MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL

Enable AES-GCM for SSL (only). AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug in GCM or CTR padding)
MariaDB · Jun 9, 2021 · b81803f · b81803f
1 parent dbe3161
commit b81803f
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 1 deletion.
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt
@@ -134,6 +134,7 @@ IF(WOLFSSL_X86_64_BUILD)
     SET(USE_INTEL_SPEEDUP 1)
     LIST(APPEND WOLFCRYPT_SOURCES
       ${WOLFCRYPT_SRCDIR}/aes_asm.S
+      ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.S
       ${WOLFCRYPT_SRCDIR}/sha512_asm.S
       ${WOLFCRYPT_SRCDIR}/sha256_asm.S)
     ADD_DEFINITIONS(-maes -msse4.2 -mpclmul)

diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in
@@ -17,6 +17,7 @@
 #define WC_RSA_BLINDING
 #define HAVE_TLS_EXTENSIONS
 #define HAVE_AES_ECB
+#define HAVE_AESGCM
 #define WOLFSSL_AES_COUNTER
 #define NO_WOLFSSL_STUB
 #define OPENSSL_ALL

diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h
@@ -45,7 +45,7 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
 
-#define MY_AES_CTX_SIZE 640
+#define MY_AES_CTX_SIZE 656
 
 enum my_aes_mode {
     MY_AES_ECB, MY_AES_CBC

diff --git a/mysql-test/main/wolfssl.opt b/mysql-test/main/wolfssl.opt
@@ -0,0 +1 @@
+--ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384
diff --git a/mysql-test/main/wolfssl.test b/mysql-test/main/wolfssl.test
@@ -0,0 +1,6 @@
+#
+# Various tests that require WolfSSL
+#
+--source include/have_ssl_communication.inc
+--source include/not_embedded.inc
+SELECT @@ssl_cipher;