Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Merge lp:~gl-az/percona-xtrabackup/bug1255300-2.2 into lp:percona-xtrabackup/2.2

  1. bug1255300-2.2
  2. Merge into 2.2
Proposed by George Ormond Lorch III
Status: Merged
Approved by: Alexey Kopytov
Approved revision: no longer in the source branch.
Merged at revision: 4913
Proposed branch: lp:~gl-az/percona-xtrabackup/bug1255300-2.2
Merge into: lp:percona-xtrabackup/2.2
Diff against target: 67 lines (+1/-23)
4 files modified
storage/innobase/xtrabackup/src/ds_encrypt.c (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt.c (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt.h (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt_common.c (+1/-17)
To merge this branch: bzr merge lp:~gl-az/percona-xtrabackup/bug1255300-2.2
Reviewer Review Type Date Requested Status
Alexey Kopytov (community) Approve
Review via email: mp+196804@code.launchpad.net

Description of the change

Simple fix for bug 1255300 - weak random numbers used for IV encryption.
Changed over to using libgcrypt gcry_create_nonce to create IV.

To post a comment you must log in.
Revision history for this message
George Ormond Lorch III (gl-az) wrote :

BT-23557
jenkins http://jenkins.percona.com/view/XtraBackup/job/percona-xtrabackup-2.2-param/61/

Revision history for this message
Alexey Kopytov (akopytov) wrote :

If xb_crypt_init_iv() is now a no-op, what's the reason to preserve it?

review: Needs Fixing
Revision history for this message
George Ormond Lorch III (gl-az) wrote :

Same comment as 2.1 and new jenkins http://jenkins.percona.com/view/XtraBackup/job/percona-xtrabackup-2.2-param/64/

Revision history for this message
Alexey Kopytov (akopytov) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'storage/innobase/xtrabackup/src/ds_encrypt.c'
--- storage/innobase/xtrabackup/src/ds_encrypt.c 2013-11-26 10:44:44 +0000
+++ storage/innobase/xtrabackup/src/ds_encrypt.c 2013-11-27 19:18:55 +0000
@@ -183,8 +183,6 @@
183 xb_a(encrypt_iv_len > 0);183 xb_a(encrypt_iv_len > 0);
184 xb_a(encrypt_iv_len <= sizeof(encrypt_iv));184 xb_a(encrypt_iv_len <= sizeof(encrypt_iv));
185185
186 xb_crypt_init_iv();
187
188 /* Now set up the key */186 /* Now set up the key */
189 if (xtrabackup_encrypt_key == NULL &&187 if (xtrabackup_encrypt_key == NULL &&
190 xtrabackup_encrypt_key_file == NULL) {188 xtrabackup_encrypt_key_file == NULL) {
191189
=== modified file 'storage/innobase/xtrabackup/src/xbcrypt.c'
--- storage/innobase/xtrabackup/src/xbcrypt.c 2013-11-26 10:44:44 +0000
+++ storage/innobase/xtrabackup/src/xbcrypt.c 2013-11-27 19:18:55 +0000
@@ -503,8 +503,6 @@
503503
504 ivbuf = my_malloc(encrypt_iv_len, MYF(MY_FAE));504 ivbuf = my_malloc(encrypt_iv_len, MYF(MY_FAE));
505505
506 xb_crypt_init_iv();
507
508 /* now read in data in chunk size, encrypt and write out */506 /* now read in data in chunk size, encrypt and write out */
509 chunkbuflen = opt_encrypt_chunk_size;507 chunkbuflen = opt_encrypt_chunk_size;
510 chunkbuf = my_malloc(chunkbuflen, MYF(MY_FAE));508 chunkbuf = my_malloc(chunkbuflen, MYF(MY_FAE));
511509
=== modified file 'storage/innobase/xtrabackup/src/xbcrypt.h'
--- storage/innobase/xtrabackup/src/xbcrypt.h 2013-10-17 01:00:57 +0000
+++ storage/innobase/xtrabackup/src/xbcrypt.h 2013-11-27 19:18:55 +0000
@@ -76,7 +76,5 @@
76my_bool xb_crypt_read_key_file(const char *filename,76my_bool xb_crypt_read_key_file(const char *filename,
77 void** key, uint *keylength);77 void** key, uint *keylength);
7878
79void xb_crypt_init_iv();
80
81void xb_crypt_create_iv(void* ivbuf, size_t ivlen);79void xb_crypt_create_iv(void* ivbuf, size_t ivlen);
82#endif80#endif
8381
=== modified file 'storage/innobase/xtrabackup/src/xbcrypt_common.c'
--- storage/innobase/xtrabackup/src/xbcrypt_common.c 2013-11-26 10:44:44 +0000
+++ storage/innobase/xtrabackup/src/xbcrypt_common.c 2013-11-27 19:18:55 +0000
@@ -53,24 +53,8 @@
53 return TRUE;53 return TRUE;
54}54}
5555
56
57void
58xb_crypt_init_iv()
59{
60 uint seed = time(NULL);
61 srandom(seed);
62}
63
64void56void
65xb_crypt_create_iv(void* ivbuf, size_t ivlen)57xb_crypt_create_iv(void* ivbuf, size_t ivlen)
66{58{
67 size_t i;59 gcry_create_nonce(ivbuf, ivlen);
68 ulong rndval;
69
70 for (i = 0; i < ivlen; i++) {
71 if (i % 4 == 0) {
72 rndval = (ulong) random();
73 }
74 ((uchar*)ivbuf)[i] = ((uchar*)&rndval)[i % 4];
75 }
76}60}

Subscribers

People subscribed via source and target branches