encryption cleanup: small changes

* comments
* move my_bytes_to_key() and my_aes_hex2uint() into file_key_management_plugin
* rename HA_INSERT_ORDER -> HA_PRESERVE_INSERT_ORDER
* remove unused variables and declarations
* fix casts
* don't link innodb with pcre
* remove redundant entries from aria's TARGET_LINK_LIBRARIES

include/my_aes.h

@@ -1,4 +1,5 @@
 /* Copyright (c) 2002, 2006 MySQL AB, 2009 Sun Microsystems, Inc.
+   Copyright (c) 2014, 2015 MariaDB Corporation
    Use is subject to license terms.
 
  This program is free software; you can redistribute it and/or modify
@@ -21,7 +22,6 @@
 #ifndef MY_AES_INCLUDED
 #define MY_AES_INCLUDED
 
-/* We expect same result code from encryption functions as in my_aes.h */
 typedef int Crypt_result;
 
 #define AES_OK 0
@@ -36,7 +36,7 @@ typedef int Crypt_result;
 #define CRYPT_BUFFER_TO_SMALL -11
 #define CRYPT_KEY_UNKNOWN -48
 
-/* The max block sizes of all supported algorithms */
+/* The block size for all supported algorithms */
 #define MY_AES_BLOCK_SIZE 16
 
 /* The max key length of all supported algorithms */
@@ -127,38 +127,6 @@ my_bool my_aes_init_dynamic_encrypt(enum enum_my_aes_encryption_algorithm method
 
 extern MYSQL_PLUGIN_IMPORT enum enum_my_aes_encryption_algorithm current_aes_dynamic_method;
 
-
-
-/**
-   Calculate key and iv from a given salt and secret as it is handled in openssl
-   encrypted files via console
-
-   SYNOPSIS
-   my_bytes_to_key()
-
-   @param salt   [in]  the given salt as extracted from the encrypted file
-   @param secret [in]  the given secret as String, provided by the user
-   @param key    [out] 32 Bytes of key are written to this pointer
-   @param iv     [out] 16 Bytes of iv are written to this pointer
- */
-
-void my_bytes_to_key(const uchar *salt,
-                     const char *secret, uchar *key,
-                     uchar *iv);
-
-/**
-   Decode Hexencoded String to uint8[].
-
-   SYNOPSIS
-   my_aes_hex2uint()
-   @param iv        [in]	Pointer to hexadecimal encoded IV String
-   @param dest      [out]	Pointer to output uint8 array. Memory needs to be
-                                allocated by caller
-   @param iv_length [in]  Size of destination array.
- */
-
-void my_aes_hex2uint(const char *in, uchar *out, int dest_length);
-
 /**
   Crypt buffer with AES encryption algorithm.
 

include/my_base.h

@@ -355,7 +355,7 @@ enum ha_base_keytype {
 #define HA_CREATE_RELIES_ON_SQL_LAYER 128
 #define HA_CREATE_INTERNAL_TABLE 256
 #define HA_CREATE_ENCRYPTED      512
-#define HA_INSERT_ORDER         1024
+#define HA_PRESERVE_INSERT_ORDER         1024
 
 /* Flags used by start_bulk_insert */
 

include/my_dbug.h

@@ -176,9 +176,6 @@ extern void _db_suicide_();
 #define DBUG_SYNC_POINT(lock_name,lock_timeout) \
  debug_sync_point(lock_name,lock_timeout)
 void debug_sync_point(const char* lock_name, uint lock_timeout);
-
-/* Extern function for debugging */
-extern void dump_buffer(FILE *stream, unsigned n, const unsigned char* buf);
 #else
 #define DBUG_SYNC_POINT(lock_name,lock_timeout)
 #endif /* EXTRA_DEBUG */

include/my_md5.h

@@ -28,7 +28,7 @@
 extern "C" {
 #endif
 
-#define compute_md5_hash(A,B,C) my_md5((unsigned char *)A,B,C)
+#define compute_md5_hash(A,B,C) my_md5(A,B,C)
 
 /*
   Convert an array of bytes to a hexadecimal representation.

mysys_ssl/my_aes.cc

@@ -100,101 +100,6 @@ static int my_aes_create_key(const char *key, int key_length, uint8 *rkey)
   return 0;
 }
 
