Update WolfSSL, remove older workarounds.

f61a9806 · Vladislav Vaintroub · Oleksandr Byelkin · 2792c6e7 · f61a9806 · 50fbdb96
Commit f61a9806 authored Jul 26, 2019 by Vladislav Vaintroub Committed by Oleksandr Byelkin Jul 28, 2019
6 changed files
--- a/extra/wolfssl/CMakeLists.txt
+++ b/extra/wolfssl/CMakeLists.txt
@@ -40,10 +40,6 @@ INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
 IF(MSVC)
  # size_t to long truncation warning
  SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334")
-  IF(CMAKE_C_COMPILER_ID MATCHES Clang)
-    # Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090
-    ADD_DEFINITIONS(-DMP_16BIT)
-  ENDIF()
 ENDIF()

 ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES})

--- a/wolfssl @ 50fbdb96
+++ b/wolfssl @ 50fbdb96
-Subproject commit 21f2beca9f320199fcea4a96df3e19967804144b
+Subproject commit 50fbdb961fd8c2d8123064e567ae8ec44167732d
--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@@ -88,24 +88,8 @@ class MyCTX
  }
  virtual int finish(uchar *dst, uint *dlen)
  {
-#ifdef HAVE_WOLFSSL
-     /*
-       Bug in WolfSSL - sometimes EVP_CipherFinal_ex
-       returns success without setting destination length
-       when it should return error.
-       We catch it by presetting invalid value for length,
-       and checking if it has changed after the call.
-
-       See https://github.com/wolfSSL/wolfssl/issues/2224
-     */
-    *dlen= UINT_MAX;
-#endif
    if (EVP_CipherFinal_ex(ctx, dst, (int*)dlen) != 1)
      return MY_AES_BAD_DATA;
-#ifdef HAVE_WOLFSSL
-    if (*dlen == UINT_MAX)
-      return MY_AES_BAD_DATA;
-#endif
    return MY_AES_OK;
  }
 };

--- a/storage/innobase/log/log0crypt.cc
+++ b/storage/innobase/log/log0crypt.cc
@@ -41,12 +41,6 @@ my_bool srv_encrypt_log;

 struct aes_block_t {
 	byte		bytes[MY_AES_BLOCK_SIZE];
-#ifdef HAVE_WOLFSSL
-	// Workaround for  MDEV-19582.
-	// WolfSSL reads memory out of bounds with decrypt/NOPAD
-	// Pad the structure to workaround
-	byte		pad[MY_AES_BLOCK_SIZE];
-#endif
 };

 struct crypt_info_t {

--- a/storage/innobase/row/row0log.cc
+++ b/storage/innobase/row/row0log.cc
@@ -42,14 +42,6 @@ Created 2011-05-26 Marko Makela
 #include <algorithm>
 #include <map>

-#ifdef HAVE_WOLFSSL
-// Workaround for MDEV-19582
-// (WolfSSL reads memory out of bounds with decryption/NOPAD)
-#define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
-#else
-#define WOLFSSL_PAD_SIZE 0
-#endif
-
 Atomic_counter<ulint> onlineddl_rowlog_rows;
 ulint onlineddl_rowlog_pct_used;
 ulint onlineddl_pct_progress;
@@ -301,7 +293,7 @@ row_log_block_allocate(
 		);

 		log_buf.block = ut_allocator<byte>(mem_key_row_log_buf)
-			.allocate_large(srv_sort_buf_size + WOLFSSL_PAD_SIZE,
+			.allocate_large(srv_sort_buf_size,
 					&log_buf.block_pfx);

 		if (log_buf.block == NULL) {
@@ -323,7 +315,7 @@ row_log_block_free(
 	if (log_buf.block != NULL) {
 		ut_allocator<byte>(mem_key_row_log_buf).deallocate_large(
 			log_buf.block, &log_buf.block_pfx,
-			log_buf.size + WOLFSSL_PAD_SIZE);
+			log_buf.size);
 		log_buf.block = NULL;
 	}
 	DBUG_VOID_RETURN;
@@ -3239,7 +3231,7 @@ row_log_allocate(
 	index->online_log = log;

 	if (log_tmp_is_encrypted()) {
-		ulint size = srv_sort_buf_size + WOLFSSL_PAD_SIZE;
+		ulint size = srv_sort_buf_size;
 		log->crypt_head = static_cast<byte *>(os_mem_alloc_large(&size));
 		log->crypt_tail = static_cast<byte *>(os_mem_alloc_large(&size));

@@ -3273,13 +3265,11 @@ row_log_free(
 	row_merge_file_destroy_low(log->fd);

 	if (log->crypt_head) {
-		os_mem_free_large(log->crypt_head, srv_sort_buf_size
-				  + WOLFSSL_PAD_SIZE);
+		os_mem_free_large(log->crypt_head, srv_sort_buf_size);
 	}

 	if (log->crypt_tail) {
-		os_mem_free_large(log->crypt_tail, srv_sort_buf_size
-				  + WOLFSSL_PAD_SIZE);
+		os_mem_free_large(log->crypt_tail, srv_sort_buf_size);
 	}

 	mutex_free(&log->mutex);

--- a/storage/innobase/row/row0merge.cc
+++ b/storage/innobase/row/row0merge.cc
@@ -54,14 +54,6 @@ Completed by Sunny Bains and Marko Makela
 # define posix_fadvise(fd, offset, len, advice) /* nothing */
 #endif /* _WIN32 */

-#ifdef HAVE_WOLFSSL
-// Workaround for MDEV-19582
-// (WolfSSL accesses memory out of bounds)
-# define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
-#else
-# define WOLFSSL_PAD_SIZE 0
-#endif
-
 /* Whether to disable file system cache */
 char	srv_disable_sort_file_cache;

@@ -4627,7 +4619,7 @@ row_merge_build_indexes(

 	if (log_tmp_is_encrypted()) {
 		crypt_block = static_cast<row_merge_block_t*>(
-			alloc.allocate_large(block_size + WOLFSSL_PAD_SIZE,
+			alloc.allocate_large(block_size,
 					     &crypt_pfx));

 		if (crypt_block == NULL) {
@@ -4999,7 +4991,7 @@ row_merge_build_indexes(

 	if (crypt_block) {
 		alloc.deallocate_large(crypt_block, &crypt_pfx,
-				       block_size + WOLFSSL_PAD_SIZE);
+				       block_size);
 	}

 	DICT_TF2_FLAG_UNSET(new_table, DICT_TF2_FTS_ADD_DOC_ID);