| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of encrypt(src, dst, key, iv) that encrypts all
data in one go, now we have encrypt_init(key,iv),
encrypt_update(src,dst), and encrypt_finish(dst).
This also causes collateral changes in the internal my_crypt.cc
encryption functions and in the encryption service.
There are wrappers to provide the old all-at-once encryption
functionality. But binlog events are often written piecewise,
they'll need the new api.
|
| | |
| |
| |
| | |
fix aes_decrypt of yassl to support zero-length input
|
| | | |
|
| | |
| |
| |
| |
| | |
return unsigned, not signed.
return a value large enough for GCM
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
Tell OpenSSL to use MD5 even if FIPS prohibits it.
This is fine as long as we do not use MD5 for cryptographical
purposes (md5 is used internally for P_S message digests and for view
checksums)
|
| | |
| |
| |
| |
| |
| |
| | |
2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL
Clear OpenSSL error queue after an error in AES_ENCRYPT/AES_DECRYPT.
Otherwise it might affect current ssl-encrypted connection.
|
| | |
| |
| |
| | |
encrypting 0 byte string *is* possible
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Aria table
fix encryption of the last partial block
* now really encrypt it, using key and iv
* support the case of very short plaintext (less than one block)
* recommend aes_ctr over aes_cbc, because the former
doesn't have problems with partial blocks
|
| | |
| |
| |
| |
| | |
* don't use do_crypt() for stream cipher AES_CTR
* rename do_crypt to block_crypt to emphasize its specialization
|
| | |
| |
| |
| | |
move remaning defines to my_crypt, add MY_ namespace prefix
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions
|
| | |
| |
| |
| | |
and simplify Item_func_aes_encrypt/decrypt
|
| | | |
|
| | |
| |
| |
| | |
to: different key lengths
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* comments
* move my_bytes_to_key() and my_aes_hex2uint() into file_key_management_plugin
* rename HA_INSERT_ORDER -> HA_PRESERVE_INSERT_ORDER
* remove unused variables and declarations
* fix casts
* don't link innodb with pcre
* remove redundant entries from aria's TARGET_LINK_LIBRARIES
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Two problems:
- Read/Write outside of buffer at memcpy() because of incorrect parameters
. OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx.ctx) == iv_length); // ECB does not use IV, thus incorrect assertion
Added:
mysql-test/include/encryption_algorithms.combinations to run tests with methods cbc, ecb and ctr in
those systems where they are available (see suite.pm).
|
| | |
| |
| |
| | |
openssl
|
| | |
| |
| |
| | |
because old openssl versions (e.g. on labrador) don't have it
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When wsrep is enabled, an md5 hash of the entire row is calculated
for tables with no PK. It, however segfaulted as the md5 context
object was not properly constructed.
Fixed by ensuring that the YaSSL's context object gets constructed
explicitly at the specified pre-allocated location (placement)
before its used.
Added a test case.
|
| | | |
|
| |/ |
|
| |
|
|
|
|
| |
Remove unused code (that should not have been merged)
Add protocol extension (that should have been merged)
Fix bugs (see pack.c)
|
| |
|
|
| |
(because mysql_ssl library is built with -fvisibility=hidden)
|
| | |
|
| |
|
