Commit 7bd2f20e authored by Sergei Golubchik's avatar Sergei Golubchik

make encrypt-binlog and encrypt-tmp-files to fail if no encryption

--encrypt-binlog and --encrypt-tmp-files used to mean
"encrypt XXX if encryption is available, otherwise don't encrypt",
now they mean "encrypt or fail with an error".
parent 39b46ae9
...@@ -19,8 +19,6 @@ ...@@ -19,8 +19,6 @@
#include "sql_plugin.h" #include "sql_plugin.h"
#include <my_crypt.h> #include <my_crypt.h>
void init_io_cache_encryption();
/* there can be only one encryption plugin enabled */ /* there can be only one encryption plugin enabled */
static plugin_ref encryption_manager= 0; static plugin_ref encryption_manager= 0;
struct encryption_service_st encryption_handler; struct encryption_service_st encryption_handler;
...@@ -81,8 +79,6 @@ int initialize_encryption_plugin(st_plugin_int *plugin) ...@@ -81,8 +79,6 @@ int initialize_encryption_plugin(st_plugin_int *plugin)
encryption_handler.encryption_key_get_latest_version_func= encryption_handler.encryption_key_get_latest_version_func=
handle->get_latest_key_version; // must be the last handle->get_latest_key_version; // must be the last
init_io_cache_encryption();
return 0; return 0;
} }
...@@ -100,7 +96,6 @@ int finalize_encryption_plugin(st_plugin_int *plugin) ...@@ -100,7 +96,6 @@ int finalize_encryption_plugin(st_plugin_int *plugin)
if (encryption_manager) if (encryption_manager)
plugin_unlock(NULL, encryption_manager); plugin_unlock(NULL, encryption_manager);
encryption_manager= 0; encryption_manager= 0;
init_io_cache_encryption();
return 0; return 0;
} }
......
...@@ -3469,8 +3469,13 @@ bool MYSQL_BIN_LOG::open(const char *log_name, ...@@ -3469,8 +3469,13 @@ bool MYSQL_BIN_LOG::open(const char *log_name,
if (encrypt_binlog) if (encrypt_binlog)
{ {
uint key_version= encryption_key_get_latest_version(ENCRYPTION_KEY_SYSTEM_DATA); uint key_version= encryption_key_get_latest_version(ENCRYPTION_KEY_SYSTEM_DATA);
if (key_version != ENCRYPTION_KEY_VERSION_INVALID && if (key_version == ENCRYPTION_KEY_VERSION_INVALID)
key_version != ENCRYPTION_KEY_NOT_ENCRYPTED) {
sql_print_error("Failed to enable encryption of binary logs");
goto err;
}
if (key_version != ENCRYPTION_KEY_NOT_ENCRYPTED)
{ {
if (my_random_bytes(crypto.nonce, sizeof(crypto.nonce))) if (my_random_bytes(crypto.nonce, sizeof(crypto.nonce)))
goto err; goto err;
......
...@@ -230,7 +230,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count) ...@@ -230,7 +230,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
Note that encrypt_tmp_files variable is read-only. Note that encrypt_tmp_files variable is read-only.
*/ */
void init_io_cache_encryption() int init_io_cache_encryption()
{ {
if (encrypt_tmp_files) if (encrypt_tmp_files)
{ {
...@@ -241,20 +241,23 @@ void init_io_cache_encryption() ...@@ -241,20 +241,23 @@ void init_io_cache_encryption()
keyid= ENCRYPTION_KEY_SYSTEM_DATA; keyid= ENCRYPTION_KEY_SYSTEM_DATA;
keyver= encryption_key_get_latest_version(keyid); keyver= encryption_key_get_latest_version(keyid);
} }
if (keyver == ENCRYPTION_KEY_VERSION_INVALID)
{
sql_print_error("Failed to enable encryption of temporary files");
return 1;
} }
else
keyver= ENCRYPTION_KEY_VERSION_INVALID;
if (keyver != ENCRYPTION_KEY_VERSION_INVALID) if (keyver != ENCRYPTION_KEY_NOT_ENCRYPTED)
{ {
sql_print_information("Using encryption key id %d for temporary files", keyid); sql_print_information("Using encryption key id %d for temporary files", keyid);
_my_b_encr_read= my_b_encr_read; _my_b_encr_read= my_b_encr_read;
_my_b_encr_write= my_b_encr_write; _my_b_encr_write= my_b_encr_write;
return 0;
} }
else }
{
_my_b_encr_read= 0; _my_b_encr_read= 0;
_my_b_encr_write= 0; _my_b_encr_write= 0;
} return 0;
} }
...@@ -278,6 +278,8 @@ extern "C" sig_handler handle_fatal_signal(int sig); ...@@ -278,6 +278,8 @@ extern "C" sig_handler handle_fatal_signal(int sig);
#define ENABLE_TEMP_POOL 0 #define ENABLE_TEMP_POOL 0
#endif #endif
int init_io_cache_encryption();
/* Constants */ /* Constants */
#include <welcome_copyright_notice.h> // ORACLE_WELCOME_COPYRIGHT_NOTICE #include <welcome_copyright_notice.h> // ORACLE_WELCOME_COPYRIGHT_NOTICE
...@@ -5231,6 +5233,9 @@ static int init_server_components() ...@@ -5231,6 +5233,9 @@ static int init_server_components()
} }
} }
if (init_io_cache_encryption())
unireg_abort(1);
if (opt_abort) if (opt_abort)
unireg_abort(0); unireg_abort(0);
...@@ -5329,10 +5334,11 @@ static int init_server_components() ...@@ -5329,10 +5334,11 @@ static int init_server_components()
* but to be able to have mysql_mutex_assert_owner() in code, * but to be able to have mysql_mutex_assert_owner() in code,
* we do it anyway */ * we do it anyway */
mysql_mutex_lock(mysql_bin_log.get_log_lock()); mysql_mutex_lock(mysql_bin_log.get_log_lock());
if (mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0, int r= mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0,
WRITE_CACHE, max_binlog_size, 0, TRUE)) WRITE_CACHE, max_binlog_size, 0, TRUE);
unireg_abort(1);
mysql_mutex_unlock(mysql_bin_log.get_log_lock()); mysql_mutex_unlock(mysql_bin_log.get_log_lock());
if (r)
unireg_abort(1);
} }
#ifdef HAVE_REPLICATION #ifdef HAVE_REPLICATION
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
#define KEY_SIZE (128/8) #define KEY_SIZE (128/8)
my_bool encrypt_tmp_files; my_bool encrypt_tmp_files;
void init_io_cache_encryption(); int init_io_cache_encryption();
uint encryption_key_get_latest_version_func(uint) uint encryption_key_get_latest_version_func(uint)
{ {
...@@ -83,6 +83,10 @@ void sql_print_information(const char *format, ...) ...@@ -83,6 +83,10 @@ void sql_print_information(const char *format, ...)
{ {
} }
void sql_print_error(const char *format, ...)
{
}
/*** end of encryption tweaks and stubs ****************************/ /*** end of encryption tweaks and stubs ****************************/
IO_CACHE info; IO_CACHE info;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment