Update WolfSSL, remove older workarounds.

Author: vaintroub

extra/wolfssl/CMakeLists.txt

@@ -40,10 +40,6 @@ INCLUDE_DIRECTORIES(BEFORE ${CMAKE_CURRENT_SOURCE_DIR}/wolfssl)
 IF(MSVC)
   # size_t to long truncation warning
   SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -wd4267 -wd4334")
-  IF(CMAKE_C_COMPILER_ID MATCHES Clang)
-    # Workaround a bug with clang-cl, see https://github.com/wolfSSL/wolfssl/pull/2090
-    ADD_DEFINITIONS(-DMP_16BIT)
-  ENDIF()
 ENDIF()
 
 ADD_CONVENIENCE_LIBRARY(wolfssl ${WOLFSSL_SOURCES})

extra/wolfssl/wolfssl

@@ -88,24 +88,8 @@ class MyCTX
   }
   virtual int finish(uchar *dst, uint *dlen)
   {
-#ifdef HAVE_WOLFSSL
-     /*
-       Bug in WolfSSL - sometimes EVP_CipherFinal_ex
-       returns success without setting destination length
-       when it should return error.
-       We catch it by presetting invalid value for length,
-       and checking if it has changed after the call.
-
-       See https://github.com/wolfSSL/wolfssl/issues/2224
-     */
-    *dlen= UINT_MAX;
-#endif
     if (EVP_CipherFinal_ex(ctx, dst, (int*)dlen) != 1)
       return MY_AES_BAD_DATA;
-#ifdef HAVE_WOLFSSL
-    if (*dlen == UINT_MAX)
-      return MY_AES_BAD_DATA;
-#endif
     return MY_AES_OK;
   }
 };

mysys_ssl/my_crypt.cc

@@ -41,12 +41,6 @@ my_bool srv_encrypt_log;
 
 struct aes_block_t {
 	byte		bytes[MY_AES_BLOCK_SIZE];
-#ifdef HAVE_WOLFSSL
-	// Workaround for  MDEV-19582.
-	// WolfSSL reads memory out of bounds with decrypt/NOPAD
-	// Pad the structure to workaround
-	byte		pad[MY_AES_BLOCK_SIZE];
-#endif
 };
 
 struct crypt_info_t {

storage/innobase/log/log0crypt.cc

@@ -42,14 +42,6 @@ Created 2011-05-26 Marko Makela
 #include <algorithm>
 #include <map>
 
-#ifdef HAVE_WOLFSSL
-// Workaround for MDEV-19582
-// (WolfSSL reads memory out of bounds with decryption/NOPAD)
-#define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
-#else
-#define WOLFSSL_PAD_SIZE 0
-#endif
-
 Atomic_counter<ulint> onlineddl_rowlog_rows;
 ulint onlineddl_rowlog_pct_used;
 ulint onlineddl_pct_progress;
@@ -301,7 +293,7 @@ row_log_block_allocate(
 		);
 
 		log_buf.block = ut_allocator<byte>(mem_key_row_log_buf)
-			.allocate_large(srv_sort_buf_size + WOLFSSL_PAD_SIZE,
+			.allocate_large(srv_sort_buf_size,
 					&log_buf.block_pfx);
 
 		if (log_buf.block == NULL) {
@@ -323,7 +315,7 @@ row_log_block_free(
 	if (log_buf.block != NULL) {
 		ut_allocator<byte>(mem_key_row_log_buf).deallocate_large(
 			log_buf.block, &log_buf.block_pfx,
-			log_buf.size + WOLFSSL_PAD_SIZE);
+			log_buf.size);
 		log_buf.block = NULL;
 	}
 	DBUG_VOID_RETURN;
@@ -3239,7 +3231,7 @@ row_log_allocate(
 	index->online_log = log;
 
 	if (log_tmp_is_encrypted()) {
-		ulint size = srv_sort_buf_size + WOLFSSL_PAD_SIZE;
+		ulint size = srv_sort_buf_size;
 		log->crypt_head = static_cast<byte *>(os_mem_alloc_large(&size));
 		log->crypt_tail = static_cast<byte *>(os_mem_alloc_large(&size));
 
@@ -3273,13 +3265,11 @@ row_log_free(
 	row_merge_file_destroy_low(log->fd);
 
 	if (log->crypt_head) {
-		os_mem_free_large(log->crypt_head, srv_sort_buf_size
-				  + WOLFSSL_PAD_SIZE);
+		os_mem_free_large(log->crypt_head, srv_sort_buf_size);
 	}
 
 	if (log->crypt_tail) {
-		os_mem_free_large(log->crypt_tail, srv_sort_buf_size
-				  + WOLFSSL_PAD_SIZE);
+		os_mem_free_large(log->crypt_tail, srv_sort_buf_size);
 	}
 
 	mutex_free(&log->mutex);

storage/innobase/row/row0log.cc

@@ -54,14 +54,6 @@ Completed by Sunny Bains and Marko Makela
 # define posix_fadvise(fd, offset, len, advice) /* nothing */
 #endif /* _WIN32 */
 
-#ifdef HAVE_WOLFSSL
-// Workaround for MDEV-19582
-// (WolfSSL accesses memory out of bounds)
-# define WOLFSSL_PAD_SIZE MY_AES_BLOCK_SIZE
-#else
-# define WOLFSSL_PAD_SIZE 0
-#endif
-
 /* Whether to disable file system cache */
 char	srv_disable_sort_file_cache;
 
@@ -4627,7 +4619,7 @@ row_merge_build_indexes(
 
 	if (log_tmp_is_encrypted()) {
 		crypt_block = static_cast<row_merge_block_t*>(
-			alloc.allocate_large(block_size + WOLFSSL_PAD_SIZE,
+			alloc.allocate_large(block_size,
 					     &crypt_pfx));
 
 		if (crypt_block == NULL) {
@@ -4999,7 +4991,7 @@ row_merge_build_indexes(
 
 	if (crypt_block) {
 		alloc.deallocate_large(crypt_block, &crypt_pfx,
-				       block_size + WOLFSSL_PAD_SIZE);
+				       block_size);
 	}
 
 	DICT_TF2_FLAG_UNSET(new_table, DICT_TF2_FTS_ADD_DOC_ID);