From 4feaa06c842b0ae1cc8ab2d6e7f0bbd00c000e87 Mon Sep 17 00:00:00 2001 From: f4rnham Date: Thu, 26 Mar 2015 00:00:12 +0100 Subject: [PATCH 01/65] MDEV-7816 ALTER with DROP INDEX and ADD INDEX .. COMMENT='comment2' ignores the new comment Consider two indexes different if their comments differ --- mysql-test/r/alter_table.result | 10 ++++++++++ mysql-test/t/alter_table.test | 8 ++++++++ sql/sql_table.cc | 7 +++++++ 3 files changed, 25 insertions(+) diff --git a/mysql-test/r/alter_table.result b/mysql-test/r/alter_table.result index 544e64e6373..a7f8ffcc9ec 100644 --- a/mysql-test/r/alter_table.result +++ b/mysql-test/r/alter_table.result @@ -2007,3 +2007,13 @@ INSERT INTO t1 VALUES (1),(2),(3),(4),(5),(6),(7),(8); INSERT INTO t1 SELECT a.* FROM t1 a, t1 b, t1 c, t1 d, t1 e; ALTER TABLE t1 MODIFY i FLOAT; DROP TABLE t1; +CREATE TABLE t1(a INT); +CREATE INDEX i1 ON t1(a) COMMENT 'comment1'; +ALTER TABLE t1 DROP INDEX i1, ADD INDEX i1(a) COMMENT 'comment2'; +SHOW CREATE TABLE t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `a` int(11) DEFAULT NULL, + KEY `i1` (`a`) COMMENT 'comment2' +) ENGINE=MyISAM DEFAULT CHARSET=latin1 +DROP TABLE t1; diff --git a/mysql-test/t/alter_table.test b/mysql-test/t/alter_table.test index ab1fb4e4c54..0c0672de3e2 100644 --- a/mysql-test/t/alter_table.test +++ b/mysql-test/t/alter_table.test @@ -1697,3 +1697,11 @@ INSERT INTO t1 SELECT a.* FROM t1 a, t1 b, t1 c, t1 d, t1 e; ALTER TABLE t1 MODIFY i FLOAT; DROP TABLE t1; +# +# MDEV-7816 ALTER with DROP INDEX and ADD INDEX .. COMMENT='comment2' ignores the new comment +# +CREATE TABLE t1(a INT); +CREATE INDEX i1 ON t1(a) COMMENT 'comment1'; +ALTER TABLE t1 DROP INDEX i1, ADD INDEX i1(a) COMMENT 'comment2'; +SHOW CREATE TABLE t1; +DROP TABLE t1; diff --git a/sql/sql_table.cc b/sql/sql_table.cc index c4b07ad2035..5986e8201c4 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -6368,6 +6368,13 @@ static bool fill_alter_inplace_info(THD *thd, new_field->field->field_index != key_part->fieldnr - 1) goto index_changed; } + + /* Check that key comment is not changed. */ + if (table_key->comment.length != new_key->comment.length || + (table_key->comment.length && + strcmp(table_key->comment.str, new_key->comment.str) != 0)) + goto index_changed; + continue; index_changed: From 0cbe0c9c6da982210eb1dbbedb575038ea32d3e6 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 11 Mar 2015 12:28:26 +0100 Subject: [PATCH 02/65] remove one cmake MESSAGE (one generally should not do that, these messages are printed on every cmake run) --- CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 48015fa29d0..053f2d4ec25 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -230,7 +230,6 @@ MARK_AS_ADVANCED(WITH_FAST_MUTEXES) OPTION(WITH_INNODB_DISALLOW_WRITES "InnoDB freeze writes patch from Google" ${WITH_WSREP}) IF (WITH_INNODB_DISALLOW_WRITES) - MESSAGE(STATUS "INNODB_DISALLOW_WRITES") SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWITH_INNODB_DISALLOW_WRITES") SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DWITH_INNODB_DISALLOW_WRITES") ENDIF() From 16a7738bc98098033fc6e524654a008b9d2830d8 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 13 Mar 2015 18:52:10 +0100 Subject: [PATCH 03/65] MDEV-6819 st_mysql_show_var::value should be void* not char* followup --- sql/mysqld.cc | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/sql/mysqld.cc b/sql/mysqld.cc index 14d904bbe74..da432063c0a 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -7487,7 +7487,7 @@ static int show_queries(THD *thd, SHOW_VAR *var, char *buff, enum enum_var_type scope) { var->type= SHOW_LONGLONG; - var->value= (char *)&thd->query_id; + var->value= &thd->query_id; return 0; } @@ -7496,7 +7496,7 @@ static int show_net_compression(THD *thd, SHOW_VAR *var, char *buff, enum enum_var_type scope) { var->type= SHOW_MY_BOOL; - var->value= (char *)&thd->net.compress; + var->value= &thd->net.compress; return 0; } @@ -7848,7 +7848,7 @@ static int show_ssl_get_version(THD *thd, SHOW_VAR *var, char *buff, if( thd->vio_ok() && thd->net.vio->ssl_arg ) var->value= const_cast(SSL_get_version((SSL*) thd->net.vio->ssl_arg)); else - var->value= (char *)""; + var->value= const_cast(""); return 0; } @@ -7907,7 +7907,7 @@ static int show_ssl_get_cipher(THD *thd, SHOW_VAR *var, char *buff, if( thd->vio_ok() && thd->net.vio->ssl_arg ) var->value= const_cast(SSL_get_cipher((SSL*) thd->net.vio->ssl_arg)); else - var->value= (char *)""; + var->value= const_cast(""); return 0; } @@ -8055,14 +8055,14 @@ static int show_default_keycache(THD *thd, SHOW_VAR *var, char *buff, v= data->var; var->type= SHOW_ARRAY; - var->value= (char*)v; + var->value= v; get_key_cache_statistics(dflt_key_cache, 0, &data->stats); #define set_one_keycache_var(X,Y) \ v->name= X; \ v->type= SHOW_LONGLONG; \ - v->value= (char*)&data->stats.Y; \ + v->value= &data->stats.Y; \ v++; set_one_keycache_var("blocks_not_flushed", blocks_changed); @@ -8116,11 +8116,11 @@ static int debug_status_func(THD *thd, SHOW_VAR *var, char *buff, if (_db_keyword_(0, "role_merge_stats", 1)) { static SHOW_VAR roles[]= { - {"global", (char*) &role_global_merges, SHOW_ULONG}, - {"db", (char*) &role_db_merges, SHOW_ULONG}, - {"table", (char*) &role_table_merges, SHOW_ULONG}, - {"column", (char*) &role_column_merges, SHOW_ULONG}, - {"routine", (char*) &role_routine_merges, SHOW_ULONG}, + {"global", &role_global_merges, SHOW_ULONG}, + {"db", &role_db_merges, SHOW_ULONG}, + {"table", &role_table_merges, SHOW_ULONG}, + {"column", &role_column_merges, SHOW_ULONG}, + {"routine", &role_routine_merges, SHOW_ULONG}, {NullS, NullS, SHOW_LONG} }; From 87604c4cadac0c9f86068d7f0075bb3cdeabdf0b Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Mon, 9 Mar 2015 19:53:47 +0100 Subject: [PATCH 04/65] encryption cleanup: delete obsolete files they should've been deleted long ago, but weren't --- include/mysql/service_cryptokeys.h | 60 ------------------------------ libservices/cryptokeys_service.c | 17 --------- 2 files changed, 77 deletions(-) delete mode 100644 include/mysql/service_cryptokeys.h delete mode 100644 libservices/cryptokeys_service.c diff --git a/include/mysql/service_cryptokeys.h b/include/mysql/service_cryptokeys.h deleted file mode 100644 index d5321e2f257..00000000000 --- a/include/mysql/service_cryptokeys.h +++ /dev/null @@ -1,60 +0,0 @@ -#ifndef MYSQL_SERVICE_CRYPTOKEYS_INCLUDED -/* Copyright (c) 2015, MariaDB - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/** - @file - cryptokeys service - - Functions get cryptographical keys and IV from the cryptokey management plugin -*/ - -#ifdef __cplusplus -extern "C" { -#endif - -extern struct cryptokeys_service_st { - unsigned int (*get_latest_crypto_key_version_func)(); - unsigned int (*has_crypto_key_func)(unsigned int); - unsigned int (*get_crypto_key_size_func)(unsigned int); - int (*get_crypto_key_func)(unsigned int, unsigned char*, unsigned int); - int (*get_crypto_iv_func)(unsigned int, unsigned char*, unsigned int); -} *cryptokeys_service; - -#ifdef MYSQL_DYNAMIC_PLUGIN - -#define get_latest_crypto_key_version() cryptokeys_service->get_latest_crypto_key_version_func() -#define has_crypto_key(V) cryptokeys_service->has_crypto_key_func(V) -#define get_crypto_key_size(V) cryptokeys_service->get_crypto_key_size_func(V) -#define get_crypto_key(V,K,S) cryptokeys_service->get_crypto_key_func((V), (K), (S)) -#define get_crypto_iv(V, I, S) cryptokeys_service->get_crypto_iv_func((V), (I), (S)) - -#else - -unsigned int get_latest_crypto_key_version(); -unsigned int has_crypto_key(unsigned int version); -unsigned int get_crypto_key_size(unsigned int version); -int get_crypto_key(unsigned int version, unsigned char* key, unsigned int keybufsize); -int get_crypto_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); - -#endif - -#ifdef __cplusplus -} -#endif - -#define MYSQL_SERVICE_CRYPTOKEYS_INCLUDED -#endif - diff --git a/libservices/cryptokeys_service.c b/libservices/cryptokeys_service.c deleted file mode 100644 index 1af64aab450..00000000000 --- a/libservices/cryptokeys_service.c +++ /dev/null @@ -1,17 +0,0 @@ -/* Copyright (c) 2015 MariaDB - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -#include -SERVICE_VERSION cryptokeys_service= (void*)VERSION_cryptokeys; From 6a7ee5a5a540f2c69c8b56448e06098d368ecdb4 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 17:16:37 +0100 Subject: [PATCH 05/65] encryption cleanup: small changes * comments * move my_bytes_to_key() and my_aes_hex2uint() into file_key_management_plugin * rename HA_INSERT_ORDER -> HA_PRESERVE_INSERT_ORDER * remove unused variables and declarations * fix casts * don't link innodb with pcre * remove redundant entries from aria's TARGET_LINK_LIBRARIES --- include/my_aes.h | 36 +------ include/my_base.h | 2 +- include/my_dbug.h | 3 - include/my_md5.h | 2 +- mysys_ssl/my_aes.cc | 95 ------------------- .../CMakeLists.txt | 6 +- .../example_key_management_plugin.cc | 29 +++++- plugin/file_key_management_plugin/EncKeys.cc | 2 - plugin/file_key_management_plugin/EncKeys.h | 27 +++++- .../file_key_management_plugin.cc | 95 +++++++++++++++++++ sql/sql_plugin.cc | 2 +- sql/sql_select.cc | 5 +- storage/innobase/CMakeLists.txt | 2 +- storage/maria/CMakeLists.txt | 2 +- storage/maria/ma_create.c | 2 +- storage/maria/ma_crypt.c | 33 ++++--- storage/maria/ma_crypt.h | 21 +++- 17 files changed, 200 insertions(+), 164 deletions(-) diff --git a/include/my_aes.h b/include/my_aes.h index 057fa1e9860..3d9c9c1a8c9 100644 --- a/include/my_aes.h +++ b/include/my_aes.h @@ -1,4 +1,5 @@ /* Copyright (c) 2002, 2006 MySQL AB, 2009 Sun Microsystems, Inc. + Copyright (c) 2014, 2015 MariaDB Corporation Use is subject to license terms. This program is free software; you can redistribute it and/or modify @@ -21,7 +22,6 @@ #ifndef MY_AES_INCLUDED #define MY_AES_INCLUDED -/* We expect same result code from encryption functions as in my_aes.h */ typedef int Crypt_result; #define AES_OK 0 @@ -36,7 +36,7 @@ typedef int Crypt_result; #define CRYPT_BUFFER_TO_SMALL -11 #define CRYPT_KEY_UNKNOWN -48 -/* The max block sizes of all supported algorithms */ +/* The block size for all supported algorithms */ #define MY_AES_BLOCK_SIZE 16 /* The max key length of all supported algorithms */ @@ -127,38 +127,6 @@ my_bool my_aes_init_dynamic_encrypt(enum enum_my_aes_encryption_algorithm method extern MYSQL_PLUGIN_IMPORT enum enum_my_aes_encryption_algorithm current_aes_dynamic_method; - - -/** - Calculate key and iv from a given salt and secret as it is handled in openssl - encrypted files via console - - SYNOPSIS - my_bytes_to_key() - - @param salt [in] the given salt as extracted from the encrypted file - @param secret [in] the given secret as String, provided by the user - @param key [out] 32 Bytes of key are written to this pointer - @param iv [out] 16 Bytes of iv are written to this pointer - */ - -void my_bytes_to_key(const uchar *salt, - const char *secret, uchar *key, - uchar *iv); - -/** - Decode Hexencoded String to uint8[]. - - SYNOPSIS - my_aes_hex2uint() - @param iv [in] Pointer to hexadecimal encoded IV String - @param dest [out] Pointer to output uint8 array. Memory needs to be - allocated by caller - @param iv_length [in] Size of destination array. - */ - -void my_aes_hex2uint(const char *in, uchar *out, int dest_length); - /** Crypt buffer with AES encryption algorithm. diff --git a/include/my_base.h b/include/my_base.h index 3f34adcef6d..b0a15a11dc8 100644 --- a/include/my_base.h +++ b/include/my_base.h @@ -355,7 +355,7 @@ enum ha_base_keytype { #define HA_CREATE_RELIES_ON_SQL_LAYER 128 #define HA_CREATE_INTERNAL_TABLE 256 #define HA_CREATE_ENCRYPTED 512 -#define HA_INSERT_ORDER 1024 +#define HA_PRESERVE_INSERT_ORDER 1024 /* Flags used by start_bulk_insert */ diff --git a/include/my_dbug.h b/include/my_dbug.h index 8d8d4fabd6c..bcf2015466d 100644 --- a/include/my_dbug.h +++ b/include/my_dbug.h @@ -176,9 +176,6 @@ extern void _db_suicide_(); #define DBUG_SYNC_POINT(lock_name,lock_timeout) \ debug_sync_point(lock_name,lock_timeout) void debug_sync_point(const char* lock_name, uint lock_timeout); - -/* Extern function for debugging */ -extern void dump_buffer(FILE *stream, unsigned n, const unsigned char* buf); #else #define DBUG_SYNC_POINT(lock_name,lock_timeout) #endif /* EXTRA_DEBUG */ diff --git a/include/my_md5.h b/include/my_md5.h index 34d3e931811..141ea309cae 100644 --- a/include/my_md5.h +++ b/include/my_md5.h @@ -28,7 +28,7 @@ extern "C" { #endif -#define compute_md5_hash(A,B,C) my_md5((unsigned char *)A,B,C) +#define compute_md5_hash(A,B,C) my_md5(A,B,C) /* Convert an array of bytes to a hexadecimal representation. diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc index 6486f7447c3..cd28d7ed49f 100644 --- a/mysys_ssl/my_aes.cc +++ b/mysys_ssl/my_aes.cc @@ -100,101 +100,6 @@ static int my_aes_create_key(const char *key, int key_length, uint8 *rkey) return 0; } -/** - Decode Hexencoded String to uint8[]. - - SYNOPSIS - my_aes_hex2uint() - @param iv [in] Pointer to hexadecimal encoded IV String - @param dest [out] Pointer to output uint8 array. Memory allocated by caller - @param iv_length [in] Size of destination array. - */ - -void my_aes_hex2uint(const char* in, unsigned char *out, int dest_length) -{ - const char *pos= in; - int count; - for (count = 0; count < dest_length; count++) - { - uchar res; - sscanf(pos, "%2hhx", &res); - out[count] = res; - pos += 2 * sizeof(char); - } -} - - -/** - Calculate key and iv from a given salt and secret as it is handled - in openssl encrypted files via console - - SYNOPSIS - my_bytes_to_key() - @param salt [in] the given salt as extracted from the encrypted file - @param secret [in] the given secret as String, provided by the user - @param key [out] 32 Bytes of key are written to this pointer - @param iv [out] 16 Bytes of iv are written to this pointer -*/ - -void my_bytes_to_key(const unsigned char *salt, const char *secret, unsigned char *key, - unsigned char *iv) -{ -#ifdef HAVE_YASSL - /* the yassl function has no support for SHA1. Reason unknown. */ - int keyLen = 32; - int ivLen = 16; - int EVP_SALT_SZ = 8; - const int SHA_LEN = 20; - yaSSL::SHA myMD; - uint digestSz = myMD.get_digestSize(); - unsigned char digest[SHA_LEN]; // max size - int sz = strlen(secret); - int count = 1; - int keyLeft = keyLen; - int ivLeft = ivLen; - int keyOutput = 0; - - while (keyOutput < (keyLen + ivLen)) - { - int digestLeft = digestSz; - if (keyOutput) // first time D_0 is empty - myMD.update(digest, digestSz); - myMD.update((yaSSL::byte* )secret, sz); - if (salt) - myMD.update(salt, EVP_SALT_SZ); - myMD.get_digest(digest); - for (int j = 1; j < count; j++) - { - myMD.update(digest, digestSz); - myMD.get_digest(digest); - } - - if (keyLeft) - { - int store = MY_MIN(keyLeft, static_cast(digestSz)); - memcpy(&key[keyLen - keyLeft], digest, store); - - keyOutput += store; - keyLeft -= store; - digestLeft -= store; - } - - if (ivLeft && digestLeft) - { - int store = MY_MIN(ivLeft, digestLeft); - memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store); - - keyOutput += store; - ivLeft -= store; - } - } -#elif defined(HAVE_OPENSSL) - const EVP_CIPHER *type = EVP_aes_256_cbc(); - const EVP_MD *digest = EVP_sha1(); - EVP_BytesToKey(type, digest, salt, (uchar*) secret, strlen(secret), 1, key, iv); -#endif -} - /** Crypt buffer with AES CBC encryption algorithm. diff --git a/plugin/example_key_management_plugin/CMakeLists.txt b/plugin/example_key_management_plugin/CMakeLists.txt index 250f77856c0..95ff433dc43 100644 --- a/plugin/example_key_management_plugin/CMakeLists.txt +++ b/plugin/example_key_management_plugin/CMakeLists.txt @@ -1,4 +1,2 @@ -IF(HAVE_EncryptAes128Ctr) - MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT_PLUGIN example_key_management_plugin.cc - MODULE_ONLY) -ENDIF() +MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT_PLUGIN example_key_management_plugin.cc + MODULE_ONLY) diff --git a/plugin/example_key_management_plugin/example_key_management_plugin.cc b/plugin/example_key_management_plugin/example_key_management_plugin.cc index 580e9ea7091..62050eb48f2 100644 --- a/plugin/example_key_management_plugin/example_key_management_plugin.cc +++ b/plugin/example_key_management_plugin/example_key_management_plugin.cc @@ -1,4 +1,29 @@ -// Copyright (C) 2014 Google Inc. +/* + Copyright (c) 2014 Google Inc. + Copyright (c) 2014, 2015 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/** + Example key management plugin. It demonstrates how to return + keys on request, how to change them. That the engine can have + different pages in the same tablespace encrypted with different keys + and what the background re-encryption thread does. + + THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET! + DO NOT USE THIS PLUGIN IN PRODUCTION! EVER! +*/ #include #include @@ -36,7 +61,7 @@ get_latest_key_version() static int get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen) { - char *dst = (char*)dstbuf; // md5 function takes char* as argument... + unsigned char *dst = dstbuf; unsigned len = 0; for (; len + MD5_HASH_SIZE <= buflen; len += MD5_HASH_SIZE) { diff --git a/plugin/file_key_management_plugin/EncKeys.cc b/plugin/file_key_management_plugin/EncKeys.cc index 266a88d2c3f..77e28878832 100644 --- a/plugin/file_key_management_plugin/EncKeys.cc +++ b/plugin/file_key_management_plugin/EncKeys.cc @@ -259,7 +259,6 @@ int EncKeys::parseFile(const char* filename, const uint32 maxKeyId, { int errorCode= 0; char *buffer= decryptFile(filename, secret, &errorCode); - uint32 id= 0; if (errorCode != NO_ERROR_PARSE_OK) return errorCode; @@ -271,7 +270,6 @@ int EncKeys::parseFile(const char* filename, const uint32 maxKeyId, keyLineInKeyFile++; switch (parseLine(line, maxKeyId)) { case NO_ERROR_PARSE_OK: - id= oneKey->id; keys[oneKey->id - 1]= *oneKey; delete(oneKey); countKeys++; diff --git a/plugin/file_key_management_plugin/EncKeys.h b/plugin/file_key_management_plugin/EncKeys.h index c0ab98b8e9d..8d57237f375 100644 --- a/plugin/file_key_management_plugin/EncKeys.h +++ b/plugin/file_key_management_plugin/EncKeys.h @@ -27,9 +27,35 @@ Created 09/15/2014 #include #include +/** + Calculate key and iv from a given salt and secret as it is handled in openssl + encrypted files via console + SYNOPSIS + my_bytes_to_key() + @param salt [in] the given salt as extracted from the encrypted file + @param secret [in] the given secret as String, provided by the user + @param key [out] 32 Bytes of key are written to this pointer + @param iv [out] 16 Bytes of iv are written to this pointer + */ +void my_bytes_to_key(const uchar *salt, + const char *secret, uchar *key, + uchar *iv); + +/** + Decode Hexencoded String to uint8[]. + + SYNOPSIS + my_aes_hex2uint() + @param iv [in] Pointer to hexadecimal encoded IV String + @param dest [out] Pointer to output uint8 array. Memory needs to be + allocated by caller + @param iv_length [in] Size of destination array. + */ + +void my_aes_hex2uint(const char *in, uchar *out, int dest_length); struct keyentry { uint32 id; @@ -37,7 +63,6 @@ struct keyentry { char *key; }; - class EncKeys { private: diff --git a/plugin/file_key_management_plugin/file_key_management_plugin.cc b/plugin/file_key_management_plugin/file_key_management_plugin.cc index cb6485f8596..780aeb81f18 100644 --- a/plugin/file_key_management_plugin/file_key_management_plugin.cc +++ b/plugin/file_key_management_plugin/file_key_management_plugin.cc @@ -42,6 +42,101 @@ static struct st_mysql_sys_var* settings[] = { NULL }; +/** + Decode Hexencoded String to uint8[]. + + SYNOPSIS + my_aes_hex2uint() + @param iv [in] Pointer to hexadecimal encoded IV String + @param dest [out] Pointer to output uint8 array. Memory allocated by caller + @param iv_length [in] Size of destination array. + */ + +void my_aes_hex2uint(const char* in, unsigned char *out, int dest_length) +{ + const char *pos= in; + int count; + for (count = 0; count < dest_length; count++) + { + uchar res; + sscanf(pos, "%2hhx", &res); + out[count] = res; + pos += 2 * sizeof(char); + } +} + + +/** + Calculate key and iv from a given salt and secret as it is handled + in openssl encrypted files via console + + SYNOPSIS + my_bytes_to_key() + @param salt [in] the given salt as extracted from the encrypted file + @param secret [in] the given secret as String, provided by the user + @param key [out] 32 Bytes of key are written to this pointer + @param iv [out] 16 Bytes of iv are written to this pointer +*/ + +void my_bytes_to_key(const unsigned char *salt, const char *secret, unsigned char *key, + unsigned char *iv) +{ +#ifdef HAVE_YASSL + /* the yassl function has no support for SHA1. Reason unknown. */ + int keyLen = 32; + int ivLen = 16; + int EVP_SALT_SZ = 8; + const int SHA_LEN = 20; + yaSSL::SHA myMD; + uint digestSz = myMD.get_digestSize(); + unsigned char digest[SHA_LEN]; // max size + int sz = strlen(secret); + int count = 1; + int keyLeft = keyLen; + int ivLeft = ivLen; + int keyOutput = 0; + + while (keyOutput < (keyLen + ivLen)) + { + int digestLeft = digestSz; + if (keyOutput) // first time D_0 is empty + myMD.update(digest, digestSz); + myMD.update((yaSSL::byte* )secret, sz); + if (salt) + myMD.update(salt, EVP_SALT_SZ); + myMD.get_digest(digest); + for (int j = 1; j < count; j++) + { + myMD.update(digest, digestSz); + myMD.get_digest(digest); + } + + if (keyLeft) + { + int store = MY_MIN(keyLeft, static_cast(digestSz)); + memcpy(&key[keyLen - keyLeft], digest, store); + + keyOutput += store; + keyLeft -= store; + digestLeft -= store; + } + + if (ivLeft && digestLeft) + { + int store = MY_MIN(ivLeft, digestLeft); + memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store); + + keyOutput += store; + ivLeft -= store; + } + } +#elif defined(HAVE_OPENSSL) + const EVP_CIPHER *type = EVP_aes_256_cbc(); + const EVP_MD *digest = EVP_sha1(); + EVP_BytesToKey(type, digest, salt, (uchar*) secret, strlen(secret), 1, key, iv); +#endif +} + /** diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index fe020d36f93..30ab2531a1e 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -1616,7 +1616,7 @@ int plugin_init(int *argc, char **argv, int flags) goto err_unlock; /* - initialize the global default storage engine so that it may + set the global default storage engine variable so that it will not be null in any child thread. */ global_system_variables.table_plugin= diff --git a/sql/sql_select.cc b/sql/sql_select.cc index c087732bab1..7cf5f65c350 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -16874,7 +16874,6 @@ bool create_internal_tmp_table(TABLE *table, KEY *keyinfo, MARIA_UNIQUEDEF uniquedef; TABLE_SHARE *share= table->s; MARIA_CREATE_INFO create_info; - my_bool encrypt= encrypt_tmp_disk_tables; DBUG_ENTER("create_internal_tmp_table"); if (share->keys) @@ -16984,14 +16983,14 @@ bool create_internal_tmp_table(TABLE *table, KEY *keyinfo, DYNAMIC_RECORD : BLOCK_RECORD); uint create_flags= HA_CREATE_TMP_TABLE | HA_CREATE_INTERNAL_TABLE; - if (file_type != NO_RECORD && MY_TEST(encrypt)) + if (file_type != NO_RECORD && encrypt_tmp_disk_tables) { /* encryption is only supported for BLOCK_RECORD */ file_type= BLOCK_RECORD; create_flags|= HA_CREATE_ENCRYPTED; if (table->keep_row_order) { - create_flags|= HA_INSERT_ORDER; + create_flags|= HA_PRESERVE_INSERT_ORDER; } if (table->used_for_duplicate_elimination) diff --git a/storage/innobase/CMakeLists.txt b/storage/innobase/CMakeLists.txt index 87c6a1467e6..94a913cbe4c 100644 --- a/storage/innobase/CMakeLists.txt +++ b/storage/innobase/CMakeLists.txt @@ -474,5 +474,5 @@ ENDIF() MYSQL_ADD_PLUGIN(innobase ${INNOBASE_SOURCES} STORAGE_ENGINE MODULE_ONLY MODULE_OUTPUT_NAME ha_innodb - LINK_LIBRARIES ${ZLIB_LIBRARY} ${LINKER_SCRIPT} pcre pcreposix) + LINK_LIBRARIES ${ZLIB_LIBRARY} ${LINKER_SCRIPT}) diff --git a/storage/maria/CMakeLists.txt b/storage/maria/CMakeLists.txt index 09c816aee4e..b8e3350ca76 100644 --- a/storage/maria/CMakeLists.txt +++ b/storage/maria/CMakeLists.txt @@ -64,7 +64,7 @@ IF(NOT WITH_ARIA_STORAGE_ENGINE) ENDIF() TARGET_LINK_LIBRARIES(aria myisam - mysys mysys_ssl ${LIBCRYPT} ${LIBDL} ${SSL_LIBRARIES}) + mysys mysys_ssl) MYSQL_ADD_EXECUTABLE(aria_ftdump maria_ftdump.c COMPONENT Server) TARGET_LINK_LIBRARIES(aria_ftdump aria) diff --git a/storage/maria/ma_create.c b/storage/maria/ma_create.c index b7fcb6b7058..35491b1d31d 100644 --- a/storage/maria/ma_create.c +++ b/storage/maria/ma_create.c @@ -74,7 +74,7 @@ int maria_create(const char *name, enum data_file_type datafile_type, myf sync_dir= 0; uchar *log_data= NULL; my_bool encrypted= MY_TEST(flags & HA_CREATE_ENCRYPTED); - my_bool insert_order= MY_TEST(flags & HA_INSERT_ORDER); + my_bool insert_order= MY_TEST(flags & HA_PRESERVE_INSERT_ORDER); uint crypt_page_header_space= 0; DBUG_ENTER("maria_create"); DBUG_PRINT("enter", ("keys: %u columns: %u uniques: %u flags: %u", diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index 89defe8cec9..f21f2c4d964 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -1,4 +1,19 @@ -/* Copyright 2013 Google Inc. All Rights Reserved. */ +/* + Copyright (c) 2013 Google Inc. + Copyright (c) 2014, 2015 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include #include "ma_crypt.h" @@ -136,12 +151,10 @@ ma_crypt_read(MARIA_SHARE* share, uchar *buff) return buff + 2 + iv_length; } -static void ma_encrypt(MARIA_CRYPT_DATA *crypt_data, - const uchar *src, uchar *dst, uint size, - uint pageno, LSN lsn, uint *key_version); -static void ma_decrypt(MARIA_CRYPT_DATA *crypt_data, - const uchar *src, uchar *dst, uint size, - uint pageno, LSN lsn, uint key_version); +static void ma_encrypt(MARIA_CRYPT_DATA *, const uchar *, uchar *, uint, + uint, LSN, uint *); +static void ma_decrypt(MARIA_CRYPT_DATA *, const uchar *, uchar *, uint, + uint, LSN, uint); static my_bool ma_crypt_pre_read_hook(PAGECACHE_IO_HOOK_ARGS *args) { @@ -249,7 +262,7 @@ static my_bool ma_crypt_data_pre_write_hook(PAGECACHE_IO_HOOK_ARGS *args) /* 1 - copy head */ memcpy(dst, src, head); - /* 2 - decrypt page */ + /* 2 - encrypt page */ ma_encrypt(share->crypt_data, src + head, dst + head, size - (head + tail), pageno, lsn, &key_version); @@ -368,7 +381,7 @@ static my_bool ma_crypt_index_pre_write_hook(PAGECACHE_IO_HOOK_ARGS *args) /* 1 - copy head */ memcpy(dst, src, head); - /* 2 - decrypt page */ + /* 2 - encrypt page */ ma_encrypt(share->crypt_data, src + head, dst + head, size, pageno, lsn, &key_version); /* 3 - copy tail */ @@ -456,6 +469,4 @@ static void ma_decrypt(MARIA_CRYPT_DATA *crypt_data, fatal("failed to decrypt! rc: %d, dstlen: %d size: %d\n", rc, dstlen, (int)size); } - - (void)key_version; } diff --git a/storage/maria/ma_crypt.h b/storage/maria/ma_crypt.h index 76752e19449..309a8300eb8 100644 --- a/storage/maria/ma_crypt.h +++ b/storage/maria/ma_crypt.h @@ -1,7 +1,22 @@ -/* Copyright 2013 Google Inc. All Rights Reserved. */ +/* + Copyright (c) 2013 Google Inc. + Copyright (c) 2014, 2015 MariaDB Corporation -#ifndef _ma_crypt_h -#define _ma_crypt_h + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +#ifndef STORAGE_MARIA_MA_CRYPT_INCLUDED +#define STORAGE_MARIA_MA_CRYPT_INCLUDED #include From 27cc252bb73436957120a964734a794ab3fd64ef Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 24 Mar 2015 13:52:43 +0100 Subject: [PATCH 06/65] simplify my_crypt.cc, remove duplicate code --- mysys_ssl/my_crypt.cc | 324 +++++------------------------------------- 1 file changed, 38 insertions(+), 286 deletions(-) diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index d92f76d633b..f1356523f90 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -15,317 +15,69 @@ static const int CRYPT_ENCRYPT = 1; static const int CRYPT_DECRYPT = 0; -class Encrypter { - public: - virtual ~Encrypter() {} - - virtual Crypt_result Encrypt(const uchar* plaintext, - int plaintext_size, - uchar* ciphertext, - int* ciphertext_used) = 0; - virtual Crypt_result GetTag(uchar* tag, int tag_size) = 0; -}; - -class Decrypter { - public: - virtual ~Decrypter() {} - - virtual Crypt_result SetTag(const uchar* tag, int tag_size) = 0; - virtual Crypt_result Decrypt(const uchar* ciphertext, - int ciphertext_size, - uchar* plaintext, - int* plaintext_used) = 0; - virtual Crypt_result CheckTag() = 0; -}; - -class Crypto { - public: - virtual ~Crypto(); - - Crypt_result Crypt(const uchar* input, int input_size, - uchar* output, int* output_used); - - protected: - Crypto(); - - EVP_CIPHER_CTX ctx; -}; - - -/* Various crypto implementations */ - -class Aes128CtrCrypto : public Crypto { - public: - virtual Crypt_result Init(const uchar* key, const uchar* iv, - int iv_size); - - protected: - Aes128CtrCrypto() {} - - virtual int mode() = 0; -}; - -class Aes128CtrEncrypter : public Aes128CtrCrypto, public Encrypter { - public: - Aes128CtrEncrypter() {} - virtual Crypt_result Encrypt(const uchar* plaintext, - int plaintext_size, - uchar* ciphertext, - int* ciphertext_used); - - virtual Crypt_result GetTag(uchar* tag, int tag_size) { - DBUG_ASSERT(false); - return AES_INVALID; - } - - protected: - virtual int mode() { - return CRYPT_ENCRYPT; - } - - private: - Aes128CtrEncrypter(const Aes128CtrEncrypter& o); - Aes128CtrEncrypter& operator=(const Aes128CtrEncrypter& o); -}; - -class Aes128CtrDecrypter : public Aes128CtrCrypto, public Decrypter { - public: - Aes128CtrDecrypter() {} - virtual Crypt_result Decrypt(const uchar* ciphertext, - int ciphertext_size, - uchar* plaintext, - int* plaintext_used); - - virtual Crypt_result SetTag(const uchar* tag, int tag_size) { - DBUG_ASSERT(false); - return AES_INVALID; - } - - virtual Crypt_result CheckTag() { - DBUG_ASSERT(false); - return AES_INVALID; - } - - protected: - virtual int mode() { - return CRYPT_DECRYPT; - } - - private: - Aes128CtrDecrypter(const Aes128CtrDecrypter& o); - Aes128CtrDecrypter& operator=(const Aes128CtrDecrypter& o); -}; - -class Aes128EcbCrypto : public Crypto { - public: - virtual Crypt_result Init(const unsigned char* key); - - protected: - Aes128EcbCrypto() {} - - virtual int mode() = 0; -}; - -class Aes128EcbEncrypter : public Aes128EcbCrypto, public Encrypter { - public: - Aes128EcbEncrypter() {} - virtual Crypt_result Encrypt(const unsigned char* plaintext, - int plaintext_size, - unsigned char* ciphertext, - int* ciphertext_used); - - virtual Crypt_result GetTag(unsigned char* tag, int tag_size) { - DBUG_ASSERT(false); - return AES_INVALID; - } - - protected: - virtual int mode() { - return CRYPT_ENCRYPT; - } - - private: - Aes128EcbEncrypter(const Aes128EcbEncrypter& o); - Aes128EcbEncrypter& operator=(const Aes128EcbEncrypter& o); -}; - -class Aes128EcbDecrypter : public Aes128EcbCrypto, public Decrypter { - public: - Aes128EcbDecrypter() {} - virtual Crypt_result Decrypt(const unsigned char* ciphertext, - int ciphertext_size, - unsigned char* plaintext, - int* plaintext_used); - - virtual Crypt_result SetTag(const unsigned char* tag, int tag_size) { - DBUG_ASSERT(false); - return AES_INVALID; - } - - virtual Crypt_result CheckTag() { - DBUG_ASSERT(false); - return AES_INVALID; - } - - protected: - virtual int mode() { - return CRYPT_DECRYPT; - } - - private: - Aes128EcbDecrypter(const Aes128EcbDecrypter& o); - Aes128EcbDecrypter& operator=(const Aes128EcbDecrypter& o); -}; - - -Crypto::~Crypto() { - EVP_CIPHER_CTX_cleanup(&ctx); -} - -Crypto::Crypto() { - EVP_CIPHER_CTX_init(&ctx); -} - -/* - WARNING: It is allowed to have output == NULL, for special cases like AAD - support in AES GCM. output_used however must never be NULL. -*/ - -Crypt_result Crypto::Crypt(const uchar* input, int input_size, - uchar* output, int* output_used) { - DBUG_ASSERT(input != NULL); - DBUG_ASSERT(output_used != NULL); - if (!EVP_CipherUpdate(&ctx, output, output_used, input, input_size)) { - return AES_OPENSSL_ERROR; - } - - return AES_OK; -} - -Crypt_result Aes128CtrCrypto::Init(const uchar* key, - const uchar* iv, - int iv_size) { - if (iv_size != 16) { - DBUG_ASSERT(false); - return AES_BAD_IV; - } - - if (!EVP_CipherInit_ex(&ctx, EVP_aes_128_ctr(), NULL, key, iv, mode())) { - return AES_OPENSSL_ERROR; - } - - return AES_OK; -} - -Crypt_result Aes128CtrEncrypter::Encrypt(const uchar* plaintext, - int plaintext_size, - uchar* ciphertext, - int* ciphertext_used) { - Crypt_result res = Crypt(plaintext, plaintext_size, ciphertext, - ciphertext_used); - DBUG_ASSERT(*ciphertext_used == plaintext_size); - return res; -} - -Crypt_result Aes128CtrDecrypter::Decrypt(const uchar* ciphertext, - int ciphertext_size, - uchar* plaintext, - int* plaintext_used) { - Crypt_result res = Crypt(ciphertext, ciphertext_size, plaintext, - plaintext_used); - DBUG_ASSERT(*plaintext_used == ciphertext_size); - return res; -} - - -Crypt_result Aes128EcbCrypto::Init(const unsigned char* key) { - if (!EVP_CipherInit_ex(&ctx, EVP_aes_128_ecb(), NULL, key, NULL, mode())) { - return AES_OPENSSL_ERROR; - } - - return AES_OK; -} - -Crypt_result Aes128EcbEncrypter::Encrypt(const unsigned char* plaintext, - int plaintext_size, - unsigned char* ciphertext, - int* ciphertext_used) { - Crypt_result res = Crypt(plaintext, plaintext_size, - ciphertext, ciphertext_used); - DBUG_ASSERT(*ciphertext_used == plaintext_size); - return res; -} - -Crypt_result Aes128EcbDecrypter::Decrypt(const unsigned char* ciphertext, - int ciphertext_size, - unsigned char* plaintext, - int* plaintext_used) { - Crypt_result res = Crypt(ciphertext, ciphertext_size, - plaintext, plaintext_used); - DBUG_ASSERT(*plaintext_used == ciphertext_size); - return res; -} - C_MODE_START - - /* Encrypt and decrypt according to Aes128Ctr */ - -Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) +static int do_crypt(const EVP_CIPHER *cipher, int mode, + const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const unsigned char* key, uint8 key_length, + const unsigned char* iv, uint8 iv_length, + uint noPadding) { - Aes128CtrEncrypter encrypter; - Crypt_result res = encrypter.Init(key, iv, iv_length); - if (res != AES_OK) - return res; - return encrypter.Encrypt(source, source_length, dest, (int*)dest_length); + int res= AES_OPENSSL_ERROR; + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, mode)) + goto err; + if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length)) + goto err; + res= AES_OK; +err: + EVP_CIPHER_CTX_cleanup(&ctx); + return res; } -Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length, +int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const unsigned char* key, uint8 key_length, const unsigned char* iv, uint8 iv_length, uint noPadding) { - Aes128CtrDecrypter decrypter; - - Crypt_result res = decrypter.Init(key, iv, iv_length); - if (res != AES_OK) - return res; - return decrypter.Decrypt(source, source_length, dest, (int*)dest_length); + return do_crypt(EVP_aes_128_ctr(), CRYPT_ENCRYPT, source, source_length, + dest, dest_length, key, key_length, iv, iv_length, noPadding); } -Crypt_result my_aes_encrypt_ecb(const uchar* source, uint32 source_length, +int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const unsigned char* key, uint8 key_length, const unsigned char* iv, uint8 iv_length, uint noPadding) { - Aes128EcbEncrypter encrypter; - Crypt_result res = encrypter.Init(key); - if (res != AES_OK) - return res; - return encrypter.Encrypt(source, source_length, dest, (int*)dest_length); + return do_crypt(EVP_aes_128_ctr(), CRYPT_DECRYPT, source, source_length, + dest, dest_length, key, key_length, iv, iv_length, noPadding); } -Crypt_result my_aes_decrypt_ecb(const uchar* source, uint32 source_length, + +int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const unsigned char* key, uint8 key_length, const unsigned char* iv, uint8 iv_length, uint noPadding) { - Aes128EcbDecrypter decrypter; + return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length, + dest, dest_length, key, key_length, iv, iv_length, noPadding); +} - Crypt_result res = decrypter.Init(key); - - if (res != AES_OK) - return res; - return decrypter.Decrypt(source, source_length, dest, (int*)dest_length); +int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const unsigned char* key, uint8 key_length, + const unsigned char* iv, uint8 iv_length, + uint noPadding) +{ + return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length, + dest, dest_length, key, key_length, iv, iv_length, noPadding); } C_MODE_END @@ -338,7 +90,7 @@ C_MODE_END C_MODE_START -Crypt_result my_random_bytes(uchar* buf, int num) +int my_random_bytes(uchar* buf, int num) { TaoCrypt::RandomNumberGenerator rand; rand.GenerateBlock((TaoCrypt::byte*) buf, num); @@ -353,7 +105,7 @@ C_MODE_END C_MODE_START -Crypt_result my_random_bytes(uchar* buf, int num) +int my_random_bytes(uchar* buf, int num) { /* Unfortunately RAND_bytes manual page does not provide any guarantees From 2f8d101f9eb5193a8a1d5ab5cc8e52d7b52007a4 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 24 Mar 2015 20:43:20 +0100 Subject: [PATCH 07/65] unify my_{en|de}crypt_{cbc|ecb|ctr}. no yassl support yet. --- include/my_crypt.h | 55 +++- mysys_ssl/my_aes.cc | 530 ------------------------------ mysys_ssl/my_crypt.cc | 125 +++++-- storage/innobase/fil/fil0crypt.cc | 1 + storage/xtradb/fil/fil0crypt.cc | 1 + 5 files changed, 141 insertions(+), 571 deletions(-) diff --git a/include/my_crypt.h b/include/my_crypt.h index ea095e11fa9..db25b1f37af 100644 --- a/include/my_crypt.h +++ b/include/my_crypt.h @@ -1,3 +1,20 @@ +/* + Copyright (c) 2014 Google Inc. + Copyright (c) 2014, 2015 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + // TODO: Add Windows support #ifndef MYSYS_MY_CRYPT_H_ @@ -12,25 +29,39 @@ Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const unsigned char* key, uint8 key_length, const unsigned char* iv, uint8 iv_length, - uint noPadding); + uint no_padding); Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const unsigned char* key, uint8 key_length, const unsigned char* iv, uint8 iv_length, - uint noPadding); + uint no_padding); + +Crypt_result my_aes_encrypt_cbc(const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const unsigned char* key, uint8 key_length, + const unsigned char* iv, uint8 iv_length, + uint no_padding); + +Crypt_result my_aes_decrypt_cbc(const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const unsigned char* key, uint8 key_length, + const unsigned char* iv, uint8 iv_length, + uint no_padding); + +Crypt_result my_aes_encrypt_ecb(const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const unsigned char* key, uint8 key_length, + const unsigned char* iv, uint8 iv_length, + uint no_padding); + +Crypt_result my_aes_decrypt_ecb(const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const unsigned char* key, uint8 key_length, + const unsigned char* iv, uint8 iv_length, + uint no_padding); C_MODE_END -Crypt_result EncryptAes128Ctr(const uchar* key, - const uchar* iv, int iv_size, - const uchar* plaintext, int plaintext_size, - uchar* ciphertext, int* ciphertext_used); - -Crypt_result DecryptAes128Ctr(const uchar* key, - const uchar* iv, int iv_size, - const uchar* ciphertext, int ciphertext_size, - uchar* plaintext, int* plaintext_used); - #endif /* !defined(HAVE_YASSL) && defined(HAVE_OPENSSL) */ C_MODE_START diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc index cd28d7ed49f..0a81cef9ab1 100644 --- a/mysys_ssl/my_aes.cc +++ b/mysys_ssl/my_aes.cc @@ -100,536 +100,6 @@ static int my_aes_create_key(const char *key, int key_length, uint8 *rkey) return 0; } -/** - Crypt buffer with AES CBC encryption algorithm. - - SYNOPSIS - my_aes_encrypt_cbc() - @param source [in] Pointer to data for encryption - @param source_length [in] Size of encryption data - @param dest [out] Buffer to place encrypted data (must be large enough) - @param dest_length [out] Pointer to size of encrypted data - @param key [in] Key to be used for encryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] if set to true, no padding is used. if the input length is not a - multiple of the AES block size, trailing bytes are only copied to destination buffer. - This allows currently the same interface for CBC, ECB and CTR encryption. - @return - != 0 error - 0 no error -*/ - -static int my_aes_encrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) -{ - uint8 remaining_bytes = (noPadding == 0) ? 0 : source_length % MY_AES_BLOCK_SIZE; - source_length = source_length - remaining_bytes; - -#ifdef HAVE_YASSL - TaoCrypt::AES_CBC_Encryption enc; - /* 128 bit block used for padding */ - uint8 block[MY_AES_BLOCK_SIZE]; - int num_blocks; /* number of complete blocks */ - int i; - switch(key_length) { - case 16: - break; - case 24: - break; - case 32: - break; - default: - return AES_BAD_KEYSIZE; - } - - enc.SetKey((const TaoCrypt::byte *) key, key_length, (const TaoCrypt::byte *) iv); - - num_blocks = source_length / MY_AES_BLOCK_SIZE; - - for (i = num_blocks; i > 0; i--) /* Encode complete blocks */ - { - enc.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - source += MY_AES_BLOCK_SIZE; - dest += MY_AES_BLOCK_SIZE; - } - - if (noPadding) { - if (remaining_bytes!=0) { - /* Note that we moved the original pointers above */ - memcpy(dest, source, remaining_bytes); - } - *dest_length = MY_AES_BLOCK_SIZE * (num_blocks) + remaining_bytes; - return AES_OK; - } - - /* Encode the rest. We always have incomplete block */ - char pad_len = MY_AES_BLOCK_SIZE - (source_length - - MY_AES_BLOCK_SIZE * num_blocks); - memcpy(block, source, 16 - pad_len); - memset(block + MY_AES_BLOCK_SIZE - pad_len, pad_len, pad_len); - - enc.