diff options
author | Sergei Golubchik <serg@mariadb.org> | 2015-03-31 19:32:35 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2015-04-09 18:42:43 +0200 |
commit | bb1b61b312088ba9f5f2cb606594b6f33c284402 (patch) | |
tree | c5b433d19434e194fb82d2407adbbfee759dfd31 /mysys_ssl/my_crypt.cc | |
parent | 9ccafffc29526ea30151eb3e62901bfdb77aaf84 (diff) | |
download | mariadb-git-bb1b61b312088ba9f5f2cb606594b6f33c284402.tar.gz |
encryption plugin controls the encryption
* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions
Diffstat (limited to 'mysys_ssl/my_crypt.cc')
-rw-r--r-- | mysys_ssl/my_crypt.cc | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 60072a5bbaf..1709ae5e5eb 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -26,8 +26,8 @@ static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION; static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION; typedef TaoCrypt::Mode CipherMode; -static inline CipherMode aes_ecb(uint8) { return TaoCrypt::ECB; } -static inline CipherMode aes_cbc(uint8) { return TaoCrypt::CBC; } +static inline CipherMode aes_ecb(uint) { return TaoCrypt::ECB; } +static inline CipherMode aes_cbc(uint) { return TaoCrypt::CBC; } typedef TaoCrypt::byte KeyByte; @@ -42,7 +42,7 @@ static const Dir CRYPT_DECRYPT = 0; typedef const EVP_CIPHER *CipherMode; #define make_aes_dispatcher(mode) \ - static inline CipherMode aes_ ## mode(uint8 key_length) \ + static inline CipherMode aes_ ## mode(uint key_length) \ { \ switch (key_length) { \ case 16: return EVP_aes_128_ ## mode(); \ @@ -67,10 +67,10 @@ struct MyCTX : EVP_CIPHER_CTX { #endif static int do_crypt(CipherMode cipher, Dir dir, - const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const KeyByte *key, uint8 key_length, - const KeyByte *iv, uint8 iv_length, int no_padding) + const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const KeyByte *key, uint key_length, + const KeyByte *iv, uint iv_length, int no_padding) { int tail= source_length % MY_AES_BLOCK_SIZE; @@ -123,8 +123,8 @@ static int do_crypt(CipherMode cipher, Dir dir, EVP_CIPHER_CTX_set_padding(&ctx, !no_padding); - DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length); - DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length); + DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == (int)key_length); + DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == (int)iv_length); DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding); /* use built-in OpenSSL padding, if possible */ @@ -164,11 +164,11 @@ C_MODE_START #ifdef HAVE_EncryptAes128Ctr -int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_encrypt_ctr(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { /* CTR is a stream cipher mode, it needs no special padding code */ return do_crypt(aes_ctr(key_length), CRYPT_ENCRYPT, source, source_length, @@ -176,11 +176,11 @@ int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, } -int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_decrypt_ctr(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_ctr(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, 0); @@ -188,41 +188,41 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, #endif /* HAVE_EncryptAes128Ctr */ -int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_encrypt_ecb(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_ecb(key_length), CRYPT_ENCRYPT, source, source_length, dest, dest_length, key, key_length, 0, 0, no_padding); } -int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_decrypt_ecb(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_ecb(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, 0, 0, no_padding); } -int my_aes_encrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_encrypt_cbc(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_cbc(key_length), CRYPT_ENCRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, no_padding); } -int my_aes_decrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_decrypt_cbc(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_cbc(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, no_padding); |