MDEV-18331 - Libressl as replacement for YASSL, when building WITH_SSL=bundledbb-10.4-mdev-18331

5 files changed, 149 insertions, 48 deletions

diff --git a/.gitignore b/.gitignore
index f0768523e55..bdcc1a7cd74 100644
--- a/.gitignore
+++ b/.gitignore
@@ -252,6 +252,7 @@ tags
 tests/async_queries
 tests/bug25714
 tests/mysql_client_test
+thirdparty/
 storage/mroonga/config.sh
 storage/mroonga/mrn_version.h
 storage/mroonga/data/install.sql
diff --git a/cmake/make_dist.cmake.in b/cmake/make_dist.cmake.in
index 6fad17137fd..99322d94d06 100644
--- a/cmake/make_dist.cmake.in
+++ b/cmake/make_dist.cmake.in
@@ -28,6 +28,8 @@ SET(TAR_EXECUTABLE "@TAR_EXECUTABLE@")
 SET(CMAKE_GENERATOR "@CMAKE_GENERATOR@")
 SET(CMAKE_MAKE_PROGRAM "@CMAKE_MAKE_PROGRAM@")
 SET(CMAKE_SYSTEM_NAME "@CMAKE_SYSTEM_NAME@")
+SET(LIBRESSL_HTTP_URL "@LIBRESSL_HTTP_URL@")
+SET(LIBRESSL_VERSION  "@LIBRESSL_VERSION@")
 
 SET(VERSION "@VERSION@")
 
@@ -41,9 +43,18 @@ FILE(REMOVE ${PACKAGE_DIR}.tar.gz )
 
 IF(GIT_EXECUTABLE)
   MESSAGE(STATUS "Running git checkout-index")
+
+  #Workaround a git bug (usually seen on Windows, requires space in git path)
+  STRING(FIND "${GIT_EXECUTABLE}" " " SPACE_POS)
+  IF(WIN32)
+    SET(GIT_EXE git)
+  ELSE()
+    SET(GIT_EXE ${GIT_EXECUTABLE})
+  ENDIF()
+
   EXECUTE_PROCESS(
     COMMAND "${GIT_EXECUTABLE}" checkout-index --all --prefix=${PACKAGE_DIR}/
-    COMMAND "${GIT_EXECUTABLE}" submodule foreach "${GIT_EXECUTABLE} checkout-index --all --prefix=${PACKAGE_DIR}/$path/"
+    COMMAND "${GIT_EXECUTABLE}" submodule foreach "${GIT_EXE} checkout-index --all --prefix=${PACKAGE_DIR}/$path/"
     WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
     RESULT_VARIABLE RESULT
   )
@@ -52,11 +63,33 @@ IF(GIT_EXECUTABLE)
   ENDIF()
 ENDIF()
 
+# Pack libressl
+MESSAGE(STATUS "Downloading ${LIBRESSL_HTTP_URL}")
+FILE(DOWNLOAD ${LIBRESSL_HTTP_URL} ${CMAKE_CURRENT_BINARY_DIR}/libressl-src.tar.gz STATUS DOWNLOAD_STATUS SHOW_PROGRESS)
+LIST(GET DOWNLOAD_STATUS 0 RETVAL)
+LIST(GET DOWNLOAD_STATUS 1 MSG)
+IF(NOT (RETVAL EQUAL  0))
+  MESSAGE(FATAL_ERROR "Download failed for ${LIBRESSL_HTTP_URL} : ${DOWNLOAD_MESSAGE}")
+ENDIF()
+MESSAGE(STATUS "Extract libressl-${LIBRESSL_VERSION}")
+EXECUTE_PROCESS(COMMAND ${CMAKE_COMMAND} -E tar xzf libressl-src.tar.gz
+  RESULT_VARIABLE RETVAL)
+IF(NOT (RETVAL EQUAL  0))
+  MESSAGE(FATAL_ERROR "Unpacking failed")
+ENDIF()
+FILE(REMOVE ${CMAKE_CURRENT_BINARY_DIR}/libressl-src.tar.gz)
+FILE(MAKE_DIRECTORY ${PACKAGE_DIR}/thirdparty)
+file(COPY ${CMAKE_CURRENT_BINARY_DIR}/libressl-${LIBRESSL_VERSION}   DESTINATION  ${PACKAGE_DIR}/thirdparty/)
+file(REMOVE_RECURSE ${CMAKE_CURRENT_BINARY_DIR}/libressl-${LIBRESSL_VERSION})
+
+
 CONFIGURE_FILE(${CMAKE_BINARY_DIR}/include/source_revision.h
        ${PACKAGE_DIR}/include/source_revision.h COPYONLY)
 
