← Back to team overview

maria-developers team mailing list archive

Re: 7c21ea9: MDEV-7772: SIGSEGV on my_aes_encrypt_cbc when -DWITH_SSL=bundled


Hi, Jan!

On Mar 14, Jan Lindström wrote:
> and thanks for the review, some comments/questions below:
> > 1. Does file_key_management_plugin work with CTR?
> >
> Yes it does, but only with openSSL.

Then I'd suggest to

* add aes_ctr combination to have_file_key_management_plugin.combinations
* use only one combinations file, not two identical ones (it can be
  called, say, encryption_algorithms.inc) and included into both
  have_*_key_management_plugin.inc files
* disable aes_ctr combination from suite.pm, now it has

    $skip{'include/have_openssl_ctr.inc'} = 'no or too old openssl'
       unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/
          and $1 ge "1.0.1";

which disables the complete have_openssl_ctr.inc, it can be changed to
disable just one combination (like for have_innodb.inc):

    $skip{'include/encryption_algorithms.combinations'} = [ 'aes_ctr' ]
       unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/
          and $1 ge "1.0.1";

> > This doesn't make a lot of sense now, because
> > example_key_management_plugin forces CTR:
> >
> >     my_aes_init_dynamic_encrypt(MY_AES_ALGORITHM_CTR);
> >
> Is there some reason why it does this here? I will change that on separate
> fix to current_aes_dynamic_method if != MY_AES_ALGORITHM_NONE

I suspect it was in the original google patch and nobody fixed it yet.
It would be good to change it.