Commit cede2b6f authored by Marko Mäkelä's avatar Marko Mäkelä

Mariabackup: Remove support for .xbcrypt files

parent 7e22050e
...@@ -1774,7 +1774,7 @@ copy_back() ...@@ -1774,7 +1774,7 @@ copy_back()
const char *ext_list[] = {"backup-my.cnf", "xtrabackup_logfile", const char *ext_list[] = {"backup-my.cnf", "xtrabackup_logfile",
"xtrabackup_binary", "xtrabackup_binlog_info", "xtrabackup_binary", "xtrabackup_binlog_info",
"xtrabackup_checkpoints", ".qp", ".pmap", ".tmp", "xtrabackup_checkpoints", ".qp", ".pmap", ".tmp",
".xbcrypt", NULL}; NULL};
const char *filename; const char *filename;
char c_tmp; char c_tmp;
int i_tmp; int i_tmp;
...@@ -1807,7 +1807,7 @@ copy_back() ...@@ -1807,7 +1807,7 @@ copy_back()
filename = base_name(node.filepath); filename = base_name(node.filepath);
/* skip .qp and .xbcrypt files */ /* skip .qp files */
if (filename_matches(filename, ext_list)) { if (filename_matches(filename, ext_list)) {
continue; continue;
} }
...@@ -1899,24 +1899,8 @@ decrypt_decompress_file(const char *filepath, uint thread_n) ...@@ -1899,24 +1899,8 @@ decrypt_decompress_file(const char *filepath, uint thread_n)
cmd << IF_WIN("type ","cat ") << filepath; cmd << IF_WIN("type ","cat ") << filepath;
if (ends_with(filepath, ".xbcrypt") && opt_decrypt) {
cmd << " | xbcrypt --decrypt --encrypt-algo="
<< xtrabackup_encrypt_algo_names[opt_decrypt_algo];
if (xtrabackup_encrypt_key) {
cmd << " --encrypt-key=" << xtrabackup_encrypt_key;
} else {
cmd << " --encrypt-key-file="
<< xtrabackup_encrypt_key_file;
}
dest_filepath[strlen(dest_filepath) - 8] = 0;
message << "decrypting";
needs_action = true;
}
if (opt_decompress if (opt_decompress
&& (ends_with(filepath, ".qp") && ends_with(filepath, ".qp")) {
|| (ends_with(filepath, ".qp.xbcrypt")
&& opt_decrypt))) {
cmd << " | qpress -dio "; cmd << " | qpress -dio ";
dest_filepath[strlen(dest_filepath) - 3] = 0; dest_filepath[strlen(dest_filepath) - 3] = 0;
if (needs_action) { if (needs_action) {
...@@ -1967,8 +1951,7 @@ decrypt_decompress_thread_func(void *arg) ...@@ -1967,8 +1951,7 @@ decrypt_decompress_thread_func(void *arg)
continue; continue;
} }
if (!ends_with(node.filepath, ".qp") if (!ends_with(node.filepath, ".qp")) {
&& !ends_with(node.filepath, ".xbcrypt")) {
continue; continue;
} }
......
...@@ -1435,8 +1435,7 @@ write_xtrabackup_info(MYSQL *connection) ...@@ -1435,8 +1435,7 @@ write_xtrabackup_info(MYSQL *connection)
"partial = %s\n" "partial = %s\n"
"incremental = %s\n" "incremental = %s\n"
"format = %s\n" "format = %s\n"
"compressed = %s\n" "compressed = %s\n",
"encrypted = %s\n",
uuid, /* uuid */ uuid, /* uuid */
opt_history ? opt_history : "", /* name */ opt_history ? opt_history : "", /* name */
tool_name, /* tool_name */ tool_name, /* tool_name */
...@@ -1454,8 +1453,7 @@ write_xtrabackup_info(MYSQL *connection) ...@@ -1454,8 +1453,7 @@ write_xtrabackup_info(MYSQL *connection)
is_partial? "Y" : "N", is_partial? "Y" : "N",
xtrabackup_incremental ? "Y" : "N", /* incremental */ xtrabackup_incremental ? "Y" : "N", /* incremental */
xb_stream_name[xtrabackup_stream_fmt], /* format */ xb_stream_name[xtrabackup_stream_fmt], /* format */
xtrabackup_compress ? "compressed" : "N", /* compressed */ xtrabackup_compress ? "compressed" : "N"); /* compressed */
xtrabackup_encrypt ? "Y" : "N"); /* encrypted */
if (!opt_history) { if (!opt_history) {
goto cleanup; goto cleanup;
...@@ -1481,8 +1479,7 @@ write_xtrabackup_info(MYSQL *connection) ...@@ -1481,8 +1479,7 @@ write_xtrabackup_info(MYSQL *connection)
"partial ENUM('Y', 'N') DEFAULT NULL," "partial ENUM('Y', 'N') DEFAULT NULL,"
"incremental ENUM('Y', 'N') DEFAULT NULL," "incremental ENUM('Y', 'N') DEFAULT NULL,"
"format ENUM('file', 'tar', 'xbstream') DEFAULT NULL," "format ENUM('file', 'tar', 'xbstream') DEFAULT NULL,"
"compressed ENUM('Y', 'N') DEFAULT NULL," "compressed ENUM('Y', 'N') DEFAULT NULL"
"encrypted ENUM('Y', 'N') DEFAULT NULL"
") CHARACTER SET utf8 ENGINE=innodb", false); ") CHARACTER SET utf8 ENGINE=innodb", false);
...@@ -1492,8 +1489,8 @@ write_xtrabackup_info(MYSQL *connection) ...@@ -1492,8 +1489,8 @@ write_xtrabackup_info(MYSQL *connection)
<< "uuid, name, tool_name, tool_command, tool_version," << "uuid, name, tool_name, tool_command, tool_version,"
<< "ibbackup_version, server_version, start_time, end_time," << "ibbackup_version, server_version, start_time, end_time,"
<< "lock_time, binlog_pos, innodb_from_lsn, innodb_to_lsn," << "lock_time, binlog_pos, innodb_from_lsn, innodb_to_lsn,"
<< "partial, incremental, format, compressed, " << "partial, incremental, format, compressed) "
<< "encrypted) values(" << "values("
<< escape_and_quote(connection, uuid) << "," << escape_and_quote(connection, uuid) << ","
<< escape_and_quote(connection, opt_history) << "," << escape_and_quote(connection, opt_history) << ","
<< escape_and_quote(connection, tool_name) << "," << escape_and_quote(connection, tool_name) << ","
...@@ -1510,8 +1507,7 @@ write_xtrabackup_info(MYSQL *connection) ...@@ -1510,8 +1507,7 @@ write_xtrabackup_info(MYSQL *connection)
<< ESCAPE_BOOL(is_partial) << "," << ESCAPE_BOOL(is_partial) << ","
<< ESCAPE_BOOL(xtrabackup_incremental)<< "," << ESCAPE_BOOL(xtrabackup_incremental)<< ","
<< escape_and_quote(connection,xb_stream_name[xtrabackup_stream_fmt]) <<"," << escape_and_quote(connection,xb_stream_name[xtrabackup_stream_fmt]) <<","
<< ESCAPE_BOOL(xtrabackup_compress) << "," << ESCAPE_BOOL(xtrabackup_compress) << ")";
<< ESCAPE_BOOL(xtrabackup_encrypt) <<")";
xb_mysql_query(mysql_connection, oss.str().c_str(), false); xb_mysql_query(mysql_connection, oss.str().c_str(), false);
...@@ -1577,14 +1573,6 @@ char *make_argv(char *buf, size_t len, int argc, char **argv) ...@@ -1577,14 +1573,6 @@ char *make_argv(char *buf, size_t len, int argc, char **argv)
if (strncmp(*argv, "--password", strlen("--password")) == 0) { if (strncmp(*argv, "--password", strlen("--password")) == 0) {
arg = "--password=..."; arg = "--password=...";
} }
if (strncmp(*argv, "--encrypt-key",
strlen("--encrypt-key")) == 0) {
arg = "--encrypt-key=...";
}
if (strncmp(*argv, "--encrypt_key",
strlen("--encrypt_key")) == 0) {
arg = "--encrypt_key=...";
}
left-= ut_snprintf(buf + len - left, left, left-= ut_snprintf(buf + len - left, left,
"%s%c", arg, argc > 1 ? ' ' : 0); "%s%c", arg, argc > 1 ? ' ' : 0);
++argv; --argc; ++argv; --argc;
......
This diff is collapsed.
/******************************************************
Copyright (c) 2017 Percona LLC and/or its affiliates.
Encryption interface for XtraBackup.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*******************************************************/
#ifndef DS_DECRYPT_H
#define DS_DECRYPT_H
#include "datasink.h"
extern datasink_t datasink_decrypt;
extern int ds_decrypt_encrypt_threads;
#endif
This diff is collapsed.
/******************************************************
Copyright (c) 2013 Percona LLC and/or its affiliates.
Encryption interface for XtraBackup.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*******************************************************/
#ifndef DS_ENCRYPT_H
#define DS_ENCRYPT_H
#include "datasink.h"
#ifdef HAVE_GCRYPT
extern datasink_t datasink_encrypt;
#endif
/* Encryption options */
extern uint ds_encrypt_encrypt_threads;
extern ulonglong ds_encrypt_encrypt_chunk_size;
#endif
...@@ -101,8 +101,6 @@ char *opt_ibx_login_path = NULL; ...@@ -101,8 +101,6 @@ char *opt_ibx_login_path = NULL;
ulong opt_ibx_lock_wait_query_type; ulong opt_ibx_lock_wait_query_type;
ulong opt_ibx_kill_long_query_type; ulong opt_ibx_kill_long_query_type;
ulong opt_ibx_decrypt_algo = 0;
uint opt_ibx_kill_long_queries_timeout = 0; uint opt_ibx_kill_long_queries_timeout = 0;
uint opt_ibx_lock_wait_timeout = 0; uint opt_ibx_lock_wait_timeout = 0;
uint opt_ibx_lock_wait_threshold = 0; uint opt_ibx_lock_wait_threshold = 0;
...@@ -110,7 +108,6 @@ uint opt_ibx_debug_sleep_before_unlock = 0; ...@@ -110,7 +108,6 @@ uint opt_ibx_debug_sleep_before_unlock = 0;
uint opt_ibx_safe_slave_backup_timeout = 0; uint opt_ibx_safe_slave_backup_timeout = 0;
const char *opt_ibx_history = NULL; const char *opt_ibx_history = NULL;
bool opt_ibx_decrypt = false;
char *opt_ibx_include = NULL; char *opt_ibx_include = NULL;
char *opt_ibx_databases = NULL; char *opt_ibx_databases = NULL;
...@@ -124,11 +121,6 @@ my_bool ibx_xb_close_files; ...@@ -124,11 +121,6 @@ my_bool ibx_xb_close_files;
const char *ibx_xtrabackup_compress_alg; const char *ibx_xtrabackup_compress_alg;
uint ibx_xtrabackup_compress_threads; uint ibx_xtrabackup_compress_threads;
ulonglong ibx_xtrabackup_compress_chunk_size; ulonglong ibx_xtrabackup_compress_chunk_size;
ulong ibx_xtrabackup_encrypt_algo;
char *ibx_xtrabackup_encrypt_key;
char *ibx_xtrabackup_encrypt_key_file;
uint ibx_xtrabackup_encrypt_threads;
ulonglong ibx_xtrabackup_encrypt_chunk_size;
my_bool ibx_xtrabackup_export; my_bool ibx_xtrabackup_export;
char *ibx_xtrabackup_extra_lsndir; char *ibx_xtrabackup_extra_lsndir;
char *ibx_xtrabackup_incremental_basedir; char *ibx_xtrabackup_incremental_basedir;
...@@ -198,7 +190,6 @@ enum innobackupex_options ...@@ -198,7 +190,6 @@ enum innobackupex_options
OPT_NO_VERSION_CHECK, OPT_NO_VERSION_CHECK,
OPT_NO_BACKUP_LOCKS, OPT_NO_BACKUP_LOCKS,
OPT_DATABASES, OPT_DATABASES,
OPT_DECRYPT,
OPT_DECOMPRESS, OPT_DECOMPRESS,
/* options wich are passed directly to xtrabackup */ /* options wich are passed directly to xtrabackup */
...@@ -207,11 +198,6 @@ enum innobackupex_options ...@@ -207,11 +198,6 @@ enum innobackupex_options
OPT_COMPRESS, OPT_COMPRESS,
OPT_COMPRESS_THREADS, OPT_COMPRESS_THREADS,
OPT_COMPRESS_CHUNK_SIZE, OPT_COMPRESS_CHUNK_SIZE,
OPT_ENCRYPT,
OPT_ENCRYPT_KEY,
OPT_ENCRYPT_KEY_FILE,
OPT_ENCRYPT_THREADS,
OPT_ENCRYPT_CHUNK_SIZE,
OPT_EXPORT, OPT_EXPORT,
OPT_EXTRA_LSNDIR, OPT_EXTRA_LSNDIR,
OPT_INCREMENTAL_BASEDIR, OPT_INCREMENTAL_BASEDIR,
...@@ -427,12 +413,6 @@ static struct my_option ibx_long_options[] = ...@@ -427,12 +413,6 @@ static struct my_option ibx_long_options[] =
(uchar*) &opt_ibx_incremental_history_uuid, 0, GET_STR, (uchar*) &opt_ibx_incremental_history_uuid, 0, GET_STR,
REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"decrypt", OPT_DECRYPT, "Decrypts all files with the .xbcrypt "
"extension in a backup previously made with --encrypt option.",
&opt_ibx_decrypt_algo, &opt_ibx_decrypt_algo,
&xtrabackup_encrypt_algo_typelib, GET_ENUM, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
{"ftwrl-wait-query-type", OPT_LOCK_WAIT_QUERY_TYPE, {"ftwrl-wait-query-type", OPT_LOCK_WAIT_QUERY_TYPE,
"This option specifies which types of queries are allowed to complete " "This option specifies which types of queries are allowed to complete "
"before innobackupex will issue the global lock. Default is all.", "before innobackupex will issue the global lock. Default is all.",
...@@ -551,46 +531,6 @@ static struct my_option ibx_long_options[] = ...@@ -551,46 +531,6 @@ static struct my_option ibx_long_options[] =
(uchar*) &ibx_xtrabackup_compress_chunk_size, (uchar*) &ibx_xtrabackup_compress_chunk_size,
0, GET_ULL, REQUIRED_ARG, (1 << 16), 1024, ULONGLONG_MAX, 0, 0, 0}, 0, GET_ULL, REQUIRED_ARG, (1 << 16), 1024, ULONGLONG_MAX, 0, 0, 0},
{"encrypt", OPT_ENCRYPT, "This option instructs xtrabackup to encrypt "
"backup copies of InnoDB data files using the algorithm specified in "
"the ENCRYPTION-ALGORITHM. It is passed directly to the xtrabackup "
"child process. Try 'xtrabackup --help' for more details.",
&ibx_xtrabackup_encrypt_algo, &ibx_xtrabackup_encrypt_algo,
&xtrabackup_encrypt_algo_typelib, GET_ENUM, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
{"encrypt-key", OPT_ENCRYPT_KEY, "This option instructs xtrabackup to "
"use the given ENCRYPTION-KEY when using the --encrypt or --decrypt "
"options. During backup it is passed directly to the xtrabackup child "
"process. Try 'xtrabackup --help' for more details.",
(uchar*) &ibx_xtrabackup_encrypt_key,
(uchar*) &ibx_xtrabackup_encrypt_key, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-key-file", OPT_ENCRYPT_KEY_FILE, "This option instructs "
"xtrabackup to use the encryption key stored in the given "
"ENCRYPTION-KEY-FILE when using the --encrypt or --decrypt options.",
(uchar*) &ibx_xtrabackup_encrypt_key_file,
(uchar*) &ibx_xtrabackup_encrypt_key_file, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-threads", OPT_ENCRYPT_THREADS,
"This option specifies the number of worker threads that will be used "
"for parallel encryption. It is passed directly to the xtrabackup "
"child process. Try 'xtrabackup --help' for more details.",
(uchar*) &ibx_xtrabackup_encrypt_threads,
(uchar*) &ibx_xtrabackup_encrypt_threads,
0, GET_UINT, REQUIRED_ARG, 1, 1, UINT_MAX, 0, 0, 0},
{"encrypt-chunk-size", OPT_ENCRYPT_CHUNK_SIZE,
"This option specifies the size of the internal working buffer for "
"each encryption thread, measured in bytes. It is passed directly to "
"the xtrabackup child process. Try 'xtrabackup --help' for more "
"details.",
(uchar*) &ibx_xtrabackup_encrypt_chunk_size,
(uchar*) &ibx_xtrabackup_encrypt_chunk_size,
0, GET_ULL, REQUIRED_ARG, (1 << 16), 1024, ULONGLONG_MAX, 0, 0, 0},
{"export", OPT_EXPORT, "This option is passed directly to xtrabackup's " {"export", OPT_EXPORT, "This option is passed directly to xtrabackup's "
"--export option. It enables exporting individual tables for import " "--export option. It enables exporting individual tables for import "
"into another server. See the xtrabackup documentation for details.", "into another server. See the xtrabackup documentation for details.",
...@@ -726,8 +666,6 @@ You can download full text of the license on http://www.gnu.org/licenses/gpl-2.0 ...@@ -726,8 +666,6 @@ You can download full text of the license on http://www.gnu.org/licenses/gpl-2.0
SYNOPOSIS\n\ SYNOPOSIS\n\
\n\ \n\
innobackupex [--compress] [--compress-threads=NUMBER-OF-THREADS] [--compress-chunk-size=CHUNK-SIZE]\n\ innobackupex [--compress] [--compress-threads=NUMBER-OF-THREADS] [--compress-chunk-size=CHUNK-SIZE]\n\
[--encrypt=ENCRYPTION-ALGORITHM] [--encrypt-threads=NUMBER-OF-THREADS] [--encrypt-chunk-size=CHUNK-SIZE]\n\
[--encrypt-key=LITERAL-ENCRYPTION-KEY] | [--encryption-key-file=MY.KEY]\n\
[--include=REGEXP] [--user=NAME]\n\ [--include=REGEXP] [--user=NAME]\n\
[--password=WORD] [--port=PORT] [--socket=SOCKET]\n\ [--password=WORD] [--port=PORT] [--socket=SOCKET]\n\
[--no-timestamp] [--ibbackup=IBBACKUP-BINARY]\n\ [--no-timestamp] [--ibbackup=IBBACKUP-BINARY]\n\
...@@ -751,8 +689,7 @@ innobackupex --copy-back [--defaults-file=MY.CNF] [--defaults-group=GROUP-NAME] ...@@ -751,8 +689,7 @@ innobackupex --copy-back [--defaults-file=MY.CNF] [--defaults-group=GROUP-NAME]
\n\ \n\
innobackupex --move-back [--defaults-file=MY.CNF] [--defaults-group=GROUP-NAME] BACKUP-DIR\n\ innobackupex --move-back [--defaults-file=MY.CNF] [--defaults-group=GROUP-NAME] BACKUP-DIR\n\
\n\ \n\
innobackupex [--decompress] [--decrypt=ENCRYPTION-ALGORITHM]\n\ innobackupex [--decompress]\n\
[--encrypt-key=LITERAL-ENCRYPTION-KEY] | [--encryption-key-file=MY.KEY]\n\
[--parallel=NUMBER-OF-FORKS] BACKUP-DIR\n\ [--parallel=NUMBER-OF-FORKS] BACKUP-DIR\n\
\n\ \n\
DESCRIPTION\n\ DESCRIPTION\n\
...@@ -789,15 +726,12 @@ it moves files to their original locations rather than copies them. As this\n\ ...@@ -789,15 +726,12 @@ it moves files to their original locations rather than copies them. As this\n\
option removes backup files, it must be used with caution. It may be useful in\n\ option removes backup files, it must be used with caution. It may be useful in\n\
cases when there is not enough free disk space to copy files.\n\ cases when there is not enough free disk space to copy files.\n\
\n\ \n\
The --decompress --decrypt command will decrypt and/or decompress a backup made\n\ The --decompress command will decompress a backup made\n\
with the --compress and/or --encrypt options. When decrypting, the encryption\n\ with the --compress option. The\n\
algorithm and key used when the backup was taken MUST be provided via the\n\ --parallel option will allow multiple files to be decompressed\n\
specified options. --decrypt and --decompress may be used together at the same\n\
time to completely normalize a previously compressed and encrypted backup. The\n\
--parallel option will allow multiple files to be decrypted and/or decompressed\n\
simultaneously. In order to decompress, the qpress utility MUST be installed\n\ simultaneously. In order to decompress, the qpress utility MUST be installed\n\
and accessable within the path. This process will remove the original\n\ and accessable within the path. This process will remove the original\n\
compressed/encrypted files and leave the results in the same location.\n\ compressed files and leave the results in the same location.\n\
\n\ \n\
On success the exit code innobackupex is 0. A non-zero exit code \n\ On success the exit code innobackupex is 0. A non-zero exit code \n\
indicates an error.\n"); indicates an error.\n");
...@@ -830,14 +764,6 @@ ibx_get_one_option(int optid, ...@@ -830,14 +764,6 @@ ibx_get_one_option(int optid,
opt_ibx_history = ""; opt_ibx_history = "";
} }
break; break;
case OPT_DECRYPT:
if (argument == NULL) {
ibx_msg("Missing --decrypt argument, must specify a "
"valid encryption algorithm.\n");
return(1);
}
opt_ibx_decrypt = true;
break;
case OPT_STREAM: case OPT_STREAM:
if (!strcasecmp(argument, "xbstream")) if (!strcasecmp(argument, "xbstream"))
xtrabackup_stream_fmt = XB_STREAM_FMT_XBSTREAM; xtrabackup_stream_fmt = XB_STREAM_FMT_XBSTREAM;
...@@ -857,15 +783,6 @@ ibx_get_one_option(int optid, ...@@ -857,15 +783,6 @@ ibx_get_one_option(int optid,
} }
xtrabackup_compress = TRUE; xtrabackup_compress = TRUE;
break; break;
case OPT_ENCRYPT:
if (argument == NULL)
{
msg("Missing --encrypt argument, must specify a "
"valid encryption algorithm.\n");
return 1;
}
xtrabackup_encrypt = TRUE;
break;
case 'p': case 'p':
if (argument) if (argument)
{ {
...@@ -919,7 +836,7 @@ ibx_handle_options(int *argc, char ***argv) ...@@ -919,7 +836,7 @@ ibx_handle_options(int *argc, char ***argv)
ibx_mode = IBX_MODE_COPY_BACK; ibx_mode = IBX_MODE_COPY_BACK;
} else if (opt_ibx_move_back) { } else if (opt_ibx_move_back) {
ibx_mode = IBX_MODE_MOVE_BACK; ibx_mode = IBX_MODE_MOVE_BACK;
} else if (opt_ibx_decrypt || opt_ibx_decompress) { } else if (opt_ibx_decompress) {
ibx_mode = IBX_MODE_DECRYPT_DECOMPRESS; ibx_mode = IBX_MODE_DECRYPT_DECOMPRESS;
} else { } else {
ibx_mode = IBX_MODE_BACKUP; ibx_mode = IBX_MODE_BACKUP;
...@@ -997,8 +914,6 @@ ibx_init() ...@@ -997,8 +914,6 @@ ibx_init()
opt_lock_wait_query_type = opt_ibx_lock_wait_query_type; opt_lock_wait_query_type = opt_ibx_lock_wait_query_type;
opt_kill_long_query_type = opt_ibx_kill_long_query_type; opt_kill_long_query_type = opt_ibx_kill_long_query_type;
opt_decrypt_algo = opt_ibx_decrypt_algo;
opt_kill_long_queries_timeout = opt_ibx_kill_long_queries_timeout; opt_kill_long_queries_timeout = opt_ibx_kill_long_queries_timeout;
opt_lock_wait_timeout = opt_ibx_lock_wait_timeout; opt_lock_wait_timeout = opt_ibx_lock_wait_timeout;
opt_lock_wait_threshold = opt_ibx_lock_wait_threshold; opt_lock_wait_threshold = opt_ibx_lock_wait_threshold;
...@@ -1006,18 +921,12 @@ ibx_init() ...@@ -1006,18 +921,12 @@ ibx_init()
opt_safe_slave_backup_timeout = opt_ibx_safe_slave_backup_timeout; opt_safe_slave_backup_timeout = opt_ibx_safe_slave_backup_timeout;
opt_history = opt_ibx_history; opt_history = opt_ibx_history;
opt_decrypt = opt_ibx_decrypt;
/* setup xtrabackup options */ /* setup xtrabackup options */
xb_close_files = ibx_xb_close_files; xb_close_files = ibx_xb_close_files;
xtrabackup_compress_alg = ibx_xtrabackup_compress_alg; xtrabackup_compress_alg = ibx_xtrabackup_compress_alg;
xtrabackup_compress_threads = ibx_xtrabackup_compress_threads; xtrabackup_compress_threads = ibx_xtrabackup_compress_threads;
xtrabackup_compress_chunk_size = ibx_xtrabackup_compress_chunk_size; xtrabackup_compress_chunk_size = ibx_xtrabackup_compress_chunk_size;
xtrabackup_encrypt_algo = ibx_xtrabackup_encrypt_algo;
xtrabackup_encrypt_key = ibx_xtrabackup_encrypt_key;
xtrabackup_encrypt_key_file = ibx_xtrabackup_encrypt_key_file;
xtrabackup_encrypt_threads = ibx_xtrabackup_encrypt_threads;
xtrabackup_encrypt_chunk_size = ibx_xtrabackup_encrypt_chunk_size;
xtrabackup_export = ibx_xtrabackup_export; xtrabackup_export = ibx_xtrabackup_export;
xtrabackup_extra_lsndir = ibx_xtrabackup_extra_lsndir; xtrabackup_extra_lsndir = ibx_xtrabackup_extra_lsndir;
xtrabackup_incremental_basedir = ibx_xtrabackup_incremental_basedir; xtrabackup_incremental_basedir = ibx_xtrabackup_incremental_basedir;
...@@ -1098,7 +1007,7 @@ ibx_init() ...@@ -1098,7 +1007,7 @@ ibx_init()
case IBX_MODE_DECRYPT_DECOMPRESS: case IBX_MODE_DECRYPT_DECOMPRESS:
xtrabackup_decrypt_decompress = TRUE; xtrabackup_decrypt_decompress = TRUE;
xtrabackup_target_dir = ibx_position_arg; xtrabackup_target_dir = ibx_position_arg;
run = "decrypt and decompress"; run = "decompress";
break; break;
default: default:
ut_error; ut_error;
......
This diff is collapsed.
/******************************************************
Copyright (c) 2011 Percona LLC and/or its affiliates.
Encryption interface for XtraBackup.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*******************************************************/
#ifndef XBCRYPT_H
#define XBCRYPT_H
#include <my_base.h>
#include "common.h"
#define XB_CRYPT_CHUNK_MAGIC1 "XBCRYP01"
#define XB_CRYPT_CHUNK_MAGIC2 "XBCRYP02"
#define XB_CRYPT_CHUNK_MAGIC3 "XBCRYP03" /* must be same size as ^^ */
#define XB_CRYPT_CHUNK_MAGIC_CURRENT XB_CRYPT_CHUNK_MAGIC3
#define XB_CRYPT_CHUNK_MAGIC_SIZE (sizeof(XB_CRYPT_CHUNK_MAGIC1)-1)
#define XB_CRYPT_HASH GCRY_MD_SHA256
#define XB_CRYPT_HASH_LEN 32
/******************************************************************************
Write interface */
typedef struct xb_wcrypt_struct xb_wcrypt_t;
/* Callback on write for i/o, must return # of bytes written or -1 on error */
typedef ssize_t xb_crypt_write_callback(void *userdata,
const void *buf, size_t len);
xb_wcrypt_t *xb_crypt_write_open(void *userdata,
xb_crypt_write_callback *onwrite);
/* Takes buffer, original length, encrypted length iv and iv length, formats
output buffer and calls write callback.
Returns 0 on success, 1 on error */
int xb_crypt_write_chunk(xb_wcrypt_t *crypt, const void *buf, size_t olen,
size_t elen, const void *iv, size_t ivlen);
/* Returns 0 on success, 1 on error */
int xb_crypt_write_close(xb_wcrypt_t *crypt);
/******************************************************************************
Read interface */
typedef struct xb_rcrypt_struct xb_rcrypt_t;
/* Callback on read for i/o, must return # of bytes read or -1 on error */
typedef size_t xb_crypt_read_callback(void *userdata, void *buf, size_t len);
xb_rcrypt_t *xb_crypt_read_open(void *userdata,
xb_crypt_read_callback *onread);
typedef enum {
XB_CRYPT_READ_CHUNK,
XB_CRYPT_READ_INCOMPLETE,
XB_CRYPT_READ_EOF,
XB_CRYPT_READ_ERROR
} xb_rcrypt_result_t;
xb_rcrypt_result_t xb_crypt_read_chunk(xb_rcrypt_t *crypt, void **buf,
size_t *olen, size_t *elen, void **iv,
size_t *ivlen, my_bool *hash_appended);
int xb_crypt_read_close(xb_rcrypt_t *crypt);
#endif
/******************************************************
Copyright (c) 2013, 2017 Percona LLC and/or its affiliates.
Encryption configuration file interface for XtraBackup.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*******************************************************/
#include <my_base.h>
#include "common.h"
#include "xbcrypt.h"
#include "xbcrypt_common.h"
/* Encryption options */
char *ds_encrypt_key = NULL;
char *ds_encrypt_key_file = NULL;
ulong ds_encrypt_algo;
static uint encrypt_key_len;
static uint encrypt_iv_len;
static const uint encrypt_mode = GCRY_CIPHER_MODE_CTR;
static uint encrypt_algos[] = { GCRY_CIPHER_NONE, GCRY_CIPHER_AES128,
GCRY_CIPHER_AES192, GCRY_CIPHER_AES256 };
static uint encrypt_algo;
#if !defined(GCRYPT_VERSION_NUMBER) || (GCRYPT_VERSION_NUMBER < 0x010600)
GCRY_THREAD_OPTION_PTHREAD_IMPL;
#endif
my_bool
xb_crypt_read_key_file(const char *filename, void** key, uint *keylength)
{
FILE *fp;
if (!(fp = my_fopen(filename, O_RDONLY, MYF(0)))) {
msg("%s:%s: unable to open config file \"%s\", errno(%d)\n",
my_progname, __FUNCTION__, filename, my_errno);
return FALSE;
}
fseek(fp, 0 , SEEK_END);
*keylength = ftell(fp);
rewind(fp);
*key = my_malloc(*keylength, MYF(MY_FAE));
*keylength = fread(*key, 1, *keylength, fp);
my_fclose(fp, MYF(0));
return TRUE;
}
void
xb_crypt_create_iv(void* ivbuf, size_t ivlen)
{
gcry_create_nonce(ivbuf, ivlen);
}
gcry_error_t
xb_crypt_init(uint *iv_len)
{
gcry_error_t gcry_error;
/* Acording to gcrypt docs (and my testing), setting up the threading
callbacks must be done first, so, lets give it a shot */
#if !defined(GCRYPT_VERSION_NUMBER) || (GCRYPT_VERSION_NUMBER < 0x010600)
gcry_error = gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
if (gcry_error) {
msg("encryption: unable to set libgcrypt thread cbs - "
"%s : %s\n",
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
#endif
/* Version check should be the very next call because it
makes sure that important subsystems are intialized. */
if (!gcry_control(GCRYCTL_ANY_INITIALIZATION_P)) {
const char *gcrypt_version;
gcrypt_version = gcry_check_version(NULL);
/* No other library has already initialized libgcrypt. */
if (!gcrypt_version) {
msg("encryption: failed to initialize libgcrypt\n");
return 1;
} else {
msg("encryption: using gcrypt %s\n", gcrypt_version);
}
}
/* Disable the gcry secure memory, not dealing with this for now */
gcry_error = gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
if (gcry_error) {
msg("encryption: unable to disable libgcrypt secmem - "
"%s : %s\n",
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
/* Finalize gcry initialization. */
gcry_error = gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
if (gcry_error) {
msg("encryption: unable to finish libgcrypt initialization - "
"%s : %s\n",
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
/* Determine the algorithm */
encrypt_algo = encrypt_algos[ds_encrypt_algo];
/* Set up the iv length */
encrypt_iv_len = gcry_cipher_get_algo_blklen(encrypt_algo);
xb_a(encrypt_iv_len > 0);
if (iv_len != NULL) {
*iv_len = encrypt_iv_len;
}
/* Now set up the key */
if (ds_encrypt_key == NULL &&
ds_encrypt_key_file == NULL) {
msg("encryption: no encryption key or key file specified.\n");
return gcry_error;
} else if (ds_encrypt_key && ds_encrypt_key_file) {
msg("encryption: both encryption key and key file specified.\n");
return gcry_error;
} else if (ds_encrypt_key_file) {
if (!xb_crypt_read_key_file(ds_encrypt_key_file,
(void**)&ds_encrypt_key,
&encrypt_key_len)) {
msg("encryption: unable to read encryption key file"
" \"%s\".\n", ds_encrypt_key_file);
return gcry_error;
}
} else if (ds_encrypt_key) {
encrypt_key_len = strlen(ds_encrypt_key);
} else {
msg("encryption: no encryption key or key file specified.\n");
return gcry_error;
}
return 0;
}
gcry_error_t
xb_crypt_cipher_open(gcry_cipher_hd_t *cipher_handle)
{
if (encrypt_algo != GCRY_CIPHER_NONE) {
gcry_error_t gcry_error;
gcry_error = gcry_cipher_open(cipher_handle,
encrypt_algo,
encrypt_mode, 0);
if (gcry_error) {
msg("encryption: unable to open libgcrypt"
" cipher - %s : %s\n",
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
gcry_cipher_close(*cipher_handle);
return gcry_error;
}
gcry_error = gcry_cipher_setkey(*cipher_handle,
ds_encrypt_key,
encrypt_key_len);
if (gcry_error) {
msg("encryption: unable to set libgcrypt"
" cipher key - %s : %s\n",
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
gcry_cipher_close(*cipher_handle);
return gcry_error;
}
return gcry_error;
}
return 0;
}
void
xb_crypt_cipher_close(gcry_cipher_hd_t cipher_handle)
{
if (encrypt_algo != GCRY_CIPHER_NONE)
gcry_cipher_close(cipher_handle);
}
gcry_error_t
xb_crypt_decrypt(gcry_cipher_hd_t cipher_handle, const uchar *from,
size_t from_len, uchar *to, size_t *to_len,
const uchar *iv, size_t iv_len, my_bool hash_appended)
{
*to_len = from_len;
if (encrypt_algo != GCRY_CIPHER_NONE) {
gcry_error_t gcry_error;
gcry_error = gcry_cipher_reset(cipher_handle);
if (gcry_error) {
msg("%s:encryption: unable to reset libgcrypt"
" cipher - %s : %s\n", my_progname,
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
if (iv_len > 0) {
gcry_error = gcry_cipher_setctr(cipher_handle,
iv, iv_len);
}
if (gcry_error) {
msg("%s:encryption: unable to set cipher iv - "
"%s : %s\n", my_progname,
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
/* Try to decrypt it */
gcry_error = gcry_cipher_decrypt(cipher_handle, to, *to_len,
from, from_len);
if (gcry_error) {
msg("%s:encryption: unable to decrypt chunk - "
"%s : %s\n", my_progname,
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
gcry_cipher_close(cipher_handle);
return gcry_error;
}
if (hash_appended) {
uchar hash[XB_CRYPT_HASH_LEN];
*to_len -= XB_CRYPT_HASH_LEN;
/* ensure that XB_CRYPT_HASH_LEN is the correct length
of XB_CRYPT_HASH hashing algorithm output */
xb_ad(gcry_md_get_algo_dlen(XB_CRYPT_HASH) ==
XB_CRYPT_HASH_LEN);
gcry_md_hash_buffer(XB_CRYPT_HASH, hash, to,
*to_len);
if (memcmp(hash, (char *) to + *to_len,
XB_CRYPT_HASH_LEN) != 0) {
msg("%s:%s invalid plaintext hash. "
"Wrong encrytion key specified?\n",
my_progname, __FUNCTION__);
return 1;
}
}
} else {
memcpy(to, from, *to_len);
}
return 0;
}
gcry_error_t
xb_crypt_encrypt(gcry_cipher_hd_t cipher_handle, const uchar *from,
size_t from_len, uchar *to, size_t *to_len, uchar *iv)
{
gcry_error_t gcry_error;
/* ensure that XB_CRYPT_HASH_LEN is the correct length
of XB_CRYPT_HASH hashing algorithm output */
xb_ad(gcry_md_get_algo_dlen(XB_CRYPT_HASH) ==
XB_CRYPT_HASH_LEN);
memcpy(to, from, from_len);
gcry_md_hash_buffer(XB_CRYPT_HASH, to + from_len,
from, from_len);
*to_len = from_len;
if (encrypt_algo != GCRY_CIPHER_NONE) {
gcry_error = gcry_cipher_reset(cipher_handle);
if (gcry_error) {
msg("encrypt: unable to reset cipher - "
"%s : %s\n",
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
xb_crypt_create_iv(iv, encrypt_iv_len);
gcry_error = gcry_cipher_setctr(cipher_handle, iv,
encrypt_iv_len);
if (gcry_error) {
msg("encrypt: unable to set cipher ctr - "
"%s : %s\n",
gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
gcry_error = gcry_cipher_encrypt(cipher_handle, to,
*to_len + XB_CRYPT_HASH_LEN,
to,
from_len + XB_CRYPT_HASH_LEN);
if (gcry_error) {
msg("encrypt: unable to encrypt buffer - "
"%s : %s\n", gcry_strsource(gcry_error),
gcry_strerror(gcry_error));
return gcry_error;
}
} else {
memcpy(to, from, from_len + XB_CRYPT_HASH_LEN);
}
*to_len += XB_CRYPT_HASH_LEN;
return 0;
}
#endif
\ No newline at end of file
/******************************************************
Copyright (c) 2017 Percona LLC and/or its affiliates.
Encryption datasink implementation for XtraBackup.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*******************************************************/
#include <my_base.h>
#if HAVE_GCRYPT
#if GCC_VERSION >= 4002
/* Workaround to avoid "gcry_ac_* is deprecated" warnings in gcrypt.h */
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#endif
#include <gcrypt.h>
extern char *ds_encrypt_key;
extern char *ds_encrypt_key_file;
extern int ds_encrypt_threads;
extern ulong ds_encrypt_algo;
/******************************************************************************
Utility interface */
my_bool xb_crypt_read_key_file(const char *filename,
void** key, uint *keylength);
void xb_crypt_create_iv(void* ivbuf, size_t ivlen);
/* Initialize gcrypt and setup encryption key and IV lengths */
gcry_error_t
xb_crypt_init(uint *iv_len);
/* Setup gcrypt cipher */
gcry_error_t
xb_crypt_cipher_open(gcry_cipher_hd_t *cipher_handle);
/* Close gcrypt cipher */
void
xb_crypt_cipher_close(gcry_cipher_hd_t cipher_handle);
/* Decrypt buffer */
gcry_error_t
xb_crypt_decrypt(gcry_cipher_hd_t cipher_handle, const uchar *from,
size_t from_len, uchar *to, size_t *to_len, const uchar *iv,
size_t iv_len, my_bool hash_appended);
/* Encrypt buffer */
gcry_error_t
xb_crypt_encrypt(gcry_cipher_hd_t cipher_handle, const uchar *from,
size_t from_len, uchar *to, size_t *to_len, uchar *iv);
#endif
/******************************************************
Copyright (c) 2013 Percona LLC and/or its affiliates.
The xbcrypt format reader implementation.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*******************************************************/
#include "xbcrypt.h"
#include "crc_glue.h"
struct xb_rcrypt_struct {
void *userdata;
xb_crypt_read_callback *read;
void *buffer;
size_t bufsize;
void *ivbuffer;
size_t ivbufsize;
ulonglong offset;
};
xb_rcrypt_t *
xb_crypt_read_open(void *userdata, xb_crypt_read_callback *onread)
{
xb_rcrypt_t *crypt;
xb_ad(onread);
crypt = (xb_rcrypt_t *) my_malloc(sizeof(xb_rcrypt_t), MYF(MY_FAE));
crypt->userdata = userdata;
crypt->read = onread;
crypt->buffer = NULL;
crypt->bufsize = 0;
crypt->offset = 0;
crypt->ivbuffer = NULL;
crypt->ivbufsize = 0;
return crypt;
}
xb_rcrypt_result_t
xb_crypt_read_chunk(xb_rcrypt_t *crypt, void **buf, size_t *olen, size_t *elen,
void **iv, size_t *ivlen, my_bool *hash_appended)
{
uchar tmpbuf[XB_CRYPT_CHUNK_MAGIC_SIZE + 8 + 8 + 8 + 4];
uchar *ptr;
ulonglong tmp;
ulong checksum, checksum_exp, version;
size_t bytesread;
xb_rcrypt_result_t result = XB_CRYPT_READ_CHUNK;
if ((bytesread = crypt->read(crypt->userdata, tmpbuf, sizeof(tmpbuf)))
!= sizeof(tmpbuf)) {
if (bytesread == 0) {
result = XB_CRYPT_READ_EOF;
goto err;
} else {
msg("%s:%s: unable to read chunk header data at "
"offset 0x%llx.\n",
my_progname, __FUNCTION__, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
}
ptr = tmpbuf;
if (memcmp(ptr, XB_CRYPT_CHUNK_MAGIC3,
XB_CRYPT_CHUNK_MAGIC_SIZE) == 0) {
version = 3;
} else if (memcmp(ptr, XB_CRYPT_CHUNK_MAGIC2,
XB_CRYPT_CHUNK_MAGIC_SIZE) == 0) {
version = 2;
} else if (memcmp(ptr, XB_CRYPT_CHUNK_MAGIC1,
XB_CRYPT_CHUNK_MAGIC_SIZE) == 0) {
version = 1;
} else {
msg("%s:%s: wrong chunk magic at offset 0x%llx.\n",
my_progname, __FUNCTION__, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
ptr += XB_CRYPT_CHUNK_MAGIC_SIZE;
crypt->offset += XB_CRYPT_CHUNK_MAGIC_SIZE;
tmp = uint8korr(ptr); /* reserved */
ptr += 8;
crypt->offset += 8;
tmp = uint8korr(ptr); /* original size */
ptr += 8;
if (tmp > INT_MAX) {
msg("%s:%s: invalid original size at offset 0x%llx.\n",
my_progname, __FUNCTION__, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
crypt->offset += 8;
*olen = (size_t)tmp;
tmp = uint8korr(ptr); /* encrypted size */
ptr += 8;
if (tmp > INT_MAX) {
msg("%s:%s: invalid encrypted size at offset 0x%llx.\n",
my_progname, __FUNCTION__, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
crypt->offset += 8;
*elen = (size_t)tmp;
checksum_exp = uint4korr(ptr); /* checksum */
ptr += 4;
crypt->offset += 4;
/* iv size */
if (version == 1) {
*ivlen = 0;
*iv = 0;
} else {
if ((bytesread = crypt->read(crypt->userdata, tmpbuf, 8))
!= 8) {
if (bytesread == 0) {
result = XB_CRYPT_READ_EOF;
goto err;
} else {
msg("%s:%s: unable to read chunk iv size at "
"offset 0x%llx.\n",
my_progname, __FUNCTION__, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
}
tmp = uint8korr(tmpbuf);
if (tmp > INT_MAX) {
msg("%s:%s: invalid iv size at offset 0x%llx.\n",
my_progname, __FUNCTION__, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
crypt->offset += 8;
*ivlen = (size_t)tmp;
}
if (*ivlen > crypt->ivbufsize) {
crypt->ivbuffer = my_realloc(crypt->ivbuffer, *ivlen,
MYF(MY_WME | MY_ALLOW_ZERO_PTR));
if (crypt->ivbuffer == NULL) {
msg("%s:%s: failed to increase iv buffer to "
"%llu bytes.\n", my_progname, __FUNCTION__,
(ulonglong)*ivlen);
result = XB_CRYPT_READ_ERROR;
goto err;
}
crypt->ivbufsize = *ivlen;
}
if (*ivlen > 0) {
if (crypt->read(crypt->userdata, crypt->ivbuffer, *ivlen)
!= *ivlen) {
msg("%s:%s: failed to read %lld bytes for chunk iv "
"at offset 0x%llx.\n", my_progname, __FUNCTION__,
(ulonglong)*ivlen, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
*iv = crypt->ivbuffer;
}
/* for version euqals 2 we need to read in the iv data but do not init
CTR with it */
if (version == 2) {
*ivlen = 0;
*iv = 0;
}
if (*olen > crypt->bufsize) {
crypt->buffer = my_realloc(crypt->buffer, *olen,
MYF(MY_WME | MY_ALLOW_ZERO_PTR));
if (crypt->buffer == NULL) {
msg("%s:%s: failed to increase buffer to "
"%llu bytes.\n", my_progname, __FUNCTION__,
(ulonglong)*olen);
result = XB_CRYPT_READ_ERROR;
goto err;
}
crypt->bufsize = *olen;
}
if (*elen > 0) {
if (crypt->read(crypt->userdata, crypt->buffer, *elen)
!= *elen) {
msg("%s:%s: failed to read %lld bytes for chunk payload "
"at offset 0x%llx.\n", my_progname, __FUNCTION__,
(ulonglong)*elen, crypt->offset);
result = XB_CRYPT_READ_ERROR;
goto err;
}
}
checksum = crc32_iso3309(0, crypt->buffer, *elen);
if (checksum != checksum_exp) {
msg("%s:%s invalid checksum at offset 0x%llx, "
"expected 0x%lx, actual 0x%lx.\n", my_progname, __FUNCTION__,
crypt->offset, checksum_exp, checksum);
result = XB_CRYPT_READ_ERROR;
goto err;
}
crypt->offset += *elen;
*buf = crypt->buffer;
*hash_appended = version > 2;
goto exit;
err:
*buf = NULL;
*olen = 0;
*elen = 0;
*ivlen = 0;
*iv = 0;
exit:
return result;
}
int xb_crypt_read_close(xb_rcrypt_t *crypt)
{
if (crypt->buffer)
my_free(crypt->buffer);
if (crypt->ivbuffer)
my_free(crypt->ivbuffer);
my_free(crypt);
return 0;
}
/******************************************************
Copyright (c) 2013 Percona LLC and/or its affiliates.
The xbcrypt format writer implementation.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*******************************************************/
#include "xbcrypt.h"
#include "crc_glue.h"
struct xb_wcrypt_struct {
void *userdata;
xb_crypt_write_callback *write;
};
xb_wcrypt_t *
xb_crypt_write_open(void *userdata, xb_crypt_write_callback *onwrite)
{
xb_wcrypt_t *crypt;
xb_ad(onwrite);
crypt = (xb_wcrypt_t *) my_malloc(sizeof(xb_wcrypt_t), MYF(MY_FAE));
crypt->userdata = userdata;
crypt->write = onwrite;
return crypt;
}
int xb_crypt_write_chunk(xb_wcrypt_t *crypt, const void *buf, size_t olen,
size_t elen, const void *iv, size_t ivlen)
{
uchar tmpbuf[XB_CRYPT_CHUNK_MAGIC_SIZE + 8 + 8 + 8 + 4 + 8];
uchar *ptr;
ulong checksum;
xb_ad(olen <= INT_MAX);
if (olen > INT_MAX)
return 0;
xb_ad(elen <= INT_MAX);
if (elen > INT_MAX)
return 0;
xb_ad(ivlen <= INT_MAX);
if (ivlen > INT_MAX)
return 0;
ptr = tmpbuf;
memcpy(ptr, XB_CRYPT_CHUNK_MAGIC_CURRENT, XB_CRYPT_CHUNK_MAGIC_SIZE);
ptr += XB_CRYPT_CHUNK_MAGIC_SIZE;
int8store(ptr, (ulonglong)0); /* reserved */
ptr += 8;
int8store(ptr, (ulonglong)olen); /* original size */
ptr += 8;
int8store(ptr, (ulonglong)elen); /* encrypted (actual) size */
ptr += 8;
checksum = crc32_iso3309(0, buf, elen);
int4store(ptr, checksum); /* checksum */
ptr += 4;
int8store(ptr, (ulonglong)ivlen); /* iv size */
ptr += 8;
xb_ad(ptr <= tmpbuf + sizeof(tmpbuf));
if (crypt->write(crypt->userdata, tmpbuf, ptr-tmpbuf) == -1)
return 1;
if (crypt->write(crypt->userdata, iv, ivlen) == -1)
return 1;
if (crypt->write(crypt->userdata, buf, elen) == -1)
return 1;
return 0;
}
int xb_crypt_write_close(xb_wcrypt_t *crypt)
{
my_free(crypt);
return 0;
}
...@@ -25,9 +25,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA ...@@ -25,9 +25,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
#include <my_pthread.h> #include <my_pthread.h>
#include "common.h" #include "common.h"
#include "xbstream.h" #include "xbstream.h"
#include "xbcrypt_common.h"
#include "datasink.h" #include "datasink.h"
#include "ds_decrypt.h"
#include "crc_glue.h" #include "crc_glue.h"
#define XBSTREAM_VERSION "1.0" #define XBSTREAM_VERSION "1.0"
...@@ -41,33 +39,18 @@ typedef enum { ...@@ -41,33 +39,18 @@ typedef enum {
RUN_MODE_EXTRACT RUN_MODE_EXTRACT
} run_mode_t; } run_mode_t;
const char *xbstream_encrypt_algo_names[] =
{ "NONE", "AES128", "AES192", "AES256", NullS};
TYPELIB xbstream_encrypt_algo_typelib=
{array_elements(xbstream_encrypt_algo_names)-1,"",
xbstream_encrypt_algo_names, NULL};
/* Need the following definitions to avoid linking with ds_*.o and their link /* Need the following definitions to avoid linking with ds_*.o and their link
dependencies */ dependencies */
datasink_t datasink_archive; datasink_t datasink_archive;
datasink_t datasink_xbstream; datasink_t datasink_xbstream;
datasink_t datasink_compress; datasink_t datasink_compress;
datasink_t datasink_tmpfile; datasink_t datasink_tmpfile;
datasink_t datasink_encrypt;
datasink_t datasink_buffer; datasink_t datasink_buffer;
static run_mode_t opt_mode; static run_mode_t opt_mode;
static char * opt_directory = NULL; static char * opt_directory = NULL;
static my_bool opt_verbose = 0; static my_bool opt_verbose = 0;
static int opt_parallel = 1; static int opt_parallel = 1;
static ulong opt_encrypt_algo;
static char *opt_encrypt_key_file = NULL;
static void *opt_encrypt_key = NULL;
static int opt_encrypt_threads = 1;
enum {
OPT_ENCRYPT_THREADS = 256
};
static struct my_option my_long_options[] = static struct my_option my_long_options[] =
{ {
...@@ -86,20 +69,6 @@ static struct my_option my_long_options[] = ...@@ -86,20 +69,6 @@ static struct my_option my_long_options[] =
{"parallel", 'p', "Number of worker threads for reading / writing.", {"parallel", 'p', "Number of worker threads for reading / writing.",
&opt_parallel, &opt_parallel, 0, GET_INT, REQUIRED_ARG, &opt_parallel, &opt_parallel, 0, GET_INT, REQUIRED_ARG,
1, 1, INT_MAX, 0, 0, 0}, 1, 1, INT_MAX, 0, 0, 0},
{"decrypt", 'd', "Decrypt files ending with .xbcrypt.",
&opt_encrypt_algo, &opt_encrypt_algo, &xbstream_encrypt_algo_typelib,
GET_ENUM, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-key", 'k', "Encryption key.",
&opt_encrypt_key, &opt_encrypt_key, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-key-file", 'f', "File which contains encryption key.",
&opt_encrypt_key_file, &opt_encrypt_key_file, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-threads", OPT_ENCRYPT_THREADS,
"Number of threads for parallel data encryption. "
"The default value is 1.",
&opt_encrypt_threads, &opt_encrypt_threads,
0, GET_INT, REQUIRED_ARG, 1, 1, INT_MAX, 0, 0, 0},
{0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0} {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}
}; };
...@@ -108,7 +77,6 @@ typedef struct { ...@@ -108,7 +77,6 @@ typedef struct {
HASH *filehash; HASH *filehash;
xb_rstream_t *stream; xb_rstream_t *stream;
ds_ctxt_t *ds_ctxt; ds_ctxt_t *ds_ctxt;
ds_ctxt_t *ds_decrypt_ctxt;
pthread_mutex_t *mutex; pthread_mutex_t *mutex;
} extract_ctxt_t; } extract_ctxt_t;
...@@ -348,19 +316,6 @@ mode_create(int argc, char **argv) ...@@ -348,19 +316,6 @@ mode_create(int argc, char **argv)
return 1; return 1;
} }
/************************************************************************
Check if string ends with given suffix.
