From 403dc759d0bc5d045da06fb326cdf59b23084953 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Tue, 5 May 2020 18:10:53 +0200
Subject: [PATCH] Update WolfSSL

Fix WolfSSL build:

- Do not build with TLSv1.0,it stopped working,at least with SChannel client
- Disable a test that depends on TLSv1.0
- define FP_MAX_BITS always, to fix 32bit builds.
- Increase MAX_AES_CTX_SIZE, to fix build on Linux
---
 extra/wolfssl/user_settings.h.in | 8 ++++++--
 extra/wolfssl/wolfssl            | 2 +-
 include/mysql/service_my_crypt.h | 2 +-
 include/ssl_compat.h             | 2 +-
 mysql-test/suite.pm              | 3 +++
 5 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in
index 65be4542b08..de9d9b5a8d9 100644
--- a/extra/wolfssl/user_settings.h.in
+++ b/extra/wolfssl/user_settings.h.in
@@ -20,14 +20,18 @@
 #define WOLFSSL_AES_COUNTER
 #define NO_WOLFSSL_STUB
 #define OPENSSL_ALL
-#define WOLFSSL_ALLOW_TLSV10
+#define NO_OLD_TIMEVAL_NAME
+/*
+  FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
+  WolfSSL will use more stack space with it, with fastmath
+*/
+#define FP_MAX_BITS 16384
 
 #cmakedefine WOLFSSL_AESNI
 #cmakedefine USE_FAST_MATH
 #cmakedefine TFM_TIMING_RESISTANT
 #cmakedefine HAVE_INTEL_RDSEED
 #cmakedefine USE_INTEL_SPEEDUP
-#cmakedefine FP_MAX_BITS @FP_MAX_BITS@
 #cmakedefine USE_FAST_MATH
 #cmakedefine WOLFSSL_X86_64_BUILD
 
diff --git a/extra/wolfssl/wolfssl b/extra/wolfssl/wolfssl
index 3f13b49fa31..e116c89a58a 160000
--- a/extra/wolfssl/wolfssl
+++ b/extra/wolfssl/wolfssl
@@ -1 +1 @@
-Subproject commit 3f13b49fa318fbd3216d7da36d942e7c276d3413
+Subproject commit e116c89a58af750421d82ece13f80516d2bde02e
diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h
index 039125066ca..930d12a7dd1 100644
--- a/include/mysql/service_my_crypt.h
+++ b/include/mysql/service_my_crypt.h
@@ -45,7 +45,7 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
 
-#define MY_AES_CTX_SIZE 600
+#define MY_AES_CTX_SIZE 640
 
 enum my_aes_mode {
     MY_AES_ECB, MY_AES_CBC
diff --git a/include/ssl_compat.h b/include/ssl_compat.h
index cff5f7ef3de..8cc0e6a9a2b 100644
--- a/include/ssl_compat.h
+++ b/include/ssl_compat.h
@@ -81,8 +81,8 @@
 
 #ifndef HAVE_WOLFSSL
 #define EVP_MD_CTX_reset(X) EVP_MD_CTX_cleanup(X)
-#endif
 #define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
+#endif
 #define X509_get0_notBefore(X) X509_get_notBefore(X)
 #define X509_get0_notAfter(X) X509_get_notAfter(X)
 #endif
diff --git a/mysql-test/suite.pm b/mysql-test/suite.pm
index cb30a3186e5..4cf55e3eac8 100644
--- a/mysql-test/suite.pm
+++ b/mysql-test/suite.pm
@@ -74,6 +74,9 @@ sub skip_combinations {
   $skip{'main/ssl_verify_ip.test'} = 'x509v3 support required'
     unless $openssl_ver ge "1.0.2";
 
+  $skip{'main/tls_version1.test'} = 'No TLSv1.0 support'
+    if $ssl_lib =~ /WolfSSL/;
+
   %skip;
 }