-CONFIGURE_FILE(${CMAKE_BINARY_DIR}/storage/rocksdb/rdb_source_revision.h
+IF(EXISTS ${CMAKE_BINARY_DIR}/storage/rocksdb/rdb_source_revision.h)
+  CONFIGURE_FILE(${CMAKE_BINARY_DIR}/storage/rocksdb/rdb_source_revision.h
        ${PACKAGE_DIR}/storage/rocksdb/rdb_source_revision.h COPYONLY)
+ENDIF()
 
 IF(NOT GIT_EXECUTABLE)
   MESSAGE(STATUS "git not found or source dir is not a repo, use CPack")
diff --git a/cmake/ssl.cmake b/cmake/ssl.cmake
index aa42333a5c8..0357d8043f7 100644
--- a/cmake/ssl.cmake
+++ b/cmake/ssl.cmake
@@ -47,31 +47,119 @@ MACRO (CHANGE_SSL_SETTINGS string)
   SET(WITH_SSL ${string} CACHE STRING ${WITH_SSL_DOC} FORCE)
 ENDMACRO()
 
-MACRO (MYSQL_USE_BUNDLED_SSL)
-  SET(INC_DIRS 
-    ${CMAKE_SOURCE_DIR}/extra/yassl/include
-    ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/include
+INCLUDE(ExternalProject)
+
+set(LIBRESSL_VERSION "2.7.5")
+set(LIBRESSL_HTTP_URL http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL_VERSION}.tar.gz)
+
+MACRO (ADD_EXTERNAL_PROJECT_LIBRESSL)
+  if(MSVC)
+    set(LIBRESSL_EXTRA_CMAKE_C_FLAGS " /wd4152 /wd4701 /wd4702 /wd4090 /wd4295 /wd4132 /wd4204 /wd4206")
+  endif()
+  if(UNIX)
+    set(PIC_FLAG -fPIC)
+  else()
+    set(PIC_FLAG)
+  endif()
+  set(LIBRESSL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/thirdparty/libressl-install")
+  set(LIBRESSL_LOCAL_URL ${CMAKE_SOURCE_DIR}/thirdparty/libressl-${LIBRESSL_VERSION})
+  if(EXISTS ${LIBRESSL_LOCAL_URL})
+    set(LIBRESSL_URL ${LIBRESSL_LOCAL_URL})
+  else()
+    set(LIBRESSL_URL ${LIBRESSL_HTTP_URL})
+  endif()
+  get_property(_GENERATOR_IS_MULTI_CONFIG GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG)
+  if(_GENERATOR_IS_MULTI_CONFIG)
+    SET(flags 
+     CMAKE_C_FLAGS_DEBUG CMAKE_C_FLAGS_RELWITHDEBINFO CMAKE_C_FLAGS_RELEASE CMAKE_C_FLAGS_MINSIZEREL
+     CMAKE_C_FLAGS
+     )
+  else()
+    SET(flags CMAKE_C_FLAGS)
+  endif()
+  set(CFLAGS_ARG)
+  foreach(f ${flags})
+    set(name ${f})
+    set(val ${${f}})
+    if(MSVC)
+      string(REGEX REPLACE "/we[0-9]+" "" "val" ${val})
+      string(REGEX REPLACE "[/-]WX" "" "val" "${val}")
+      string(REGEX REPLACE "[/-]Werror" "" "val" "${val}")
+	  string(REGEX REPLACE "/DWIN32 /D_WINDOWS /W3" "" "val" "${val}")
+    else()
+      string(REGEX REPLACE "-Werror" "" "val" "${val}")
+    endif()
+	IF(MSVC AND (CMAKE_CXX_COMPILER_ID MATCHES Clang))
+	  MESSAGE("CLANG_CL_FLAGS= ${CLANG_CL_FLAGS}")
+	  string(REPLACE "${CLANG_CL_FLAGS}" "" "val" "${val}")
+	ENDIF()
+    list(APPEND CFLAGS_ARG "-D${name}=${val}${LIBRESSL_EXTRA_${name}}")
+  endforeach()
+  IF(MSVC)
+    SET(PATCH_COMMAND PATCH_COMMAND
+     ${CMAKE_COMMAND} -E chdir
+     ${CMAKE_CURRENT_BINARY_DIR}/thirdparty/libressl-prefix/src/libressl/include/openssl
+     powershell -Command "(gc x509.h) -replace '#pragma message', '//#pragma message' | Out-File -Encoding ASCII  x509.h")
+  ENDIF()
+  
+  set(byproducts)
+  foreach(lib crypto ssl)
+    add_library(${lib} STATIC IMPORTED)
+	set(loc "${LIBRESSL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}${lib}${CMAKE_STATIC_LIBRARY_SUFFIX}")