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) block, - MY_AES_BLOCK_SIZE); - - *dest_length = MY_AES_BLOCK_SIZE * (num_blocks + 1); - return AES_OK; -#elif defined(HAVE_OPENSSL) - MyCipherCtx ctx; - int u_len, f_len; - /* The real key to be used for encryption */ - const EVP_CIPHER* cipher; - switch(key_length) { - case 16: - cipher = EVP_aes_128_cbc(); - break; - case 24: - cipher = EVP_aes_192_cbc(); - break; - case 32: - cipher = EVP_aes_256_cbc(); - break; - default: - return AES_BAD_KEYSIZE; - } - //Initialize Encryption Engine here, default software Engine is default - ENGINE *engine = NULL; - - if (! EVP_EncryptInit_ex(&ctx.ctx, cipher, engine, key, iv)) - return AES_BAD_DATA; /* Error */ - if (noPadding) { - EVP_CIPHER_CTX_set_padding(&ctx.ctx, 0); - } - EVP_CIPHER_CTX_key_length(&ctx.ctx); - OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx.ctx) == key_length); - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx.ctx) == iv_length); - OPENSSL_assert(EVP_CIPHER_CTX_block_size(&ctx.ctx) == 16); - if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, - (unsigned const char *) source, source_length)) - return AES_BAD_DATA; /* Error */ - if (! EVP_EncryptFinal_ex(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) - return AES_BAD_DATA; /* Error */ - - if (remaining_bytes!=0) { - memcpy(dest + source_length, source + source_length, remaining_bytes); - } - *dest_length = (unsigned long int) (u_len + f_len + remaining_bytes); - - return AES_OK; -#else - /* currently Open SSL is required */ - return AES_BAD_DATA; -#endif -} - - -/** - Crypt buffer with AES ECB encryption algorithm. - - SYNOPSIS - my_aes_encrypt_ecb() - @param source [in] Pointer to data for encryption - @param source_length [in] Size of encryption data - @param dest [out] Buffer to place encrypted data (must be large enough) - @param dest_length [out] Pointer to size of encrypted data - @param key [in] Key to be used for encryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] if set to true, no padding is used. if the input length is not a - multiple of the AES block size, trailing bytes are only copied to destination buffer. - This allows currently the same interface for CBC, ECB and CTR encryption. - @return - != 0 error - 0 no error -*/ - -static int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) -{ - uint8 remaining_bytes = (noPadding == 0) ? 0 : source_length % MY_AES_BLOCK_SIZE; - source_length = source_length - remaining_bytes; - -#ifdef HAVE_YASSL - TaoCrypt::AES_ECB_Encryption enc; - /* 128 bit block used for padding */ - uint8 block[MY_AES_BLOCK_SIZE]; - int num_blocks; /* number of complete blocks */ - int i; - switch(key_length) { - case 16: - break; - case 24: - break; - case 32: - break; - default: - return AES_BAD_KEYSIZE; - } - - enc.SetKey((const TaoCrypt::byte *) key, key_length, (const TaoCrypt::byte *) iv); - - num_blocks = source_length / MY_AES_BLOCK_SIZE; - - for (i = num_blocks; i > 0; i--) /* Encode complete blocks */ - { - enc.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - source += MY_AES_BLOCK_SIZE; - dest += MY_AES_BLOCK_SIZE; - } - - if (noPadding) { - if (remaining_bytes!=0) { - /* Note that we moved the original pointers above */ - memcpy(dest, source, remaining_bytes); - } - *dest_length = MY_AES_BLOCK_SIZE * (num_blocks) + remaining_bytes; - return AES_OK; - } - - /* Encode the rest. We always have incomplete block */ - char pad_len = MY_AES_BLOCK_SIZE - (source_length - - MY_AES_BLOCK_SIZE * num_blocks); - memcpy(block, source, 16 - pad_len); - memset(block + MY_AES_BLOCK_SIZE - pad_len, pad_len, pad_len); - - enc.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) block, - MY_AES_BLOCK_SIZE); - - *dest_length = MY_AES_BLOCK_SIZE * (num_blocks + 1); - return AES_OK; -#elif defined(HAVE_OPENSSL) - MyCipherCtx ctx; - int u_len, f_len; - /* The real key to be used for encryption */ - const EVP_CIPHER* cipher; - switch(key_length) { - case 16: - cipher = EVP_aes_128_ecb(); - break; - case 24: - cipher = EVP_aes_192_ecb(); - break; - case 32: - cipher = EVP_aes_256_ecb(); - break; - default: - return AES_BAD_KEYSIZE; - } - //Initialize Encryption Engine here, default software Engine is default - ENGINE *engine = NULL; - - if (! EVP_EncryptInit_ex(&ctx.ctx, cipher, engine, key, iv)) - return AES_BAD_DATA; /* Error */ - if (noPadding) { - EVP_CIPHER_CTX_set_padding(&ctx.ctx, 0); - } - EVP_CIPHER_CTX_key_length(&ctx.ctx); - OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx.ctx) == key_length); - // ECB does not use IV - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx.ctx) == 0); - OPENSSL_assert(EVP_CIPHER_CTX_block_size(&ctx.ctx) == 16); - if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, - (unsigned const char *) source, source_length)) - return AES_BAD_DATA; /* Error */ - if (! EVP_EncryptFinal_ex(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) - return AES_BAD_DATA; /* Error */ - - if (remaining_bytes!=0) - memcpy(dest + source_length, source + source_length, remaining_bytes); - - *dest_length = (unsigned long int) (u_len + f_len + remaining_bytes); - - return AES_OK; -#else - /* currently Open SSL is required */ - return AES_BAD_DATA; -#endif -} - - - -/** - AES decryption - CBC mode - - SYNOPSIS - my_aes_decrypt_cbc() - @param source [in] Pointer to data to decrypt - @param source_length [in] Size of data - @param dest [out] Buffer to place decrypted data (must be large enough) - @param dest_length [out] Pointer to size of decrypted data - @param key [in] Key to be used for decryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] if set to true, no padding is used. if the input length is not a - multiple of the AES block size, trailing bytes are only copied to destination buffer. - This allows currently the same interface for CBC, ECB and CTR encryption. - - @return - != 0 error - 0 no error -*/ - -static int my_aes_decrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32 *dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) -{ - uint8 remaining_bytes = (noPadding == 0) ? 0 : source_length % MY_AES_BLOCK_SIZE; - source_length = source_length - remaining_bytes; - - -#ifdef HAVE_YASSL - TaoCrypt::AES_CBC_Decryption dec; - /* 128 bit block used for padding */ - uint8 block[MY_AES_BLOCK_SIZE]; - uint num_blocks; /* Number of complete blocks */ - int i; - switch(key_length) { - case 16: - break; - case 24: - break; - case 32: - break; - default: - return AES_BAD_KEYSIZE; - } - - dec.SetKey((const TaoCrypt::byte *) key, key_length, iv); - - num_blocks = source_length / MY_AES_BLOCK_SIZE; - - if ((source_length != num_blocks * MY_AES_BLOCK_SIZE) || num_blocks == 0 ) - /* Input size has to be even and at least one block */ - return AES_BAD_DATA; - - /* Decode all but last blocks */ - for (i = num_blocks - 1; i > 0; i--) - { - dec.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - source += MY_AES_BLOCK_SIZE; - dest += MY_AES_BLOCK_SIZE; - } - - dec.Process((TaoCrypt::byte *) block, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - - if (noPadding) { - memcpy(dest, block, MY_AES_BLOCK_SIZE); - if (remaining_bytes!=0) { - /* Note that we have moved dest and source */ - memcpy(dest + MY_AES_BLOCK_SIZE, source + MY_AES_BLOCK_SIZE, remaining_bytes); - } - *dest_length = MY_AES_BLOCK_SIZE * num_blocks + remaining_bytes; - return AES_OK; - } - - /* Use last char in the block as size */ - uint pad_len = (uint) (uchar) block[MY_AES_BLOCK_SIZE - 1]; - - if (pad_len > MY_AES_BLOCK_SIZE) - return AES_BAD_DATA; - /* We could also check whole padding but we do not really need this */ - - memcpy(dest, block, MY_AES_BLOCK_SIZE - pad_len); - *dest_length = MY_AES_BLOCK_SIZE * num_blocks - pad_len; - return AES_OK; -#elif defined(HAVE_OPENSSL) - MyCipherCtx ctx; - int u_len, f_len; - - const EVP_CIPHER* cipher; - switch(key_length) { - case 16: - cipher = EVP_aes_128_cbc(); - break; - case 24: - cipher = EVP_aes_192_cbc(); - break; - case 32: - cipher = EVP_aes_256_cbc(); - break; - default: - return AES_BAD_KEYSIZE; - } - //Initialize Encryption Engine here, default software Engine is default - ENGINE *engine = NULL; - - if (! EVP_DecryptInit_ex(&ctx.ctx, cipher, engine, key, iv)) - return AES_BAD_DATA; /* Error */ - if (noPadding) { - EVP_CIPHER_CTX_set_padding(&ctx.ctx, 0); - } - OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx.ctx) == key_length); - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx.ctx) == iv_length); - OPENSSL_assert(EVP_CIPHER_CTX_block_size(&ctx.ctx) == 16); - if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, - (unsigned char *)source, source_length)) - return AES_BAD_DATA; /* Error */ - if (! EVP_DecryptFinal_ex(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) { - *dest_length = (unsigned long int) u_len; - return AES_BAD_DATA; - } - if (remaining_bytes!=0) { - memcpy(dest + source_length, source + source_length, remaining_bytes); - } - *dest_length = (unsigned long int) (u_len + f_len) + remaining_bytes; -#endif - return AES_OK; -} - -/** - AES decryption - ECB mode - - SYNOPSIS - my_aes_decrypt_ecb() - @param source [in] Pointer to data to decrypt - @param source_length [in] Size of data - @param dest [out] Buffer to place decrypted data (must be large enough) - @param dest_length [out] Pointer to size of decrypted data - @param key [in] Key to be used for decryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] if set to true, no padding is used. if the input length is not a - multiple of the AES block size, trailing bytes are only copied to destination buffer. - This allows currently the same interface for CBC, ECB and CTR encryption. - - @return - != 0 error - 0 no error -*/ - -static int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32 *dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) -{ - uint8 remaining_bytes = (noPadding == 0) ? 0 : source_length % MY_AES_BLOCK_SIZE; - source_length = source_length - remaining_bytes; - - -#ifdef HAVE_YASSL - TaoCrypt::AES_ECB_Decryption dec; - /* 128 bit block used for padding */ - uint8 block[MY_AES_BLOCK_SIZE]; - uint num_blocks; /* Number of complete blocks */ - int i; - switch(key_length) { - case 16: - break; - case 24: - break; - case 32: - break; - default: - return AES_BAD_KEYSIZE; - } - - dec.SetKey((const TaoCrypt::byte *) key, key_length, iv); - - num_blocks = source_length / MY_AES_BLOCK_SIZE; - - if ((source_length != num_blocks * MY_AES_BLOCK_SIZE) || num_blocks == 0 ) - /* Input size has to be even and at least one block */ - return AES_BAD_DATA; - - /* Decode all but last blocks */ - for (i = num_blocks - 1; i > 0; i--) - { - dec.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - source += MY_AES_BLOCK_SIZE; - dest += MY_AES_BLOCK_SIZE; - } - - dec.Process((TaoCrypt::byte *) block, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - - if (noPadding) { - memcpy(dest, block, MY_AES_BLOCK_SIZE); - if (remaining_bytes!=0) { - /* Note that we have moved dest and source */ - memcpy(dest + MY_AES_BLOCK_SIZE, source + MY_AES_BLOCK_SIZE, remaining_bytes); - } - *dest_length = MY_AES_BLOCK_SIZE * num_blocks + remaining_bytes; - return AES_OK; - } - - /* Use last char in the block as size */ - uint pad_len = (uint) (uchar) block[MY_AES_BLOCK_SIZE - 1]; - - if (pad_len > MY_AES_BLOCK_SIZE) - return AES_BAD_DATA; - /* We could also check whole padding but we do not really need this */ - - memcpy(dest, block, MY_AES_BLOCK_SIZE - pad_len); - *dest_length = MY_AES_BLOCK_SIZE * num_blocks - pad_len; - return AES_OK; -#elif defined(HAVE_OPENSSL) - MyCipherCtx ctx; - int u_len, f_len; - - const EVP_CIPHER* cipher; - switch(key_length) { - case 16: - cipher = EVP_aes_128_ecb(); - break; - case 24: - cipher = EVP_aes_192_ecb(); - break; - case 32: - cipher = EVP_aes_256_ecb(); - break; - default: - return AES_BAD_KEYSIZE; - } - //Initialize Encryption Engine here, default software Engine is default - ENGINE *engine = NULL; - - if (! EVP_DecryptInit_ex(&ctx.ctx, cipher, engine, key, iv)) - return AES_BAD_DATA; /* Error */ - if (noPadding) { - EVP_CIPHER_CTX_set_padding(&ctx.ctx, 0); - } - OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx.ctx) == key_length); - // ECB does not use IV - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx.ctx) == 0); - OPENSSL_assert(EVP_CIPHER_CTX_block_size(&ctx.ctx) == 16); - if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, - (unsigned char *)source, source_length)) - return AES_BAD_DATA; /* Error */ - if (! EVP_DecryptFinal_ex(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) { - *dest_length = (unsigned long int) u_len; - return AES_BAD_DATA; - } - if (remaining_bytes!=0) { - memcpy(dest + source_length, source + source_length, remaining_bytes); - } - *dest_length = (unsigned long int) (u_len + f_len) + remaining_bytes; - -#endif - return AES_OK; -} - - - - - /** Encryption interface that doesn't do anything (for testing) diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index f1356523f90..2b9bfedb08c 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -1,3 +1,20 @@ +/* + Copyright (c) 2014 Google Inc. + Copyright (c) 2014, 2015 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + /* TODO: add support for YASSL */ @@ -5,10 +22,8 @@ #include #include -/* YASSL doesn't support EVP_CIPHER_CTX */ #ifdef HAVE_EncryptAes128Ctr -#include "mysql.h" #include #include @@ -17,67 +32,119 @@ static const int CRYPT_DECRYPT = 0; C_MODE_START -static int do_crypt(const EVP_CIPHER *cipher, int mode, +static int do_crypt(const EVP_CIPHER *cipher, int encrypt, const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) + const uchar* key, uint8 key_length, + const uchar* iv, uint8 iv_length, int no_padding) { - int res= AES_OPENSSL_ERROR; + int res= AES_OPENSSL_ERROR, fin; + int tail= no_padding ? source_length % MY_AES_BLOCK_SIZE : 0; + EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, mode)) + if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, encrypt)) goto err; - if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length)) + + EVP_CIPHER_CTX_set_padding(&ctx, !no_padding); + + DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length); + DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length || !EVP_CIPHER_CTX_iv_length(&ctx)); + DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding); + + if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length - tail)) goto err; + if (!EVP_CipherFinal_ex(&ctx, dest + *dest_length, &fin)) + goto err; + *dest_length += fin; + + if (tail) + { + /* + Not much we can do here, block cyphers cannot encrypt data that aren't + a multiple of the block length. At least not without padding. + What we do here, we XOR the tail with the previous encrypted block. + */ + + DBUG_ASSERT(source_length - tail == *dest_length); + DBUG_ASSERT(source_length - tail > MY_AES_BLOCK_SIZE); + const uchar *s= source + source_length - tail; + const uchar *e= source + source_length; + uchar *d= dest + source_length - tail; + const uchar *m= (encrypt ? d : s) - MY_AES_BLOCK_SIZE; + while (s < e) + *d++ = *s++ ^ *m++; + *dest_length= source_length; + } + res= AES_OK; err: EVP_CIPHER_CTX_cleanup(&ctx); return res; } +/* CTR is a stream cypher mode, it needs no special padding code */ int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) + uchar* dest, uint32* dest_length, + const uchar* key, uint8 key_length, + const uchar* iv, uint8 iv_length, + uint no_padding) { return do_crypt(EVP_aes_128_ctr(), CRYPT_ENCRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, noPadding); + dest, dest_length, key, key_length, iv, iv_length, 0); } int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) + uchar* dest, uint32* dest_length, + const uchar* key, uint8 key_length, + const uchar* iv, uint8 iv_length, + uint no_padding) { return do_crypt(EVP_aes_128_ctr(), CRYPT_DECRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, noPadding); + dest, dest_length, key, key_length, iv, iv_length, 0); } int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) + uchar* dest, uint32* dest_length, + const uchar* key, uint8 key_length, + const uchar* iv, uint8 iv_length, + uint no_padding) { return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, noPadding); + dest, dest_length, key, key_length, iv, iv_length, no_padding); } int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) + uchar* dest, uint32* dest_length, + const uchar* key, uint8 key_length, + const uchar* iv, uint8 iv_length, + uint no_padding) { return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, noPadding); + dest, dest_length, key, key_length, iv, iv_length, no_padding); +} + +int my_aes_encrypt_cbc(const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const uchar* key, uint8 key_length, + const uchar* iv, uint8 iv_length, + uint no_padding) +{ + return do_crypt(EVP_aes_128_cbc(), CRYPT_ENCRYPT, source, source_length, + dest, dest_length, key, key_length, iv, iv_length, no_padding); +} + +int my_aes_decrypt_cbc(const uchar* source, uint32 source_length, + uchar* dest, uint32* dest_length, + const uchar* key, uint8 key_length, + const uchar* iv, uint8 iv_length, + uint no_padding) +{ + return do_crypt(EVP_aes_128_cbc(), CRYPT_DECRYPT, source, source_length, + dest, dest_length, key, key_length, iv, iv_length, no_padding); } C_MODE_END diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 9f8315a8016..f4602fa7fdc 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -212,6 +212,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, mutex_enter(&crypt_data->mutex); if (!page_encrypted) { + *key_length = get_encryption_key_size(version); // Check if we already have key for (uint i = 0; i < crypt_data->key_count; i++) { if (crypt_data->keys[i].key_version == version) { diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 9f8315a8016..f4602fa7fdc 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -212,6 +212,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, mutex_enter(&crypt_data->mutex); if (!page_encrypted) { + *key_length = get_encryption_key_size(version); // Check if we already have key for (uint i = 0; i < crypt_data->key_count; i++) { if (crypt_data->keys[i].key_version == version) { From 3bbe2057da977b3197e19ceede87b4e79b542b59 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 25 Mar 2015 09:47:26 +0100 Subject: [PATCH 08/65] yassl support --- include/my_crypt.h | 18 ++++----- mysys_ssl/my_crypt.cc | 93 +++++++++++++++++++++++++++++-------------- 2 files changed, 72 insertions(+), 39 deletions(-) diff --git a/include/my_crypt.h b/include/my_crypt.h index db25b1f37af..83665659178 100644 --- a/include/my_crypt.h +++ b/include/my_crypt.h @@ -17,14 +17,15 @@ // TODO: Add Windows support -#ifndef MYSYS_MY_CRYPT_H_ -#define MYSYS_MY_CRYPT_H_ +#ifndef MY_CRYPT_INCLUDED +#define MY_CRYPT_INCLUDED #include -#if !defined(HAVE_YASSL) && defined(HAVE_OPENSSL) - C_MODE_START + +#ifdef HAVE_EncryptAes128Ctr + Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const unsigned char* key, uint8 key_length, @@ -37,6 +38,8 @@ Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length, const unsigned char* iv, uint8 iv_length, uint no_padding); +#endif + Crypt_result my_aes_encrypt_cbc(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const unsigned char* key, uint8 key_length, @@ -60,12 +63,9 @@ Crypt_result my_aes_decrypt_ecb(const uchar* source, uint32 source_length, const unsigned char* key, uint8 key_length, const unsigned char* iv, uint8 iv_length, uint no_padding); -C_MODE_END -#endif /* !defined(HAVE_YASSL) && defined(HAVE_OPENSSL) */ - -C_MODE_START Crypt_result my_random_bytes(uchar* buf, int num); + C_MODE_END -#endif /* MYSYS_MY_CRYPT_H_ */ +#endif /* MY_CRYPT_INCLUDED */ diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 2b9bfedb08c..c5db08e331d 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -15,49 +15,84 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -/* - TODO: add support for YASSL -*/ - #include #include -#ifdef HAVE_EncryptAes128Ctr +// TODO +// different key lengths +#ifdef HAVE_YASSL +#include "aes.hpp" + +typedef TaoCrypt::CipherDir Dir; +static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION; +static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION; + +typedef TaoCrypt::Mode CipherMode; +static inline CipherMode EVP_aes_128_ecb() { return TaoCrypt::ECB; } +static inline CipherMode EVP_aes_128_cbc() { return TaoCrypt::CBC; } + +typedef TaoCrypt::byte KeyByte; + +#else #include #include -static const int CRYPT_ENCRYPT = 1; -static const int CRYPT_DECRYPT = 0; +typedef int Dir; +static const Dir CRYPT_ENCRYPT = 1; +static const Dir CRYPT_DECRYPT = 0; -C_MODE_START +typedef const EVP_CIPHER *CipherMode; +struct MyCTX : EVP_CIPHER_CTX { + MyCTX() { EVP_CIPHER_CTX_init(this); } + ~MyCTX() { EVP_CIPHER_CTX_cleanup(this); } +}; -static int do_crypt(const EVP_CIPHER *cipher, int encrypt, +typedef uchar KeyByte; +#endif + +static int do_crypt(CipherMode cipher, Dir dir, const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, int no_padding) + const KeyByte *key, uint8 key_length, + const KeyByte *iv, uint8 iv_length, int no_padding) { - int res= AES_OPENSSL_ERROR, fin; int tail= no_padding ? source_length % MY_AES_BLOCK_SIZE : 0; + DBUG_ASSERT(source_length - tail >= MY_AES_BLOCK_SIZE); - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, encrypt)) - goto err; +#ifdef HAVE_YASSL + TaoCrypt::AES ctx(dir, cipher); + + ctx.SetKey(key, key_length); + if (iv) + { + ctx.SetIV(iv); + DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == iv_length); + } + DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == MY_AES_BLOCK_SIZE); + + ctx.Process(dest, source, source_length - tail); + *dest_length= source_length; +#else // HAVE_OPENSSL + int fin; + struct MyCTX ctx; + if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, dir)) + return AES_OPENSSL_ERROR; EVP_CIPHER_CTX_set_padding(&ctx, !no_padding); DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length); - DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length || !EVP_CIPHER_CTX_iv_length(&ctx)); + DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length); DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding); if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length - tail)) - goto err; + return AES_OPENSSL_ERROR; if (!EVP_CipherFinal_ex(&ctx, dest + *dest_length, &fin)) - goto err; + return AES_OPENSSL_ERROR; *dest_length += fin; +#endif + if (tail) { /* @@ -66,25 +101,24 @@ static int do_crypt(const EVP_CIPHER *cipher, int encrypt, What we do here, we XOR the tail with the previous encrypted block. */ - DBUG_ASSERT(source_length - tail == *dest_length); - DBUG_ASSERT(source_length - tail > MY_AES_BLOCK_SIZE); const uchar *s= source + source_length - tail; const uchar *e= source + source_length; uchar *d= dest + source_length - tail; - const uchar *m= (encrypt ? d : s) - MY_AES_BLOCK_SIZE; + const uchar *m= (dir == CRYPT_ENCRYPT ? d : s) - MY_AES_BLOCK_SIZE; while (s < e) *d++ = *s++ ^ *m++; *dest_length= source_length; } - res= AES_OK; -err: - EVP_CIPHER_CTX_cleanup(&ctx); - return res; + return AES_OK; } +C_MODE_START + /* CTR is a stream cypher mode, it needs no special padding code */ +#ifdef HAVE_EncryptAes128Ctr + int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, const uchar* key, uint8 key_length, @@ -106,6 +140,7 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, dest, dest_length, key, key_length, iv, iv_length, 0); } +#endif /* HAVE_EncryptAes128Ctr */ int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, uchar* dest, uint32* dest_length, @@ -114,7 +149,7 @@ int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, uint no_padding) { return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, no_padding); + dest, dest_length, key, key_length, 0, 0, no_padding); } int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, @@ -124,7 +159,7 @@ int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, uint no_padding) { return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length, - dest, dest_length, key, key_length, iv, iv_length, no_padding); + dest, dest_length, key, key_length, 0, 0, no_padding); } int my_aes_encrypt_cbc(const uchar* source, uint32 source_length, @@ -149,8 +184,6 @@ int my_aes_decrypt_cbc(const uchar* source, uint32 source_length, C_MODE_END -#endif /* HAVE_EncryptAes128Ctr */ - #if defined(HAVE_YASSL) #include From b4a4d82396dce58496a9d0741fec505452d753f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Wed, 1 Apr 2015 11:50:21 +0300 Subject: [PATCH 09/65] InnoDB/XtraDB Encryption cleanup. Step 1: -- Remove page encryption from dictionary (per table encryption will be handled by storing crypt_data to page 0) -- Remove encryption/compression from os0file and all functions before that (compression will be added to buf0buf.cc) -- Use same CRYPT_SCHEME_1 for all encryption methods -- Do some code cleanups to confort InnoDB coding style --- extra/innochecksum.cc | 2 +- storage/innobase/buf/buf0buf.cc | 8 +- storage/innobase/buf/buf0dblwr.cc | 44 +- storage/innobase/buf/buf0flu.cc | 8 +- storage/innobase/buf/buf0rea.cc | 4 +- storage/innobase/fil/fil0crypt.cc | 996 ++++++++++-------- storage/innobase/fil/fil0fil.cc | 159 +-- storage/innobase/fil/fil0pagecompress.cc | 179 +--- storage/innobase/fsp/fsp0fsp.cc | 1 + storage/innobase/handler/ha_innodb.cc | 11 +- storage/innobase/handler/i_s.cc | 2 + storage/innobase/include/dict0dict.h | 4 +- storage/innobase/include/dict0dict.ic | 36 +- storage/innobase/include/dict0pagecompress.ic | 26 - storage/innobase/include/fil0crypt.h | 394 +++++++ storage/innobase/include/fil0crypt.ic | 69 ++ storage/innobase/include/fil0fil.h | 306 +----- storage/innobase/include/fil0fil.ic | 108 ++ storage/innobase/include/fil0pageencryption.h | 79 -- storage/innobase/include/fsp0fsp.h | 41 +- storage/innobase/include/fsp0pageencryption.h | 66 -- .../innobase/include/fsp0pageencryption.ic | 167 --- storage/innobase/include/os0file.h | 69 +- storage/innobase/include/os0file.ic | 23 +- storage/innobase/log/log0log.cc | 10 +- storage/innobase/log/log0recv.cc | 5 +- storage/innobase/os/os0file.cc | 438 +------- storage/innobase/row/row0log.cc | 4 +- storage/innobase/row/row0merge.cc | 2 +- storage/innobase/row/row0mysql.cc | 1 + storage/innobase/srv/srv0srv.cc | 4 +- storage/innobase/srv/srv0start.cc | 3 +- storage/xtradb/buf/buf0buf.cc | 9 +- storage/xtradb/buf/buf0dblwr.cc | 48 +- storage/xtradb/buf/buf0flu.cc | 8 +- storage/xtradb/buf/buf0rea.cc | 4 +- storage/xtradb/fil/fil0crypt.cc | 996 ++++++++++-------- storage/xtradb/fil/fil0fil.cc | 161 +-- storage/xtradb/fil/fil0pagecompress.cc | 185 +--- storage/xtradb/fsp/fsp0fsp.cc | 1 + storage/xtradb/handler/ha_innodb.cc | 11 +- storage/xtradb/handler/i_s.cc | 2 + storage/xtradb/include/dict0dict.h | 4 +- storage/xtradb/include/dict0dict.ic | 37 +- storage/xtradb/include/dict0pagecompress.ic | 26 - storage/xtradb/include/fil0crypt.h | 394 +++++++ storage/xtradb/include/fil0crypt.ic | 69 ++ storage/xtradb/include/fil0fil.h | 309 +----- storage/xtradb/include/fil0fil.ic | 108 ++ storage/xtradb/include/fil0pageencryption.h | 79 -- storage/xtradb/include/fsp0fsp.h | 44 +- storage/xtradb/include/fsp0pageencryption.h | 66 -- storage/xtradb/include/fsp0pageencryption.ic | 168 --- storage/xtradb/include/os0file.h | 73 +- storage/xtradb/include/os0file.ic | 23 +- storage/xtradb/log/log0log.cc | 16 +- storage/xtradb/log/log0online.cc | 2 +- storage/xtradb/log/log0recv.cc | 9 +- storage/xtradb/os/os0file.cc | 420 +------- storage/xtradb/row/row0log.cc | 4 +- storage/xtradb/row/row0merge.cc | 2 +- storage/xtradb/row/row0mysql.cc | 1 + storage/xtradb/srv/srv0srv.cc | 4 +- storage/xtradb/srv/srv0start.cc | 3 +- 64 files changed, 2524 insertions(+), 4031 deletions(-) create mode 100644 storage/innobase/include/fil0crypt.h create mode 100644 storage/innobase/include/fil0crypt.ic create mode 100644 storage/innobase/include/fil0fil.ic delete mode 100644 storage/innobase/include/fil0pageencryption.h delete mode 100644 storage/innobase/include/fsp0pageencryption.h delete mode 100644 storage/innobase/include/fsp0pageencryption.ic create mode 100644 storage/xtradb/include/fil0crypt.h create mode 100644 storage/xtradb/include/fil0crypt.ic create mode 100644 storage/xtradb/include/fil0fil.ic delete mode 100644 storage/xtradb/include/fil0pageencryption.h delete mode 100644 storage/xtradb/include/fsp0pageencryption.h delete mode 100644 storage/xtradb/include/fsp0pageencryption.ic diff --git a/extra/innochecksum.cc b/extra/innochecksum.cc index 1f323b9d730..34bc4a199d5 100644 --- a/extra/innochecksum.cc +++ b/extra/innochecksum.cc @@ -52,10 +52,10 @@ The parts not included are excluded by #ifndef UNIV_INNOCHECKSUM. */ #include "ut0ut.h" #include "ut0byte.h" #include "mach0data.h" -#include "fsp0types.h" #include "rem0rec.h" #include "buf0checksum.h" /* buf_calc_page_*() */ #include "fil0fil.h" /* FIL_* */ +#include "fsp0types.h" #include "page0page.h" /* PAGE_* */ #include "page0zip.h" /* page_zip_*() */ #include "trx0undo.h" /* TRX_* */ diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index 59cbe633dec..b2758e1253f 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -40,6 +40,7 @@ Created 11/5/1995 Heikki Tuuri #include "mem0mem.h" #include "btr0btr.h" #include "fil0fil.h" +#include "fil0crypt.h" #ifndef UNIV_HOTBACKUP #include "buf0buddy.h" #include "lock0lock.h" @@ -54,7 +55,6 @@ Created 11/5/1995 Heikki Tuuri #include "page0zip.h" #include "srv0mon.h" #include "buf0checksum.h" -#include "fil0pageencryption.h" #include "fil0pagecompress.h" #include "ut0byte.h" #include @@ -504,7 +504,7 @@ buf_page_is_corrupted( ulint zip_size) /*!< in: size of compressed page; 0 for uncompressed pages */ { - ulint page_encrypted = fil_page_is_compressed_encrypted(read_buf) || fil_page_is_encrypted(read_buf); + ulint page_encrypted = fil_page_is_encrypted(read_buf); ulint checksum_field1; ulint checksum_field2; ibool crc32_inited = FALSE; @@ -5763,7 +5763,7 @@ buf_page_decrypt_after_read( unsigned key_version = mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - bool page_compressed_encrypted = fil_page_is_compressed_encrypted(dst_frame); + bool page_compressed = fil_page_is_compressed(dst_frame); if (key_version == 0) { /* the page we read is unencrypted */ @@ -5801,7 +5801,7 @@ buf_page_decrypt_after_read( /* decompress from dst_frame to comp_buf and then copy to buffer pool */ - if (page_compressed_encrypted) { + if (page_compressed) { if (bpage->comp_buf_free == NULL) { bpage->comp_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); // TODO: is 4k aligment enough ? diff --git a/storage/innobase/buf/buf0dblwr.cc b/storage/innobase/buf/buf0dblwr.cc index 477bcfe0ee3..53ef6ecb316 100644 --- a/storage/innobase/buf/buf0dblwr.cc +++ b/storage/innobase/buf/buf0dblwr.cc @@ -36,6 +36,8 @@ Created 2011/12/19 #include "srv0srv.h" #include "page0zip.h" #include "trx0sys.h" +#include "fil0fil.h" +#include "fil0crypt.h" #ifndef UNIV_HOTBACKUP @@ -385,7 +387,7 @@ buf_dblwr_init_or_load_pages( /* Read the trx sys header to check if we are using the doublewrite buffer */ off_t trx_sys_page = TRX_SYS_PAGE_NO * UNIV_PAGE_SIZE; - os_file_read(file, read_buf, trx_sys_page, UNIV_PAGE_SIZE, FALSE); + os_file_read(file, read_buf, trx_sys_page, UNIV_PAGE_SIZE); doublewrite = read_buf + TRX_SYS_DOUBLEWRITE; @@ -430,9 +432,9 @@ buf_dblwr_init_or_load_pages( block_bytes = TRX_SYS_DOUBLEWRITE_BLOCK_SIZE * UNIV_PAGE_SIZE; - os_file_read(file, buf, block1 * UNIV_PAGE_SIZE, block_bytes, FALSE); + os_file_read(file, buf, block1 * UNIV_PAGE_SIZE, block_bytes); os_file_read(file, buf + block_bytes, block2 * UNIV_PAGE_SIZE, - block_bytes, FALSE); + block_bytes); /* Check if any of these pages is half-written in data files, in the intended position */ @@ -530,9 +532,7 @@ buf_dblwr_process() zip_size ? zip_size : UNIV_PAGE_SIZE, read_buf, NULL, - 0, - 0, - false); + 0); if (fil_space_verify_crypt_checksum(read_buf, zip_size)) { /* page is encrypted and checksum is OK */ @@ -593,9 +593,7 @@ buf_dblwr_process() zip_size ? zip_size : UNIV_PAGE_SIZE, page, NULL, - 0, - 0, - false); + 0); ib_logf(IB_LOG_LEVEL_INFO, "Recovered the page from" @@ -620,9 +618,7 @@ buf_dblwr_process() zip_size ? zip_size : UNIV_PAGE_SIZE, page, NULL, - 0, - 0, - false); + 0); } } } @@ -644,9 +640,9 @@ buf_dblwr_process() memset(buf, 0, bytes); fil_io(OS_FILE_WRITE, true, TRX_SYS_SPACE, 0, - buf_dblwr->block1, 0, bytes, buf, NULL, NULL, 0, false); + buf_dblwr->block1, 0, bytes, buf, NULL, NULL); fil_io(OS_FILE_WRITE, true, TRX_SYS_SPACE, 0, - buf_dblwr->block2, 0, bytes, buf, NULL, NULL, 0, false); + buf_dblwr->block2, 0, bytes, buf, NULL, NULL); ut_free(unaligned_buf); } @@ -860,9 +856,7 @@ buf_dblwr_write_block_to_datafile( buf_page_get_zip_size(bpage), frame, (void*) bpage, - 0, - bpage->newest_modification, - bpage->encrypt_later); + 0); return; } @@ -881,9 +875,7 @@ buf_dblwr_write_block_to_datafile( UNIV_PAGE_SIZE, frame, (void*) block, - (ulint *)&bpage->write_size, - bpage->newest_modification, - bpage->encrypt_later); + (ulint *)&bpage->write_size); } /********************************************************************//** @@ -977,7 +969,7 @@ try_again: fil_io(OS_FILE_WRITE, true, TRX_SYS_SPACE, 0, buf_dblwr->block1, 0, len, - (void*) write_buf, NULL, 0, 0, false); + (void*) write_buf, NULL, 0); if (buf_dblwr->first_free <= TRX_SYS_DOUBLEWRITE_BLOCK_SIZE) { /* No unwritten pages in the second block. */ @@ -993,7 +985,7 @@ try_again: fil_io(OS_FILE_WRITE, true, TRX_SYS_SPACE, 0, buf_dblwr->block2, 0, len, - (void*) write_buf, NULL, 0, 0, false); + (void*) write_buf, NULL, 0); flush: /* increment the doublewrite flushed pages counter */ @@ -1230,9 +1222,7 @@ retry: UNIV_PAGE_SIZE, (void*) (buf_dblwr->write_buf + UNIV_PAGE_SIZE * i), NULL, - 0, - bpage->newest_modification, - bpage->encrypt_later); + 0); } else { /* It is a regular page. Write it directly to the doublewrite buffer */ @@ -1244,9 +1234,7 @@ retry: UNIV_PAGE_SIZE, frame, NULL, - 0, - bpage->newest_modification, - bpage->encrypt_later); + 0); } /* Now flush the doublewrite buffer data to disk */ diff --git a/storage/innobase/buf/buf0flu.cc b/storage/innobase/buf/buf0flu.cc index 9bd7a7c007d..b8a34558867 100644 --- a/storage/innobase/buf/buf0flu.cc +++ b/storage/innobase/buf/buf0flu.cc @@ -921,9 +921,7 @@ buf_flush_write_block_low( zip_size ? zip_size : UNIV_PAGE_SIZE, frame, bpage, - &bpage->write_size, - bpage->newest_modification, - bpage->encrypt_later); + &bpage->write_size); } else { /* InnoDB uses doublewrite buffer and doublewrite buffer @@ -943,9 +941,7 @@ buf_flush_write_block_low( zip_size ? zip_size : UNIV_PAGE_SIZE, frame, bpage, - &bpage->write_size, - bpage->newest_modification, - bpage->encrypt_later); + &bpage->write_size); } else if (flush_type == BUF_FLUSH_SINGLE_PAGE) { buf_dblwr_write_single_page(bpage, sync); } else { diff --git a/storage/innobase/buf/buf0rea.cc b/storage/innobase/buf/buf0rea.cc index e91a5da6621..5917af7ca9d 100644 --- a/storage/innobase/buf/buf0rea.cc +++ b/storage/innobase/buf/buf0rea.cc @@ -186,7 +186,7 @@ buf_read_page_low( *err = fil_io(OS_FILE_READ | wake_later | ignore_nonexistent_pages, sync, space, zip_size, offset, 0, zip_size, - frame, bpage, &bpage->write_size, 0, false); + frame, bpage, &bpage->write_size); } else { ut_a(buf_page_get_state(bpage) == BUF_BLOCK_FILE_PAGE); @@ -194,7 +194,7 @@ buf_read_page_low( | ignore_nonexistent_pages, sync, space, 0, offset, 0, UNIV_PAGE_SIZE, frame, bpage, - &bpage->write_size, 0, false); + &bpage->write_size); } if (sync) { diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 9f8315a8016..aab0b1f5568 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -24,6 +24,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com *******************************************************/ #include "fil0fil.h" +#include "fil0crypt.h" #include "srv0srv.h" #include "srv0start.h" #include "mach0data.h" @@ -35,14 +36,13 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "btr0scrub.h" #include "fsp0fsp.h" #include "fil0pagecompress.h" -#include "fil0pageencryption.h" #include "ha_prototypes.h" // IB_LOG_ #include #include #include - +#include "fil0crypt.h" /** Mutex for keys */ UNIV_INTERN ib_mutex_t fil_crypt_key_mutex; @@ -119,67 +119,40 @@ static const unsigned char CRYPT_MAGIC[MAGIC_SZ] = { static const unsigned char EMPTY_PATTERN[MAGIC_SZ] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; -/** - * CRYPT_SCHEME_UNENCRYPTED - * - * Used as intermediate state when convering a space from unencrypted - * to encrypted - */ -#define CRYPT_SCHEME_UNENCRYPTED 0 - -/** - * CRYPT_SCHEME_1 - * - * L = AES_ECB(KEY, IV) - * CRYPT(PAGE) = AES_CRT(KEY=L, IV=C, PAGE) - */ -#define CRYPT_SCHEME_1 1 -#define CRYPT_SCHEME_1_IV_LEN 16 -// cached L given key_version -struct key_struct +/****************************************************************** +Map used AES method to crypt scheme +@return used AES crypt scheme */ +UNIV_INTERN +uint +fil_crypt_get_aes_method( +/*=====================*/ + uint aes_method) { - uint key_version; - byte key[CRYPT_SCHEME_1_IV_LEN]; -}; + switch (aes_method) { + case MY_AES_ALGORITHM_NONE: + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; + break; + case MY_AES_ALGORITHM_CTR: + return (uint) CRYPT_SCHEME_1_CTR; + break; + case MY_AES_ALGORITHM_CBC: + return (uint) CRYPT_SCHEME_1_CBC; + break; + default: + ib_logf(IB_LOG_LEVEL_FATAL, + "Current AES method %d not supported.\n", aes_method); + ut_error; + } -struct fil_space_rotate_state_t -{ - time_t start_time; // time when rotation started - ulint active_threads; // active threads in space - ulint next_offset; // next "free" offset - ulint max_offset; // max offset needing to be rotated - uint min_key_version_found; // min key version found but not rotated - lsn_t end_lsn; // max lsn created when rotating this space - bool starting; // initial write of IV - bool flushing; // space is being flushed at end of rotate - struct { - bool is_active; // is scrubbing active in this space - time_t last_scrub_completed; // when was last scrub completed - } scrubbing; -}; - -struct fil_space_crypt_struct -{ - ulint type; // CRYPT_SCHEME - uint keyserver_requests; // no of key requests to key server - uint key_count; // No of initalized key-structs - key_struct keys[3]; // cached L = AES_ECB(KEY, IV) - uint min_key_version; // min key version for this space - ulint page0_offset; // byte offset on page 0 for crypt data - - ib_mutex_t mutex; // mutex protecting following variables - bool closing; // is tablespace being closed - fil_space_rotate_state_t rotate_state; - - uint iv_length; // length of IV - byte iv[1]; // IV-data -}; + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; +} /********************************************************************* Init space crypt */ UNIV_INTERN void fil_space_crypt_init() +/*==================*/ { mutex_create(fil_crypt_key_mutex_key, &fil_crypt_key_mutex, SYNC_NO_ORDER_CHECK); @@ -196,6 +169,7 @@ Cleanup space crypt */ UNIV_INTERN void fil_space_crypt_cleanup() +/*=====================*/ { os_event_free(fil_crypt_throttle_sleep_event); } @@ -204,31 +178,35 @@ fil_space_crypt_cleanup() Get key bytes for a space/key-version */ static void -fil_crypt_get_key(byte *dst, uint* key_length, - fil_space_crypt_t* crypt_data, uint version, bool page_encrypted) +fil_crypt_get_key( +/*==============*/ + byte* dst, /*mutex); - if (!page_encrypted) { - // Check if we already have key - for (uint i = 0; i < crypt_data->key_count; i++) { - if (crypt_data->keys[i].key_version == version) { - memcpy(dst, crypt_data->keys[i].key, - sizeof(crypt_data->keys[i].key)); - mutex_exit(&crypt_data->mutex); - return; - } + // Check if we already have key + for (uint i = 0; i < crypt_data->key_count; i++) { + if (crypt_data->keys[i].key_version == version) { + memcpy(dst, crypt_data->keys[i].key, + crypt_data->keys[i].key_length); + *key_length = crypt_data->keys[i].key_length; + mutex_exit(&crypt_data->mutex); + return; } - // Not found! - crypt_data->keyserver_requests++; + } - // Rotate keys to make room for a new - for (uint i = 1; i < array_elements(crypt_data->keys); i++) { - crypt_data->keys[i] = crypt_data->keys[i - 1]; - } - } + // Not found! + crypt_data->keyserver_requests++; + + // Rotate keys to make room for a new + for (uint i = 1; i < array_elements(crypt_data->keys); i++) { + crypt_data->keys[i] = crypt_data->keys[i - 1]; + } if (has_encryption_key(version)) { int rc; @@ -247,51 +225,45 @@ fil_crypt_get_key(byte *dst, uint* key_length, ut_error; } + /* Now compute L by encrypting IV using this key. Note + that we use random IV from crypt data. */ + const unsigned char* src = crypt_data->iv; + const int srclen = crypt_data->iv_length; + unsigned char* buf = crypt_data->keys[0].key; + uint32 buflen = CRYPT_SCHEME_1_IV_LEN; - // do ctr key initialization - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) - { - /* Now compute L by encrypting IV using this key. Note - that we use random IV from crypt data. */ - const unsigned char* src = crypt_data->iv; - const int srclen = crypt_data->iv_length; - unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key; - uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key); + /* We use AES_ECB to encryp IV */ + my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - // call ecb explicit - my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc = (*func)(src, srclen, - buf, &buflen, - (unsigned char*)keybuf, *key_length, - NULL, 0, - 1); + int rc = (*func)(src, /* Data to be encrypted = IV */ + srclen, /* data length */ + buf, /* Output buffer */ + &buflen, /* Output buffer */ + keybuf, /* Key */ + *key_length, /* Key length */ + NULL, /* AES_ECB does not use IV */ + 0, /* IV-length */ + 1); /* NoPadding */ - if (rc != AES_OK) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Unable to encrypt key-block " - " src: %p srclen: %d buf: %p buflen: %d." - " return-code: %d. Can't continue!\n", - src, srclen, buf, buflen, rc); - ut_error; - } - - if (!page_encrypted) { - crypt_data->keys[0].key_version = version; - crypt_data->key_count++; - - if (crypt_data->key_count > array_elements(crypt_data->keys)) { - crypt_data->key_count = array_elements(crypt_data->keys); - } - } - - // set the key size to the aes block size because this encrypted data is the key - *key_length = MY_AES_BLOCK_SIZE; - memcpy(dst, buf, buflen); - } else { - // otherwise keybuf contains the right key - memcpy(dst, keybuf, *key_length); + if (rc != AES_OK) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to encrypt key-block " + " src: %p srclen: %d buf: %p buflen: %d." + " return-code: %d. Can't continue!