MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL

Enable AES-GCM for SSL (only). AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug in GCM or CTR padding)

MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL
Enable AES-GCM for SSL (only). AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug in GCM or CTR padding)
b81803f0 · Vladislav Vaintroub · dbe3161b · b81803f0 · b81803f0 · b81803f0
Commit b81803f0 authored Jun 09, 2021 by Vladislav Vaintroub
5 changed files
--- a/extra/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/CMakeLists.txt
@@ -134,6 +134,7 @@ IF(WOLFSSL_X86_64_BUILD)
    SET(USE_INTEL_SPEEDUP 1)
    LIST(APPEND WOLFCRYPT_SOURCES
      ${WOLFCRYPT_SRCDIR}/aes_asm.S
+      ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.S
      ${WOLFCRYPT_SRCDIR}/sha512_asm.S
      ${WOLFCRYPT_SRCDIR}/sha256_asm.S)
    ADD_DEFINITIONS(-maes -msse4.2 -mpclmul)

--- a/extra/wolfssl/user_settings.h.in
+++ b/extra/wolfssl/user_settings.h.in
@@ -17,6 +17,7 @@
 #define WC_RSA_BLINDING
 #define HAVE_TLS_EXTENSIONS
 #define HAVE_AES_ECB
+#define HAVE_AESGCM
 #define WOLFSSL_AES_COUNTER
 #define NO_WOLFSSL_STUB
 #define OPENSSL_ALL

--- a/include/mysql/service_my_crypt.h
+++ b/include/mysql/service_my_crypt.h
@@ -45,7 +45,7 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
-#define MY_AES_CTX_SIZE 640
+#define MY_AES_CTX_SIZE 656
 enum my_aes_mode {
    MY_AES_ECB, MY_AES_CBC

--- a/mysql-test/main/wolfssl.opt
+++ b/mysql-test/main/wolfssl.opt
+--ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384
\ No newline at end of file
--- a/mysql-test/main/wolfssl.test
+++ b/mysql-test/main/wolfssl.test
+#
+# Various tests that require WolfSSL
+#
+--source include/have_ssl_communication.inc
+--source include/not_embedded.inc
+SELECT @@ssl_cipher;