1 files changed, 33 insertions, 35 deletions

diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h
index b9390927ece..22c0c9636bf 100644
--- a/storage/innobase/include/log0crypt.h
+++ b/storage/innobase/include/log0crypt.h
@@ -1,7 +1,7 @@
 /*****************************************************************************
 
 Copyright (C) 2013, 2015, Google Inc. All Rights Reserved.
-Copyright (C) 2014, 2021, MariaDB Corporation.
+Copyright (C) 2014, 2022, MariaDB Corporation.
 
 This program is free software; you can redistribute it and/or modify it under
 the terms of the GNU General Public License as published by the Free Software
@@ -24,27 +24,26 @@ Created 11/25/2013 Minli Zhu
 Modified           Jan Lindström jan.lindstrom@mariadb.com
 MDEV-11782: Rewritten for MariaDB 10.2 by Marko Mäkelä, MariaDB Corporation.
 *******************************************************/
-#ifndef log0crypt_h
-#define log0crypt_h
+#pragma once
 
 #include "log0log.h"
 
-/** innodb_encrypt_log: whether to encrypt the redo log */
-extern my_bool srv_encrypt_log;
-
 /** Initialize the redo log encryption key and random parameters
 when creating a new redo log.
-The random parameters will be persisted in the log checkpoint pages.
-@see log_crypt_write_checkpoint_buf()
-@see log_crypt_read_checkpoint_buf()
+The random parameters will be persisted in the log header.
+@see log_crypt_write_header()
+@see log_crypt_read_header()
 @return whether the operation succeeded */
 bool log_crypt_init();
 
-/*********************************************************************//**
-Writes the crypto (version, msg and iv) info, which has been used for
-log blocks with lsn <= this checkpoint's lsn, to a log header's
-checkpoint buf. */
-void log_crypt_write_checkpoint_buf(byte *buf);
+/** Add the encryption information to the log header buffer.
+@param buf   part of log header buffer */
+void log_crypt_write_header(byte *buf);
+
+/** Read the encryption information from a redo log checkpoint buffer.
+@param buf   part of checkpoint buffer
+@return whether the operation was successful */
+bool log_crypt_read_header(const byte *buf);
 
 /** Read the MariaDB 10.1 checkpoint crypto (version, msg and iv) info.
 @param[in]	buf	checkpoint buffer
@@ -60,25 +59,28 @@ ATTRIBUTE_COLD bool log_crypt_101_read_block(byte* buf, lsn_t start_lsn);
 /** Read the checkpoint crypto (version, msg and iv) info.
 @param[in]	buf	checkpoint buffer
 @return	whether the operation was successful */
-bool log_crypt_read_checkpoint_buf(const byte* buf);
-
-/** log_crypt() operation code */
-enum log_crypt_t {
-	/** encrypt a log block without rotating key */
-	LOG_ENCRYPT,
-	/** decrypt a log block */
-	LOG_DECRYPT,
-	/** attempt to rotate the key, and encrypt a log block */
-	LOG_ENCRYPT_ROTATE_KEY
-};
-
-/** Encrypt or decrypt log blocks.
-@param[in,out]	buf	log blocks to encrypt or decrypt
+ATTRIBUTE_COLD bool log_crypt_read_checkpoint_buf(const byte* buf);
+
+/** Decrypt log blocks.
+@param[in,out]	buf	log blocks to decrypt
 @param[in]	lsn	log sequence number of the start of the buffer
 @param[in]	size	size of the buffer, in bytes
-@param[in]	op	whether to decrypt, encrypt, or rotate key and encrypt
-@return	whether the operation succeeded (encrypt always does) */
-bool log_crypt(byte* buf, lsn_t lsn, ulint size, log_crypt_t op = LOG_ENCRYPT);
+@return	whether the operation succeeded */
+ATTRIBUTE_COLD bool log_decrypt(byte* buf, lsn_t lsn, ulint size);
+
+/** Decrypt part of a log record.
+@param iv    initialization vector
+@param buf   buffer for the decrypted data
+@param data  the encrypted data
+@param len   length of the data, in bytes
+@return buf */
+byte *log_decrypt_buf(const byte *iv, byte *buf, const byte *data, uint len);
+
+/** Decrypt a log snippet.
+@param iv    initialization vector
+@param buf   buffer to be replaced with encrypted contents
+@param end   pointer past the end of buf */
+void log_decrypt_buf(const byte *iv, byte *buf, const byte *const end);
 
 /** Encrypt or decrypt a temporary file block.
 @param[in]	src		block to encrypt or decrypt
@@ -111,7 +113,3 @@ log_tmp_block_decrypt(
 {
 	return(log_tmp_block_encrypt(src, size, dst, offs, false));
 }
-
-/** @return whether temporary files are encrypted */
-inline bool log_tmp_is_encrypted() { return srv_encrypt_log; }
-#endif  // log0crypt.h