\n", + src, srclen, buf, buflen, rc); + ut_error; } + crypt_data->keys[0].key_version = version; + crypt_data->key_count++; + *key_length = buflen; + crypt_data->keys[0].key_length = buflen; + + if (crypt_data->key_count > array_elements(crypt_data->keys)) { + crypt_data->key_count = array_elements(crypt_data->keys); + } + + memcpy(dst, buf, buflen); mutex_exit(&crypt_data->mutex); } @@ -299,8 +271,12 @@ fil_crypt_get_key(byte *dst, uint* key_length, Get key bytes for a space/latest(key-version) */ static inline void -fil_crypt_get_latest_key(byte *dst, uint* key_length, - fil_space_crypt_t* crypt_data, uint *version) +fil_crypt_get_latest_key( +/*=====================*/ + byte* dst, /*!< out: Key */ + uint* key_length, /*!< out: Key length */ + fil_space_crypt_t* crypt_data, /*!< in: crypt data */ + uint* version) /*!< in: Key version */ { if (srv_encrypt_tables) { // used for key rotation - get the next key id from the key provider @@ -312,29 +288,33 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length, } } - return fil_crypt_get_key(dst, key_length, crypt_data, *version, srv_encrypt_tables == FALSE); + return fil_crypt_get_key(dst, key_length, crypt_data, *version); } /****************************************************************** -Create a fil_space_crypt_t object */ +Create a fil_space_crypt_t object +@return crypt object */ UNIV_INTERN fil_space_crypt_t* fil_space_create_crypt_data() +/*=========================*/ { const uint iv_length = CRYPT_SCHEME_1_IV_LEN; const uint sz = sizeof(fil_space_crypt_t) + iv_length; fil_space_crypt_t* crypt_data = static_cast(malloc(sz)); + uint aes_method = current_aes_dynamic_method; + memset(crypt_data, 0, sz); if (srv_encrypt_tables == FALSE) { - crypt_data->type = CRYPT_SCHEME_UNENCRYPTED; crypt_data->min_key_version = 0; } else { - crypt_data->type = CRYPT_SCHEME_1; crypt_data->min_key_version = get_latest_encryption_key_version(); } + /* Set up the current AES method */ + crypt_data->type = (fil_crypt_method_t)fil_crypt_get_aes_method(aes_method); mutex_create(fil_crypt_data_mutex_key, &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->iv_length = iv_length; @@ -346,13 +326,18 @@ fil_space_create_crypt_data() Compare two crypt objects */ UNIV_INTERN int -fil_space_crypt_compare(const fil_space_crypt_t* crypt_data1, - const fil_space_crypt_t* crypt_data2) +fil_space_crypt_compare( +/*====================*/ + const fil_space_crypt_t* crypt_data1,/*!< in: Crypt data */ + const fil_space_crypt_t* crypt_data2)/*!< in: Crypt data */ { - ut_a(crypt_data1->type == CRYPT_SCHEME_UNENCRYPTED || - crypt_data1->type == CRYPT_SCHEME_1); - ut_a(crypt_data2->type == CRYPT_SCHEME_UNENCRYPTED || - crypt_data2->type == CRYPT_SCHEME_1); + ut_a(crypt_data1->type == CRYPT_SCHEME_1_UNENCRYPTED || + crypt_data1->type == CRYPT_SCHEME_1_CTR || + crypt_data1->type == CRYPT_SCHEME_1_CBC); + + ut_a(crypt_data2->type == CRYPT_SCHEME_1_UNENCRYPTED || + crypt_data2->type == CRYPT_SCHEME_1_CTR || + crypt_data1->type == CRYPT_SCHEME_1_CBC); ut_a(crypt_data1->iv_length == CRYPT_SCHEME_1_IV_LEN); ut_a(crypt_data2->iv_length == CRYPT_SCHEME_1_IV_LEN); @@ -365,10 +350,15 @@ fil_space_crypt_compare(const fil_space_crypt_t* crypt_data1, } /****************************************************************** -Read crypt data from a page (0) */ +Read crypt data from a page (0) +@return crypt data from page 0. */ UNIV_INTERN fil_space_crypt_t* -fil_space_read_crypt_data(ulint space, const byte* page, ulint offset) +fil_space_read_crypt_data( +/*======================*/ + ulint space, /*!< in: file space id*/ + const byte* page, /*!< in: page 0 */ + ulint offset) /*!< in: offset */ { if (memcmp(page + offset, EMPTY_PATTERN, MAGIC_SZ) == 0) { /* crypt is not stored */ @@ -393,8 +383,10 @@ fil_space_read_crypt_data(ulint space, const byte* page, ulint offset) ulint type = mach_read_from_1(page + offset + MAGIC_SZ + 0); - if (! (type == CRYPT_SCHEME_UNENCRYPTED || - type == CRYPT_SCHEME_1)) { + if (! (type == CRYPT_SCHEME_1_UNENCRYPTED || + type == CRYPT_SCHEME_1_CTR || + type == CRYPT_SCHEME_1_CBC)) { + ib_logf(IB_LOG_LEVEL_ERROR, "Found non sensible crypt scheme: %lu for space %lu " " offset: %lu bytes: " @@ -449,7 +441,9 @@ fil_space_read_crypt_data(ulint space, const byte* page, ulint offset) Free a crypt data object */ UNIV_INTERN void -fil_space_destroy_crypt_data(fil_space_crypt_t **crypt_data) +fil_space_destroy_crypt_data( +/*=========================*/ + fil_space_crypt_t **crypt_data) /*!< out: crypt data */ { if (crypt_data != NULL && (*crypt_data) != NULL) { /* lock (and unlock) mutex to make sure no one has it locked @@ -466,10 +460,14 @@ fil_space_destroy_crypt_data(fil_space_crypt_t **crypt_data) Write crypt data to a page (0) */ static void -fil_space_write_crypt_data_low(fil_space_crypt_t *crypt_data, - ulint type, - byte* page, ulint offset, - ulint maxsize, mtr_t* mtr) +fil_space_write_crypt_data_low( +/*===========================*/ + fil_space_crypt_t* crypt_data, /* 0 && offset < UNIV_PAGE_SIZE); ulint space_id = mach_read_from_4( @@ -492,10 +490,8 @@ fil_space_write_crypt_data_low(fil_space_crypt_t *crypt_data, mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, min_key_version, MLOG_4BYTES, mtr); - DBUG_EXECUTE_IF("ib_file_crypt_redo_crash_1", - ut_error;); - byte* log_ptr = mlog_open(mtr, 11 + 12 + len); + if (log_ptr != NULL) { log_ptr = mlog_write_initial_log_record_fast( page, @@ -515,25 +511,26 @@ fil_space_write_crypt_data_low(fil_space_crypt_t *crypt_data, mlog_catenate_string(mtr, crypt_data->iv, len); } - - DBUG_EXECUTE_IF("ib_file_crypt_redo_crash_2", - ut_error;); } /****************************************************************** Write crypt data to a page (0) */ UNIV_INTERN void -fil_space_write_crypt_data(ulint space, byte* page, ulint offset, - ulint maxsize, mtr_t* mtr) +fil_space_write_crypt_data( +/*=======================*/ + ulint space, /*mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } + /* For AES CTR create counter and AES CBS IV */ + mach_write_to_4(iv + 0, space); + ulint space_offset = mach_read_from_4(src_frame + FIL_PAGE_OFFSET); + mach_write_to_4(iv + 4, space_offset); + mach_write_to_8(iv + 8, lsn); ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED); - ibool page_encrypted = fil_space_is_page_encrypted(space); - ulint compression_alg = mach_read_from_8(src_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + ulint compression_algo = page_compressed ? mach_read_from_8(src_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION) : 0; - // copy page header + /* FIL page header is not encrypted */ memcpy(dst_frame, src_frame, FIL_PAGE_DATA); - if (page_encrypted && !page_compressed) { - // key id - mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, - key_version); - // original page type - mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 2, - orig_page_type); - // new page type - mach_write_to_2(dst_frame+FIL_PAGE_TYPE, FIL_PAGE_PAGE_ENCRYPTED); - } else { - // store key version - mach_write_to_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, - key_version); - } + /* Store key version */ + mach_write_to_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, key_version); - // encrypt page data + /* Calculate the start offset in a page */ ulint unencrypted_bytes = FIL_PAGE_DATA + FIL_PAGE_DATA_END; ulint srclen = page_size - unencrypted_bytes; const byte* src = src_frame + FIL_PAGE_DATA; byte* dst = dst_frame + FIL_PAGE_DATA; - uint32 dstlen; + uint32 dstlen=0; + /* For page compressed tables we encrypt only the actual compressed + payload. Note that first two bytes of page data is actual payload + size and that should not be encrypted. */ if (page_compressed) { - srclen = page_size - FIL_PAGE_DATA; + ulint payload = mach_read_from_2(src_frame + FIL_PAGE_DATA); + mach_write_to_2(dst_frame + FIL_PAGE_DATA, payload); + srclen = payload; + src+=2; + dst+=2; } - int rc = (* my_aes_encrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); + /* Get encryption method */ + my_aes_encrypt_dynamic_type func = get_aes_encrypt_func((enum_my_aes_encryption_algorithm)fil_crypt_map_aes_method(aes_method)); + + /* Encrypt the data */ + int rc = (*func)(src, /* Original page */ + srclen, /* Page length */ + dst, /* Output buffer */ + &dstlen, /* Output length */ + key, /* Encryption key */ + key_length, /* Key length */ + iv, /* IV */ + sizeof(iv), /* IV length */ + 1); /* Use noPadding */ if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -735,18 +767,164 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, ut_error; } + /* Set up the checksum */ + mach_write_to_4(dst_frame+FIL_PAGE_SPACE_OR_CHKSUM, BUF_NO_CHECKSUM_MAGIC); + + /* For compressed tables we do not store the FIL header because + the whole page is not stored to the disk. In compressed tables only + the FIL header + compressed (and now encrypted) payload alligned + to sector boundary is written. */ if (!page_compressed) { - // copy page trailer + /* FIL page trailer is also not encrypted */ memcpy(dst_frame + page_size - FIL_PAGE_DATA_END, src_frame + page_size - FIL_PAGE_DATA_END, FIL_PAGE_DATA_END); + } - /* handle post encryption checksum */ + /* Store AES encryption method */ + mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4, + aes_method); + /* Store compression algorithm (for page compresed tables) or 0 */ + mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 6, + compression_algo); +} + +/********************************************************************* +Check if extra buffer shall be allocated for decrypting after read +@return true if fil space has encryption data. */ +UNIV_INTERN +bool +fil_space_check_encryption_read( +/*=============================*/ + ulint space) /*!< in: tablespace id */ +{ + fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); + + if (crypt_data == NULL) { + return false; + } + + if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { + return false; + } + + return true; +} + +/****************************************************************** +Decrypt a page +@return true if page was encrypted */ +UNIV_INTERN +bool +fil_space_decrypt( +/*==============*/ + fil_space_crypt_t* crypt_data, /*!< in: crypt data */ + const byte* src_frame, /*!< in: input buffer */ + ulint page_size, /*!< in: page size */ + byte* dst_frame) /*!< out: output buffer */ +{ + ulint page_type = mach_read_from_2(src_frame+FIL_PAGE_TYPE); + uint key_version = mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + bool page_compressed = (page_type == FIL_PAGE_PAGE_COMPRESSED); + ulint compression_algo = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 6); + uint aes_method = 0; + + /* Page is not encrypted if key_version is 0 */ + if (key_version == 0) { + //TODO: is this really needed ? + memcpy(dst_frame, src_frame, page_size); + return false; /* page not decrypted */ + } + + /* read space & offset & lsn */ + ulint space = mach_read_from_4( + src_frame + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); + ulint offset = mach_read_from_4( + src_frame + FIL_PAGE_OFFSET); + ib_uint64_t lsn = mach_read_from_8(src_frame + FIL_PAGE_LSN); + + /* Copy FIL page header, it is not encrypted */ + memcpy(dst_frame, src_frame, FIL_PAGE_DATA); + + /* Get key */ + byte key[MY_AES_MAX_KEY_LENGTH]; + uint key_length; + unsigned char iv[MY_AES_BLOCK_SIZE]; + fil_crypt_get_key(key, &key_length, crypt_data, key_version); + aes_method = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4); + + /* Verify used AES method */ + if ( aes_method != CRYPT_SCHEME_1_CTR && + aes_method != CRYPT_SCHEME_1_CBC) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to decrypt data-block " + " aes_method: %d unknown!\n", + aes_method); + ut_error; + } + + /* Create counter used as IV */ + mach_write_to_4(iv + 0, space); + mach_write_to_4(iv + 4, offset); + mach_write_to_8(iv + 8, lsn); + + /* Calculate the offset where decryption starts */ + const byte* src = src_frame + FIL_PAGE_DATA; + byte* dst = dst_frame + FIL_PAGE_DATA; + uint32 dstlen=0; + ulint srclen = page_size - (FIL_PAGE_DATA + FIL_PAGE_DATA_END); + + /* For page compressed tables we decrypt only the actual compressed + payload. Note that first two bytes of page data is actual payload + size and that should not be decrypted. */ + if (page_compressed) { + ulint compressed_len = mach_read_from_2(src_frame + FIL_PAGE_DATA); + src+=2; + dst+=2; + mach_write_to_2(dst_frame + FIL_PAGE_DATA, compressed_len); + srclen = compressed_len; + } + + /* Get AES method */ + my_aes_encrypt_dynamic_type func = get_aes_decrypt_func((enum_my_aes_encryption_algorithm)fil_crypt_map_aes_method(aes_method)); + + /* Decrypt the data */ + int rc = (*func)(src, /* Data to be encrypted */ + srclen, /* data length */ + dst, /* Output buffer */ + &dstlen, /* Output buffer */ + key, /* Key */ + key_length, /* Key length */ + iv, /* IV */ + sizeof(iv), /* IV-length */ + 1); /* NoPadding */ + + if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to decrypt data-block " + " src: %p srclen: %ld buf: %p buflen: %d." + " return-code: %d. Can't continue!\n", + src, (long)srclen, + dst, dstlen, rc); + ut_error; + } + + /* For compressed tables we do not store the FIL header because + the whole page is not stored to the disk. In compressed tables only + the FIL header + compressed (and now encrypted) payload alligned + to sector boundary is written. */ + if (!page_compressed) { + /* Copy FIL trailer */ + memcpy(dst_frame + page_size - FIL_PAGE_DATA_END, + src_frame + page_size - FIL_PAGE_DATA_END, + FIL_PAGE_DATA_END); + + /* handle post decryption checksum */ ib_uint32_t checksum = 0; srv_checksum_algorithm_t algorithm = static_cast(srv_checksum_algorithm); - if (zip_size == 0) { + if (page_size == UNIV_PAGE_SIZE) { switch (algorithm) { case SRV_CHECKSUM_ALGORITHM_CRC32: case SRV_CHECKSUM_ALGORITHM_STRICT_CRC32: @@ -765,173 +943,23 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, * if new enum is added and not handled here */ } } else { - checksum = page_zip_calc_checksum(dst_frame, zip_size, + checksum = page_zip_calc_checksum(dst_frame, page_size, algorithm); } - // store the post-encryption checksum after the key-version - mach_write_to_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4, - checksum); - } else { - /* Page compressed and encrypted tables have different - FIL_HEADER */ - ulint page_len = log10((double)page_size)/log10((double)2); - /* Set up the correct page type */ - mach_write_to_2(dst_frame+FIL_PAGE_TYPE, FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED); - /* Set up the compression algorithm */ - mach_write_to_2(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+4, orig_page_type); - /* Set up the compressed size */ - mach_write_to_1(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+6, page_len); - /* Set up the compression method */ - mach_write_to_1(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+7, compression_alg); + mach_write_to_4(dst_frame + FIL_PAGE_SPACE_OR_CHKSUM, checksum); + + fprintf(stderr, "KUKKU %ld:%lu\n", mach_read_from_4(dst_frame + FIL_PAGE_SPACE_OR_CHKSUM), + mach_read_from_4(dst_frame + FIL_PAGE_END_LSN_OLD_CHKSUM)); } -} - -/********************************************************************* -Check if extra buffer shall be allocated for decrypting after read */ -UNIV_INTERN -bool -fil_space_check_encryption_read( -/*==============================*/ - ulint space) /*!< in: tablespace id */ -{ - fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); - - if (crypt_data == NULL) { - return false; - } - - if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { - return false; - } - - return true; -} - -/****************************************************************** -Decrypt a page */ -UNIV_INTERN -bool -fil_space_decrypt(fil_space_crypt_t* crypt_data, - const byte* src_frame, ulint page_size, byte* dst_frame) -{ - ulint page_type = mach_read_from_2(src_frame+FIL_PAGE_TYPE); - // key version - uint key_version; - bool page_encrypted = (page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED - || page_type == FIL_PAGE_PAGE_ENCRYPTED); - - bool page_compressed = (page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED - || page_type == FIL_PAGE_PAGE_COMPRESSED); - - ulint orig_page_type=0; - - if (page_type == FIL_PAGE_PAGE_ENCRYPTED) { - key_version = mach_read_from_2( - src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - orig_page_type = mach_read_from_2( - src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 2); - } else { - key_version = mach_read_from_4( - src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - } - - if (key_version == 0 && !page_encrypted) { - //TODO: is this really needed ? - memcpy(dst_frame, src_frame, page_size); - return false; /* page not decrypted */ - } - - // read space & offset & lsn - ulint space = mach_read_from_4( - src_frame + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); - ulint offset = mach_read_from_4( - src_frame + FIL_PAGE_OFFSET); - ib_uint64_t lsn = mach_read_from_8(src_frame + FIL_PAGE_LSN); - - // copy page header - memcpy(dst_frame, src_frame, FIL_PAGE_DATA); - - if (page_type == FIL_PAGE_PAGE_ENCRYPTED) { - // orig page type - mach_write_to_2(dst_frame+FIL_PAGE_TYPE, orig_page_type); - } - - // get key - byte key[MY_AES_MAX_KEY_LENGTH]; - uint key_length; - fil_crypt_get_key(key, &key_length, crypt_data, key_version, page_encrypted); - - // get the iv - unsigned char iv[MY_AES_BLOCK_SIZE]; - - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { - // create counter block - - mach_write_to_4(iv + 0, space); - mach_write_to_4(iv + 4, offset); - mach_write_to_8(iv + 8, lsn); - } else { - // Get random IV from crypt_data - mutex_enter(&crypt_data->mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } - - const byte* src = src_frame + FIL_PAGE_DATA; - byte* dst = dst_frame + FIL_PAGE_DATA; - uint32 dstlen; - ulint srclen = page_size - (FIL_PAGE_DATA + FIL_PAGE_DATA_END); - ulint compressed_len; - ulint compression_method; + /* Clear key-version & aes_method from dst */ + memset(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, 0, 8); + /* For page compressed tables store compression algorithm back */ if (page_compressed) { - orig_page_type = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+4); - compressed_len = mach_read_from_1(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+6); - compression_method = mach_read_from_1(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+7); - } - - if (page_encrypted && !page_compressed) { - orig_page_type = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+2); - } - - if (page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { - srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; - } - - int rc = (* my_aes_decrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); - - if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Unable to decrypt data-block " - " src: %p srclen: %ld buf: %p buflen: %d." - " return-code: %d. Can't continue!\n", - src, (long)srclen, - dst, dstlen, rc); - ut_error; - } - - if (page_type != FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { - // copy page trailer - memcpy(dst_frame + page_size - FIL_PAGE_DATA_END, - src_frame + page_size - FIL_PAGE_DATA_END, - FIL_PAGE_DATA_END); - - // clear key-version & crypt-checksum from dst - memset(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, 0, 8); - } else { - /* For page compressed tables we set up the FIL_HEADER again */ - /* setting original page type */ - mach_write_to_2(dst_frame + FIL_PAGE_TYPE, orig_page_type); - /* page_compression uses BUF_NO_CHECKSUM_MAGIC as checksum */ - mach_write_to_4(dst_frame + FIL_PAGE_SPACE_OR_CHKSUM, BUF_NO_CHECKSUM_MAGIC); - /* Set up the flush lsn to be compression algorithm */ - mach_write_to_8(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, compression_method); + mach_write_to_8(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, + compression_algo); } return true; /* page was decrypted */ @@ -941,8 +969,12 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, Decrypt a page */ UNIV_INTERN void -fil_space_decrypt(ulint space, - const byte* src_frame, ulint page_size, byte* dst_frame) +fil_space_decrypt( +/*==============*/ + ulint space, /*!< in: Fil space id */ + const byte* src_frame, /*!< in: input buffer */ + ulint page_size, /*!< in: page size */ + byte* dst_frame) /*!< out: output buffer */ { fil_space_decrypt(fil_space_get_crypt_data(space), src_frame, page_size, dst_frame); @@ -953,8 +985,13 @@ Verify checksum for a page (iff it's encrypted) NOTE: currently this function can only be run in single threaded mode as it modifies srv_checksum_algorithm (temporarily) @return true if page is encrypted AND OK, false otherwise */ +UNIV_INTERN bool -fil_space_verify_crypt_checksum(const byte* src_frame, ulint zip_size) +fil_space_verify_crypt_checksum( +/*============================*/ + const byte* src_frame, /*!< in: page the verify */ + ulint zip_size) /*!< in: compressed size if + row_format compressed */ { // key version uint key_version = mach_read_from_4( @@ -1041,7 +1078,8 @@ struct key_state_t { Copy global key state */ static void fil_crypt_get_key_state( - key_state_t *new_state) +/*====================*/ + key_state_t *new_state) /*!< out: key state */ { if (srv_encrypt_tables == TRUE) { new_state->key_version = get_latest_encryption_key_version(); @@ -1054,9 +1092,13 @@ fil_crypt_get_key_state( } /*********************************************************************** -Check if a key needs rotation given a key_state */ +Check if a key needs rotation given a key_state +@return true if key needs rotation, false if not */ static bool -fil_crypt_needs_rotation(uint key_version, const key_state_t *key_state) +fil_crypt_needs_rotation( +/*=====================*/ + uint key_version, /*!< in: Key version */ + const key_state_t* key_state) /*!< in: Key state */ { // TODO(jonaso): Add support for rotating encrypted => unencrypted @@ -1081,9 +1123,13 @@ fil_crypt_needs_rotation(uint key_version, const key_state_t *key_state) } /*********************************************************************** -Check if a space is closing (i.e just before drop) */ -UNIV_INTERN bool -fil_crypt_is_closing(ulint space) +Check if a space is closing (i.e just before drop) +@return true if space is closing, false if not. */ +UNIV_INTERN +bool +fil_crypt_is_closing( +/*=================*/ + ulint space) /*!< in: FIL space id */ { bool closing; fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -1097,16 +1143,22 @@ fil_crypt_is_closing(ulint space) Start encrypting a space @return true if a pending op (fil_inc_pending_ops/fil_decr_pending_ops) is held */ -static bool -fil_crypt_start_encrypting_space(ulint space, bool *recheck) { +static +bool +fil_crypt_start_encrypting_space( +/*=============================*/ + ulint space, /*!< in: FIL space id */ + bool* recheck)/*!< out: true if recheck needed */ +{ /* we have a pending op when entering function */ bool pending_op = true; + uint aes_method = current_aes_dynamic_method; mutex_enter(&fil_crypt_threads_mutex); fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); - ibool page_encrypted = fil_space_is_page_encrypted(space); + ibool page_encrypted = (crypt_data != NULL); /*If spage is not encrypted and encryption is not enabled, then do not continue encrypting the space. */ @@ -1184,7 +1236,7 @@ fil_crypt_start_encrypting_space(ulint space, bool *recheck) { /* 4 - write crypt data to page 0 */ fil_space_write_crypt_data_low(crypt_data, - CRYPT_SCHEME_1, + fil_crypt_get_aes_method(aes_method), frame, crypt_data->page0_offset, maxsize, &mtr); @@ -1232,7 +1284,7 @@ fil_crypt_start_encrypting_space(ulint space, bool *recheck) { /* 5 - publish crypt data */ mutex_enter(&fil_crypt_threads_mutex); mutex_enter(&crypt_data->mutex); - crypt_data->type = CRYPT_SCHEME_1; + crypt_data->type = fil_crypt_get_aes_method(aes_method); ut_a(crypt_data->rotate_state.active_threads == 1); crypt_data->rotate_state.active_threads = 0; crypt_data->rotate_state.starting = false; @@ -1257,10 +1309,14 @@ fil_crypt_start_encrypting_space(ulint space, bool *recheck) { } /*********************************************************************** -Check if space needs rotation given a key_state */ -static bool -fil_crypt_space_needs_rotation(uint space, const key_state_t *key_state, - bool *recheck) +Check if space needs rotation given a key_state +@return true if space needs key rotation */ +static +bool +fil_crypt_space_needs_rotation( + uint space, /*!< in: FIL space id */ + const key_state_t* key_state, /*!< in: Key state */ + bool* recheck) /*!< out: needs recheck ? */ { if (fil_space_get_type(space) != FIL_TABLESPACE) { return false; @@ -1374,7 +1430,9 @@ struct rotate_thread_t { /*********************************************************************** Update global statistics with thread statistics */ static void -fil_crypt_update_total_stat(rotate_thread_t *state) +fil_crypt_update_total_stat( +/*========================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { mutex_enter(&crypt_stat_mutex); crypt_stat.pages_read_from_cache += @@ -1397,9 +1455,13 @@ fil_crypt_update_total_stat(rotate_thread_t *state) /*********************************************************************** Allocate iops to thread from global setting, -used before starting to rotate a space */ -static bool -fil_crypt_alloc_iops(rotate_thread_t *state) +used before starting to rotate a space. +@return true if allocation succeeded, false if failed */ +static +bool +fil_crypt_alloc_iops( +/*=================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { ut_ad(state->allocated_iops == 0); @@ -1429,8 +1491,11 @@ fil_crypt_alloc_iops(rotate_thread_t *state) /*********************************************************************** Reallocate iops to thread, used when inside a space */ -static void -fil_crypt_realloc_iops(rotate_thread_t *state) +static +void +fil_crypt_realloc_iops( +/*========================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { ut_a(state->allocated_iops > 0); @@ -1519,8 +1584,11 @@ fil_crypt_realloc_iops(rotate_thread_t *state) /*********************************************************************** Return allocated iops to global */ -static void -fil_crypt_return_iops(rotate_thread_t *state) +static +void +fil_crypt_return_iops( +/*========================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { if (state->allocated_iops > 0) { uint iops = state->allocated_iops; @@ -1544,11 +1612,14 @@ fil_crypt_return_iops(rotate_thread_t *state) /*********************************************************************** Search for a space needing rotation */ +UNIV_INTERN bool fil_crypt_find_space_to_rotate( - const key_state_t *key_state, - rotate_thread_t *state, - bool *recheck) +/*===========================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state, /*!< in: Key rotation state */ + bool* recheck) /*!< out: true if recheck + needed */ { /* we need iops to start rotating */ while (!state->should_shutdown() && !fil_crypt_alloc_iops(state)) { @@ -1591,8 +1662,9 @@ Start rotating a space */ static void fil_crypt_start_rotate_space( - const key_state_t *key_state, - rotate_thread_t *state) +/*=========================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -1629,12 +1701,14 @@ fil_crypt_start_rotate_space( } /*********************************************************************** -Search for batch of pages needing rotation */ +Search for batch of pages needing rotation +@return true if page needing key rotation found, false if not found */ static bool fil_crypt_find_page_to_rotate( - const key_state_t *key_state, - rotate_thread_t *state) +/*==========================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint batch = srv_alloc_time * state->allocated_iops; ulint space = state->space; @@ -1665,9 +1739,15 @@ fil_crypt_find_page_to_rotate( } /*********************************************************************** -Check if a page is uninitialized (doesn't need to be rotated) */ -static bool -fil_crypt_is_page_uninitialized(const byte* frame, uint zip_size) +Check if a page is uninitialized (doesn't need to be rotated) +@return true if page is uninitialized, false if not.*/ +static +bool +fil_crypt_is_page_uninitialized( +/*============================*/ + const byte *frame, /*!< in: Page */ + uint zip_size) /*!< in: compressed size if + row_format compressed */ { if (zip_size) { ulint stored_checksum = mach_read_from_4( @@ -1696,15 +1776,20 @@ fil_crypt_is_page_uninitialized(const byte* frame, uint zip_size) sleeptime_ms, __FILE__, __LINE__) /*********************************************************************** -Get a page and compute sleep time */ +Get a page and compute sleep time +@return page */ static buf_block_t* -fil_crypt_get_page_throttle_func(rotate_thread_t *state, - ulint space, uint zip_size, ulint offset, - mtr_t *mtr, - ulint *sleeptime_ms, - const char *file, - ulint line) +fil_crypt_get_page_throttle_func( + rotate_thread_t* state, /*!< in/out: Key rotation state */ + ulint space, /*!< in: FIL space id */ + uint zip_size, /*!< in: compressed size if + row_format compressed */ + ulint offset, /*!< in: page offsett */ + mtr_t* mtr, /*!< in/out: minitransaction */ + ulint* sleeptime_ms, /*!< out: sleep time */ + const char* file, /*!< in: file name */ + ulint line) /*!< in: file line */ { buf_block_t* block = buf_page_try_get_func(space, offset, RW_X_LATCH, true, @@ -1753,17 +1838,22 @@ Get block and allocation status note: innodb locks fil_space_latch and then block when allocating page but locks block and then fil_space_latch when freeing page. +@return block */ static buf_block_t* btr_scrub_get_block_and_allocation_status( - rotate_thread_t *state, - ulint space, - ulint zip_size, - ulint offset, - mtr_t *mtr, +/*======================================*/ + rotate_thread_t* state, /*!< in/out: Key rotation state */ + ulint space, /*!< in: FIL space id */ + uint zip_size, /*!< in: compressed size if + row_format compressed */ + ulint offset, /*!< in: page offsett */ + mtr_t* mtr, /*!< in/out: minitransaction + */ btr_scrub_page_allocation_status_t *allocation_status, - ulint *sleeptime_ms) + /*!< in/out: allocation status */ + ulint* sleeptime_ms) /*!< out: sleep time */ { mtr_t local_mtr; buf_block_t *block = NULL; @@ -1807,8 +1897,9 @@ Rotate one page */ static void fil_crypt_rotate_page( - const key_state_t *key_state, - rotate_thread_t *state) +/*===================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; ulint offset = state->offset; @@ -1960,8 +2051,9 @@ Rotate a batch of pages */ static void fil_crypt_rotate_pages( - const key_state_t *key_state, - rotate_thread_t *state) +/*===================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; ulint end = state->offset + state->batch; @@ -1989,7 +2081,10 @@ fil_crypt_rotate_pages( Flush rotated pages and then update page 0 */ static void -fil_crypt_flush_space(rotate_thread_t *state, ulint space) +fil_crypt_flush_space( +/*==================*/ + rotate_thread_t* state, /*!< in: Key rotation state */ + ulint space) /*!< in: FIL space id */ { fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -2033,9 +2128,10 @@ fil_crypt_flush_space(rotate_thread_t *state, ulint space) RW_X_LATCH, NULL, BUF_GET, __FILE__, __LINE__, &mtr); byte* frame = buf_block_get_frame(block); - ulint maxsize = 0; + ulint maxsize; crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); + fil_space_write_crypt_data(space, frame, crypt_data->page0_offset, ULINT_MAX, &mtr); @@ -2048,8 +2144,9 @@ Complete rotating a space */ static void fil_crypt_complete_rotate_space( - const key_state_t *key_state, - rotate_thread_t *state) +/*============================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -2123,7 +2220,7 @@ A thread which monitors global key state and rotates tablespaces accordingly extern "C" UNIV_INTERN os_thread_ret_t DECLARE_THREAD(fil_crypt_thread)( -/*===============================*/ +/*=============================*/ void* arg __attribute__((unused))) /*!< in: a dummy parameter required * by os_thread_create */ { @@ -2240,13 +2337,19 @@ DECLARE_THREAD(fil_crypt_thread)( Adjust thread count for key rotation */ UNIV_INTERN void -fil_crypt_set_thread_cnt(uint new_cnt) +fil_crypt_set_thread_cnt( +/*=====================*/ + uint new_cnt) /*!< in: New key rotation thread count */ { if (new_cnt > srv_n_fil_crypt_threads) { uint add = new_cnt - srv_n_fil_crypt_threads; srv_n_fil_crypt_threads = new_cnt; for (uint i = 0; i < add; i++) { - os_thread_create(fil_crypt_thread, NULL, NULL); + os_thread_id_t rotation_thread_id; + os_thread_create(fil_crypt_thread, NULL, &rotation_thread_id); + ib_logf(IB_LOG_LEVEL_INFO, + "Creating #%d thread id %lu total threads %du\n", + i, os_thread_pf(rotation_thread_id), new_cnt); } } else if (new_cnt < srv_n_fil_crypt_threads) { srv_n_fil_crypt_threads = new_cnt; @@ -2263,7 +2366,9 @@ fil_crypt_set_thread_cnt(uint new_cnt) Adjust max key age */ UNIV_INTERN void -fil_crypt_set_rotate_key_age(uint val) +fil_crypt_set_rotate_key_age( +/*=========================*/ + uint val) /*!< in: New max key age */ { srv_fil_crypt_rotate_key_age = val; os_event_set(fil_crypt_threads_event); @@ -2273,7 +2378,9 @@ fil_crypt_set_rotate_key_age(uint val) Adjust rotation iops */ UNIV_INTERN void -fil_crypt_set_rotation_iops(uint val) +fil_crypt_set_rotation_iops( +/*========================*/ + uint val) /*!< in: New iops setting */ { srv_n_fil_crypt_iops = val; os_event_set(fil_crypt_threads_event); @@ -2284,6 +2391,7 @@ Init threads for key rotation */ UNIV_INTERN void fil_crypt_threads_init() +/*====================*/ { fil_crypt_event = os_event_create(); fil_crypt_threads_event = os_event_create(); @@ -2300,6 +2408,7 @@ End threads for key rotation */ UNIV_INTERN void fil_crypt_threads_end() +/*===================*/ { /* stop threads */ fil_crypt_set_thread_cnt(0); @@ -2309,7 +2418,9 @@ fil_crypt_threads_end() Clean up key rotation threads resources */ UNIV_INTERN void -fil_crypt_threads_cleanup() { +fil_crypt_threads_cleanup() +/*=======================*/ +{ os_event_free(fil_crypt_event); os_event_free(fil_crypt_threads_event); } @@ -2319,7 +2430,8 @@ Mark a space as closing */ UNIV_INTERN void fil_space_crypt_mark_space_closing( - ulint space) +/*===============================*/ + ulint space) /*!< in: Space id */ { mutex_enter(&fil_crypt_threads_mutex); fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); @@ -2340,7 +2452,8 @@ Wait for crypt threads to stop accessing space */ UNIV_INTERN void fil_space_crypt_close_tablespace( - ulint space) +/*=============================*/ + ulint space) /*!< in: Space id */ { mutex_enter(&fil_crypt_threads_mutex); fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); @@ -2352,11 +2465,14 @@ fil_space_crypt_close_tablespace( uint start = time(0); uint last = start; + mutex_enter(&crypt_data->mutex); mutex_exit(&fil_crypt_threads_mutex); crypt_data->closing = true; + uint cnt = crypt_data->rotate_state.active_threads; bool flushing = crypt_data->rotate_state.flushing; + while (cnt > 0 || flushing) { mutex_exit(&crypt_data->mutex); /* release dict mutex so that scrub threads can release their @@ -2386,11 +2502,12 @@ fil_space_crypt_close_tablespace( /********************************************************************* Get crypt status for a space (used by information_schema) return 0 if crypt data present */ +UNIV_INTERN int fil_space_crypt_get_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_crypt_status_t* status) /*!< out: status */ +/*=======================*/ + ulint id, /*!< in: space id */ + struct fil_space_crypt_status_t* status) /*!< out: status */ { fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(id); @@ -2400,6 +2517,7 @@ fil_space_crypt_get_status( mutex_enter(&crypt_data->mutex); status->keyserver_requests = crypt_data->keyserver_requests; status->min_key_version = crypt_data->min_key_version; + if (crypt_data->rotate_state.active_threads > 0 || crypt_data->rotate_state.flushing) { status->rotating = true; @@ -2427,8 +2545,11 @@ fil_space_crypt_get_status( /********************************************************************* Return crypt statistics */ +UNIV_INTERN void -fil_crypt_total_stat(fil_crypt_stat_t *stat) +fil_crypt_total_stat( +/*=================*/ + fil_crypt_stat_t *stat) /*!< out: Crypt statistics */ { mutex_enter(&crypt_stat_mutex); *stat = crypt_stat; @@ -2438,11 +2559,12 @@ fil_crypt_total_stat(fil_crypt_stat_t *stat) /********************************************************************* Get scrub status for a space (used by information_schema) return 0 if data found */ +UNIV_INTERN int fil_space_get_scrub_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_scrub_status_t* status) /*!< out: status */ +/*=======================*/ + ulint id, /*!< in: space id */ + struct fil_space_scrub_status_t* status) /*!< out: status */ { fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(id); memset(status, 0, sizeof(*status)); diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 8b0a788b7b9..9d37de6d63b 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -27,8 +27,7 @@ Created 10/25/1995 Heikki Tuuri #include "fil0fil.h" #include "fil0pagecompress.h" #include "fsp0pagecompress.h" -#include "fil0pageencryption.h" -#include "fsp0pageencryption.h" +#include "fil0crypt.h" #include #include @@ -284,7 +283,7 @@ fil_read( actual page size does not decrease. */ { return(fil_io(OS_FILE_READ, sync, space_id, zip_size, block_offset, - byte_offset, len, buf, message, write_size, 0, false)); + byte_offset, len, buf, message, write_size)); } /********************************************************************//** @@ -311,18 +310,16 @@ fil_write( this must be appropriately aligned */ void* message, /*!< in: message for aio handler if non-sync aio used, else ignored */ - ulint* write_size, /*!< in/out: Actual write size initialized + ulint* write_size) /*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: encrypt later ? */ { ut_ad(!srv_read_only_mode); return(fil_io(OS_FILE_WRITE, sync, space_id, zip_size, block_offset, - byte_offset, len, buf, message, write_size, lsn, encrypt_later)); + byte_offset, len, buf, message, write_size)); } /*******************************************************************//** @@ -648,10 +645,9 @@ fil_node_open_file( set */ page = static_cast(ut_align(buf2, UNIV_PAGE_SIZE)); - success = os_file_read(node->handle, page, 0, UNIV_PAGE_SIZE, - space->flags); + success = os_file_read(node->handle, page, 0, UNIV_PAGE_SIZE); - if (fil_page_encryption_status(page)) { + if (fil_page_is_encrypted(page)) { /* if page is (still) encrypted, write an error and return. * Otherwise the server would crash if decrypting is not possible. * This may be the case, if the key file could not be @@ -1156,21 +1152,6 @@ fil_space_create( ut_a(fil_system); - if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { - /* by returning here it should be avoided that - * the server crashes, if someone tries to access an - * encrypted table and the encryption key is not available. - * The the table is treaded as non-existent. - */ - ib_logf(IB_LOG_LEVEL_WARN, - "Tablespace '%s' can not be opened, because " - " encryption key can not be found (space id: %lu, key %lu)\n" - , name, (ulong) id, fsp_flags_get_page_encryption_key(flags)); - return (FALSE); - } - } - /* Look for a matching tablespace and if found free it. */ do { mutex_enter(&fil_system->mutex); @@ -1836,7 +1817,7 @@ fil_write_lsn_and_arch_no_to_file( lsn); err = fil_write(TRUE, space, 0, sum_of_sizes, 0, - UNIV_PAGE_SIZE, buf, NULL, 0, lsn, false); + UNIV_PAGE_SIZE, buf, NULL, 0); } mem_free(buf1); @@ -1927,13 +1908,10 @@ fil_check_first_page( or the encryption key is not available, the check for reading the first page should intentionally fail with "can not decrypt" message. */ - page_is_encrypted = fil_page_encryption_status(page); - if (page_is_encrypted == PAGE_ENCRYPTION_KEY_MISSING && page_is_encrypted) { - page_is_encrypted = 1; - } else { - page_is_encrypted = 0; + page_is_encrypted = fil_page_encryption_status(page, space_id); + if (!page_is_encrypted) { if (UNIV_PAGE_SIZE != fsp_flags_get_page_size(flags)) { - fprintf(stderr, + fprintf(stderr, "InnoDB: Error: Current page size %lu != " " page size on page %lu\n", UNIV_PAGE_SIZE, fsp_flags_get_page_size(flags)); @@ -1963,7 +1941,7 @@ fil_check_first_page( /* this error message is interpreted by the calling method, which is * executed if the server starts in recovery mode. */ - return(MSG_CANNOT_DECRYPT); + return(FIL_MSG_CANNOT_DECRYPT); } } @@ -2016,10 +1994,7 @@ fil_read_first_page( page = static_cast(ut_align(buf, UNIV_PAGE_SIZE)); - os_file_read(data_file, page, 0, UNIV_PAGE_SIZE, - orig_space_id != ULINT_UNDEFINED ? - fil_space_is_page_compressed(orig_space_id) : - FALSE); + os_file_read(data_file, page, 0, UNIV_PAGE_SIZE); /* The FSP_HEADER on page 0 is only valid for the first file in a tablespace. So if this is not the first datafile, leave @@ -4082,8 +4057,7 @@ fil_user_tablespace_find_space_id( for (ulint j = 0; j < page_count; ++j) { - st = os_file_read(fsp->file, page, (j* page_size), page_size, - fsp_flags_is_page_compressed(fsp->flags)); + st = os_file_read(fsp->file, page, (j* page_size), page_size); if (!st) { ib_logf(IB_LOG_LEVEL_INFO, @@ -4229,7 +4203,7 @@ check_first_page: "%s in tablespace %s (table %s)", check_msg, fsp->filepath, tablename); fsp->success = FALSE; - if (strncmp(check_msg, MSG_CANNOT_DECRYPT, strlen(check_msg))==0) { + if (strncmp(check_msg, FIL_MSG_CANNOT_DECRYPT, strlen(check_msg))==0) { /* by returning here, it should be avoided, that the server crashes, * if started in recovery mode and can not decrypt tables, if * the key file can not be read. @@ -5221,7 +5195,7 @@ retry: success = os_aio(OS_FILE_WRITE, OS_AIO_SYNC, node->name, node->handle, buf, offset, page_size * n_pages, - node, NULL, 0, FALSE, 0, 0, 0, 0, false); + node, NULL, 0); #endif /* UNIV_HOTBACKUP */ @@ -5602,13 +5576,11 @@ fil_io( appropriately aligned */ void* message, /*!< in: message for aio handler if non-sync aio used, else ignored */ - ulint* write_size, /*!< in/out: Actual write size initialized + ulint* write_size) /*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: encrypt later ? */ { ulint mode; fil_space_t* space; @@ -5618,10 +5590,6 @@ fil_io( ulint wake_later; os_offset_t offset; ibool ignore_nonexistent_pages; - ibool page_compressed = FALSE; - ulint page_compression_level = 0; - ibool page_encrypted; - ulint page_encryption_key; is_log = type & OS_FILE_LOG; type = type & ~OS_FILE_LOG; @@ -5805,11 +5773,6 @@ fil_io( ut_a(byte_offset % OS_FILE_LOG_BLOCK_SIZE == 0); ut_a((len % OS_FILE_LOG_BLOCK_SIZE) == 0); - page_compressed = fsp_flags_is_page_compressed(space->flags); - page_compression_level = fsp_flags_get_page_compression_level(space->flags); - page_encrypted = fsp_flags_is_page_encrypted(space->flags); - page_encryption_key = fsp_flags_get_page_encryption_key(space->flags); - #ifdef UNIV_HOTBACKUP /* In mysqlbackup do normal i/o, not aio */ if (type == OS_FILE_READ) { @@ -5831,13 +5794,7 @@ fil_io( len, node, message, - write_size, - page_compressed, - page_compression_level, - page_encrypted, - page_encryption_key, - lsn, - encrypt_later); + write_size); #endif /* UNIV_HOTBACKUP */ @@ -6387,9 +6344,7 @@ fil_iterate( readptr = iter.crypt_io_buffer; } - if (!os_file_read(iter.file, readptr, offset, - (ulint) n_bytes, - fil_space_is_page_compressed(space_id))) { + if (!os_file_read(iter.file, readptr, offset, (ulint) n_bytes)) { ib_logf(IB_LOG_LEVEL_ERROR, "os_file_read() failed"); @@ -6540,8 +6495,7 @@ fil_tablespace_iterate( /* Read the first page and determine the page and zip size. */ - if (!os_file_read(file, page, 0, UNIV_PAGE_SIZE, - dict_tf_get_page_compression(table->flags))) { + if (!os_file_read(file, page, 0, UNIV_PAGE_SIZE)) { err = DB_IO_ERROR; @@ -6601,7 +6555,7 @@ fil_tablespace_iterate( if (iter.crypt_data != NULL) { /* clear crypt data from page 0 and write it back */ - os_file_read(file, page, 0, UNIV_PAGE_SIZE, 0); + os_file_read(file, page, 0, UNIV_PAGE_SIZE); fil_space_clear_crypt_data(page, crypt_data_offset); lsn_t lsn = mach_read_from_8(page + FIL_PAGE_LSN); if (callback.get_zip_size() == 0) { @@ -6779,79 +6733,6 @@ fil_system_exit(void) mutex_exit(&fil_system->mutex); } -/*******************************************************************//** -Return space name */ -char* -fil_space_name( -/*===========*/ - fil_space_t* space) /*!< in: space */ -{ - return (space->name); -} - -/*******************************************************************//** -Return space flags */ -ulint -fil_space_flags( -/*===========*/ - fil_space_t* space) /*!< in: space */ -{ - return (space->flags); -} - -/*******************************************************************//** -Return page type name */ -const char* -fil_get_page_type_name( -/*===================*/ - ulint page_type) /*!< in: FIL_PAGE_TYPE */ -{ - switch(page_type) { - case FIL_PAGE_PAGE_COMPRESSED: - return (const char*)"PAGE_COMPRESSED"; - case FIL_PAGE_INDEX: - return (const char*)"INDEX"; - case FIL_PAGE_UNDO_LOG: - return (const char*)"UNDO LOG"; - case FIL_PAGE_INODE: - return (const char*)"INODE"; - case FIL_PAGE_IBUF_FREE_LIST: - return (const char*)"IBUF_FREE_LIST"; - case FIL_PAGE_TYPE_ALLOCATED: - return (const char*)"ALLOCATED"; - case FIL_PAGE_IBUF_BITMAP: - return (const char*)"IBUF_BITMAP"; - case FIL_PAGE_TYPE_SYS: - return (const char*)"SYS"; - case FIL_PAGE_TYPE_TRX_SYS: - return (const char*)"TRX_SYS"; - case FIL_PAGE_TYPE_FSP_HDR: - return (const char*)"FSP_HDR"; - case FIL_PAGE_TYPE_XDES: - return (const char*)"XDES"; - case FIL_PAGE_TYPE_BLOB: - return (const char*)"BLOB"; - case FIL_PAGE_TYPE_ZBLOB: - return (const char*)"ZBLOB"; - case FIL_PAGE_TYPE_ZBLOB2: - return (const char*)"ZBLOB2"; - case FIL_PAGE_TYPE_COMPRESSED: - return (const char*)"ORACLE PAGE COMPRESSED"; - default: - return (const char*)"PAGE TYPE CORRUPTED"; - } -} -/****************************************************************//** -Get block size from fil node -@return block size*/ -ulint -fil_node_get_block_size( -/*====================*/ - fil_node_t* node) /*!< in: Node where to get block - size */ -{ - return (node->file_block_size); -} /****************************************************************** Get id of first tablespace or ULINT_UNDEFINED if none */ diff --git a/storage/innobase/fil/fil0pagecompress.cc b/storage/innobase/fil/fil0pagecompress.cc index caed038b4ee..1c3db26372d 100644 --- a/storage/innobase/fil/fil0pagecompress.cc +++ b/storage/innobase/fil/fil0pagecompress.cc @@ -83,172 +83,6 @@ static ulint srv_data_read, srv_data_written; /* Used for debugging */ //#define UNIV_PAGECOMPRESS_DEBUG 1 -/****************************************************************//** -For page compressed pages decompress the page after actual read -operation. */ -static -void -fil_decompress_page_2( -/*==================*/ - byte* page_buf, /*!< out: destination buffer for - uncompressed data */ - byte* buf, /*!< in: source compressed data */ - ulong len, /*!< in: length of output buffer.*/ - ulint* write_size) /*!< in/out: Actual payload size of - the compressed data. */ -{ - ulint page_type = mach_read_from_2(buf + FIL_PAGE_TYPE); - - if (page_type != FIL_PAGE_TYPE_COMPRESSED) { - /* It is not a compressed page */ - return; - } - - byte* ptr = buf + FIL_PAGE_DATA; - ulint version = mach_read_from_1(buf + FIL_PAGE_VERSION); - int err = 0; - - ut_a(version == 1); - - /* Read the original page type, before we compressed the data. */ - page_type = mach_read_from_2(buf + FIL_PAGE_ORIGINAL_TYPE_V1); - - ulint original_len = mach_read_from_2(buf + FIL_PAGE_ORIGINAL_SIZE_V1); - - if (original_len < UNIV_PAGE_SIZE_MIN - (FIL_PAGE_DATA + 8) - || original_len > UNIV_PAGE_SIZE_MAX - FIL_PAGE_DATA - || len < original_len + FIL_PAGE_DATA) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: We try to uncompress corrupted page. " - "Original len %lu len %lu.", - original_len, len); - - fflush(stderr); - ut_error; - - } - - ulint algorithm = mach_read_from_1(buf + FIL_PAGE_ALGORITHM_V1); - - switch(algorithm) { - case PAGE_ZLIB_ALGORITHM: { - - err = uncompress(page_buf, &len, ptr, original_len); - - /* If uncompress fails it means that page is corrupted */ - if (err != Z_OK) { - - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed " - "but uncompress failed with error %d " - " size %lu len %lu.", - err, original_len, len); - - fflush(stderr); - - ut_error; - } - - break; - } -#ifdef HAVE_LZ4 - case PAGE_LZ4_ALGORITHM: { - - err = LZ4_decompress_fast( - (const char*) ptr, (char*) (page_buf), original_len); - - if (err < 0) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed" - " but decompression read only %d bytes" - " size %lu len %lu.", - err, original_len, len); - fflush(stderr); - - ut_error; - } - break; - } -#endif /* HAVE_LZ4 */ - -#ifdef HAVE_LZMA - case PAGE_LZMA_ALGORITHM: { - - lzma_ret ret; - size_t src_pos = 0; - size_t dst_pos = 0; - uint64_t memlimit = UINT64_MAX; - - ret = lzma_stream_buffer_decode( - &memlimit, - 0, - NULL, - ptr, - &src_pos, - original_len, - (page_buf), - &dst_pos, - len); - - - if (ret != LZMA_OK || (dst_pos <= 0 || dst_pos > len)) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed" - " but decompression read only %ld bytes" - " size %lu len %lu.", - dst_pos, original_len, len); - fflush(stderr); - - ut_error; - } - - break; - } -#endif /* HAVE_LZMA */ - -#ifdef HAVE_LZO - case PAGE_LZO_ALGORITHM: { - ulint olen = 0; - - err = lzo1x_decompress((const unsigned char *)ptr, - original_len,(unsigned char *)(page_buf), &olen, NULL); - - if (err != LZO_E_OK || (olen == 0 || olen > UNIV_PAGE_SIZE)) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed" - " but decompression read only %ld bytes" - " size %lu len %lu.", - olen, original_len, len); - fflush(stderr); - - ut_error; - } - break; - } -#endif /* HAVE_LZO */ - - default: - ib_logf(IB_LOG_LEVEL_ERROR, - " Corruption: Page is marked as compressed " - " but compression algorithm %s" - " is not known." - ,fil_get_compression_alg_name(algorithm)); - - fflush(stderr); - ut_error; - break; - } - - /* Leave the header alone */ - memmove(buf+FIL_PAGE_DATA, page_buf, original_len); - - mach_write_to_2(buf + FIL_PAGE_TYPE, page_type); - - ut_ad(memcmp(buf + FIL_PAGE_LSN + 4, - buf + (original_len + FIL_PAGE_DATA) - - FIL_PAGE_END_LSN_OLD_CHKSUM + 4, 4) == 0); -} - /****************************************************************//** For page compressed pages compress the page before actual write operation. @@ -289,8 +123,7 @@ fil_compress_page( if (orig_page_type == 0 || orig_page_type == FIL_PAGE_TYPE_FSP_HDR || orig_page_type == FIL_PAGE_TYPE_XDES || - orig_page_type == FIL_PAGE_PAGE_COMPRESSED || - orig_page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { + orig_page_type == FIL_PAGE_PAGE_COMPRESSED) { *out_len = len; return (buf); } @@ -579,16 +412,6 @@ fil_decompress_page( in_buf = page_buf; } - if (ptype == FIL_PAGE_TYPE_COMPRESSED) { - - fil_decompress_page_2(in_buf, buf, len, write_size); - // Need to free temporal buffer if no buffer was given - if (page_buf == NULL) { - ut_free(in_buf); - } - return; - } - /* Before actual decompress, make sure that page type is correct */ if (mach_read_from_4(buf+FIL_PAGE_SPACE_OR_CHKSUM) != BUF_NO_CHECKSUM_MAGIC || diff --git a/storage/innobase/fsp/fsp0fsp.cc b/storage/innobase/fsp/fsp0fsp.cc index ee1f2fd9510..1cf30a56a98 100644 --- a/storage/innobase/fsp/fsp0fsp.cc +++ b/storage/innobase/fsp/fsp0fsp.cc @@ -31,6 +31,7 @@ Created 11/29/1995 Heikki Tuuri #include "buf0buf.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "mtr0log.h" #include "ut0byte.h" #include "page0page.h" diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 3a5f961a9bb..311fdee4d3b 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -79,6 +79,7 @@ this program; if not, write to the Free Software Foundation, Inc., #include "fsp0fsp.h" #include "sync0sync.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "trx0xa.h" #include "row0merge.h" #include "dict0boot.h" @@ -103,7 +104,6 @@ this program; if not, write to the Free Software Foundation, Inc., #include "fts0priv.h" #include "page0zip.h" #include "fil0pagecompress.h" -#include "fil0pageencryption.h" #define thd_get_trx_isolation(X) ((enum_tx_isolation)thd_tx_isolation(X)) @@ -11047,8 +11047,6 @@ innobase_table_flags( modified by another thread while the table is being created. */ const ulint default_compression_level = page_zip_level; - const ulint default_encryption_key = srv_default_page_encryption_key; - *flags = 0; *flags2 = 0; @@ -11250,10 +11248,7 @@ index_bad: options->page_compressed, options->page_compression_level == 0 ? default_compression_level : options->page_compression_level, - options->atomic_writes, - options->page_encryption, - options->page_encryption_key == 0 ? - default_encryption_key : options->page_encryption_key); + options->atomic_writes); if (create_info->options & HA_LEX_CREATE_TMP_TABLE) { *flags2 |= DICT_TF2_TEMPORARY; @@ -19156,7 +19151,7 @@ static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryptio "Encryption key used for page encryption.", NULL, NULL, - DEFAULT_ENCRYPTION_KEY, 1, 255, 0); + FIL_DEFAULT_ENCRYPTION_KEY, 1, 255, 0); static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, diff --git a/storage/innobase/handler/i_s.cc b/storage/innobase/handler/i_s.cc index 65fcb7051ef..705886736ae 100644 --- a/storage/innobase/handler/i_s.cc +++ b/storage/innobase/handler/i_s.cc @@ -61,6 +61,8 @@ Modified Dec 29, 2014 Jan Lindström (Added sys_semaphore_waits) #include "btr0btr.h" #include "page0zip.h" #include "sync0arr.h" +#include "fil0fil.h" +#include "fil0crypt.h" /** structure associates a name string with a file page type and/or buffer page state. */ diff --git a/storage/innobase/include/dict0dict.h b/storage/innobase/include/dict0dict.h index 326b9e7c986..20014e05784 100644 --- a/storage/innobase/include/dict0dict.h +++ b/storage/innobase/include/dict0dict.h @@ -929,10 +929,8 @@ dict_tf_set( pages */ ulint page_compression_level, /*!< in: table page compression level */ - ulint atomic_writes, /*!< in: table atomic + ulint atomic_writes) /*!< in: table atomic writes option value*/ - bool page_encrypted,/*!< in: table uses page encryption */ - ulint page_encryption_key) /*!< in: page encryption key */ __attribute__((nonnull)); /********************************************************************//** Convert a 32 bit integer table flags to the 32 bit integer that is diff --git a/storage/innobase/include/dict0dict.ic b/storage/innobase/include/dict0dict.ic index 7c51faf844e..dd42b478c1f 100644 --- a/storage/innobase/include/dict0dict.ic +++ b/storage/innobase/include/dict0dict.ic @@ -543,9 +543,6 @@ dict_tf_is_valid( ulint data_dir = DICT_TF_HAS_DATA_DIR(flags); ulint atomic_writes = DICT_TF_GET_ATOMIC_WRITES(flags); - ulint page_encryption = DICT_TF_GET_PAGE_ENCRYPTION(flags); - ulint page_encryption_key = DICT_TF_GET_PAGE_ENCRYPTION_KEY(flags); - /* Make sure there are no bits that we do not know about. */ if (unused != 0) { fprintf(stderr, @@ -555,12 +552,10 @@ dict_tf_is_valid( "InnoDB: compact %ld atomic_blobs %ld\n" "InnoDB: unused %ld data_dir %ld zip_ssize %ld\n" "InnoDB: page_compression %ld page_compression_level %ld\n" - "InnoDB: atomic_writes %ld\n" - "InnoDB: page_encryption %ld page_encryption_key %ld\n", + "InnoDB: atomic_writes %ld\n", unused, compact, atomic_blobs, unused, data_dir, zip_ssize, - page_compression, page_compression_level, atomic_writes, - page_encryption, page_encryption_key + page_compression, page_compression_level, atomic_writes ); return(false); @@ -857,9 +852,7 @@ dict_tf_set( pages */ ulint page_compression_level, /*!< in: table page compression level */ - ulint atomic_writes, /*!< in: table atomic writes setup */ - bool page_encrypted, /*!< in: table uses page encryption */ - ulint page_encryption_key /*!< in: page encryption key */) + ulint atomic_writes) /*!< in: table atomic writes setup */ { atomic_writes_t awrites = (atomic_writes_t)atomic_writes; @@ -900,11 +893,6 @@ dict_tf_set( if (use_data_dir) { *flags |= (1 << DICT_TF_POS_DATA_DIR); } - - if (page_encrypted) { - *flags |= (1 << DICT_TF_POS_PAGE_ENCRYPTION) - | (page_encryption_key << DICT_TF_POS_PAGE_ENCRYPTION_KEY); - } } /********************************************************************//** @@ -927,10 +915,6 @@ dict_tf_to_fsp_flags( ulint fsp_flags; ulint page_compression = DICT_TF_GET_PAGE_COMPRESSION(table_flags); ulint page_compression_level = DICT_TF_GET_PAGE_COMPRESSION_LEVEL(table_flags); - - ulint page_encryption = DICT_TF_GET_PAGE_ENCRYPTION(table_flags); - ulint page_encryption_key = DICT_TF_GET_PAGE_ENCRYPTION_KEY(table_flags); - ulint atomic_writes = DICT_TF_GET_ATOMIC_WRITES(table_flags); DBUG_EXECUTE_IF("dict_tf_to_fsp_flags_failure", @@ -958,14 +942,6 @@ dict_tf_to_fsp_flags( if page compression is used for this table. */ fsp_flags |= FSP_FLAGS_SET_PAGE_COMPRESSION_LEVEL(fsp_flags, page_compression_level); - /* In addition, tablespace flags also contain if the page - encryption is used for this table. */ - fsp_flags |= FSP_FLAGS_SET_PAGE_ENCRYPTION(fsp_flags, page_encryption); - - /* In addition, tablespace flags also contain page encryption key if the page - encryption is used for this table. */ - fsp_flags |= FSP_FLAGS_SET_PAGE_ENCRYPTION_KEY(fsp_flags, page_encryption_key); - /* In addition, tablespace flags also contain flag if atomic writes is used for this table */ fsp_flags |= FSP_FLAGS_SET_ATOMIC_WRITES(fsp_flags, atomic_writes); @@ -1007,8 +983,6 @@ dict_sys_tables_type_to_tf( | DICT_TF_MASK_PAGE_COMPRESSION | DICT_TF_MASK_PAGE_COMPRESSION_LEVEL | DICT_TF_MASK_ATOMIC_WRITES - | DICT_TF_MASK_PAGE_ENCRYPTION - | DICT_TF_MASK_PAGE_ENCRYPTION_KEY ); @@ -1045,9 +1019,7 @@ dict_tf_to_sys_tables_type( | DICT_TF_MASK_DATA_DIR | DICT_TF_MASK_PAGE_COMPRESSION | DICT_TF_MASK_PAGE_COMPRESSION_LEVEL - | DICT_TF_MASK_ATOMIC_WRITES - | DICT_TF_MASK_PAGE_ENCRYPTION - | DICT_TF_MASK_PAGE_ENCRYPTION_KEY); + | DICT_TF_MASK_ATOMIC_WRITES); return(type); } diff --git a/storage/innobase/include/dict0pagecompress.ic b/storage/innobase/include/dict0pagecompress.ic index a71b2b34b07..811976434a8 100644 --- a/storage/innobase/include/dict0pagecompress.ic +++ b/storage/innobase/include/dict0pagecompress.ic @@ -42,8 +42,6 @@ dict_tf_verify_flags( ulint page_compression = DICT_TF_GET_PAGE_COMPRESSION(table_flags); ulint page_compression_level = DICT_TF_GET_PAGE_COMPRESSION_LEVEL(table_flags); ulint atomic_writes = DICT_TF_GET_ATOMIC_WRITES(table_flags); - ulint page_encryption = DICT_TF_GET_PAGE_ENCRYPTION(table_flags); - ulint page_encryption_key = DICT_TF_GET_PAGE_ENCRYPTION_KEY(table_flags); ulint post_antelope = FSP_FLAGS_GET_POST_ANTELOPE(fsp_flags); ulint zip_ssize = FSP_FLAGS_GET_ZIP_SSIZE(fsp_flags); ulint fsp_atomic_blobs = FSP_FLAGS_HAS_ATOMIC_BLOBS(fsp_flags); @@ -52,9 +50,6 @@ dict_tf_verify_flags( ulint fsp_page_compression = FSP_FLAGS_GET_PAGE_COMPRESSION(fsp_flags); ulint fsp_page_compression_level = FSP_FLAGS_GET_PAGE_COMPRESSION_LEVEL(fsp_flags); ulint fsp_atomic_writes = FSP_FLAGS_GET_ATOMIC_WRITES(fsp_flags); - ulint fsp_page_encryption = FSP_FLAGS_GET_PAGE_ENCRYPTION(fsp_flags); - ulint fsp_page_encryption_key = FSP_FLAGS_GET_PAGE_ENCRYPTION_KEY(fsp_flags); - DBUG_EXECUTE_IF("dict_tf_verify_flags_failure", return(ULINT_UNDEFINED);); @@ -112,27 +107,6 @@ dict_tf_verify_flags( return (FALSE); } - if (page_encryption != fsp_page_encryption) { - fprintf(stderr, - "InnoDB: Error: table flags has page_encryption %ld" - " in the data dictionary\n" - "InnoDB: but the flags in file has page_encryption %ld\n", - page_encryption, fsp_page_encryption); - - return (FALSE); - } - - if (page_encryption_key != fsp_page_encryption_key) { - fprintf(stderr, - "InnoDB: Error: table flags has page_encryption_key %ld" - " in the data dictionary\n" - "InnoDB: but the flags in file has page_encryption_key %ld\n", - page_encryption_key, fsp_page_encryption_key); - - return (FALSE); - } - - return(TRUE); } diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h new file mode 100644 index 00000000000..9d02034e4b2 --- /dev/null +++ b/storage/innobase/include/fil0crypt.h @@ -0,0 +1,394 @@ +/***************************************************************************** + +Copyright (c) 2015, MariaDB Corporation. + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., +51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA + +*****************************************************************************/ + +/**************************************************//** +@file include/fil0crypt.h +The low-level file system encryption support functions + +Created 04/01/2015 Jan Lindström +*******************************************************/ + +#ifndef fil0crypt_h +#define fil0crypt_h + +#define FIL_MSG_CANNOT_DECRYPT "can not decrypt" +#define FIL_ENCRYPTION_WRONG_KEY 1 +#define FIL_ENCRYPTION_WRONG_PAGE_TYPE 2 +#define FIL_ENCRYPTION_ERROR 3 +#define FIL_ENCRYPTION_KEY_MISSING 4 +#define FIL_ENCRYPTION_OK 0 +#define FIL_ENCRYPTION_WILL_NOT_ENCRYPT 5 + +/* This key will be used if nothing else is given */ +#define FIL_DEFAULT_ENCRYPTION_KEY 1 + +/** + * CRYPT_SCHEME_UNENCRYPTED + * + * Used as intermediate state when convering a space from unencrypted + * to encrypted + */ +/** + * CRYPT_SCHEME_1 + * + * AES_CTR / AES_CBC: + * L = AES_ECB(KEY, IV) + * CRYPT(PAGE) = AES_CRT(KEY=L, IV=C, PAGE) + */ + +#define CRYPT_SCHEME_1 1 +#define CRYPT_SCHEME_1_IV_LEN 16 +#define CRYPT_SCHEME_UNENCRYPTED 0 + +/* Currently supported encryption methods */ +typedef enum { + CRYPT_SCHEME_1_UNENCRYPTED = 0, /*keys[0].key_version)) { + /* accessing table would surely fail, because no key or no key provider available */ + return FIL_ENCRYPTION_KEY_MISSING; + } + } + } else { + ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + if (!has_encryption_key(key)) { + return FIL_ENCRYPTION_KEY_MISSING; + } + } + return 0; +} diff --git a/storage/innobase/include/fil0fil.h b/storage/innobase/include/fil0fil.h index e4f16b24392..2c6c5804f65 100644 --- a/storage/innobase/include/fil0fil.h +++ b/storage/innobase/include/fil0fil.h @@ -26,7 +26,6 @@ Created 10/25/1995 Heikki Tuuri #ifndef fil0fil_h #define fil0fil_h -#define MSG_CANNOT_DECRYPT "can not decrypt" #include "univ.i" #ifndef UNIV_INNOCHECKSUM @@ -136,24 +135,6 @@ extern fil_addr_t fil_addr_null; used to encrypt the page + 32-bit checksum or 64 bits of zero if no encryption */ -/** If page type is FIL_PAGE_COMPRESSED then the 8 bytes starting at -FIL_PAGE_FILE_FLUSH_LSN are broken down as follows: */ - -/** Control information version format (u8) */ -static const ulint FIL_PAGE_VERSION = FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION; - -/** Compression algorithm (u8) */ -static const ulint FIL_PAGE_ALGORITHM_V1 = FIL_PAGE_VERSION + 1; - -/** Original page type (u16) */ -static const ulint FIL_PAGE_ORIGINAL_TYPE_V1 = FIL_PAGE_ALGORITHM_V1 + 1; - -/** Original data size in bytes (u16)*/ -static const ulint FIL_PAGE_ORIGINAL_SIZE_V1 = FIL_PAGE_ORIGINAL_TYPE_V1 + 2; - -/** Size after compression (u16)*/ -static const ulint FIL_PAGE_COMPRESS_SIZE_V1 = FIL_PAGE_ORIGINAL_SIZE_V1 + 2; - #define FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID 34 /*!< starting from 4.1.x this contains the space id of the page */ #define FIL_PAGE_SPACE_ID FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID @@ -173,10 +154,7 @@ static const ulint FIL_PAGE_COMPRESS_SIZE_V1 = FIL_PAGE_ORIGINAL_SIZE_V1 + 2; /* @} */ /** File page types (values of FIL_PAGE_TYPE) @{ */ -#define FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED 35631 /* page compressed + - encrypted page */ #define FIL_PAGE_PAGE_COMPRESSED 34354 /*!< page compressed page */ -#define FIL_PAGE_PAGE_ENCRYPTED 34355 /*!< Page encrypted page */ #define FIL_PAGE_INDEX 17855 /*!< B-tree node */ #define FIL_PAGE_UNDO_LOG 2 /*!< Undo log page */ #define FIL_PAGE_INODE 3 /*!< Index node */ @@ -203,6 +181,9 @@ static const ulint FIL_PAGE_COMPRESS_SIZE_V1 = FIL_PAGE_ORIGINAL_SIZE_V1 + 2; #ifndef UNIV_INNOCHECKSUM +/* structure containing encryption specification */ +typedef struct fil_space_crypt_struct fil_space_crypt_t; + /** The number of fsyncs done to the log */ extern ulint fil_n_log_flushes; @@ -214,9 +195,6 @@ extern ulint fil_n_pending_tablespace_flushes; /** Number of files currently open */ extern ulint fil_n_file_opened; -/* structure containing encryption specification */ -typedef struct fil_space_crypt_struct fil_space_crypt_t; - struct fsp_open_info { ibool success; /*!< Has the tablespace been opened? */ const char* check_msg; /*!< fil_check_first_page() message */ @@ -997,13 +975,11 @@ fil_io( appropriately aligned */ void* message, /*!< in: message for aio handler if non-sync aio used, else ignored */ - ulint* write_size, /*!< in/out: Actual write size initialized + ulint* write_size) /*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: should we encrypt the page */ __attribute__((nonnull(8))); /**********************************************************************//** Waits for an aio operation to complete. This function is used to write the @@ -1256,6 +1232,7 @@ fil_user_tablespace_restore_page( /*******************************************************************//** Return space flags */ +UNIV_INLINE ulint fil_space_flags( /*===========*/ @@ -1281,12 +1258,6 @@ fil_space_t* fil_space_get_by_id( /*================*/ ulint id); /*!< in: space id */ -/*******************************************************************//** -Return space name */ -char* -fil_space_name( -/*===========*/ - fil_space_t* space); /*!< in: space */ /****************************************************************** Get id of first tablespace or ULINT_UNDEFINED if none */ @@ -1301,270 +1272,13 @@ ulint fil_get_next_space( ulint id); /*!< in: space id */ -/********************************************************************* -Init global resources needed for tablespace encryption/decryption */ -void -fil_space_crypt_init(); - -/********************************************************************* -Cleanup global resources needed for tablespace encryption/decryption */ -void -fil_space_crypt_cleanup(); - -/********************************************************************* -Create crypt data, i.e data that is used for a single tablespace */ -fil_space_crypt_t * -fil_space_create_crypt_data(); - -/********************************************************************* -Destroy crypt data */ -UNIV_INTERN -void -fil_space_destroy_crypt_data( -/*=========================*/ - fil_space_crypt_t **crypt_data); /*!< in/out: crypt data */ - -/********************************************************************* -Get crypt data for a space*/ -fil_space_crypt_t * -fil_space_get_crypt_data( -/*======================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Set crypt data for a space*/ -void -fil_space_set_crypt_data( -/*======================*/ - ulint space, /*!< in: tablespace id */ - fil_space_crypt_t* crypt_data); /*!< in: crypt data */ - -/********************************************************************* -Compare crypt data*/ -int -fil_space_crypt_compare( -/*======================*/ - const fil_space_crypt_t* crypt_data1, /*!< in: crypt data */ - const fil_space_crypt_t* crypt_data2); /*!< in: crypt data */ - -/********************************************************************* -Read crypt data from buffer page */ -fil_space_crypt_t * -fil_space_read_crypt_data( -/*======================*/ - ulint space, /*!< in: tablespace id */ - const byte* page, /*!< in: buffer page */ - ulint offset); /*!< in: offset where crypt data is stored */ - -/********************************************************************* -Write crypt data to buffer page */ -void -fil_space_write_crypt_data( -/*=======================*/ - ulint space, /*!< in: tablespace id */ - byte* page, /*!< in: buffer page */ - ulint offset, /*!< in: offset where to store data */ - ulint maxsize, /*!< in: max space available to store crypt data in */ - mtr_t * mtr); /*!< in: mini-transaction */ - -/********************************************************************* -Clear crypt data from page 0 (used for import tablespace) */ -void -fil_space_clear_crypt_data( -/*======================*/ - byte* page, /*!< in: buffer page */ - ulint offset); /*!< in: offset where crypt data is stored */ - -/********************************************************************* -Parse crypt data log record */ -byte* -fil_parse_write_crypt_data( -/*=======================*/ - byte* ptr, /*!< in: start of log record */ - byte* end_ptr, /*!< in: end of log record */ - buf_block_t*); /*!< in: buffer page to apply record to */ - -/********************************************************************* -Check if extra buffer shall be allocated for decrypting after read */ -UNIV_INTERN -bool -fil_space_check_encryption_read( -/*==============================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Check if page shall be encrypted before write */ -UNIV_INTERN -bool -fil_space_check_encryption_write( -/*==============================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Encrypt buffer page */ -void -fil_space_encrypt( -/*===============*/ - ulint space, /*!< in: tablespace id */ - ulint offset, /*!< in: page no */ - lsn_t lsn, /*!< in: page lsn */ - const byte* src_frame,/*!< in: page frame */ - ulint size, /*!< in: size of data to encrypt */ - byte* dst_frame, /*!< in: where to encrypt to */ - ulint page_encryption_key); /*!< in: page encryption key id if page - encrypted */ - -/********************************************************************* -Decrypt buffer page */ -void -fil_space_decrypt( -/*===============*/ - ulint space, /*!< in: tablespace id */ - const byte* src_frame,/*!< in: page frame */ - ulint page_size, /*!< in: size of data to encrypt */ - byte* dst_frame); /*!< in: where to decrypt to */ - - -/********************************************************************* -Decrypt buffer page -@return true if page was encrypted */ -bool -fil_space_decrypt( -/*===============*/ - fil_space_crypt_t* crypt_data, /*!< in: crypt data */ - const byte* src_frame,/*!< in: page frame */ - ulint page_size, /*!< in: page size */ - byte* dst_frame); /*!< in: where to decrypt to */ - -/********************************************************************* -fil_space_verify_crypt_checksum -NOTE: currently this function can only be run in single threaded mode -as it modifies srv_checksum_algorithm (temporarily) -@return true if page is encrypted AND OK, false otherwise */ -bool -fil_space_verify_crypt_checksum( -/*===============*/ - const byte* src_frame,/*!< in: page frame */ - ulint zip_size); /*!< in: size of data to encrypt */ - -/********************************************************************* -Init threads for key rotation */ -void -fil_crypt_threads_init(); - -/********************************************************************* -Set thread count (e.g start or stops threads) used for key rotation */ -void -fil_crypt_set_thread_cnt( -/*=====================*/ - uint new_cnt); /*!< in: requested #threads */ - -/********************************************************************* -End threads for key rotation */ -void -fil_crypt_threads_end(); - -/********************************************************************* -Cleanup resources for threads for key rotation */ -void -fil_crypt_threads_cleanup(); - -/********************************************************************* -Set rotate key age */ -void -fil_crypt_set_rotate_key_age( -/*=====================*/ - uint rotate_age); /*!< in: requested rotate age */ - -/********************************************************************* -Set rotation threads iops */ -void -fil_crypt_set_rotation_iops( -/*=====================*/ - uint iops); /*!< in: requested iops */ - -/********************************************************************* -Mark a space as closing */ -UNIV_INTERN -void -fil_space_crypt_mark_space_closing( -/*===============*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Wait for crypt threads to stop accessing space */ -UNIV_INTERN -void -fil_space_crypt_close_tablespace( -/*===============*/ - ulint space); /*!< in: tablespace id */ - -/** Struct for retreiving info about encryption */ -struct fil_space_crypt_status_t { - ulint space; /*!< tablespace id */ - ulint scheme; /*!< encryption scheme */ - uint min_key_version; /*!< min key version */ - uint current_key_version;/*!< current key version */ - uint keyserver_requests;/*!< no of key requests to key server */ - bool rotating; /*!< is key rotation ongoing */ - bool flushing; /*!< is flush at end of rotation ongoing */ - ulint rotate_next_page_number; /*!< next page if key rotating */ - ulint rotate_max_page_number; /*!< max page if key rotating */ -}; - -/********************************************************************* -Get crypt status for a space -@return 0 if crypt data found */ -int -fil_space_crypt_get_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_crypt_status_t * status); /*!< out: status */ - -/** Struct for retreiving statistics about encryption key rotation */ -struct fil_crypt_stat_t { - ulint pages_read_from_cache; - ulint pages_read_from_disk; - ulint pages_modified; - ulint pages_flushed; - ulint estimated_iops; -}; - -/********************************************************************* -Get crypt rotation statistics */ -void -fil_crypt_total_stat( -/*==================*/ - fil_crypt_stat_t* stat); /*!< out: crypt stat */ - -/** Struct for retreiving info about scrubbing */ -struct fil_space_scrub_status_t { - ulint space; /*!< tablespace id */ - bool compressed; /*!< is space compressed */ - time_t last_scrub_completed; /*!< when was last scrub completed */ - bool scrubbing; /*!< is scrubbing ongoing */ - time_t current_scrub_started; /*!< when started current scrubbing */ - ulint current_scrub_active_threads; /*!< current scrub active threads */ - ulint current_scrub_page_number; /*!< current scrub page no */ - ulint current_scrub_max_page_number; /*!< current scrub max page no */ -}; - -/********************************************************************* -Get scrub status for a space -@return 0 if no scrub info found */ -int -fil_space_get_scrub_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_scrub_status_t * status); /*!< out: status */ #endif -/*******************************************************************//** -Return page type name */ -const char* -fil_get_page_type_name( -/*===================*/ - ulint page_type); /*!< in: FIL_PAGE_TYPE */ +#ifndef UNIV_INNOCHECKSUM +#ifndef UNIV_NONINL +#include "fil0fil.ic" +#endif +#endif #endif /* fil0fil_h */ diff --git a/storage/innobase/include/fil0fil.ic b/storage/innobase/include/fil0fil.ic new file mode 100644 index 00000000000..b1e65e6dddb --- /dev/null +++ b/storage/innobase/include/fil0fil.ic @@ -0,0 +1,108 @@ +/***************************************************************************** + +Copyright (c) 2015, MariaDB Corporation. + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., +51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA + +*****************************************************************************/ + +/**************************************************//** +@file include/fil0fil.ic +The low-level file system support functions + +Created 31/03/2015 Jan Lindström +*******************************************************/ + +#ifndef fil0fil_ic +#define fil0fil_ic + +/*******************************************************************//** +Return space name */ +UNIV_INLINE +char* +fil_space_name( +/*===========*/ + fil_space_t* space) /*!< in: space */ +{ + return (space->name); +} + +/*******************************************************************//** +Return space flags */ +UNIV_INLINE +ulint +fil_space_flags( +/*===========*/ + fil_space_t* space) /*!< in: space */ +{ + return (space->flags); +} + +/*******************************************************************//** +Return page type name */ +UNIV_INLINE +const char* +fil_get_page_type_name( +/*===================*/ + ulint page_type) /*!< in: FIL_PAGE_TYPE */ +{ + switch(page_type) { + case FIL_PAGE_PAGE_COMPRESSED: + return (const char*)"PAGE_COMPRESSED"; + case FIL_PAGE_INDEX: + return (const char*)"INDEX"; + case FIL_PAGE_UNDO_LOG: + return (const char*)"UNDO LOG"; + case FIL_PAGE_INODE: + return (const char*)"INODE"; + case FIL_PAGE_IBUF_FREE_LIST: + return (const char*)"IBUF_FREE_LIST"; + case FIL_PAGE_TYPE_ALLOCATED: + return (const char*)"ALLOCATED"; + case FIL_PAGE_IBUF_BITMAP: + return (const char*)"IBUF_BITMAP"; + case FIL_PAGE_TYPE_SYS: + return (const char*)"SYS"; + case FIL_PAGE_TYPE_TRX_SYS: + return (const char*)"TRX_SYS"; + case FIL_PAGE_TYPE_FSP_HDR: + return (const char*)"FSP_HDR"; + case FIL_PAGE_TYPE_XDES: + return (const char*)"XDES"; + case FIL_PAGE_TYPE_BLOB: + return (const char*)"BLOB"; + case FIL_PAGE_TYPE_ZBLOB: + return (const char*)"ZBLOB"; + case FIL_PAGE_TYPE_ZBLOB2: + return (const char*)"ZBLOB2"; + case FIL_PAGE_TYPE_COMPRESSED: + return (const char*)"ORACLE PAGE COMPRESSED"; + default: + return (const char*)"PAGE TYPE CORRUPTED"; + } +} + +/****************************************************************//** +Get block size from fil node +@return block size*/ +UNIV_INLINE +ulint +fil_node_get_block_size( +/*====================*/ + fil_node_t* node) /*!< in: Node where to get block + size */ +{ + return (node->file_block_size); +} + +#endif /* fil0fil_ic */ diff --git a/storage/innobase/include/fil0pageencryption.h b/storage/innobase/include/fil0pageencryption.h deleted file mode 100644 index 405b91c8c06..00000000000 --- a/storage/innobase/include/fil0pageencryption.h +++ /dev/null @@ -1,79 +0,0 @@ -/***************************************************************************** - -Copyright (C) 2014 eperi GmbH. All Rights Reserved. - -This program is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free Software -Foundation; version 2 of the License. - -This program is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along with -this program; if not, write to the Free Software Foundation, Inc., -51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - -*****************************************************************************/ - -#ifndef fil0pageencryption_h -#define fil0pageencryption_h - -#define PAGE_ENCRYPTION_WRONG_KEY 1 -#define PAGE_ENCRYPTION_WRONG_PAGE_TYPE 2 -#define PAGE_ENCRYPTION_ERROR 3 -#define PAGE_ENCRYPTION_KEY_MISSING 4 -#define PAGE_ENCRYPTION_OK 0 -#define PAGE_ENCRYPTION_WILL_NOT_ENCRYPT 5 - -/* This key will be used if nothing else is given */ -#define DEFAULT_ENCRYPTION_KEY 1 - -#include "fsp0fsp.h" -#include "fsp0pageencryption.h" - -/******************************************************************//** -@file include/fil0pageencryption.h -Helper functions for encryption/decryption page data on to table space. - -Created 08/25/2014 -***********************************************************************/ - -/*******************************************************************//** -Find out whether the page is page encrypted -Returns the page encryption flag of the space, or false if the space -is not encrypted. The tablespace must be cached in the memory cache. -@return true if page encrypted, false if not or space not found */ -ibool -fil_space_is_page_encrypted( -/*========================*/ - ulint id); /*!< in: space id */ - -/*******************************************************************//** -Find out whether the page is page encrypted -@return true if page is page encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_encrypted( -/*==================*/ - const byte *buf); /*!< in: page */ - -/*******************************************************************//** -Find out whether the page is page compressed and then encrypted -@return true if page is page compressed+encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_compressed_encrypted( -/*=============================*/ - const byte *buf); /*!< in: page */ - -/*******************************************************************//** -Find out whether the page can be decrypted -@return true if page can be decrypted, false if not. */ -UNIV_INLINE -ulint -fil_page_encryption_status( -/*=======================*/ - const byte *buf); /*!< in: page */ - -#endif // fil0pageencryption_h diff --git a/storage/innobase/include/fsp0fsp.h b/storage/innobase/include/fsp0fsp.h index ee1ab4c7f55..2bac42eb081 100644 --- a/storage/innobase/include/fsp0fsp.h +++ b/storage/innobase/include/fsp0fsp.h @@ -59,10 +59,6 @@ is found in a remote location, not the default data directory. */ #define FSP_FLAGS_WIDTH_PAGE_COMPRESSION 1 #define FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL 4 -/** Number of flag bits used to indicate the page compression and compression level */ -#define FSP_FLAGS_WIDTH_PAGE_ENCRYPTION 1 -#define FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY 8 - /** Number of flag bits used to indicate atomic writes for this tablespace */ #define FSP_FLAGS_WIDTH_ATOMIC_WRITES 2 @@ -74,9 +70,7 @@ is found in a remote location, not the default data directory. */ + FSP_FLAGS_WIDTH_DATA_DIR \ + FSP_FLAGS_WIDTH_PAGE_COMPRESSION \ + FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL \ - + FSP_FLAGS_WIDTH_ATOMIC_WRITES \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY) + + FSP_FLAGS_WIDTH_ATOMIC_WRITES ) /** A mask of all the known/used bits in tablespace flags */ #define FSP_FLAGS_MASK (~(~0 << FSP_FLAGS_WIDTH)) @@ -100,15 +94,9 @@ dictionary */ /** Zero relative shift position of the ATOMIC_WRITES field */ #define FSP_FLAGS_POS_ATOMIC_WRITES (FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL \ + FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL) -/** Zero relative shift position of the PAGE_ENCRYPTION field */ -#define FSP_FLAGS_POS_PAGE_ENCRYPTION (FSP_FLAGS_POS_ATOMIC_WRITES \ - + FSP_FLAGS_WIDTH_ATOMIC_WRITES) -/** Zero relative shift position of the PAGE_ENCRYPTION_KEY field */ -#define FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY (FSP_FLAGS_POS_PAGE_ENCRYPTION \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION) /** Zero relative shift position of the PAGE_SSIZE field */ -#define FSP_FLAGS_POS_PAGE_SSIZE (FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY) +#define FSP_FLAGS_POS_PAGE_SSIZE (FSP_FLAGS_POS_ATOMIC_WRITES \ + + FSP_FLAGS_WIDTH_ATOMIC_WRITES) /** Zero relative shift position of the start of the UNUSED bits */ #define FSP_FLAGS_POS_DATA_DIR (FSP_FLAGS_POS_PAGE_SSIZE \ + FSP_FLAGS_WIDTH_PAGE_SSIZE) @@ -144,14 +132,6 @@ dictionary */ #define FSP_FLAGS_MASK_PAGE_COMPRESSION_LEVEL \ ((~(~0 << FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL)) \ << FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL) -/** Bit mask of the PAGE_ENCRYPTION field */ -#define FSP_FLAGS_MASK_PAGE_ENCRYPTION \ - ((~(~0 << FSP_FLAGS_WIDTH_PAGE_ENCRYPTION)) \ - << FSP_FLAGS_POS_PAGE_ENCRYPTION) -/** Bit mask of the PAGE_ENCRYPTION_KEY field */ -#define FSP_FLAGS_MASK_PAGE_ENCRYPTION_KEY \ - ((~(~0 << FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY)) \ - << FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY) /** Bit mask of the ATOMIC_WRITES field */ #define FSP_FLAGS_MASK_ATOMIC_WRITES \ ((~(~0 << FSP_FLAGS_WIDTH_ATOMIC_WRITES)) \ @@ -192,14 +172,6 @@ dictionary */ #define FSP_FLAGS_GET_ATOMIC_WRITES(flags) \ ((flags & FSP_FLAGS_MASK_ATOMIC_WRITES) \ >> FSP_FLAGS_POS_ATOMIC_WRITES) -/** Return the value of the PAGE_ENCRYPTION field */ -#define FSP_FLAGS_GET_PAGE_ENCRYPTION(flags) \ - ((flags & FSP_FLAGS_MASK_PAGE_ENCRYPTION) \ - >> FSP_FLAGS_POS_PAGE_ENCRYPTION) -/** Return the value of the PAGE_ENCRYPTION_KEY field */ -#define FSP_FLAGS_GET_PAGE_ENCRYPTION_KEY(flags) \ - ((flags & FSP_FLAGS_MASK_PAGE_ENCRYPTION_KEY) \ - >> FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY) /** Set a PAGE_SSIZE into the correct bits in a given tablespace flags. */ @@ -216,13 +188,6 @@ tablespace flags. */ #define FSP_FLAGS_SET_PAGE_COMPRESSION_LEVEL(flags, level) \ (flags | (level << FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL)) -/** Set a PAGE_ENCRYPTION into the correct bits in a given tablespace flags. */ -#define FSP_FLAGS_SET_PAGE_ENCRYPTION(flags, encryption) \ - (flags | (encryption << FSP_FLAGS_POS_PAGE_ENCRYPTION)) -/** Set a PAGE_ENCRYPTION_KEY into the correct bits in a given tablespace flags. */ -#define FSP_FLAGS_SET_PAGE_ENCRYPTION_KEY(flags, encryption_key) \ - (flags | (encryption_key << FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY)) - /** Set a ATOMIC_WRITES into the correct bits in a given tablespace flags. */ #define FSP_FLAGS_SET_ATOMIC_WRITES(flags, atomics) \ diff --git a/storage/innobase/include/fsp0pageencryption.h b/storage/innobase/include/fsp0pageencryption.h deleted file mode 100644 index 52365c8e93c..00000000000 --- a/storage/innobase/include/fsp0pageencryption.h +++ /dev/null @@ -1,66 +0,0 @@ -/***************************************************************************** - - Copyright (C) 2014 eperi GmbH. All Rights Reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************/ - -/******************************************************************//** -@file include/fsp0pageencryption.h -Helper functions for extracting/storing page encryption information to file space. - -Created 08/28/2014 -***********************************************************************/ - -#ifndef FSP0PAGEENCRYPTION_H_ -#define FSP0PAGEENCRYPTION_H_ - - -#define FIL_PAGE_ENCRYPTION_AES_128 16 /*!< Encryption algorithm AES-128. */ -#define FIL_PAGE_ENCRYPTION_AES_196 24 /*!< Encryption algorithm AES-196. */ -#define FIL_PAGE_ENCRYPTION_AES_256 32 /*!< Encryption algorithm AES-256. */ - -#define FIL_PAGE_ENCRYPTED_SIZE 2 /*!< Number of bytes used to store - actual payload data size on encrypted pages. */ - -/********************************************************************//** -Determine if the tablespace is page encrypted from dict_table_t::flags. -@return TRUE if page encrypted, FALSE if not page encrypted */ -UNIV_INLINE -ibool -fsp_flags_is_page_encrypted( -/*=========================*/ - ulint flags); /*!< in: tablespace flags */ - - -/********************************************************************//** -Extract the page encryption key from tablespace flags. -A tablespace has only one physical page encryption key -whether that page is encrypted or not. -@return page encryption key of the file-per-table tablespace, -or zero if the table is not encrypted. */ -UNIV_INLINE -ulint -fsp_flags_get_page_encryption_key( -/*=================================*/ - ulint flags); /*!< in: tablespace flags */ - - -#ifndef UNIV_NONINL -#include "fsp0pageencryption.ic" -#endif - - -#endif /* FSP0PAGEENCRYPTION_H_ */ diff --git a/storage/innobase/include/fsp0pageencryption.ic b/storage/innobase/include/fsp0pageencryption.ic deleted file mode 100644 index b5c3f5ab666..00000000000 --- a/storage/innobase/include/fsp0pageencryption.ic +++ /dev/null @@ -1,167 +0,0 @@ -/***************************************************************************** - - Copyright (C) 2014 eperi GmbH. All Rights Reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************//** -@file include/fsp0pageencryption.ic -Implementation for helper functions for encrypting/decrypting pages -and atomic writes information to file space. - -Created 08/28/2014 -***********************************************************************/ - -#include "fsp0fsp.h" -#include "fil0pageencryption.h" - - -/********************************************************************//** -Determine if the tablespace is page encrypted from dict_table_t::flags. -@return TRUE if page encrypted, FALSE if not page encrypted */ -UNIV_INLINE -ibool -fsp_flags_is_page_encrypted( -/*=========================*/ - ulint flags) /*!< in: tablespace flags */ -{ - return(FSP_FLAGS_GET_PAGE_ENCRYPTION(flags)); -} - -/********************************************************************//** -Extract the page encryption key from tablespace flags. -A tablespace has only one physical page encryption key -whether that page is encrypted or not. -@return page encryption key of the file-per-table tablespace, -or zero if the table is not encrypted. */ -UNIV_INLINE -ulint -fsp_flags_get_page_encryption_key( -/*=================================*/ - ulint flags) /*!< in: tablespace flags */ -{ - return(FSP_FLAGS_GET_PAGE_ENCRYPTION_KEY(flags)); -} - - -/*******************************************************************//** -Returns the page encryption flag of the space, or false if the space -is not encrypted. The tablespace must be cached in the memory cache. -@return true if page encrypted, false if not or space not found */ -UNIV_INLINE -ibool -fil_space_is_page_encrypted( -/*=========================*/ - ulint id) /*!< in: space id */ -{ - ulint flags; - - flags = fil_space_get_flags(id); - - if (flags && flags != ULINT_UNDEFINED) { - - return(fsp_flags_is_page_encrypted(flags)); - } - - return(flags); -} - -/*******************************************************************//** -Returns the page encryption key of the space, or 0 if the space -is not encrypted. The tablespace must be cached in the memory cache. -@return page compression level, ULINT_UNDEFINED if space not found */ -UNIV_INLINE -ulint -fil_space_get_page_encryption_key( -/*=================================*/ - ulint id) /*!< in: space id */ -{ - ulint flags; - - flags = fil_space_get_flags(id); - - if (flags && flags != ULINT_UNDEFINED) { - - return(fsp_flags_get_page_encryption_key(flags)); - } - - return(flags); -} - -/*******************************************************************//** -Find out whether the page is page is encrypted -@return true if page is page encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_encrypted( -/*==================*/ - const byte *buf) /*!< in: page */ -{ - return(mach_read_from_2(buf+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_ENCRYPTED); -} - -/*******************************************************************//** -Find out whether the page is page is first compressed and then encrypted -@return true if page is page compressed+encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_compressed_encrypted( -/*=============================*/ - const byte *buf) /*!< in: page */ -{ - return(mach_read_from_2(buf+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED); -} - -/*******************************************************************//** -Find out whether the page can be decrypted. -This is the case, if the page is already decrypted and is not the first page of the table space. -If the page is already decrypted it is not of the FIL_PAGE_PAGE_ENCRYPTED type. -if it is the first page of the table space, it is assumed that a page can be decrypted if the -key found in the flags (part of the 1st page) can be read from the key provider. -The case, if the key changed, is currently not caught. -The function for decrypting the page should already be executed before this. -@return PAGE_ENCRYPTION_KEY_MISSING if key provider is available, but key is not available - PAGE_ENCRYPTION_ERROR if other error occurred - 0 if decryption should be possible -*/ -UNIV_INLINE -ulint -fil_page_encryption_status( -/*=====================*/ - const byte *buf) /*!< in: page */ -{ - ulint page_type = mach_read_from_2(buf+FIL_PAGE_TYPE); - - if (page_type == FIL_PAGE_TYPE_FSP_HDR) { - ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf); - if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { - /* accessing table would surely fail, because no key or no key provider available */ - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { - return PAGE_ENCRYPTION_KEY_MISSING; - } - return PAGE_ENCRYPTION_ERROR; - } - } - } - - if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { - ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!has_encryption_key(key)) { - return PAGE_ENCRYPTION_KEY_MISSING; - } - return PAGE_ENCRYPTION_ERROR; - } - return 0; -} diff --git a/storage/innobase/include/os0file.h b/storage/innobase/include/os0file.h index 99490fa044e..fe6b755dc59 100644 --- a/storage/innobase/include/os0file.h +++ b/storage/innobase/include/os0file.h @@ -312,25 +312,21 @@ The wrapper functions have the prefix of "innodb_". */ pfs_os_file_close_func(file, __FILE__, __LINE__) # define os_aio(type, mode, name, file, buf, offset, \ - n, message1, message2, write_size, \ - page_compression, page_compression_level, \ - page_encryption, page_encryption_key, lsn, encrypt) \ + n, message1, message2, write_size) \ pfs_os_aio_func(type, mode, name, file, buf, offset, \ n, message1, message2, write_size, \ - page_compression, page_compression_level, \ - page_encryption, page_encryption_key, \ - lsn, encrypt, __FILE__, __LINE__) + __FILE__, __LINE__) -# define os_file_read(file, buf, offset, n, compressed) \ - pfs_os_file_read_func(file, buf, offset, n, compressed, __FILE__, __LINE__) +# define os_file_read(file, buf, offset, n) \ + pfs_os_file_read_func(file, buf, offset, n, __FILE__, __LINE__) -# define os_file_read_no_error_handling(file, buf, offset, n, compressed) \ +# define os_file_read_no_error_handling(file, buf, offset, n) \ pfs_os_file_read_no_error_handling_func(file, buf, offset, n, \ - compressed, __FILE__, __LINE__) + __FILE__, __LINE__) -# define os_file_write(name, file, buf, offset, n) \ - pfs_os_file_write_func(name, file, buf, offset, \ +# define os_file_write(name, file, buf, offset, n) \ + pfs_os_file_write_func(name, file, buf, offset, \ n, __FILE__, __LINE__) # define os_file_flush(file) \ @@ -362,18 +358,15 @@ to original un-instrumented file I/O APIs */ # define os_file_close(file) os_file_close_func(file) # define os_aio(type, mode, name, file, buf, offset, n, message1, \ - message2, write_size, page_compression, page_compression_level, \ - page_encryption, page_encryption_key, lsn, encrypt) \ + message2, write_size) \ os_aio_func(type, mode, name, file, buf, offset, n, \ - message1, message2, write_size, \ - page_compression, page_compression_level, \ - page_encryption, page_encryption_key, lsn, encrypt) + message1, message2, write_size) -# define os_file_read(file, buf, offset, n, compressed) \ - os_file_read_func(file, buf, offset, n, compressed) +# define os_file_read(file, buf, offset, n) \ + os_file_read_func(file, buf, offset, n) -# define os_file_read_no_error_handling(file, buf, offset, n, compressed) \ - os_file_read_no_error_handling_func(file, buf, offset, n, compressed) +# define os_file_read_no_error_handling(file, buf, offset, n) \ + os_file_read_no_error_handling_func(file, buf, offset, n) # define os_file_write(name, file, buf, offset, n) \ os_file_write_func(name, file, buf, offset, n) @@ -724,8 +717,6 @@ pfs_os_file_read_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line);/*!< in: line where the func invoked */ @@ -744,8 +735,6 @@ pfs_os_file_read_no_error_handling_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line);/*!< in: line where the func invoked */ @@ -781,16 +770,6 @@ pfs_os_aio_func( operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption - key to be used */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later, /*!< in: should we encrypt ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line);/*!< in: line where the func invoked */ /*******************************************************************//** @@ -947,9 +926,7 @@ os_file_read_func( os_file_t file, /*!< in: handle to a file */ void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ - ulint n, /*!< in: number of bytes to read */ - ibool compressed); /*!< in: is this file space - compressed ? */ + ulint n); /*!< in: number of bytes to read */ /*******************************************************************//** Rewind file to its start, read at most size - 1 bytes from it to str, and NUL-terminate str. All errors are silently ignored. This function is @@ -974,9 +951,7 @@ os_file_read_no_error_handling_func( os_file_t file, /*!< in: handle to a file */ void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ - ulint n, /*!< in: number of bytes to read */ - ibool compressed); /*!< in: is this file space - compressed ? */ + ulint n); /*!< in: number of bytes to read */ /*******************************************************************//** NOTE! Use the corresponding macro os_file_write(), not directly this @@ -1160,21 +1135,11 @@ os_aio_func( (can be used to identify a completed aio operation); ignored if mode is OS_AIO_SYNC */ - ulint* write_size,/*!< in/out: Actual write size initialized + ulint* write_size);/*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption key - to be used */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later); /*!< in: should we encrypt ? */ /************************************************************************//** Wakes up all async i/o threads so that they know to exit themselves in shutdown. */ diff --git a/storage/innobase/include/os0file.ic b/storage/innobase/include/os0file.ic index 9839a841188..db525bcea19 100644 --- a/storage/innobase/include/os0file.ic +++ b/storage/innobase/include/os0file.ic @@ -220,17 +220,6 @@ pfs_os_aio_func( operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< in: page compression - level to be used */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption - key to be used */ - lsn_t lsn, /*!< in: lsn of the newest - modification */ - bool encrypt_later, /*!< in: encrypt later ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line)/*!< in: line where the func invoked */ { @@ -246,9 +235,7 @@ pfs_os_aio_func( src_file, src_line); result = os_aio_func(type, mode, name, file, buf, offset, - n, message1, message2, write_size, - page_compression, page_compression_level, - page_encryption, page_encryption_key, lsn, encrypt_later); + n, message1, message2, write_size); register_pfs_file_io_end(locker, n); @@ -269,8 +256,6 @@ pfs_os_file_read_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line)/*!< in: line where the func invoked */ { @@ -281,7 +266,7 @@ pfs_os_file_read_func( register_pfs_file_io_begin(&state, locker, file, n, PSI_FILE_READ, src_file, src_line); - result = os_file_read_func(file, buf, offset, n, compressed); + result = os_file_read_func(file, buf, offset, n); register_pfs_file_io_end(locker, n); @@ -304,8 +289,6 @@ pfs_os_file_read_no_error_handling_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line)/*!< in: line where the func invoked */ { @@ -316,7 +299,7 @@ pfs_os_file_read_no_error_handling_func( register_pfs_file_io_begin(&state, locker, file, n, PSI_FILE_READ, src_file, src_line); - result = os_file_read_no_error_handling_func(file, buf, offset, n, compressed); + result = os_file_read_no_error_handling_func(file, buf, offset, n); register_pfs_file_io_end(locker, n); diff --git a/storage/innobase/log/log0log.cc b/storage/innobase/log/log0log.cc index 12c05e16b6b..1c08c9fbfb4 100644 --- a/storage/innobase/log/log0log.cc +++ b/storage/innobase/log/log0log.cc @@ -1276,7 +1276,7 @@ log_group_file_header_flush( (ulint) (dest_offset / UNIV_PAGE_SIZE), (ulint) (dest_offset % UNIV_PAGE_SIZE), OS_FILE_LOG_BLOCK_SIZE, - buf, group, 0, 0, false); + buf, group, 0); srv_stats.os_log_pending_writes.dec(); } @@ -1443,7 +1443,7 @@ loop: fil_io(OS_FILE_WRITE | OS_FILE_LOG, true, group->space_id, 0, (ulint) (next_offset / UNIV_PAGE_SIZE), (ulint) (next_offset % UNIV_PAGE_SIZE), write_len, buf, - group, 0, 0, false); + group, 0); srv_stats.os_log_pending_writes.dec(); @@ -2011,7 +2011,7 @@ log_group_checkpoint( write_offset / UNIV_PAGE_SIZE, write_offset % UNIV_PAGE_SIZE, OS_FILE_LOG_BLOCK_SIZE, - buf, ((byte*) group + 1), 0, 0, false); + buf, ((byte*) group + 1), 0); ut_ad(((ulint) group & 0x1UL) == 0); } @@ -2093,7 +2093,7 @@ log_group_read_checkpoint_info( fil_io(OS_FILE_READ | OS_FILE_LOG, true, group->space_id, 0, field / UNIV_PAGE_SIZE, field % UNIV_PAGE_SIZE, - OS_FILE_LOG_BLOCK_SIZE, log_sys->checkpoint_buf, NULL, 0, 0, false); + OS_FILE_LOG_BLOCK_SIZE, log_sys->checkpoint_buf, NULL, 0); } /******************************************************//** @@ -2417,7 +2417,7 @@ loop: fil_io(OS_FILE_READ | OS_FILE_LOG, sync, group->space_id, 0, (ulint) (source_offset / UNIV_PAGE_SIZE), (ulint) (source_offset % UNIV_PAGE_SIZE), - len, buf, NULL, 0, 0, false); + len, buf, NULL, 0); if (recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER && !log_group_decrypt_after_read(group, buf, len)) diff --git a/storage/innobase/log/log0recv.cc b/storage/innobase/log/log0recv.cc index d0f2cd360f9..3b8c4878e32 100644 --- a/storage/innobase/log/log0recv.cc +++ b/storage/innobase/log/log0recv.cc @@ -49,6 +49,7 @@ Created 9/20/1997 Heikki Tuuri #include "trx0undo.h" #include "trx0rec.h" #include "fil0fil.h" +#include "fil0crypt.h" #ifndef UNIV_HOTBACKUP # include "buf0rea.h" # include "srv0srv.h" @@ -3101,7 +3102,7 @@ recv_recovery_from_checkpoint_start_func( fil_io(OS_FILE_READ | OS_FILE_LOG, true, max_cp_group->space_id, 0, 0, 0, LOG_FILE_HDR_SIZE, - log_hdr_buf, max_cp_group, 0, 0, false); + log_hdr_buf, max_cp_group, 0); if (0 == ut_memcmp(log_hdr_buf + LOG_FILE_WAS_CREATED_BY_HOT_BACKUP, (byte*)"ibbackup", (sizeof "ibbackup") - 1)) { @@ -3132,7 +3133,7 @@ recv_recovery_from_checkpoint_start_func( fil_io(OS_FILE_WRITE | OS_FILE_LOG, true, max_cp_group->space_id, 0, 0, 0, OS_FILE_LOG_BLOCK_SIZE, - log_hdr_buf, max_cp_group, 0, 0, false); + log_hdr_buf, max_cp_group, 0); } #ifdef UNIV_LOG_ARCHIVE diff --git a/storage/innobase/os/os0file.cc b/storage/innobase/os/os0file.cc index d49f5f9900d..1287ee76819 100644 --- a/storage/innobase/os/os0file.cc +++ b/storage/innobase/os/os0file.cc @@ -43,9 +43,9 @@ Created 10/21/1995 Heikki Tuuri #include "srv0srv.h" #include "srv0start.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "fsp0fsp.h" #include "fil0pagecompress.h" -#include "fil0pageencryption.h" #include "buf0buf.h" #include "srv0mon.h" #include "srv0srv.h" @@ -224,49 +224,14 @@ struct os_aio_slot_t{ completed */ ulint bitmap; - byte* page_compression_page; /*!< Memory allocated for - page compressed page and - freed after the write - has been completed */ - - byte* page_encryption_page; /*!< Memory allocated for - page encrypted page and - freed after the write - has been completed */ - - ibool page_compression; - ulint page_compression_level; - - ibool page_encryption; - ulint page_encryption_key; - ulint* write_size; /*!< Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - byte* page_buf; /*!< Actual page buffer for - page compressed pages, do not - free this */ - - byte* page_buf2; /*!< Actual page buffer for - page encrypted pages, do not - free this */ - byte* tmp_encryption_buf; /*!< a temporal buffer used by page encryption */ - - ibool page_compression_success; - /*!< TRUE if page compression was successfull, false if not */ - ibool page_encryption_success; - /*!< TRUE if page encryption was successfull, false if not */ - - lsn_t lsn; /* lsn of the newest modification */ - ulint file_block_size;/*!< file block size */ - bool encrypt_later; /*!< should the page be encrypted - before write */ - #ifdef WIN_ASYNC_IO HANDLE handle; /*!< handle object we need in the OVERLAPPED struct */ @@ -403,39 +368,6 @@ os_file_trim( /*=========*/ os_aio_slot_t* slot); /*!< in: slot structure */ -/**********************************************************************//** -Allocate memory for temporal buffer used for page compression. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf( -/*===================*/ - os_aio_slot_t* slot); /*!< in: slot structure */ - -#ifdef HAVE_LZO -/**********************************************************************//** -Allocate memory for temporal memory used for page compression when -LZO compression method is used */ -UNIV_INTERN -void -os_slot_alloc_lzo_mem( -/*===================*/ - os_aio_slot_t* slot); /*!< in: slot structure */ -#endif - -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf2( - os_aio_slot_t* slot); /*!< in: slot structure */ -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. */ -UNIV_INTERN -void -os_slot_alloc_tmp_encryption_buf( - os_aio_slot_t* slot); /*!< in: slot structure */ /****************************************************************//** Does error handling when a file operation fails. @return TRUE if we should retry the operation */ @@ -2891,9 +2823,7 @@ os_file_read_func( os_file_t file, /*!< in: handle to a file */ void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ - ulint n, /*!< in: number of bytes to read */ - ibool compressed) /*!< in: is this file space - compressed ? */ + ulint n) /*!< in: number of bytes to read */ { #ifdef __WIN__ BOOL ret; @@ -3024,9 +2954,7 @@ os_file_read_no_error_handling_func( os_file_t file, /*!< in: handle to a file */ void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ - ulint n, /*!< in: number of bytes to read */ - ibool compressed) /*!< in: is this file space - compressed ? */ + ulint n) /*!< in: number of bytes to read */ { #ifdef __WIN__ BOOL ret; @@ -4184,9 +4112,8 @@ os_aio_array_free( /*==============*/ os_aio_array_t*& array) /*!< in, own: array to free */ { - ulint i; #ifdef WIN_ASYNC_IO - + ulint i; for (i = 0; i < array->n_slots; i++) { os_aio_slot_t* slot = os_aio_array_get_nth_slot(array, i); CloseHandle(slot->handle); @@ -4207,31 +4134,6 @@ os_aio_array_free( } #endif /* LINUX_NATIVE_AIO */ - for (i = 0; i < array->n_slots; i++) { - os_aio_slot_t* slot = os_aio_array_get_nth_slot(array, i); - - if (slot->page_compression_page) { - ut_free(slot->page_compression_page); - slot->page_compression_page = NULL; - } - - if (slot->lzo_mem) { - ut_free(slot->lzo_mem); - slot->lzo_mem = NULL; - } - - if (slot->page_encryption_page) { - ut_free(slot->page_encryption_page); - slot->page_encryption_page = NULL; - } - - if (slot->tmp_encryption_buf) { - ut_free(slot->tmp_encryption_buf); - slot->tmp_encryption_buf = NULL; - } - } - - ut_free(array->slots); ut_free(array); @@ -4566,22 +4468,11 @@ os_aio_array_reserve_slot( to write */ os_offset_t offset, /*!< in: file offset */ ulint len, /*!< in: length of the block to read or write */ - ulint* write_size,/*!< in/out: Actual write size initialized + ulint* write_size)/*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption key - to be used */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: should we encrypt before - writing the page */ { os_aio_slot_t* slot = NULL; #ifdef WIN_ASYNC_IO @@ -4669,95 +4560,13 @@ found: slot->len = len; slot->type = type; slot->offset = offset; - slot->lsn = lsn; slot->io_already_done = FALSE; - slot->page_compression_success = FALSE; - slot->page_encryption_success = FALSE; slot->write_size = write_size; - slot->page_compression_level = page_compression_level; - slot->page_compression = page_compression; - slot->page_encryption_key = page_encryption_key; - slot->page_encryption = page_encryption; - slot->encrypt_later = encrypt_later; if (message1) { slot->file_block_size = fil_node_get_block_size(message1); } - /* If the space is page compressed and this is write operation - then we compress the page */ - if (message1 && type == OS_FILE_WRITE && page_compression ) { - ulint real_len = len; - byte* tmp = NULL; - - /* Release the array mutex while compressing */ - os_mutex_exit(array->mutex); - - // We allocate memory for page compressed buffer if and only - // if it is not yet allocated. - os_slot_alloc_page_buf(slot); - -#ifdef HAVE_LZO - if (innodb_compression_algorithm == 3) { - os_slot_alloc_lzo_mem(slot); - } -#endif - - /* Call page compression */ - tmp = fil_compress_page( - fil_node_get_space_id(slot->message1), - (byte *)buf, - slot->page_buf, - len, - page_compression_level, - fil_node_get_block_size(slot->message1), - &real_len, - slot->lzo_mem - ); - - /* If compression succeeded, set up the length and buffer */ - if (tmp != buf) { - len = real_len; - buf = slot->page_buf; - slot->len = real_len; - slot->page_compression_success = TRUE; - } else { - slot->page_compression_success = FALSE; - } - - /* Take array mutex back, not sure if this is really needed - below */ - os_mutex_enter(array->mutex); - - } - - /* If the space is page encryption and this is write operation - then we encrypt the page */ - if (message1 && type == OS_FILE_WRITE && (page_encryption == 1 || encrypt_later)) { - ut_a(page_encryption == 1 || srv_encrypt_tables == 1); - /* Release the array mutex while encrypting */ - os_mutex_exit(array->mutex); - - // We allocate memory for page encrypted buffer if and only - // if it is not yet allocated. - os_slot_alloc_page_buf2(slot); - - fil_space_encrypt( - fil_node_get_space_id(slot->message1), - slot->offset, - slot->lsn, - (byte *)buf, - slot->len, - slot->page_buf2, - slot->page_encryption_key); - - slot->page_encryption_success = TRUE; - buf = slot->page_buf2; - - /* Take array mutex back */ - os_mutex_enter(array->mutex); - } - slot->buf = static_cast(buf); #ifdef WIN_ASYNC_IO @@ -5037,22 +4846,11 @@ os_aio_func( (can be used to identify a completed aio operation); ignored if mode is OS_AIO_SYNC */ - ulint* write_size,/*!< in/out: Actual write size initialized + ulint* write_size)/*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption key - to be used */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: should we encrypt page - before write */ { os_aio_array_t* array; os_aio_slot_t* slot; @@ -5104,8 +4902,7 @@ os_aio_func( and os_file_write_func() */ if (type == OS_FILE_READ) { - ret = os_file_read_func(file, buf, offset, n, - page_compression); + ret = os_file_read_func(file, buf, offset, n); } else { ut_ad(!srv_read_only_mode); @@ -5163,9 +4960,7 @@ try_again: } slot = os_aio_array_reserve_slot(type, array, message1, message2, file, - name, buf, offset, n, write_size, - page_compression, page_compression_level, - page_encryption, page_encryption_key, lsn, encrypt_later); + name, buf, offset, n, write_size); if (type == OS_FILE_READ) { if (srv_use_native_aio) { @@ -5192,18 +4987,9 @@ try_again: if (srv_use_native_aio) { os_n_file_writes++; #ifdef WIN_ASYNC_IO - if (page_encryption && slot->page_encryption_success) { - buffer = slot->page_buf2; - n = slot->len; - } else { - if (page_compression && slot->page_compression_success) { - buffer = slot->page_buf; - n = slot->len; - } else { - buffer = buf; - } - } + n = slot->len; + buffer = buf; ret = WriteFile(file, buffer, (DWORD) n, &len, &(slot->control)); @@ -5409,27 +5195,9 @@ os_aio_windows_handle( switch (slot->type) { case OS_FILE_WRITE: - if (slot->message1 - && slot->page_encryption - && slot->page_encryption_success) { - ret_val = os_file_write(slot->name, - slot->file, - slot->page_buf2, - slot->offset, - slot->len); - } else { - if (slot->message1 - && slot->page_compression - && slot->page_compression_success) { - ret = WriteFile(slot->file, slot->page_buf, - (DWORD) slot->len, &len, - &(slot->control)); - } else { - ret = WriteFile(slot->file, slot->buf, - (DWORD) slot->len, &len, - &(slot->control)); - } - } + ret = WriteFile(slot->file, slot->buf, + (DWORD) slot->len, &len, + &(slot->control)); break; case OS_FILE_READ: ret = ReadFile(slot->file, slot->buf, @@ -5460,47 +5228,9 @@ os_aio_windows_handle( ret_val = ret && len == slot->len; } - if (slot->type == OS_FILE_READ) { - if (fil_page_is_compressed_encrypted(slot->buf) || - fil_page_is_encrypted(slot->buf)) { - ut_ad(slot->message1 != NULL); - os_slot_alloc_page_buf2(slot); - os_slot_alloc_tmp_encryption_buf(slot); - - // Decrypt the data - fil_space_decrypt( - fil_node_get_space_id(slot->message1), - slot->buf, - slot->len, - slot->page_buf2); - // Copy decrypted buffer back to buf - memcpy(slot->buf, slot->page_buf2, slot->len); - } - if (fil_page_is_compressed(slot->buf)) { - /* We allocate memory for page compressed buffer if - and only if it is not yet allocated. */ - os_slot_alloc_page_buf(slot); -#ifdef HAVE_LZO - if (fil_page_is_lzo_compressed(slot->buf)) { - os_slot_alloc_lzo_mem(slot); - } -#endif - fil_decompress_page( - slot->page_buf, - slot->buf, - slot->len, - slot->write_size); - } - } else { - /* OS_FILE_WRITE */ - if (slot->page_compression_success && - (fil_page_is_compressed(slot->page_buf) || - fil_page_is_compressed_encrypted(slot->buf))) { - if (srv_use_trim && os_fallocate_failed == FALSE) { - // Deallocate unused blocks from file system - os_file_trim(slot); - } - } + if (slot->type == OS_FILE_WRITE && srv_use_trim && os_fallocate_failed == FALSE) { + // Deallocate unused blocks from file system + os_file_trim(slot); } os_aio_array_free_slot(array, slot); @@ -5592,50 +5322,9 @@ retry: /* We have not overstepped to next segment. */ ut_a(slot->pos < end_pos); - if (slot->type == OS_FILE_READ) { - /* If the page is page encrypted we encrypt */ - if (fil_page_is_compressed_encrypted(slot->buf) || - fil_page_is_encrypted(slot->buf)) { - os_slot_alloc_page_buf2(slot); - os_slot_alloc_tmp_encryption_buf(slot); - ut_ad(slot->message1 != NULL); - - // Decrypt the data - fil_space_decrypt( - fil_node_get_space_id(slot->message1), - slot->buf, - slot->len, - slot->page_buf2); - // Copy decrypted buffer back to buf - memcpy(slot->buf, slot->page_buf2, slot->len); - } - - /* If the table is page compressed and this - is read, we decompress before we announce - the read is complete. For writes, we free - the compressed page. */ - if (fil_page_is_compressed(slot->buf)) { - // We allocate memory for page compressed buffer if and only - // if it is not yet allocated. - os_slot_alloc_page_buf(slot); -#ifdef HAVE_LZO - if (fil_page_is_lzo_compressed(slot->buf)) { - os_slot_alloc_lzo_mem(slot); - } -#endif - - fil_decompress_page(slot->page_buf, slot->buf, slot->len, slot->write_size); - } - } else { - /* OS_FILE_WRITE */ - if (slot->page_compression_success && - (fil_page_is_compressed(slot->page_buf) || - fil_page_is_compressed_encrypted(slot->buf))) { - if (srv_use_trim && os_fallocate_failed == FALSE) { - // Deallocate unused blocks from file system - os_file_trim(slot); - } - } + if (slot->type == OS_FILE_WRITE && srv_use_trim && os_fallocate_failed == FALSE) { + // Deallocate unused blocks from file system + os_file_trim(slot); } /* Mark this request as completed. The error handling @@ -6080,8 +5769,7 @@ consecutive_loop: } else { ret = os_file_read( aio_slot->file, combined_buf, - aio_slot->offset, total_len, - aio_slot->page_compression); + aio_slot->offset, total_len); } srv_set_io_thread_op_info(global_segment, "file i/o done"); @@ -6653,92 +6341,6 @@ os_file_trim( } #endif /* !UNIV_HOTBACKUP */ -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf2( -/*===================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - - if(slot->page_buf2 == NULL) { - byte* cbuf2; - byte* cbuf; - - cbuf2 = static_cast(ut_malloc(UNIV_PAGE_SIZE*2)); - cbuf = static_cast(ut_align(cbuf2, UNIV_PAGE_SIZE)); - slot->page_encryption_page = static_cast(cbuf2); - slot->page_buf2 = static_cast(cbuf); - memset(slot->page_encryption_page, 0, UNIV_PAGE_SIZE*2); - } -} - -/**********************************************************************//** -Allocate memory for temporal buffer used for page compression. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf( -/*===================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - if (slot->page_buf == NULL) { - byte* cbuf2; - byte* cbuf; - ulint asize = UNIV_PAGE_SIZE; -#ifdef HAVE_SNAPPY - asize += snappy_max_compressed_length(asize) - UNIV_PAGE_SIZE; -#endif - - /* We allocate extra to avoid memory overwrite on compression */ - cbuf2 = static_cast(ut_malloc(asize*2)); - cbuf = static_cast(ut_align(cbuf2, UNIV_PAGE_SIZE)); - slot->page_compression_page = static_cast(cbuf2); - slot->page_buf = static_cast(cbuf); - ut_a(slot->page_buf != NULL); - memset(slot->page_compression_page, 0, asize*2); - } -} - -#ifdef HAVE_LZO -/**********************************************************************//** -Allocate memory for temporal memory used for page compression when -LZO compression method is used */ -UNIV_INTERN -void -os_slot_alloc_lzo_mem( -/*===================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - if(slot->lzo_mem == NULL) { - slot->lzo_mem = static_cast(ut_malloc(LZO1X_1_15_MEM_COMPRESS)); - ut_a(slot->lzo_mem != NULL); - memset(slot->lzo_mem, 0, LZO1X_1_15_MEM_COMPRESS); - } -} -#endif - -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. */ -UNIV_INTERN -void -os_slot_alloc_tmp_encryption_buf( -/*=============================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - if (slot->tmp_encryption_buf == NULL) { - slot->tmp_encryption_buf = static_cast(ut_malloc(64)); - memset(slot->tmp_encryption_buf, 0, 64); - } -} - - /***********************************************************************//** Try to get number of bytes per sector from file system. @return file block size */ diff --git a/storage/innobase/row/row0log.cc b/storage/innobase/row/row0log.cc index caed087b439..c63dbffcba9 100644 --- a/storage/innobase/row/row0log.cc +++ b/storage/innobase/row/row0log.cc @@ -2554,7 +2554,7 @@ all_done: success = os_file_read_no_error_handling( OS_FILE_FROM_FD(index->online_log->fd), index->online_log->head.block, ofs, - srv_sort_buf_size, FALSE); + srv_sort_buf_size); if (!success) { fprintf(stderr, "InnoDB: unable to read temporary file" @@ -3385,7 +3385,7 @@ all_done: success = os_file_read_no_error_handling( OS_FILE_FROM_FD(index->online_log->fd), index->online_log->head.block, ofs, - srv_sort_buf_size, FALSE); + srv_sort_buf_size); if (!success) { fprintf(stderr, "InnoDB: unable to read temporary file" diff --git a/storage/innobase/row/row0merge.cc b/storage/innobase/row/row0merge.cc index 97746aa088e..d2734ecd6b5 100644 --- a/storage/innobase/row/row0merge.cc +++ b/storage/innobase/row/row0merge.cc @@ -786,7 +786,7 @@ row_merge_read( #endif /* UNIV_DEBUG */ success = os_file_read_no_error_handling(OS_FILE_FROM_FD(fd), buf, - ofs, srv_sort_buf_size, FALSE); + ofs, srv_sort_buf_size); #ifdef POSIX_FADV_DONTNEED /* Each block is read exactly once. Free up the file cache. */ diff --git a/storage/innobase/row/row0mysql.cc b/storage/innobase/row/row0mysql.cc index 3dd65c540c3..d9fef775d40 100644 --- a/storage/innobase/row/row0mysql.cc +++ b/storage/innobase/row/row0mysql.cc @@ -57,6 +57,7 @@ Created 9/17/2000 Heikki Tuuri #include "btr0sea.h" #include "btr0defragment.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "ibuf0ibuf.h" #include "fts0fts.h" #include "fts0types.h" diff --git a/storage/innobase/srv/srv0srv.cc b/storage/innobase/srv/srv0srv.cc index ee88c1f9e33..78954725001 100644 --- a/storage/innobase/srv/srv0srv.cc +++ b/storage/innobase/srv/srv0srv.cc @@ -74,9 +74,9 @@ Created 10/8/1995 Heikki Tuuri #include "mysql/plugin.h" #include "mysql/service_thd_wait.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "fil0pagecompress.h" #include "btr0scrub.h" -#include "fil0pageencryption.h" #ifdef WITH_WSREP extern int wsrep_debug; @@ -524,7 +524,7 @@ second. */ static time_t srv_last_log_flush_time; /** Default encryption key used for page encryption */ -UNIV_INTERN uint srv_default_page_encryption_key = DEFAULT_ENCRYPTION_KEY; +UNIV_INTERN uint srv_default_page_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; /** Enable semaphore request instrumentation */ UNIV_INTERN my_bool srv_instrument_semaphores = FALSE; diff --git a/storage/innobase/srv/srv0start.cc b/storage/innobase/srv/srv0start.cc index 3822a9abf2d..3cc66778de9 100644 --- a/storage/innobase/srv/srv0start.cc +++ b/storage/innobase/srv/srv0start.cc @@ -3,7 +3,7 @@ Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2008, Google Inc. Copyright (c) 2009, Percona Inc. -Copyright (c) 2013, 2014, SkySQL Ab. All Rights Reserved. +Copyright (c) 2013, 2015, MariaDB Corporation Portions of this file contain modifications contributed and copyrighted by Google, Inc. Those modifications are gratefully acknowledged and are described @@ -53,6 +53,7 @@ Created 2/16/1996 Heikki Tuuri #include "os0file.h" #include "os0thread.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "fsp0fsp.h" #include "rem0rec.h" #include "mtr0mtr.h" diff --git a/storage/xtradb/buf/buf0buf.cc b/storage/xtradb/buf/buf0buf.cc index 0ef97fd3e21..56b0245da93 100644 --- a/storage/xtradb/buf/buf0buf.cc +++ b/storage/xtradb/buf/buf0buf.cc @@ -40,6 +40,7 @@ Created 11/5/1995 Heikki Tuuri #include "mem0mem.h" #include "btr0btr.h" #include "fil0fil.h" +#include "fil0crypt.h" #ifndef UNIV_HOTBACKUP #include "buf0buddy.h" #include "lock0lock.h" @@ -57,8 +58,6 @@ Created 11/5/1995 Heikki Tuuri #include "trx0trx.h" #include "srv0start.h" #include "ut0byte.h" - -#include "fil0pageencryption.h" #include "fil0pagecompress.h" @@ -574,7 +573,7 @@ buf_page_is_corrupted( ulint zip_size) /*!< in: size of compressed page; 0 for uncompressed pages */ { - ulint page_encrypted = fil_page_is_compressed_encrypted(read_buf) || fil_page_is_encrypted(read_buf); + ulint page_encrypted = fil_page_is_encrypted(read_buf); ulint checksum_field1; ulint checksum_field2; ibool crc32_inited = FALSE; @@ -5938,7 +5937,7 @@ buf_page_decrypt_after_read( unsigned key_version = mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - bool page_compressed_encrypted = fil_page_is_compressed_encrypted(dst_frame); + bool page_compressed = fil_page_is_compressed(dst_frame); if (key_version == 0) { /* the page we read is unencrypted */ @@ -5974,7 +5973,7 @@ buf_page_decrypt_after_read( /* decompress from dst_frame to comp_buf and then copy to buffer pool */ - if (page_compressed_encrypted) { + if (page_compressed) { if (bpage->comp_buf_free == NULL) { bpage->comp_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); // TODO: is 4k aligment enough ? diff --git a/storage/xtradb/buf/buf0dblwr.cc b/storage/xtradb/buf/buf0dblwr.cc index 871f723549b..ec733dd5a73 100644 --- a/storage/xtradb/buf/buf0dblwr.cc +++ b/storage/xtradb/buf/buf0dblwr.cc @@ -36,6 +36,8 @@ Created 2011/12/19 #include "srv0srv.h" #include "page0zip.h" #include "trx0sys.h" +#include "fil0fil.h" +#include "fil0crypt.h" #ifndef UNIV_HOTBACKUP @@ -385,7 +387,7 @@ buf_dblwr_init_or_load_pages( /* Read the trx sys header to check if we are using the doublewrite buffer */ off_t trx_sys_page = TRX_SYS_PAGE_NO * UNIV_PAGE_SIZE; - os_file_read(file, read_buf, trx_sys_page, UNIV_PAGE_SIZE, FALSE); + os_file_read(file, read_buf, trx_sys_page, UNIV_PAGE_SIZE); doublewrite = read_buf + TRX_SYS_DOUBLEWRITE; @@ -430,9 +432,9 @@ buf_dblwr_init_or_load_pages( block_bytes = TRX_SYS_DOUBLEWRITE_BLOCK_SIZE * UNIV_PAGE_SIZE; - os_file_read(file, buf, block1 * UNIV_PAGE_SIZE, block_bytes, FALSE); + os_file_read(file, buf, block1 * UNIV_PAGE_SIZE, block_bytes); os_file_read(file, buf + block_bytes, block2 * UNIV_PAGE_SIZE, - block_bytes, FALSE); + block_bytes); /* Check if any of these pages is half-written in data files, in the intended position */ @@ -530,9 +532,7 @@ buf_dblwr_process() zip_size ? zip_size : UNIV_PAGE_SIZE, read_buf, NULL, - 0, - 0, - false); + 0); if (fil_space_verify_crypt_checksum(read_buf, zip_size)) { /* page is encrypted and checksum is OK */ @@ -593,9 +593,7 @@ buf_dblwr_process() zip_size ? zip_size : UNIV_PAGE_SIZE, page, NULL, - 0, - 0, - false); + 0); ib_logf(IB_LOG_LEVEL_INFO, "Recovered the page from" @@ -619,9 +617,7 @@ buf_dblwr_process() zip_size ? zip_size : UNIV_PAGE_SIZE, page, NULL, - 0, - 0, - false); + 0); } } } @@ -643,9 +639,9 @@ buf_dblwr_process() memset(buf, 0, bytes); fil_io(OS_FILE_WRITE, true, TRX_SYS_SPACE, 0, - buf_dblwr->block1, 0, bytes, buf, NULL, NULL, 0, false); + buf_dblwr->block1, 0, bytes, buf, NULL, NULL); fil_io(OS_FILE_WRITE, true, TRX_SYS_SPACE, 0, - buf_dblwr->block2, 0, bytes, buf, NULL, NULL, 0, false); + buf_dblwr->block2, 0, bytes, buf, NULL, NULL); ut_free(unaligned_buf); } @@ -859,9 +855,7 @@ buf_dblwr_write_block_to_datafile( buf_page_get_zip_size(bpage), frame, (void*) bpage, - 0, - bpage->newest_modification, - bpage->encrypt_later); + 0); return; } @@ -880,9 +874,7 @@ buf_dblwr_write_block_to_datafile( UNIV_PAGE_SIZE, frame, (void*) block, - (ulint *)&bpage->write_size, - bpage->newest_modification, - bpage->encrypt_later); + (ulint *)&bpage->write_size); } /********************************************************************//** @@ -984,9 +976,7 @@ try_again: (void*) write_buf, NULL, - 0, - 0, - false); + 0); if (buf_dblwr->first_free <= TRX_SYS_DOUBLEWRITE_BLOCK_SIZE) { /* No unwritten pages in the second block. */ @@ -1009,9 +999,7 @@ try_again: len, (void*) write_buf, NULL, - 0, - 0, - false); + 0); flush: /* increment the doublewrite flushed pages counter */ @@ -1250,9 +1238,7 @@ retry: UNIV_PAGE_SIZE, (void*) (buf_dblwr->write_buf + UNIV_PAGE_SIZE * i), NULL, - 0, - bpage->newest_modification, - bpage->encrypt_later); + 0); } else { /* It is a regular page. Write it directly to the doublewrite buffer */ @@ -1264,9 +1250,7 @@ retry: 0, UNIV_PAGE_SIZE, frame, NULL, - 0, - bpage->newest_modification, - bpage->encrypt_later); + 0); } /* Now flush the doublewrite buffer data to disk */ diff --git a/storage/xtradb/buf/buf0flu.cc b/storage/xtradb/buf/buf0flu.cc index 4331db08cf5..d023e2ff227 100644 --- a/storage/xtradb/buf/buf0flu.cc +++ b/storage/xtradb/buf/buf0flu.cc @@ -963,9 +963,7 @@ buf_flush_write_block_low( zip_size ? zip_size : UNIV_PAGE_SIZE, frame, bpage, - &bpage->write_size, - bpage->newest_modification, - bpage->encrypt_later); + &bpage->write_size); } else { /* InnoDB uses doublewrite buffer and doublewrite buffer is initialized. User can define do we use atomic writes @@ -984,9 +982,7 @@ buf_flush_write_block_low( zip_size ? zip_size : UNIV_PAGE_SIZE, frame, bpage, - &bpage->write_size, - bpage->newest_modification, - bpage->encrypt_later); + &bpage->write_size); } else if (flush_type == BUF_FLUSH_SINGLE_PAGE) { buf_dblwr_write_single_page(bpage, sync); } else { diff --git a/storage/xtradb/buf/buf0rea.cc b/storage/xtradb/buf/buf0rea.cc index 88741f987ca..164aa3c62c1 100644 --- a/storage/xtradb/buf/buf0rea.cc +++ b/storage/xtradb/buf/buf0rea.cc @@ -232,14 +232,14 @@ not_to_recover: *err = _fil_io(OS_FILE_READ | wake_later | ignore_nonexistent_pages, sync, space, zip_size, offset, 0, zip_size, - frame, bpage, 0, trx, 0, false); + frame, bpage, 0, trx); } else { ut_a(buf_page_get_state(bpage) == BUF_BLOCK_FILE_PAGE); *err = _fil_io(OS_FILE_READ | wake_later | ignore_nonexistent_pages, sync, space, 0, offset, 0, UNIV_PAGE_SIZE, - frame, bpage, &bpage->write_size, trx, 0, false); + frame, bpage, &bpage->write_size, trx); } if (sync) { diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 9f8315a8016..aab0b1f5568 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -24,6 +24,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com *******************************************************/ #include "fil0fil.h" +#include "fil0crypt.h" #include "srv0srv.h" #include "srv0start.h" #include "mach0data.h" @@ -35,14 +36,13 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "btr0scrub.h" #include "fsp0fsp.h" #include "fil0pagecompress.h" -#include "fil0pageencryption.h" #include "ha_prototypes.h" // IB_LOG_ #include #include #include - +#include "fil0crypt.h" /** Mutex for keys */ UNIV_INTERN ib_mutex_t fil_crypt_key_mutex; @@ -119,67 +119,40 @@ static const unsigned char CRYPT_MAGIC[MAGIC_SZ] = { static const unsigned char EMPTY_PATTERN[MAGIC_SZ] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; -/** - * CRYPT_SCHEME_UNENCRYPTED - * - * Used as intermediate state when convering a space from unencrypted - * to encrypted - */ -#define CRYPT_SCHEME_UNENCRYPTED 0 - -/** - * CRYPT_SCHEME_1 - * - * L = AES_ECB(KEY, IV) - * CRYPT(PAGE) = AES_CRT(KEY=L, IV=C, PAGE) - */ -#define CRYPT_SCHEME_1 1 -#define CRYPT_SCHEME_1_IV_LEN 16 -// cached L given key_version -struct key_struct +/****************************************************************** +Map used AES method to crypt scheme +@return used AES crypt scheme */ +UNIV_INTERN +uint +fil_crypt_get_aes_method( +/*=====================*/ + uint aes_method) { - uint key_version; - byte key[CRYPT_SCHEME_1_IV_LEN]; -}; + switch (aes_method) { + case MY_AES_ALGORITHM_NONE: + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; + break; + case MY_AES_ALGORITHM_CTR: + return (uint) CRYPT_SCHEME_1_CTR; + break; + case MY_AES_ALGORITHM_CBC: + return (uint) CRYPT_SCHEME_1_CBC; + break; + default: + ib_logf(IB_LOG_LEVEL_FATAL, + "Current AES method %d not supported.