Commit 129e9601 authored by Sergei Golubchik's avatar Sergei Golubchik

fix log_blocks_crypt() to actually decrypt the encrypted log

It used to double-encrypt it, relying on the fact that second
encrypt() call was (like XOR) negating the effect of the
first one.
parent d6b912c6
...@@ -172,19 +172,8 @@ log_blocks_crypt( ...@@ -172,19 +172,8 @@ log_blocks_crypt(
uint32 src_len, dst_len; uint32 src_len, dst_len;
byte aes_ctr_counter[MY_AES_BLOCK_SIZE]; byte aes_ctr_counter[MY_AES_BLOCK_SIZE];
ulint log_block_no, log_block_start_lsn; ulint log_block_no, log_block_start_lsn;
byte *key; ulint lsn = is_encrypt ? log_sys->lsn : srv_start_lsn;
ulint lsn;
if (is_encrypt)
{
ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
key = (byte *)(log_sys->redo_log_crypt_key);
lsn = log_sys->lsn;
} else {
ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
key = (byte *)(recv_sys->recv_log_crypt_key);
lsn = srv_start_lsn;
}
ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0); ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0);
src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE; src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE;
for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE)
...@@ -204,11 +193,24 @@ log_blocks_crypt( ...@@ -204,11 +193,24 @@ log_blocks_crypt(
mach_write_to_4(aes_ctr_counter + 11, log_block_no); mach_write_to_4(aes_ctr_counter + 11, log_block_no);
bzero(aes_ctr_counter + 15, 1); bzero(aes_ctr_counter + 15, 1);
int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, int rc;
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, if (is_encrypt) {
(unsigned char*)key, 16, ut_a(log_sys);
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, ut_a(log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
recv_sys->recv_log_crypt_ver); rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
(unsigned char*)(log_sys->redo_log_crypt_key), 16,
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
log_sys->redo_log_crypt_ver);
} else {
ut_a(recv_sys);
ut_a(recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
rc = encryption_decrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
(unsigned char*)(recv_sys->recv_log_crypt_key), 16,
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
recv_sys->recv_log_crypt_ver);
}
ut_a(rc == MY_AES_OK); ut_a(rc == MY_AES_OK);
ut_a(dst_len == src_len); ut_a(dst_len == src_len);
......
...@@ -172,19 +172,8 @@ log_blocks_crypt( ...@@ -172,19 +172,8 @@ log_blocks_crypt(
uint32 src_len, dst_len; uint32 src_len, dst_len;
byte aes_ctr_counter[MY_AES_BLOCK_SIZE]; byte aes_ctr_counter[MY_AES_BLOCK_SIZE];
ulint log_block_no, log_block_start_lsn; ulint log_block_no, log_block_start_lsn;
byte *key; ulint lsn = is_encrypt ? log_sys->lsn : srv_start_lsn;
ulint lsn;
if (is_encrypt)
{
ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
key = (byte *)(log_sys->redo_log_crypt_key);
lsn = log_sys->lsn;
} else {
ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
key = (byte *)(recv_sys->recv_log_crypt_key);
lsn = srv_start_lsn;
}
ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0); ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0);
src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE; src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE;
for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE)
...@@ -204,11 +193,24 @@ log_blocks_crypt( ...@@ -204,11 +193,24 @@ log_blocks_crypt(
mach_write_to_4(aes_ctr_counter + 11, log_block_no); mach_write_to_4(aes_ctr_counter + 11, log_block_no);
bzero(aes_ctr_counter + 15, 1); bzero(aes_ctr_counter + 15, 1);
int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, int rc;
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, if (is_encrypt) {
(unsigned char*)key, 16, ut_a(log_sys);
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, ut_a(log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER);
log_sys->redo_log_crypt_ver); rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
(unsigned char*)(log_sys->redo_log_crypt_key), 16,
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
log_sys->redo_log_crypt_ver);
} else {
ut_a(recv_sys);
ut_a(recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER);
rc = encryption_decrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len,
dst_block + LOG_BLOCK_HDR_SIZE, &dst_len,
(unsigned char*)(recv_sys->recv_log_crypt_key), 16,
aes_ctr_counter, MY_AES_BLOCK_SIZE, 1,
recv_sys->recv_log_crypt_ver);
}
ut_a(rc == MY_AES_OK); ut_a(rc == MY_AES_OK);
ut_a(dst_len == src_len); ut_a(dst_len == src_len);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment