
||||
|
||||
set(VERSION_STRING ${OPENSSL_VERSION})
|
||||
set(LIB_VERSION ${VERSION_MAJOR})
|
||||
set(LIB_SOVERSION ${VERSION_MAJOR})
|
||||
set(VERSION_STRING ${OPENSSL_VERSION})
|
||||
set(LIB_VERSION ${VERSION_MAJOR})
|
||||
set(LIB_SOVERSION ${VERSION_MAJOR})
|
||||
|
||||
enable_language(ASM)
|
||||
enable_language(ASM)
|
||||
|
||||
if(COMPILER_CLANG)
|
||||
if(COMPILER_CLANG)
|
||||
add_definitions(-Wno-unused-command-line-argument)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if(ARCH_AMD64)
|
||||
if(ARCH_AMD64)
|
||||
if(OS_DARWIN)
|
||||
set(OPENSSL_SYSTEM "macosx")
|
||||
endif()
|
||||
@ -104,7 +106,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-x86_64.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-x86_64.s) # This is not a mistake
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-x86_64.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512-x86_64.s)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/whrlpool/asm/wp-x86_64.pl ${OPENSSL_BINARY_DIR}/crypto/whrlpool/wp-x86_64.s)
|
||||
elseif(ARCH_AARCH64)
|
||||
elseif(ARCH_AARCH64)
|
||||
macro(perl_generate_asm FILE_IN FILE_OUT)
|
||||
add_custom_command(OUTPUT ${FILE_OUT}
|
||||
COMMAND /usr/bin/env perl ${FILE_IN} "linux64" ${FILE_OUT})
|
||||
@ -123,7 +125,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-armv8.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-armv8.S) # This is not a mistake
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-armv8.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512-armv8.S)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/modes/asm/aes-gcm-armv8_64.pl ${OPENSSL_BINARY_DIR}/crypto/modes/asm/aes-gcm-armv8_64.S)
|
||||
elseif(ARCH_PPC64LE)
|
||||
elseif(ARCH_PPC64LE)
|
||||
macro(perl_generate_asm FILE_IN FILE_OUT)
|
||||
add_custom_command(OUTPUT ${FILE_OUT}
|
||||
COMMAND /usr/bin/env perl ${FILE_IN} "linux64v2" ${FILE_OUT})
|
||||
@ -150,7 +152,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-ppc.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-ppc.s)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512p8-ppc.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512p8-ppc.s)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512p8-ppc.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256p8-ppc.s)
|
||||
elseif(ARCH_S390X)
|
||||
elseif(ARCH_S390X)
|
||||
macro(perl_generate_asm FILE_IN FILE_OUT)
|
||||
add_custom_command(OUTPUT ${FILE_OUT}
|
||||
COMMAND /usr/bin/env perl ${FILE_IN} "linux64" ${FILE_OUT})
|
||||
@ -168,9 +170,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha1-s390x.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha1-s390x.S)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-s390x.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha512-s390x.S)
|
||||
perl_generate_asm(${OPENSSL_SOURCE_DIR}/crypto/sha/asm/sha512-s390x.pl ${OPENSSL_BINARY_DIR}/crypto/sha/sha256-s390x.S)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
set(CRYPTO_SRC
|
||||
set(CRYPTO_SRC
|
||||
der_digests_gen.c
|
||||
der_dsa_gen.c
|
||||
der_ec_gen.c
|
||||
@ -201,8 +203,8 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/ciphercommon_hw.c
|
||||
${OPENSSL_SOURCE_DIR}/providers/implementations/digests/digestcommon.c
|
||||
${OPENSSL_SOURCE_DIR}/ssl/record/tls_pad.c
|
||||
)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
${OPENSSL_SOURCE_DIR}/providers/common/der/der_rsa_sig.c
|
||||
${OPENSSL_SOURCE_DIR}/providers/implementations/asymciphers/rsa_enc.c
|
||||
${OPENSSL_SOURCE_DIR}/providers/implementations/ciphers/cipher_aes.c
|
||||
@ -340,8 +342,8 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_SOURCE_DIR}/providers/implementations/storemgmt/file_store.c
|
||||
${OPENSSL_SOURCE_DIR}/providers/implementations/storemgmt/file_store_any2obj.c
|
||||
${OPENSSL_SOURCE_DIR}/ssl/s3_cbc.c
|
||||
)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cfb.c
|
||||
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_ecb.c
|
||||
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_ige.c
|
||||
@ -1070,9 +1072,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_SOURCE_DIR}/providers/defltprov.c
|
||||
${OPENSSL_SOURCE_DIR}/providers/nullprov.c
|
||||
${OPENSSL_SOURCE_DIR}/providers/prov_running.c
|
||||
)
|
||||
)
|
||||
|
||||
if(ARCH_AMD64)
|
||||
if(ARCH_AMD64)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
${OPENSSL_SOURCE_DIR}/crypto/bn/asm/x86_64-gcc.c
|
||||
${OPENSSL_SOURCE_DIR}/crypto/bn/rsaz_exp.c
|
||||
@ -1111,7 +1113,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_BINARY_DIR}/crypto/sha/sha256-x86_64.s
|
||||
${OPENSSL_BINARY_DIR}/crypto/sha/sha512-x86_64.s
|
||||
${OPENSSL_BINARY_DIR}/crypto/whrlpool/wp-x86_64.s)
|
||||
elseif(ARCH_AARCH64)
|
||||
elseif(ARCH_AARCH64)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c
|
||||
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c
|
||||
@ -1139,7 +1141,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_BINARY_DIR}/crypto/sha/sha256-armv8.S
|
||||
${OPENSSL_BINARY_DIR}/crypto/sha/sha512-armv8.S
|
||||
${OPENSSL_BINARY_DIR}/crypto/modes/asm/aes-gcm-armv8_64.S)
|
||||
elseif(ARCH_PPC64LE)
|
||||
elseif(ARCH_PPC64LE)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_cbc.c
|
||||
${OPENSSL_SOURCE_DIR}/crypto/aes/aes_core.c
|
||||
@ -1179,7 +1181,7 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c
|
||||
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c
|
||||
)
|
||||
elseif(ARCH_S390X)
|
||||
elseif(ARCH_S390X)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC}
|
||||
${OPENSSL_SOURCE_DIR}/crypto/s390xcap.c
|
||||
${OPENSSL_BINARY_DIR}/crypto/aes/aesv8-armx.S
|
||||
@ -1202,9 +1204,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_block.c
|
||||
${OPENSSL_SOURCE_DIR}/crypto/whrlpool/wp_dgst.c
|
||||
)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
set(SSL_SRC
|
||||
set(SSL_SRC
|
||||
${OPENSSL_SOURCE_DIR}/crypto/packet.c
|
||||
${OPENSSL_SOURCE_DIR}/ssl/bio_ssl.c
|
||||
${OPENSSL_SOURCE_DIR}/ssl/d1_lib.c
|
||||
@ -1253,9 +1255,9 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
${OPENSSL_SOURCE_DIR}/ssl/statem/statem_dtls.c
|
||||
${OPENSSL_SOURCE_DIR}/ssl/statem/statem_lib.c
|
||||
${OPENSSL_SOURCE_DIR}/ssl/statem/statem_srvr.c
|
||||
)
|
||||
)
|
||||
|
||||
if(ENABLE_OPENSSL_DYNAMIC)
|
||||
if(ENABLE_OPENSSL_DYNAMIC)
|
||||
add_library(crypto SHARED ${CRYPTO_SRC})
|
||||
set_target_properties(crypto PROPERTIES VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}")
|
||||
set_target_properties(crypto PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/programs)
|
||||
@ -1263,16 +1265,16 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
add_library(ssl SHARED ${SSL_SRC})
|
||||
set_target_properties(ssl PROPERTIES VERSION "${LIB_VERSION}" SOVERSION "${LIB_SOVERSION}")
|
||||
set_target_properties(ssl PROPERTIES LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/programs)
|
||||
else()
|
||||
else()
|
||||
add_library(crypto ${CRYPTO_SRC})
|
||||
add_library(ssl ${SSL_SRC})
|
||||
endif()
|
||||
endif()
|
||||
|
||||
target_include_directories(crypto
|
||||
target_include_directories(crypto
|
||||
SYSTEM PUBLIC "${PLATFORM_DIRECTORY}/include"
|
||||
PRIVATE "${PLATFORM_DIRECTORY}/include_private")
|
||||
|
||||
target_include_directories(crypto
|
||||
target_include_directories(crypto
|
||||
SYSTEM PUBLIC ${OPENSSL_SOURCE_DIR}/include
|
||||
PRIVATE ${OPENSSL_SOURCE_DIR}/providers/common/include
|
||||
PRIVATE ${OPENSSL_SOURCE_DIR}/providers/implementations/include
|
||||
@ -1283,15 +1285,12 @@ if(ENABLE_OPENSSL_DYNAMIC OR ENABLE_OPENSSL)
|
||||
PRIVATE ${OPENSSL_SOURCE_DIR}/crypto/ec/curve448/arch_64
|
||||
PRIVATE ${OPENSSL_SOURCE_DIR})
|
||||
|
||||
target_include_directories(ssl
|
||||
target_include_directories(ssl
|
||||
PRIVATE ${OPENSSL_SOURCE_DIR})
|
||||
|
||||
target_link_libraries(ssl crypto)
|
||||
target_link_libraries(ssl crypto)
|
||||
|
||||
add_library(OpenSSL::Crypto ALIAS crypto)
|
||||
add_library(OpenSSL::SSL ALIAS ssl)
|
||||
add_library(OpenSSL::Crypto ALIAS crypto)
|
||||
add_library(OpenSSL::SSL ALIAS ssl)
|
||||
|
||||
if(ENABLE_OPENSSL)
|
||||
install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse)
|
||||
endif()
|
||||
endif()
|
||||
install(FILES openssl.conf fipsmodule.conf DESTINATION "${CLICKHOUSE_ETC_DIR}/clickhouse-server" COMPONENT clickhouse)
|
||||
|
@ -1,160 +0,0 @@
|
||||
/*
|
||||
* WARNING: do not edit!
|
||||
* Generated by Makefile from ../providers/common/der/der_digests_gen.c.in
|
||||
*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "prov/der_digests.h"
|
||||
|
||||
/* Well known OIDs precompiled */
|
||||
|
||||
/*
|
||||
* sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sigAlgs[DER_OID_SZ_sigAlgs] = {
|
||||
DER_OID_V_sigAlgs
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha1 OBJECT IDENTIFIER ::= { iso(1)
|
||||
* identified-organization(3) oiw(14)
|
||||
* secsig(3) algorithms(2) 26 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha1[DER_OID_SZ_id_sha1] = {
|
||||
DER_OID_V_id_sha1
|
||||
};
|
||||
|
||||
/*
|
||||
* id-md2 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_md2[DER_OID_SZ_id_md2] = {
|
||||
DER_OID_V_id_md2
|
||||
};
|
||||
|
||||
/*
|
||||
* id-md5 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_md5[DER_OID_SZ_id_md5] = {
|
||||
DER_OID_V_id_md5
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha256[DER_OID_SZ_id_sha256] = {
|
||||
DER_OID_V_id_sha256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha384[DER_OID_SZ_id_sha384] = {
|
||||
DER_OID_V_id_sha384
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha512[DER_OID_SZ_id_sha512] = {
|
||||
DER_OID_V_id_sha512
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha224[DER_OID_SZ_id_sha224] = {
|
||||
DER_OID_V_id_sha224
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha512_224[DER_OID_SZ_id_sha512_224] = {
|
||||
DER_OID_V_id_sha512_224
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha512_256[DER_OID_SZ_id_sha512_256] = {
|
||||
DER_OID_V_id_sha512_256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha3_224[DER_OID_SZ_id_sha3_224] = {
|
||||
DER_OID_V_id_sha3_224
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha3_256[DER_OID_SZ_id_sha3_256] = {
|
||||
DER_OID_V_id_sha3_256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha3_384[DER_OID_SZ_id_sha3_384] = {
|
||||
DER_OID_V_id_sha3_384
|
||||
};
|
||||
|
||||
/*
|
||||
* id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_sha3_512[DER_OID_SZ_id_sha3_512] = {
|
||||
DER_OID_V_id_sha3_512
|
||||
};
|
||||
|
||||
/*
|
||||
* id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_shake128[DER_OID_SZ_id_shake128] = {
|
||||
DER_OID_V_id_shake128
|
||||
};
|
||||
|
||||
/*
|
||||
* id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_shake256[DER_OID_SZ_id_shake256] = {
|
||||
DER_OID_V_id_shake256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_shake128_len[DER_OID_SZ_id_shake128_len] = {
|
||||
DER_OID_V_id_shake128_len
|
||||
};
|
||||
|
||||
/*
|
||||
* id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_shake256_len[DER_OID_SZ_id_shake256_len] = {
|
||||
DER_OID_V_id_shake256_len
|
||||
};
|
||||
|
||||
/*
|
||||
* id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19}
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_KMACWithSHAKE128[DER_OID_SZ_id_KMACWithSHAKE128] = {
|
||||
DER_OID_V_id_KMACWithSHAKE128
|
||||
};
|
||||
|
||||
/*
|
||||
* id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20}
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_KMACWithSHAKE256[DER_OID_SZ_id_KMACWithSHAKE256] = {
|
||||
DER_OID_V_id_KMACWithSHAKE256
|
||||
};
|
||||
|
@ -1,94 +0,0 @@
|
||||
/*
|
||||
* WARNING: do not edit!
|
||||
* Generated by Makefile from ../providers/common/der/der_dsa_gen.c.in
|
||||
*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
/*
|
||||
* DSA low level APIs are deprecated for public use, but still ok for
|
||||
* internal use.
