MDEV-27373 wolfSSL 5.1.1

- compile wolfcrypt with kdf.c, to avoid undefined symbols in tls13.c - define WOLFSSL_HAVE_ERROR_QUEUE to avoid endless loop SSL_get_error - Do not use SSL_CTX_set_tmp_dh/get_dh2048, this would require additional compilation options in WolfSSL. Disable it for WolfSSL build, it works without it anyway. - fix "macro already defined" Windows warning.
MariaDB · Jan 25, 2022 · be1d965 · be1d965
1 parent 8db4740
commit be1d965
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 6 deletions.
diff --git a/extra/wolfssl/CMakeLists.txt b/extra/wolfssl/CMakeLists.txt
@@ -104,6 +104,7 @@ ${WOLFCRYPT_SRCDIR}/wc_port.c
 ${WOLFCRYPT_SRCDIR}/wc_encrypt.c
 ${WOLFCRYPT_SRCDIR}/hash.c
 ${WOLFCRYPT_SRCDIR}/wolfmath.c
+${WOLFCRYPT_SRCDIR}/kdf.c
 )
 
 # Use fastmath large number math library.

diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in
@@ -2,6 +2,7 @@
 #define WOLFSSL_USER_SETTINGS_H
 
 #define HAVE_CRL
+#define WOLFSSL_HAVE_ERROR_QUEUE
 #define WOLFSSL_MYSQL_COMPATIBLE
 #define HAVE_ECC
 #define ECC_TIMING_RESISTANT

diff --git a/include/ssl_compat.h b/include/ssl_compat.h
@@ -73,7 +73,10 @@
 #define EVP_MD_CTX_SIZE                 sizeof(EVP_MD_CTX)
 #endif
 
+#ifndef DH_set0_pqg
 #define DH_set0_pqg(D,P,Q,G)            ((D)->p= (P), (D)->g= (G))
+#endif
+
 #define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
 #define EVP_CIPHER_CTX_encrypting(ctx)  ((ctx)->encrypt)
 #define EVP_CIPHER_CTX_SIZE             sizeof(EVP_CIPHER_CTX)

diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
@@ -25,7 +25,7 @@ static my_bool     ssl_algorithms_added    = FALSE;
 static my_bool     ssl_error_strings_loaded= FALSE;
 
 /* the function below was generated with "openssl dhparam -2 -C 2048" */
-
+#ifndef HAVE_WOLFSSL
 static
 DH *get_dh2048()
 {
@@ -72,6 +72,7 @@ DH *get_dh2048()
     }
     return dh;
 }
+#endif
 
 static const char*
 ssl_error_string[] =
@@ -228,7 +229,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
              enum enum_ssl_init_error *error,
              const char *crl_file, const char *crl_path, ulonglong tls_version)
 {
-  DH *dh;
   struct st_VioSSLFd *ssl_fd;
   long ssl_ctx_options;
   DBUG_ENTER("new_VioSSLFd");
@@ -358,18 +358,21 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
     goto err2;
   }
 
+#ifndef HAVE_WOLFSSL
   /* DH stuff */
   if (!is_client_method)
   {
-    dh=get_dh2048();
+    DH *dh= get_dh2048();
     if (!SSL_CTX_set_tmp_dh(ssl_fd->ssl_context, dh))
     {
       *error= SSL_INITERR_DH;
-      goto err3;
+      DH_free(dh);
+      goto err2;
     }
 
     DH_free(dh);
   }
+#endif
 
 #ifdef HAVE_WOLFSSL
   /* set IO functions used by wolfSSL */
@@ -381,8 +384,6 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
 
   DBUG_RETURN(ssl_fd);
 
-err3:
-  DH_free(dh);
 err2:
   SSL_CTX_free(ssl_fd->ssl_context);
 err1: