MDEV-27373 wolfSSL 5.1.1

- compile wolfcrypt with kdf.c, to avoid undefined symbols in tls13.c - define WOLFSSL_HAVE_ERROR_QUEUE to avoid endless loop SSL_get_error - Do not use SSL_CTX_set_tmp_dh/get_dh2048, this would require additional compilation options in WolfSSL. Disable it for WolfSSL build, it works without it anyway. - fix "macro already defined" Windows warning.

MDEV-27373 wolfSSL 5.1.1
- compile wolfcrypt with kdf.c, to avoid undefined symbols in tls13.c - define WOLFSSL_HAVE_ERROR_QUEUE to avoid endless loop SSL_get_error - Do not use SSL_CTX_set_tmp_dh/get_dh2048, this would require additional compilation options in WolfSSL. Disable it for WolfSSL build, it works without it anyway. - fix "macro already defined" Windows warning.
be1d9653 · Vladislav Vaintroub · Oleksandr Byelkin · 8db47403 · be1d9653 · be1d9653
Commit be1d9653 authored Jan 24, 2022 by Vladislav Vaintroub Committed by Oleksandr Byelkin Jan 25, 2022
4 changed files
--- a/extra/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/CMakeLists.txt
@@ -104,6 +104,7 @@ ${WOLFCRYPT_SRCDIR}/wc_port.c
 ${WOLFCRYPT_SRCDIR}/wc_encrypt.c
 ${WOLFCRYPT_SRCDIR}/hash.c
 ${WOLFCRYPT_SRCDIR}/wolfmath.c
+${WOLFCRYPT_SRCDIR}/kdf.c
 )

 # Use fastmath large number math library.

--- a/extra/wolfssl/user_settings.h.in
+++ b/extra/wolfssl/user_settings.h.in
@@ -2,6 +2,7 @@
 #define WOLFSSL_USER_SETTINGS_H

 #define HAVE_CRL
+#define WOLFSSL_HAVE_ERROR_QUEUE
 #define WOLFSSL_MYSQL_COMPATIBLE
 #define HAVE_ECC
 #define ECC_TIMING_RESISTANT

--- a/include/ssl_compat.h
+++ b/include/ssl_compat.h
@@ -73,7 +73,10 @@
 #define EVP_MD_CTX_SIZE                 sizeof(EVP_MD_CTX)
 #endif

+#ifndef DH_set0_pqg
 #define DH_set0_pqg(D,P,Q,G)            ((D)->p= (P), (D)->g= (G))
+#endif
+
 #define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
 #define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
 #define EVP_CIPHER_CTX_SIZE             sizeof(EVP_CIPHER_CTX)

--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -25,7 +25,7 @@ static my_bool     ssl_algorithms_added    = FALSE;
 static my_bool     ssl_error_strings_loaded= FALSE;

 /* the function below was generated with "openssl dhparam -2 -C 2048" */
-
+#ifndef HAVE_WOLFSSL
 static
 DH *get_dh2048()
 {
@@ -72,6 +72,7 @@ DH *get_dh2048()
    }
    return dh;
 }
+#endif

 static const char*
 ssl_error_string[] =
@@ -228,7 +229,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
             enum enum_ssl_init_error *error,
             const char *crl_file, const char *crl_path, ulonglong tls_version)
 {
-  DH *dh;
  struct st_VioSSLFd *ssl_fd;
  long ssl_ctx_options;
  DBUG_ENTER("new_VioSSLFd");
@@ -358,18 +358,21 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
    goto err2;
  }

+#ifndef HAVE_WOLFSSL
  /* DH stuff */
  if (!is_client_method)
  {
-    dh=get_dh2048();
+    DH *dh= get_dh2048();
    if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
    {
      *error= SSL_INITERR_DH;
-      goto err3;
+      DH_free(dh);
+      goto err2;
    }

    DH_free(dh);
  }
+#endif

 #ifdef HAVE_WOLFSSL
  /* set IO functions used by wolfSSL */
@@ -381,8 +384,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,

  DBUG_RETURN(ssl_fd);

-err3:
-  DH_free(dh);
 err2:
  SSL_CTX_free(ssl_fd->ssl_context);
 err1: