mirror of
https://github.com/MariaDB/server.git
synced 2025-08-09 22:24:09 +03:00
fix log_blocks_crypt() to actually decrypt the encrypted log
It used to double-encrypt it, relying on the fact that second encrypt() call was (like XOR) negating the effect of the first one.
This commit is contained in:
Sergei Golubchik
@@ -172,19 +172,8 @@ log_blocks_crypt(
|
|||||||
uint32 src_len, dst_len;
|
uint32 src_len, dst_len;
|
||||||
byte aes_ctr_counter[MY_AES_BLOCK_SIZE];
|
byte aes_ctr_counter[MY_AES_BLOCK_SIZE];
|
||||||
ulint log_block_no, log_block_start_lsn;
|
ulint log_block_no, log_block_start_lsn;
|
||||||
byte *key;
|
ulint lsn = is_encrypt ? log_sys->lsn : srv_start_lsn;
|
||||||
ulint lsn;
|
|
||||||
if (is_encrypt)
|
|
||||||
{
|
|
||||||
ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
|
||||||
key = (byte *)(log_sys->redo_log_crypt_key);
|
|
||||||
lsn = log_sys->lsn;
|
|
||||||
|
|
||||||
} else {
|
|
||||||
ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
|
||||||
key = (byte *)(recv_sys->recv_log_crypt_key);
|
|
||||||
lsn = srv_start_lsn;
|
|
||||||
}
|
|
||||||
ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0);
|
ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0);
|
||||||
src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE;
|
src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE;
|
||||||
for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE)
|
for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE)
|
||||||
@@ -204,11 +193,24 @@ log_blocks_crypt(
|
|||||||
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
||||||
bzero(aes_ctr_counter + 15, 1);
|
bzero(aes_ctr_counter + 15, 1);
|
||||||
|
|
||||||
int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
int rc;
|
||||||
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
if (is_encrypt) {
|
||||||
(unsigned char*)key, 16,
|
ut_a(log_sys);
|
||||||
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
ut_a(log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
||||||
recv_sys->recv_log_crypt_ver);
|
rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
||||||
|
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
||||||
|
(unsigned char*)(log_sys->redo_log_crypt_key), 16,
|
||||||
|
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
||||||
|
log_sys->redo_log_crypt_ver);
|
||||||
|
} else {
|
||||||
|
ut_a(recv_sys);
|
||||||
|
ut_a(recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
||||||
|
rc = encryption_decrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
||||||
|
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
||||||
|
(unsigned char*)(recv_sys->recv_log_crypt_key), 16,
|
||||||
|
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
||||||
|
recv_sys->recv_log_crypt_ver);
|
||||||
|
}
|
||||||
|
|
||||||
ut_a(rc == MY_AES_OK);
|
ut_a(rc == MY_AES_OK);
|
||||||
ut_a(dst_len == src_len);
|
ut_a(dst_len == src_len);
|
||||||
|
|||||||
@@ -172,19 +172,8 @@ log_blocks_crypt(
|
|||||||
uint32 src_len, dst_len;
|
uint32 src_len, dst_len;
|
||||||
byte aes_ctr_counter[MY_AES_BLOCK_SIZE];
|
byte aes_ctr_counter[MY_AES_BLOCK_SIZE];
|
||||||
ulint log_block_no, log_block_start_lsn;
|
ulint log_block_no, log_block_start_lsn;
|
||||||
byte *key;
|
ulint lsn = is_encrypt ? log_sys->lsn : srv_start_lsn;
|
||||||
ulint lsn;
|
|
||||||
if (is_encrypt)
|
|
||||||
{
|
|
||||||
ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
|
||||||
key = (byte *)(log_sys->redo_log_crypt_key);
|
|
||||||
lsn = log_sys->lsn;
|
|
||||||
|
|
||||||
} else {
|
|
||||||
ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
|
||||||
key = (byte *)(recv_sys->recv_log_crypt_key);
|
|
||||||
lsn = srv_start_lsn;
|
|
||||||
}
|
|
||||||
ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0);
|
ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0);
|
||||||
src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE;
|
src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE;
|
||||||
for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE)
|
for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE)
|
||||||
@@ -204,11 +193,24 @@ log_blocks_crypt(
|
|||||||
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
mach_write_to_4(aes_ctr_counter + 11, log_block_no);
|
||||||
bzero(aes_ctr_counter + 15, 1);
|
bzero(aes_ctr_counter + 15, 1);
|
||||||
|
|
||||||
int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
int rc;
|
||||||
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
if (is_encrypt) {
|
||||||
(unsigned char*)key, 16,
|
ut_a(log_sys);
|
||||||
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
ut_a(log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
||||||
log_sys->redo_log_crypt_ver);
|
rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
||||||
|
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
||||||
|
(unsigned char*)(log_sys->redo_log_crypt_key), 16,
|
||||||
|
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
||||||
|
log_sys->redo_log_crypt_ver);
|
||||||
|
} else {
|
||||||
|
ut_a(recv_sys);
|
||||||
|
ut_a(recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
|
||||||
|
rc = encryption_decrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
|
||||||
|
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
|
||||||
|
(unsigned char*)(recv_sys->recv_log_crypt_key), 16,
|
||||||
|
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
|
||||||
|
recv_sys->recv_log_crypt_ver);
|
||||||
|
}
|
||||||
|
|
||||||
ut_a(rc == MY_AES_OK);
|
ut_a(rc == MY_AES_OK);
|
||||||
ut_a(dst_len == src_len);
|
ut_a(dst_len == src_len);
|
||||||
|
|||||||
Reference in New Issue
Block a user