mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 03:52:35 +01:00
Use generated user_settings.h for WolfSSL, as recommended by WolfSSL
documentation Apparently, WolfSSL wants to have *exactly* the same defines for the user of the library as the was when building library itself. A lot of #defines have an impact on ABI (structure sizes, alignment etc)
This commit is contained in:
Vladislav Vaintroub
parent
4ec302ebf8
commit
1e3dc15d62
4 changed files with 53 additions and 31 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -58,6 +58,7 @@ extra/perror
|
|||
extra/replace
|
||||
extra/resolve_stack_dump
|
||||
extra/resolveip
|
||||
extra/wolfssl/user_settings.h
|
||||
import_executables.cmake
|
||||
include/*.h.tmp
|
||||
include/config.h
|
||||
|
|
|
|||
|
|
@ -49,12 +49,13 @@ ENDMACRO()
|
|||
|
||||
MACRO (MYSQL_USE_BUNDLED_SSL)
|
||||
SET(INC_DIRS
|
||||
${CMAKE_BINARY_DIR}/extra/wolfssl
|
||||
${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl
|
||||
${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl/wolfssl
|
||||
)
|
||||
SET(SSL_LIBRARIES wolfssl wolfcrypt)
|
||||
SET(SSL_INCLUDE_DIRS ${INC_DIRS})
|
||||
SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DOPENSSL_ALL -DWOLFSSL_MYSQL_COMPATIBLE -DWC_NO_HARDEN")
|
||||
SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DWOLFSSL_USER_SETTINGS")
|
||||
SET(HAVE_ERR_remove_thread_state ON CACHE INTERNAL "wolfssl doesn't have ERR_remove_thread_state")
|
||||
SET(HAVE_EncryptAes128Ctr OFF CACHE INTERNAL "wolfssl does support AES-CTR, but differently from openssl")
|
||||
SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "wolfssl does not support AES-GCM")
|
||||
|
|
|
|||
|
|
@ -25,25 +25,6 @@ ENDIF()
|
|||
|
||||
SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src)
|
||||
ADD_DEFINITIONS(${SSL_DEFINES})
|
||||
ADD_DEFINITIONS(
|
||||
-DHAVE_CRL
|
||||
-DWOLFSSL_MYSQL_COMPATIBLE
|
||||
-DHAVE_ECC
|
||||
-DECC_TIMING_RESISTANT
|
||||
-DBUILDING_WOLFSSL
|
||||
-DHAVE_HASHDRBG
|
||||
-DWOLFSSL_AES_DIRECT
|
||||
-DWOLFSSL_SHA384
|
||||
-DWOLFSSL_SHA512
|
||||
-DWOLFSSL_SHA224
|
||||
-DSESSION_CERT
|
||||
-DKEEP_OUR_CERT
|
||||
-DWOLFSSL_STATIC_RSA
|
||||
-DWC_RSA_BLINDING
|
||||
-DHAVE_TLS_EXTENSIONS
|
||||
-DHAVE_AES_ECB
|
||||
-DWOLFSSL_AES_COUNTER
|
||||
-DNO_WOLFSSL_STUB)
|
||||
|
||||
SET(WOLFSSL_SOURCES
|
||||
${WOLFSSL_SRCDIR}/crl.c
|
||||
|
|
@ -53,7 +34,8 @@ SET(WOLFSSL_SOURCES
|
|||
${WOLFSSL_SRCDIR}/wolfio.c
|
||||
${WOLFSSL_SRCDIR}/ocsp.c
|
||||
${WOLFSSL_SRCDIR}/ssl.c)
|
||||
ADD_DEFINITIONS(-DWOLFSSL_LIB)
|
||||
ADD_DEFINITIONS(-DWOLFSSL_LIB -DBUILDING_WOLFSSL)
|
||||
|
||||
INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
|
||||
IF(MSVC)
|
||||
# size_t to long truncation warning
|
||||
|
|
@ -116,28 +98,31 @@ IF(NOT (MSVC AND CMAKE_C_COMPILER_ID MATCHES Clang)
|
|||
ENDIF()
|
||||
|
||||
IF(WOLFSSL_FASTMATH)
|
||||
ADD_DEFINITIONS(-DUSE_FAST_MATH)
|
||||
# FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
|
||||
