diff options
| -rw-r--r-- | extra/wolfssl/CMakeLists.txt | 63 | ||||
| -rw-r--r-- | include/mysql/service_my_crypt.h | 2 | ||||
| -rw-r--r-- | mysys_ssl/my_crypt.cc | 25 |
3 files changed, 82 insertions, 8 deletions
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt index 6de9ea5d5d3..cf6715280e3 100644 --- a/extra/wolfssl/CMakeLists.txt +++ b/extra/wolfssl/CMakeLists.txt @@ -1,3 +1,26 @@ +IF(MSVC) + PROJECT(wolfssl C ASM_MASM) +ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64") + PROJECT(wolfssl C ASM) +ELSE() + PROJECT(wolfssl C) +ENDIF() + +IF(MSVC AND (CMAKE_SIZEOF_VOID_P MATCHES 8)) + SET(WOLFSSL_INTELASM ON) +ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64") + IF(CMAKE_C_COMPILER_ID MATCHES GNU AND CMAKE_C_COMPILER_VERSION VERSION_LESS 4.9) + MESSAGE_ONCE(NO_INTEL_ASSEMBLY "Disable Intel assembly for WolfSSL - compiler is too old") + ELSE() + MY_CHECK_C_COMPILER_FLAG(-maes) + MY_CHECK_C_COMPILER_FLAG(-msse4) + MY_CHECK_C_COMPILER_FLAG(-mpclmul) + ENDIF() + IF(have_C__maes AND have_C__msse4 AND have_C__mpclmul) + SET(WOLFSSL_INTELASM ON) + ENDIF() +ENDIF() + SET(WOLFSSL_SRCDIR ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl/src) ADD_DEFINITIONS(${SSL_DEFINES}) ADD_DEFINITIONS( @@ -32,7 +55,7 @@ ADD_DEFINITIONS(-DWOLFSSL_LIB) INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl) IF(MSVC) # size_t to long truncation warning - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267") + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334") IF(CMAKE_C_COMPILER_ID MATCHES Clang) # Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090 ADD_DEFINITIONS(-DMP_16BIT) @@ -66,7 +89,6 @@ ${WOLFCRYPT_SRCDIR}/dsa.c ${WOLFCRYPT_SRCDIR}/ecc.c ${WOLFCRYPT_SRCDIR}/error.c ${WOLFCRYPT_SRCDIR}/hmac.c -${WOLFCRYPT_SRCDIR}/integer.c ${WOLFCRYPT_SRCDIR}/logging.c ${WOLFCRYPT_SRCDIR}/md4.c ${WOLFCRYPT_SRCDIR}/md5.c @@ -85,5 +107,42 @@ ${WOLFCRYPT_SRCDIR}/hash.c ${WOLFCRYPT_SRCDIR}/wolfmath.c ) +# Use fastmath large number math library. +IF(NOT (MSVC AND CMAKE_C_COMPILER_ID MATCHES Clang) + AND (CMAKE_SIZEOF_VOID_P EQUAL 8)) + SET(WOLFSSL_FASTMATH 1) +ENDIF() + +IF(WOLFSSL_FASTMATH) + ADD_DEFINITIONS(-DUSE_FAST_MATH) + # FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test + # WolfSSL will use more stack space with it + ADD_DEFINITIONS(-DFP_MAX_BITS=16384) + SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/tfm.c) +ELSE() + SET(WOLFCRYPT_SOURCES ${WOLFCRYPT_SOURCES} ${WOLFCRYPT_SRCDIR}/integer.c) +ENDIF() + +IF(WOLFSSL_INTELASM) + ADD_DEFINITIONS(-DWOLFSSL_AESNI) + SET(SSL_DEFINES "${SSL_DEFINES} -DWOLFSSL_AESNI" PARENT_SCOPE) + LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/cpuid.c) + IF(MSVC) + LIST(APPEND WOLFCRYPT_SOURCES ${WOLFCRYPT_SRCDIR}/aes_asm.asm) + IF(CMAKE_C_COMPILER_ID MATCHES Clang) + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -maes") + ELSE() + ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DWOLFSSL_X86_64_BUILD) + ENDIF() + ELSEIF(CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64") + ADD_DEFINITIONS(-DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP) + LIST(APPEND WOLFCRYPT_SOURCES + ${WOLFCRYPT_SRCDIR}/aes_asm.S + ${WOLFCRYPT_SRCDIR}/sha512_asm.S + ${WOLFCRYPT_SRCDIR}/sha256_asm.S) + ADD_DEFINITIONS(-maes -msse4 -mpclmul) + ENDIF() +ENDIF() + ADD_CONVENIENCE_LIBRARY(wolfcrypt ${WOLFCRYPT_SOURCES}) diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h index 2de698fe41c..039125066ca 100644 --- a/include/mysql/service_my_crypt.h +++ b/include/mysql/service_my_crypt.h @@ -45,7 +45,7 @@ extern "C" { /* The max key length of all supported algorithms */ #define MY_AES_MAX_KEY_LENGTH 32 -#define MY_AES_CTX_SIZE 560 +#define MY_AES_CTX_SIZE 600 enum my_aes_mode { MY_AES_ECB, MY_AES_CBC diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index a668c222b79..fda909e6530 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -25,16 +25,28 @@ #include <my_crypt.h> #include <ssl_compat.h> +#include <cstdint> + +#ifdef HAVE_WOLFSSL +#define CTX_ALIGN 16 +#else +#define CTX_ALIGN 0 +#endif class MyCTX { public: - char ctx_buf[EVP_CIPHER_CTX_SIZE]; - EVP_CIPHER_CTX *ctx; - + char ctx_buf[EVP_CIPHER_CTX_SIZE + CTX_ALIGN]; + EVP_CIPHER_CTX* ctx; MyCTX() { - ctx= (EVP_CIPHER_CTX *)ctx_buf; +#if CTX_ALIGN > 0 + uintptr_t p= ((uintptr_t)ctx_buf + (CTX_ALIGN - 1)) & ~(CTX_ALIGN - 1); + ctx = reinterpret_cast<EVP_CIPHER_CTX*>(p); +#else + ctx = (EVP_CIPHER_CTX*)ctx_buf; +#endif + EVP_CIPHER_CTX_init(ctx); } virtual ~MyCTX() @@ -149,8 +161,11 @@ public: uchar mask[MY_AES_BLOCK_SIZE]; uint mlen; - my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_ENCRYPT | ENCRYPTION_FLAG_NOPAD, + int rc= my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_ENCRYPT | ENCRYPTION_FLAG_NOPAD, oiv, sizeof(mask), mask, &mlen, key, klen, 0, 0); + DBUG_ASSERT(rc == MY_AES_OK); + if (rc) + return rc; DBUG_ASSERT(mlen == sizeof(mask)); for (uint i=0; i < buf_len; i++) |