MDEV-30389 Ensure correct dlen during encryption

This patch ensures that all direct and indirect calls to encryption_crypt provide a `dlen` value correctly initialized to the destination buffer length, allowing encryption plugins to verify available space. It also adds assertions to verify related invariants. Signed-off-by: Trevor Gross <tmgross@umich.edu>
2025-08-07 00:04:31 +03:00 · 2023-01-12 04:58:16 -05:00
parent 01e9e3955a
commit b91d5bcedc
17 changed files with 84 additions and 30 deletions
--- a/include/mysql/plugin_encryption.h
+++ b/include/mysql/plugin_encryption.h
@@ -96,8 +96,11 @@ struct st_mariadb_encryption
  /**
    processes (encrypts or decrypts) a chunk of data

-    writes the output to th dst buffer. note that it might write
+    writes the output to the dst buffer. note that it might write
    more bytes that were in the input. or less. or none at all.
+
+    dlen points to the starting lenght of the output buffer. Upon return, it
+    should be set to the number of bytes written.
  */
  int (*crypt_ctx_update)(void *ctx, const unsigned char* src, unsigned int slen,
                          unsigned char* dst, unsigned int* dlen);
@@ -123,4 +126,3 @@ struct st_mariadb_encryption
 }
 #endif
 #endif
-