New encryption API. Piece-wise encryption.

Instead of encrypt(src, dst, key, iv) that encrypts all
data in one go, now we have encrypt_init(key,iv),
encrypt_update(src,dst), and encrypt_finish(dst).

This also causes collateral changes in the internal my_crypt.cc
encryption functions and in the encryption service.

There are wrappers to provide the old all-at-once encryption
functionality. But binlog events are often written piecewise,
they'll need the new api.

unittest/sql/mf_iocache-t.cc

@@ -49,19 +49,34 @@ uint encryption_key_get_func(uint, uint, uchar* key, uint* size)
   return 0;
 }
 
+#ifdef HAVE_EncryptAes128Gcm
+enum my_aes_mode aes_mode= MY_AES_GCM;
+#else
+enum my_aes_mode aes_mode= MY_AES_CBC;
+#endif
+
+int encryption_ctx_init_func(void *ctx, const unsigned char* key, unsigned int klen,
+                                const unsigned char* iv, unsigned int ivlen,
+                                int flags, unsigned int key_id,
+                                unsigned int key_version)
+{
+  return my_aes_crypt_init(ctx, aes_mode, flags, key, klen, iv, ivlen);
+}
+
+uint encryption_encrypted_length_func(unsigned int slen, unsigned int key_id, unsigned int key_version)
+{
+  return my_aes_get_size(aes_mode, slen);
+}
+
 struct encryption_service_st encryption_handler=
 {
   encryption_key_get_latest_version_func,
-  encryption_key_id_exists_func,
-  encryption_key_version_exists_func,
   encryption_key_get_func,
-#ifdef HAVE_EncryptAes128Gcm
-  (encrypt_decrypt_func)my_aes_encrypt_gcm,
-  (encrypt_decrypt_func)my_aes_decrypt_gcm
-#else
-  (encrypt_decrypt_func)my_aes_encrypt_cbc,
-  (encrypt_decrypt_func)my_aes_decrypt_cbc
-#endif
+  (uint (*)(unsigned int, unsigned int))my_aes_ctx_size,
+  encryption_ctx_init_func,
+  my_aes_crypt_update,
+  my_aes_crypt_finish,
+  encryption_encrypted_length_func
 };
 
 void sql_print_information(const char *format, ...)