From b81803f0657b1693ac42643ae39ff25ccc42db36 Mon Sep 17 00:00:00 2001 From: Vladislav Vaintroub Date: Wed, 9 Jun 2021 13:27:00 +0200 Subject: [PATCH] MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL Enable AES-GCM for SSL (only). AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug in GCM or CTR padding) --- extra/wolfssl/CMakeLists.txt | 1 + extra/wolfssl/user_settings.h.in | 1 + include/mysql/service_my_crypt.h | 2 +- mysql-test/main/wolfssl.opt | 1 + mysql-test/main/wolfssl.test | 6 ++++++ 5 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 mysql-test/main/wolfssl.opt create mode 100644 mysql-test/main/wolfssl.test diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt index c99fb155dd6..908e27734b9 100644 --- a/extra/wolfssl/CMakeLists.txt +++ b/extra/wolfssl/CMakeLists.txt @@ -134,6 +134,7 @@ IF(WOLFSSL_X86_64_BUILD) SET(USE_INTEL_SPEEDUP 1) LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.S + ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.S ${WOLFCRYPT_SRCDIR}/sha512_asm.S ${WOLFCRYPT_SRCDIR}/sha256_asm.S) ADD_DEFINITIONS(-maes -msse4.2 -mpclmul) diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in index 911c466372e..4adb27142d9 100644 --- a/extra/wolfssl/user_settings.h.in +++ b/extra/wolfssl/user_settings.h.in @@ -17,6 +17,7 @@ #define WC_RSA_BLINDING #define HAVE_TLS_EXTENSIONS #define HAVE_AES_ECB +#define HAVE_AESGCM #define WOLFSSL_AES_COUNTER #define NO_WOLFSSL_STUB #define OPENSSL_ALL diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h index 930d12a7dd1..2a232117ca1 100644 --- a/include/mysql/service_my_crypt.h +++ b/include/mysql/service_my_crypt.h @@ -45,7 +45,7 @@ extern "C" { /* The max key length of all supported algorithms */ #define MY_AES_MAX_KEY_LENGTH 32 -#define MY_AES_CTX_SIZE 640 +#define MY_AES_CTX_SIZE 656 enum my_aes_mode { MY_AES_ECB, MY_AES_CBC diff --git a/mysql-test/main/wolfssl.opt b/mysql-test/main/wolfssl.opt new file mode 100644 index 00000000000..812dba7bcbd --- /dev/null +++ b/mysql-test/main/wolfssl.opt @@ -0,0 +1 @@ +--ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384 \ No newline at end of file diff --git a/mysql-test/main/wolfssl.test b/mysql-test/main/wolfssl.test new file mode 100644 index 00000000000..d9afc43901f --- /dev/null +++ b/mysql-test/main/wolfssl.test @@ -0,0 +1,6 @@ +# +# Various tests that require WolfSSL +# +--source include/have_ssl_communication.inc +--source include/not_embedded.inc +SELECT @@ssl_cipher;