Merge 10.1 into 10.2

Also, include fixes by Vladislav Vaintroub to the
aws_key_management plugin. The AWS C++ SDK specifically depends on
OPENSSL_LIBRARIES, not generic SSL_LIBRARIES (such as YaSSL).

3 files changed, 104 insertions, 65 deletions

diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc
index a1f1ed1fad4..141599c53de 100644
--- a/plugin/file_key_management/file_key_management_plugin.cc
+++ b/plugin/file_key_management/file_key_management_plugin.cc
@@ -13,7 +13,8 @@
  along with this program; if not, write to the Free Software
  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
 
-
+#include <my_global.h>
+#include <typelib.h>
 #include "parser.h"
 #include <mysql/plugin_encryption.h>
 #include <string.h>
@@ -65,22 +66,14 @@ static struct st_mysql_sys_var* settings[] = {
   NULL
 };
 
-Dynamic_array<keyentry> keys(static_cast<uint>(0));
+std::map<unsigned int,keyentry> keys;
 
 static keyentry *get_key(unsigned int key_id)
 {
-  keyentry *a= keys.front(), *b= keys.back() + 1, *c;
-  while (b - a > 1)
-  {
-    c= a + (b - a)/2;
-    if (c->id == key_id)
-      return c;
-    else if (c->id < key_id)
-      a= c;
-    else
-      b= c;
-  }
-  return a->id == key_id ? a : 0;
+  keyentry &key= keys[key_id];
+  if (key.id == 0)
+    return 0;
+  return &key;
 }
 
 /* the version is always the same, no automatic key rotation */
@@ -146,20 +139,37 @@ static int ctx_init(void *ctx, const unsigned char* key, unsigned int klen,
   return my_aes_crypt_init(ctx, mode(flags), flags, key, klen, iv, ivlen);
 }
 
+static int ctx_update(void *ctx, const unsigned char *src, unsigned int slen,
+  unsigned char *dst, unsigned int *dlen)
+{
+  return my_aes_crypt_update(ctx, src, slen, dst, dlen);
+}
+
+
+static int ctx_finish(void *ctx, unsigned char *dst, unsigned int *dlen)
+{
+  return my_aes_crypt_finish(ctx, dst, dlen);
+}
+
 static unsigned int get_length(unsigned int slen, unsigned int key_id,
                                unsigned int key_version)
 {
   return my_aes_get_size(mode(0), slen);
 }
 
+static uint ctx_size(uint, uint)
+{
+  return my_aes_ctx_size(mode(0));
+}
+
 struct st_mariadb_encryption file_key_management_plugin= {
   MariaDB_ENCRYPTION_INTERFACE_VERSION,
   get_latest_version,
   get_key_from_key_file,
-  (uint (*)(unsigned int, unsigned int))my_aes_ctx_size,
+  ctx_size,
   ctx_init,
-  my_aes_crypt_update,
-  my_aes_crypt_finish,
+  ctx_update,
+  ctx_finish,
   get_length
 };
 
@@ -171,7 +181,7 @@ static int file_key_management_plugin_init(void *p)
 
 static int file_key_management_plugin_deinit(void *p)
 {
-  keys.free_memory();
+  keys.clear();
   return 0;
 }
 
diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 047e9153ec2..ac78186a488 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -143,13 +143,13 @@ void Parser::bytes_to_key(const unsigned char *salt, const char *input,
 }
 
 
-bool Parser::parse(Dynamic_array<keyentry> *keys)
+bool Parser::parse(std::map<uint,keyentry> *keys)
 {
   const char *secret= filekey;
   char buf[MAX_SECRET_SIZE + 1];
 
   //If secret starts with FILE: interpret the secret as a filename.
-  if (is_prefix(filekey, FILE_PREFIX))
+  if (strncmp(filekey, FILE_PREFIX,sizeof(FILE_PREFIX) -1) == 0)
   {
     if (read_filekey(filekey + sizeof(FILE_PREFIX) - 1, buf))
       return 1;
@@ -166,22 +166,26 @@ bool Parser::parse(Dynamic_array<keyentry> *keys)
 
 bool Parser::read_filekey(const char *filekey, char *secret)
 {
-  int f= my_open(filekey, O_RDONLY, MYF(MY_WME));
+  int f= open(filekey, O_RDONLY|O_BINARY);
   if (f == -1)
+  {
+    my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno);
     return 1;
-  int len= my_read(f, (uchar*)secret, MAX_SECRET_SIZE, MYF(MY_WME));
-  my_close(f, MYF(MY_WME));
+  }
+
+  int len= read(f, secret, MAX_SECRET_SIZE);
   if (len <= 0)
+  {
+    my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
+    close(f);
     return 1;
+  }
+  close(f);
   while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
   secret[len]= '\0';
   return 0;
 }
 
-static int sort_keys(const keyentry *k1, const keyentry *k2)
-{
-  return k1->id < k2->id ? -1 : k1->id > k2->id;
-}
 
 /**
    Get the keys from the key file <filename> and decrypt it with the
@@ -191,7 +195,7 @@ static int sort_keys(const keyentry *k1, const keyentry *k2)
    @return 0 when ok, 1 for an error
  */
 
-bool Parser::parse_file(Dynamic_array<keyentry> *keys, const char *secret)
+bool Parser::parse_file(std::map<uint,keyentry> *keys, const char *secret)
 {
   char *buffer= read_and_decrypt_file(secret);
 
@@ -208,19 +212,16 @@ bool Parser::parse_file(Dynamic_array<keyentry> *keys, const char *secret)
     case 1: // comment
       break;
     case -1: // error
-      my_free(buffer);
+      free(buffer);
       return 1;
     case 0:
-      if (keys->push(key))
-        return 1;
+      (*keys)[key.id] = key;
       break;
     }
   }
 
-  keys->sort(sort_keys);
-  my_free(buffer);
-
-  if (keys->elements() == 0 || keys->at(0).id != 1)
+  free(buffer);
+  if (keys->size() == 0 || (*keys)[1].id == 0)
   {
     report_error("System key id 1 is missing", 0);
     return 1;
@@ -232,7 +233,7 @@ bool Parser::parse_file(Dynamic_array<keyentry> *keys, const char *secret)
 void Parser::report_error(const char *reason, uint position)
 {
   my_printf_error(EE_READ, "%s at %s line %u, column %u",
-    MYF(ME_NOREFRESH), reason, filename, line_number, position + 1);
+    ME_ERROR_LOG, reason, filename, line_number, position + 1);
 }
 
 /*
@@ -247,16 +248,25 @@ int Parser::parse_line(char **line_ptr, keyentry *key)
   while (isspace(*p) && *p != '\n') p++;
   if (*p != '#' && *p != '\n')
   {
-    int error;
-    p+= 100; // the number will surely end here (on a non-digit or with an overflow)
-    longlong id= my_strtoll10(p - 100, &p, &error);
-    if (error)
+    if (!isdigit(*p))
     {
       report_error("Syntax error", p - *line_ptr);
       return -1;
     }
 
-    if (id < 1 || id > UINT_MAX32)
+    longlong id = 0;
+    while (isdigit(*p))
+    {
+      id = id * 10 + *p - '0';
+      if (id > UINT_MAX32)
+      {
+        report_error("Invalid key id", p - *line_ptr);
+        return -1;
+      }
+      p++;
+    }
+
+    if (id < 1)
     {
       report_error("Invalid key id", p - *line_ptr);
       return -1;
@@ -269,7 +279,7 @@ int Parser::parse_line(char **line_ptr, keyentry *key)
     }
 
     p++;
-    key->id= id;
+    key->id= (unsigned int)id;
     key->length=0;
     while (isxdigit(p[0]) && isxdigit(p[1]) && key->length < sizeof(key->key))
     {
@@ -295,26 +305,35 @@ int Parser::parse_line(char **line_ptr, keyentry *key)
    'secret'.  Store the content of the decrypted file in 'buffer'. The
    buffer has to be freed in the calling function.
  */
+#ifdef _WIN32
+#define lseek _lseeki64
+#endif
 
 char* Parser::read_and_decrypt_file(const char *secret)
 {
+  int f;
   if (!filename || !filename[0])
   {
-    my_printf_error(EE_CANT_OPEN_STREAM,
-                    "file-key-management-filename is not set",
-                    MYF(ME_NOREFRESH));
+    my_printf_error(EE_CANT_OPEN_STREAM, "file-key-management-filename is not set",
+                    ME_ERROR_LOG);
     goto err0;
   }
 
-  int f;
-  if ((f= my_open(filename, O_RDONLY, MYF(MY_WME))) < 0)
+  f= open(filename, O_RDONLY|O_BINARY, 0);
+  if (f < 0)
+  {
+    my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filename, errno);
     goto err0;
+  }
 
   my_off_t file_size;
-  file_size= my_seek(f, 0, SEEK_END, MYF(MY_WME));
+  file_size= lseek(f, 0, SEEK_END);
 
-  if (file_size == MY_FILEPOS_ERROR)
+  if (file_size == MY_FILEPOS_ERROR || (my_off_t)lseek(f, 0, SEEK_SET) == MY_FILEPOS_ERROR)
+  {
+    my_error(EE_CANT_SEEK, MYF(0), filename, errno);
     goto err1;
+  }
 
   if (file_size > MAX_KEY_FILE_SIZE)
   {
@@ -324,57 +343,67 @@ char* Parser::read_and_decrypt_file(const char *secret)
 
   //Read file into buffer
   uchar *buffer;
-  buffer= (uchar*)my_malloc(file_size + 1, MYF(MY_WME));
+  buffer= (uchar*)malloc((size_t)file_size + 1);
   if (!buffer)
+  {
+    my_error(EE_OUTOFMEMORY, ME_ERROR_LOG| ME_FATAL, file_size);
     goto err1;
+  }
 
-  if (my_pread(f, buffer, file_size, 0, MYF(MY_WME)) != file_size)
+  if (read(f, buffer, (int)file_size) != (int)file_size)
+  {
+    my_printf_error(EE_READ,
+      "read from %s failed, errno %d",
+      MYF(ME_ERROR_LOG|ME_FATAL), filename, errno);
     goto err2;
+  }
 
 // Check for file encryption
   uchar *decrypted;
-  if (file_size > OpenSSL_prefix_len && is_prefix((char*)buffer, OpenSSL_prefix))
+  if (file_size > OpenSSL_prefix_len && strncmp((char*)buffer, OpenSSL_prefix, OpenSSL_prefix_len) == 0)
   {
     uchar key[OpenSSL_key_len];
     uchar iv[OpenSSL_iv_len];
 
-    decrypted= (uchar*)my_malloc(file_size, MYF(MY_WME));
+    decrypted= (uchar*)malloc((size_t)file_size);
     if (!decrypted)
+    {
+      my_error(EE_OUTOFMEMORY, ME_ERROR_LOG | ME_FATAL, file_size);
       goto err2;
-
+    }
     bytes_to_key(buffer + OpenSSL_prefix_len, secret, key, iv);
     uint32 d_size;
     if (my_aes_crypt(MY_AES_CBC, ENCRYPTION_FLAG_DECRYPT,
                      buffer + OpenSSL_prefix_len + OpenSSL_salt_len,
-                     file_size - OpenSSL_prefix_len - OpenSSL_salt_len,
+                     (unsigned int)file_size - OpenSSL_prefix_len - OpenSSL_salt_len,
                      decrypted, &d_size, key, OpenSSL_key_len,
                      iv, OpenSSL_iv_len))
 
     {
-      my_printf_error(EE_READ, "Cannot decrypt %s. Wrong key?", MYF(ME_NOREFRESH), filename);
+      my_printf_error(EE_READ, "Cannot decrypt %s. Wrong key?", ME_ERROR_LOG, filename);
       goto err3;
     }
 
-    my_free(buffer);
+    free(buffer);
     buffer= decrypted;
     file_size= d_size;
   }
   else if (*secret)
   {
-    my_printf_error(EE_READ, "Cannot decrypt %s. Not encrypted", MYF(ME_NOREFRESH), filename);
+    my_printf_error(EE_READ, "Cannot decrypt %s. Not encrypted", ME_ERROR_LOG, filename);
     goto err2;
   }
 
   buffer[file_size]= '\0';
-  my_close(f, MYF(MY_WME));
+  close(f);
   return (char*) buffer;
 
 err3:
-  my_free(decrypted);
+  free(decrypted);
 err2:
-  my_free(buffer);
+  free(buffer);
 err1:
-  my_close(f, MYF(MY_WME));
+  close(f);
 err0:
   return NULL;
 }
diff --git a/plugin/file_key_management/parser.h b/plugin/file_key_management/parser.h
index c8349db70a0..627b7fd84a6 100644
--- a/plugin/file_key_management/parser.h
+++ b/plugin/file_key_management/parser.h
@@ -22,7 +22,7 @@ Created 09/15/2014
 
 #include <my_crypt.h>
 #include <ctype.h>
-#include <sql_array.h>
+#include <map>
 
 struct keyentry {
   unsigned int id;
@@ -42,7 +42,7 @@ class Parser
   void bytes_to_key(const unsigned char *salt, const char *secret,
                     unsigned char *key, unsigned char *iv);
   bool read_filekey(const char *filekey, char *secret);
-  bool parse_file(Dynamic_array<keyentry> *keys, const char *secret);
+  bool parse_file(std::map<unsigned int ,keyentry> *keys, const char *secret);
   void report_error(const char *reason, unsigned int position);
   int parse_line(char **line_ptr, keyentry *key);
   char* read_and_decrypt_file(const char *secret);
@@ -50,5 +50,5 @@ class Parser
 public:
   Parser(const char* fn, const char *fk) :
     filename(fn), filekey(fk), line_number(0) { }
-  bool parse(Dynamic_array<keyentry> *keys);
+  bool parse(std::map<unsigned int ,keyentry> *keys);
 };