+    set_target_properties(${lib} PROPERTIES IMPORTED_LOCATION ${loc})
+    if(CMAKE_VERSION VERSION_GREATER "3.1")
+      SET(byproducts ${byproducts} BUILD_BYPRODUCTS ${loc})
+    endif()
+    add_dependencies(${lib} libressl)
+  endforeach()
+  IF(MSVC AND (CMAKE_CXX_COMPILER_ID MATCHES Clang) AND (NOT CMAKE_GENERATOR MATCHES "Visual Studio"))
+   # workaround a bug
+   list(APPEND CFLAGS_ARG "-DCMAKE_C_COMPILER=cl" "-DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}")
+  ENDIF()
+  ExternalProject_Add(libressl
+    PREFIX "thirdparty/libressl-prefix"
+    URL ${LIBRESSL_URL}
+    ${PATCH_COMMAND}
+	${byproducts}
+    CMAKE_ARGS
+    -Wno-dev
+    "-DLIBRESSL_TESTS=OFF"
+    "-DLIBRESSL_APPS=OFF"
+    "-DCMAKE_INSTALL_PREFIX=${LIBRESSL_INSTALL_DIR}"
+	${CFLAGS_ARG}
+	${LIBRESSL_CMAKE_CONFIG}
+	${LIBRESSL_CMAKE_GENERATOR}
+	${LIBRESSL_CMAKE_BUILD_COMMAND}
   )
-  SET(SSL_LIBRARIES  yassl taocrypt)
-  SET(SSL_INCLUDE_DIRS ${INC_DIRS})
-  SET(SSL_INTERNAL_INCLUDE_DIRS ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/mySTL)
-  SET(SSL_DEFINES "-DHAVE_YASSL -DYASSL_PREFIX -DHAVE_OPENSSL -DMULTI_THREADED")
-  SET(HAVE_ERR_remove_thread_state OFF CACHE INTERNAL "yassl doesn't have ERR_remove_thread_state")
-  SET(HAVE_EncryptAes128Ctr OFF CACHE INTERNAL "yassl doesn't support AES-CTR")
-  SET(HAVE_EncryptAes128Gcm OFF CACHE INTERNAL "yassl doesn't support AES-GCM")
-  CHANGE_SSL_SETTINGS("bundled")
-  ADD_SUBDIRECTORY(extra/yassl)
-  ADD_SUBDIRECTORY(extra/yassl/taocrypt)
-  GET_TARGET_PROPERTY(src yassl SOURCES)
-  FOREACH(file ${src})
-    SET(SSL_SOURCES ${SSL_SOURCES} ${CMAKE_SOURCE_DIR}/extra/yassl/${file})
-  ENDFOREACH()
-  GET_TARGET_PROPERTY(src taocrypt SOURCES)
-  FOREACH(file ${src})
-    SET(SSL_SOURCES ${SSL_SOURCES}
-      ${CMAKE_SOURCE_DIR}/extra/yassl/taocrypt/${file})
-  ENDFOREACH()
-  MESSAGE_ONCE(SSL_LIBRARIES "SSL_LIBRARIES = ${SSL_LIBRARIES}")
+
+  if (LIBRT)
+    set_target_properties(crypto PROPERTIES INTERFACE_LINK_LIBRARIES  ${LIBRT})
+  endif()
+  set_target_properties(ssl PROPERTIES INTERFACE_LINK_LIBRARIES crypto)
+
+  if (NOT OPENSSL_FOUND)
+    UNSET(OPENSSL_FOUND  CACHE)
+    UNSET(OPENSSL_INCLUDE_DIR CACHE)
+    UNSET(OPENSSL_INCLUDE_DIRS CACHE)
+    UNSET(OPENSSL_SSL_LIBRARY CACHE)
+    UNSET(OPENSSL_CRYPTO_LIBRARY CACHE)
+    UNSET(OPENSSL_LIBRARIES CACHE)
+  endif()
+
+  set(OPENSSL_FOUND TRUE CACHE BOOL "")
+  set(OPENSSL_ROOT_DIR  "${LIBRESSL_INSTALL_DIR}" CACHE BOOL "")
+  set(OPENSSL_INCLUDE_DIR "${LIBRESSL_INSTALL_DIR}/include" CACHE STRING "")
+  set(OPENSSL_LIBRARIES ssl crypto ${LIBRT}  CACHE STRING "")
+  set(HAVE_EVP_aes_128_ctr  TRUE CACHE  BOOL "")
+  set(HAVE_EVP_aes_128_ctr  TRUE CACHE  BOOL "")
+  set(SSL_LIBRARIES ${OPENSSL_LIBRARIES} CACHE STRING "")
+  set(SSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
+  set(SSL_INTERNAL_INCLUDE_DIRS "")
+  set(SSL_DEFINES "-DHAVE_OPENSSL")
+ENDMACRO()
+
+MACRO (MYSQL_USE_BUNDLED_SSL)
+  ADD_EXTERNAL_PROJECT_LIBRESSL()
 ENDMACRO()
 
