diff --git a/server/modules/routing/binlogrouter/blr.c b/server/modules/routing/binlogrouter/blr.c index 1312cb44e..99b1f35b7 100644 --- a/server/modules/routing/binlogrouter/blr.c +++ b/server/modules/routing/binlogrouter/blr.c @@ -2455,6 +2455,37 @@ bool blr_parse_key(char *buffer, ROUTER_INSTANCE *router) char *p = buffer; int length = 0; uint8_t *key = (uint8_t *)router->encryption.key_value; + unsigned int id = strtoll(p, &p, 10); + + /* key range is 1 .. 255 */ + if (id < 1 || id > 255) + { + MXS_ERROR("Invalid Key Id (values 1..255) in Encryption Key file at index 0. File %s", + router->encryption.key_management_filename); + return false; + } + + /* Valid key is only BINLOG_SYSTEM_DATA_CRYPTO_SCHEME (value is 1) */ + if (id != BINLOG_SYSTEM_DATA_CRYPTO_SCHEME) + { + MXS_ERROR("The Key Id %d is not valid: binlog encryption needs Key Id %d. File %s", + id, + BINLOG_SYSTEM_DATA_CRYPTO_SCHEME, + router->encryption.key_management_filename); + return false; + } + + /* Look for ';' separator */ + if (*p != ';') + { + MXS_ERROR("Syntax error in Encryption Key file at index %lu. File %s", + p - buffer, + router->encryption.key_management_filename); + return false; + } + + /* Now read the hex data */ + p++; while (isspace(*p) && *p != '\n') { diff --git a/server/modules/routing/binlogrouter/blr.h b/server/modules/routing/binlogrouter/blr.h index 6b8f61be9..913d04006 100644 --- a/server/modules/routing/binlogrouter/blr.h +++ b/server/modules/routing/binlogrouter/blr.h @@ -83,7 +83,13 @@ MXS_BEGIN_DECLS #define BLR_REPORT_CHECKSUM_FORMAT "CRC32 0x" #define BLR_REPORT_REP_HEADER 0x02 -/* Supported Encryption algorithms */ +/** + * Supported Encryption algorithms + * + * Note: AES_ECB is only internally used + * Available algorithms for binlog files + * Encryption/Decryption are AES_CBC and AES_CTR + */ enum blr_aes_mode { BLR_AES_CBC, @@ -91,8 +97,8 @@ enum blr_aes_mode BLR_AES_ECB }; -/* Default encryption alogorithm is AES_CTR */ -#define BINLOG_DEFAULT_ENC_ALGO BLR_AES_CTR +/* Default encryption alogorithm is AES_CBC */ +#define BINLOG_DEFAULT_ENC_ALGO BLR_AES_CBC /** * Binlog event types diff --git a/server/modules/routing/binlogrouter/blr_master.c b/server/modules/routing/binlogrouter/blr_master.c index 0c7b053e1..449b8920d 100644 --- a/server/modules/routing/binlogrouter/blr_master.c +++ b/server/modules/routing/binlogrouter/blr_master.c @@ -1444,7 +1444,7 @@ blr_handle_binlog_record(ROUTER_INSTANCE *router, GWBUF *pkt) if (new_fde) { - memcpy(new_fde, ptr + 5, hdr.event_size); + memcpy(new_fde, ptr + MYSQL_HEADER_LEN + 1, hdr.event_size); if (router->saved_master.fde_event) { MXS_FREE(router->saved_master.fde_event); diff --git a/server/modules/routing/binlogrouter/blr_slave.c b/server/modules/routing/binlogrouter/blr_slave.c index c3e0b13bf..6e43a6788 100644 --- a/server/modules/routing/binlogrouter/blr_slave.c +++ b/server/modules/routing/binlogrouter/blr_slave.c @@ -2141,7 +2141,7 @@ blr_slave_binlog_dump(ROUTER_INSTANCE *router, ROUTER_SLAVE *slave, GWBUF *queue /* FDE ends at pos 4 + FDE size */ fde_end_pos = 4 + GWBUF_LENGTH(fde); - /* Send the FORMAT_DESCRIPTION_EVENT */ + /* Send a Fake FORMAT_DESCRIPTION_EVENT */ if (slave->binlog_pos != 4) { blr_slave_send_fde(router, slave, fde); diff --git a/server/modules/routing/binlogrouter/maxbinlogcheck.c b/server/modules/routing/binlogrouter/maxbinlogcheck.c index 889847ffa..3668c2fc9 100644 --- a/server/modules/routing/binlogrouter/maxbinlogcheck.c +++ b/server/modules/routing/binlogrouter/maxbinlogcheck.c @@ -240,7 +240,8 @@ printUsage(const char *progname) printf(" -M|--mariadb10 MariaDB 10 binlog compatibility\n"); printf(" -V|--version Print version information and exit\n"); printf(" -K|--key_file AES Key file for MariaDB 10.1 binlog file decryption\n"); - printf(" -A|--aes_algo AES Algorithm for MariaDB 10.1 binlog file decryption (default=AES_CTR, AES_CBC)\n"); + printf(" -A|--aes_algo AES Algorithm for MariaDB 10.1 binlog file decryption (default=AES_CBC, AES_CTR)\n"); + printf(" -H|--header Print content of binlog event header\n"); printf(" -?|--help Print this help text\n"); }