# WolfSSL will use more stack space with it
|
||||
ADD_DEFINITIONS(-DFP_MAX_BITS=16384)
|
||||
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c)
|
||||
SET(USE_FAST_MATH 1)
|
||||
SET(TFM_TIMING_RESISTANT 1)
|
||||
# FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
|
||||
# WolfSSL will use more stack space with it
|
||||
SET(FP_MAX_BITS 16384)
|
||||
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c)
|
||||
ELSE()
|
||||
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c)
|
||||
SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c)
|
||||
ENDIF()
|
||||
|
||||
IF(WOLFSSL_INTELASM)
|
||||
ADD_DEFINITIONS(-DWOLFSSL_AESNI)
|
||||
SET(SSL_DEFINES "${SSL_DEFINES} -DWOLFSSL_AESNI" PARENT_SCOPE)
|
||||
SET(WOLFSSL_AESNI 1)
|
||||
|
||||
LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/cpuid.c)
|
||||
IF(MSVC)
|
||||
LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.asm)
|
||||
IF(CMAKE_C_COMPILER_ID MATCHES Clang)
|
||||
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -maes")
|
||||
ELSE()
|
||||
ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DWOLFSSL_X86_64_BUILD)
|
||||
SET(HAVE_INTEL_RDSEED 1)
|
||||
SET(WOLFSSL_X86_64_BUILD 1)
|
||||
ENDIF()
|
||||
ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64")
|
||||
ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP)
|
||||
SET(HAVE_INTEL_RDSEED 1)
|
||||
SET(USE_INTEL_SPEEDUP 1)
|
||||
LIST(APPEND WOLFCRYPT_SOURCES
|
||||
${WOLFCRYPT_SRCDIR}/aes_asm.S
|
||||
${WOLFCRYPT_SRCDIR}/sha512_asm.S
|
||||
|
|
@ -146,5 +131,7 @@ IF(WOLFSSL_INTELASM)
|
|||
ENDIF()
|
||||
ENDIF()
|
||||
|
||||
CONFIGURE_FILE(user_settings.h.in user_settings.h)
|
||||
INCLUDE_DIRECTORIES(${SSL_INCLUDE_DIRS})
|
||||
ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
|
||||
|
||||
|
|
|
|||
33
extra/wolfssl/user_settings.h.in
Normal file
33
extra/wolfssl/user_settings.h.in
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
#ifndef WOLFSSL_USER_SETTINGS_H
|
||||
#define WOLFSSL_USER_SETTINGS_H
|
||||
|
||||
#define HAVE_CRL
|
||||
#define WOLFSSL_MYSQL_COMPATIBLE
|
||||
#define HAVE_ECC
|
||||
#define ECC_TIMING_RESISTANT
|
||||
#define HAVE_HASHDRBG
|
||||
#define WOLFSSL_AES_DIRECT
|
||||
#define WOLFSSL_SHA384
|
||||
#define WOLFSSL_SHA512
|
||||
#define WOLFSSL_SHA224
|
||||
#define SESSION_CERT
|
||||
#define KEEP_OUR_CERT
|
||||
#define WOLFSSL_STATIC_RSA
|
||||
#define WC_RSA_BLINDING
|
||||
#define HAVE_TLS_EXTENSIONS
|
||||
#define HAVE_AES_ECB
|
||||
#define WOLFSSL_AES_COUNTER
|
||||
#define NO_WOLFSSL_STUB
|
||||
#define OPENSSL_ALL
|
||||
|
||||
|
||||
#cmakedefine WOLFSSL_AESNI
|
||||
#cmakedefine USE_FAST_MATH
|
||||
#cmakedefine TFM_TIMING_RESISTANT
|
||||
#cmakedefine HAVE_INTEL_RDSEED
|
||||
#cmakedefine USE_INTEL_SPEEDUP
|
||||
#cmakedefine FP_MAX_BITS @FP_MAX_BITS@
|
||||
#cmakedefine USE_FAST_MATH
|
||||
#cmakedefine WOLFSSL_X86_64_BUILD
|
||||
|
||||
#endif /* WOLFSSL_USER_SETTINGS_H */
|
||||
Loading…
Reference in a new issue