From 9a8f112d02340eaf84dd9ef92d8616a2609ad224 Mon Sep 17 00:00:00 2001
From: Vladislav Vaintroub <wlad@mariadb.com>
Date: Thu, 7 May 2020 13:25:56 +0200
Subject: Fix WolfSSL build

- Do not build with TLSv1.0,it stopped working,at least with SChannel client
- Disable a test that depends on TLSv1.0
- define FP_MAX_BITS always, to fix 32bit builds.
- Increase MAX_AES_CTX_SIZE, to fix build on Linux
---
 extra/wolfssl/user_settings.h.in | 7 +++++--
 include/mysql/service_my_crypt.h | 2 +-
 mysql-test/suite.pm              | 3 +++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/extra/wolfssl/user_settings.h.in b/extra/wolfssl/user_settings.h.in
index c70ca0cb935..de9d9b5a8d9 100644
--- a/extra/wolfssl/user_settings.h.in
+++ b/extra/wolfssl/user_settings.h.in
@@ -20,15 +20,18 @@
 #define WOLFSSL_AES_COUNTER
 #define NO_WOLFSSL_STUB
 #define OPENSSL_ALL
-#define WOLFSSL_ALLOW_TLSV10
 #define NO_OLD_TIMEVAL_NAME
+/*
+  FP_MAX_BITS is set high solely to satisfy ssl_8k_key.test
+  WolfSSL will use more stack space with it, with fastmath
+*/
+#define FP_MAX_BITS 16384
 
 #cmakedefine WOLFSSL_AESNI
 #cmakedefine USE_FAST_MATH
 #cmakedefine TFM_TIMING_RESISTANT
 #cmakedefine HAVE_INTEL_RDSEED
 #cmakedefine USE_INTEL_SPEEDUP
-#cmakedefine FP_MAX_BITS @FP_MAX_BITS@
 #cmakedefine USE_FAST_MATH
 #cmakedefine WOLFSSL_X86_64_BUILD
 
diff --git a/include/mysql/service_my_crypt.h b/include/mysql/service_my_crypt.h
index ffcd3d02d55..930d12a7dd1 100644
--- a/include/mysql/service_my_crypt.h
+++ b/include/mysql/service_my_crypt.h
@@ -45,7 +45,7 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
 
-#define MY_AES_CTX_SIZE 620
+#define MY_AES_CTX_SIZE 640
 
 enum my_aes_mode {
     MY_AES_ECB, MY_AES_CBC
diff --git a/mysql-test/suite.pm b/mysql-test/suite.pm
index cb30a3186e5..4cf55e3eac8 100644
--- a/mysql-test/suite.pm
+++ b/mysql-test/suite.pm
@@ -74,6 +74,9 @@ sub skip_combinations {
   $skip{'main/ssl_verify_ip.test'} = 'x509v3 support required'
     unless $openssl_ver ge "1.0.2";
 
+  $skip{'main/tls_version1.test'} = 'No TLSv1.0 support'
+    if $ssl_lib =~ /WolfSSL/;
+
   %skip;
 }
 
-- 
cgit v1.2.1