mirror of
https://github.com/MariaDB/server.git
synced 2025-01-15 19:42:28 +01:00
123 lines
3.7 KiB
C++
123 lines
3.7 KiB
C++
/*
|
|
TODO: add support for YASSL
|
|
*/
|
|
|
|
#include <my_global.h>
|
|
#include <my_crypt.h>
|
|
|
|
/* YASSL doesn't support EVP_CIPHER_CTX */
|
|
#ifdef HAVE_EncryptAes128Ctr
|
|
|
|
#include "mysql.h"
|
|
#include <openssl/evp.h>
|
|
#include <openssl/aes.h>
|
|
|
|
static const int CRYPT_ENCRYPT = 1;
|
|
static const int CRYPT_DECRYPT = 0;
|
|
|
|
C_MODE_START
|
|
|
|
static int do_crypt(const EVP_CIPHER *cipher, int mode,
|
|
const uchar* source, uint32 source_length,
|
|
uchar* dest, uint32* dest_length,
|
|
const unsigned char* key, uint8 key_length,
|
|
const unsigned char* iv, uint8 iv_length,
|
|
uint noPadding)
|
|
{
|
|
int res= AES_OPENSSL_ERROR;
|
|
EVP_CIPHER_CTX ctx;
|
|
EVP_CIPHER_CTX_init(&ctx);
|
|
if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, mode))
|
|
goto err;
|
|
if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length))
|
|
goto err;
|
|
res= AES_OK;
|
|
err:
|
|
EVP_CIPHER_CTX_cleanup(&ctx);
|
|
return res;
|
|
}
|
|
|
|
|
|
int my_aes_encrypt_ctr(const uchar* source, uint32 source_length,
|
|
uchar* dest, uint32* dest_length,
|
|
const unsigned char* key, uint8 key_length,
|
|
const unsigned char* iv, uint8 iv_length,
|
|
uint noPadding)
|
|
{
|
|
return do_crypt(EVP_aes_128_ctr(), CRYPT_ENCRYPT, source, source_length,
|
|
dest, dest_length, key, key_length, iv, iv_length, noPadding);
|
|
}
|
|
|
|
|
|
int my_aes_decrypt_ctr(const uchar* source, uint32 source_length,
|
|
uchar* dest, uint32* dest_length,
|
|
const unsigned char* key, uint8 key_length,
|
|
const unsigned char* iv, uint8 iv_length,
|
|
uint noPadding)
|
|
{
|
|
return do_crypt(EVP_aes_128_ctr(), CRYPT_DECRYPT, source, source_length,
|
|
dest, dest_length, key, key_length, iv, iv_length, noPadding);
|
|
}
|
|
|
|
|
|
int my_aes_encrypt_ecb(const uchar* source, uint32 source_length,
|
|
uchar* dest, uint32* dest_length,
|
|
const unsigned char* key, uint8 key_length,
|
|
const unsigned char* iv, uint8 iv_length,
|
|
uint noPadding)
|
|
{
|
|
return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length,
|
|
dest, dest_length, key, key_length, iv, iv_length, noPadding);
|
|
}
|
|
|
|
int my_aes_decrypt_ecb(const uchar* source, uint32 source_length,
|
|
uchar* dest, uint32* dest_length,
|
|
const unsigned char* key, uint8 key_length,
|
|
const unsigned char* iv, uint8 iv_length,
|
|
uint noPadding)
|
|
{
|
|
return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length,
|
|
dest, dest_length, key, key_length, iv, iv_length, noPadding);
|
|
}
|
|
|
|
C_MODE_END
|
|
|
|
#endif /* HAVE_EncryptAes128Ctr */
|
|
|
|
#if defined(HAVE_YASSL)
|
|
|
|
#include <random.hpp>
|
|
|
|
C_MODE_START
|
|
|
|
int my_random_bytes(uchar* buf, int num)
|
|
{
|
|
TaoCrypt::RandomNumberGenerator rand;
|
|
rand.GenerateBlock((TaoCrypt::byte*) buf, num);
|
|
return AES_OK;
|
|
}
|
|
|
|
C_MODE_END
|
|
|
|
#else /* OpenSSL */
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
C_MODE_START
|
|
|
|
int my_random_bytes(uchar* buf, int num)
|
|
{
|
|
/*
|
|
Unfortunately RAND_bytes manual page does not provide any guarantees
|
|
in relation to blocking behavior. Here we explicitly use SSLeay random
|
|
instead of whatever random engine is currently set in OpenSSL. That way
|
|
we are guaranteed to have a non-blocking random.
|
|
*/
|
|
RAND_METHOD* rand = RAND_SSLeay();
|
|
if (rand == NULL || rand->bytes(buf, num) != 1)
|
|
return AES_OPENSSL_ERROR;
|
|
return AES_OK;
|
|
}
|
|
|
|
C_MODE_END
|
|
#endif /* HAVE_YASSL */
|