MDEV-22221: MariaDB with WolfSSL doesn't support AES-GCM cipher for SSL

Enable AES-GCM for SSL (only).

AES-GCM for encryption plugins remains disabled (aes-t fails, on some bug
in GCM or CTR padding)

extra/wolfssl/CMakeLists.txt

@@ -134,6 +134,7 @@ IF(WOLFSSL_X86_64_BUILD)
     SET(USE_INTEL_SPEEDUP 1)
     LIST(APPEND WOLFCRYPT_SOURCES
       ${WOLFCRYPT_SRCDIR}/aes_asm.S
+      ${WOLFCRYPT_SRCDIR}/aes_gcm_asm.S
       ${WOLFCRYPT_SRCDIR}/sha512_asm.S
       ${WOLFCRYPT_SRCDIR}/sha256_asm.S)
     ADD_DEFINITIONS(-maes -msse4.2 -mpclmul)

extra/wolfssl/user_settings.h.in

@@ -17,6 +17,7 @@
 #define WC_RSA_BLINDING
 #define HAVE_TLS_EXTENSIONS
 #define HAVE_AES_ECB
+#define HAVE_AESGCM
 #define WOLFSSL_AES_COUNTER
 #define NO_WOLFSSL_STUB
 #define OPENSSL_ALL

include/mysql/service_my_crypt.h

@@ -45,7 +45,7 @@ extern "C" {
 /* The max key length of all supported algorithms */
 #define MY_AES_MAX_KEY_LENGTH 32
 
-#define MY_AES_CTX_SIZE 640
+#define MY_AES_CTX_SIZE 656
 
 enum my_aes_mode {
     MY_AES_ECB, MY_AES_CBC

mysql-test/main/wolfssl.opt

@@ -0,0 +1 @@
+--ssl_cipher=ECDHE-RSA-AES256-GCM-SHA384

mysql-test/main/wolfssl.test

@@ -0,0 +1,6 @@
+#
+# Various tests that require WolfSSL
+#
+--source include/have_ssl_communication.inc
+--source include/not_embedded.inc
+SELECT @@ssl_cipher;