hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Encryption context is passed to blr_read_binlog()

Browse Source 
Encryption context has been removed from BLFILE struct and is now
passed to blr_read_binlog()
This commit is contained in:
MassimilianoPinto
2016-10-04 17:32:06 +02:00
parent e5b34e30ae
commit d8f09ab4d4
3 changed files with 16 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/modules/include/blr.h
View File

@ -317,7 +317,6 @@ typedef struct blfile
int refcnt; /*< Reference count for file */
BLCACHE *cache; /*< Record cache for this file */
SPINLOCK lock; /*< The file lock */
void *encryption_ctx; /*< The encryption context */
struct blfile *next; /*< Next file in list */
} BLFILE;
@ -616,7 +615,6 @@ typedef struct binlog_encryption_ctx
#define BLRM_NONCE_LENGTH (BLRM_IV_LENGTH - BLRM_IV_OFFS_LENGTH)
/**
* State machine for the master to MaxScale replication
*/
@ -729,7 +727,7 @@ extern int blr_write_binlog_record(ROUTER_INSTANCE *, REP_HEADER *, uint32_t po
extern int blr_file_rotate(ROUTER_INSTANCE *, char *, uint64_t);
extern void blr_file_flush(ROUTER_INSTANCE *);
extern BLFILE *blr_open_binlog(ROUTER_INSTANCE *, char *);
extern GWBUF *blr_read_binlog(ROUTER_INSTANCE *, BLFILE *, unsigned long, REP_HEADER *, char *);
extern GWBUF *blr_read_binlog(ROUTER_INSTANCE *, BLFILE *, unsigned long, REP_HEADER *, char *, SLAVE_ENCRYPTION_CTX *);
extern void blr_close_binlog(ROUTER_INSTANCE *, BLFILE *);
extern unsigned long blr_file_size(BLFILE *);
extern int blr_statistics(ROUTER_INSTANCE *, ROUTER_SLAVE *, GWBUF *);

17
server/modules/routing/binlog/blr_file.c
View File

@ -473,7 +473,7 @@ blr_write_binlog_record(ROUTER_INSTANCE *router, REP_HEADER *hdr, uint32_t size,
memmove(buf + BINLOG_EVENT_LEN_OFFSET, buf, 4);
uint8_t *buf_ptr = buf + 4;
/* 16 bytes after buf + 4 are owerwritten by XORed with IV */
/* Only 15 bytes are involved */
/* Only 15 bytes are involved */
for (int i = 0; i < (AES_BLOCK_SIZE - 1); i++)
{
buf_ptr[i]= buf_ptr[i] ^ iv[i];
@ -605,8 +605,6 @@ blr_open_binlog(ROUTER_INSTANCE *router, char *binlog)
return NULL;
}
file->encryption_ctx = NULL;
file->next = router->files;
router->files = file;
spinlock_release(&router->fileslock);
@ -622,10 +620,11 @@ blr_open_binlog(ROUTER_INSTANCE *router, char *binlog)
* @param pos Position of binlog record to read
* @param hdr Binlog header to populate
* @param errmsg Allocated BINLOG_ERROR_MSG_LEN bytes message error buffer
* @param enc_ctx Encryption context for binlog file being read
* @return The binlog record wrapped in a GWBUF structure
*/
GWBUF *
blr_read_binlog(ROUTER_INSTANCE *router, BLFILE *file, unsigned long pos, REP_HEADER *hdr, char *errmsg)
blr_read_binlog(ROUTER_INSTANCE *router, BLFILE *file, unsigned long pos, REP_HEADER *hdr, char *errmsg, SLAVE_ENCRYPTION_CTX *enc_ctx)
{
uint8_t hdbuf[BINLOG_EVENT_HDR_LEN];
GWBUF *result;
@ -633,7 +632,6 @@ blr_read_binlog(ROUTER_INSTANCE *router, BLFILE *file, unsigned long pos, REP_HE
int n;
unsigned long filelen = 0;
struct stat statb;
SLAVE_ENCRYPTION_CTX *file_enc_ctx = NULL;
memset(hdbuf, '\0', BINLOG_EVENT_HDR_LEN);
@ -719,9 +717,6 @@ blr_read_binlog(ROUTER_INSTANCE *router, BLFILE *file, unsigned long pos, REP_HE
return NULL;
}
/* Get encryption_ctx */
file_enc_ctx = file->encryption_ctx;
spinlock_release(&file->lock);
spinlock_release(&router->binlog_lock);
@ -763,14 +758,14 @@ blr_read_binlog(ROUTER_INSTANCE *router, BLFILE *file, unsigned long pos, REP_HE
}
/* Check whether we need to decrypt the current event */
if (file_enc_ctx && pos >= file_enc_ctx->first_enc_event_pos)
if (enc_ctx && pos >= enc_ctx->first_enc_event_pos)
{
uint8_t *event_ptr = hdbuf;
uint8_t iv[AES_BLOCK_SIZE];
uint8_t event_size[4];
/* Encryption IV is 12 bytes nonce + 4 bytes event position */
memcpy(&iv, file_enc_ctx->nonce, BLRM_NONCE_LENGTH);
memcpy(&iv, enc_ctx->nonce, BLRM_NONCE_LENGTH);
gw_mysql_set_byte4(iv + BLRM_NONCE_LENGTH, (unsigned long)pos);
/* Save event size */
@ -990,7 +985,6 @@ blr_close_binlog(ROUTER_INSTANCE *router, BLFILE *file)
{
close(file->fd);
file->fd = -1;
file->encryption_ctx = NULL;
MXS_FREE(file);
}
}
@ -2582,4 +2576,3 @@ blr_create_start_encryption_event(ROUTER_INSTANCE *router, uint32_t event_pos, b
return new_event;
}

16
server/modules/routing/binlog/blr_slave.c
View File

@ -2327,11 +2327,8 @@ blr_slave_catchup(ROUTER_INSTANCE *router, ROUTER_SLAVE *slave, bool large)
#endif
int events_before = slave->stats.n_events;
/* Set file encryption context from slave pointer */
file->encryption_ctx = slave->encryption_ctx;
while (burst-- && burst_size > 0 &&
(record = blr_read_binlog(router, file, slave->binlog_pos, &hdr, read_errmsg)) != NULL)
(record = blr_read_binlog(router, file, slave->binlog_pos, &hdr, read_errmsg, slave->encryption_ctx)) != NULL)
{
char binlog_name[BINLOG_FNAMELEN + 1];
uint32_t binlog_pos;
@ -2489,6 +2486,11 @@ blr_slave_catchup(ROUTER_INSTANCE *router, ROUTER_SLAVE *slave, bool large)
slave->lastReply = time(0);
}
}
/**
* End of while reading
* Checking last buffer first
*/
if (record == NULL)
{
slave->stats.n_failed_read++;
@ -2874,7 +2876,8 @@ blr_slave_read_fde(ROUTER_INSTANCE *router, ROUTER_SLAVE *slave)
{
return NULL;
}
if ((record = blr_read_binlog(router, file, 4, &hdr, err_msg)) == NULL)
/* FDE is not encrypted, so we can pass NULL to last parameter */
if ((record = blr_read_binlog(router, file, 4, &hdr, err_msg, NULL)) == NULL)
{
if (hdr.ok != SLAVE_POS_READ_OK)
{
@ -5722,7 +5725,8 @@ blr_slave_read_ste(ROUTER_INSTANCE *router, ROUTER_SLAVE *slave, uint32_t fde_en
{
return 0;
}
if ((record = blr_read_binlog(router, file, fde_end_pos, &hdr, err_msg)) == NULL)
/* Start Encryption Event is not encrypted, we can pass NULL to last parameter */
if ((record = blr_read_binlog(router, file, fde_end_pos, &hdr, err_msg, NULL)) == NULL)
{
if (hdr.ok != SLAVE_POS_READ_OK)
{