my_aes_get_size()

return unsigned, not signed. return a value large enough for GCM
2025-08-01 03:47:19 +03:00 · 2015-05-27 19:41:29 +02:00
parent 487e5f4590
commit ebc5e00641
4 changed files with 13 additions and 11 deletions
--- a/include/my_crypt.h
+++ b/include/my_crypt.h
@ -73,7 +73,7 @@ int my_aes_decrypt_ecb(const uchar* source, uint source_length,

 int my_random_bytes(uchar* buf, int num);

-int my_aes_get_size(int source_length);
+uint my_aes_get_size(uint source_length);

 #ifdef __cplusplus
 }
--- a/mysys/mf_iocache.c
+++ b/mysys/mf_iocache.c
@ -265,7 +265,7 @@ int init_io_cache(IO_CACHE *info, File file, size_t cachesize,
      if (type == SEQ_READ_APPEND)
 	buffer_block *= 2;
      else if (cache_myflags & MY_ENCRYPT)
-        buffer_block= 2*(buffer_block + MY_AES_BLOCK_SIZE) + sizeof(IO_CACHE_CRYPT);
+        buffer_block= 2*my_aes_get_size(buffer_block) + sizeof(IO_CACHE_CRYPT);
      if (cachesize == min_cache)
        flags|= (myf) MY_WME;

--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@ -292,16 +292,18 @@ C_MODE_END
 /**
  Get size of buffer which will be large enough for encrypted data

-  SYNOPSIS
-    my_aes_get_size()
-    @param source_length  [in] Length of data to be encrypted
+  The buffer should be sufficiently large to fit encrypted data
+  independently from the encryption algorithm and mode. With padding up to
+  MY_AES_BLOCK_SIZE bytes can be added. With GCM, exactly MY_AES_BLOCK_SIZE
+  bytes are added.

-  @return
-    Size of buffer required to store encrypted data
+  The actual length of the encrypted data is returned from the encryption
+  function (e.g. from my_aes_encrypt_cbc).
+
+  @return required buffer size
 */

-int my_aes_get_size(int source_length)
+uint my_aes_get_size(uint source_length)
 {
-  return MY_AES_BLOCK_SIZE * (source_length / MY_AES_BLOCK_SIZE)
-    + MY_AES_BLOCK_SIZE;
+  return source_length + MY_AES_BLOCK_SIZE;
 }
--- a/sql/mf_iocache_encr.cc
+++ b/sql/mf_iocache_encr.cc
@ -191,7 +191,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
        buffer_length bytes should *always* produce block_length bytes
      */
      DBUG_ASSERT(crypt_data->block_length == 0 || crypt_data->block_length == wlength);
-      DBUG_ASSERT(elength <= length + MY_AES_BLOCK_SIZE);
+      DBUG_ASSERT(elength <= my_aes_get_size(length));
      crypt_data->block_length= wlength;
    }
    else