Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
0f009272
Commit
0f009272
authored
May 27, 2015
by
Sergei Golubchik
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
my_aes_encrypt_gcm() and my_aes_decrypt_gcm()
parent
ebc5e006
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
103 additions
and
3 deletions
+103
-3
cmake/ssl.cmake
cmake/ssl.cmake
+4
-1
config.h.cmake
config.h.cmake
+1
-1
include/my_crypt.h
include/my_crypt.h
+13
-0
mysys_ssl/my_crypt.cc
mysys_ssl/my_crypt.cc
+85
-1
No files found.
cmake/ssl.cmake
View file @
0f009272
...
...
@@ -55,7 +55,8 @@ MACRO (MYSQL_USE_BUNDLED_SSL)
SET
(
SSL_INCLUDE_DIRS
${
INC_DIRS
}
)
SET
(
SSL_INTERNAL_INCLUDE_DIRS
${
CMAKE_SOURCE_DIR
}
/extra/yassl/taocrypt/mySTL
)
SET
(
SSL_DEFINES
"-DHAVE_YASSL -DYASSL_PREFIX -DHAVE_OPENSSL -DMULTI_THREADED"
)
SET
(
HAVE_EncryptAes128Ctr OFF CACHE INTERNAL
"yassl doesn't have EncryptAes128Ctr"
)
SET
(
HAVE_EncryptAes128Ctr OFF CACHE INTERNAL
"yassl doesn't support AES-CTR"
)
SET
(
HAVE_EncryptAes128Gcm OFF CACHE INTERNAL
"yassl doesn't support AES-GCM"
)
CHANGE_SSL_SETTINGS
(
"bundled"
)
ADD_SUBDIRECTORY
(
extra/yassl
)
ADD_SUBDIRECTORY
(
extra/yassl/taocrypt
)
...
...
@@ -199,6 +200,8 @@ MACRO (MYSQL_CHECK_SSL)
SET
(
CMAKE_REQUIRED_LIBRARIES
${
SSL_LIBRARIES
}
)
CHECK_SYMBOL_EXISTS
(
EVP_aes_128_ctr
"openssl/evp.h"
HAVE_EncryptAes128Ctr
)
CHECK_SYMBOL_EXISTS
(
EVP_aes_128_gcm
"openssl/evp.h"
HAVE_EncryptAes128Gcm
)
ELSE
()
IF
(
WITH_SSL STREQUAL
"system"
)
MESSAGE
(
SEND_ERROR
"Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support"
)
...
...
config.h.cmake
View file @
0f009272
...
...
@@ -591,7 +591,7 @@
#cmakedefine HAVE_UCA_COLLATIONS 1
#cmakedefine HAVE_COMPRESS 1
#cmakedefine HAVE_EncryptAes128Ctr 1
#cmakedefine HAVE_EncryptAes128Gcm 1
/*
Stuff that always need to be
defined
(
compile breaks without it
)
...
...
include/my_crypt.h
View file @
0f009272
...
...
@@ -47,6 +47,19 @@ int my_aes_encrypt_ctr(const uchar* source, uint source_length,
#endif
#ifdef HAVE_EncryptAes128Gcm
int
my_aes_encrypt_gcm
(
const
uchar
*
source
,
uint
source_length
,
uchar
*
dest
,
uint
*
dest_length
,
const
uchar
*
key
,
uint
key_length
,
const
uchar
*
iv
,
uint
iv_length
);
int
my_aes_decrypt_gcm
(
const
uchar
*
source
,
uint
source_length
,
uchar
*
dest
,
uint
*
dest_length
,
const
uchar
*
key
,
uint
key_length
,
const
uchar
*
iv
,
uint
iv_length
);
#endif
int
my_aes_encrypt_cbc
(
const
uchar
*
source
,
uint
source_length
,
uchar
*
dest
,
uint
*
dest_length
,
const
uchar
*
key
,
uint
key_length
,
...
...
mysys_ssl/my_crypt.cc
View file @
0f009272
...
...
@@ -195,7 +195,7 @@ int my_aes_encrypt_ctr(const uchar* source, uint source_length,
return
MY_AES_OPENSSL_ERROR
;
DBUG_ASSERT
(
EVP_CIPHER_CTX_key_length
(
&
ctx
)
==
(
int
)
key_length
);
DBUG_ASSERT
(
EVP_CIPHER_CTX_iv_length
(
&
ctx
)
=
=
(
int
)
iv_length
);
DBUG_ASSERT
(
EVP_CIPHER_CTX_iv_length
(
&
ctx
)
<
=
(
int
)
iv_length
);
DBUG_ASSERT
(
EVP_CIPHER_CTX_block_size
(
&
ctx
)
==
1
);
if
(
!
EVP_CipherUpdate
(
&
ctx
,
dest
,
(
int
*
)
dest_length
,
source
,
source_length
))
...
...
@@ -209,6 +209,90 @@ int my_aes_encrypt_ctr(const uchar* source, uint source_length,
#endif
/* HAVE_EncryptAes128Ctr */
#ifdef HAVE_EncryptAes128Gcm
make_aes_dispatcher
(
gcm
)
/*
special implementation for GCM; to fit OpenSSL AES-GCM into the
existing my_aes_* API it does the following:
- IV tail (over 12 bytes) goes to AAD
- the tag is appended to the ciphertext
*/
int
do_gcm
(
const
uchar
*
source
,
uint
source_length
,
uchar
*
dest
,
uint
*
dest_length
,
const
uchar
*
key
,
uint
key_length
,
const
uchar
*
iv
,
uint
iv_length
,
Dir
dir
)
{
CipherMode
cipher
=
aes_gcm
(
key_length
);
struct
MyCTX
ctx
;
int
fin
;
uint
real_iv_length
;
if
(
unlikely
(
!
cipher
))
return
MY_AES_BAD_KEYSIZE
;
if
(
!
EVP_CipherInit_ex
(
&
ctx
,
cipher
,
NULL
,
key
,
iv
,
dir
))
return
MY_AES_OPENSSL_ERROR
;
real_iv_length
=
EVP_CIPHER_CTX_iv_length
(
&
ctx
);
DBUG_ASSERT
(
EVP_CIPHER_CTX_key_length
(
&
ctx
)
==
(
int
)
key_length
);
DBUG_ASSERT
(
real_iv_length
<=
iv_length
);
DBUG_ASSERT
(
EVP_CIPHER_CTX_block_size
(
&
ctx
)
==
1
);
if
(
dir
==
CRYPT_DECRYPT
)
{
source_length
-=
MY_AES_BLOCK_SIZE
;
if
(
!
EVP_CIPHER_CTX_ctrl
(
&
ctx
,
EVP_CTRL_GCM_SET_TAG
,
MY_AES_BLOCK_SIZE
,
(
void
*
)(
source
+
source_length
)))
return
MY_AES_OPENSSL_ERROR
;
}
if
(
real_iv_length
<
iv_length
)
{
if
(
!
EVP_CipherUpdate
(
&
ctx
,
NULL
,
&
fin
,
iv
+
real_iv_length
,
iv_length
-
real_iv_length
))
return
MY_AES_OPENSSL_ERROR
;
}
if
(
!
EVP_CipherUpdate
(
&
ctx
,
dest
,
(
int
*
)
dest_length
,
source
,
source_length
))
return
MY_AES_OPENSSL_ERROR
;
if
(
!
EVP_CipherFinal_ex
(
&
ctx
,
dest
+
*
dest_length
,
&
fin
))
return
MY_AES_BAD_DATA
;
DBUG_ASSERT
(
fin
==
0
);
if
(
dir
==
CRYPT_ENCRYPT
)
{
if
(
!
EVP_CIPHER_CTX_ctrl
(
&
ctx
,
EVP_CTRL_GCM_GET_TAG
,
MY_AES_BLOCK_SIZE
,
dest
+
*
dest_length
))
return
MY_AES_OPENSSL_ERROR
;
*
dest_length
+=
MY_AES_BLOCK_SIZE
;
}
return
MY_AES_OK
;
}
int
my_aes_encrypt_gcm
(
const
uchar
*
source
,
uint
source_length
,
uchar
*
dest
,
uint
*
dest_length
,
const
uchar
*
key
,
uint
key_length
,
const
uchar
*
iv
,
uint
iv_length
)
{
return
do_gcm
(
source
,
source_length
,
dest
,
dest_length
,
key
,
key_length
,
iv
,
iv_length
,
CRYPT_ENCRYPT
);
}
int
my_aes_decrypt_gcm
(
const
uchar
*
source
,
uint
source_length
,
uchar
*
dest
,
uint
*
dest_length
,
const
uchar
*
key
,
uint
key_length
,
const
uchar
*
iv
,
uint
iv_length
)
{
return
do_gcm
(
source
,
source_length
,
dest
,
dest_length
,
key
,
key_length
,
iv
,
iv_length
,
CRYPT_DECRYPT
);
}
#endif
int
my_aes_encrypt_ecb
(
const
uchar
*
source
,
uint
source_length
,
uchar
*
dest
,
uint
*
dest_length
,
const
uchar
*
key
,
uint
key_length
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment