From 403dc759d0bc5d045da06fb326cdf59b23084953 Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Tue, 5 May 2020 18:10:53 +0200 Subject: [PATCH] Update WolfSSL Fix WolfSSL build: - Do not build with TLSv1.0,it stopped working,at least with SChannel client - Disable a test that depends on TLSv1.0 - define FP_MAX_BITS always, to fix 32bit builds. - Increase MAX_AES_CTX_SIZE, to fix build on Linux --- extra/wolfssl/user_settings.h.in | 8 ++++++-- extra/wolfssl/wolfssl | 2 +- include/mysql/service_my_crypt.h | 2 +- include/ssl_compat.h | 2 +- mysql-test/suite.pm | 3 +++ 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in index 65be4542b08..de9d9b5a8d9 100644 --- a/extra/wolfssl/user_settings.h.in +++ b/extra/wolfssl/user_settings.h.in @@ -20,14 +20,18 @@ #define WOLFSSL_AES_COUNTER #define NO_WOLFSSL_STUB #define OPENSSL_ALL -#define WOLFSSL_ALLOW_TLSV10 +#define NO_OLD_TIMEVAL_NAME +/* + FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test + WolfSSL will use more stack space with it, with fastmath +*/ +#define FP_MAX_BITS 16384 #cmakedefine WOLFSSL_AESNI #cmakedefine USE_FAST_MATH #cmakedefine TFM_TIMING_RESISTANT #cmakedefine HAVE_INTEL_RDSEED #cmakedefine USE_INTEL_SPEEDUP -#cmakedefine FP_MAX_BITS @FP_MAX_BITS@ #cmakedefine USE_FAST_MATH #cmakedefine WOLFSSL_X86_64_BUILD diff --git a/extra/wolfssl/wolfssl b/extra/wolfssl/wolfssl index 3f13b49fa31..e116c89a58a 160000 --- a/extra/wolfssl/wolfssl +++ b/extra/wolfssl/wolfssl @@ -1 +1 @@ -Subproject commit 3f13b49fa318fbd3216d7da36d942e7c276d3413 +Subproject commit e116c89a58af750421d82ece13f80516d2bde02e diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h index 039125066ca..930d12a7dd1 100644 --- a/include/mysql/service_my_crypt.h +++ b/include/mysql/service_my_crypt.h @@ -45,7 +45,7 @@ extern "C" { /* The max key length of all supported algorithms */ #define MY_AES_MAX_KEY_LENGTH 32 -#define MY_AES_CTX_SIZE 600 +#define MY_AES_CTX_SIZE 640 enum my_aes_mode { MY_AES_ECB, MY_AES_CBC diff --git a/include/ssl_compat.h b/include/ssl_compat.h index cff5f7ef3de..8cc0e6a9a2b 100644 --- a/include/ssl_compat.h +++ b/include/ssl_compat.h @@ -81,8 +81,8 @@ #ifndef HAVE_WOLFSSL #define EVP_MD_CTX_reset(X) EVP_MD_CTX_cleanup(X) -#endif #define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X) +#endif #define X509_get0_notBefore(X) X509_get_notBefore(X) #define X509_get0_notAfter(X) X509_get_notAfter(X) #endif diff --git a/mysql-test/suite.pm b/mysql-test/suite.pm index cb30a3186e5..4cf55e3eac8 100644 --- a/mysql-test/suite.pm +++ b/mysql-test/suite.pm @@ -74,6 +74,9 @@ sub skip_combinations { $skip{'main/ssl_verify_ip.test'} = 'x509v3 support required' unless $openssl_ver ge "1.0.2"; + $skip{'main/tls_version1.test'} = 'No TLSv1.0 support' + if $ssl_lib =~ /WolfSSL/; + %skip; }