Add two new variables:
file_key_management_digest={sha1|sha224|sha256|sha384|sha512}
This specify the digest function to use in key derivation of the key
used for decryption of the keyfile.
file_key_management_use_pbkdf2=N
This specify whether pbkdf2 is used in the key derivation, and if
so (N != 0), how many iterations.
* format error messages (spaces, "bytes")
* speed up "length too large" test from 12s to 70ms
* fix it for --parallel
* fix "named pipe" test to actually test a named pipe
* add the standard header to tests, enable result log
* fix for ASAN
* read loop to workaround small (64K) pipe buffer size
* clarified error message for the file too large
Previously plugin check aes key file size to make sure its size isn't too large before reading it, this commit change the way to read only max aes key file size bytes. This way can support named pipe as a coproduct .
Most things where wrong in the test suite.
The one thing that was a bug was that table_map_id was in some places
defined as ulong and in other places as ulonglong. On Linux 64 bit this
is not a problem as ulong == ulonglong, but on windows this caused failures.
Fixed by ensuring that all instances of table_map_id are ulonglong.
- Add new submodule for WolfSSL
- Build and use wolfssl and wolfcrypt instead of yassl/taocrypt
- Use HAVE_WOLFSSL instead of HAVE_YASSL
- Increase MY_AES_CTX_SIZE, to avoid compile time asserts in my_crypt.cc
(sizeof(EVP_CIPHER_CTX) is larger on WolfSSL)
- Added sql/mariadb.h file that should be included first by files in sql
directory, if sql_plugin.h is not used (sql_plugin.h adds SHOW variables
that must be done before my_global.h is included)
- Removed a lot of include my_global.h from include files
- Removed include's of some files that my_global.h automatically includes
- Removed duplicated include's of my_sys.h
- Replaced include my_config.h with my_global.h
Do not exporting mysqld entry points directly.
This is needed for mariabackup, to load encryption plugins on Windows.
All plugins are "pure" by default. To mark plugin "impure"
it should use RECOMPILE_FOR_EMBEDDED or STORAGE_ENGINE keyword.
Instead of encrypt(src, dst, key, iv) that encrypts all
data in one go, now we have encrypt_init(key,iv),
encrypt_update(src,dst), and encrypt_finish(dst).
This also causes collateral changes in the internal my_crypt.cc
encryption functions and in the encryption service.
There are wrappers to provide the old all-at-once encryption
functionality. But binlog events are often written piecewise,
they'll need the new api.
numerous issues fixed:
* buffer overflows
* error conditions aren't checked (crash if file doesn't exist)
* accessing random unallocated memory
* hard-coded password
* arbitrary hard-coded key id limit
* incomprehensible error messages (for key_id == 0 it reported
"The key could not be initialized", for syntax errors the message was
"Wrong match of the keyID, see the template", for a key id
larger than hard-coded limit the message was "No asked key", and there
was an error "Is comment" for a comment).
* tons of small mallocs, many are freed few lines down in the code
* malloc(N) and new char[N] are used both, even in the same function
* redundant memory copies
* pcre - "I can solve it with regular expressions" - with incorrect regexes
* parser context stored in a singleton
* keys are stored as strings and are strlen-ed and hex2bin-ed on every
get_key() request
* lots of useless code (e.g. sprintf instead of a pointer assignment,
checking of the file length to read a part of it in a fixed buffer,
multiplying by sizeof(char) in many places, etc)
* this list is not exhaustive