@return true if string ends with given suffix. */
static
my_bool
ends_with(const char *str, const char *suffix)
{
size_t suffix_len = strlen(suffix);
size_t str_len = strlen(str);
return(str_len >= suffix_len
&& strcmp(str + str_len - suffix_len, suffix) == 0);
}
static static
file_entry_t * file_entry_t *
file_entry_new(extract_ctxt_t *ctxt, const char *path, uint pathlen) file_entry_new(extract_ctxt_t *ctxt, const char *path, uint pathlen)
...@@ -380,11 +335,8 @@ file_entry_new(extract_ctxt_t *ctxt, const char *path, uint pathlen) ...@@ -380,11 +335,8 @@ file_entry_new(extract_ctxt_t *ctxt, const char *path, uint pathlen)
} }
entry->pathlen = pathlen; entry->pathlen = pathlen;
if (ctxt->ds_decrypt_ctxt && ends_with(path, ".xbcrypt")) {
file = ds_open(ctxt->ds_decrypt_ctxt, path, NULL);
} else {
file = ds_open(ctxt->ds_ctxt, path, NULL); file = ds_open(ctxt->ds_ctxt, path, NULL);
}
if (file == NULL) { if (file == NULL) {
msg("%s: failed to create file.\n", my_progname); msg("%s: failed to create file.\n", my_progname);
goto err; goto err;
...@@ -534,7 +486,6 @@ mode_extract(int n_threads, int argc __attribute__((unused)), ...@@ -534,7 +486,6 @@ mode_extract(int n_threads, int argc __attribute__((unused)),
xb_rstream_t *stream = NULL; xb_rstream_t *stream = NULL;
HASH filehash; HASH filehash;
ds_ctxt_t *ds_ctxt = NULL; ds_ctxt_t *ds_ctxt = NULL;
ds_ctxt_t *ds_decrypt_ctxt = NULL;
extract_ctxt_t ctxt; extract_ctxt_t ctxt;
int i; int i;
pthread_t *tids = NULL; pthread_t *tids = NULL;
...@@ -574,7 +525,6 @@ mode_extract(int n_threads, int argc __attribute__((unused)), ...@@ -574,7 +525,6 @@ mode_extract(int n_threads, int argc __attribute__((unused)),
ctxt.stream = stream; ctxt.stream = stream;
ctxt.filehash = &filehash; ctxt.filehash = &filehash;
ctxt.ds_ctxt = ds_ctxt; ctxt.ds_ctxt = ds_ctxt;
ctxt.ds_decrypt_ctxt = ds_decrypt_ctxt;
ctxt.mutex = &mutex; ctxt.mutex = &mutex;
tids = malloc(sizeof(pthread_t) * n_threads); tids = malloc(sizeof(pthread_t) * n_threads);
...@@ -604,9 +554,6 @@ mode_extract(int n_threads, int argc __attribute__((unused)), ...@@ -604,9 +554,6 @@ mode_extract(int n_threads, int argc __attribute__((unused)),
if (ds_ctxt != NULL) { if (ds_ctxt != NULL) {
ds_destroy(ds_ctxt); ds_destroy(ds_ctxt);
} }
if (ds_decrypt_ctxt) {
ds_destroy(ds_decrypt_ctxt);
}
xb_stream_read_done(stream); xb_stream_read_done(stream);
return ret; return ret;
......
...@@ -195,19 +195,6 @@ ibool xtrabackup_compress = FALSE; ...@@ -195,19 +195,6 @@ ibool xtrabackup_compress = FALSE;
uint xtrabackup_compress_threads; uint xtrabackup_compress_threads;
ulonglong xtrabackup_compress_chunk_size = 0; ulonglong xtrabackup_compress_chunk_size = 0;
const char *xtrabackup_encrypt_algo_names[] =
{ "NONE", "AES128", "AES192", "AES256", NullS};
TYPELIB xtrabackup_encrypt_algo_typelib=
{array_elements(xtrabackup_encrypt_algo_names)-1,"",
xtrabackup_encrypt_algo_names, NULL};
ibool xtrabackup_encrypt = FALSE;
ulong xtrabackup_encrypt_algo;
char *xtrabackup_encrypt_key = NULL;
char *xtrabackup_encrypt_key_file = NULL;
uint xtrabackup_encrypt_threads;
ulonglong xtrabackup_encrypt_chunk_size = 0;
/* sleep interval beetween log copy iterations in log copying thread /* sleep interval beetween log copy iterations in log copying thread
in milliseconds (default is 1 second) */ in milliseconds (default is 1 second) */
ulint xtrabackup_log_copy_interval = 1000; ulint xtrabackup_log_copy_interval = 1000;
...@@ -366,8 +353,6 @@ TYPELIB query_type_typelib= {array_elements(query_type_names) - 1, "", ...@@ -366,8 +353,6 @@ TYPELIB query_type_typelib= {array_elements(query_type_names) - 1, "",
ulong opt_lock_wait_query_type; ulong opt_lock_wait_query_type;
ulong opt_kill_long_query_type; ulong opt_kill_long_query_type;
ulong opt_decrypt_algo = 0;
uint opt_kill_long_queries_timeout = 0; uint opt_kill_long_queries_timeout = 0;
uint opt_lock_wait_timeout = 0; uint opt_lock_wait_timeout = 0;
uint opt_lock_wait_threshold = 0; uint opt_lock_wait_threshold = 0;
...@@ -375,7 +360,6 @@ uint opt_debug_sleep_before_unlock = 0; ...@@ -375,7 +360,6 @@ uint opt_debug_sleep_before_unlock = 0;
uint opt_safe_slave_backup_timeout = 0; uint opt_safe_slave_backup_timeout = 0;
const char *opt_history = NULL; const char *opt_history = NULL;
my_bool opt_decrypt = FALSE;
#if defined(HAVE_OPENSSL) #if defined(HAVE_OPENSSL)
my_bool opt_ssl_verify_server_cert = FALSE; my_bool opt_ssl_verify_server_cert = FALSE;
...@@ -501,11 +485,6 @@ enum options_xtrabackup ...@@ -501,11 +485,6 @@ enum options_xtrabackup
OPT_XTRA_COMPRESS, OPT_XTRA_COMPRESS,
OPT_XTRA_COMPRESS_THREADS, OPT_XTRA_COMPRESS_THREADS,
OPT_XTRA_COMPRESS_CHUNK_SIZE, OPT_XTRA_COMPRESS_CHUNK_SIZE,
OPT_XTRA_ENCRYPT,
OPT_XTRA_ENCRYPT_KEY,
OPT_XTRA_ENCRYPT_KEY_FILE,
OPT_XTRA_ENCRYPT_THREADS,
OPT_XTRA_ENCRYPT_CHUNK_SIZE,
OPT_LOG, OPT_LOG,
OPT_INNODB, OPT_INNODB,
OPT_INNODB_CHECKSUMS, OPT_INNODB_CHECKSUMS,
...@@ -576,7 +555,6 @@ enum options_xtrabackup ...@@ -576,7 +555,6 @@ enum options_xtrabackup
OPT_DECOMPRESS, OPT_DECOMPRESS,
OPT_INCREMENTAL_HISTORY_NAME, OPT_INCREMENTAL_HISTORY_NAME,
OPT_INCREMENTAL_HISTORY_UUID, OPT_INCREMENTAL_HISTORY_UUID,
OPT_DECRYPT,
OPT_REMOVE_ORIGINAL, OPT_REMOVE_ORIGINAL,
OPT_LOCK_WAIT_QUERY_TYPE, OPT_LOCK_WAIT_QUERY_TYPE,
OPT_KILL_LONG_QUERY_TYPE, OPT_KILL_LONG_QUERY_TYPE,
...@@ -699,29 +677,6 @@ struct my_option xb_client_options[] = ...@@ -699,29 +677,6 @@ struct my_option xb_client_options[] =
(G_PTR*) &xtrabackup_compress_chunk_size, (G_PTR*) &xtrabackup_compress_chunk_size, (G_PTR*) &xtrabackup_compress_chunk_size, (G_PTR*) &xtrabackup_compress_chunk_size,
0, GET_ULL, REQUIRED_ARG, (1 << 16), 1024, ULONGLONG_MAX, 0, 0, 0}, 0, GET_ULL, REQUIRED_ARG, (1 << 16), 1024, ULONGLONG_MAX, 0, 0, 0},
{"encrypt", OPT_XTRA_ENCRYPT, "Encrypt individual backup files using the "
"specified encryption algorithm.",
&xtrabackup_encrypt_algo, &xtrabackup_encrypt_algo,
&xtrabackup_encrypt_algo_typelib, GET_ENUM, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-key", OPT_XTRA_ENCRYPT_KEY, "Encryption key to use.",
(G_PTR*) &xtrabackup_encrypt_key, (G_PTR*) &xtrabackup_encrypt_key, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-key-file", OPT_XTRA_ENCRYPT_KEY_FILE, "File which contains encryption key to use.",
(G_PTR*) &xtrabackup_encrypt_key_file, (G_PTR*) &xtrabackup_encrypt_key_file, 0,
GET_STR_ALLOC, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"encrypt-threads", OPT_XTRA_ENCRYPT_THREADS,
"Number of threads for parallel data encryption. The default value is 1.",
(G_PTR*) &xtrabackup_encrypt_threads, (G_PTR*) &xtrabackup_encrypt_threads,
0, GET_UINT, REQUIRED_ARG, 1, 1, UINT_MAX, 0, 0, 0},
{"encrypt-chunk-size", OPT_XTRA_ENCRYPT_CHUNK_SIZE,
"Size of working buffer(S) for encryption threads in bytes. The default value is 64K.",
(G_PTR*) &xtrabackup_encrypt_chunk_size, (G_PTR*) &xtrabackup_encrypt_chunk_size,
0, GET_ULL, REQUIRED_ARG, (1 << 16), 1024, ULONGLONG_MAX, 0, 0, 0},
{"incremental-force-scan", OPT_XTRA_INCREMENTAL_FORCE_SCAN, {"incremental-force-scan", OPT_XTRA_INCREMENTAL_FORCE_SCAN,
"Perform a full-scan incremental backup even in the presence of changed " "Perform a full-scan incremental backup even in the presence of changed "
"page bitmap data", "page bitmap data",
...@@ -892,18 +847,6 @@ struct my_option xb_client_options[] = ...@@ -892,18 +847,6 @@ struct my_option xb_client_options[] =
(uchar*) &opt_incremental_history_uuid, 0, GET_STR, (uchar*) &opt_incremental_history_uuid, 0, GET_STR,
REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, REQUIRED_ARG, 0, 0, 0, 0, 0, 0},
{"decrypt", OPT_DECRYPT, "Decrypts all files with the .xbcrypt "
"extension in a backup previously made with --encrypt option.",
&opt_decrypt_algo, &opt_decrypt_algo,
&xtrabackup_encrypt_algo_typelib, GET_ENUM, REQUIRED_ARG,
0, 0, 0, 0, 0, 0},
{"remove-original", OPT_REMOVE_ORIGINAL, "Remove .qp and .xbcrypt files "
"after decryption and decompression.",
(uchar *) &opt_remove_original,
(uchar *) &opt_remove_original,
0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0},
{"ftwrl-wait-query-type", OPT_LOCK_WAIT_QUERY_TYPE, {"ftwrl-wait-query-type", OPT_LOCK_WAIT_QUERY_TYPE,
"This option specifies which types of queries are allowed to complete " "This option specifies which types of queries are allowed to complete "
"before innobackupex will issue the global lock. Default is all.", "before innobackupex will issue the global lock. Default is all.",
...@@ -1421,24 +1364,6 @@ xb_get_one_option(int optid, ...@@ -1421,24 +1364,6 @@ xb_get_one_option(int optid,
} }
xtrabackup_compress = TRUE; xtrabackup_compress = TRUE;
break; break;
case OPT_XTRA_ENCRYPT:
if (argument == NULL)
{
msg("Missing --encrypt argument, must specify a valid encryption "
" algorithm.\n");
return 1;
}
xtrabackup_encrypt = TRUE;
break;
case OPT_DECRYPT:
if (argument == NULL) {
msg("Missing --decrypt argument, must specify a "
"valid encryption algorithm.\n");
return(1);
}
opt_decrypt = TRUE;
xtrabackup_decrypt_decompress = true;
break;
case OPT_DECOMPRESS: case OPT_DECOMPRESS:
opt_decompress = TRUE; opt_decompress = TRUE;
xtrabackup_decrypt_decompress = true; xtrabackup_decrypt_decompress = true;
...@@ -2377,25 +2302,13 @@ xb_get_copy_action(const char *dflt) ...@@ -2377,25 +2302,13 @@ xb_get_copy_action(const char *dflt)
if (xtrabackup_stream) { if (xtrabackup_stream) {
if (xtrabackup_compress) { if (xtrabackup_compress) {
if (xtrabackup_encrypt) {
action = "Compressing, encrypting and streaming";
} else {
action = "Compressing and streaming"; action = "Compressing and streaming";
}
} else if (xtrabackup_encrypt) {
action = "Encrypting and streaming";
} else { } else {
action = "Streaming"; action = "Streaming";
} }
} else { } else {
if (xtrabackup_compress) { if (xtrabackup_compress) {
if (xtrabackup_encrypt) {
action = "Compressing and encrypting";
} else {
action = "Compressing"; action = "Compressing";
}
} else if (xtrabackup_encrypt) {
action = "Encrypting";
} else { } else {
action = dflt; action = dflt;
} }
...@@ -3069,28 +2982,6 @@ xtrabackup_init_datasinks(void) ...@@ -3069,28 +2982,6 @@ xtrabackup_init_datasinks(void)
ds_redo = ds_meta = ds_data; ds_redo = ds_meta = ds_data;
} }
/* Encryption */
if (xtrabackup_encrypt) {
ds_ctxt_t *ds;
ds = ds_create(xtrabackup_target_dir, DS_TYPE_ENCRYPT);
xtrabackup_add_datasink(ds);
ds_set_pipe(ds, ds_data);
if (ds_data != ds_meta) {
ds_data = ds;
ds = ds_create(xtrabackup_target_dir, DS_TYPE_ENCRYPT);
xtrabackup_add_datasink(ds);
ds_set_pipe(ds, ds_meta);
ds_redo = ds_meta = ds;
} else {
ds_redo = ds_data = ds_meta = ds;
}
}
/* Compression for ds_data and ds_redo */ /* Compression for ds_data and ds_redo */
if (xtrabackup_compress) { if (xtrabackup_compress) {
ds_ctxt_t *ds; ds_ctxt_t *ds;
...@@ -6726,8 +6617,6 @@ xb_init() ...@@ -6726,8 +6617,6 @@ xb_init()
if (opt_decompress) { if (opt_decompress) {
mixed_options[n_mixed_options++] = "--decompress"; mixed_options[n_mixed_options++] = "--decompress";
} else if (opt_decrypt) {
mixed_options[n_mixed_options++] = "--decrypt";
} }
if (xtrabackup_copy_back) { if (xtrabackup_copy_back) {
......
...@@ -81,7 +81,6 @@ extern char *xtrabackup_tables_exclude; ...@@ -81,7 +81,6 @@ extern char *xtrabackup_tables_exclude;
extern char *xtrabackup_databases_exclude; extern char *xtrabackup_databases_exclude;
extern ibool xtrabackup_compress; extern ibool xtrabackup_compress;
extern ibool xtrabackup_encrypt;
extern my_bool xtrabackup_backup; extern my_bool xtrabackup_backup;
extern my_bool xtrabackup_prepare; extern my_bool xtrabackup_prepare;
...@@ -92,15 +91,10 @@ extern my_bool xtrabackup_decrypt_decompress; ...@@ -92,15 +91,10 @@ extern my_bool xtrabackup_decrypt_decompress;
extern char *innobase_data_file_path; extern char *innobase_data_file_path;
extern char *innobase_doublewrite_file; extern char *innobase_doublewrite_file;
extern char *xtrabackup_encrypt_key;
extern char *xtrabackup_encrypt_key_file;
extern longlong innobase_log_file_size; extern longlong innobase_log_file_size;
extern long innobase_log_files_in_group; extern long innobase_log_files_in_group;
extern longlong innobase_page_size; extern longlong innobase_page_size;
extern const char *xtrabackup_encrypt_algo_names[];
extern TYPELIB xtrabackup_encrypt_algo_typelib;
extern int xtrabackup_parallel; extern int xtrabackup_parallel;
extern my_bool xb_close_files; extern my_bool xb_close_files;
...@@ -113,9 +107,6 @@ extern "C"{ ...@@ -113,9 +107,6 @@ extern "C"{
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
extern ulong xtrabackup_encrypt_algo;
extern uint xtrabackup_encrypt_threads;
extern ulonglong xtrabackup_encrypt_chunk_size;
extern my_bool xtrabackup_export; extern my_bool xtrabackup_export;
extern char *xtrabackup_incremental_basedir; extern char *xtrabackup_incremental_basedir;
extern char *xtrabackup_extra_lsndir; extern char *xtrabackup_extra_lsndir;
...@@ -158,8 +149,6 @@ extern TYPELIB query_type_typelib; ...@@ -158,8 +149,6 @@ extern TYPELIB query_type_typelib;
extern ulong opt_lock_wait_query_type; extern ulong opt_lock_wait_query_type;
extern ulong opt_kill_long_query_type; extern ulong opt_kill_long_query_type;
extern ulong opt_decrypt_algo;
extern uint opt_kill_long_queries_timeout; extern uint opt_kill_long_queries_timeout;
extern uint opt_lock_wait_timeout; extern uint opt_lock_wait_timeout;
extern uint opt_lock_wait_threshold; extern uint opt_lock_wait_threshold;
...@@ -167,7 +156,6 @@ extern uint opt_debug_sleep_before_unlock; ...@@ -167,7 +156,6 @@ extern uint opt_debug_sleep_before_unlock;
extern uint opt_safe_slave_backup_timeout; extern uint opt_safe_slave_backup_timeout;
extern const char *opt_history; extern const char *opt_history;
extern my_bool opt_decrypt;
enum binlog_info_enum { BINLOG_INFO_OFF, BINLOG_INFO_LOCKLESS, BINLOG_INFO_ON, enum binlog_info_enum { BINLOG_INFO_OFF, BINLOG_INFO_LOCKLESS, BINLOG_INFO_ON,
BINLOG_INFO_AUTO}; BINLOG_INFO_AUTO};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment