summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--extra/wolfssl/CMakeLists.txt4
m---------extra/wolfssl/wolfssl0
-rw-r--r--mysys_ssl/my_crypt.cc16
-rw-r--r--storage/innobase/log/log0crypt.cc6
-rw-r--r--storage/innobase/row/row0log.cc20
-rw-r--r--storage/innobase/row/row0merge.cc12
6 files changed, 7 insertions, 51 deletions
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt
index 2cb3f1dd3d1..7eefa840bfa 100644
--- a/extra/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/CMakeLists.txt
@@ -40,10 +40,6 @@ INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
IF(MSVC)
# size_t to long truncation warning
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334")
- IF(CMAKE_C_COMPILER_ID MATCHES Clang)
- # Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090
- ADD_DEFINITIONS(-DMP_16BIT)
- ENDIF()
ENDIF()
ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES})
diff --git a/extra/wolfssl/wolfssl b/extra/wolfssl/wolfssl
-Subproject 21f2beca9f320199fcea4a96df3e19967804144
+Subproject 50fbdb961fd8c2d8123064e567ae8ec44167732
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
index fda909e6530..02770644259 100644
--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@@ -88,24 +88,8 @@ public:
}
virtual int finish(uchar *dst, uint *dlen)
{
-#ifdef HAVE_WOLFSSL
- /*
- Bug in WolfSSL - sometimes EVP_CipherFinal_ex
- returns success without setting destination length
- when it should return error.
- We catch it by presetting invalid value for length,
- and checking if it has changed after the call.
-
- See https://github.com/wolfSSL/wolfssl/issues/2224
- */
- *dlen= UINT_MAX;
-#endif
if (EVP_CipherFinal_ex(ctx, dst, (int*)dlen) != 1)
return MY_AES_BAD_DATA;
-#ifdef HAVE_WOLFSSL
- if (*dlen == UINT_MAX)
- return MY_AES_BAD_DATA;
-#endif
return MY_AES_OK;
}
};
diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc
index c2ec46158c6..b1ca82dd9ce 100644
--- a/storage/innobase/log/log0crypt.cc
+++ b/storage/innobase/log/log0crypt.cc
@@ -41,12 +41,6 @@ my_bool srv_encrypt_log;
struct aes_block_t {
byte bytes[MY_AES_BLOCK_SIZE];
-#ifdef HAVE_WOLFSSL
- // Workaround for MDEV-19582.
- // WolfSSL reads memory out of bounds with decrypt/NOPAD
- // Pad the structure to workaround
- byte pad[MY_AES_BLOCK_SIZE];
-#endif
};
struct crypt_info_t {
diff --git a/storage/innobase/row/row0log.cc b/storage/innobase/row/row0log.cc
index b6e31a2b017..25930cb86f1 100644
--- a/storage/innobase/row/row0log.cc
+++ b/storage/innobase/row/row0log.cc
@@ -42,14 +42,6 @@ Created 2011-05-26 Marko Makela
#include <algorithm>
#include <map>
-#ifdef HAVE_WOLFSSL
-// Workaround for MDEV-19582
-// (WolfSSL reads memory out of bounds with decryption/NOPAD)
-#define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
-#else
-#define WOLFSSL_PAD_SIZE 0
-#endif
-
Atomic_counter<ulint> onlineddl_rowlog_rows;
ulint onlineddl_rowlog_pct_used;
ulint onlineddl_pct_progress;
@@ -301,7 +293,7 @@ row_log_block_allocate(
);
log_buf.block = ut_allocator<byte>(mem_key_row_log_buf)
- .allocate_large(srv_sort_buf_size + WOLFSSL_PAD_SIZE,
+ .allocate_large(srv_sort_buf_size,
&log_buf.block_pfx);
if (log_buf.block == NULL) {
@@ -323,7 +315,7 @@ row_log_block_free(
if (log_buf.block != NULL) {
ut_allocator<byte>(mem_key_row_log_buf).deallocate_large(
log_buf.block, &log_buf.block_pfx,
- log_buf.size + WOLFSSL_PAD_SIZE);
+ log_buf.size);
log_buf.block = NULL;
}
DBUG_VOID_RETURN;
@@ -3239,7 +3231,7 @@ row_log_allocate(
index->online_log = log;
if (log_tmp_is_encrypted()) {
- ulint size = srv_sort_buf_size + WOLFSSL_PAD_SIZE;
+ ulint size = srv_sort_buf_size;
log->crypt_head = static_cast<byte *>(os_mem_alloc_large(&size));
log->crypt_tail = static_cast<byte *>(os_mem_alloc_large(&size));
@@ -3273,13 +3265,11 @@ row_log_free(
row_merge_file_destroy_low(log->fd);
if (log->crypt_head) {
- os_mem_free_large(log->crypt_head, srv_sort_buf_size
- + WOLFSSL_PAD_SIZE);
+ os_mem_free_large(log->crypt_head, srv_sort_buf_size);
}
if (log->crypt_tail) {
- os_mem_free_large(log->crypt_tail, srv_sort_buf_size
- + WOLFSSL_PAD_SIZE);
+ os_mem_free_large(log->crypt_tail, srv_sort_buf_size);
}
mutex_free(&log->mutex);
diff --git a/storage/innobase/row/row0merge.cc b/storage/innobase/row/row0merge.cc
index 55d3292b9e6..3edd39f23b1 100644
--- a/storage/innobase/row/row0merge.cc
+++ b/storage/innobase/row/row0merge.cc
@@ -54,14 +54,6 @@ Completed by Sunny Bains and Marko Makela
# define posix_fadvise(fd, offset, len, advice) /* nothing */
#endif /* _WIN32 */
-#ifdef HAVE_WOLFSSL
-// Workaround for MDEV-19582
-// (WolfSSL accesses memory out of bounds)
-# define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
-#else
-# define WOLFSSL_PAD_SIZE 0
-#endif
-
/* Whether to disable file system cache */
char srv_disable_sort_file_cache;
@@ -4627,7 +4619,7 @@ row_merge_build_indexes(
if (log_tmp_is_encrypted()) {
crypt_block = static_cast<row_merge_block_t*>(
- alloc.allocate_large(block_size + WOLFSSL_PAD_SIZE,
+ alloc.allocate_large(block_size,
&crypt_pfx));
if (crypt_block == NULL) {
@@ -4999,7 +4991,7 @@ func_exit:
if (crypt_block) {
alloc.deallocate_large(crypt_block, &crypt_pfx,
- block_size + WOLFSSL_PAD_SIZE);
+ block_size);
}
DICT_TF2_FLAG_UNSET(new_table, DICT_TF2_FTS_ADD_DOC_ID);