do not *always* add them to the create table definition,
but only when a sysvar value is different from a default.
also, when adding them - don't quote numbers
fix sys_var->is_default() method (that was using default_val property
in a global sys_var object to track per-session state):
* move timestamp to a dedicated Sys_var_timestamp class
(in fact, rename Sys_var_session_special_double to Sys_var_timestamp)
* make session_is_default a virtual method with a special implementation
for timestamps
* other variables don't have a special behavior for default values
and can have session_is_default() to be always false.
With changes:
* update tests to pass (new encryption/encryption_key_id syntax).
* not merged the code that makes engine aware of the encryption mode
(CRYPT_SCHEME_1_CBC, CRYPT_SCHEME_1_CTR, storing it on disk, etc),
because now the encryption plugin is handling it.
* compression+encryption did not work in either branch before the
merge - and it does not work after the merge. it might be more
broken after the merge though - some of that code was not merged.
* page checksumming code was not moved (moving of page checksumming
from fil_space_encrypt() to fil_space_decrypt was not merged).
* restored deleted lines in buf_page_get_frame(), otherwise
innodb_scrub test failed.
* no --encryption-algorithm option anymore
* encrypt/decrypt methods in the encryption plugin
* ecnrypt/decrypt methods in the encryption_km service
* file_km plugin has --file-key-management-encryption-algorithm
* debug_km always uses aes_cbc
* example_km changes between aes_cbc and aes_ecb for different key versions
only those tests should be disabled in suite.pm that
cannot be disabled from mysqltest files (e.g. when the
server is started with a special command-line option -
unknown option will abort the server before mysqltest
will start its checks).
numerous issues fixed:
* buffer overflows
* error conditions aren't checked (crash if file doesn't exist)
* accessing random unallocated memory
* hard-coded password
* arbitrary hard-coded key id limit
* incomprehensible error messages (for key_id == 0 it reported
"The key could not be initialized", for syntax errors the message was
"Wrong match of the keyID, see the template", for a key id
larger than hard-coded limit the message was "No asked key", and there
was an error "Is comment" for a comment).
* tons of small mallocs, many are freed few lines down in the code
* malloc(N) and new char[N] are used both, even in the same function
* redundant memory copies
* pcre - "I can solve it with regular expressions" - with incorrect regexes
* parser context stored in a singleton
* keys are stored as strings and are strlen-ed and hex2bin-ed on every
get_key() request
* lots of useless code (e.g. sprintf instead of a pointer assignment,
checking of the file length to read a part of it in a fixed buffer,
multiplying by sizeof(char) in many places, etc)
* this list is not exhaustive
in particular, "innodb.innodb-page_encryption,xtradb" should
select these three tests:
innodb.innodb-page_encryption 'cbc,xtradb' [ pass ] 35563
innodb.innodb-page_encryption 'ctr,xtradb' [ pass ] 36858
innodb.innodb-page_encryption 'ecb,xtradb' [ pass ] 36741
and deselect all innodb_plugin tests. This was not the case, because
the %test_combs hash was destructively modified in the loop
* my_aes.h doesn't compile without my_global.h
* typo in a comment
* redundant condition
* if encryption plugin fails, there's no encryption_key_manager
at plugin deinit time
* encryption plugin tests must run when plugin.so is present,
not when a plugin is active (otherwise the test will be skipped
when plugin fails to initialize).
Step 3:
-- Make encrytion_algorithm changeable by SUPER
-- Remove AES_ECB method from encryption_algorithms
-- Support AES method change by storing used method on InnoDB/XtraDB objects
-- Store used AES method to crypt_data as different crypt types
-- Store used AES method to redo/undo logs and checkpoint
-- Store used AES method on every encrypted page after key_version
-- Add test
Step 2:
-- Introduce temporal memory array to buffer pool where to allocate
temporary memory for encryption/compression
-- Rename PAGE_ENCRYPTION -> ENCRYPTION
-- Rename PAGE_ENCRYPTION_KEY -> ENCRYPTION_KEY
-- Rename innodb_default_page_encryption_key -> innodb_default_encryption_key
-- Allow enable/disable encryption for tables by changing
ENCRYPTION to enum having values DEFAULT, ON, OFF
-- In create table store crypt_data if ENCRYPTION is ON or OFF
-- Do not crypt tablespaces having ENCRYPTION=OFF
-- Store encryption mode to crypt_data and redo-log
Step 1:
-- Remove page encryption from dictionary (per table
encryption will be handled by storing crypt_data to page 0)
-- Remove encryption/compression from os0file and all functions
before that (compression will be added to buf0buf.cc)
-- Use same CRYPT_SCHEME_1 for all encryption methods
-- Do some code cleanups to confort InnoDB coding style
