New encryption API. Piece-wise encryption.

Instead of encrypt(src, dst, key, iv) that encrypts all data in one go, now we have encrypt_init(key,iv), encrypt_update(src,dst), and encrypt_finish(dst). This also causes collateral changes in the internal my_crypt.cc encryption functions and in the encryption service. There are wrappers to provide the old all-at-once encryption functionality. But binlog events are often written piecewise, they'll need the new api.
author: Sergei Golubchik <serg@mariadb.org> 2015-09-04 10:32:52 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2015-09-04 10:33:50 +0200
commit: 66b9a9409c73e298d6ceb668783a7cdd5ee85a69 (patch)
tree: be04b2c42d1b858756c5a8ba5355abd961589ec8 /sql/mf_iocache_encr.cc
parent: d94a982adbc21d74c0202f1ef64119baeb27c597 (diff)
download: mariadb-git-66b9a9409c73e298d6ceb668783a7cdd5ee85a69.tar.gz
1 files changed, 9 insertions, 7 deletions
diff --git a/sql/mf_iocache_encr.cc b/sql/mf_iocache_encr.cc
index d215636d62a..96658e2e3d0 100644
--- a/sql/mf_iocache_encr.cc
+++ b/sql/mf_iocache_encr.cc
@@ -95,9 +95,10 @@ static int my_b_encr_read(IO_CACHE *info, uchar *Buffer, size_t Count)
     elength= wlength - (ebuffer - wbuffer);
     set_iv(iv, pos_in_file, crypt_data->inbuf_counter);
 
-    if (encryption_decrypt(ebuffer, elength, info->buffer, &length,
-                           crypt_data->key, sizeof(crypt_data->key),
-                           iv, sizeof(iv), 0, keyid, keyver))
+    if (encryption_crypt(ebuffer, elength, info->buffer, &length,
+                         crypt_data->key, sizeof(crypt_data->key),
+                         iv, sizeof(iv), ENCRYPTION_FLAG_DECRYPT,
+                         keyid, keyver))
     {
       my_errno= 1;
       DBUG_RETURN(info->error= -1);
@@ -175,9 +176,10 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
     crypt_data->inbuf_counter= crypt_data->counter;
     set_iv(iv, info->pos_in_file, crypt_data->inbuf_counter);
 
-    if (encryption_encrypt(Buffer, length, ebuffer, &elength,
-                           crypt_data->key, sizeof(crypt_data->key),
-                           iv, sizeof(iv), 0, keyid, keyver))
+    if (encryption_crypt(Buffer, length, ebuffer, &elength,
+                         crypt_data->key, sizeof(crypt_data->key),
+                         iv, sizeof(iv), ENCRYPTION_FLAG_ENCRYPT,
+                         keyid, keyver))
     {
       my_errno= 1;
       DBUG_RETURN(info->error= -1);
@@ -191,7 +193,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
         buffer_length bytes should *always* produce block_length bytes
       */
       DBUG_ASSERT(crypt_data->block_length == 0 || crypt_data->block_length == wlength);
-      DBUG_ASSERT(elength <= my_aes_get_size(length));
+      DBUG_ASSERT(elength <= encryption_encrypted_length(length, keyid, keyver));
       crypt_data->block_length= wlength;
     }
     else
author	Sergei Golubchik <serg@mariadb.org>	2015-09-04 10:32:52 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2015-09-04 10:33:50 +0200
commit	66b9a9409c73e298d6ceb668783a7cdd5ee85a69 (patch)
tree	be04b2c42d1b858756c5a8ba5355abd961589ec8 /sql/mf_iocache_encr.cc
parent	d94a982adbc21d74c0202f1ef64119baeb27c597 (diff)
download	mariadb-git-66b9a9409c73e298d6ceb668783a7cdd5ee85a69.tar.gz