diff options
author | Vladislav Vaintroub <wlad@mariadb.com> | 2021-06-09 13:27:00 +0200 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2021-06-09 15:44:55 +0200 |
commit | b81803f0657b1693ac42643ae39ff25ccc42db36 (patch) | |
tree | 6ebb08a74ac4c893988f32b2cf0d6c5371728ff0 | |
parent | dbe3161b6dab7640f7705d68f36cbd84240e80d1 (diff) | |
download | mariadb-git-b81803f0657b1693ac42643ae39ff25ccc42db36.tar.gz |
MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL
Enable AES-GCM for SSL (only).
AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug
in GCM or CTR padding)
-rw-r--r-- | extra/wolfssl/CMakeLists.txt | 1 | ||||
-rw-r--r-- | extra/wolfssl/user_settings.h.in | 1 | ||||
-rw-r--r-- | include/mysql/service_my_crypt.h | 2 | ||||
-rw-r--r-- | mysql-test/main/wolfssl.opt | 1 | ||||
-rw-r--r-- | mysql-test/main/wolfssl.test | 6 |
5 files changed, 10 insertions, 1 deletions
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt index c99fb155dd6..908e27734b9 100644 --- a/extra/wolfssl/CMakeLists.txt +++ b/extra/wolfssl/CMakeLists.txt @@ -134,6 +134,7 @@ IF(WOLFSSL_X86_64_BUILD) SET(USE_INTEL_SPEEDUP 1) LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.S + ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.S ${WOLFCRYPT_SRCDIR}/sha512_asm.S ${WOLFCRYPT_SRCDIR}/sha256_asm.S) ADD_DEFINITIONS(-maes -msse4.2 -mpclmul) diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in index 911c466372e..4adb27142d9 100644 --- a/extra/wolfssl/user_settings.h.in +++ b/extra/wolfssl/user_settings.h.in @@ -17,6 +17,7 @@ #define WC_RSA_BLINDING #define HAVE_TLS_EXTENSIONS #define HAVE_AES_ECB +#define HAVE_AESGCM #define WOLFSSL_AES_COUNTER #define NO_WOLFSSL_STUB #define OPENSSL_ALL diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h index 930d12a7dd1..2a232117ca1 100644 --- a/include/mysql/service_my_crypt.h +++ b/include/mysql/service_my_crypt.h @@ -45,7 +45,7 @@ extern "C" { /* The max key length of all supported algorithms */ #define MY_AES_MAX_KEY_LENGTH 32 -#define MY_AES_CTX_SIZE 640 +#define MY_AES_CTX_SIZE 656 enum my_aes_mode { MY_AES_ECB, MY_AES_CBC diff --git a/mysql-test/main/wolfssl.opt b/mysql-test/main/wolfssl.opt new file mode 100644 index 00000000000..812dba7bcbd --- /dev/null +++ b/mysql-test/main/wolfssl.opt @@ -0,0 +1 @@ +--ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384
\ No newline at end of file diff --git a/mysql-test/main/wolfssl.test b/mysql-test/main/wolfssl.test new file mode 100644 index 00000000000..d9afc43901f --- /dev/null +++ b/mysql-test/main/wolfssl.test @@ -0,0 +1,6 @@ +# +# Various tests that require WolfSSL +# +--source include/have_ssl_communication.inc +--source include/not_embedded.inc +SELECT @@ssl_cipher; |