 # MYSQL_CHECK_SSL
@@ -95,27 +183,6 @@ MACRO (MYSQL_CHECK_SSL)
 
   IF(WITH_SSL STREQUAL "bundled")
     MYSQL_USE_BUNDLED_SSL()
-    # Reset some variables, in case we switch from /path/to/ssl to "bundled".
-    IF (WITH_SSL_PATH)
-      UNSET(WITH_SSL_PATH)
-      UNSET(WITH_SSL_PATH CACHE)
-    ENDIF()
-    IF (OPENSSL_ROOT_DIR)
-      UNSET(OPENSSL_ROOT_DIR)
-      UNSET(OPENSSL_ROOT_DIR CACHE)
-    ENDIF()
-    IF (OPENSSL_INCLUDE_DIR)
-      UNSET(OPENSSL_INCLUDE_DIR)
-      UNSET(OPENSSL_INCLUDE_DIR CACHE)
-    ENDIF()
-    IF (WIN32 AND OPENSSL_APPLINK_C)
-      UNSET(OPENSSL_APPLINK_C)
-      UNSET(OPENSSL_APPLINK_C CACHE)
-    ENDIF()
-    IF (OPENSSL_SSL_LIBRARY)
-      UNSET(OPENSSL_SSL_LIBRARY)
-      UNSET(OPENSSL_SSL_LIBRARY CACHE)
-    ENDIF()
   ELSEIF(WITH_SSL STREQUAL "system" OR
          WITH_SSL STREQUAL "yes" OR
          WITH_SSL_PATH
diff --git a/libmariadb b/libmariadb
-Subproject 34f8887af03d022416dd6593de91d0706e57f46
+Subproject fdda89e89718d90b09cda0cad2e3cfa88eadceb
diff --git a/vio/CMakeLists.txt b/vio/CMakeLists.txt
index 95748224f97..2578ffc1ab0 100644
--- a/vio/CMakeLists.txt
+++ b/vio/CMakeLists.txt
@@ -19,4 +19,4 @@ ADD_DEFINITIONS(${SSL_DEFINES})
 
 SET(VIO_SOURCES vio.c viosocket.c viossl.c viopipe.c viosslfactories.c)
 ADD_CONVENIENCE_LIBRARY(vio ${VIO_SOURCES})
-TARGET_LINK_LIBRARIES(vio ${LIBSOCKET})
+TARGET_LINK_LIBRARIES(vio dbug ${SSL_LIBRARIES} ${LIBSOCKET})