From 66b9a9409c73e298d6ceb668783a7cdd5ee85a69 Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <serg@mariadb.org>
Date: Fri, 4 Sep 2015 10:32:52 +0200
Subject: New encryption API. Piece-wise encryption.

Instead of encrypt(src, dst, key, iv) that encrypts all
data in one go, now we have encrypt_init(key,iv),
encrypt_update(src,dst), and encrypt_finish(dst).

This also causes collateral changes in the internal my_crypt.cc
encryption functions and in the encryption service.

There are wrappers to provide the old all-at-once encryption
functionality. But binlog events are often written piecewise,
they'll need the new api.
---
 sql/mf_iocache_encr.cc | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'sql/mf_iocache_encr.cc')

diff --git a/sql/mf_iocache_encr.cc b/sql/mf_iocache_encr.cc
index d215636d62a..96658e2e3d0 100644
--- a/sql/mf_iocache_encr.cc
+++ b/sql/mf_iocache_encr.cc
@@ -95,9 +95,10 @@ static int my_b_encr_read(IO_CACHE *info, uchar *Buffer, size_t Count)
     elength= wlength - (ebuffer - wbuffer);
     set_iv(iv, pos_in_file, crypt_data->inbuf_counter);
 
-    if (encryption_decrypt(ebuffer, elength, info->buffer, &length,
-                           crypt_data->key, sizeof(crypt_data->key),
-                           iv, sizeof(iv), 0, keyid, keyver))
+    if (encryption_crypt(ebuffer, elength, info->buffer, &length,
+                         crypt_data->key, sizeof(crypt_data->key),
+                         iv, sizeof(iv), ENCRYPTION_FLAG_DECRYPT,
+                         keyid, keyver))
     {
       my_errno= 1;
       DBUG_RETURN(info->error= -1);
@@ -175,9 +176,10 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
     crypt_data->inbuf_counter= crypt_data->counter;
     set_iv(iv, info->pos_in_file, crypt_data->inbuf_counter);
 
-    if (encryption_encrypt(Buffer, length, ebuffer, &elength,
-                           crypt_data->key, sizeof(crypt_data->key),
-                           iv, sizeof(iv), 0, keyid, keyver))
+    if (encryption_crypt(Buffer, length, ebuffer, &elength,
+                         crypt_data->key, sizeof(crypt_data->key),
+                         iv, sizeof(iv), ENCRYPTION_FLAG_ENCRYPT,
+                         keyid, keyver))
     {
       my_errno= 1;
       DBUG_RETURN(info->error= -1);
@@ -191,7 +193,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
         buffer_length bytes should *always* produce block_length bytes
       */
       DBUG_ASSERT(crypt_data->block_length == 0 || crypt_data->block_length == wlength);
-      DBUG_ASSERT(elength <= my_aes_get_size(length));
+      DBUG_ASSERT(elength <= encryption_encrypted_length(length, keyid, keyver));
       crypt_data->block_length= wlength;
     }
     else
-- 
cgit v1.2.1