|
||||
*/
|
||||
#include "internal/deprecated.h"
|
||||
|
||||
#include "prov/der_dsa.h"
|
||||
|
||||
/* Well known OIDs precompiled */
|
||||
|
||||
/*
|
||||
* id-dsa OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa[DER_OID_SZ_id_dsa] = {
|
||||
DER_OID_V_id_dsa
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha1 OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha1[DER_OID_SZ_id_dsa_with_sha1] = {
|
||||
DER_OID_V_id_dsa_with_sha1
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha224 OBJECT IDENTIFIER ::= { sigAlgs 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha224[DER_OID_SZ_id_dsa_with_sha224] = {
|
||||
DER_OID_V_id_dsa_with_sha224
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha256 OBJECT IDENTIFIER ::= { sigAlgs 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha256[DER_OID_SZ_id_dsa_with_sha256] = {
|
||||
DER_OID_V_id_dsa_with_sha256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha384 OBJECT IDENTIFIER ::= { sigAlgs 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha384[DER_OID_SZ_id_dsa_with_sha384] = {
|
||||
DER_OID_V_id_dsa_with_sha384
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha512 OBJECT IDENTIFIER ::= { sigAlgs 4 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha512[DER_OID_SZ_id_dsa_with_sha512] = {
|
||||
DER_OID_V_id_dsa_with_sha512
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 5 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha3_224[DER_OID_SZ_id_dsa_with_sha3_224] = {
|
||||
DER_OID_V_id_dsa_with_sha3_224
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 6 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha3_256[DER_OID_SZ_id_dsa_with_sha3_256] = {
|
||||
DER_OID_V_id_dsa_with_sha3_256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 7 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha3_384[DER_OID_SZ_id_dsa_with_sha3_384] = {
|
||||
DER_OID_V_id_dsa_with_sha3_384
|
||||
};
|
||||
|
||||
/*
|
||||
* id-dsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 8 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_dsa_with_sha3_512[DER_OID_SZ_id_dsa_with_sha3_512] = {
|
||||
DER_OID_V_id_dsa_with_sha3_512
|
||||
};
|
||||
|
@ -1,279 +0,0 @@
|
||||
/*
|
||||
* WARNING: do not edit!
|
||||
* Generated by Makefile from ../providers/common/der/der_ec_gen.c.in
|
||||
*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "prov/der_ec.h"
|
||||
|
||||
/* Well known OIDs precompiled */
|
||||
|
||||
/*
|
||||
* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_ecdsa_with_SHA1[DER_OID_SZ_ecdsa_with_SHA1] = {
|
||||
DER_OID_V_ecdsa_with_SHA1
|
||||
};
|
||||
|
||||
/*
|
||||
* id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_ecPublicKey[DER_OID_SZ_id_ecPublicKey] = {
|
||||
DER_OID_V_id_ecPublicKey
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb163v1[DER_OID_SZ_c2pnb163v1] = {
|
||||
DER_OID_V_c2pnb163v1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb163v2[DER_OID_SZ_c2pnb163v2] = {
|
||||
DER_OID_V_c2pnb163v2
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb163v3[DER_OID_SZ_c2pnb163v3] = {
|
||||
DER_OID_V_c2pnb163v3
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb176w1[DER_OID_SZ_c2pnb176w1] = {
|
||||
DER_OID_V_c2pnb176w1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb191v1[DER_OID_SZ_c2tnb191v1] = {
|
||||
DER_OID_V_c2tnb191v1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb191v2[DER_OID_SZ_c2tnb191v2] = {
|
||||
DER_OID_V_c2tnb191v2
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb191v3[DER_OID_SZ_c2tnb191v3] = {
|
||||
DER_OID_V_c2tnb191v3
|
||||
};
|
||||
|
||||
/*
|
||||
* c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2onb191v4[DER_OID_SZ_c2onb191v4] = {
|
||||
DER_OID_V_c2onb191v4
|
||||
};
|
||||
|
||||
/*
|
||||
* c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2onb191v5[DER_OID_SZ_c2onb191v5] = {
|
||||
DER_OID_V_c2onb191v5
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb208w1[DER_OID_SZ_c2pnb208w1] = {
|
||||
DER_OID_V_c2pnb208w1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb239v1[DER_OID_SZ_c2tnb239v1] = {
|
||||
DER_OID_V_c2tnb239v1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb239v2[DER_OID_SZ_c2tnb239v2] = {
|
||||
DER_OID_V_c2tnb239v2
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb239v3[DER_OID_SZ_c2tnb239v3] = {
|
||||
DER_OID_V_c2tnb239v3
|
||||
};
|
||||
|
||||
/*
|
||||
* c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2onb239v4[DER_OID_SZ_c2onb239v4] = {
|
||||
DER_OID_V_c2onb239v4
|
||||
};
|
||||
|
||||
/*
|
||||
* c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2onb239v5[DER_OID_SZ_c2onb239v5] = {
|
||||
DER_OID_V_c2onb239v5
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb272w1[DER_OID_SZ_c2pnb272w1] = {
|
||||
DER_OID_V_c2pnb272w1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb304w1[DER_OID_SZ_c2pnb304w1] = {
|
||||
DER_OID_V_c2pnb304w1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb359v1[DER_OID_SZ_c2tnb359v1] = {
|
||||
DER_OID_V_c2tnb359v1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2pnb368w1[DER_OID_SZ_c2pnb368w1] = {
|
||||
DER_OID_V_c2pnb368w1
|
||||
};
|
||||
|
||||
/*
|
||||
* c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_c2tnb431r1[DER_OID_SZ_c2tnb431r1] = {
|
||||
DER_OID_V_c2tnb431r1
|
||||
};
|
||||
|
||||
/*
|
||||
* prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_prime192v1[DER_OID_SZ_prime192v1] = {
|
||||
DER_OID_V_prime192v1
|
||||
};
|
||||
|
||||
/*
|
||||
* prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_prime192v2[DER_OID_SZ_prime192v2] = {
|
||||
DER_OID_V_prime192v2
|
||||
};
|
||||
|
||||
/*
|
||||
* prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_prime192v3[DER_OID_SZ_prime192v3] = {
|
||||
DER_OID_V_prime192v3
|
||||
};
|
||||
|
||||
/*
|
||||
* prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_prime239v1[DER_OID_SZ_prime239v1] = {
|
||||
DER_OID_V_prime239v1
|
||||
};
|
||||
|
||||
/*
|
||||
* prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_prime239v2[DER_OID_SZ_prime239v2] = {
|
||||
DER_OID_V_prime239v2
|
||||
};
|
||||
|
||||
/*
|
||||
* prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_prime239v3[DER_OID_SZ_prime239v3] = {
|
||||
DER_OID_V_prime239v3
|
||||
};
|
||||
|
||||
/*
|
||||
* prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_prime256v1[DER_OID_SZ_prime256v1] = {
|
||||
DER_OID_V_prime256v1
|
||||
};
|
||||
|
||||
/*
|
||||
* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_ecdsa_with_SHA224[DER_OID_SZ_ecdsa_with_SHA224] = {
|
||||
DER_OID_V_ecdsa_with_SHA224
|
||||
};
|
||||
|
||||
/*
|
||||
* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_ecdsa_with_SHA256[DER_OID_SZ_ecdsa_with_SHA256] = {
|
||||
DER_OID_V_ecdsa_with_SHA256
|
||||
};
|
||||
|
||||
/*
|
||||
* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_ecdsa_with_SHA384[DER_OID_SZ_ecdsa_with_SHA384] = {
|
||||
DER_OID_V_ecdsa_with_SHA384
|
||||
};
|
||||
|
||||
/*
|
||||
* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
||||
* us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_ecdsa_with_SHA512[DER_OID_SZ_ecdsa_with_SHA512] = {
|
||||
DER_OID_V_ecdsa_with_SHA512
|
||||
};
|
||||
|
||||
/*
|
||||
* id-ecdsa-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 9 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_224[DER_OID_SZ_id_ecdsa_with_sha3_224] = {
|
||||
DER_OID_V_id_ecdsa_with_sha3_224
|
||||
};
|
||||
|
||||
/*
|
||||
* id-ecdsa-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 10 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_256[DER_OID_SZ_id_ecdsa_with_sha3_256] = {
|
||||
DER_OID_V_id_ecdsa_with_sha3_256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-ecdsa-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 11 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_384[DER_OID_SZ_id_ecdsa_with_sha3_384] = {
|
||||
DER_OID_V_id_ecdsa_with_sha3_384
|
||||
};
|
||||
|
||||
/*
|
||||
* id-ecdsa-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 12 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_ecdsa_with_sha3_512[DER_OID_SZ_id_ecdsa_with_sha3_512] = {
|
||||
DER_OID_V_id_ecdsa_with_sha3_512
|
||||
};
|
||||
|
@ -1,44 +0,0 @@
|
||||
/*
|
||||
* WARNING: do not edit!
|
||||
* Generated by Makefile from ../providers/common/der/der_ecx_gen.c.in
|
||||
*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "prov/der_ecx.h"
|
||||
|
||||
/* Well known OIDs precompiled */
|
||||
|
||||
/*
|
||||
* id-X25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 110 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_X25519[DER_OID_SZ_id_X25519] = {
|
||||
DER_OID_V_id_X25519
|
||||
};
|
||||
|
||||
/*
|
||||
* id-X448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 111 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_X448[DER_OID_SZ_id_X448] = {
|
||||
DER_OID_V_id_X448
|
||||
};
|
||||
|
||||
/*
|
||||
* id-Ed25519 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 112 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_Ed25519[DER_OID_SZ_id_Ed25519] = {
|
||||
DER_OID_V_id_Ed25519
|
||||
};
|
||||
|
||||
/*
|
||||
* id-Ed448 OBJECT IDENTIFIER ::= { id-edwards-curve-algs 113 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_Ed448[DER_OID_SZ_id_Ed448] = {
|
||||
DER_OID_V_id_Ed448
|
||||
};
|
||||
|
@ -1,174 +0,0 @@
|
||||
/*
|
||||
* WARNING: do not edit!
|
||||
* Generated by Makefile from ../providers/common/der/der_rsa_gen.c.in
|
||||
*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "prov/der_rsa.h"
|
||||
|
||||
/* Well known OIDs precompiled */
|
||||
|
||||
/*
|
||||
* hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_hashAlgs[DER_OID_SZ_hashAlgs] = {
|
||||
DER_OID_V_hashAlgs
|
||||
};
|
||||
|
||||
/*
|
||||
* rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_rsaEncryption[DER_OID_SZ_rsaEncryption] = {
|
||||
DER_OID_V_rsaEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_RSAES_OAEP[DER_OID_SZ_id_RSAES_OAEP] = {
|
||||
DER_OID_V_id_RSAES_OAEP
|
||||
};
|
||||
|
||||
/*
|
||||
* id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_pSpecified[DER_OID_SZ_id_pSpecified] = {
|
||||
DER_OID_V_id_pSpecified
|
||||
};
|
||||
|
||||
/*
|
||||
* id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_RSASSA_PSS[DER_OID_SZ_id_RSASSA_PSS] = {
|
||||
DER_OID_V_id_RSASSA_PSS
|
||||
};
|
||||
|
||||
/*
|
||||
* md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_md2WithRSAEncryption[DER_OID_SZ_md2WithRSAEncryption] = {
|
||||
DER_OID_V_md2WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_md5WithRSAEncryption[DER_OID_SZ_md5WithRSAEncryption] = {
|
||||
DER_OID_V_md5WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sha1WithRSAEncryption[DER_OID_SZ_sha1WithRSAEncryption] = {
|
||||
DER_OID_V_sha1WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sha224WithRSAEncryption[DER_OID_SZ_sha224WithRSAEncryption] = {
|
||||
DER_OID_V_sha224WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sha256WithRSAEncryption[DER_OID_SZ_sha256WithRSAEncryption] = {
|
||||
DER_OID_V_sha256WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sha384WithRSAEncryption[DER_OID_SZ_sha384WithRSAEncryption] = {
|
||||
DER_OID_V_sha384WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sha512WithRSAEncryption[DER_OID_SZ_sha512WithRSAEncryption] = {
|
||||
DER_OID_V_sha512WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sha512_224WithRSAEncryption[DER_OID_SZ_sha512_224WithRSAEncryption] = {
|
||||
DER_OID_V_sha512_224WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_sha512_256WithRSAEncryption[DER_OID_SZ_sha512_256WithRSAEncryption] = {
|
||||
DER_OID_V_sha512_256WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_mgf1[DER_OID_SZ_id_mgf1] = {
|
||||
DER_OID_V_id_mgf1
|
||||
};
|
||||
|
||||
/*
|
||||
* id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_224] = {
|
||||
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_224
|
||||
};
|
||||
|
||||
/*
|
||||
* id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_256] = {
|
||||
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_256
|
||||
};
|
||||
|
||||
/*
|
||||
* id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_384] = {
|
||||
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_384
|
||||
};
|
||||
|
||||
/*
|
||||
* id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512[DER_OID_SZ_id_rsassa_pkcs1_v1_5_with_sha3_512] = {
|
||||
DER_OID_V_id_rsassa_pkcs1_v1_5_with_sha3_512
|
||||
};
|
||||
|
||||
/*
|
||||
* md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_md4WithRSAEncryption[DER_OID_SZ_md4WithRSAEncryption] = {
|
||||
DER_OID_V_md4WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2
|
||||
* }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_ripemd160WithRSAEncryption[DER_OID_SZ_ripemd160WithRSAEncryption] = {
|
||||
DER_OID_V_ripemd160WithRSAEncryption
|
||||
};
|
||||
|
||||
/*
|
||||
* mdc2WithRSASignature OBJECT IDENTIFIER ::= {
|
||||
* iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14)
|
||||
* }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_mdc2WithRSASignature[DER_OID_SZ_mdc2WithRSASignature] = {
|
||||
DER_OID_V_mdc2WithRSASignature
|
||||
};
|
||||
|
@ -1,46 +0,0 @@
|
||||
/*
|
||||
* WARNING: do not edit!
|
||||
* Generated by Makefile from ../providers/common/der/der_wrap_gen.c.in
|
||||
*
|
||||
* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "prov/der_wrap.h"
|
||||
|
||||
/* Well known OIDs precompiled */
|
||||
|
||||
/*
|
||||
* id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= {
|
||||
* iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6
|
||||
* }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_alg_CMS3DESwrap[DER_OID_SZ_id_alg_CMS3DESwrap] = {
|
||||
DER_OID_V_id_alg_CMS3DESwrap
|
||||
};
|
||||
|
||||
/*
|
||||
* id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_aes128_wrap[DER_OID_SZ_id_aes128_wrap] = {
|
||||
DER_OID_V_id_aes128_wrap
|
||||
};
|
||||
|
||||
/*
|
||||
* id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_aes192_wrap[DER_OID_SZ_id_aes192_wrap] = {
|
||||
DER_OID_V_id_aes192_wrap
|
||||
};
|
||||
|
||||
/*
|
||||
* id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }
|
||||
*/
|
||||
const unsigned char ossl_der_oid_id_aes256_wrap[DER_OID_SZ_id_aes256_wrap] = {
|
||||
DER_OID_V_id_aes256_wrap
|
||||
};
|
||||
|
@ -10,11 +10,11 @@ As of writing (2023/3/10) building for s390x considered to be experimental. Not
|
||||
|
||||
## Building
|
||||
|
||||
As s390x does not support boringssl, it uses OpenSSL and has two related build options.
|
||||
s390x has two OpenSSL-related build options.
|
||||
- By default, the s390x build will dynamically link to OpenSSL libraries. It will build OpenSSL shared objects, so it's not necessary to install OpenSSL beforehand. (This option is recommended in all cases.)
|
||||
- Another option is to build OpenSSL in-tree. In this case two build flags need to be supplied to cmake
|
||||
```bash
|
||||
-DENABLE_OPENSSL_DYNAMIC=0 -DENABLE_OPENSSL=1
|
||||
-DENABLE_OPENSSL_DYNAMIC=0
|
||||
```
|
||||
|
||||
These instructions assume that the host machine is x86_64 and has all the tooling required to build natively based on the [build instructions](../development/build.md). It also assumes that the host is Ubuntu 22.04 but the following instructions should also work on Ubuntu 20.04.
|
||||
|
@ -648,23 +648,22 @@ try
|
||||
}
|
||||
#endif
|
||||
|
||||
#if USE_OPENSSL_INTREE
|
||||
/// When building openssl into clickhouse, clickhouse owns the configuration
|
||||
/// Therefore, the clickhouse openssl configuration should be kept separate from
|
||||
/// the OS. Default to the one in the standard config directory, unless overridden
|
||||
/// by a key in the config.
|
||||
/// Note: this has to be done once at server initialization, because 'setenv' is not thread-safe.
|
||||
if (config().has("opensslconf"))
|
||||
{
|
||||
std::string opensslconf_path = config().getString("opensslconf");
|
||||
setenv("OPENSSL_CONF", opensslconf_path.c_str(), true);
|
||||
setenv("OPENSSL_CONF", opensslconf_path.c_str(), true); /// NOLINT
|
||||
}
|
||||
else
|
||||
{
|
||||
const String config_path = config().getString("config-file", "config.xml");
|
||||
const auto config_dir = std::filesystem::path{config_path}.replace_filename("openssl.conf");
|
||||
setenv("OPENSSL_CONF", config_dir.c_str(), true);
|
||||
setenv("OPENSSL_CONF", config_dir.c_str(), true); /// NOLINT
|
||||
}
|
||||
#endif
|
||||
|
||||
registerInterpreters();
|
||||
registerFunctions();
|
||||
|
@ -55,11 +55,9 @@
|
||||
#cmakedefine01 USE_KRB5
|
||||
#cmakedefine01 USE_FILELOG
|
||||
#cmakedefine01 USE_ODBC
|
||||
#cmakedefine01 USE_BORINGSSL
|
||||
#cmakedefine01 USE_BLAKE3
|
||||
#cmakedefine01 USE_SKIM
|
||||
#cmakedefine01 USE_PRQL
|
||||
#cmakedefine01 USE_OPENSSL_INTREE
|
||||
#cmakedefine01 USE_ULID
|
||||
#cmakedefine01 FIU_ENABLE
|
||||
#cmakedefine01 USE_BCRYPT
|
||||
|
@ -9,16 +9,10 @@
|
||||
#include <Common/logger_useful.h>
|
||||
#include <Common/safe_cast.h>
|
||||
|
||||
// This depends on BoringSSL-specific API, notably <openssl/aead.h>.
|
||||
#if USE_SSL
|
||||
# include <openssl/err.h>
|
||||
# include <boost/algorithm/hex.hpp>
|
||||
# if USE_BORINGSSL
|
||||
# include <openssl/digest.h>
|
||||
# include <openssl/aead.h>
|
||||
# else
|
||||
# include <openssl/evp.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
// Common part for both parts (with SSL and without)
|
||||
@ -107,77 +101,6 @@ std::string lastErrorString()
|
||||
return std::string(buffer.data());
|
||||
}
|
||||
|
||||
#if USE_BORINGSSL
|
||||
/// Get encryption/decryption algorithms.
|
||||
auto getMethod(EncryptionMethod Method)
|
||||
{
|
||||
if (Method == AES_128_GCM_SIV)
|
||||
return EVP_aead_aes_128_gcm_siv;
|
||||
else if (Method == AES_256_GCM_SIV)
|
||||
return EVP_aead_aes_256_gcm_siv;
|
||||
else
|
||||
throw Exception(ErrorCodes::BAD_ARGUMENTS, "Unknown encryption method. Got {}", getMethodName(Method));
|
||||
}
|
||||
|
||||
/// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
|
||||
/// This function get key and nonce and encrypt text with their help.
|
||||
/// If something went wrong (can't init context or can't encrypt data) it throws exception.
|
||||
/// It returns length of encrypted text.
|
||||
size_t encrypt(std::string_view plaintext, char * ciphertext_and_tag, EncryptionMethod method, const String & key, const String & nonce)
|
||||
{
|
||||
/// Init context for encryption, using key.
|
||||
EVP_AEAD_CTX encrypt_ctx;
|
||||
EVP_AEAD_CTX_zero(&encrypt_ctx);
|
||||
const int ok_init = EVP_AEAD_CTX_init(&encrypt_ctx, getMethod(method)(),
|
||||
reinterpret_cast<const uint8_t*>(key.data()), key.size(),
|
||||
tag_size, nullptr);
|
||||
if (!ok_init)
|
||||
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
|
||||
|
||||
/// encrypt data using context and given nonce.
|
||||
size_t out_len;
|
||||
const int ok_open = EVP_AEAD_CTX_seal(&encrypt_ctx,
|
||||
reinterpret_cast<uint8_t *>(ciphertext_and_tag),
|
||||
&out_len, plaintext.size() + tag_size,
|
||||
reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
|
||||
reinterpret_cast<const uint8_t *>(plaintext.data()), plaintext.size(),
|
||||
nullptr, 0);
|
||||
if (!ok_open)
|
||||
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
|
||||
|
||||
return out_len;
|
||||
}
|
||||
|
||||
/// Encrypt plaintext with particular algorithm and put result into ciphertext_and_tag.
|
||||
/// This function get key and nonce and encrypt text with their help.
|
||||
/// If something went wrong (can't init context or can't encrypt data) it throws exception.
|
||||
/// It returns length of encrypted text.
|
||||
size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod method, const String & key, const String & nonce)
|
||||
{
|
||||
/// Init context for decryption with given key.
|
||||
EVP_AEAD_CTX decrypt_ctx;
|
||||
EVP_AEAD_CTX_zero(&decrypt_ctx);
|
||||
|
||||
const int ok_init = EVP_AEAD_CTX_init(&decrypt_ctx, getMethod(method)(),
|
||||
reinterpret_cast<const uint8_t*>(key.data()), key.size(),
|
||||
tag_size, nullptr);
|
||||
if (!ok_init)
|
||||
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
|
||||
|
||||
/// decrypt data using given nonce
|
||||
size_t out_len;
|
||||
const int ok_open = EVP_AEAD_CTX_open(&decrypt_ctx,
|
||||
reinterpret_cast<uint8_t *>(plaintext),
|
||||
&out_len, ciphertext.size(),
|
||||
reinterpret_cast<const uint8_t *>(nonce.data()), nonce.size(),
|
||||
reinterpret_cast<const uint8_t *>(ciphertext.data()), ciphertext.size(),
|
||||
nullptr, 0);
|
||||
if (!ok_open)
|
||||
throw Exception::createDeprecated(lastErrorString(), ErrorCodes::OPENSSL_ERROR);
|
||||
|
||||
return out_len;
|
||||
}
|
||||
#else
|
||||
/// Get encryption/decryption algorithms.
|
||||
auto getMethod(EncryptionMethod Method)
|
||||
{
|
||||
@ -324,7 +247,6 @@ size_t decrypt(std::string_view ciphertext, char * plaintext, EncryptionMethod m
|
||||
|
||||
return plaintext_len + out_len;
|
||||
}
|
||||
#endif
|
||||
|
||||
/// Register codec in factory
|
||||
void registerEncryptionCodec(CompressionCodecFactory & factory, EncryptionMethod Method)
|
||||
|
@ -184,11 +184,7 @@ void Sha256Password::authenticate(
|
||||
const auto * ciphertext = reinterpret_cast<const unsigned char *>(unpack_auth_response.data());
|
||||
|
||||
unsigned char plaintext[RSA_size(&private_key)];
|
||||
#if USE_BORINGSSL
|
||||
int plaintext_size = RSA_private_decrypt(unpack_auth_response.size(), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
|
||||
#else
|
||||
int plaintext_size = RSA_private_decrypt(static_cast<int>(unpack_auth_response.size()), ciphertext, plaintext, &private_key, RSA_PKCS1_OAEP_PADDING);
|
||||
#endif
|
||||
if (plaintext_size == -1)
|
||||
{
|
||||
if (!sent_public_key)
|
||||
|
@ -17,11 +17,7 @@
|
||||
# include <openssl/md4.h>
|
||||
# include <openssl/md5.h>
|
||||
# include <openssl/sha.h>
|
||||
# if USE_BORINGSSL
|
||||
# include <openssl/digest.h>
|
||||
# else
|
||||
# include <openssl/evp.h>
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/// Instatiating only the functions that require FunctionStringHashFixedString in a separate file
|
||||
|
@ -158,12 +158,6 @@ endif()
|
||||
if (TARGET ch_contrib::bcrypt)
|
||||
set(USE_BCRYPT 1)
|
||||
endif()
|
||||
if (NOT (ENABLE_OPENSSL OR ENABLE_OPENSSL_DYNAMIC))
|
||||
set(USE_BORINGSSL 1)
|
||||
endif ()
|
||||
if (ENABLE_OPENSSL)
|
||||
set(USE_OPENSSL_INTREE 1)
|
||||
endif ()
|
||||
if (TARGET ch_contrib::ssh)
|
||||
set(USE_SSH 1)
|
||||
endif()
|
||||
|
Loading…
Reference in New Issue
Block a user