make encrypt-binlog and encrypt-tmp-files to fail if no encryption

vuvova · vuvova · commit 7bd2f20e880a · 2015-09-09T14:22:22.000+02:00
--encrypt-binlog and --encrypt-tmp-files used to mean
"encrypt XXX if encryption is available, otherwise don't encrypt",
now they mean "encrypt or fail with an error".
diff --git a/sql/encryption.cc b/sql/encryption.cc
@@ -19,8 +19,6 @@
 #include "sql_plugin.h"
 #include <my_crypt.h>
 
-void init_io_cache_encryption();
-
 /* there can be only one encryption plugin enabled */
 static plugin_ref encryption_manager= 0;
 struct encryption_service_st encryption_handler;
@@ -81,8 +79,6 @@ int initialize_encryption_plugin(st_plugin_int *plugin)
   encryption_handler.encryption_key_get_latest_version_func=
     handle->get_latest_key_version; // must be the last
 
-  init_io_cache_encryption();
-
   return 0;
 }
 
@@ -100,7 +96,6 @@ int finalize_encryption_plugin(st_plugin_int *plugin)
   if (encryption_manager)
     plugin_unlock(NULL, encryption_manager);
   encryption_manager= 0;
-  init_io_cache_encryption();
   return 0;
 }
 
diff --git a/sql/log.cc b/sql/log.cc
@@ -3469,8 +3469,13 @@ bool MYSQL_BIN_LOG::open(const char *log_name,
       if (encrypt_binlog)
       {
         uint key_version= encryption_key_get_latest_version(ENCRYPTION_KEY_SYSTEM_DATA);
-        if (key_version != ENCRYPTION_KEY_VERSION_INVALID &&
-            key_version != ENCRYPTION_KEY_NOT_ENCRYPTED)
+        if (key_version == ENCRYPTION_KEY_VERSION_INVALID)
+        {
+          sql_print_error("Failed to enable encryption of binary logs");
+          goto err;
+        }
+
+        if (key_version != ENCRYPTION_KEY_NOT_ENCRYPTED)
         {
           if (my_random_bytes(crypto.nonce, sizeof(crypto.nonce)))
             goto err;
diff --git a/sql/mf_iocache_encr.cc b/sql/mf_iocache_encr.cc
@@ -230,7 +230,7 @@ static int my_b_encr_write(IO_CACHE *info, const uchar *Buffer, size_t Count)
 
   Note that encrypt_tmp_files variable is read-only.
 */
-void init_io_cache_encryption()
+int init_io_cache_encryption()
 {
   if (encrypt_tmp_files)
   {
@@ -241,20 +241,23 @@ void init_io_cache_encryption()
       keyid= ENCRYPTION_KEY_SYSTEM_DATA;
       keyver= encryption_key_get_latest_version(keyid);
     }
-  }
-  else
-    keyver= ENCRYPTION_KEY_VERSION_INVALID;
+    if (keyver == ENCRYPTION_KEY_VERSION_INVALID)
+    {
+      sql_print_error("Failed to enable encryption of temporary files");
+      return 1;
+    }
 
-  if (keyver != ENCRYPTION_KEY_VERSION_INVALID)
-  {
-    sql_print_information("Using encryption key id %d for temporary files", keyid);
-    _my_b_encr_read= my_b_encr_read;
-    _my_b_encr_write= my_b_encr_write;
-  }
-  else
-  {
-    _my_b_encr_read= 0;
-    _my_b_encr_write= 0;
+    if (keyver != ENCRYPTION_KEY_NOT_ENCRYPTED)
+    {
+      sql_print_information("Using encryption key id %d for temporary files", keyid);
+      _my_b_encr_read= my_b_encr_read;
+      _my_b_encr_write= my_b_encr_write;
+      return 0;
+    }
   }
+
+  _my_b_encr_read= 0;
+  _my_b_encr_write= 0;
+  return 0;
 }
 
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
@@ -278,6 +278,8 @@ extern "C" sig_handler handle_fatal_signal(int sig);
 #define ENABLE_TEMP_POOL 0
 #endif
 
+int init_io_cache_encryption();
+
 /* Constants */
 
 #include <welcome_copyright_notice.h> // ORACLE_WELCOME_COPYRIGHT_NOTICE
@@ -5231,6 +5233,9 @@ static int init_server_components()
     }
   }
 
+  if (init_io_cache_encryption())
+    unireg_abort(1);
+
   if (opt_abort)
     unireg_abort(0);
 
@@ -5329,10 +5334,11 @@ static int init_server_components()
      * but to be able to have mysql_mutex_assert_owner() in code,
      * we do it anyway */
     mysql_mutex_lock(mysql_bin_log.get_log_lock());
-    if (mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0,
-                           WRITE_CACHE, max_binlog_size, 0, TRUE))
-      unireg_abort(1);
+    int r= mysql_bin_log.open(opt_bin_logname, LOG_BIN, 0, 0,
+                              WRITE_CACHE, max_binlog_size, 0, TRUE);
     mysql_mutex_unlock(mysql_bin_log.get_log_lock());
+    if (r)
+      unireg_abort(1);
   }
 
 #ifdef HAVE_REPLICATION
diff --git a/unittest/sql/mf_iocache-t.cc b/unittest/sql/mf_iocache-t.cc
@@ -21,7 +21,7 @@
 #define KEY_SIZE (128/8)
 
 my_bool encrypt_tmp_files;
-void init_io_cache_encryption();
+int init_io_cache_encryption();
 
 uint encryption_key_get_latest_version_func(uint)
 {
@@ -79,7 +79,11 @@ struct encryption_service_st encryption_handler=
   encryption_encrypted_length_func
 };
 
-void sql_print_information(const char *format, ...) 
+void sql_print_information(const char *format, ...)
+{
+}
+
+void sql_print_error(const char *format, ...)
 {
 }
 

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`#define KEY_SIZE (128/8)`
`22`	`22`
`23`	`23`	`my_bool encrypt_tmp_files;`
`24`		`-void init_io_cache_encryption();`
	`24`	`+int init_io_cache_encryption();`
`25`	`25`
`26`	`26`	`uint encryption_key_get_latest_version_func(uint)`
`27`	`27`	`{`
`@@ -79,7 +79,11 @@ struct encryption_service_st encryption_handler=`
`79`	`79`	`encryption_encrypted_length_func`
`80`	`80`	`};`
`81`	`81`
`82`		`-void sql_print_information(const char *format, ...)`
	`82`	`+void sql_print_information(const char *format, ...)`
	`83`	`+{`
	`84`	`+}`
	`85`	`+`
	`86`	`+void sql_print_error(const char *format, ...)`
`83`	`87`	`{`
`84`	`88`	`}`
`85`	`89`