diff options
| author | Vladislav Vaintroub <wlad@mariadb.com> | 2019-02-13 09:08:06 +0100 |
|---|---|---|
| committer | Vladislav Vaintroub <wlad@mariadb.com> | 2019-05-22 13:48:25 +0200 |
| commit | 5e4b657dd44dce601c91bc77a41f6e382bc32000 (patch) | |
| tree | e0c7442136ceb243768ed108db56051fd37a5762 /cmake/ssl.cmake | |
| parent | 31fe70290c54c44231aed881f5138924f32e47c5 (diff) | |
| download | mariadb-git-5e4b657dd44dce601c91bc77a41f6e382bc32000.tar.gz | |
MDEV-18531 : Use WolfSSL instead of YaSSL as "bundled" SSL/encryption library
- Add new submodule for WolfSSL
- Build and use wolfssl and wolfcrypt instead of yassl/taocrypt
- Use HAVE_WOLFSSL instead of HAVE_YASSL
- Increase MY_AES_CTX_SIZE, to avoid compile time asserts in my_crypt.cc
(sizeof(EVP_CIPHER_CTX) is larger on WolfSSL)
Diffstat (limited to 'cmake/ssl.cmake')
| -rw-r--r-- | cmake/ssl.cmake | 36 |
1 files changed, 14 insertions, 22 deletions
diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake index 2ec370404df..0d2570f1336 100644 --- a/cmake/ssl.cmake +++ b/cmake/ssl.cmake @@ -15,7 +15,7 @@ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA # We support different versions of SSL: -# - "bundled" uses source code in <source dir>/extra/yassl +# - "bundled" uses source code in <source dir>/extra/wolfssl # - "system" (typically) uses headers/libraries in /usr/lib and /usr/lib64 # - a custom installation of openssl can be used like this # - cmake -DCMAKE_PREFIX_PATH=</path/to/custom/openssl> -DWITH_SSL="system" @@ -35,7 +35,7 @@ # 'set path=</path/to/custom/openssl>\bin;%PATH% # in order to find the .dll files at runtime. -SET(WITH_SSL_DOC "bundled (use yassl)") +SET(WITH_SSL_DOC "bundled (use wolfssl)") SET(WITH_SSL_DOC "${WITH_SSL_DOC}, yes (prefer os library if present, otherwise use bundled)") SET(WITH_SSL_DOC @@ -48,29 +48,19 @@ MACRO (CHANGE_SSL_SETTINGS string) ENDMACRO() MACRO (MYSQL_USE_BUNDLED_SSL) - SET(INC_DIRS - ${CMAKE_SOURCE_DIR}/extra/yassl/include - ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/include + SET(INC_DIRS + ${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl + ${CMAKE_SOURCE_DIR}/extra/wolfssl/wolfssl/wolfssl ) - SET(SSL_LIBRARIES yassl taocrypt) + SET(SSL_LIBRARIES wolfssl wolfcrypt) SET(SSL_INCLUDE_DIRS ${INC_DIRS}) - SET(SSL_INTERNAL_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/mySTL) - SET(SSL_DEFINES "-DHAVE_YASSL -DYASSL_PREFIX -DHAVE_OPENSSL -DMULTI_THREADED") - SET(HAVE_ERR_remove_thread_state OFF CACHE INTERNAL "yassl doesn't have ERR_remove_thread_state") - SET(HAVE_EncryptAes128Ctr OFF CACHE INTERNAL "yassl doesn't support AES-CTR") - SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "yassl doesn't support AES-GCM") + SET(SSL_DEFINES "-DHAVE_OPENSSL -DHAVE_WOLFSSL -DOPENSSL_ALL -DWOLFSSL_MYSQL_COMPATIBLE -DWC_NO_HARDEN") + SET(HAVE_ERR_remove_thread_state ON CACHE INTERNAL "wolfssl doesn't have ERR_remove_thread_state") + SET(HAVE_EncryptAes128Ctr ON CACHE INTERNAL "wolfssl does support AES-CTR") + SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "wolfssl does not support AES-GCM") + SET(HAVE_X509_check_host ON CACHE INTERNAL "wolfssl does support X509_check_host") CHANGE_SSL_SETTINGS("bundled") - ADD_SUBDIRECTORY(extra/yassl) - ADD_SUBDIRECTORY(extra/yassl/taocrypt) - GET_TARGET_PROPERTY(src yassl SOURCES) - FOREACH(file ${src}) - SET(SSL_SOURCES ${SSL_SOURCES} ${CMAKE_SOURCE_DIR}/extra/yassl/${file}) - ENDFOREACH() - GET_TARGET_PROPERTY(src taocrypt SOURCES) - FOREACH(file ${src}) - SET(SSL_SOURCES ${SSL_SOURCES} - ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/${file}) - ENDFOREACH() + ADD_SUBDIRECTORY(extra/wolfssl) MESSAGE_ONCE(SSL_LIBRARIES "SSL_LIBRARIES = ${SSL_LIBRARIES}") ENDMACRO() @@ -155,6 +145,8 @@ MACRO (MYSQL_CHECK_SSL) HAVE_EncryptAes128Ctr) CHECK_SYMBOL_EXISTS(EVP_aes_128_gcm "openssl/evp.h" HAVE_EncryptAes128Gcm) + CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h" + HAVE_X509_check_host) SET(CMAKE_REQUIRED_INCLUDES) SET(CMAKE_REQUIRED_LIBRARIES) ELSE() |