MDEV-18531 : Use WolfSSL instead of YaSSL as "bundled" SSL/encryption library

- Add new submodule for WolfSSL
- Build and use wolfssl and wolfcrypt instead of yassl/taocrypt
- Use HAVE_WOLFSSL instead of HAVE_YASSL
- Increase MY_AES_CTX_SIZE, to avoid compile time asserts in my_crypt.cc
(sizeof(EVP_CIPHER_CTX) is larger on WolfSSL)

3 files changed, 91 insertions, 2 deletions

diff --git a/extra/mariabackup/CMakeLists.txt b/extra/mariabackup/CMakeLists.txt
index 638fa2f740a..5326ba9f8f5 100644
--- a/extra/mariabackup/CMakeLists.txt
+++ b/extra/mariabackup/CMakeLists.txt
@@ -52,8 +52,8 @@ ELSE()
   SET(NT_SERVICE_SOURCE)
 ENDIF()
 
-ADD_DEFINITIONS(-DPCRE_STATIC=1 -DHAVE_OPENSSL=1)
-
+ADD_DEFINITIONS(-DPCRE_STATIC=1)
+ADD_DEFINITIONS(${SSL_DEFINES})
 MYSQL_ADD_EXECUTABLE(mariabackup
   xtrabackup.cc
   innobackupex.cc
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt
new file mode 100644
index 00000000000..6de9ea5d5d3
--- /dev/null
+++ b/extra/wolfssl/CMakeLists.txt
@@ -0,0 +1,89 @@
+SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src)
+ADD_DEFINITIONS(${SSL_DEFINES})
+ADD_DEFINITIONS(
+  -DHAVE_CRL
+  -DWOLFSSL_MYSQL_COMPATIBLE
+  -DHAVE_ECC
+  -DECC_TIMING_RESISTANT
+  -DBUILDING_WOLFSSL
+  -DHAVE_HASHDRBG
+  -DWOLFSSL_AES_DIRECT
+  -DWOLFSSL_SHA384
+  -DWOLFSSL_SHA512
+  -DWOLFSSL_SHA224
+  -DSESSION_CERT
+  -DKEEP_OUR_CERT
+  -DWOLFSSL_STATIC_RSA
+  -DWC_RSA_BLINDING
+  -DHAVE_TLS_EXTENSIONS
+  -DHAVE_AES_ECB
+  -DWOLFSSL_AES_COUNTER
+  -DNO_WOLFSSL_STUB)
+
+SET(WOLFSSL_SOURCES  
+   ${WOLFSSL_SRCDIR}/crl.c
+   ${WOLFSSL_SRCDIR}/internal.c
+   ${WOLFSSL_SRCDIR}/keys.c
+   ${WOLFSSL_SRCDIR}/tls.c
+   ${WOLFSSL_SRCDIR}/wolfio.c
+   ${WOLFSSL_SRCDIR}/ocsp.c
+   ${WOLFSSL_SRCDIR}/ssl.c)
+ADD_DEFINITIONS(-DWOLFSSL_LIB)
+INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
+IF(MSVC)
+  # size_t to long truncation warning
+  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267")
+  IF(CMAKE_C_COMPILER_ID MATCHES Clang)
+    # Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090
+    ADD_DEFINITIONS(-DMP_16BIT)
+  ENDIF()
+ENDIF()
+
+ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES})
+
+# Workaround linker crash with older Ubuntu binutils
+# e.g aborting at ../../bfd/merge.c line 873 in _bfd_merged_section_offset
+IF(CMAKE_SYSTEM_NAME MATCHES "Linux")
+  STRING(REPLACE "-g " "-g1 " CMAKE_C_FLAGS_RELWITHDEBINFO 
+   ${CMAKE_C_FLAGS_RELWITHDEBINFO})
+  STRING(REPLACE "-g " "-g1 " CMAKE_C_FLAGS_DEBUG 
+     ${CMAKE_C_FLAGS_DEBUG})
+  STRING(REPLACE "-ggdb3 " " " CMAKE_C_FLAGS_RELWITHDEBINFO 
+    ${CMAKE_C_FLAGS_RELWITHDEBINFO})
+  STRING(REPLACE "-ggdb3 " " " CMAKE_C_FLAGS_DEBUG 
+     ${CMAKE_C_FLAGS_DEBUG})
+ENDIF()
+
+SET(WOLFCRYPT_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/wolfcrypt/src)
+SET(WOLFCRYPT_SOURCES
+${WOLFCRYPT_SRCDIR}/aes.c
+${WOLFCRYPT_SRCDIR}/arc4.c
+${WOLFCRYPT_SRCDIR}/asn.c
+${WOLFCRYPT_SRCDIR}/coding.c
+${WOLFCRYPT_SRCDIR}/des3.c
+${WOLFCRYPT_SRCDIR}/dh.c
+${WOLFCRYPT_SRCDIR}/dsa.c
+${WOLFCRYPT_SRCDIR}/ecc.c
+${WOLFCRYPT_SRCDIR}/error.c
+${WOLFCRYPT_SRCDIR}/hmac.c
+${WOLFCRYPT_SRCDIR}/integer.c
+${WOLFCRYPT_SRCDIR}/logging.c
+${WOLFCRYPT_SRCDIR}/md4.c
+${WOLFCRYPT_SRCDIR}/md5.c
+${WOLFCRYPT_SRCDIR}/memory.c
+${WOLFCRYPT_SRCDIR}/pkcs12.c
+${WOLFCRYPT_SRCDIR}/pwdbased.c
+${WOLFCRYPT_SRCDIR}/rabbit.c
+${WOLFCRYPT_SRCDIR}/random.c
+${WOLFCRYPT_SRCDIR}/rsa.c
+${WOLFCRYPT_SRCDIR}/sha.c
+${WOLFCRYPT_SRCDIR}/sha256.c
+${WOLFCRYPT_SRCDIR}/sha512.c
+${WOLFCRYPT_SRCDIR}/wc_port.c
+${WOLFCRYPT_SRCDIR}/wc_encrypt.c
+${WOLFCRYPT_SRCDIR}/hash.c
+${WOLFCRYPT_SRCDIR}/wolfmath.c
+)
+
+ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES})
+
diff --git a/extra/wolfssl/wolfssl b/extra/wolfssl/wolfssl
new file mode 160000
+Subproject 21f2beca9f320199fcea4a96df3e19967804144