remove get_iv() from the key management plugin API

now IVs are always handled internally

include/mysql/plugin_audit.h.pp

@@ -203,13 +203,11 @@ extern struct encryption_keys_service_st {
   unsigned int (*has_encryption_key_func)(unsigned int);
   unsigned int (*get_encryption_key_size_func)(unsigned int);
   int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
-  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
 } *encryption_keys_service;
 unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key_size(unsigned int version);
 int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
-int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/plugin_auth.h.pp

@@ -203,13 +203,11 @@ extern struct encryption_keys_service_st {
   unsigned int (*has_encryption_key_func)(unsigned int);
   unsigned int (*get_encryption_key_size_func)(unsigned int);
   int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
-  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
 } *encryption_keys_service;
 unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key_size(unsigned int version);
 int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
-int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/plugin_encryption_key_management.h

@@ -59,15 +59,6 @@ struct st_mariadb_encryption_key_management
     @return 0 on success, non-zero on failure
   */
   int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize);
-
-  /**
-    function returning an IV for a key version
-
-    the IV is put in 'iv' buffer, that has size of 'ivbufsize' bytes.
-
-    @return 0 on success, non-zero on failure
-  */
-  int (*get_iv)(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 };
 #endif
 

include/mysql/plugin_encryption_key_management.h.pp

@@ -203,13 +203,11 @@ extern struct encryption_keys_service_st {
   unsigned int (*has_encryption_key_func)(unsigned int);
   unsigned int (*get_encryption_key_size_func)(unsigned int);
   int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
-  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
 } *encryption_keys_service;
 unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key_size(unsigned int version);
 int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
-int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;
@@ -373,5 +371,4 @@ struct st_mariadb_encryption_key_management
   unsigned int (*has_key_version)(unsigned int version);
   unsigned int (*get_key_size)(unsigned int version);
   int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize);
-  int (*get_iv)(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 };

include/mysql/plugin_ftparser.h.pp

@@ -203,13 +203,11 @@ extern struct encryption_keys_service_st {
   unsigned int (*has_encryption_key_func)(unsigned int);
   unsigned int (*get_encryption_key_size_func)(unsigned int);
   int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
-  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
 } *encryption_keys_service;
 unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key_size(unsigned int version);
 int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
-int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/plugin_password_validation.h.pp

@@ -203,13 +203,11 @@ extern struct encryption_keys_service_st {
   unsigned int (*has_encryption_key_func)(unsigned int);
   unsigned int (*get_encryption_key_size_func)(unsigned int);
   int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
-  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
 } *encryption_keys_service;
 unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key_size(unsigned int version);
 int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
-int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 struct st_mysql_xid {
   long formatID;
   long gtrid_length;

include/mysql/service_encryption_keys.h

@@ -30,7 +30,6 @@ extern struct encryption_keys_service_st {
   unsigned int (*has_encryption_key_func)(unsigned int);
   unsigned int (*get_encryption_key_size_func)(unsigned int);
   int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int);
-  int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int);
 } *encryption_keys_service;
 
 #ifdef MYSQL_DYNAMIC_PLUGIN
@@ -39,7 +38,6 @@ extern struct encryption_keys_service_st {
 #define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V)
 #define get_encryption_key_size(V) encryption_keys_service->get_encryption_key_size_func(V)
 #define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S))
-#define get_encryption_iv(V, I, S) encryption_keys_service->get_encryption_iv_func((V), (I), (S))
 
 #else
 
@@ -47,7 +45,6 @@ unsigned int get_latest_encryption_key_version();
 unsigned int has_encryption_key(unsigned int version);
 unsigned int get_encryption_key_size(unsigned int version);
 int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize);
-int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize);
 
 #endif
 

plugin/debug_key_management_plugin/debug_key_management_plugin.cc

@@ -62,18 +62,12 @@ static unsigned int get_key_size(unsigned int ver)
   return 16;
 }
 
-static int get_iv(unsigned int ver, unsigned char* dstbuf, unsigned buflen)
-{
-  return 0; // to be removed
-}
-
 struct st_mariadb_encryption_key_management debug_key_management_plugin= {
   MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION,
   get_latest_key_version,
   has_key,
   get_key_size,
-  get_key,
-  get_iv
+  get_key
 };
 
 /*

plugin/example_key_management_plugin/example_key_management_plugin.cc

@@ -86,20 +86,6 @@ static unsigned int get_key_size(unsigned int keyID)
 	return 16;
 }
 
-static int get_iv(unsigned int keyID, unsigned char* dstbuf, unsigned buflen)
-{
-  if (buflen < 16)
-  {
-	  return CRYPT_BUFFER_TO_SMALL;
-  }
-
-  for (int i=0; i<16; i++)
-	  dstbuf[i] = 0;
-
-  return CRYPT_KEY_OK;
-}
-
-
 static int example_key_management_plugin_init(void *p)
 {
   /* init */
@@ -131,8 +117,7 @@ struct st_mariadb_encryption_key_management example_key_management_plugin= {
   get_latest_key_version,
   has_key_func,
   get_key_size,
-  get_key,
-  get_iv
+  get_key
 };
 
 /*

plugin/file_key_management_plugin/file_key_management_plugin.cc

@@ -204,32 +204,6 @@ static int get_key_from_key_file(unsigned int keyID, unsigned char* dstbuf,
   }
 }
 
-static int get_iv_from_key_file(unsigned int keyID, unsigned char* dstbuf,
-                                unsigned buflen)
-{
-  keyentry* entry = KeySingleton::getInstance().getKeys((int)keyID);
-
-  if (entry != NULL)
-  {
-    char* ivString = entry->iv;
-    size_t iv_len = strlen(ivString)/2;
-
-    if (buflen < iv_len)
-    {
-      return CRYPT_BUFFER_TO_SMALL;
-    }
-
-    my_aes_hex2uint(ivString, (unsigned char*)dstbuf, iv_len);
-
-    return CRYPT_KEY_OK;
-  }
-  else
-  {
-    return CRYPT_KEY_UNKNOWN;
-  }
-}
-
-
 static int file_key_management_plugin_init(void *p)
 {
   /* init */
@@ -265,8 +239,7 @@ struct st_mariadb_encryption_key_management file_key_management_plugin= {
   get_highest_key_used_in_key_file,
   has_key_from_key_file,
   get_key_size_from_key_file,
-  get_key_from_key_file,
-  get_iv_from_key_file
+  get_key_from_key_file
 };
 
 /*

sql/encryption_keys.cc

@@ -39,14 +39,6 @@ int get_encryption_key(uint version, uchar* key, uint size)
   return 1;
 }
 
-int get_encryption_iv(uint version, uchar* iv, uint size)
-{
-  if (encryption_key_manager)
-    return handle->get_iv(version, iv, size);
-
-  return 1;
-}
-
 int initialize_encryption_key_management_plugin(st_plugin_int *plugin)
 {
   if (encryption_key_manager)

sql/sql_plugin_services.h

@@ -144,8 +144,7 @@ static struct encryption_keys_service_st encryption_keys_handler=
   get_latest_encryption_key_version,
   has_encryption_key,
   get_encryption_key_size,
-  get_encryption_key,
-  get_encryption_iv
+  get_encryption_key
 };
 
 static struct thd_specifics_service_st thd_specifics_handler=