diff options
-rw-r--r-- | extra/wolfssl/CMakeLists.txt | 4 | ||||
m--------- | extra/wolfssl/wolfssl | 0 | ||||
-rw-r--r-- | mysys_ssl/my_crypt.cc | 16 | ||||
-rw-r--r-- | storage/innobase/log/log0crypt.cc | 6 | ||||
-rw-r--r-- | storage/innobase/row/row0log.cc | 20 | ||||
-rw-r--r-- | storage/innobase/row/row0merge.cc | 12 |
6 files changed, 7 insertions, 51 deletions
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt index 2cb3f1dd3d1..7eefa840bfa 100644 --- a/extra/wolfssl/CMakeLists.txt +++ b/extra/wolfssl/CMakeLists.txt @@ -40,10 +40,6 @@ INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl) IF(MSVC) # size_t to long truncation warning SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334") - IF(CMAKE_C_COMPILER_ID MATCHES Clang) - # Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090 - ADD_DEFINITIONS(-DMP_16BIT) - ENDIF() ENDIF() ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES}) diff --git a/extra/wolfssl/wolfssl b/extra/wolfssl/wolfssl -Subproject 21f2beca9f320199fcea4a96df3e19967804144 +Subproject 50fbdb961fd8c2d8123064e567ae8ec44167732 diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index fda909e6530..02770644259 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -88,24 +88,8 @@ public: } virtual int finish(uchar *dst, uint *dlen) { -#ifdef HAVE_WOLFSSL - /* - Bug in WolfSSL - sometimes EVP_CipherFinal_ex - returns success without setting destination length - when it should return error. - We catch it by presetting invalid value for length, - and checking if it has changed after the call. - - See https://github.com/wolfSSL/wolfssl/issues/2224 - */ - *dlen= UINT_MAX; -#endif if (EVP_CipherFinal_ex(ctx, dst, (int*)dlen) != 1) return MY_AES_BAD_DATA; -#ifdef HAVE_WOLFSSL - if (*dlen == UINT_MAX) - return MY_AES_BAD_DATA; -#endif return MY_AES_OK; } }; diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index c2ec46158c6..b1ca82dd9ce 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -41,12 +41,6 @@ my_bool srv_encrypt_log; struct aes_block_t { byte bytes[MY_AES_BLOCK_SIZE]; -#ifdef HAVE_WOLFSSL - // Workaround for MDEV-19582. - // WolfSSL reads memory out of bounds with decrypt/NOPAD - // Pad the structure to workaround - byte pad[MY_AES_BLOCK_SIZE]; -#endif }; struct crypt_info_t { diff --git a/storage/innobase/row/row0log.cc b/storage/innobase/row/row0log.cc index b6e31a2b017..25930cb86f1 100644 --- a/storage/innobase/row/row0log.cc +++ b/storage/innobase/row/row0log.cc @@ -42,14 +42,6 @@ Created 2011-05-26 Marko Makela #include <algorithm> #include <map> -#ifdef HAVE_WOLFSSL -// Workaround for MDEV-19582 -// (WolfSSL reads memory out of bounds with decryption/NOPAD) -#define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE -#else -#define WOLFSSL_PAD_SIZE 0 -#endif - Atomic_counter<ulint> onlineddl_rowlog_rows; ulint onlineddl_rowlog_pct_used; ulint onlineddl_pct_progress; @@ -301,7 +293,7 @@ row_log_block_allocate( ); log_buf.block = ut_allocator<byte>(mem_key_row_log_buf) - .allocate_large(srv_sort_buf_size + WOLFSSL_PAD_SIZE, + .allocate_large(srv_sort_buf_size, &log_buf.block_pfx); if (log_buf.block == NULL) { @@ -323,7 +315,7 @@ row_log_block_free( if (log_buf.block != NULL) { ut_allocator<byte>(mem_key_row_log_buf).deallocate_large( log_buf.block, &log_buf.block_pfx, - log_buf.size + WOLFSSL_PAD_SIZE); + log_buf.size); log_buf.block = NULL; } DBUG_VOID_RETURN; @@ -3239,7 +3231,7 @@ row_log_allocate( index->online_log = log; if (log_tmp_is_encrypted()) { - ulint size = srv_sort_buf_size + WOLFSSL_PAD_SIZE; + ulint size = srv_sort_buf_size; log->crypt_head = static_cast<byte *>(os_mem_alloc_large(&size)); log->crypt_tail = static_cast<byte *>(os_mem_alloc_large(&size)); @@ -3273,13 +3265,11 @@ row_log_free( row_merge_file_destroy_low(log->fd); if (log->crypt_head) { - os_mem_free_large(log->crypt_head, srv_sort_buf_size - + WOLFSSL_PAD_SIZE); + os_mem_free_large(log->crypt_head, srv_sort_buf_size); } if (log->crypt_tail) { - os_mem_free_large(log->crypt_tail, srv_sort_buf_size - + WOLFSSL_PAD_SIZE); + os_mem_free_large(log->crypt_tail, srv_sort_buf_size); } mutex_free(&log->mutex); diff --git a/storage/innobase/row/row0merge.cc b/storage/innobase/row/row0merge.cc index 55d3292b9e6..3edd39f23b1 100644 --- a/storage/innobase/row/row0merge.cc +++ b/storage/innobase/row/row0merge.cc @@ -54,14 +54,6 @@ Completed by Sunny Bains and Marko Makela # define posix_fadvise(fd, offset, len, advice) /* nothing */ #endif /* _WIN32 */ -#ifdef HAVE_WOLFSSL -// Workaround for MDEV-19582 -// (WolfSSL accesses memory out of bounds) -# define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE -#else -# define WOLFSSL_PAD_SIZE 0 -#endif - /* Whether to disable file system cache */ char srv_disable_sort_file_cache; @@ -4627,7 +4619,7 @@ row_merge_build_indexes( if (log_tmp_is_encrypted()) { crypt_block = static_cast<row_merge_block_t*>( - alloc.allocate_large(block_size + WOLFSSL_PAD_SIZE, + alloc.allocate_large(block_size, &crypt_pfx)); if (crypt_block == NULL) { @@ -4999,7 +4991,7 @@ func_exit: if (crypt_block) { alloc.deallocate_large(crypt_block, &crypt_pfx, - block_size + WOLFSSL_PAD_SIZE); + block_size); } DICT_TF2_FLAG_UNSET(new_table, DICT_TF2_FTS_ADD_DOC_ID); |