make encrypt-binlog and encrypt-tmp-files to fail if no encryption

--encrypt-binlog and --encrypt-tmp-files used to mean "encrypt XXX if encryption is available, otherwise don't encrypt", now they mean "encrypt or fail with an error".

make encrypt-binlog and encrypt-tmp-files to fail if no encryption
--encrypt-binlog and --encrypt-tmp-files used to mean "encrypt XXX if encryption is available, otherwise don't encrypt", now they mean "encrypt or fail with an error".
7bd2f20e · Sergei Golubchik · 39b46ae9 · 7bd2f20e · 7bd2f20e · 7bd2f20e
Commit 7bd2f20e authored Sep 08, 2015 by Sergei Golubchik
5 changed files
--- a/sql/encryption.cc
+++ b/sql/encryption.cc
@@ -19,8 +19,6 @@
 #include "sql_plugin.h"
 #include <my_crypt.h>

-void init_io_cache_encryption();
-
 /* there can be only one encryption plugin enabled */
 static plugin_ref encryption_manager= 0;
 struct encryption_service_st encryption_handler;
@@ -81,8 +79,6 @@ int initialize_encryption_plugin(st_plugin_int *plugin)
  encryption_handler.encryption_key_get_latest_version_func=
    handle->get_latest_key_version; // must be the last

-  init_io_cache_encryption();
-
  return 0;
 }

@@ -100,7 +96,6 @@ int finalize_encryption_plugin(st_plugin_int *plugin)
  if (encryption_manager)
    plugin_unlock(NULL, encryption_manager);
  encryption_manager= 0;
-  init_io_cache_encryption();
  return 0;
 }


--- a/sql/log.cc
+++ b/sql/log.cc
@@ -3469,8 +3469,13 @@ bool MYSQL_BIN_LOG::open(const char *log_name,
      if (encrypt_binlog)
      {
        uint key_version= encryption_key_get_latest_version(ENCRYPTION_KEY_SYSTEM_DATA);
-        if (key_version != ENCRYPTION_KEY_VERSION_INVALID &&
-            key_version != ENCRYPTION_KEY_NOT_ENCRYPTED)
+        if (key_version == ENCRYPTION_KEY_VERSION_INVALID)
+        {
+          sql_print_error("Failed to enable encryption of binary logs");
+          goto err;
+        }
+
+        if (key_version != ENCRYPTION_KEY_NOT_ENCRYPTED)
        {
          if (my_random_bytes(crypto.nonce, sizeof(crypto.nonce)))
            goto err;

--- a/sql/mf_iocache_encr.cc
+++ b/sql/mf_iocache_encr.cc
@@ -230,7 +230,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)

  Note that encrypt_tmp_files variable is read-only.
 */
-void init_io_cache_encryption()
+int init_io_cache_encryption()
 {
  if (encrypt_tmp_files)
  {
@@ -241,20 +241,23 @@ void init_io_cache_encryption()
      keyid= ENCRYPTION_KEY_SYSTEM_DATA;
      keyver= encryption_key_get_latest_version(keyid);
    }
-  }
-  else
-    keyver= ENCRYPTION_KEY_VERSION_INVALID;
+    if (keyver == ENCRYPTION_KEY_VERSION_INVALID)
+    {
+      sql_print_error("Failed to enable encryption of temporary files");
+      return 1;
+    }

-  if (keyver != ENCRYPTION_KEY_VERSION_INVALID)
-  {
-    sql_print_information("Using encryption key id %d for temporary files", keyid);
-    _my_b_encr_read= my_b_encr_read;
-    _my_b_encr_write= my_b_encr_write;
-  }
-  else
-  {
-    _my_b_encr_read= 0;
-    _my_b_encr_write= 0;
+    if (keyver != ENCRYPTION_KEY_NOT_ENCRYPTED)
+    {
+      sql_print_information("Using encryption key id %d for temporary files", keyid);
+      _my_b_encr_read= my_b_encr_read;
+      _my_b_encr_write= my_b_encr_write;
+      return 0;
+    }
  }
+
+  _my_b_encr_read= 0;
+  _my_b_encr_write= 0;
+  return 0;
 }

--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -278,6 +278,8 @@ extern "C" sig_handler handle_fatal_signal(int sig);
 #define ENABLE_TEMP_POOL 0
 #endif

+int init_io_cache_encryption();
+
 /* Constants */

 #include <welcome_copyright_notice.h> // ORACLE_WELCOME_COPYRIGHT_NOTICE
@@ -5231,6 +5233,9 @@ static int init_server_components()
    }
  }

+  if (init_io_cache_encryption())
+    unireg_abort(1);
+
  if (opt_abort)
    unireg_abort(0);

@@ -5329,10 +5334,11 @@ static int init_server_components()
     * but to be able to have mysql_mutex_assert_owner() in code,
     * we do it anyway */
    mysql_mutex_lock(mysql_bin_log.get_log_lock());
-    if (mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0,
-                           WRITE_CACHE, max_binlog_size, 0, TRUE))
-      unireg_abort(1);
+    int r= mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0,
+                              WRITE_CACHE, max_binlog_size, 0, TRUE);
    mysql_mutex_unlock(mysql_bin_log.get_log_lock());
+    if (r)
+      unireg_abort(1);
  }

 #ifdef HAVE_REPLICATION

--- a/unittest/sql/mf_iocache-t.cc
+++ b/unittest/sql/mf_iocache-t.cc
@@ -21,7 +21,7 @@
 #define KEY_SIZE (128/8)

 my_bool encrypt_tmp_files;
-void init_io_cache_encryption();
+int init_io_cache_encryption();

 uint encryption_key_get_latest_version_func(uint)
 {
@@ -79,7 +79,11 @@ struct encryption_service_st encryption_handler=
  encryption_encrypted_length_func
 };

-void sql_print_information(const char *format, ...) 
+void sql_print_information(const char *format, ...)
+{
+}
+
+void sql_print_error(const char *format, ...)
 {
 }