hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Encryption context code review update

Browse Source 
Encryption context code review update
This commit is contained in:
MassimilianoPinto
2016-09-26 09:54:57 +02:00
parent 56d345e833
commit ad86b16fa2
3 changed files with 24 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/modules/include/blr.h
View File

@ -61,7 +61,7 @@
#define BINLOG_EVENT_CRC_ALGO_TYPE 1 #define BINLOG_EVENT_CRC_ALGO_TYPE 1
#define BINLOG_EVENT_CRC_SIZE 4 #define BINLOG_EVENT_CRC_SIZE 4
#define BINLOG_EVENT_LEN_OFFSET 9 #define BINLOG_EVENT_LEN_OFFSET 9
#define BINLOG_ENCRYPTION_ALGORYTM_NAME_LEN 13 #define BINLOG_ENCRYPTION_ALGORYTHM_NAME_LEN 13
#define BINLOG_FATAL_ERROR_READING 1236 #define BINLOG_FATAL_ERROR_READING 1236
/** /**
@ -466,7 +466,7 @@ typedef struct
typedef struct binlog_encryption_setup typedef struct binlog_encryption_setup
{ {
bool enabled; bool enabled;
char encryption_algorithm[BINLOG_ENCRYPTION_ALGORYTM_NAME_LEN]; char encryption_algorithm[BINLOG_ENCRYPTION_ALGORYTHM_NAME_LEN];
char *key_management_filename; char *key_management_filename;
uint8_t *keys; uint8_t *keys;
} BINLOG_ENCRYPTION_SETUP; } BINLOG_ENCRYPTION_SETUP;

6
server/modules/routing/binlog/blr.c
View File

@ -842,10 +842,10 @@ createInstance(SERVICE *service, char **options)
if (!inst->encryption.enabled && inst->encryption_ctx) if (!inst->encryption.enabled && inst->encryption_ctx)
{ {
MXS_ERROR("Found START_ENCRYPTION_EVENT but " MXS_ERROR("Found START_ENCRYPTION_EVENT but "
"binlog ecryption option is currently Off. Replication can't start right now. " "binlog encryption option is currently Off. Replication can't start right now. "
"Please restart maxScale with option set to On"); "Please restart MaxScale with option set to On");
/* Force STOPPED state */ /* Force STOPPED state */
inst->master_state = BLRM_SLAVE_STOPPED; inst->master_state = BLRM_SLAVE_STOPPED;
/* Set mysql_errno and error message */ /* Set mysql_errno and error message */
inst->m_errno = BINLOG_FATAL_ERROR_READING; inst->m_errno = BINLOG_FATAL_ERROR_READING;

28
server/modules/routing/binlog/blr_file.c
View File

@ -135,9 +135,11 @@ typedef enum
typedef struct start_encryption_event typedef struct start_encryption_event
{ {
uint8_t header[BINLOG_EVENT_HDR_LEN]; uint8_t header[BINLOG_EVENT_HDR_LEN];
uint8_t binlog_crypto_scheme; uint8_t binlog_crypto_scheme; /**< Encryption scheme */
uint32_t binlog_key_version; uint32_t binlog_key_version; /**< Encryption key version */
uint8_t nonce[BLRM_NONCE_LENGTH]; uint8_t nonce[BLRM_NONCE_LENGTH]; /**< nonce (random bytes) of current binlog.
* These bytes + the binlog event current pos
* form the encrryption IV for the event */
} START_ENCRYPTION_EVENT; } START_ENCRYPTION_EVENT;
/** /**
@ -149,9 +151,11 @@ typedef struct start_encryption_event
*/ */
typedef struct binlog_encryption_ctx typedef struct binlog_encryption_ctx
{ {
uint8_t binlog_crypto_scheme; uint8_t binlog_crypto_scheme; /**< Encryption scheme */
uint32_t binlog_key_version; uint32_t binlog_key_version; /**< Encryption key version */
uint8_t nonce[BLRM_NONCE_LENGTH]; uint8_t nonce[BLRM_NONCE_LENGTH]; /**< nonce (random bytes) of current binlog.
* These bytes + the binlog event current pos
* form the encrryption IV for the event */
} BINLOG_ENCRYPTION_CTX; } BINLOG_ENCRYPTION_CTX;
/** /**
@ -1683,8 +1687,12 @@ blr_read_events_all_events(ROUTER_INSTANCE *router, int fix, int debug)
if (hdr.event_type == MARIADB10_START_ENCRYPTION_EVENT) if (hdr.event_type == MARIADB10_START_ENCRYPTION_EVENT)
{ {
char nonce_hex[12 * 2 + 1] = ""; char nonce_hex[12 * 2 + 1] = "";
BINLOG_ENCRYPTION_CTX *new_encryption_ctx = MXS_CALLOC(1, sizeof(BINLOG_ENCRYPTION_CTX));
START_ENCRYPTION_EVENT ste_event = {}; START_ENCRYPTION_EVENT ste_event = {};
BINLOG_ENCRYPTION_CTX *new_encryption_ctx = MXS_CALLOC(1, sizeof(BINLOG_ENCRYPTION_CTX));
if (new_encryption_ctx == NULL)
{
return 1;
}
/* The start encryption event data is 17 bytes long: /* The start encryption event data is 17 bytes long:
* Scheme = 1 * Scheme = 1
@ -1738,7 +1746,6 @@ blr_read_events_all_events(ROUTER_INSTANCE *router, int fix, int debug)
/* Update the router encryption context */ /* Update the router encryption context */
MXS_FREE(router->encryption_ctx); MXS_FREE(router->encryption_ctx);
router->encryption_ctx = NULL;
router->encryption_ctx = new_encryption_ctx; router->encryption_ctx = new_encryption_ctx;
} }
@ -2485,6 +2492,10 @@ blr_create_start_encryption_event(ROUTER_INSTANCE *router, uint32_t event_pos, b
uint8_t *new_event; uint8_t *new_event;
uint8_t event_size = sizeof(START_ENCRYPTION_EVENT); uint8_t event_size = sizeof(START_ENCRYPTION_EVENT);
BINLOG_ENCRYPTION_CTX *new_encryption_ctx = MXS_CALLOC(1, sizeof(BINLOG_ENCRYPTION_CTX)); BINLOG_ENCRYPTION_CTX *new_encryption_ctx = MXS_CALLOC(1, sizeof(BINLOG_ENCRYPTION_CTX));
if (new_encryption_ctx == NULL)
{
return NULL;
}
/* Add 4 bytes to event size with crc32 */ /* Add 4 bytes to event size with crc32 */
if (do_checksum) if (do_checksum)
@ -2545,7 +2556,6 @@ blr_create_start_encryption_event(ROUTER_INSTANCE *router, uint32_t event_pos, b
&new_event[BINLOG_EVENT_HDR_LEN + 1], BLRM_KEY_VERSION_LENGTH); &new_event[BINLOG_EVENT_HDR_LEN + 1], BLRM_KEY_VERSION_LENGTH);
MXS_FREE(router->encryption_ctx); MXS_FREE(router->encryption_ctx);
router->encryption_ctx = NULL;
router->encryption_ctx = new_encryption_ctx; router->encryption_ctx = new_encryption_ctx;
spinlock_release(&router->binlog_lock); spinlock_release(&router->binlog_lock);