\n", aes_method); + ut_error; + } -struct fil_space_rotate_state_t -{ - time_t start_time; // time when rotation started - ulint active_threads; // active threads in space - ulint next_offset; // next "free" offset - ulint max_offset; // max offset needing to be rotated - uint min_key_version_found; // min key version found but not rotated - lsn_t end_lsn; // max lsn created when rotating this space - bool starting; // initial write of IV - bool flushing; // space is being flushed at end of rotate - struct { - bool is_active; // is scrubbing active in this space - time_t last_scrub_completed; // when was last scrub completed - } scrubbing; -}; - -struct fil_space_crypt_struct -{ - ulint type; // CRYPT_SCHEME - uint keyserver_requests; // no of key requests to key server - uint key_count; // No of initalized key-structs - key_struct keys[3]; // cached L = AES_ECB(KEY, IV) - uint min_key_version; // min key version for this space - ulint page0_offset; // byte offset on page 0 for crypt data - - ib_mutex_t mutex; // mutex protecting following variables - bool closing; // is tablespace being closed - fil_space_rotate_state_t rotate_state; - - uint iv_length; // length of IV - byte iv[1]; // IV-data -}; + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; +} /********************************************************************* Init space crypt */ UNIV_INTERN void fil_space_crypt_init() +/*==================*/ { mutex_create(fil_crypt_key_mutex_key, &fil_crypt_key_mutex, SYNC_NO_ORDER_CHECK); @@ -196,6 +169,7 @@ Cleanup space crypt */ UNIV_INTERN void fil_space_crypt_cleanup() +/*=====================*/ { os_event_free(fil_crypt_throttle_sleep_event); } @@ -204,31 +178,35 @@ fil_space_crypt_cleanup() Get key bytes for a space/key-version */ static void -fil_crypt_get_key(byte *dst, uint* key_length, - fil_space_crypt_t* crypt_data, uint version, bool page_encrypted) +fil_crypt_get_key( +/*==============*/ + byte* dst, /*mutex); - if (!page_encrypted) { - // Check if we already have key - for (uint i = 0; i < crypt_data->key_count; i++) { - if (crypt_data->keys[i].key_version == version) { - memcpy(dst, crypt_data->keys[i].key, - sizeof(crypt_data->keys[i].key)); - mutex_exit(&crypt_data->mutex); - return; - } + // Check if we already have key + for (uint i = 0; i < crypt_data->key_count; i++) { + if (crypt_data->keys[i].key_version == version) { + memcpy(dst, crypt_data->keys[i].key, + crypt_data->keys[i].key_length); + *key_length = crypt_data->keys[i].key_length; + mutex_exit(&crypt_data->mutex); + return; } - // Not found! - crypt_data->keyserver_requests++; + } - // Rotate keys to make room for a new - for (uint i = 1; i < array_elements(crypt_data->keys); i++) { - crypt_data->keys[i] = crypt_data->keys[i - 1]; - } - } + // Not found! + crypt_data->keyserver_requests++; + + // Rotate keys to make room for a new + for (uint i = 1; i < array_elements(crypt_data->keys); i++) { + crypt_data->keys[i] = crypt_data->keys[i - 1]; + } if (has_encryption_key(version)) { int rc; @@ -247,51 +225,45 @@ fil_crypt_get_key(byte *dst, uint* key_length, ut_error; } + /* Now compute L by encrypting IV using this key. Note + that we use random IV from crypt data. */ + const unsigned char* src = crypt_data->iv; + const int srclen = crypt_data->iv_length; + unsigned char* buf = crypt_data->keys[0].key; + uint32 buflen = CRYPT_SCHEME_1_IV_LEN; - // do ctr key initialization - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) - { - /* Now compute L by encrypting IV using this key. Note - that we use random IV from crypt data. */ - const unsigned char* src = crypt_data->iv; - const int srclen = crypt_data->iv_length; - unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key; - uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key); + /* We use AES_ECB to encryp IV */ + my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - // call ecb explicit - my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc = (*func)(src, srclen, - buf, &buflen, - (unsigned char*)keybuf, *key_length, - NULL, 0, - 1); + int rc = (*func)(src, /* Data to be encrypted = IV */ + srclen, /* data length */ + buf, /* Output buffer */ + &buflen, /* Output buffer */ + keybuf, /* Key */ + *key_length, /* Key length */ + NULL, /* AES_ECB does not use IV */ + 0, /* IV-length */ + 1); /* NoPadding */ - if (rc != AES_OK) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Unable to encrypt key-block " - " src: %p srclen: %d buf: %p buflen: %d." - " return-code: %d. Can't continue!\n", - src, srclen, buf, buflen, rc); - ut_error; - } - - if (!page_encrypted) { - crypt_data->keys[0].key_version = version; - crypt_data->key_count++; - - if (crypt_data->key_count > array_elements(crypt_data->keys)) { - crypt_data->key_count = array_elements(crypt_data->keys); - } - } - - // set the key size to the aes block size because this encrypted data is the key - *key_length = MY_AES_BLOCK_SIZE; - memcpy(dst, buf, buflen); - } else { - // otherwise keybuf contains the right key - memcpy(dst, keybuf, *key_length); + if (rc != AES_OK) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to encrypt key-block " + " src: %p srclen: %d buf: %p buflen: %d." + " return-code: %d. Can't continue!\n", + src, srclen, buf, buflen, rc); + ut_error; } + crypt_data->keys[0].key_version = version; + crypt_data->key_count++; + *key_length = buflen; + crypt_data->keys[0].key_length = buflen; + + if (crypt_data->key_count > array_elements(crypt_data->keys)) { + crypt_data->key_count = array_elements(crypt_data->keys); + } + + memcpy(dst, buf, buflen); mutex_exit(&crypt_data->mutex); } @@ -299,8 +271,12 @@ fil_crypt_get_key(byte *dst, uint* key_length, Get key bytes for a space/latest(key-version) */ static inline void -fil_crypt_get_latest_key(byte *dst, uint* key_length, - fil_space_crypt_t* crypt_data, uint *version) +fil_crypt_get_latest_key( +/*=====================*/ + byte* dst, /*!< out: Key */ + uint* key_length, /*!< out: Key length */ + fil_space_crypt_t* crypt_data, /*!< in: crypt data */ + uint* version) /*!< in: Key version */ { if (srv_encrypt_tables) { // used for key rotation - get the next key id from the key provider @@ -312,29 +288,33 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length, } } - return fil_crypt_get_key(dst, key_length, crypt_data, *version, srv_encrypt_tables == FALSE); + return fil_crypt_get_key(dst, key_length, crypt_data, *version); } /****************************************************************** -Create a fil_space_crypt_t object */ +Create a fil_space_crypt_t object +@return crypt object */ UNIV_INTERN fil_space_crypt_t* fil_space_create_crypt_data() +/*=========================*/ { const uint iv_length = CRYPT_SCHEME_1_IV_LEN; const uint sz = sizeof(fil_space_crypt_t) + iv_length; fil_space_crypt_t* crypt_data = static_cast(malloc(sz)); + uint aes_method = current_aes_dynamic_method; + memset(crypt_data, 0, sz); if (srv_encrypt_tables == FALSE) { - crypt_data->type = CRYPT_SCHEME_UNENCRYPTED; crypt_data->min_key_version = 0; } else { - crypt_data->type = CRYPT_SCHEME_1; crypt_data->min_key_version = get_latest_encryption_key_version(); } + /* Set up the current AES method */ + crypt_data->type = (fil_crypt_method_t)fil_crypt_get_aes_method(aes_method); mutex_create(fil_crypt_data_mutex_key, &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->iv_length = iv_length; @@ -346,13 +326,18 @@ fil_space_create_crypt_data() Compare two crypt objects */ UNIV_INTERN int -fil_space_crypt_compare(const fil_space_crypt_t* crypt_data1, - const fil_space_crypt_t* crypt_data2) +fil_space_crypt_compare( +/*====================*/ + const fil_space_crypt_t* crypt_data1,/*!< in: Crypt data */ + const fil_space_crypt_t* crypt_data2)/*!< in: Crypt data */ { - ut_a(crypt_data1->type == CRYPT_SCHEME_UNENCRYPTED || - crypt_data1->type == CRYPT_SCHEME_1); - ut_a(crypt_data2->type == CRYPT_SCHEME_UNENCRYPTED || - crypt_data2->type == CRYPT_SCHEME_1); + ut_a(crypt_data1->type == CRYPT_SCHEME_1_UNENCRYPTED || + crypt_data1->type == CRYPT_SCHEME_1_CTR || + crypt_data1->type == CRYPT_SCHEME_1_CBC); + + ut_a(crypt_data2->type == CRYPT_SCHEME_1_UNENCRYPTED || + crypt_data2->type == CRYPT_SCHEME_1_CTR || + crypt_data1->type == CRYPT_SCHEME_1_CBC); ut_a(crypt_data1->iv_length == CRYPT_SCHEME_1_IV_LEN); ut_a(crypt_data2->iv_length == CRYPT_SCHEME_1_IV_LEN); @@ -365,10 +350,15 @@ fil_space_crypt_compare(const fil_space_crypt_t* crypt_data1, } /****************************************************************** -Read crypt data from a page (0) */ +Read crypt data from a page (0) +@return crypt data from page 0. */ UNIV_INTERN fil_space_crypt_t* -fil_space_read_crypt_data(ulint space, const byte* page, ulint offset) +fil_space_read_crypt_data( +/*======================*/ + ulint space, /*!< in: file space id*/ + const byte* page, /*!< in: page 0 */ + ulint offset) /*!< in: offset */ { if (memcmp(page + offset, EMPTY_PATTERN, MAGIC_SZ) == 0) { /* crypt is not stored */ @@ -393,8 +383,10 @@ fil_space_read_crypt_data(ulint space, const byte* page, ulint offset) ulint type = mach_read_from_1(page + offset + MAGIC_SZ + 0); - if (! (type == CRYPT_SCHEME_UNENCRYPTED || - type == CRYPT_SCHEME_1)) { + if (! (type == CRYPT_SCHEME_1_UNENCRYPTED || + type == CRYPT_SCHEME_1_CTR || + type == CRYPT_SCHEME_1_CBC)) { + ib_logf(IB_LOG_LEVEL_ERROR, "Found non sensible crypt scheme: %lu for space %lu " " offset: %lu bytes: " @@ -449,7 +441,9 @@ fil_space_read_crypt_data(ulint space, const byte* page, ulint offset) Free a crypt data object */ UNIV_INTERN void -fil_space_destroy_crypt_data(fil_space_crypt_t **crypt_data) +fil_space_destroy_crypt_data( +/*=========================*/ + fil_space_crypt_t **crypt_data) /*!< out: crypt data */ { if (crypt_data != NULL && (*crypt_data) != NULL) { /* lock (and unlock) mutex to make sure no one has it locked @@ -466,10 +460,14 @@ fil_space_destroy_crypt_data(fil_space_crypt_t **crypt_data) Write crypt data to a page (0) */ static void -fil_space_write_crypt_data_low(fil_space_crypt_t *crypt_data, - ulint type, - byte* page, ulint offset, - ulint maxsize, mtr_t* mtr) +fil_space_write_crypt_data_low( +/*===========================*/ + fil_space_crypt_t* crypt_data, /* 0 && offset < UNIV_PAGE_SIZE); ulint space_id = mach_read_from_4( @@ -492,10 +490,8 @@ fil_space_write_crypt_data_low(fil_space_crypt_t *crypt_data, mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, min_key_version, MLOG_4BYTES, mtr); - DBUG_EXECUTE_IF("ib_file_crypt_redo_crash_1", - ut_error;); - byte* log_ptr = mlog_open(mtr, 11 + 12 + len); + if (log_ptr != NULL) { log_ptr = mlog_write_initial_log_record_fast( page, @@ -515,25 +511,26 @@ fil_space_write_crypt_data_low(fil_space_crypt_t *crypt_data, mlog_catenate_string(mtr, crypt_data->iv, len); } - - DBUG_EXECUTE_IF("ib_file_crypt_redo_crash_2", - ut_error;); } /****************************************************************** Write crypt data to a page (0) */ UNIV_INTERN void -fil_space_write_crypt_data(ulint space, byte* page, ulint offset, - ulint maxsize, mtr_t* mtr) +fil_space_write_crypt_data( +/*=======================*/ + ulint space, /*mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } + /* For AES CTR create counter and AES CBS IV */ + mach_write_to_4(iv + 0, space); + ulint space_offset = mach_read_from_4(src_frame + FIL_PAGE_OFFSET); + mach_write_to_4(iv + 4, space_offset); + mach_write_to_8(iv + 8, lsn); ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED); - ibool page_encrypted = fil_space_is_page_encrypted(space); - ulint compression_alg = mach_read_from_8(src_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + ulint compression_algo = page_compressed ? mach_read_from_8(src_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION) : 0; - // copy page header + /* FIL page header is not encrypted */ memcpy(dst_frame, src_frame, FIL_PAGE_DATA); - if (page_encrypted && !page_compressed) { - // key id - mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, - key_version); - // original page type - mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 2, - orig_page_type); - // new page type - mach_write_to_2(dst_frame+FIL_PAGE_TYPE, FIL_PAGE_PAGE_ENCRYPTED); - } else { - // store key version - mach_write_to_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, - key_version); - } + /* Store key version */ + mach_write_to_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, key_version); - // encrypt page data + /* Calculate the start offset in a page */ ulint unencrypted_bytes = FIL_PAGE_DATA + FIL_PAGE_DATA_END; ulint srclen = page_size - unencrypted_bytes; const byte* src = src_frame + FIL_PAGE_DATA; byte* dst = dst_frame + FIL_PAGE_DATA; - uint32 dstlen; + uint32 dstlen=0; + /* For page compressed tables we encrypt only the actual compressed + payload. Note that first two bytes of page data is actual payload + size and that should not be encrypted. */ if (page_compressed) { - srclen = page_size - FIL_PAGE_DATA; + ulint payload = mach_read_from_2(src_frame + FIL_PAGE_DATA); + mach_write_to_2(dst_frame + FIL_PAGE_DATA, payload); + srclen = payload; + src+=2; + dst+=2; } - int rc = (* my_aes_encrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); + /* Get encryption method */ + my_aes_encrypt_dynamic_type func = get_aes_encrypt_func((enum_my_aes_encryption_algorithm)fil_crypt_map_aes_method(aes_method)); + + /* Encrypt the data */ + int rc = (*func)(src, /* Original page */ + srclen, /* Page length */ + dst, /* Output buffer */ + &dstlen, /* Output length */ + key, /* Encryption key */ + key_length, /* Key length */ + iv, /* IV */ + sizeof(iv), /* IV length */ + 1); /* Use noPadding */ if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -735,18 +767,164 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, ut_error; } + /* Set up the checksum */ + mach_write_to_4(dst_frame+FIL_PAGE_SPACE_OR_CHKSUM, BUF_NO_CHECKSUM_MAGIC); + + /* For compressed tables we do not store the FIL header because + the whole page is not stored to the disk. In compressed tables only + the FIL header + compressed (and now encrypted) payload alligned + to sector boundary is written. */ if (!page_compressed) { - // copy page trailer + /* FIL page trailer is also not encrypted */ memcpy(dst_frame + page_size - FIL_PAGE_DATA_END, src_frame + page_size - FIL_PAGE_DATA_END, FIL_PAGE_DATA_END); + } - /* handle post encryption checksum */ + /* Store AES encryption method */ + mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4, + aes_method); + /* Store compression algorithm (for page compresed tables) or 0 */ + mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 6, + compression_algo); +} + +/********************************************************************* +Check if extra buffer shall be allocated for decrypting after read +@return true if fil space has encryption data. */ +UNIV_INTERN +bool +fil_space_check_encryption_read( +/*=============================*/ + ulint space) /*!< in: tablespace id */ +{ + fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); + + if (crypt_data == NULL) { + return false; + } + + if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { + return false; + } + + return true; +} + +/****************************************************************** +Decrypt a page +@return true if page was encrypted */ +UNIV_INTERN +bool +fil_space_decrypt( +/*==============*/ + fil_space_crypt_t* crypt_data, /*!< in: crypt data */ + const byte* src_frame, /*!< in: input buffer */ + ulint page_size, /*!< in: page size */ + byte* dst_frame) /*!< out: output buffer */ +{ + ulint page_type = mach_read_from_2(src_frame+FIL_PAGE_TYPE); + uint key_version = mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + bool page_compressed = (page_type == FIL_PAGE_PAGE_COMPRESSED); + ulint compression_algo = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 6); + uint aes_method = 0; + + /* Page is not encrypted if key_version is 0 */ + if (key_version == 0) { + //TODO: is this really needed ? + memcpy(dst_frame, src_frame, page_size); + return false; /* page not decrypted */ + } + + /* read space & offset & lsn */ + ulint space = mach_read_from_4( + src_frame + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); + ulint offset = mach_read_from_4( + src_frame + FIL_PAGE_OFFSET); + ib_uint64_t lsn = mach_read_from_8(src_frame + FIL_PAGE_LSN); + + /* Copy FIL page header, it is not encrypted */ + memcpy(dst_frame, src_frame, FIL_PAGE_DATA); + + /* Get key */ + byte key[MY_AES_MAX_KEY_LENGTH]; + uint key_length; + unsigned char iv[MY_AES_BLOCK_SIZE]; + fil_crypt_get_key(key, &key_length, crypt_data, key_version); + aes_method = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4); + + /* Verify used AES method */ + if ( aes_method != CRYPT_SCHEME_1_CTR && + aes_method != CRYPT_SCHEME_1_CBC) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to decrypt data-block " + " aes_method: %d unknown!\n", + aes_method); + ut_error; + } + + /* Create counter used as IV */ + mach_write_to_4(iv + 0, space); + mach_write_to_4(iv + 4, offset); + mach_write_to_8(iv + 8, lsn); + + /* Calculate the offset where decryption starts */ + const byte* src = src_frame + FIL_PAGE_DATA; + byte* dst = dst_frame + FIL_PAGE_DATA; + uint32 dstlen=0; + ulint srclen = page_size - (FIL_PAGE_DATA + FIL_PAGE_DATA_END); + + /* For page compressed tables we decrypt only the actual compressed + payload. Note that first two bytes of page data is actual payload + size and that should not be decrypted. */ + if (page_compressed) { + ulint compressed_len = mach_read_from_2(src_frame + FIL_PAGE_DATA); + src+=2; + dst+=2; + mach_write_to_2(dst_frame + FIL_PAGE_DATA, compressed_len); + srclen = compressed_len; + } + + /* Get AES method */ + my_aes_encrypt_dynamic_type func = get_aes_decrypt_func((enum_my_aes_encryption_algorithm)fil_crypt_map_aes_method(aes_method)); + + /* Decrypt the data */ + int rc = (*func)(src, /* Data to be encrypted */ + srclen, /* data length */ + dst, /* Output buffer */ + &dstlen, /* Output buffer */ + key, /* Key */ + key_length, /* Key length */ + iv, /* IV */ + sizeof(iv), /* IV-length */ + 1); /* NoPadding */ + + if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to decrypt data-block " + " src: %p srclen: %ld buf: %p buflen: %d." + " return-code: %d. Can't continue!\n", + src, (long)srclen, + dst, dstlen, rc); + ut_error; + } + + /* For compressed tables we do not store the FIL header because + the whole page is not stored to the disk. In compressed tables only + the FIL header + compressed (and now encrypted) payload alligned + to sector boundary is written. */ + if (!page_compressed) { + /* Copy FIL trailer */ + memcpy(dst_frame + page_size - FIL_PAGE_DATA_END, + src_frame + page_size - FIL_PAGE_DATA_END, + FIL_PAGE_DATA_END); + + /* handle post decryption checksum */ ib_uint32_t checksum = 0; srv_checksum_algorithm_t algorithm = static_cast(srv_checksum_algorithm); - if (zip_size == 0) { + if (page_size == UNIV_PAGE_SIZE) { switch (algorithm) { case SRV_CHECKSUM_ALGORITHM_CRC32: case SRV_CHECKSUM_ALGORITHM_STRICT_CRC32: @@ -765,173 +943,23 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, * if new enum is added and not handled here */ } } else { - checksum = page_zip_calc_checksum(dst_frame, zip_size, + checksum = page_zip_calc_checksum(dst_frame, page_size, algorithm); } - // store the post-encryption checksum after the key-version - mach_write_to_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4, - checksum); - } else { - /* Page compressed and encrypted tables have different - FIL_HEADER */ - ulint page_len = log10((double)page_size)/log10((double)2); - /* Set up the correct page type */ - mach_write_to_2(dst_frame+FIL_PAGE_TYPE, FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED); - /* Set up the compression algorithm */ - mach_write_to_2(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+4, orig_page_type); - /* Set up the compressed size */ - mach_write_to_1(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+6, page_len); - /* Set up the compression method */ - mach_write_to_1(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+7, compression_alg); + mach_write_to_4(dst_frame + FIL_PAGE_SPACE_OR_CHKSUM, checksum); + + fprintf(stderr, "KUKKU %ld:%lu\n", mach_read_from_4(dst_frame + FIL_PAGE_SPACE_OR_CHKSUM), + mach_read_from_4(dst_frame + FIL_PAGE_END_LSN_OLD_CHKSUM)); } -} - -/********************************************************************* -Check if extra buffer shall be allocated for decrypting after read */ -UNIV_INTERN -bool -fil_space_check_encryption_read( -/*==============================*/ - ulint space) /*!< in: tablespace id */ -{ - fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); - - if (crypt_data == NULL) { - return false; - } - - if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { - return false; - } - - return true; -} - -/****************************************************************** -Decrypt a page */ -UNIV_INTERN -bool -fil_space_decrypt(fil_space_crypt_t* crypt_data, - const byte* src_frame, ulint page_size, byte* dst_frame) -{ - ulint page_type = mach_read_from_2(src_frame+FIL_PAGE_TYPE); - // key version - uint key_version; - bool page_encrypted = (page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED - || page_type == FIL_PAGE_PAGE_ENCRYPTED); - - bool page_compressed = (page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED - || page_type == FIL_PAGE_PAGE_COMPRESSED); - - ulint orig_page_type=0; - - if (page_type == FIL_PAGE_PAGE_ENCRYPTED) { - key_version = mach_read_from_2( - src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - orig_page_type = mach_read_from_2( - src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 2); - } else { - key_version = mach_read_from_4( - src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - } - - if (key_version == 0 && !page_encrypted) { - //TODO: is this really needed ? - memcpy(dst_frame, src_frame, page_size); - return false; /* page not decrypted */ - } - - // read space & offset & lsn - ulint space = mach_read_from_4( - src_frame + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); - ulint offset = mach_read_from_4( - src_frame + FIL_PAGE_OFFSET); - ib_uint64_t lsn = mach_read_from_8(src_frame + FIL_PAGE_LSN); - - // copy page header - memcpy(dst_frame, src_frame, FIL_PAGE_DATA); - - if (page_type == FIL_PAGE_PAGE_ENCRYPTED) { - // orig page type - mach_write_to_2(dst_frame+FIL_PAGE_TYPE, orig_page_type); - } - - // get key - byte key[MY_AES_MAX_KEY_LENGTH]; - uint key_length; - fil_crypt_get_key(key, &key_length, crypt_data, key_version, page_encrypted); - - // get the iv - unsigned char iv[MY_AES_BLOCK_SIZE]; - - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { - // create counter block - - mach_write_to_4(iv + 0, space); - mach_write_to_4(iv + 4, offset); - mach_write_to_8(iv + 8, lsn); - } else { - // Get random IV from crypt_data - mutex_enter(&crypt_data->mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } - - const byte* src = src_frame + FIL_PAGE_DATA; - byte* dst = dst_frame + FIL_PAGE_DATA; - uint32 dstlen; - ulint srclen = page_size - (FIL_PAGE_DATA + FIL_PAGE_DATA_END); - ulint compressed_len; - ulint compression_method; + /* Clear key-version & aes_method from dst */ + memset(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, 0, 8); + /* For page compressed tables store compression algorithm back */ if (page_compressed) { - orig_page_type = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+4); - compressed_len = mach_read_from_1(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+6); - compression_method = mach_read_from_1(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+7); - } - - if (page_encrypted && !page_compressed) { - orig_page_type = mach_read_from_2(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION+2); - } - - if (page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { - srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; - } - - int rc = (* my_aes_decrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); - - if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Unable to decrypt data-block " - " src: %p srclen: %ld buf: %p buflen: %d." - " return-code: %d. Can't continue!\n", - src, (long)srclen, - dst, dstlen, rc); - ut_error; - } - - if (page_type != FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { - // copy page trailer - memcpy(dst_frame + page_size - FIL_PAGE_DATA_END, - src_frame + page_size - FIL_PAGE_DATA_END, - FIL_PAGE_DATA_END); - - // clear key-version & crypt-checksum from dst - memset(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, 0, 8); - } else { - /* For page compressed tables we set up the FIL_HEADER again */ - /* setting original page type */ - mach_write_to_2(dst_frame + FIL_PAGE_TYPE, orig_page_type); - /* page_compression uses BUF_NO_CHECKSUM_MAGIC as checksum */ - mach_write_to_4(dst_frame + FIL_PAGE_SPACE_OR_CHKSUM, BUF_NO_CHECKSUM_MAGIC); - /* Set up the flush lsn to be compression algorithm */ - mach_write_to_8(dst_frame+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, compression_method); + mach_write_to_8(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION, + compression_algo); } return true; /* page was decrypted */ @@ -941,8 +969,12 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, Decrypt a page */ UNIV_INTERN void -fil_space_decrypt(ulint space, - const byte* src_frame, ulint page_size, byte* dst_frame) +fil_space_decrypt( +/*==============*/ + ulint space, /*!< in: Fil space id */ + const byte* src_frame, /*!< in: input buffer */ + ulint page_size, /*!< in: page size */ + byte* dst_frame) /*!< out: output buffer */ { fil_space_decrypt(fil_space_get_crypt_data(space), src_frame, page_size, dst_frame); @@ -953,8 +985,13 @@ Verify checksum for a page (iff it's encrypted) NOTE: currently this function can only be run in single threaded mode as it modifies srv_checksum_algorithm (temporarily) @return true if page is encrypted AND OK, false otherwise */ +UNIV_INTERN bool -fil_space_verify_crypt_checksum(const byte* src_frame, ulint zip_size) +fil_space_verify_crypt_checksum( +/*============================*/ + const byte* src_frame, /*!< in: page the verify */ + ulint zip_size) /*!< in: compressed size if + row_format compressed */ { // key version uint key_version = mach_read_from_4( @@ -1041,7 +1078,8 @@ struct key_state_t { Copy global key state */ static void fil_crypt_get_key_state( - key_state_t *new_state) +/*====================*/ + key_state_t *new_state) /*!< out: key state */ { if (srv_encrypt_tables == TRUE) { new_state->key_version = get_latest_encryption_key_version(); @@ -1054,9 +1092,13 @@ fil_crypt_get_key_state( } /*********************************************************************** -Check if a key needs rotation given a key_state */ +Check if a key needs rotation given a key_state +@return true if key needs rotation, false if not */ static bool -fil_crypt_needs_rotation(uint key_version, const key_state_t *key_state) +fil_crypt_needs_rotation( +/*=====================*/ + uint key_version, /*!< in: Key version */ + const key_state_t* key_state) /*!< in: Key state */ { // TODO(jonaso): Add support for rotating encrypted => unencrypted @@ -1081,9 +1123,13 @@ fil_crypt_needs_rotation(uint key_version, const key_state_t *key_state) } /*********************************************************************** -Check if a space is closing (i.e just before drop) */ -UNIV_INTERN bool -fil_crypt_is_closing(ulint space) +Check if a space is closing (i.e just before drop) +@return true if space is closing, false if not. */ +UNIV_INTERN +bool +fil_crypt_is_closing( +/*=================*/ + ulint space) /*!< in: FIL space id */ { bool closing; fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -1097,16 +1143,22 @@ fil_crypt_is_closing(ulint space) Start encrypting a space @return true if a pending op (fil_inc_pending_ops/fil_decr_pending_ops) is held */ -static bool -fil_crypt_start_encrypting_space(ulint space, bool *recheck) { +static +bool +fil_crypt_start_encrypting_space( +/*=============================*/ + ulint space, /*!< in: FIL space id */ + bool* recheck)/*!< out: true if recheck needed */ +{ /* we have a pending op when entering function */ bool pending_op = true; + uint aes_method = current_aes_dynamic_method; mutex_enter(&fil_crypt_threads_mutex); fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); - ibool page_encrypted = fil_space_is_page_encrypted(space); + ibool page_encrypted = (crypt_data != NULL); /*If spage is not encrypted and encryption is not enabled, then do not continue encrypting the space. */ @@ -1184,7 +1236,7 @@ fil_crypt_start_encrypting_space(ulint space, bool *recheck) { /* 4 - write crypt data to page 0 */ fil_space_write_crypt_data_low(crypt_data, - CRYPT_SCHEME_1, + fil_crypt_get_aes_method(aes_method), frame, crypt_data->page0_offset, maxsize, &mtr); @@ -1232,7 +1284,7 @@ fil_crypt_start_encrypting_space(ulint space, bool *recheck) { /* 5 - publish crypt data */ mutex_enter(&fil_crypt_threads_mutex); mutex_enter(&crypt_data->mutex); - crypt_data->type = CRYPT_SCHEME_1; + crypt_data->type = fil_crypt_get_aes_method(aes_method); ut_a(crypt_data->rotate_state.active_threads == 1); crypt_data->rotate_state.active_threads = 0; crypt_data->rotate_state.starting = false; @@ -1257,10 +1309,14 @@ fil_crypt_start_encrypting_space(ulint space, bool *recheck) { } /*********************************************************************** -Check if space needs rotation given a key_state */ -static bool -fil_crypt_space_needs_rotation(uint space, const key_state_t *key_state, - bool *recheck) +Check if space needs rotation given a key_state +@return true if space needs key rotation */ +static +bool +fil_crypt_space_needs_rotation( + uint space, /*!< in: FIL space id */ + const key_state_t* key_state, /*!< in: Key state */ + bool* recheck) /*!< out: needs recheck ? */ { if (fil_space_get_type(space) != FIL_TABLESPACE) { return false; @@ -1374,7 +1430,9 @@ struct rotate_thread_t { /*********************************************************************** Update global statistics with thread statistics */ static void -fil_crypt_update_total_stat(rotate_thread_t *state) +fil_crypt_update_total_stat( +/*========================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { mutex_enter(&crypt_stat_mutex); crypt_stat.pages_read_from_cache += @@ -1397,9 +1455,13 @@ fil_crypt_update_total_stat(rotate_thread_t *state) /*********************************************************************** Allocate iops to thread from global setting, -used before starting to rotate a space */ -static bool -fil_crypt_alloc_iops(rotate_thread_t *state) +used before starting to rotate a space. +@return true if allocation succeeded, false if failed */ +static +bool +fil_crypt_alloc_iops( +/*=================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { ut_ad(state->allocated_iops == 0); @@ -1429,8 +1491,11 @@ fil_crypt_alloc_iops(rotate_thread_t *state) /*********************************************************************** Reallocate iops to thread, used when inside a space */ -static void -fil_crypt_realloc_iops(rotate_thread_t *state) +static +void +fil_crypt_realloc_iops( +/*========================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { ut_a(state->allocated_iops > 0); @@ -1519,8 +1584,11 @@ fil_crypt_realloc_iops(rotate_thread_t *state) /*********************************************************************** Return allocated iops to global */ -static void -fil_crypt_return_iops(rotate_thread_t *state) +static +void +fil_crypt_return_iops( +/*========================*/ + rotate_thread_t *state) /*!< in: Key rotation status */ { if (state->allocated_iops > 0) { uint iops = state->allocated_iops; @@ -1544,11 +1612,14 @@ fil_crypt_return_iops(rotate_thread_t *state) /*********************************************************************** Search for a space needing rotation */ +UNIV_INTERN bool fil_crypt_find_space_to_rotate( - const key_state_t *key_state, - rotate_thread_t *state, - bool *recheck) +/*===========================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state, /*!< in: Key rotation state */ + bool* recheck) /*!< out: true if recheck + needed */ { /* we need iops to start rotating */ while (!state->should_shutdown() && !fil_crypt_alloc_iops(state)) { @@ -1591,8 +1662,9 @@ Start rotating a space */ static void fil_crypt_start_rotate_space( - const key_state_t *key_state, - rotate_thread_t *state) +/*=========================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -1629,12 +1701,14 @@ fil_crypt_start_rotate_space( } /*********************************************************************** -Search for batch of pages needing rotation */ +Search for batch of pages needing rotation +@return true if page needing key rotation found, false if not found */ static bool fil_crypt_find_page_to_rotate( - const key_state_t *key_state, - rotate_thread_t *state) +/*==========================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint batch = srv_alloc_time * state->allocated_iops; ulint space = state->space; @@ -1665,9 +1739,15 @@ fil_crypt_find_page_to_rotate( } /*********************************************************************** -Check if a page is uninitialized (doesn't need to be rotated) */ -static bool -fil_crypt_is_page_uninitialized(const byte* frame, uint zip_size) +Check if a page is uninitialized (doesn't need to be rotated) +@return true if page is uninitialized, false if not.*/ +static +bool +fil_crypt_is_page_uninitialized( +/*============================*/ + const byte *frame, /*!< in: Page */ + uint zip_size) /*!< in: compressed size if + row_format compressed */ { if (zip_size) { ulint stored_checksum = mach_read_from_4( @@ -1696,15 +1776,20 @@ fil_crypt_is_page_uninitialized(const byte* frame, uint zip_size) sleeptime_ms, __FILE__, __LINE__) /*********************************************************************** -Get a page and compute sleep time */ +Get a page and compute sleep time +@return page */ static buf_block_t* -fil_crypt_get_page_throttle_func(rotate_thread_t *state, - ulint space, uint zip_size, ulint offset, - mtr_t *mtr, - ulint *sleeptime_ms, - const char *file, - ulint line) +fil_crypt_get_page_throttle_func( + rotate_thread_t* state, /*!< in/out: Key rotation state */ + ulint space, /*!< in: FIL space id */ + uint zip_size, /*!< in: compressed size if + row_format compressed */ + ulint offset, /*!< in: page offsett */ + mtr_t* mtr, /*!< in/out: minitransaction */ + ulint* sleeptime_ms, /*!< out: sleep time */ + const char* file, /*!< in: file name */ + ulint line) /*!< in: file line */ { buf_block_t* block = buf_page_try_get_func(space, offset, RW_X_LATCH, true, @@ -1753,17 +1838,22 @@ Get block and allocation status note: innodb locks fil_space_latch and then block when allocating page but locks block and then fil_space_latch when freeing page. +@return block */ static buf_block_t* btr_scrub_get_block_and_allocation_status( - rotate_thread_t *state, - ulint space, - ulint zip_size, - ulint offset, - mtr_t *mtr, +/*======================================*/ + rotate_thread_t* state, /*!< in/out: Key rotation state */ + ulint space, /*!< in: FIL space id */ + uint zip_size, /*!< in: compressed size if + row_format compressed */ + ulint offset, /*!< in: page offsett */ + mtr_t* mtr, /*!< in/out: minitransaction + */ btr_scrub_page_allocation_status_t *allocation_status, - ulint *sleeptime_ms) + /*!< in/out: allocation status */ + ulint* sleeptime_ms) /*!< out: sleep time */ { mtr_t local_mtr; buf_block_t *block = NULL; @@ -1807,8 +1897,9 @@ Rotate one page */ static void fil_crypt_rotate_page( - const key_state_t *key_state, - rotate_thread_t *state) +/*===================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; ulint offset = state->offset; @@ -1960,8 +2051,9 @@ Rotate a batch of pages */ static void fil_crypt_rotate_pages( - const key_state_t *key_state, - rotate_thread_t *state) +/*===================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; ulint end = state->offset + state->batch; @@ -1989,7 +2081,10 @@ fil_crypt_rotate_pages( Flush rotated pages and then update page 0 */ static void -fil_crypt_flush_space(rotate_thread_t *state, ulint space) +fil_crypt_flush_space( +/*==================*/ + rotate_thread_t* state, /*!< in: Key rotation state */ + ulint space) /*!< in: FIL space id */ { fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -2033,9 +2128,10 @@ fil_crypt_flush_space(rotate_thread_t *state, ulint space) RW_X_LATCH, NULL, BUF_GET, __FILE__, __LINE__, &mtr); byte* frame = buf_block_get_frame(block); - ulint maxsize = 0; + ulint maxsize; crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); + fil_space_write_crypt_data(space, frame, crypt_data->page0_offset, ULINT_MAX, &mtr); @@ -2048,8 +2144,9 @@ Complete rotating a space */ static void fil_crypt_complete_rotate_space( - const key_state_t *key_state, - rotate_thread_t *state) +/*============================*/ + const key_state_t* key_state, /*!< in: Key state */ + rotate_thread_t* state) /*!< in: Key rotation state */ { ulint space = state->space; fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space); @@ -2123,7 +2220,7 @@ A thread which monitors global key state and rotates tablespaces accordingly extern "C" UNIV_INTERN os_thread_ret_t DECLARE_THREAD(fil_crypt_thread)( -/*===============================*/ +/*=============================*/ void* arg __attribute__((unused))) /*!< in: a dummy parameter required * by os_thread_create */ { @@ -2240,13 +2337,19 @@ DECLARE_THREAD(fil_crypt_thread)( Adjust thread count for key rotation */ UNIV_INTERN void -fil_crypt_set_thread_cnt(uint new_cnt) +fil_crypt_set_thread_cnt( +/*=====================*/ + uint new_cnt) /*!< in: New key rotation thread count */ { if (new_cnt > srv_n_fil_crypt_threads) { uint add = new_cnt - srv_n_fil_crypt_threads; srv_n_fil_crypt_threads = new_cnt; for (uint i = 0; i < add; i++) { - os_thread_create(fil_crypt_thread, NULL, NULL); + os_thread_id_t rotation_thread_id; + os_thread_create(fil_crypt_thread, NULL, &rotation_thread_id); + ib_logf(IB_LOG_LEVEL_INFO, + "Creating #%d thread id %lu total threads %du\n", + i, os_thread_pf(rotation_thread_id), new_cnt); } } else if (new_cnt < srv_n_fil_crypt_threads) { srv_n_fil_crypt_threads = new_cnt; @@ -2263,7 +2366,9 @@ fil_crypt_set_thread_cnt(uint new_cnt) Adjust max key age */ UNIV_INTERN void -fil_crypt_set_rotate_key_age(uint val) +fil_crypt_set_rotate_key_age( +/*=========================*/ + uint val) /*!< in: New max key age */ { srv_fil_crypt_rotate_key_age = val; os_event_set(fil_crypt_threads_event); @@ -2273,7 +2378,9 @@ fil_crypt_set_rotate_key_age(uint val) Adjust rotation iops */ UNIV_INTERN void -fil_crypt_set_rotation_iops(uint val) +fil_crypt_set_rotation_iops( +/*========================*/ + uint val) /*!< in: New iops setting */ { srv_n_fil_crypt_iops = val; os_event_set(fil_crypt_threads_event); @@ -2284,6 +2391,7 @@ Init threads for key rotation */ UNIV_INTERN void fil_crypt_threads_init() +/*====================*/ { fil_crypt_event = os_event_create(); fil_crypt_threads_event = os_event_create(); @@ -2300,6 +2408,7 @@ End threads for key rotation */ UNIV_INTERN void fil_crypt_threads_end() +/*===================*/ { /* stop threads */ fil_crypt_set_thread_cnt(0); @@ -2309,7 +2418,9 @@ fil_crypt_threads_end() Clean up key rotation threads resources */ UNIV_INTERN void -fil_crypt_threads_cleanup() { +fil_crypt_threads_cleanup() +/*=======================*/ +{ os_event_free(fil_crypt_event); os_event_free(fil_crypt_threads_event); } @@ -2319,7 +2430,8 @@ Mark a space as closing */ UNIV_INTERN void fil_space_crypt_mark_space_closing( - ulint space) +/*===============================*/ + ulint space) /*!