Commit graph

51 commits

Author SHA1 Message Date
Marko Mäkelä
0dd25f28f7 Merge 10.5 into 10.6 2023-09-11 14:46:39 +03:00
Sergei Golubchik
28f7725731 wolfssl: enable chacha cyphers and secure negotiation
compaitibility with:
* chacha - mobile devices
* secure negotiation - openssl 3
2023-09-06 22:38:41 +02:00
Oleksandr Byelkin
6bf8483cac Merge branch '10.5' into 10.6 2023-08-01 15:08:52 +02:00
Oleksandr Byelkin
2a46b358a7 new WolfSSL v5.6.3-stable 2023-07-25 21:08:02 +02:00
Marko Mäkelä
6aec87544c Merge 10.5 into 10.6 2023-02-10 13:03:01 +02:00
Vladislav Vaintroub
493f2bca76 Add more workaround atop existing WolfSSL 5.5.4 workaround to compile ASAN on buildbot
The -D flag was not passed to asm compiler, despite SET_PROPERTY(COMPILE_OPTIONS)
The exact reason for that remains unknown.  It was not seen with gcc, as
nor was be reproduced on newer CMake.
2023-02-08 11:32:06 +01:00
Oleksandr Byelkin
a01abad619 Merge branch '10.5' into 10.6 2023-01-18 16:33:06 +01:00
Oleksandr Byelkin
9924466b3b v5.5.4-stable 2023-01-17 22:46:25 +01:00
Oleksandr Byelkin
822694bd56 Merge branch '10.5' into 10.6 2022-10-15 23:47:33 +02:00
Oleksandr Byelkin
0cddb1ac99 v5.5.1-stable 2022-10-14 08:33:15 +02:00
Oleksandr Byelkin
d2f1c3ed6c Merge branch '10.5' into bb-10.6-release 2022-08-03 12:19:59 +02:00
Oleksandr Byelkin
f0107c90a0 wolfssl v5.4.0-stable 2022-07-27 16:21:28 +02:00
Vladislav Vaintroub
4329720b79 Fixes for WolfSSL 5.4.0 2022-07-27 16:18:18 +02:00
Marko Mäkelä
2b4754f1b3 MDEV-28445 fixup: Restore submodules
Two submodules were inadvertently reverted to an older revision
in commit 2ca1123464.
Thanks to Roel Van de Paar for noticing this.
2022-04-30 11:48:12 +03:00
Marko Mäkelä
2ca1123464 MDEV-26217 Failing assertion: list.count > 0 in ut_list_remove or Assertion `lock->trx == this' failed in dberr_t trx_t::drop_table
This follows up the previous fix in
commit c3c53926c4 (MDEV-26554).

ha_innobase::delete_table(): Work around the insufficient
metadata locking (MDL) during DML operations by acquiring exclusive
InnoDB table locks on all child tables. Previously, this was only
done on TRUNCATE and ALTER.

ibuf_delete_rec(), btr_cur_optimistic_delete(): Do not invoke
lock_update_delete() during change buffer operations.
The revised trx_t::commit(std::vector<pfs_os_file_t>&) will
hold exclusive lock_sys.latch while invoking fil_delete_tablespace(),
which in turn may invoke ibuf_delete_rec().

dict_index_t::has_locking(): A new predicate, replacing the dummy
!dict_table_is_locking_disabled(index->table). Used for skipping lock
operations during ibuf_delete_rec().

trx_t::commit(std::vector<pfs_os_file_t>&): Release the locks
and remove the table from the cache while holding exclusive
lock_sys.latch.

trx_t::commit_in_memory(): Skip release_locks() if dict_operation holds.

trx_t::commit(): Reset dict_operation before invoking commit_in_memory()
via commit_persist().

lock_release_on_drop(): Release locks while lock_sys.latch is
exclusively locked.

lock_table(): Add a parameter for a pointer to the table.
We must not dereference the table before a lock_sys.latch has
been acquired. If the pointer to the table does not match the table
at that point, the table is invalid and DB_DEADLOCK will be returned.

row_ins_foreign_check_on_constraint(): Improve the checks.
Remove a bogus DB_LOCK_WAIT_TIMEOUT return that was needed
before commit c5fd9aa562 (MDEV-25919).

row_upd_check_references_constraints(),
wsrep_row_upd_check_foreign_constraints(): Simplify checks.
2022-04-26 18:09:03 +03:00
Marko Mäkelä
fae0ccad6e Merge 10.5 into 10.6 2022-04-21 17:46:40 +03:00
Marko Mäkelä
aec856073d WolfSSL v5.2.0-stable 2022-04-21 12:02:36 +03:00
Oleksandr Byelkin
f5c5f8e41e Merge branch '10.5' into 10.6 2022-02-03 17:01:31 +01:00
Vladislav Vaintroub
be1d965384 MDEV-27373 wolfSSL 5.1.1
- compile wolfcrypt with kdf.c, to avoid undefined symbols in tls13.c
- define WOLFSSL_HAVE_ERROR_QUEUE to avoid endless loop SSL_get_error
- Do not use SSL_CTX_set_tmp_dh/get_dh2048, this would require additional
  compilation options in WolfSSL. Disable it for WolfSSL build, it works
  without it anyway.
- fix "macro already defined" Windows warning.
2022-01-25 11:19:00 +01:00
Oleksandr Byelkin
8db47403ff WolfSSL v5.1.1 2022-01-25 11:19:00 +01:00
Oleksandr Byelkin
facd9d524d Merge branch '10.5' into 10.6 2021-10-29 13:01:02 +02:00
Oleksandr Byelkin
e10838268e wolfssl v4.8.1-stable 2021-10-28 14:23:22 +02:00
Oleksandr Byelkin
6efb5e9f5e Merge branch '10.5' into 10.6 2021-08-02 10:11:41 +02:00
Vladislav Vaintroub
77992bc710 MDEV-26092 Remove things we do not use in wolfssl
Add a couple of NO_XXX prprocessor constants to wolfssl build.
Looked into cmake defaults, those are set there too. Some of
these are (supposedly) weak ciphers, and some just fallen out from wide
use.
2021-07-28 22:21:44 +02:00
Vladislav Vaintroub
2173f382ca MDEV-26236 ssl_8k_key test fails on x86
Workaround WolfSSL bug https://github.com/wolfSSL/wolfssl/issues/4242
(heap overflow) by using fastmath library everywhere, except Windows clang

Before the patch, default math library was used on all 32bit platforms.
2021-07-27 13:00:42 +02:00
Vladislav Vaintroub
7ffa801cf2 MDEV-22221 Compile WolfSSL with TLSv1.3 support 2021-07-21 22:19:52 +02:00
Vladislav Vaintroub
6a3e0009a6 WolfSSL 4.8.0 2021-07-21 09:16:28 +02:00
Marko Mäkelä
4dfec8b230 Merge 10.5 into 10.6 2021-06-21 17:49:33 +03:00
Vladislav Vaintroub
b81803f065 MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL
Enable AES-GCM for SSL (only).

AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug
in GCM or CTR padding)
2021-06-09 15:44:55 +02:00
Vladislav Vaintroub
dbe3161b6d Remove WolfSSL workaround for old version.
We're already on 4.4.6
2021-06-09 15:44:55 +02:00
Vladislav Vaintroub
5ba4c4200c MDEV-25870 Windows - fix ARM64 cross-compilation 2021-06-07 23:15:36 +02:00
Marko Mäkelä
734c587f68 MDEV-20386: Allow RDRAND, RDSEED WITH_MSAN
Let us use Intel intrinsic functions in WolfSSL whenever possible.
This allows such code to be compiled WITH_MSAN.
2021-01-02 11:56:41 +02:00
Marko Mäkelä
c1a7a82bca WolfSSL v4.6.0-stable 2021-01-02 11:56:41 +02:00
Marko Mäkelä
1bf9acceef MDEV-20386: Allow RDRAND, RDSEED WITH_MSAN
Let us use Intel intrinsic functions in WolfSSL whenever possible.
This allows such code to be compiled WITH_MSAN.
2021-01-01 19:17:03 +02:00
Marko Mäkelä
c1f0afb102 WolfSSL v4.6.0-stable 2021-01-01 19:15:46 +02:00
Marko Mäkelä
d7c82610c1 Fix the WolfSSL build on FreeBSD
Port some CMake tweaks of commit 4adc1269cc
from 10.5.
2020-09-23 09:29:05 +03:00
Vladislav Vaintroub
bfe612b738 MDEV-23663 - Add HAVE_INTEL_RDRAND flag for building WolfSSL, where appropiate 2020-09-17 18:05:53 +02:00
Sergei Golubchik
5b0df7433d WolfSSL fixes
remove Timeval workaround (not needed anymore).
add template workaround.
comments.
2020-05-08 12:49:53 +02:00
Vladislav Vaintroub
403dc759d0 Update WolfSSL
Fix WolfSSL build:

- Do not build with TLSv1.0,it stopped working,at least with SChannel client
- Disable a test that depends on TLSv1.0
- define FP_MAX_BITS always, to fix 32bit builds.
- Increase MAX_AES_CTX_SIZE, to fix build on Linux
2020-05-08 11:51:03 +02:00
Vladislav Vaintroub
98fc6b923f MDEV-20388 : disable inline assembly in WolfSSL if MSAN is on
A desperate attempt to workaround MemorySanitizer deficiencies.
2020-03-25 19:45:37 +01:00
Vladislav Vaintroub
7c0e4748ac silence a warning in WolfSSL.
There is a warning about inconsistency between function definition
and prototype.

See https://github.com/wolfSSL/wolfssl/issues/2752

Disable specific MSVC warning for now.
2020-01-21 09:20:59 +01:00
Oleksandr Byelkin
3155a643df new wolfssl v4.3.0-stable 2020-01-20 16:31:50 +01:00
Oleksandr Byelkin
903f5fea30 Revert "wolfssl 4.2.0" (it is not ready jet)
This reverts commit dacd1794e4.
2019-11-02 18:54:01 +01:00
Oleksandr Byelkin
dacd1794e4 wolfssl 4.2.0 2019-11-02 12:11:39 +01:00
Vladislav Vaintroub
1c27eb7ebd Do not compile socket IO code in WolfSSL
We use own IO callbacks from server code anyway.
2019-07-28 13:45:34 +02:00
Vladislav Vaintroub
f61a980686 Update WolfSSL, remove older workarounds. 2019-07-28 13:45:15 +02:00
Sergei Golubchik
e46b87aaed enable TLSv1.0 in WolfSSL 2019-07-02 14:27:31 +02:00
Vladislav Vaintroub
1e3dc15d62 Use generated user_settings.h for WolfSSL, as recommended by WolfSSL
documentation


Apparently, WolfSSL wants to have *exactly* the same defines for
the user of the library as the was when building library itself.

A lot of #defines have an impact on ABI (structure sizes, alignment etc)
2019-06-14 15:50:12 +02:00
Vladislav Vaintroub
4ec302ebf8 WolfSSL : Fix crosscompiling i386 on x86_64, on Linux 2019-06-14 15:49:38 +02:00
Vladislav Vaintroub
c5beac6847 MDEV-19684 enable intel assembly (AESNI etc) and fastmath when compiling WolfSSL
Using different recommended speedup options for WolfSSL.

- Enable  x64 assembly code on Intel.
- in my_crypt.cc, align EVP_CIPHER_CTX buffer, since some members need
alignment of 16 (for AESNI instructions), when assembler is enabled.
- Adjust MY_AES_CTX_SIZE
- Enable fastmath in wolfssl (large integer math).
2019-06-04 10:07:39 +02:00