@@ -36,6 +36,8 @@ Modified Jan Lindström jan.lindstrom@mariadb.com
36
36
37
37
#include " my_crypt.h"
38
38
39
+ /* Used for debugging */
40
+ // #define DEBUG_CRYPT 1
39
41
#define UNENCRYPTED_KEY_VER 0
40
42
41
43
/* If true, enable redo log encryption. */
@@ -97,16 +99,24 @@ get_crypt_info(
97
99
{
98
100
/* so that no one is modifying array while we search */
99
101
ut_ad (mutex_own (&(log_sys->mutex )));
102
+ size_t items = crypt_info.size ();
100
103
101
104
/* a log block only stores 4-bytes of checkpoint no */
102
105
checkpoint_no &= 0xFFFFFFFF ;
103
- for (size_t i = 0 ; i < crypt_info. size () ; i++) {
106
+ for (size_t i = 0 ; i < items ; i++) {
104
107
struct crypt_info_t * it = &crypt_info[i];
105
108
106
109
if (it->checkpoint_no == checkpoint_no) {
107
110
return it;
108
111
}
109
112
}
113
+
114
+ /* If checkpoint contains more than one key and we did not
115
+ find the correct one use the first one. */
116
+ if (items) {
117
+ return (&crypt_info[0 ]);
118
+ }
119
+
110
120
return NULL ;
111
121
}
112
122
@@ -131,7 +141,8 @@ log_blocks_crypt(
131
141
const byte* block, /* !< in: blocks before encrypt/decrypt*/
132
142
ulint size, /* !< in: size of block */
133
143
byte* dst_block, /* !< out: blocks after encrypt/decrypt */
134
- int what) /* !< in: encrypt or decrypt*/
144
+ int what, /* !< in: encrypt or decrypt*/
145
+ const crypt_info_t * crypt_info) /* !< in: crypt info or NULL */
135
146
{
136
147
byte *log_block = (byte*)block;
137
148
Crypt_result rc = MY_AES_OK;
@@ -146,7 +157,8 @@ log_blocks_crypt(
146
157
lsn_t log_block_start_lsn = log_block_get_start_lsn (
147
158
lsn, log_block_no);
148
159
149
- const crypt_info_t * info = get_crypt_info (log_block);
160
+ const crypt_info_t * info = crypt_info == NULL ? get_crypt_info (log_block) :
161
+ crypt_info;
150
162
#ifdef DEBUG_CRYPT
151
163
fprintf (stderr,
152
164
" %s %lu chkpt: %lu key: %u lsn: %lu\n " ,
@@ -301,7 +313,7 @@ log_blocks_encrypt(
301
313
const ulint size, /* !< in: size of blocks, must be multiple of a log block */
302
314
byte* dst_block) /* !< out: blocks after encryption */
303
315
{
304
- return log_blocks_crypt (block, size, dst_block, ENCRYPTION_FLAG_ENCRYPT);
316
+ return log_blocks_crypt (block, size, dst_block, ENCRYPTION_FLAG_ENCRYPT, NULL );
305
317
}
306
318
307
319
/* ********************************************************************/ /* *
@@ -364,14 +376,16 @@ log_encrypt_before_write(
364
376
return ;
365
377
}
366
378
367
- if (info->key_version == UNENCRYPTED_KEY_VER) {
379
+ /* If the key is not encrypted or user has requested not to
380
+ encrypt, do not change log block. */
381
+ if (info->key_version == UNENCRYPTED_KEY_VER || !srv_encrypt_log) {
368
382
return ;
369
383
}
370
384
371
385
byte* dst_frame = (byte*)malloc (size);
372
386
373
387
// encrypt log blocks content
374
- Crypt_result result = log_blocks_crypt (block, size, dst_frame, ENCRYPTION_FLAG_ENCRYPT);
388
+ Crypt_result result = log_blocks_crypt (block, size, dst_frame, ENCRYPTION_FLAG_ENCRYPT, NULL );
375
389
376
390
if (result == MY_AES_OK) {
377
391
ut_ad (block[0 ] == dst_frame[0 ]);
@@ -397,7 +411,7 @@ log_decrypt_after_read(
397
411
byte* dst_frame = (byte*)malloc (size);
398
412
399
413
// decrypt log blocks content
400
- Crypt_result result = log_blocks_crypt (frame, size, dst_frame, ENCRYPTION_FLAG_DECRYPT);
414
+ Crypt_result result = log_blocks_crypt (frame, size, dst_frame, ENCRYPTION_FLAG_DECRYPT, NULL );
401
415
402
416
if (result == MY_AES_OK) {
403
417
memcpy (frame, dst_frame, size);
0 commit comments