-/**
-   Decode Hexencoded String to uint8[].
-
-   SYNOPSIS
-   my_aes_hex2uint()
-   @param iv        [in]	Pointer to hexadecimal encoded IV String
-   @param dest      [out]	Pointer to output uint8 array. Memory allocated by caller
-   @param iv_length [in]  Size of destination array.
- */
-
-void my_aes_hex2uint(const char* in, unsigned char *out, int dest_length)
-{
-  const char *pos= in;
-  int count;
-  for (count = 0; count < dest_length; count++)
-  {
-    uchar res;
-    sscanf(pos, "%2hhx", &res);
-    out[count] = res;
-    pos += 2 * sizeof(char);
-  }
-}
-
-
-/**
-   Calculate key and iv from a given salt and secret as it is handled
-   in openssl encrypted files via console
-
-   SYNOPSIS
-   my_bytes_to_key()
-   @param salt   [in]  the given salt as extracted from the encrypted file
-   @param secret [in]  the given secret as String, provided by the user
-   @param key    [out] 32 Bytes of key are written to this pointer
-   @param iv     [out] 16 Bytes of iv are written to this pointer
-*/
-
-void my_bytes_to_key(const unsigned char *salt, const char *secret, unsigned char *key,
-                     unsigned char *iv)
-{
-#ifdef HAVE_YASSL
-  /* the yassl function has no support for SHA1. Reason unknown. */
-  int keyLen = 32;
-  int ivLen  = 16;
-  int EVP_SALT_SZ = 8;
-  const int SHA_LEN = 20;
-  yaSSL::SHA myMD;
-  uint digestSz = myMD.get_digestSize();
-  unsigned char digest[SHA_LEN];                   // max size
-  int sz = strlen(secret);
-  int count = 1;
-  int keyLeft   = keyLen;
-  int ivLeft    = ivLen;
-  int keyOutput = 0;
-
-  while (keyOutput < (keyLen + ivLen))
-  {
-    int digestLeft = digestSz;
-    if (keyOutput)                      // first time D_0 is empty
-      myMD.update(digest, digestSz);
-    myMD.update((yaSSL::byte* )secret, sz);
-    if (salt)
-      myMD.update(salt, EVP_SALT_SZ);
-    myMD.get_digest(digest);
-    for (int j = 1; j < count; j++)
-    {
-      myMD.update(digest, digestSz);
-      myMD.get_digest(digest);
-    }
-
-    if (keyLeft)
-    {
-      int store = MY_MIN(keyLeft, static_cast<int>(digestSz));
-      memcpy(&key[keyLen - keyLeft], digest, store);
-
-      keyOutput  += store;
-      keyLeft    -= store;
-      digestLeft -= store;
-    }
-
-    if (ivLeft && digestLeft)
-    {
-      int store = MY_MIN(ivLeft, digestLeft);
-      memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store);
-
-      keyOutput += store;
-      ivLeft    -= store;
-    }
-  }
-#elif defined(HAVE_OPENSSL)
-  const EVP_CIPHER *type = EVP_aes_256_cbc();
-  const EVP_MD *digest = EVP_sha1();
-  EVP_BytesToKey(type, digest, salt, (uchar*) secret, strlen(secret), 1, key, iv);
-#endif
-}
-
 /**
   Crypt buffer with AES CBC encryption algorithm.
 

plugin/example_key_management_plugin/CMakeLists.txt

@@ -1,4 +1,2 @@
-IF(HAVE_EncryptAes128Ctr)
-  MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT_PLUGIN example_key_management_plugin.cc
-                   MODULE_ONLY)
-ENDIF()
+MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT_PLUGIN example_key_management_plugin.cc
+                 MODULE_ONLY)

plugin/example_key_management_plugin/example_key_management_plugin.cc

@@ -1,4 +1,29 @@
-// Copyright (C) 2014 Google Inc.
+/*
+  Copyright (c) 2014 Google Inc.
+  Copyright (c) 2014, 2015 MariaDB Corporation
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program; if not, write to the Free Software
+  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+
+/**
+  Example key management plugin. It demonstrates how to return
+  keys on request, how to change them. That the engine can have
+  different pages in the same tablespace encrypted with different keys
+  and what the background re-encryption thread does.
+
+  THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET!
+  DO NOT USE THIS PLUGIN IN PRODUCTION! EVER!
+*/
 
 #include <my_global.h>
 #include <my_pthread.h>
@@ -36,7 +61,7 @@ get_latest_key_version()
 static int
 get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen)
 {
-  char *dst = (char*)dstbuf; // md5 function takes char* as argument...
+  unsigned char *dst = dstbuf;
   unsigned len = 0;
   for (; len + MD5_HASH_SIZE <= buflen; len += MD5_HASH_SIZE)
   {

plugin/file_key_management_plugin/EncKeys.cc

@@ -259,7 +259,6 @@ int EncKeys::parseFile(const char* filename, const uint32 maxKeyId,
 {
   int errorCode= 0;
   char *buffer= decryptFile(filename, secret, &errorCode);
-  uint32 id= 0;
 
   if (errorCode != NO_ERROR_PARSE_OK)
     return errorCode;
@@ -271,7 +270,6 @@ int EncKeys::parseFile(const char* filename, const uint32 maxKeyId,
     keyLineInKeyFile++;
     switch (parseLine(line, maxKeyId)) {
     case NO_ERROR_PARSE_OK:
-      id= oneKey->id;
       keys[oneKey->id - 1]= *oneKey;
       delete(oneKey);
       countKeys++;

plugin/file_key_management_plugin/EncKeys.h

@@ -27,17 +27,42 @@ Created 09/15/2014
 #include <sys/types.h>
 #include <stdio.h>
 
+/**
+   Calculate key and iv from a given salt and secret as it is handled in openssl
+   encrypted files via console
 
+   SYNOPSIS
+   my_bytes_to_key()
 
+   @param salt   [in]  the given salt as extracted from the encrypted file
+   @param secret [in]  the given secret as String, provided by the user
+   @param key    [out] 32 Bytes of key are written to this pointer
+   @param iv     [out] 16 Bytes of iv are written to this pointer
+ */
 
+void my_bytes_to_key(const uchar *salt,
+                     const char *secret, uchar *key,
+                     uchar *iv);
+
+/**
+   Decode Hexencoded String to uint8[].
+
+   SYNOPSIS
+   my_aes_hex2uint()
+   @param iv        [in]	Pointer to hexadecimal encoded IV String
+   @param dest      [out]	Pointer to output uint8 array. Memory needs to be
+                                allocated by caller
+   @param iv_length [in]  Size of destination array.
+ */
+
+void my_aes_hex2uint(const char *in, uchar *out, int dest_length);
 
 struct keyentry {
 	uint32 id;
 	char *iv;
 	char *key;
 };
 
-
 class EncKeys
 {
 private: