Commit graph

20 commits

Author SHA1 Message Date
Vladislav Vaintroub
b81803f065 MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL
Enable AES-GCM for SSL (only).

AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug
in GCM or CTR padding)
2021-06-09 15:44:55 +02:00
Vladislav Vaintroub
dbe3161b6d Remove WolfSSL workaround for old version.
We're already on 4.4.6
2021-06-09 15:44:55 +02:00
Marko Mäkelä
734c587f68 MDEV-20386: Allow RDRAND, RDSEED WITH_MSAN
Let us use Intel intrinsic functions in WolfSSL whenever possible.
This allows such code to be compiled WITH_MSAN.
2021-01-02 11:56:41 +02:00
Marko Mäkelä
c1a7a82bca WolfSSL v4.6.0-stable 2021-01-02 11:56:41 +02:00
Marko Mäkelä
d7c82610c1 Fix the WolfSSL build on FreeBSD
Port some CMake tweaks of commit 4adc1269cc
from 10.5.
2020-09-23 09:29:05 +03:00
Vladislav Vaintroub
bfe612b738 MDEV-23663 - Add HAVE_INTEL_RDRAND flag for building WolfSSL, where appropiate 2020-09-17 18:05:53 +02:00
Sergei Golubchik
5b0df7433d WolfSSL fixes
remove Timeval workaround (not needed anymore).
add template workaround.
comments.
2020-05-08 12:49:53 +02:00
Vladislav Vaintroub
403dc759d0 Update WolfSSL
Fix WolfSSL build:

- Do not build with TLSv1.0,it stopped working,at least with SChannel client
- Disable a test that depends on TLSv1.0
- define FP_MAX_BITS always, to fix 32bit builds.
- Increase MAX_AES_CTX_SIZE, to fix build on Linux
2020-05-08 11:51:03 +02:00
Vladislav Vaintroub
98fc6b923f MDEV-20388 : disable inline assembly in WolfSSL if MSAN is on
A desperate attempt to workaround MemorySanitizer deficiencies.
2020-03-25 19:45:37 +01:00
Vladislav Vaintroub
7c0e4748ac silence a warning in WolfSSL.
There is a warning about inconsistency between function definition
and prototype.

See https://github.com/wolfSSL/wolfssl/issues/2752

Disable specific MSVC warning for now.
2020-01-21 09:20:59 +01:00
Oleksandr Byelkin
3155a643df new wolfssl v4.3.0-stable 2020-01-20 16:31:50 +01:00
Oleksandr Byelkin
903f5fea30 Revert "wolfssl 4.2.0" (it is not ready jet)
This reverts commit dacd1794e4.
2019-11-02 18:54:01 +01:00
Oleksandr Byelkin
dacd1794e4 wolfssl 4.2.0 2019-11-02 12:11:39 +01:00
Vladislav Vaintroub
1c27eb7ebd Do not compile socket IO code in WolfSSL
We use own IO callbacks from server code anyway.
2019-07-28 13:45:34 +02:00
Vladislav Vaintroub
f61a980686 Update WolfSSL, remove older workarounds. 2019-07-28 13:45:15 +02:00
Sergei Golubchik
e46b87aaed enable TLSv1.0 in WolfSSL 2019-07-02 14:27:31 +02:00
Vladislav Vaintroub
1e3dc15d62 Use generated user_settings.h for WolfSSL, as recommended by WolfSSL
documentation


Apparently, WolfSSL wants to have *exactly* the same defines for
the user of the library as the was when building library itself.

A lot of #defines have an impact on ABI (structure sizes, alignment etc)
2019-06-14 15:50:12 +02:00
Vladislav Vaintroub
4ec302ebf8 WolfSSL : Fix crosscompiling i386 on x86_64, on Linux 2019-06-14 15:49:38 +02:00
Vladislav Vaintroub
c5beac6847 MDEV-19684 enable intel assembly (AESNI etc) and fastmath when compiling WolfSSL
Using different recommended speedup options for WolfSSL.

- Enable  x64 assembly code on Intel.
- in my_crypt.cc, align EVP_CIPHER_CTX buffer, since some members need
alignment of 16 (for AESNI instructions), when assembler is enabled.
- Adjust MY_AES_CTX_SIZE
- Enable fastmath in wolfssl (large integer math).
2019-06-04 10:07:39 +02:00
Vladislav Vaintroub
5e4b657dd4 MDEV-18531 : Use WolfSSL instead of YaSSL as "bundled" SSL/encryption library
- Add new submodule for WolfSSL
- Build and use wolfssl and wolfcrypt instead of yassl/taocrypt
- Use HAVE_WOLFSSL instead of HAVE_YASSL
- Increase MY_AES_CTX_SIZE, to avoid compile time asserts in my_crypt.cc
(sizeof(EVP_CIPHER_CTX) is larger on WolfSSL)
2019-05-22 13:48:25 +02:00