From 8d85715d507de8937a181e999501e205ff3dca34 Mon Sep 17 00:00:00 2001
From: Sergei Petrunia <psergey@askmonty.org>
Date: Wed, 6 May 2020 15:37:19 +0300
Subject: MDEV-21794: Optimizer flag rowid_filter leads to long query

Rowid Filter check is just like Index Condition Pushdown check: before
we check the filter, we must check if we have walked out of the range
we are scanning. (If we did, we should return, and not continue the scan).

Consequences of this:
- Rowid filtering doesn't work for keys that have partially-covered
  blob columns (just like Index Condition Pushdown)
- The rowid filter function has three return values: CHECK_POS (passed)
  CHECK_NEG (filtered out), CHECK_OUT_OF_RANGE.

All of the above is implemented in this patch
---
 include/my_compare.h | 49 +++++++++++++++++++++++++------------------------
 1 file changed, 25 insertions(+), 24 deletions(-)

(limited to 'include')

diff --git a/include/my_compare.h b/include/my_compare.h
index 6568e5f2f27..9ae6c9582fb 100644
--- a/include/my_compare.h
+++ b/include/my_compare.h
@@ -127,31 +127,32 @@ extern HA_KEYSEG *ha_find_null(HA_KEYSEG *keyseg, const uchar *a);
 #endif
 
 /**
-  Return values of index_cond_func_xxx functions.
-
-  0=ICP_NO_MATCH  - index tuple doesn't satisfy the pushed index condition (the
-                    engine should discard the tuple and go to the next one)
-  1=ICP_MATCH     - index tuple satisfies the pushed index condition (the
-                    engine should fetch and return the record)
-  2=ICP_OUT_OF_RANGE - index tuple is out range that we're scanning, e.g. this
-                      if we're scanning "t.key BETWEEN 10 AND 20" and got a
-                      "t.key=21" tuple (the engine should stop scanning and
-                      return HA_ERR_END_OF_FILE right away).
-  3=ICP_ABORTED_BY_USER - engine must stop scanning and should return 
-                         HA_ERR_ABORTED_BY_USER right away
- -1= ICP_ERROR    - Reserved for internal errors in engines. Should not be
-                    returned by index_cond_func_xxx
+  Return values for pushed index condition or rowid filter check functions.
+
+  0=CHECK_NEG  - The filter is not satisfied. The engine should discard this
+                 index tuple and continue the scan.
+  1=CHECK_POS  - The filter is statisfied. Current index tuple should be
+                 returned to the SQL layer.
+  2=CHECK_OUT_OF_RANGE - the index tuple is outside of the range that we're
+                 scanning. (Example: if we're scanning "t.key BETWEEN 10 AND
+                 20" and got a "t.key=21" tuple) Tthe engine should stop
+                 scanning and return HA_ERR_END_OF_FILE right away).
+  3=CHECK_ABORTED_BY_USER - the engine must stop scanning and should return
+                            HA_ERR_ABORTED_BY_USER right away
+ -1=CHECK_ERROR - Reserved for internal errors in engines. Should not be
+                  returned by ICP or rowid filter check functions.
 */
 
-typedef enum icp_result {
-  ICP_ERROR=-1,
-  ICP_NO_MATCH=0,
-  ICP_MATCH=1,
-  ICP_OUT_OF_RANGE=2,
-  ICP_ABORTED_BY_USER=3
-} ICP_RESULT;
-
-typedef ICP_RESULT (*index_cond_func_t)(void *param);
-typedef int (*rowid_filter_func_t)(void *param);
+typedef enum check_result {
+  CHECK_ERROR=-1,
+  CHECK_NEG=0,
+  CHECK_POS=1,
+  CHECK_OUT_OF_RANGE=2,
+  CHECK_ABORTED_BY_USER=3
+} check_result_t;
+
+typedef check_result_t (*index_cond_func_t)(void *param);
+typedef check_result_t (*rowid_filter_func_t)(void *param);
+typedef int (*rowid_filter_is_active_func_t)(void *param);
 
 #endif /* _my_compare_h */
-- 
cgit v1.2.1


From 403dc759d0bc5d045da06fb326cdf59b23084953 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Tue, 5 May 2020 18:10:53 +0200
Subject: Update WolfSSL

Fix WolfSSL build:

- Do not build with TLSv1.0,it stopped working,at least with SChannel client
- Disable a test that depends on TLSv1.0
- define FP_MAX_BITS always, to fix 32bit builds.
- Increase MAX_AES_CTX_SIZE, to fix build on Linux
---
 include/mysql/service_my_crypt.h | 2 +-
 include/ssl_compat.h             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h
index 039125066ca..930d12a7dd1 100644
--- a/include/mysql/service_my_crypt.h
+++ b/include/mysql/service_my_crypt.h
@@ -45,7 +45,7 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
 
-#define MY_AES_CTX_SIZE 600
+#define MY_AES_CTX_SIZE 640
 
 enum my_aes_mode {
     MY_AES_ECB, MY_AES_CBC
diff --git a/include/ssl_compat.h b/include/ssl_compat.h
index cff5f7ef3de..8cc0e6a9a2b 100644
--- a/include/ssl_compat.h
+++ b/include/ssl_compat.h
@@ -81,8 +81,8 @@
 
 #ifndef HAVE_WOLFSSL
 #define EVP_MD_CTX_reset(X) EVP_MD_CTX_cleanup(X)
-#endif
 #define EVP_CIPHER_CTX_reset(X) EVP_CIPHER_CTX_cleanup(X)
+#endif
 #define X509_get0_notBefore(X) X509_get_notBefore(X)
 #define X509_get0_notAfter(X) X509_get_notAfter(X)
 #endif
-- 
cgit v1.2.1


From 5b0df7433d36cc0fa220f3593382908198ad87a3 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Fri, 8 May 2020 12:31:33 +0200
Subject: WolfSSL fixes

remove Timeval workaround (not needed anymore).
add template workaround.
comments.
---
 include/violite.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include')

diff --git a/include/violite.h b/include/violite.h
index 3a163d45976..34f59f2e598 100644
--- a/include/violite.h
+++ b/include/violite.h
@@ -146,9 +146,9 @@ int vio_getnameinfo(const struct sockaddr *sa,
 /* Set yaSSL to use same type as MySQL do for socket handles */
 typedef my_socket YASSL_SOCKET_T;
 #define YASSL_SOCKET_T_DEFINED
-#define Timeval WOLFSSL_Timeval
+#define template _template /* bug in WolfSSL 4.4.0, see also my_crypt.cc */
 #include <openssl/ssl.h>
-#undef Timeval
+#undef template
 #include <openssl/err.h>
 #ifdef DEPRECATED
 #undef DEPRECATED
-- 
cgit v1.2.1