diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2015-05-27 19:41:29 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2015-06-02 19:00:23 +0200 |
| commit | ebc5e00641ea63d91a65921ea827f448064f9a7e (patch) | |
| tree | e8d92d73e460d48e0b49e0bdb4e2de5f25b74554 | |
| parent | 487e5f45908c04d63a9becf1078ecaeaf658f0ae (diff) | |
| download | mariadb-git-ebc5e00641ea63d91a65921ea827f448064f9a7e.tar.gz | |
my_aes_get_size()
return unsigned, not signed.
return a value large enough for GCM
| -rw-r--r-- | include/my_crypt.h | 2 | ||||
| -rw-r--r-- | mysys/mf_iocache.c | 2 | ||||
| -rw-r--r-- | mysys_ssl/my_crypt.cc | 18 | ||||
| -rw-r--r-- | sql/mf_iocache_encr.cc | 2 |
4 files changed, 13 insertions, 11 deletions
diff --git a/include/my_crypt.h b/include/my_crypt.h index 655d1641136..821b4d2fa8c 100644 --- a/include/my_crypt.h +++ b/include/my_crypt.h @@ -73,7 +73,7 @@ int my_aes_decrypt_ecb(const uchar* source, uint source_length, int my_random_bytes(uchar* buf, int num); -int my_aes_get_size(int source_length); +uint my_aes_get_size(uint source_length); #ifdef __cplusplus } diff --git a/mysys/mf_iocache.c b/mysys/mf_iocache.c index 28e5e72130d..4591557baf0 100644 --- a/mysys/mf_iocache.c +++ b/mysys/mf_iocache.c @@ -265,7 +265,7 @@ int init_io_cache(IO_CACHE *info, File file, size_t cachesize, if (type == SEQ_READ_APPEND) buffer_block *= 2; else if (cache_myflags & MY_ENCRYPT) - buffer_block= 2*(buffer_block + MY_AES_BLOCK_SIZE) + sizeof(IO_CACHE_CRYPT); + buffer_block= 2*my_aes_get_size(buffer_block) + sizeof(IO_CACHE_CRYPT); if (cachesize == min_cache) flags|= (myf) MY_WME; diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 7ca65b253e6..04771aeb954 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -292,16 +292,18 @@ C_MODE_END /** Get size of buffer which will be large enough for encrypted data - SYNOPSIS - my_aes_get_size() - @param source_length [in] Length of data to be encrypted + The buffer should be sufficiently large to fit encrypted data + independently from the encryption algorithm and mode. With padding up to + MY_AES_BLOCK_SIZE bytes can be added. With GCM, exactly MY_AES_BLOCK_SIZE + bytes are added. - @return - Size of buffer required to store encrypted data + The actual length of the encrypted data is returned from the encryption + function (e.g. from my_aes_encrypt_cbc). + + @return required buffer size */ -int my_aes_get_size(int source_length) +uint my_aes_get_size(uint source_length) { - return MY_AES_BLOCK_SIZE * (source_length / MY_AES_BLOCK_SIZE) - + MY_AES_BLOCK_SIZE; + return source_length + MY_AES_BLOCK_SIZE; } diff --git a/sql/mf_iocache_encr.cc b/sql/mf_iocache_encr.cc index 8d1f609a1de..d215636d62a 100644 --- a/sql/mf_iocache_encr.cc +++ b/sql/mf_iocache_encr.cc @@ -191,7 +191,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count) buffer_length bytes should *always* produce block_length bytes */ DBUG_ASSERT(crypt_data->block_length == 0 || crypt_data->block_length == wlength); - DBUG_ASSERT(elength <= length + MY_AES_BLOCK_SIZE); + DBUG_ASSERT(elength <= my_aes_get_size(length)); crypt_data->block_length= wlength; } else |