< in: Space id */ { mutex_enter(&fil_crypt_threads_mutex); fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); @@ -2340,7 +2452,8 @@ Wait for crypt threads to stop accessing space */ UNIV_INTERN void fil_space_crypt_close_tablespace( - ulint space) +/*=============================*/ + ulint space) /*!< in: Space id */ { mutex_enter(&fil_crypt_threads_mutex); fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); @@ -2352,11 +2465,14 @@ fil_space_crypt_close_tablespace( uint start = time(0); uint last = start; + mutex_enter(&crypt_data->mutex); mutex_exit(&fil_crypt_threads_mutex); crypt_data->closing = true; + uint cnt = crypt_data->rotate_state.active_threads; bool flushing = crypt_data->rotate_state.flushing; + while (cnt > 0 || flushing) { mutex_exit(&crypt_data->mutex); /* release dict mutex so that scrub threads can release their @@ -2386,11 +2502,12 @@ fil_space_crypt_close_tablespace( /********************************************************************* Get crypt status for a space (used by information_schema) return 0 if crypt data present */ +UNIV_INTERN int fil_space_crypt_get_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_crypt_status_t* status) /*!< out: status */ +/*=======================*/ + ulint id, /*!< in: space id */ + struct fil_space_crypt_status_t* status) /*!< out: status */ { fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(id); @@ -2400,6 +2517,7 @@ fil_space_crypt_get_status( mutex_enter(&crypt_data->mutex); status->keyserver_requests = crypt_data->keyserver_requests; status->min_key_version = crypt_data->min_key_version; + if (crypt_data->rotate_state.active_threads > 0 || crypt_data->rotate_state.flushing) { status->rotating = true; @@ -2427,8 +2545,11 @@ fil_space_crypt_get_status( /********************************************************************* Return crypt statistics */ +UNIV_INTERN void -fil_crypt_total_stat(fil_crypt_stat_t *stat) +fil_crypt_total_stat( +/*=================*/ + fil_crypt_stat_t *stat) /*!< out: Crypt statistics */ { mutex_enter(&crypt_stat_mutex); *stat = crypt_stat; @@ -2438,11 +2559,12 @@ fil_crypt_total_stat(fil_crypt_stat_t *stat) /********************************************************************* Get scrub status for a space (used by information_schema) return 0 if data found */ +UNIV_INTERN int fil_space_get_scrub_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_scrub_status_t* status) /*!< out: status */ +/*=======================*/ + ulint id, /*!< in: space id */ + struct fil_space_scrub_status_t* status) /*!< out: status */ { fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(id); memset(status, 0, sizeof(*status)); diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 14878f59f7d..6b776edd2f9 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -27,8 +27,7 @@ Created 10/25/1995 Heikki Tuuri #include "fil0fil.h" #include "fil0pagecompress.h" #include "fsp0pagecompress.h" -#include "fil0pageencryption.h" -#include "fsp0pageencryption.h" +#include "fil0crypt.h" #include #include @@ -287,7 +286,7 @@ fil_read( actual page size does not decrease. */ { return(fil_io(OS_FILE_READ, sync, space_id, zip_size, block_offset, - byte_offset, len, buf, message, write_size, 0, false)); + byte_offset, len, buf, message, write_size)); } /********************************************************************//** @@ -314,18 +313,16 @@ fil_write( this must be appropriately aligned */ void* message, /*!< in: message for aio handler if non-sync aio used, else ignored */ - ulint* write_size, /*!< in/out: Actual write size initialized + ulint* write_size) /*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: encrypt later ? */ { ut_ad(!srv_read_only_mode); return(fil_io(OS_FILE_WRITE, sync, space_id, zip_size, block_offset, - byte_offset, len, buf, message, write_size, lsn, encrypt_later)); + byte_offset, len, buf, message, write_size)); } /*******************************************************************//** @@ -651,10 +648,9 @@ fil_node_open_file( set */ page = static_cast(ut_align(buf2, UNIV_PAGE_SIZE)); - success = os_file_read(node->handle, page, 0, UNIV_PAGE_SIZE, - space->flags); + success = os_file_read(node->handle, page, 0, UNIV_PAGE_SIZE); - if (fil_page_encryption_status(page)) { + if (fil_page_is_encrypted(page)) { /* if page is (still) encrypted, write an error and return. * Otherwise the server would crash if decrypting is not possible. * This may be the case, if the key file could not be @@ -1191,21 +1187,6 @@ fil_space_create( ut_a(fil_system); - if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { - /* by returning here it should be avoided that - * the server crashes, if someone tries to access an - * encrypted table and the encryption key is not available. - * The the table is treaded as non-existent. - */ - ib_logf(IB_LOG_LEVEL_WARN, - "Tablespace '%s' can not be opened, because " - " encryption key can not be found (space id: %lu, key %lu)\n" - , name, (ulong) id, fsp_flags_get_page_encryption_key(flags)); - return (FALSE); - } - } - /* Look for a matching tablespace and if found free it. */ do { mutex_enter(&fil_system->mutex); @@ -1879,7 +1860,7 @@ fil_write_lsn_and_arch_no_to_file( lsn); err = fil_write(TRUE, space, 0, sum_of_sizes, 0, - UNIV_PAGE_SIZE, buf, NULL, 0, 0, false); + UNIV_PAGE_SIZE, buf, NULL, 0); } mem_free(buf1); @@ -1970,13 +1951,10 @@ fil_check_first_page( or the encryption key is not available, the check for reading the first page should intentionally fail with "can not decrypt" message. */ - page_is_encrypted = fil_page_encryption_status(page); - if (page_is_encrypted == PAGE_ENCRYPTION_KEY_MISSING && page_is_encrypted) { - page_is_encrypted = 1; - } else { - page_is_encrypted = 0; + page_is_encrypted = fil_page_encryption_status(page, space_id); + if (!page_is_encrypted) { if (UNIV_PAGE_SIZE != fsp_flags_get_page_size(flags)) { - fprintf(stderr, + fprintf(stderr, "InnoDB: Error: Current page size %lu != " " page size on page %lu\n", UNIV_PAGE_SIZE, fsp_flags_get_page_size(flags)); @@ -2006,7 +1984,7 @@ fil_check_first_page( /* this error message is interpreted by the calling method, which is * executed if the server starts in recovery mode. */ - return(MSG_CANNOT_DECRYPT); + return(FIL_MSG_CANNOT_DECRYPT); } } @@ -2053,10 +2031,7 @@ fil_read_first_page( page = static_cast(ut_align(buf, UNIV_PAGE_SIZE)); - os_file_read(data_file, page, 0, UNIV_PAGE_SIZE, - orig_space_id != ULINT_UNDEFINED ? - fil_space_is_page_compressed(orig_space_id) : - FALSE); + os_file_read(data_file, page, 0, UNIV_PAGE_SIZE); /* The FSP_HEADER on page 0 is only valid for the first file in a tablespace. So if this is not the first datafile, leave @@ -4106,8 +4081,7 @@ fil_user_tablespace_find_space_id( for (ulint j = 0; j < page_count; ++j) { - st = os_file_read(fsp->file, page, (j* page_size), page_size, - fsp_flags_is_page_compressed(fsp->flags)); + st = os_file_read(fsp->file, page, (j* page_size), page_size); if (!st) { ib_logf(IB_LOG_LEVEL_INFO, @@ -4250,7 +4224,7 @@ check_first_page: "%s in tablespace %s (table %s)", check_msg, fsp->filepath, tablename); fsp->success = FALSE; - if (strncmp(check_msg, MSG_CANNOT_DECRYPT, strlen(check_msg))==0) { + if (strncmp(check_msg, FIL_MSG_CANNOT_DECRYPT, strlen(check_msg))==0) { /* by returning here, it should be avoided, that the server crashes, * if started in recovery mode and can not decrypt tables, if * the key file can not be read. @@ -5258,7 +5232,7 @@ retry: success = os_aio(OS_FILE_WRITE, OS_AIO_SYNC, node->name, node->handle, buf, offset, page_size * n_pages, - node, NULL, space_id, NULL, 0, 0, 0, 0, 0, 0, false); + node, NULL, space_id, NULL, 0); #endif /* UNIV_HOTBACKUP */ DBUG_EXECUTE_IF("ib_os_aio_func_io_failure_28", @@ -5643,9 +5617,7 @@ _fil_io( operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - trx_t* trx, - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: encrypt later ? */ + trx_t* trx) { ulint mode; fil_space_t* space; @@ -5655,10 +5627,6 @@ _fil_io( ulint wake_later; os_offset_t offset; ibool ignore_nonexistent_pages; - ibool page_compressed = FALSE; - ulint page_compression_level = 0; - ibool page_encrypted; - ulint page_encryption_key; is_log = type & OS_FILE_LOG; type = type & ~OS_FILE_LOG; @@ -5726,13 +5694,6 @@ _fil_io( space = fil_space_get_by_id(space_id); - page_compressed = fsp_flags_is_page_compressed(space->flags); - page_compression_level = fsp_flags_get_page_compression_level(space->flags); - - page_encrypted = fsp_flags_is_page_encrypted(space->flags); - page_encryption_key = fsp_flags_get_page_encryption_key(space->flags); - - /* If we are deleting a tablespace we don't allow any read operations on that. However, we do allow write operations. */ if (space == 0 || (type == OS_FILE_READ && space->stop_new_ops)) { @@ -5889,13 +5850,7 @@ _fil_io( message, space_id, trx, - page_compressed, - page_compression_level, - write_size, - page_encrypted, - page_encryption_key, - lsn, - encrypt_later); + write_size); #else /* In mysqlbackup do normal i/o, not aio */ @@ -6454,9 +6409,7 @@ fil_iterate( readptr = iter.crypt_io_buffer; } - if (!os_file_read(iter.file, readptr, offset, - (ulint) n_bytes, - fil_space_is_page_compressed(space_id))) { + if (!os_file_read(iter.file, readptr, offset, (ulint) n_bytes)) { ib_logf(IB_LOG_LEVEL_ERROR, "os_file_read() failed"); @@ -6607,8 +6560,7 @@ fil_tablespace_iterate( /* Read the first page and determine the page and zip size. */ - if (!os_file_read(file, page, 0, UNIV_PAGE_SIZE, - dict_tf_get_page_compression(table->flags))) { + if (!os_file_read(file, page, 0, UNIV_PAGE_SIZE)) { err = DB_IO_ERROR; @@ -6668,7 +6620,7 @@ fil_tablespace_iterate( if (iter.crypt_data != NULL) { /* clear crypt data from page 0 and write it back */ - os_file_read(file, page, 0, UNIV_PAGE_SIZE, 0); + os_file_read(file, page, 0, UNIV_PAGE_SIZE); fil_space_clear_crypt_data(page, crypt_data_offset); lsn_t lsn = mach_read_from_8(page + FIL_PAGE_LSN); if (callback.get_zip_size() == 0) { @@ -6915,79 +6867,6 @@ fil_system_exit(void) mutex_exit(&fil_system->mutex); } -/*******************************************************************//** -Return space name */ -char* -fil_space_name( -/*===========*/ - fil_space_t* space) /*!< in: space */ -{ - return (space->name); -} - -/*******************************************************************//** -Return space flags */ -ulint -fil_space_flags( -/*===========*/ - fil_space_t* space) /*!< in: space */ -{ - return (space->flags); -} - -/*******************************************************************//** -Return page type name */ -const char* -fil_get_page_type_name( -/*===================*/ - ulint page_type) /*!< in: FIL_PAGE_TYPE */ -{ - switch(page_type) { - case FIL_PAGE_PAGE_COMPRESSED: - return (const char*)"PAGE_COMPRESSED"; - case FIL_PAGE_INDEX: - return (const char*)"INDEX"; - case FIL_PAGE_UNDO_LOG: - return (const char*)"UNDO LOG"; - case FIL_PAGE_INODE: - return (const char*)"INODE"; - case FIL_PAGE_IBUF_FREE_LIST: - return (const char*)"IBUF_FREE_LIST"; - case FIL_PAGE_TYPE_ALLOCATED: - return (const char*)"ALLOCATED"; - case FIL_PAGE_IBUF_BITMAP: - return (const char*)"IBUF_BITMAP"; - case FIL_PAGE_TYPE_SYS: - return (const char*)"SYS"; - case FIL_PAGE_TYPE_TRX_SYS: - return (const char*)"TRX_SYS"; - case FIL_PAGE_TYPE_FSP_HDR: - return (const char*)"FSP_HDR"; - case FIL_PAGE_TYPE_XDES: - return (const char*)"XDES"; - case FIL_PAGE_TYPE_BLOB: - return (const char*)"BLOB"; - case FIL_PAGE_TYPE_ZBLOB: - return (const char*)"ZBLOB"; - case FIL_PAGE_TYPE_ZBLOB2: - return (const char*)"ZBLOB2"; - case FIL_PAGE_TYPE_COMPRESSED: - return (const char*)"ORACLE PAGE COMPRESSED"; - default: - return (const char*)"PAGE TYPE CORRUPTED"; - } -} -/****************************************************************//** -Get block size from fil node -@return block size*/ -ulint -fil_node_get_block_size( -/*====================*/ - fil_node_t* node) /*!< in: Node where to get block - size */ -{ - return (node->file_block_size); -} /****************************************************************** Get id of first tablespace or ULINT_UNDEFINED if none */ diff --git a/storage/xtradb/fil/fil0pagecompress.cc b/storage/xtradb/fil/fil0pagecompress.cc index 3c2edd832c4..d394ca5215c 100644 --- a/storage/xtradb/fil/fil0pagecompress.cc +++ b/storage/xtradb/fil/fil0pagecompress.cc @@ -83,173 +83,6 @@ static ulint srv_data_read, srv_data_written; /* Used for debugging */ //#define UNIV_PAGECOMPRESS_DEBUG 1 -/****************************************************************//** -For page compressed pages decompress the page after actual read -operation. */ -static -void -fil_decompress_page_2( -/*==================*/ - byte* page_buf, /*!< out: destination buffer for - uncompressed data */ - byte* buf, /*!< in: source compressed data */ - ulong len, /*!< in: length of output buffer.*/ - ulint* write_size) /*!< in/out: Actual payload size of - the compressed data. */ -{ - ulint page_type = mach_read_from_2(buf + FIL_PAGE_TYPE); - - if (page_type != FIL_PAGE_TYPE_COMPRESSED) { - /* It is not a compressed page */ - return; - } - - byte* ptr = buf + FIL_PAGE_DATA; - ulint version = mach_read_from_1(buf + FIL_PAGE_VERSION); - int err = 0; - - ut_a(version == 1); - - /* Read the original page type, before we compressed the data. */ - page_type = mach_read_from_2(buf + FIL_PAGE_ORIGINAL_TYPE_V1); - - ulint original_len = mach_read_from_2(buf + FIL_PAGE_ORIGINAL_SIZE_V1); - - if (original_len < UNIV_PAGE_SIZE_MIN - (FIL_PAGE_DATA + 8) - || original_len > UNIV_PAGE_SIZE_MAX - FIL_PAGE_DATA - || len < original_len + FIL_PAGE_DATA) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: We try to uncompress corrupted page. " - "Original len %lu len %lu.", - original_len, len); - - fflush(stderr); - ut_error; - - } - - ulint algorithm = mach_read_from_1(buf + FIL_PAGE_ALGORITHM_V1); - - switch(algorithm) { - case PAGE_ZLIB_ALGORITHM: { - - err = uncompress(page_buf, &len, ptr, original_len); - - /* If uncompress fails it means that page is corrupted */ - if (err != Z_OK) { - - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed " - "but uncompress failed with error %d " - " size %lu len %lu.", - err, original_len, len); - - fflush(stderr); - - ut_error; - } - - break; - } -#ifdef HAVE_LZ4 - case PAGE_LZ4_ALGORITHM: { - - err = LZ4_decompress_fast( - (const char*) ptr, (char*) (page_buf), original_len); - - if (err < 0) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed" - " but decompression read only %d bytes" - " size %lu len %lu.", - err, original_len, len); - fflush(stderr); - - ut_error; - } - break; - } -#endif /* HAVE_LZ4 */ - -#ifdef HAVE_LZMA - case PAGE_LZMA_ALGORITHM: { - - lzma_ret ret; - size_t src_pos = 0; - size_t dst_pos = 0; - uint64_t memlimit = UINT64_MAX; - - ret = lzma_stream_buffer_decode( - &memlimit, - 0, - NULL, - ptr, - &src_pos, - original_len, - (page_buf), - &dst_pos, - len); - - - if (ret != LZMA_OK || (dst_pos <= 0 || dst_pos > len)) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed" - " but decompression read only %ld bytes" - " size %lu len %lu.", - dst_pos, original_len, len); - fflush(stderr); - - ut_error; - } - - break; - } -#endif /* HAVE_LZMA */ - -#ifdef HAVE_LZO - case PAGE_LZO_ALGORITHM: { - ulint olen = 0; - - err = lzo1x_decompress((const unsigned char *)ptr, - original_len,(unsigned char *)(page_buf), &olen, NULL); - - if (err != LZO_E_OK || (olen == 0 || olen > UNIV_PAGE_SIZE)) { - ib_logf(IB_LOG_LEVEL_ERROR, - "Corruption: Page is marked as compressed" - " but decompression read only %ld bytes" - " size %lu len %lu.", - olen, original_len, len); - - fflush(stderr); - - ut_error; - } - break; - } -#endif /* HAVE_LZO */ - - default: - ib_logf(IB_LOG_LEVEL_ERROR, - " Corruption: Page is marked as compressed " - " but compression algorithm %s" - " is not known." - ,fil_get_compression_alg_name(algorithm)); - - fflush(stderr); - ut_error; - break; - } - - /* Leave the header alone */ - memmove(buf+FIL_PAGE_DATA, page_buf, original_len); - - mach_write_to_2(buf + FIL_PAGE_TYPE, page_type); - - ut_ad(memcmp(buf + FIL_PAGE_LSN + 4, - buf + (original_len + FIL_PAGE_DATA) - - FIL_PAGE_END_LSN_OLD_CHKSUM + 4, 4) == 0); -} - /****************************************************************//** For page compressed pages compress the page before actual write operation. @@ -270,7 +103,7 @@ fil_compress_page( byte* lzo_mem) /*!< in: temporal memory used by LZO */ { int err = Z_OK; - int level = 0; + int level = compression_level; ulint header_len = FIL_PAGE_DATA + FIL_PAGE_COMPRESSED_SIZE; ulint write_size=0; /* Cache to avoid change during function execution */ @@ -290,15 +123,11 @@ fil_compress_page( if (orig_page_type == 0 || orig_page_type == FIL_PAGE_TYPE_FSP_HDR || orig_page_type == FIL_PAGE_TYPE_XDES || - orig_page_type == FIL_PAGE_PAGE_COMPRESSED || - orig_page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { + orig_page_type == FIL_PAGE_PAGE_COMPRESSED) { *out_len = len; return (buf); } - level = compression_level; - ut_ad(fil_space_is_page_compressed(space_id)); - fil_system_enter(); fil_space_t* space = fil_space_get_by_id(space_id); fil_system_exit(); @@ -577,16 +406,6 @@ fil_decompress_page( in_buf = page_buf; } - if (ptype == FIL_PAGE_TYPE_COMPRESSED) { - - fil_decompress_page_2(in_buf, buf, len, write_size); - // Need to free temporal buffer if no buffer was given - if (page_buf == NULL) { - ut_free(in_buf); - } - return; - } - /* Before actual decompress, make sure that page type is correct */ if (mach_read_from_4(buf+FIL_PAGE_SPACE_OR_CHKSUM) != BUF_NO_CHECKSUM_MAGIC || diff --git a/storage/xtradb/fsp/fsp0fsp.cc b/storage/xtradb/fsp/fsp0fsp.cc index 0fffe60253e..34acab04241 100644 --- a/storage/xtradb/fsp/fsp0fsp.cc +++ b/storage/xtradb/fsp/fsp0fsp.cc @@ -31,6 +31,7 @@ Created 11/29/1995 Heikki Tuuri #include "buf0buf.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "mtr0log.h" #include "ut0byte.h" #include "page0page.h" diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 5cc232a3b35..cb6b7d1a263 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -81,6 +81,7 @@ this program; if not, write to the Free Software Foundation, Inc., #include "fsp0fsp.h" #include "sync0sync.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "trx0xa.h" #include "row0merge.h" #include "dict0boot.h" @@ -106,7 +107,6 @@ this program; if not, write to the Free Software Foundation, Inc., #include "fts0priv.h" #include "page0zip.h" #include "fil0pagecompress.h" -#include "fil0pageencryption.h" #define thd_get_trx_isolation(X) ((enum_tx_isolation)thd_tx_isolation(X)) @@ -11557,8 +11557,6 @@ innobase_table_flags( modified by another thread while the table is being created. */ const ulint default_compression_level = page_zip_level; - const ulint default_encryption_key = srv_default_page_encryption_key; - *flags = 0; *flags2 = 0; @@ -11757,10 +11755,7 @@ index_bad: options->page_compressed, options->page_compression_level == 0 ? default_compression_level : options->page_compression_level, - options->atomic_writes, - options->page_encryption, - options->page_encryption_key == 0 ? - default_encryption_key : options->page_encryption_key); + options->atomic_writes); if (create_info->options & HA_LEX_CREATE_TMP_TABLE) { *flags2 |= DICT_TF2_TEMPORARY; @@ -20339,7 +20334,7 @@ static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryptio "Encryption key used for page encryption.", NULL, NULL, - DEFAULT_ENCRYPTION_KEY, 1, 255, 0); + FIL_DEFAULT_ENCRYPTION_KEY, 1, 255, 0); static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, diff --git a/storage/xtradb/handler/i_s.cc b/storage/xtradb/handler/i_s.cc index 20bc4331bc8..332af275c55 100644 --- a/storage/xtradb/handler/i_s.cc +++ b/storage/xtradb/handler/i_s.cc @@ -72,6 +72,8 @@ Modified Dec 29, 2014 Jan Lindström (Added sys_semaphore_waits) #include "btr0btr.h" #include "page0zip.h" #include "sync0arr.h" +#include "fil0fil.h" +#include "fil0crypt.h" /** structure associates a name string with a file page type and/or buffer page state. */ diff --git a/storage/xtradb/include/dict0dict.h b/storage/xtradb/include/dict0dict.h index ef8c9878297..0d3aac32df9 100644 --- a/storage/xtradb/include/dict0dict.h +++ b/storage/xtradb/include/dict0dict.h @@ -929,10 +929,8 @@ dict_tf_set( pages */ ulint page_compression_level, /*!< in: table page compression level */ - ulint atomic_writes, /*!< in: table atomic + ulint atomic_writes) /*!< in: table atomic writes option value*/ - bool page_encrypted,/*!< in: table uses page encryption */ - ulint page_encryption_key) /*!< in: page encryption key */ __attribute__((nonnull)); /********************************************************************//** Convert a 32 bit integer table flags to the 32 bit integer that is diff --git a/storage/xtradb/include/dict0dict.ic b/storage/xtradb/include/dict0dict.ic index c480b3c6216..e5f4ec21bd2 100644 --- a/storage/xtradb/include/dict0dict.ic +++ b/storage/xtradb/include/dict0dict.ic @@ -543,9 +543,6 @@ dict_tf_is_valid( ulint data_dir = DICT_TF_HAS_DATA_DIR(flags); ulint atomic_writes = DICT_TF_GET_ATOMIC_WRITES(flags); - ulint page_encryption = DICT_TF_GET_PAGE_ENCRYPTION(flags); - ulint page_encryption_key = DICT_TF_GET_PAGE_ENCRYPTION_KEY(flags); - /* Make sure there are no bits that we do not know about. */ if (unused != 0) { @@ -556,12 +553,10 @@ dict_tf_is_valid( "InnoDB: compact %ld atomic_blobs %ld\n" "InnoDB: unused %ld data_dir %ld zip_ssize %ld\n" "InnoDB: page_compression %ld page_compression_level %ld\n" - "InnoDB: atomic_writes %ld\n" - "InnoDB: page_encryption %ld page_encryption_key %ld\n", + "InnoDB: atomic_writes %ld\n", unused, compact, atomic_blobs, unused, data_dir, zip_ssize, - page_compression, page_compression_level, atomic_writes, - page_encryption, page_encryption_key + page_compression, page_compression_level, atomic_writes ); return(false); @@ -861,9 +856,7 @@ dict_tf_set( pages */ ulint page_compression_level, /*!< in: table page compression level */ - ulint atomic_writes, /*!< in: table atomic writes setup */ - bool page_encrypted, /*!< in: table uses page encryption */ - ulint page_encryption_key /*!< in: page encryption key */) + ulint atomic_writes) /*!< in: table atomic writes setup */ { atomic_writes_t awrites = (atomic_writes_t)atomic_writes; @@ -904,11 +897,6 @@ dict_tf_set( *flags |= (atomic_writes << DICT_TF_POS_ATOMIC_WRITES); ut_a(dict_tf_get_atomic_writes(*flags) == awrites); - - if (page_encrypted) { - *flags |= (1 << DICT_TF_POS_PAGE_ENCRYPTION) - | (page_encryption_key << DICT_TF_POS_PAGE_ENCRYPTION_KEY); - } } /********************************************************************//** @@ -931,11 +919,6 @@ dict_tf_to_fsp_flags( ulint fsp_flags; ulint page_compression = DICT_TF_GET_PAGE_COMPRESSION(table_flags); ulint page_compression_level = DICT_TF_GET_PAGE_COMPRESSION_LEVEL(table_flags); - - ulint page_encryption = DICT_TF_GET_PAGE_ENCRYPTION(table_flags); - /* Keys are limited to 255 values */ - ulint page_encryption_key = DICT_TF_GET_PAGE_ENCRYPTION_KEY(table_flags); - ulint atomic_writes = DICT_TF_GET_ATOMIC_WRITES(table_flags); DBUG_EXECUTE_IF("dict_tf_to_fsp_flags_failure", @@ -963,14 +946,6 @@ dict_tf_to_fsp_flags( if page compression is used for this table. */ fsp_flags |= FSP_FLAGS_SET_PAGE_COMPRESSION_LEVEL(fsp_flags, page_compression_level); - /* In addition, tablespace flags also contain if the page - encryption is used for this table. */ - fsp_flags |= FSP_FLAGS_SET_PAGE_ENCRYPTION(fsp_flags, page_encryption); - - /* In addition, tablespace flags also contain page encryption key if the page - encryption is used for this table. */ - fsp_flags |= FSP_FLAGS_SET_PAGE_ENCRYPTION_KEY(fsp_flags, page_encryption_key); - /* In addition, tablespace flags also contain flag if atomic writes is used for this table */ fsp_flags |= FSP_FLAGS_SET_ATOMIC_WRITES(fsp_flags, atomic_writes); @@ -1012,8 +987,6 @@ dict_sys_tables_type_to_tf( | DICT_TF_MASK_PAGE_COMPRESSION | DICT_TF_MASK_PAGE_COMPRESSION_LEVEL | DICT_TF_MASK_ATOMIC_WRITES - | DICT_TF_MASK_PAGE_ENCRYPTION - | DICT_TF_MASK_PAGE_ENCRYPTION_KEY ); @@ -1050,9 +1023,7 @@ dict_tf_to_sys_tables_type( | DICT_TF_MASK_DATA_DIR | DICT_TF_MASK_PAGE_COMPRESSION | DICT_TF_MASK_PAGE_COMPRESSION_LEVEL - | DICT_TF_MASK_ATOMIC_WRITES - | DICT_TF_MASK_PAGE_ENCRYPTION - | DICT_TF_MASK_PAGE_ENCRYPTION_KEY); + | DICT_TF_MASK_ATOMIC_WRITES); return(type); } diff --git a/storage/xtradb/include/dict0pagecompress.ic b/storage/xtradb/include/dict0pagecompress.ic index a71b2b34b07..811976434a8 100644 --- a/storage/xtradb/include/dict0pagecompress.ic +++ b/storage/xtradb/include/dict0pagecompress.ic @@ -42,8 +42,6 @@ dict_tf_verify_flags( ulint page_compression = DICT_TF_GET_PAGE_COMPRESSION(table_flags); ulint page_compression_level = DICT_TF_GET_PAGE_COMPRESSION_LEVEL(table_flags); ulint atomic_writes = DICT_TF_GET_ATOMIC_WRITES(table_flags); - ulint page_encryption = DICT_TF_GET_PAGE_ENCRYPTION(table_flags); - ulint page_encryption_key = DICT_TF_GET_PAGE_ENCRYPTION_KEY(table_flags); ulint post_antelope = FSP_FLAGS_GET_POST_ANTELOPE(fsp_flags); ulint zip_ssize = FSP_FLAGS_GET_ZIP_SSIZE(fsp_flags); ulint fsp_atomic_blobs = FSP_FLAGS_HAS_ATOMIC_BLOBS(fsp_flags); @@ -52,9 +50,6 @@ dict_tf_verify_flags( ulint fsp_page_compression = FSP_FLAGS_GET_PAGE_COMPRESSION(fsp_flags); ulint fsp_page_compression_level = FSP_FLAGS_GET_PAGE_COMPRESSION_LEVEL(fsp_flags); ulint fsp_atomic_writes = FSP_FLAGS_GET_ATOMIC_WRITES(fsp_flags); - ulint fsp_page_encryption = FSP_FLAGS_GET_PAGE_ENCRYPTION(fsp_flags); - ulint fsp_page_encryption_key = FSP_FLAGS_GET_PAGE_ENCRYPTION_KEY(fsp_flags); - DBUG_EXECUTE_IF("dict_tf_verify_flags_failure", return(ULINT_UNDEFINED);); @@ -112,27 +107,6 @@ dict_tf_verify_flags( return (FALSE); } - if (page_encryption != fsp_page_encryption) { - fprintf(stderr, - "InnoDB: Error: table flags has page_encryption %ld" - " in the data dictionary\n" - "InnoDB: but the flags in file has page_encryption %ld\n", - page_encryption, fsp_page_encryption); - - return (FALSE); - } - - if (page_encryption_key != fsp_page_encryption_key) { - fprintf(stderr, - "InnoDB: Error: table flags has page_encryption_key %ld" - " in the data dictionary\n" - "InnoDB: but the flags in file has page_encryption_key %ld\n", - page_encryption_key, fsp_page_encryption_key); - - return (FALSE); - } - - return(TRUE); } diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h new file mode 100644 index 00000000000..9d02034e4b2 --- /dev/null +++ b/storage/xtradb/include/fil0crypt.h @@ -0,0 +1,394 @@ +/***************************************************************************** + +Copyright (c) 2015, MariaDB Corporation. + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., +51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA + +*****************************************************************************/ + +/**************************************************//** +@file include/fil0crypt.h +The low-level file system encryption support functions + +Created 04/01/2015 Jan Lindström +*******************************************************/ + +#ifndef fil0crypt_h +#define fil0crypt_h + +#define FIL_MSG_CANNOT_DECRYPT "can not decrypt" +#define FIL_ENCRYPTION_WRONG_KEY 1 +#define FIL_ENCRYPTION_WRONG_PAGE_TYPE 2 +#define FIL_ENCRYPTION_ERROR 3 +#define FIL_ENCRYPTION_KEY_MISSING 4 +#define FIL_ENCRYPTION_OK 0 +#define FIL_ENCRYPTION_WILL_NOT_ENCRYPT 5 + +/* This key will be used if nothing else is given */ +#define FIL_DEFAULT_ENCRYPTION_KEY 1 + +/** + * CRYPT_SCHEME_UNENCRYPTED + * + * Used as intermediate state when convering a space from unencrypted + * to encrypted + */ +/** + * CRYPT_SCHEME_1 + * + * AES_CTR / AES_CBC: + * L = AES_ECB(KEY, IV) + * CRYPT(PAGE) = AES_CRT(KEY=L, IV=C, PAGE) + */ + +#define CRYPT_SCHEME_1 1 +#define CRYPT_SCHEME_1_IV_LEN 16 +#define CRYPT_SCHEME_UNENCRYPTED 0 + +/* Currently supported encryption methods */ +typedef enum { + CRYPT_SCHEME_1_UNENCRYPTED = 0, /*keys[0].key_version)) { + /* accessing table would surely fail, because no key or no key provider available */ + return FIL_ENCRYPTION_KEY_MISSING; + } + } + } else { + ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + if (!has_encryption_key(key)) { + return FIL_ENCRYPTION_KEY_MISSING; + } + } + return 0; +} diff --git a/storage/xtradb/include/fil0fil.h b/storage/xtradb/include/fil0fil.h index 2e92c2b09b2..91653c4bb7d 100644 --- a/storage/xtradb/include/fil0fil.h +++ b/storage/xtradb/include/fil0fil.h @@ -26,7 +26,6 @@ Created 10/25/1995 Heikki Tuuri #ifndef fil0fil_h #define fil0fil_h -#define MSG_CANNOT_DECRYPT "can not decrypt" #include "univ.i" #ifndef UNIV_INNOCHECKSUM @@ -132,24 +131,6 @@ extern fil_addr_t fil_addr_null; used to encrypt the page + 32-bit checksum or 64 bits of zero if no encryption */ -/** If page type is FIL_PAGE_COMPRESSED then the 8 bytes starting at -FIL_PAGE_FILE_FLUSH_LSN are broken down as follows: */ - -/** Control information version format (u8) */ -static const ulint FIL_PAGE_VERSION = FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION; - -/** Compression algorithm (u8) */ -static const ulint FIL_PAGE_ALGORITHM_V1 = FIL_PAGE_VERSION + 1; - -/** Original page type (u16) */ -static const ulint FIL_PAGE_ORIGINAL_TYPE_V1 = FIL_PAGE_ALGORITHM_V1 + 1; - -/** Original data size in bytes (u16)*/ -static const ulint FIL_PAGE_ORIGINAL_SIZE_V1 = FIL_PAGE_ORIGINAL_TYPE_V1 + 2; - -/** Size after compression (u16)*/ -static const ulint FIL_PAGE_COMPRESS_SIZE_V1 = FIL_PAGE_ORIGINAL_SIZE_V1 + 2; - #define FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID 34 /*!< starting from 4.1.x this contains the space id of the page */ #define FIL_PAGE_SPACE_ID FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID @@ -169,10 +150,7 @@ static const ulint FIL_PAGE_COMPRESS_SIZE_V1 = FIL_PAGE_ORIGINAL_SIZE_V1 + 2; /* @} */ /** File page types (values of FIL_PAGE_TYPE) @{ */ -#define FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED 35631 /* page compressed + - encrypted page */ #define FIL_PAGE_PAGE_COMPRESSED 34354 /*!< Page compressed page */ -#define FIL_PAGE_PAGE_ENCRYPTED 34355 /*!< Page encrypted page */ #define FIL_PAGE_INDEX 17855 /*!< B-tree node */ #define FIL_PAGE_UNDO_LOG 2 /*!< Undo log page */ #define FIL_PAGE_INODE 3 /*!< Index node */ @@ -199,6 +177,9 @@ static const ulint FIL_PAGE_COMPRESS_SIZE_V1 = FIL_PAGE_ORIGINAL_SIZE_V1 + 2; #define FIL_LOG 502 /*!< redo log */ /* @} */ +/* structure containing encryption specification */ +typedef struct fil_space_crypt_struct fil_space_crypt_t; + /** The number of fsyncs done to the log */ extern ulint fil_n_log_flushes; @@ -210,9 +191,6 @@ extern ulint fil_n_pending_tablespace_flushes; /** Number of files currently open */ extern ulint fil_n_file_opened; -/* structure containing encryption specification */ -typedef struct fil_space_crypt_struct fil_space_crypt_t; - struct fsp_open_info { ibool success; /*!< Has the tablespace been opened? */ const char* check_msg; /*!< fil_check_first_page() message */ @@ -963,9 +941,6 @@ fil_space_get_n_reserved_extents( Reads or writes data. This operation is asynchronous (aio). @return DB_SUCCESS, or DB_TABLESPACE_DELETED if we are trying to do i/o on a tablespace which does not exist */ -#define fil_io(type, sync, space_id, zip_size, block_offset, byte_offset, len, buf, message, write_size, lsn, encrypt) \ - _fil_io(type, sync, space_id, zip_size, block_offset, byte_offset, len, buf, message, write_size, NULL, lsn, encrypt) - UNIV_INTERN dberr_t _fil_io( @@ -1000,11 +975,14 @@ _fil_io( operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - trx_t* trx, - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: encrypt later ? */ + trx_t* trx) /*!< in: trx */ __attribute__((nonnull(8))); + +#define fil_io(type, sync, space_id, zip_size, block_offset, byte_offset, len, buf, message, write_size) \ + _fil_io(type, sync, space_id, zip_size, block_offset, byte_offset, len, buf, message, write_size, NULL) + + /**********************************************************************//** Waits for an aio operation to complete. This function is used to write the handler for completed requests. The aio array of pending requests is divided @@ -1298,12 +1276,6 @@ fil_space_t* fil_space_get_by_id( /*================*/ ulint id); /*!< in: space id */ -/*******************************************************************//** -Return space name */ -char* -fil_space_name( -/*===========*/ - fil_space_t* space); /*!< in: space */ /****************************************************************** Get id of first tablespace or ULINT_UNDEFINED if none */ @@ -1318,253 +1290,16 @@ ulint fil_get_next_space( ulint id); /*!< in: space id */ -/********************************************************************* -Init global resources needed for tablespace encryption/decryption */ -void -fil_space_crypt_init(); - -/********************************************************************* -Cleanup global resources needed for tablespace encryption/decryption */ -void -fil_space_crypt_cleanup(); - -/********************************************************************* -Create crypt data, i.e data that is used for a single tablespace */ -fil_space_crypt_t * -fil_space_create_crypt_data(); - -/********************************************************************* -Destroy crypt data */ -UNIV_INTERN -void -fil_space_destroy_crypt_data( -/*=========================*/ - fil_space_crypt_t **crypt_data); /*!< in/out: crypt data */ - -/********************************************************************* -Get crypt data for a space*/ -fil_space_crypt_t * -fil_space_get_crypt_data( -/*======================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Set crypt data for a space*/ -void -fil_space_set_crypt_data( -/*======================*/ - ulint space, /*!< in: tablespace id */ - fil_space_crypt_t* crypt_data); /*!< in: crypt data */ - -/********************************************************************* -Compare crypt data*/ -int -fil_space_crypt_compare( -/*======================*/ - const fil_space_crypt_t* crypt_data1, /*!< in: crypt data */ - const fil_space_crypt_t* crypt_data2); /*!< in: crypt data */ - -/********************************************************************* -Read crypt data from buffer page */ -fil_space_crypt_t * -fil_space_read_crypt_data( -/*======================*/ - ulint space, /*!< in: tablespace id */ - const byte* page, /*!< in: buffer page */ - ulint offset); /*!< in: offset where crypt data is stored */ - -/********************************************************************* -Write crypt data to buffer page */ -void -fil_space_write_crypt_data( -/*=======================*/ - ulint space, /*!< in: tablespace id */ - byte* page, /*!< in: buffer page */ - ulint offset, /*!< in: offset where to store data */ - ulint maxsize, /*!< in: max space available to store crypt data in */ - mtr_t * mtr); /*!< in: mini-transaction */ - -/********************************************************************* -Clear crypt data from page 0 (used for import tablespace) */ -void -fil_space_clear_crypt_data( -/*======================*/ - byte* page, /*!< in: buffer page */ - ulint offset); /*!< in: offset where crypt data is stored */ - -/********************************************************************* -Parse crypt data log record */ -byte* -fil_parse_write_crypt_data( -/*=======================*/ - byte* ptr, /*!< in: start of log record */ - byte* end_ptr, /*!< in: end of log record */ - buf_block_t*); /*!< in: buffer page to apply record to */ - -/********************************************************************* -Check if extra buffer shall be allocated for decrypting after read */ -UNIV_INTERN -bool -fil_space_check_encryption_read( -/*==============================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Check if page shall be encrypted before write */ -UNIV_INTERN -bool -fil_space_check_encryption_write( -/*==============================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Encrypt buffer page */ -void -fil_space_encrypt( -/*===============*/ - ulint space, /*!< in: tablespace id */ - ulint offset, /*!< in: page no */ - lsn_t lsn, /*!< in: page lsn */ - const byte* src_frame,/*!< in: page frame */ - ulint size, /*!< in: size of data to encrypt */ - byte* dst_frame, /*!< in: where to encrypt to */ - ulint page_encryption_key); /*!< in: page encryption key id if page - encrypted */ - -/********************************************************************* -Decrypt buffer page */ -void -fil_space_decrypt( -/*===============*/ - ulint space, /*!< in: tablespace id */ - const byte* src_frame,/*!< in: page frame */ - ulint page_size, /*!< in: size of data to encrypt */ - byte* dst_frame); /*!< in: where to decrypt to */ - - -/********************************************************************* -Decrypt buffer page -@return true if page was encrypted */ -bool -fil_space_decrypt( -/*===============*/ - fil_space_crypt_t* crypt_data, /*!< in: crypt data */ - const byte* src_frame,/*!< in: page frame */ - ulint page_size, /*!< in: page size */ - byte* dst_frame); /*!< in: where to decrypt to */ - -/********************************************************************* -fil_space_verify_crypt_checksum -NOTE: currently this function can only be run in single threaded mode -as it modifies srv_checksum_algorithm (temporarily) -@return true if page is encrypted AND OK, false otherwise */ -bool -fil_space_verify_crypt_checksum( -/*===============*/ - const byte* src_frame,/*!< in: page frame */ - ulint zip_size); /*!< in: size of data to encrypt */ - -/********************************************************************* -Init threads for key rotation */ -void -fil_crypt_threads_init(); - -/********************************************************************* -Set thread count (e.g start or stops threads) used for key rotation */ -void -fil_crypt_set_thread_cnt( -/*=====================*/ - uint new_cnt); /*!< in: requested #threads */ - -/********************************************************************* -End threads for key rotation */ -void -fil_crypt_threads_end(); - -/********************************************************************* -Cleanup resources for threads for key rotation */ -void -fil_crypt_threads_cleanup(); - -/********************************************************************* -Set rotate key age */ -void -fil_crypt_set_rotate_key_age( -/*=====================*/ - uint rotate_age); /*!< in: requested rotate age */ - -/********************************************************************* -Set rotation threads iops */ -void -fil_crypt_set_rotation_iops( -/*=====================*/ - uint iops); /*!< in: requested iops */ - -/********************************************************************* -Mark a space as closing */ -UNIV_INTERN -void -fil_space_crypt_mark_space_closing( -/*===============*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* -Wait for crypt threads to stop accessing space */ -UNIV_INTERN -void -fil_space_crypt_close_tablespace( -/*===============*/ - ulint space); /*!< in: tablespace id */ - -/** Struct for retreiving info about encryption */ -struct fil_space_crypt_status_t { - ulint space; /*!< tablespace id */ - ulint scheme; /*!< encryption scheme */ - uint min_key_version; /*!< min key version */ - uint current_key_version;/*!< current key version */ - uint keyserver_requests;/*!< no of key requests to key server */ - bool rotating; /*!< is key rotation ongoing */ - bool flushing; /*!< is flush at end of rotation ongoing */ - ulint rotate_next_page_number; /*!< next page if key rotating */ - ulint rotate_max_page_number; /*!< max page if key rotating */ -}; - -/********************************************************************* -Get crypt status for a space -@return 0 if crypt data found */ -int -fil_space_crypt_get_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_crypt_status_t * status); /*!< out: status */ - -/** Struct for retreiving statistics about encryption key rotation */ -struct fil_crypt_stat_t { - ulint pages_read_from_cache; - ulint pages_read_from_disk; - ulint pages_modified; - ulint pages_flushed; - ulint estimated_iops; -}; - -/********************************************************************* -Get crypt rotation statistics */ -void -fil_crypt_total_stat( -/*==================*/ - fil_crypt_stat_t* stat); /*!< out: crypt stat */ - #endif /*******************************************************************//** Return space flags */ +UNIV_INLINE ulint fil_space_flags( /*===========*/ fil_space_t* space); /*!< in: space */ - - /****************************************************************//** Does error handling when a file operation fails. @return TRUE if we should retry the operation */ @@ -1580,30 +1315,14 @@ os_file_handle_error_no_exit( /*******************************************************************//** Return page type name */ +UNIV_INLINE const char* fil_get_page_type_name( /*===================*/ ulint page_type); /*!< in: FIL_PAGE_TYPE */ -/** Struct for retreiving info about scrubbing */ -struct fil_space_scrub_status_t { - ulint space; /*!< tablespace id */ - bool compressed; /*!< is space compressed */ - time_t last_scrub_completed; /*!< when was last scrub completed */ - bool scrubbing; /*!< is scrubbing ongoing */ - time_t current_scrub_started; /*!< when started current scrubbing */ - ulint current_scrub_active_threads; /*!< current scrub active threads */ - ulint current_scrub_page_number; /*!< current scrub page no */ - ulint current_scrub_max_page_number; /*!