Hi, Jan! On Mar 14, Jan Lindström wrote:
and thanks for the review, some comments/questions below:
1. Does file_key_management_plugin work with CTR?
Yes it does, but only with openSSL.
Then I'd suggest to * add aes_ctr combination to have_file_key_management_plugin.combinations * use only one combinations file, not two identical ones (it can be called, say, encryption_algorithms.inc) and included into both have_*_key_management_plugin.inc files * disable aes_ctr combination from suite.pm, now it has $skip{'include/have_openssl_ctr.inc'} = 'no or too old openssl' unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/ and $1 ge "1.0.1"; which disables the complete have_openssl_ctr.inc, it can be changed to disable just one combination (like for have_innodb.inc): $skip{'include/encryption_algorithms.combinations'} = [ 'aes_ctr' ] unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/ and $1 ge "1.0.1";
This doesn't make a lot of sense now, because example_key_management_plugin forces CTR:
my_aes_init_dynamic_encrypt(MY_AES_ALGORITHM_CTR);
Is there some reason why it does this here? I will change that on separate fix to current_aes_dynamic_method if != MY_AES_ALGORITHM_NONE
I suspect it was in the original google patch and nobody fixed it yet. It would be good to change it. Regards, Sergei