Commit f61a9806 authored by Vladislav Vaintroub's avatar Vladislav Vaintroub Committed by Oleksandr Byelkin

Update WolfSSL, remove older workarounds.

parent 2792c6e7
...@@ -40,10 +40,6 @@ INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl) ...@@ -40,10 +40,6 @@ INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
IF(MSVC) IF(MSVC)
# size_t to long truncation warning # size_t to long truncation warning
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334") SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334")
IF(CMAKE_C_COMPILER_ID MATCHES Clang)
# Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090
ADD_DEFINITIONS(-DMP_16BIT)
ENDIF()
ENDIF() ENDIF()
ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES}) ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES})
......
Subproject commit 21f2beca9f320199fcea4a96df3e19967804144b Subproject commit 50fbdb961fd8c2d8123064e567ae8ec44167732d
...@@ -88,24 +88,8 @@ class MyCTX ...@@ -88,24 +88,8 @@ class MyCTX
} }
virtual int finish(uchar *dst, uint *dlen) virtual int finish(uchar *dst, uint *dlen)
{ {
#ifdef HAVE_WOLFSSL
/*
Bug in WolfSSL - sometimes EVP_CipherFinal_ex
returns success without setting destination length
when it should return error.
We catch it by presetting invalid value for length,
and checking if it has changed after the call.
See https://github.com/wolfSSL/wolfssl/issues/2224
*/
*dlen= UINT_MAX;
#endif
if (EVP_CipherFinal_ex(ctx, dst, (int*)dlen) != 1) if (EVP_CipherFinal_ex(ctx, dst, (int*)dlen) != 1)
return MY_AES_BAD_DATA; return MY_AES_BAD_DATA;
#ifdef HAVE_WOLFSSL
if (*dlen == UINT_MAX)
return MY_AES_BAD_DATA;
#endif
return MY_AES_OK; return MY_AES_OK;
} }
}; };
......
...@@ -41,12 +41,6 @@ my_bool srv_encrypt_log; ...@@ -41,12 +41,6 @@ my_bool srv_encrypt_log;
struct aes_block_t { struct aes_block_t {
byte bytes[MY_AES_BLOCK_SIZE]; byte bytes[MY_AES_BLOCK_SIZE];
#ifdef HAVE_WOLFSSL
// Workaround for MDEV-19582.
// WolfSSL reads memory out of bounds with decrypt/NOPAD
// Pad the structure to workaround
byte pad[MY_AES_BLOCK_SIZE];
#endif
}; };
struct crypt_info_t { struct crypt_info_t {
......
...@@ -42,14 +42,6 @@ Created 2011-05-26 Marko Makela ...@@ -42,14 +42,6 @@ Created 2011-05-26 Marko Makela
#include <algorithm> #include <algorithm>
#include <map> #include <map>
#ifdef HAVE_WOLFSSL
// Workaround for MDEV-19582
// (WolfSSL reads memory out of bounds with decryption/NOPAD)
#define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
#else
#define WOLFSSL_PAD_SIZE 0
#endif
Atomic_counter<ulint> onlineddl_rowlog_rows; Atomic_counter<ulint> onlineddl_rowlog_rows;
ulint onlineddl_rowlog_pct_used; ulint onlineddl_rowlog_pct_used;
ulint onlineddl_pct_progress; ulint onlineddl_pct_progress;
...@@ -301,7 +293,7 @@ row_log_block_allocate( ...@@ -301,7 +293,7 @@ row_log_block_allocate(
); );
log_buf.block = ut_allocator<byte>(mem_key_row_log_buf) log_buf.block = ut_allocator<byte>(mem_key_row_log_buf)
.allocate_large(srv_sort_buf_size + WOLFSSL_PAD_SIZE, .allocate_large(srv_sort_buf_size,
&log_buf.block_pfx); &log_buf.block_pfx);
if (log_buf.block == NULL) { if (log_buf.block == NULL) {
...@@ -323,7 +315,7 @@ row_log_block_free( ...@@ -323,7 +315,7 @@ row_log_block_free(
if (log_buf.block != NULL) { if (log_buf.block != NULL) {
ut_allocator<byte>(mem_key_row_log_buf).deallocate_large( ut_allocator<byte>(mem_key_row_log_buf).deallocate_large(
log_buf.block, &log_buf.block_pfx, log_buf.block, &log_buf.block_pfx,
log_buf.size + WOLFSSL_PAD_SIZE); log_buf.size);
log_buf.block = NULL; log_buf.block = NULL;
} }
DBUG_VOID_RETURN; DBUG_VOID_RETURN;
...@@ -3239,7 +3231,7 @@ row_log_allocate( ...@@ -3239,7 +3231,7 @@ row_log_allocate(
index->online_log = log; index->online_log = log;
if (log_tmp_is_encrypted()) { if (log_tmp_is_encrypted()) {
ulint size = srv_sort_buf_size + WOLFSSL_PAD_SIZE; ulint size = srv_sort_buf_size;
log->crypt_head = static_cast<byte *>(os_mem_alloc_large(&size)); log->crypt_head = static_cast<byte *>(os_mem_alloc_large(&size));
log->crypt_tail = static_cast<byte *>(os_mem_alloc_large(&size)); log->crypt_tail = static_cast<byte *>(os_mem_alloc_large(&size));
...@@ -3273,13 +3265,11 @@ row_log_free( ...@@ -3273,13 +3265,11 @@ row_log_free(
row_merge_file_destroy_low(log->fd); row_merge_file_destroy_low(log->fd);
if (log->crypt_head) { if (log->crypt_head) {
os_mem_free_large(log->crypt_head, srv_sort_buf_size os_mem_free_large(log->crypt_head, srv_sort_buf_size);
+ WOLFSSL_PAD_SIZE);
} }
if (log->crypt_tail) { if (log->crypt_tail) {
os_mem_free_large(log->crypt_tail, srv_sort_buf_size os_mem_free_large(log->crypt_tail, srv_sort_buf_size);
+ WOLFSSL_PAD_SIZE);
} }
mutex_free(&log->mutex); mutex_free(&log->mutex);
......
...@@ -54,14 +54,6 @@ Completed by Sunny Bains and Marko Makela ...@@ -54,14 +54,6 @@ Completed by Sunny Bains and Marko Makela
# define posix_fadvise(fd, offset, len, advice) /* nothing */ # define posix_fadvise(fd, offset, len, advice) /* nothing */
#endif /* _WIN32 */ #endif /* _WIN32 */
#ifdef HAVE_WOLFSSL
// Workaround for MDEV-19582
// (WolfSSL accesses memory out of bounds)
# define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
#else
# define WOLFSSL_PAD_SIZE 0
#endif
/* Whether to disable file system cache */ /* Whether to disable file system cache */
char srv_disable_sort_file_cache; char srv_disable_sort_file_cache;
...@@ -4627,7 +4619,7 @@ row_merge_build_indexes( ...@@ -4627,7 +4619,7 @@ row_merge_build_indexes(
if (log_tmp_is_encrypted()) { if (log_tmp_is_encrypted()) {
crypt_block = static_cast<row_merge_block_t*>( crypt_block = static_cast<row_merge_block_t*>(
alloc.allocate_large(block_size + WOLFSSL_PAD_SIZE, alloc.allocate_large(block_size,
&crypt_pfx)); &crypt_pfx));
if (crypt_block == NULL) { if (crypt_block == NULL) {
...@@ -4999,7 +4991,7 @@ row_merge_build_indexes( ...@@ -4999,7 +4991,7 @@ row_merge_build_indexes(
if (crypt_block) { if (crypt_block) {
alloc.deallocate_large(crypt_block, &crypt_pfx, alloc.deallocate_large(crypt_block, &crypt_pfx,
block_size + WOLFSSL_PAD_SIZE); block_size);
} }
DICT_TF2_FLAG_UNSET(new_table, DICT_TF2_FTS_ADD_DOC_ID); DICT_TF2_FLAG_UNSET(new_table, DICT_TF2_FTS_ADD_DOC_ID);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment