Commit graph

88 commits

Author SHA1 Message Date
Sergei Golubchik
d6a7aece08 my_sha2 service 2017-03-10 18:21:26 +01:00
Sergei Golubchik
bd1139ad27 cleanup: generalize my_sha1.cc
move most of the code into my_sha.ic, making it independent
from the actual SHAx variant.
2017-03-10 18:21:26 +01:00
Sergei Golubchik
2b1bbac5fa cleanup: remove a duplicate file 2017-03-10 18:21:25 +01:00
Marko Mäkelä
89d80c1b0b Fix many -Wconversion warnings.
Define my_thread_id as an unsigned type, to avoid mismatch with
ulonglong.  Change some parameters to this type.

Use size_t in a few more places.

Declare many flag constants as unsigned to avoid sign mismatch
when shifting bits or applying the unary ~ operator.

When applying the unary ~ operator to enum constants, explictly
cast the result to an unsigned type, because enum constants can
be treated as signed.

In InnoDB, change the source code line number parameters from
ulint to unsigned type. Also, make some InnoDB functions return
a narrower type (unsigned or uint32_t instead of ulint;
bool instead of ibool).
2017-03-07 19:07:27 +02:00
Georg Richter
23628d123b Fix for MDEV-11174:
A GCM encrypted ciphertext must contain an authentication tag with AES_BLOCK_SIZE length, so we need to check that the length of ciphertext is at least AES_BLOCK_SIZE.
2017-02-01 12:14:37 +01:00
Sergei Golubchik
a2bcee626d Merge branch '10.0' into 10.1 2015-12-21 21:24:22 +01:00
Sergei Golubchik
4fdf25afa8 after-merge: 10.0 part of MDEV-9249 (ERR_remove_state) 2015-12-21 16:37:59 +01:00
Sergei Golubchik
66b9a9409c New encryption API. Piece-wise encryption.
Instead of encrypt(src, dst, key, iv) that encrypts all
data in one go, now we have encrypt_init(key,iv),
encrypt_update(src,dst), and encrypt_finish(dst).

This also causes collateral changes in the internal my_crypt.cc
encryption functions and in the encryption service.

There are wrappers to provide the old all-at-once encryption
functionality. But binlog events are often written piecewise,
they'll need the new api.
2015-09-04 10:33:50 +02:00
Sergei Golubchik
e7620ce4ce MDEV-8281 aes_decrypt crashes in block_crypt()
fix aes_decrypt of yassl to support zero-length input
2015-06-27 09:40:54 +02:00
Sergei Golubchik
0f0092720f my_aes_encrypt_gcm() and my_aes_decrypt_gcm() 2015-06-02 19:00:23 +02:00
Sergei Golubchik
ebc5e00641 my_aes_get_size()
return unsigned, not signed.
return a value large enough for GCM
2015-06-02 19:00:23 +02:00
Sergei Golubchik
5091a4ba75 Merge tag 'mariadb-10.0.19' into 10.1 2015-06-01 15:51:25 +02:00
Sergei Golubchik
8827eb8325 MDEV-8162 func_str crashes on SELECT AES_DECRYPT(AES_ENCRYPT(...)) on line 107
encrypting 0 byte string *is* possible
2015-05-15 18:12:02 +02:00
Sergei Golubchik
acd992d4b7 MDEV-8022 Assertion `rc == 0' failed in ma_encrypt on dropping an encrypted Aria table
fix encryption of the last partial block

* now really encrypt it, using key and iv
* support the case of very short plaintext (less than one block)
* recommend aes_ctr over aes_cbc, because the former
  doesn't have problems with partial blocks
2015-05-13 14:27:17 +02:00
Sergei Golubchik
bea3f30d46 move AES_CTR to its own greatly simplified function
* don't use do_crypt() for stream cipher AES_CTR
* rename do_crypt to block_crypt to emphasize its specialization
2015-05-13 14:27:17 +02:00
Sergei Golubchik
93c563d37b MDEV-7788 my_md5 crashes with openssl in fips mode
Tell OpenSSL to use MD5 even if FIPS prohibits it.
This is fine as long as we do not use MD5 for cryptographical
purposes (md5 is used internally for P_S message digests and for view
checksums)
2015-05-03 11:22:02 +02:00
Sergei Golubchik
cc12a35cde MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL
Clear OpenSSL error queue after an error in AES_ENCRYPT/AES_DECRYPT.
Otherwise it might affect current ssl-encrypted connection.
2015-05-03 11:21:57 +02:00
Sergei Golubchik
4d40a7d133 remove now-empty my_aes.{h,cc}
move remaning defines to my_crypt, add MY_ namespace prefix
2015-04-09 18:42:44 +02:00
Sergei Golubchik
bb1b61b312 encryption plugin controls the encryption
* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions
2015-04-09 18:42:43 +02:00
Sergei Golubchik
b937574293 remove old my_aes_encrypt/decrypt
and simplify Item_func_aes_encrypt/decrypt
2015-04-08 10:58:46 +02:00
Sergei Golubchik
91f7363e4b yassl padding 2015-04-08 10:58:46 +02:00
Sergei Golubchik
f444d13a3b my_aes* functions: support for different key lengths
to: different key lengths
2015-04-08 10:58:29 +02:00
Sergei Golubchik
3bbe2057da yassl support 2015-04-05 13:14:38 +02:00
Sergei Golubchik
2f8d101f9e unify my_{en|de}crypt_{cbc|ecb|ctr}. no yassl support yet. 2015-04-05 13:14:37 +02:00
Sergei Golubchik
27cc252bb7 simplify my_crypt.cc, remove duplicate code 2015-04-05 13:14:37 +02:00
Sergei Golubchik
6a7ee5a5a5 encryption cleanup: small changes
* comments
* move my_bytes_to_key() and my_aes_hex2uint() into file_key_management_plugin
* rename HA_INSERT_ORDER -> HA_PRESERVE_INSERT_ORDER
* remove unused variables and declarations
* fix casts
* don't link innodb with pcre
* remove redundant entries from aria's TARGET_LINK_LIBRARIES
2015-04-05 13:14:37 +02:00
Jan Lindström
a3e68b4a55 MDEV-7772: SIGSEGV on my_aes_encrypt_cbc when -DWITH_SSL=bundled
Two problems:
- Read/Write outside of buffer at memcpy() because of incorrect parameters
. OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx.ctx) == iv_length); // ECB does not use IV, thus incorrect assertion

Added:
  mysql-test/include/encryption_algorithms.combinations to run tests with methods cbc, ecb and ctr in
  those systems where they are available (see suite.pm).
2015-03-17 07:00:14 +02:00
Sergei Golubchik
4c9d0b2b0c yassl builds: don't hide mysys_ssl symbols that cannot possibly collide with openssl 2015-02-15 22:14:33 +01:00
Sergei Golubchik
f3da18f635 cmake-time detection for EVP_aes_128_ctr()
because old openssl versions (e.g. on labrador) don't have it
2015-02-10 10:21:18 +01:00
Sergei Golubchik
cf8bf0b68e encryption key management plugin api 2015-02-10 10:21:17 +01:00
Monty
d7d589dc01 Push for testing of encryption 2015-02-10 10:21:17 +01:00
Nirbhay Choubey
61f73d40ca MDEV-7397: SIGSEGV on inserting into a key-less table
When wsrep is enabled, an md5 hash of the entire row is calculated
for tables with no PK. It, however segfaulted as the md5 context
object was not properly constructed.

Fixed by ensuring that the YaSSL's context object gets constructed
explicitly at the specified pre-allocated location (placement)
before its used.

Added a test case.
2014-12-31 19:52:35 -05:00
Sergei Golubchik
d6141a553c MD5 service 2014-10-01 23:38:28 +02:00
Sergei Golubchik
11b6452a0f extend SHA1 service. cleanup of sha1 wrappers 2014-10-01 23:38:28 +02:00
Sergei Golubchik
bec1d903d9 Do the partial merge of WL#5602 correctly:
Remove unused code (that should not have been merged)
  Add protocol extension (that should have been merged)
  Fix bugs (see pack.c)
2013-12-09 12:38:02 +01:00
Sergei Golubchik
3e9446a742 SHA1 service
(because mysql_ssl library is built with -fvisibility=hidden)
2013-07-13 17:48:06 +02:00
Michael Widenius
5f1f2fc0e4 Applied all changes from Igor and Sanja 2013-06-15 18:32:08 +03:00
Michael Widenius
068c61978e Temporary commit of 10.0-merge 2013-03-26 00:03:13 +02:00