Fix encryption calls with overlapping buffers

Allocate a temporary buffer instead of using the same buffer in some cases, and add assertions to verify the buffers do not overlap. See [1] for reasonsing. [1] https://github.com/MariaDB/server/pull/2438#discussion_r1137403645 Signed-off-by: Trevor Gross <tmgross@umich.edu>
2025-08-08 11:22:35 +03:00 · 2023-03-16 02:48:23 -04:00
parent b91d5bcedc
commit dbc3429592
12 changed files with 90 additions and 29 deletions
--- a/sql/encryption.cc
+++ b/sql/encryption.cc
@@ -189,8 +189,7 @@ ret:

 /** Run encryption or decryption on a block.
 * `i32_1`, `i32_2`, and `i64` are used to create the initialization vector
- * @invariant `src` must be valid for `slen`
- * @invariant `dst` is valid for `*dlen`, `*dlen` is initialized
+ * @invariant `src` and `dst` invariants are the same as in `encryption_crypt`
 */
 int do_crypt(const unsigned char* src, unsigned int slen,
             unsigned char* dst, unsigned int* dlen,
@@ -231,8 +230,7 @@ int do_crypt(const unsigned char* src, unsigned int slen,

 /** Encrypt a block.
 * `i32_1`, `i32_2`, and `i64` are used to create the initialization vector
- * @invariant `src` is valid for `slen`
- * @invariant `dst` is valid for `*dlen`, `*dlen` is initialized
+ * @invariant `src` and `dst` invariants are the same as in `encryption_crypt`
 */
 int encryption_scheme_encrypt(const unsigned char* src, unsigned int slen,
                              unsigned char* dst, unsigned int* dlen,
@@ -246,8 +244,7 @@ int encryption_scheme_encrypt(const unsigned char* src, unsigned int slen,

 /** Decrypt a block.
 * `i32_1`, `i32_2`, and `i64` are used to create the initialization vector
- * @invariant `src` is valid for `slen`
- * @invariant `dst` is valid for `*dlen`, `*dlen` is initialized
+ * @invariant `src` and `dst` invariants are the same as in `encryption_crypt`
 */
 int encryption_scheme_decrypt(const unsigned char* src, unsigned int slen,
                              unsigned char* dst, unsigned int* dlen,