< current scrub max page no */ -}; - -/********************************************************************* -Get scrub status for a space -@return 0 if no scrub info found */ -int -fil_space_get_scrub_status( -/*==================*/ - ulint id, /*!< in: space id */ - struct fil_space_scrub_status_t * status); /*!< out: status */ +#ifndef UNIV_NONINL +#include "fil0fil.ic" +#endif #endif /* fil0fil_h */ diff --git a/storage/xtradb/include/fil0fil.ic b/storage/xtradb/include/fil0fil.ic new file mode 100644 index 00000000000..b1e65e6dddb --- /dev/null +++ b/storage/xtradb/include/fil0fil.ic @@ -0,0 +1,108 @@ +/***************************************************************************** + +Copyright (c) 2015, MariaDB Corporation. + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., +51 Franklin Street, Suite 500, Boston, MA 02110-1335 USA + +*****************************************************************************/ + +/**************************************************//** +@file include/fil0fil.ic +The low-level file system support functions + +Created 31/03/2015 Jan Lindström +*******************************************************/ + +#ifndef fil0fil_ic +#define fil0fil_ic + +/*******************************************************************//** +Return space name */ +UNIV_INLINE +char* +fil_space_name( +/*===========*/ + fil_space_t* space) /*!< in: space */ +{ + return (space->name); +} + +/*******************************************************************//** +Return space flags */ +UNIV_INLINE +ulint +fil_space_flags( +/*===========*/ + fil_space_t* space) /*!< in: space */ +{ + return (space->flags); +} + +/*******************************************************************//** +Return page type name */ +UNIV_INLINE +const char* +fil_get_page_type_name( +/*===================*/ + ulint page_type) /*!< in: FIL_PAGE_TYPE */ +{ + switch(page_type) { + case FIL_PAGE_PAGE_COMPRESSED: + return (const char*)"PAGE_COMPRESSED"; + case FIL_PAGE_INDEX: + return (const char*)"INDEX"; + case FIL_PAGE_UNDO_LOG: + return (const char*)"UNDO LOG"; + case FIL_PAGE_INODE: + return (const char*)"INODE"; + case FIL_PAGE_IBUF_FREE_LIST: + return (const char*)"IBUF_FREE_LIST"; + case FIL_PAGE_TYPE_ALLOCATED: + return (const char*)"ALLOCATED"; + case FIL_PAGE_IBUF_BITMAP: + return (const char*)"IBUF_BITMAP"; + case FIL_PAGE_TYPE_SYS: + return (const char*)"SYS"; + case FIL_PAGE_TYPE_TRX_SYS: + return (const char*)"TRX_SYS"; + case FIL_PAGE_TYPE_FSP_HDR: + return (const char*)"FSP_HDR"; + case FIL_PAGE_TYPE_XDES: + return (const char*)"XDES"; + case FIL_PAGE_TYPE_BLOB: + return (const char*)"BLOB"; + case FIL_PAGE_TYPE_ZBLOB: + return (const char*)"ZBLOB"; + case FIL_PAGE_TYPE_ZBLOB2: + return (const char*)"ZBLOB2"; + case FIL_PAGE_TYPE_COMPRESSED: + return (const char*)"ORACLE PAGE COMPRESSED"; + default: + return (const char*)"PAGE TYPE CORRUPTED"; + } +} + +/****************************************************************//** +Get block size from fil node +@return block size*/ +UNIV_INLINE +ulint +fil_node_get_block_size( +/*====================*/ + fil_node_t* node) /*!< in: Node where to get block + size */ +{ + return (node->file_block_size); +} + +#endif /* fil0fil_ic */ diff --git a/storage/xtradb/include/fil0pageencryption.h b/storage/xtradb/include/fil0pageencryption.h deleted file mode 100644 index fa2b1a5c592..00000000000 --- a/storage/xtradb/include/fil0pageencryption.h +++ /dev/null @@ -1,79 +0,0 @@ -/***************************************************************************** - -Copyright (C) 2014 eperi GmbH. All Rights Reserved. - -This program is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free Software -Foundation; version 2 of the License. - -This program is distributed in the hope that it will be useful, but WITHOUT -ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS -FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License along with -this program; if not, write to the Free Software Foundation, Inc., -51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA - -*****************************************************************************/ - -#ifndef fil0pageencryption_h -#define fil0pageencryption_h - -#define PAGE_ENCRYPTION_WRONG_KEY 1 -#define PAGE_ENCRYPTION_WRONG_PAGE_TYPE 2 -#define PAGE_ENCRYPTION_ERROR 3 -#define PAGE_ENCRYPTION_KEY_MISSING 4 -#define PAGE_ENCRYPTION_OK 0 -#define PAGE_ENCRYPTION_WILL_NOT_ENCRYPT 5 - -/* This key will be used if nothing else is given */ -#define DEFAULT_ENCRYPTION_KEY 1 - -#include "fsp0fsp.h" -#include "fsp0pageencryption.h" - -/******************************************************************//** -@file include/fil0pageencryption.h -Helper functions for encryption/decryption page data on to table space. - -Created 08/25/2014 -***********************************************************************/ - -/*******************************************************************//** -Find out whether the page is page encrypted. -Returns the page encryption flag of the space, or false if the space -is not encrypted. The tablespace must be cached in the memory cache. -@return true if page encrypted, false if not or space not found */ -ibool -fil_space_is_page_encrypted( -/*========================*/ - ulint id); /*!< in: space id */ - -/*******************************************************************//** -Find out whether the page is page encrypted -@return true if page is page encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_encrypted( -/*==================*/ - const byte *buf); /*!< in: page */ -/*******************************************************************//** -Find out whether the page is page compressed and then encrypted -@return true if page is page compressed+encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_compressed_encrypted( -/*=============================*/ - const byte *buf); /*!< in: page */ - -/*******************************************************************//** -Find out whether the page can be decrypted -@return true if page can be decrypted, false if not. */ -UNIV_INLINE -ulint -fil_page_encryption_status( -/*=======================*/ - const byte *buf); /*!< in: page */ - - -#endif // fil0pageencryption_h diff --git a/storage/xtradb/include/fsp0fsp.h b/storage/xtradb/include/fsp0fsp.h index 57e5b9490b1..3d3d482a6c0 100644 --- a/storage/xtradb/include/fsp0fsp.h +++ b/storage/xtradb/include/fsp0fsp.h @@ -58,10 +58,6 @@ is found in a remote location, not the default data directory. */ #define FSP_FLAGS_WIDTH_PAGE_COMPRESSION 1 #define FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL 4 -/** Number of flag bits used to indicate the page compression and compression level */ -#define FSP_FLAGS_WIDTH_PAGE_ENCRYPTION 1 -#define FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY 8 - /** Number of flag bits used to indicate atomic writes for this tablespace */ #define FSP_FLAGS_WIDTH_ATOMIC_WRITES 2 @@ -73,9 +69,7 @@ is found in a remote location, not the default data directory. */ + FSP_FLAGS_WIDTH_DATA_DIR \ + FSP_FLAGS_WIDTH_PAGE_COMPRESSION \ + FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL \ - + FSP_FLAGS_WIDTH_ATOMIC_WRITES \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY) + + FSP_FLAGS_WIDTH_ATOMIC_WRITES ) /** A mask of all the known/used bits in tablespace flags */ #define FSP_FLAGS_MASK (~(~0 << FSP_FLAGS_WIDTH)) @@ -99,15 +93,9 @@ dictionary */ /** Zero relative shift position of the ATOMIC_WRITES field */ #define FSP_FLAGS_POS_ATOMIC_WRITES (FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL \ + FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL) -/** Zero relative shift position of the PAGE_ENCRYPTION field */ -#define FSP_FLAGS_POS_PAGE_ENCRYPTION (FSP_FLAGS_POS_ATOMIC_WRITES \ - + FSP_FLAGS_WIDTH_ATOMIC_WRITES) -/** Zero relative shift position of the PAGE_ENCRYPTION_KEY field */ -#define FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY (FSP_FLAGS_POS_PAGE_ENCRYPTION \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION) - /** Zero relative shift position of the PAGE_SSIZE field */ -#define FSP_FLAGS_POS_PAGE_SSIZE (FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY \ - + FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY) +/** Zero relative shift position of the PAGE_SSIZE field */ +#define FSP_FLAGS_POS_PAGE_SSIZE (FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL \ + + FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL) /** Zero relative shift position of the start of the DATA DIR bits */ #define FSP_FLAGS_POS_DATA_DIR (FSP_FLAGS_POS_PAGE_SSIZE \ + FSP_FLAGS_WIDTH_PAGE_SSIZE) @@ -143,15 +131,6 @@ dictionary */ #define FSP_FLAGS_MASK_PAGE_COMPRESSION_LEVEL \ ((~(~0 << FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL)) \ << FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL) -/** Bit mask of the PAGE_ENCRYPTION field */ -#define FSP_FLAGS_MASK_PAGE_ENCRYPTION \ - ((~(~0 << FSP_FLAGS_WIDTH_PAGE_ENCRYPTION)) \ - << FSP_FLAGS_POS_PAGE_ENCRYPTION) -/** Bit mask of the PAGE_ENCRYPTION_KEY field */ -#define FSP_FLAGS_MASK_PAGE_ENCRYPTION_KEY \ - ((~(~0 << FSP_FLAGS_WIDTH_PAGE_ENCRYPTION_KEY)) \ - << FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY) - /** Bit mask of the ATOMIC_WRITES field */ #define FSP_FLAGS_MASK_ATOMIC_WRITES \ ((~(~0 << FSP_FLAGS_WIDTH_ATOMIC_WRITES)) \ @@ -192,14 +171,6 @@ dictionary */ #define FSP_FLAGS_GET_ATOMIC_WRITES(flags) \ ((flags & FSP_FLAGS_MASK_ATOMIC_WRITES) \ >> FSP_FLAGS_POS_ATOMIC_WRITES) -/** Return the value of the PAGE_ENCRYPTION field */ -#define FSP_FLAGS_GET_PAGE_ENCRYPTION(flags) \ - ((flags & FSP_FLAGS_MASK_PAGE_ENCRYPTION) \ - >> FSP_FLAGS_POS_PAGE_ENCRYPTION) -/** Return the value of the PAGE_ENCRYPTION_KEY field */ -#define FSP_FLAGS_GET_PAGE_ENCRYPTION_KEY(flags) \ - ((flags & FSP_FLAGS_MASK_PAGE_ENCRYPTION_KEY) \ - >> FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY) /** Set a PAGE_SSIZE into the correct bits in a given tablespace flags. */ @@ -216,13 +187,6 @@ tablespace flags. */ #define FSP_FLAGS_SET_PAGE_COMPRESSION_LEVEL(flags, level) \ (flags | (level << FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL)) -/** Set a PAGE_ENCRYPTION into the correct bits in a given tablespace flags. */ -#define FSP_FLAGS_SET_PAGE_ENCRYPTION(flags, encryption) \ - (flags | (encryption << FSP_FLAGS_POS_PAGE_ENCRYPTION)) -/** Set a PAGE_ENCRYPTION_KEY into the correct bits in a given tablespace flags. */ -#define FSP_FLAGS_SET_PAGE_ENCRYPTION_KEY(flags, encryption_key) \ - (flags | (encryption_key << FSP_FLAGS_POS_PAGE_ENCRYPTION_KEY)) - /** Set a ATOMIC_WRITES into the correct bits in a given tablespace flags. */ #define FSP_FLAGS_SET_ATOMIC_WRITES(flags, atomics) \ diff --git a/storage/xtradb/include/fsp0pageencryption.h b/storage/xtradb/include/fsp0pageencryption.h deleted file mode 100644 index 631aa72211c..00000000000 --- a/storage/xtradb/include/fsp0pageencryption.h +++ /dev/null @@ -1,66 +0,0 @@ -/***************************************************************************** - - Copyright (C) 2014 eperi GmbH. All Rights Reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************/ - -/******************************************************************//** -@file include/fsp0pageencryption.h -Helper functions for extracting/storing page encryption information to file space. - -Created 08/28/2014 -***********************************************************************/ - -#ifndef FSP0PAGEENCRYPTION_H_ -#define FSP0PAGEENCRYPTION_H_ - -#define FIL_PAGE_ENCRYPTION_AES_128 16 /*!< Encryption algorithm AES-128. */ -#define FIL_PAGE_ENCRYPTION_AES_196 24 /*!< Encryption algorithm AES-196. */ -#define FIL_PAGE_ENCRYPTION_AES_256 32 /*!< Encryption algorithm AES-256. */ - -#define FIL_PAGE_ENCRYPTED_SIZE 2 /*!< Number of bytes used to store - actual payload data size onencrypted - pages. */ - -/********************************************************************//** -Determine if the tablespace is page encrypted from dict_table_t::flags. -@return TRUE if page encrypted, FALSE if not page encrypted */ -UNIV_INLINE -ibool -fsp_flags_is_page_encrypted( -/*=========================*/ - ulint flags); /*!< in: tablespace flags */ - - -/********************************************************************//** -Extract the page encryption key from tablespace flags. -A tablespace has only one physical page encryption key -whether that page is encrypted or not. -@return page encryption key of the file-per-table tablespace, -or zero if the table is not encrypted. */ -UNIV_INLINE -ulint -fsp_flags_get_page_encryption_key( -/*=================================*/ - ulint flags); /*!< in: tablespace flags */ - - -#ifndef UNIV_NONINL -#include "fsp0pageencryption.ic" -#endif - - -#endif /* FSP0PAGEENCRYPTION_H_ */ diff --git a/storage/xtradb/include/fsp0pageencryption.ic b/storage/xtradb/include/fsp0pageencryption.ic deleted file mode 100644 index d3137001fc5..00000000000 --- a/storage/xtradb/include/fsp0pageencryption.ic +++ /dev/null @@ -1,168 +0,0 @@ -/***************************************************************************** - - Copyright (C) 2014 eperi GmbH. All Rights Reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************//** -@file include/fsp0pageencryption.ic -Implementation for helper functions for encrypting/decrypting pages -and atomic writes information to file space. - -Created 08/28/2014 -***********************************************************************/ - -#include "fsp0fsp.h" -#include "fil0pageencryption.h" - -/********************************************************************//** -Determine if the tablespace is page encrypted from dict_table_t::flags. -@return TRUE if page encrypted, FALSE if not page encrypted */ -UNIV_INLINE -ibool -fsp_flags_is_page_encrypted( -/*=========================*/ - ulint flags) /*!< in: tablespace flags */ -{ - return(FSP_FLAGS_GET_PAGE_ENCRYPTION(flags)); -} - -/********************************************************************//** -Extract the page encryption key from tablespace flags. -A tablespace has only one physical page encryption key -whether that page is encrypted or not. -@return page encryption key of the file-per-table tablespace, -or zero if the table is not encrypted. */ -UNIV_INLINE -ulint -fsp_flags_get_page_encryption_key( -/*=================================*/ - ulint flags) /*!< in: tablespace flags */ -{ - return(FSP_FLAGS_GET_PAGE_ENCRYPTION_KEY(flags)); -} - - -/*******************************************************************//** -Returns the page encryption flag of the space, or false if the space -is not encrypted. The tablespace must be cached in the memory cache. -@return true if page encrypted, false if not or space not found */ -UNIV_INLINE -ibool -fil_space_is_page_encrypted( -/*=========================*/ - ulint id) /*!< in: space id */ -{ - ulint flags; - - flags = fil_space_get_flags(id); - - if (flags && flags != ULINT_UNDEFINED) { - - return(fsp_flags_is_page_encrypted(flags)); - } - - return(flags); -} - -/*******************************************************************//** -Returns the page encryption key of the space, or 0 if the space -is not encrypted. The tablespace must be cached in the memory cache. -@return page compression level, ULINT_UNDEFINED if space not found */ -UNIV_INLINE -ulint -fil_space_get_page_encryption_key( -/*=================================*/ - ulint id) /*!< in: space id */ -{ - ulint flags; - - flags = fil_space_get_flags(id); - - if (flags && flags != ULINT_UNDEFINED) { - - return(fsp_flags_get_page_encryption_key(flags)); - } - - return(flags); -} - - - -/*******************************************************************//** -Find out whether the page is page encrypted -@return true if page is page encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_encrypted( -/*===================*/ - const byte *buf) /*!< in: page */ -{ - return(mach_read_from_2(buf+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_ENCRYPTED); -} - -/*******************************************************************//** -Find out whether the page is page is first compressed and then encrypted -@return true if page is page compressed+encrypted, false if not */ -UNIV_INLINE -ibool -fil_page_is_compressed_encrypted( -/*=============================*/ - const byte *buf) /*!< in: page */ -{ - return(mach_read_from_2(buf+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED); -} - -/*******************************************************************//** -Find out whether the page can be decrypted. -This is the case, if the page is already decrypted and is not the first page of the table space. -If the page is already decrypted it is not of the FIL_PAGE_PAGE_ENCRYPTED type. -if it is the first page of the table space, it is assumed that a page can be decrypted if the -key found in the flags (part of the 1st page) can be read from the key provider. -The case, if the key changed, is currently not caught. -The function for decrypting the page should already be executed before this. -@return PAGE_ENCRYPTION_KEY_MISSING if key provider is available, but key is not available - PAGE_ENCRYPTION_ERROR if other error occurred - 0 if decryption should be possible -*/ -UNIV_INLINE -ulint -fil_page_encryption_status( -/*===================*/ - const byte *buf) /*!< in: page */ -{ - ulint page_type = mach_read_from_2(buf+FIL_PAGE_TYPE); - - if (page_type == FIL_PAGE_TYPE_FSP_HDR) { - ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf); - if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { - /* accessing table would surely fail, because no key or no key provider available */ - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { - return PAGE_ENCRYPTION_KEY_MISSING; - } - return PAGE_ENCRYPTION_ERROR; - } - } - } - - if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { - ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!has_encryption_key(key)) { - return PAGE_ENCRYPTION_KEY_MISSING; - } - return PAGE_ENCRYPTION_ERROR; - } - return 0; -} diff --git a/storage/xtradb/include/os0file.h b/storage/xtradb/include/os0file.h index f93bf026903..154adf085b8 100644 --- a/storage/xtradb/include/os0file.h +++ b/storage/xtradb/include/os0file.h @@ -323,24 +323,21 @@ The wrapper functions have the prefix of "innodb_". */ # define os_aio(type, mode, name, file, buf, offset, \ n, message1, message2, space_id, \ - trx, page_compressed, page_compression_level, write_size, \ - page_encryption, page_encryption_key, lsn, encrypt) \ + trx, write_size) \ pfs_os_aio_func(type, mode, name, file, buf, offset, \ - n, message1, message2, space_id, trx, \ - page_compressed, page_compression_level, write_size, \ - page_encryption, page_encryption_key, lsn, encrypt, \ + n, message1, message2, space_id, trx, write_size, \ __FILE__, __LINE__) -# define os_file_read(file, buf, offset, n, compressed) \ - pfs_os_file_read_func(file, buf, offset, n, NULL, compressed, \ +# define os_file_read(file, buf, offset, n) \ + pfs_os_file_read_func(file, buf, offset, n, NULL, \ __FILE__, __LINE__) -# define os_file_read_trx(file, buf, offset, n, trx, compressed) \ - pfs_os_file_read_func(file, buf, offset, n, trx, compressed, \ +# define os_file_read_trx(file, buf, offset, n, trx) \ + pfs_os_file_read_func(file, buf, offset, n, trx, \ __FILE__, __LINE__) -# define os_file_read_no_error_handling(file, buf, offset, n, compressed) \ - pfs_os_file_read_no_error_handling_func(file, buf, offset, n, compressed, \ +# define os_file_read_no_error_handling(file, buf, offset, n) \ + pfs_os_file_read_no_error_handling_func(file, buf, offset, n, \ __FILE__, __LINE__) # define os_file_write(name, file, buf, offset, n) \ @@ -376,22 +373,18 @@ to original un-instrumented file I/O APIs */ # define os_file_close(file) os_file_close_func(file) # define os_aio(type, mode, name, file, buf, offset, n, message1, \ - message2, space_id, trx, \ - page_compressed, page_compression_level, write_size, \ - page_encryption, page_encryption_key, lsn, encrypt) \ + message2, space_id, trx, write_size) \ os_aio_func(type, mode, name, file, buf, offset, n, \ - message1, message2, space_id, trx, \ - page_compressed, page_compression_level, write_size, \ - page_encryption, page_encryption_key, lsn, encrypt) + message1, message2, space_id, trx, write_size) -# define os_file_read(file, buf, offset, n, compressed) \ - os_file_read_func(file, buf, offset, n, NULL, compressed) +# define os_file_read(file, buf, offset, n) \ + os_file_read_func(file, buf, offset, n, NULL) -# define os_file_read_trx(file, buf, offset, n, trx, compressed) \ - os_file_read_func(file, buf, offset, n, trx, compressed) +# define os_file_read_trx(file, buf, offset, n, trx) \ + os_file_read_func(file, buf, offset, n, trx) -# define os_file_read_no_error_handling(file, buf, offset, n, compressed) \ - os_file_read_no_error_handling_func(file, buf, offset, n, compressed) +# define os_file_read_no_error_handling(file, buf, offset, n) \ + os_file_read_no_error_handling_func(file, buf, offset, n) # define os_file_write(name, file, buf, offset, n) \ os_file_write_func(name, file, buf, offset, n) @@ -747,8 +740,6 @@ pfs_os_file_read_func( os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ trx_t* trx, /*!< in: trx */ - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line);/*!< in: line where the func invoked */ @@ -767,8 +758,6 @@ pfs_os_file_read_no_error_handling_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line);/*!< in: line where the func invoked */ @@ -801,21 +790,11 @@ pfs_os_aio_func( OS_AIO_SYNC */ ulint space_id, trx_t* trx, - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ ulint* write_size,/*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption - key to be used */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later, /*!< in: should we encrypt ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line);/*!< in: line where the func invoked */ /*******************************************************************//** @@ -979,9 +958,7 @@ os_file_read_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - trx_t* trx, /*!< in: trx */ - ibool compressed); /*!< in: is this file space - compressed ? */ + trx_t* trx); /*!< in: trx */ /*******************************************************************//** Rewind file to its start, read at most size - 1 bytes from it to str, and NUL-terminate str. All errors are silently ignored. This function is @@ -1006,9 +983,7 @@ os_file_read_no_error_handling_func( os_file_t file, /*!< in: handle to a file */ void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ - ulint n, /*!< in: number of bytes to read */ - ibool compressed); /*!< in: is this file space - compressed ? */ + ulint n); /*!< in: number of bytes to read */ /*******************************************************************//** NOTE! Use the corresponding macro os_file_write(), not directly this @@ -1194,21 +1169,11 @@ os_aio_func( OS_AIO_SYNC */ ulint space_id, trx_t* trx, - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ - ulint* write_size,/*!< in/out: Actual write size initialized + ulint* write_size);/*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption key - to be used */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later); /*!< in: should we encrypt ? */ /************************************************************************//** Wakes up all async i/o threads so that they know to exit themselves in shutdown. */ diff --git a/storage/xtradb/include/os0file.ic b/storage/xtradb/include/os0file.ic index 39599ba2047..b25f1577362 100644 --- a/storage/xtradb/include/os0file.ic +++ b/storage/xtradb/include/os0file.ic @@ -220,23 +220,11 @@ pfs_os_aio_func( OS_AIO_SYNC */ ulint space_id, trx_t* trx, - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< in: page compression - level to be used */ ulint* write_size,/*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption - key to be used */ - - lsn_t lsn, /*!< in: lsn of the newest - modification */ - bool encrypt_later, /*!< in: encrypt later ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line)/*!< in: line where the func invoked */ { @@ -253,8 +241,7 @@ pfs_os_aio_func( result = os_aio_func(type, mode, name, file, buf, offset, n, message1, message2, space_id, trx, - page_compression, page_compression_level, write_size , - page_encryption, page_encryption_key, lsn, encrypt_later); + write_size); register_pfs_file_io_end(locker, n); @@ -276,8 +263,6 @@ pfs_os_file_read_func( os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ trx_t* trx, - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line)/*!< in: line where the func invoked */ { @@ -288,7 +273,7 @@ pfs_os_file_read_func( register_pfs_file_io_begin(&state, locker, file, n, PSI_FILE_READ, src_file, src_line); - result = os_file_read_func(file, buf, offset, n, trx, compressed); + result = os_file_read_func(file, buf, offset, n, trx); register_pfs_file_io_end(locker, n); @@ -311,8 +296,6 @@ pfs_os_file_read_no_error_handling_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - ibool compressed, /*!< in: is this file space - compressed ? */ const char* src_file,/*!< in: file name where func invoked */ ulint src_line)/*!< in: line where the func invoked */ { @@ -323,7 +306,7 @@ pfs_os_file_read_no_error_handling_func( register_pfs_file_io_begin(&state, locker, file, n, PSI_FILE_READ, src_file, src_line); - result = os_file_read_no_error_handling_func(file, buf, offset, n, compressed); + result = os_file_read_no_error_handling_func(file, buf, offset, n); register_pfs_file_io_end(locker, n); diff --git a/storage/xtradb/log/log0log.cc b/storage/xtradb/log/log0log.cc index 37cf18c1a0d..9b33c7858bc 100644 --- a/storage/xtradb/log/log0log.cc +++ b/storage/xtradb/log/log0log.cc @@ -1384,7 +1384,7 @@ log_group_file_header_flush( (ulint) (dest_offset / UNIV_PAGE_SIZE), (ulint) (dest_offset % UNIV_PAGE_SIZE), OS_FILE_LOG_BLOCK_SIZE, - buf, group, 0, 0, false); + buf, group, 0); srv_stats.os_log_pending_writes.dec(); } @@ -1551,7 +1551,7 @@ loop: fil_io(OS_FILE_WRITE | OS_FILE_LOG, true, group->space_id, 0, (ulint) (next_offset / UNIV_PAGE_SIZE), (ulint) (next_offset % UNIV_PAGE_SIZE), write_len, buf, - group, 0, 0, false); + group, 0); srv_stats.os_log_pending_writes.dec(); @@ -2144,7 +2144,7 @@ log_group_checkpoint( write_offset / UNIV_PAGE_SIZE, write_offset % UNIV_PAGE_SIZE, OS_FILE_LOG_BLOCK_SIZE, - buf, ((byte*) group + 1), 0, 0, false); + buf, ((byte*) group + 1), 0); ut_ad(((ulint) group & 0x1UL) == 0); } @@ -2226,7 +2226,7 @@ log_group_read_checkpoint_info( fil_io(OS_FILE_READ | OS_FILE_LOG, true, group->space_id, 0, field / UNIV_PAGE_SIZE, field % UNIV_PAGE_SIZE, - OS_FILE_LOG_BLOCK_SIZE, log_sys->checkpoint_buf, NULL, 0, 0, false); + OS_FILE_LOG_BLOCK_SIZE, log_sys->checkpoint_buf, NULL, 0); } /******************************************************//** @@ -2639,7 +2639,7 @@ loop: fil_io(OS_FILE_READ | OS_FILE_LOG, sync, group->space_id, 0, (ulint) (source_offset / UNIV_PAGE_SIZE), (ulint) (source_offset % UNIV_PAGE_SIZE), - len, buf, (type == LOG_ARCHIVE) ? &log_archive_io : NULL, 0, 0, false); + len, buf, (type == LOG_ARCHIVE) ? &log_archive_io : NULL, 0); if (recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER && !log_group_decrypt_after_read(group, buf, len)) @@ -2771,7 +2771,7 @@ log_group_archive_file_header_write( dest_offset / UNIV_PAGE_SIZE, dest_offset % UNIV_PAGE_SIZE, 2 * OS_FILE_LOG_BLOCK_SIZE, - buf, &log_archive_io, 0, 0, false); + buf, &log_archive_io, 0); } /******************************************************//** @@ -2808,7 +2808,7 @@ log_group_archive_completed_header_write( dest_offset % UNIV_PAGE_SIZE, OS_FILE_LOG_BLOCK_SIZE, buf + LOG_FILE_ARCH_COMPLETED, - &log_archive_io, 0, 0, false); + &log_archive_io, 0); } /******************************************************//** @@ -2953,7 +2953,7 @@ loop: (ulint) (next_offset / UNIV_PAGE_SIZE), (ulint) (next_offset % UNIV_PAGE_SIZE), ut_calc_align(len, OS_FILE_LOG_BLOCK_SIZE), buf, - &log_archive_io, 0, 0, false); + &log_archive_io, 0); start_lsn += len; next_offset += len; diff --git a/storage/xtradb/log/log0online.cc b/storage/xtradb/log/log0online.cc index 60ae4a50626..e18677973b0 100644 --- a/storage/xtradb/log/log0online.cc +++ b/storage/xtradb/log/log0online.cc @@ -283,7 +283,7 @@ log_online_read_bitmap_page( ut_a(bitmap_file->offset % MODIFIED_PAGE_BLOCK_SIZE == 0); success = os_file_read(bitmap_file->file, page, bitmap_file->offset, - MODIFIED_PAGE_BLOCK_SIZE, FALSE); + MODIFIED_PAGE_BLOCK_SIZE); if (UNIV_UNLIKELY(!success)) { diff --git a/storage/xtradb/log/log0recv.cc b/storage/xtradb/log/log0recv.cc index c7fb3be9625..46f5954d44f 100644 --- a/storage/xtradb/log/log0recv.cc +++ b/storage/xtradb/log/log0recv.cc @@ -56,6 +56,7 @@ Created 9/20/1997 Heikki Tuuri #include "trx0undo.h" #include "trx0rec.h" #include "fil0fil.h" +#include "fil0crypt.h" #ifndef UNIV_HOTBACKUP # include "buf0rea.h" # include "srv0srv.h" @@ -3177,7 +3178,7 @@ recv_recovery_from_checkpoint_start_func( fil_io(OS_FILE_READ | OS_FILE_LOG, true, max_cp_group->space_id, 0, 0, 0, LOG_FILE_HDR_SIZE, - log_hdr_buf, max_cp_group, 0, 0, false); + log_hdr_buf, max_cp_group, 0); if (0 == ut_memcmp(log_hdr_buf + LOG_FILE_WAS_CREATED_BY_HOT_BACKUP, (byte*)"ibbackup", (sizeof "ibbackup") - 1)) { @@ -3208,7 +3209,7 @@ recv_recovery_from_checkpoint_start_func( fil_io(OS_FILE_WRITE | OS_FILE_LOG, true, max_cp_group->space_id, 0, 0, 0, OS_FILE_LOG_BLOCK_SIZE, - log_hdr_buf, max_cp_group, 0, 0, false); + log_hdr_buf, max_cp_group, 0); } log_hdr_log_block_size @@ -3871,7 +3872,7 @@ ask_again: /* Read the archive file header */ fil_io(OS_FILE_READ | OS_FILE_LOG, true, group->archive_space_id, 0, 0, 0, - LOG_FILE_HDR_SIZE, buf, NULL, 0, 0, false); + LOG_FILE_HDR_SIZE, buf, NULL, 0); /* Check if the archive file header is consistent */ @@ -3945,7 +3946,7 @@ ask_again: fil_io(OS_FILE_READ | OS_FILE_LOG, true, group->archive_space_id, 0, read_offset / UNIV_PAGE_SIZE, - read_offset % UNIV_PAGE_SIZE, len, buf, NULL, 0, 0, false); + read_offset % UNIV_PAGE_SIZE, len, buf, NULL, 0); ret = recv_scan_log_recs( (buf_pool_get_n_pages() diff --git a/storage/xtradb/os/os0file.cc b/storage/xtradb/os/os0file.cc index d7d224dc6dd..75750df5639 100644 --- a/storage/xtradb/os/os0file.cc +++ b/storage/xtradb/os/os0file.cc @@ -45,7 +45,6 @@ Created 10/21/1995 Heikki Tuuri #include "fil0fil.h" #include "fsp0fsp.h" #include "fil0pagecompress.h" -#include "fil0pageencryption.h" #include "buf0buf.h" #include "btr0types.h" #include "trx0trx.h" @@ -238,21 +237,6 @@ struct os_aio_slot_t{ completed */ ulint bitmap; - byte* page_compression_page; /*!< Memory allocated for - page compressed page and - freed after the write - has been completed */ - - byte* page_encryption_page; /*!< Memory allocated for - page encrypted page and - freed after the write - has been completed */ - - ibool page_compression; - ulint page_compression_level; - - ibool page_encryption; - ulint page_encryption_key; ulint* write_size; /*!< Actual write size initialized after fist successfull trim @@ -260,31 +244,13 @@ struct os_aio_slot_t{ initialized we do not trim again if actual page size does not decrease. */ - byte* page_buf; /*!< Actual page buffer for - page compressed pages, do not - free this */ - - byte* page_buf2; /*!< Actual page buffer for - page encrypted pages, do not - free this */ - byte* tmp_encryption_buf; /*!< a temporal buffer used by page encryption */ - - ibool page_compression_success; - /*!< TRUE if page compression was successfull, false if not */ - ibool page_encryption_success; - /*!< TRUE if page encryption was successfull, false if not */ - - lsn_t lsn; /* lsn of the newest modification */ - ulint file_block_size;/*!< file block size */ - bool encrypt_later; /*!< should we encrypt the page */ #ifdef LINUX_NATIVE_AIO struct iocb control; /* Linux control block for aio */ int n_bytes; /* bytes written/read. */ int ret; /* AIO return code */ #endif /* WIN_ASYNC_IO */ - byte *lzo_mem; /* Temporal memory used by LZO */ }; /** The asynchronous i/o array structure */ @@ -401,39 +367,6 @@ os_file_trim( /*=========*/ os_aio_slot_t* slot); /*!< in: slot structure */ -/**********************************************************************//** -Allocate memory for temporal buffer used for page compression. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf( -/*===================*/ - os_aio_slot_t* slot); /*!< in: slot structure */ - -#ifdef HAVE_LZO -/**********************************************************************//** -Allocate memory for temporal memory used for page compression when -LZO compression method is used */ -UNIV_INTERN -void -os_slot_alloc_lzo_mem( -/*===================*/ - os_aio_slot_t* slot); /*!< in: slot structure */ -#endif - -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf2( - os_aio_slot_t* slot); /*!< in: slot structure */ -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. */ -UNIV_INTERN -void -os_slot_alloc_tmp_encryption_buf( - os_aio_slot_t* slot); /*!< in: slot structure */ /****************************************************************//** Does error handling when a file operation fails. @return TRUE if we should retry the operation */ @@ -3114,9 +3047,7 @@ os_file_read_func( void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ ulint n, /*!< in: number of bytes to read */ - trx_t* trx, - ibool compressed) /*!< in: is this file space - compressed ? */ + trx_t* trx) { #ifdef __WIN__ BOOL ret; @@ -3212,9 +3143,7 @@ os_file_read_no_error_handling_func( os_file_t file, /*!< in: handle to a file */ void* buf, /*!< in: buffer where to read */ os_offset_t offset, /*!< in: file offset where to read */ - ulint n, /*!< in: number of bytes to read */ - ibool compressed) /*!< in: is this file space - compressed ? */ + ulint n) /*!< in: number of bytes to read */ { #ifdef __WIN__ BOOL ret; @@ -4275,8 +4204,6 @@ os_aio_array_free( /*==============*/ os_aio_array_t*& array) /*!< in, own: array to free */ { - ulint i; - os_mutex_free(array->mutex); os_event_free(array->not_full); os_event_free(array->is_empty); @@ -4288,31 +4215,6 @@ os_aio_array_free( } #endif /* LINUX_NATIVE_AIO */ - for (i = 0; i < array->n_slots; i++) { - os_aio_slot_t* slot = os_aio_array_get_nth_slot(array, i); - - if (slot->page_compression_page) { - ut_free(slot->page_compression_page); - slot->page_compression_page = NULL; - } - - if (slot->lzo_mem) { - ut_free(slot->lzo_mem); - slot->lzo_mem = NULL; - } - - if (slot->page_encryption_page) { - ut_free(slot->page_encryption_page); - slot->page_encryption_page = NULL; - } - - if (slot->tmp_encryption_buf) { - ut_free(slot->tmp_encryption_buf); - slot->tmp_encryption_buf = NULL; - } - } - - ut_free(array->slots); ut_free(array); @@ -4658,22 +4560,11 @@ os_aio_array_reserve_slot( os_offset_t offset, /*!< in: file offset */ ulint len, /*!< in: length of the block to read or write */ ulint space_id, - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< page encryption key - to be used */ - ulint* write_size,/*!< in/out: Actual write size initialized + ulint* write_size)/*!< in/out: Actual write size initialized after first successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - lsn_t lsn, /*!< in: lsn of the newest - modification */ - bool encrypt_later) /*!< in: should we encrypt the page */ { os_aio_slot_t* slot = NULL; #ifdef WIN_ASYNC_IO @@ -4762,96 +4653,13 @@ found: slot->type = type; slot->buf = static_cast(buf); slot->offset = offset; - slot->lsn = lsn; slot->io_already_done = FALSE; slot->space_id = space_id; - slot->page_compression_success = FALSE; - slot->page_encryption_success = FALSE; - slot->write_size = write_size; - slot->page_compression_level = page_compression_level; - slot->page_compression = page_compression; - slot->page_encryption_key = page_encryption_key; - slot->page_encryption = page_encryption; - slot->encrypt_later = encrypt_later; if (message1) { slot->file_block_size = fil_node_get_block_size(message1); } - - /* If the space is page compressed and this is write operation - then we encrypt the page */ - if (message1 && type == OS_FILE_WRITE && page_compression) { - ulint real_len = len; - byte* tmp = NULL; - - /* Release the array mutex while encrypting */ - os_mutex_exit(array->mutex); - - // We allocate memory for page compressed buffer if and only - // if it is not yet allocated. - os_slot_alloc_page_buf(slot); - -#ifdef HAVE_LZO - if (innodb_compression_algorithm == 3) { - os_slot_alloc_lzo_mem(slot); - } -#endif - - /* Call page compression */ - tmp = fil_compress_page( - fil_node_get_space_id(slot->message1), - (byte *)buf, - slot->page_buf, - len, - page_compression_level, - fil_node_get_block_size(slot->message1), - &real_len, - slot->lzo_mem - ); - - /* If compression succeeded, set up the length and buffer */ - if (tmp != buf) { - len = real_len; - buf = slot->page_buf; - slot->len = real_len; - slot->page_compression_success = TRUE; - } else { - slot->page_compression_success = FALSE; - } - - /* Take array mutex back, not sure if this is really needed - below */ - os_mutex_enter(array->mutex); - - } - - /* If the space is page encryption and this is write operation - then we encrypt the page */ - if (message1 && type == OS_FILE_WRITE && (page_encryption || encrypt_later)) { - /* Release the array mutex while encrypting */ - os_mutex_exit(array->mutex); - - // We allocate memory for page encrypted buffer if and only - // if it is not yet allocated. - os_slot_alloc_page_buf2(slot); - - fil_space_encrypt( - fil_node_get_space_id(slot->message1), - slot->offset, - slot->lsn, - (byte *)buf, - slot->len, - slot->page_buf2, - slot->page_encryption_key); - - slot->page_encryption_success = TRUE; - buf = slot->page_buf2; - - /* Take array mutex back */ - os_mutex_enter(array->mutex); - } - slot->buf = (byte *)buf; #ifdef WIN_ASYNC_IO @@ -5130,22 +4938,11 @@ os_aio_func( OS_AIO_SYNC */ ulint space_id, trx_t* trx, - ibool page_compression, /*!< in: is page compression used - on this file space */ - ulint page_compression_level, /*!< page compression - level to be used */ - ulint* write_size,/*!< in/out: Actual write size initialized + ulint* write_size)/*!< in/out: Actual write size initialized after fist successfull trim operation for this page and if initialized we do not trim again if actual page size does not decrease. */ - ibool page_encryption, /*!< in: is page encryption used - on this file space */ - ulint page_encryption_key, /*!< in: page encryption key - to be used */ - lsn_t lsn, /*!< in: lsn of the newest modification */ - bool encrypt_later) /*!< in: should we encrypt before - writing the page */ { os_aio_array_t* array; os_aio_slot_t* slot; @@ -5178,8 +4975,7 @@ os_aio_func( no need to use an i/o-handler thread */ if (type == OS_FILE_READ) { - ret = os_file_read_func(file, buf, offset, n, trx, - page_compression); + ret = os_file_read_func(file, buf, offset, n, trx); } else { ut_ad(!srv_read_only_mode); ut_a(type == OS_FILE_WRITE); @@ -5247,9 +5043,7 @@ try_again: slot = os_aio_array_reserve_slot(type, array, message1, message2, file, name, buf, offset, n, space_id, - page_compression, page_compression_level, - page_encryption, page_encryption_key, - write_size, lsn, encrypt_later); + write_size); if (type == OS_FILE_READ) { if (srv_use_native_aio) { @@ -5278,15 +5072,8 @@ try_again: if (srv_use_native_aio) { os_n_file_writes++; #ifdef WIN_ASYNC_IO - if (page_encryption && slot->page_encryption_success) { - buffer = slot->page_buf2; - n = slot->len; - } else if (page_compression && slot->page_compression_success) { - buffer = slot->page_buf; - n = slot->len; - } else { - buffer = buf; - } + n = slot->len; + buffer = buf; ret = WriteFile(file, buffer, (DWORD) n, &len, &(slot->control)); @@ -5445,22 +5232,12 @@ os_aio_windows_handle( switch (slot->type) { case OS_FILE_WRITE: - if (slot->message1 && slot->page_encryption && slot->page_encryption_success) { - ret_val = os_file_write(slot->name, slot->file, slot->page_buf2, - slot->offset, slot->len); - } else { - if (slot->message1 && slot->page_compression && slot->page_compression_success) { - ret_val = os_file_write(slot->name, slot->file, slot->page_buf, + ret_val = os_file_write(slot->name, slot->file, slot->buf, slot->offset, slot->len); - } else { - ret_val = os_file_write(slot->name, slot->file, slot->buf, - slot->offset, slot->len); - } - } break; case OS_FILE_READ: ret_val = os_file_read(slot->file, slot->buf, - slot->offset, slot->len, slot->page_compression); + slot->offset, slot->len); break; default: ut_error; @@ -5485,45 +5262,10 @@ os_aio_windows_handle( ret_val = ret && len == slot->len; } - if (slot->type == OS_FILE_READ) { - if (fil_page_is_compressed_encrypted(slot->buf) || - fil_page_is_encrypted(slot->buf)) { - ut_ad(slot->message1 != NULL); - os_slot_alloc_page_buf2(slot); - os_slot_alloc_tmp_encryption_buf(slot); - - // Decrypt the data - fil_space_decrypt( - fil_node_get_space_id(slot->message1), - slot->buf, - slot->len, - slot->page_buf2); - // Copy decrypted buffer back to buf - memcpy(slot->buf, slot->page_buf2, slot->len); - } - - if (fil_page_is_compressed(slot->buf)) { - /* We allocate memory for page compressed buffer if - and only if it is not yet allocated. */ - os_slot_alloc_page_buf(slot); - -#ifdef HAVE_LZO - if (fil_page_is_lzo_compressed(slot->buf)) { - os_slot_alloc_lzo_mem(slot); - } -#endif - fil_decompress_page(slot->page_buf, slot->buf, - slot->len, slot->write_size); - } - } else { - /* OS_FILE_WRITE */ - if (slot->page_compression_success && - (fil_page_is_compressed(slot->page_buf) || - fil_page_is_compressed_encrypted(slot->buf))) { - if (srv_use_trim && os_fallocate_failed == FALSE) { - // Deallocate unused blocks from file system - os_file_trim(slot); - } + if (slot->type == OS_FILE_WRITE) { + if (srv_use_trim && os_fallocate_failed == FALSE) { + // Deallocate unused blocks from file system + os_file_trim(slot); } } @@ -5616,48 +5358,10 @@ retry: /* We have not overstepped to next segment. */ ut_a(slot->pos < end_pos); - if (slot->type == OS_FILE_READ) { - /* If the page is page encrypted we decrypt */ - if (fil_page_is_compressed_encrypted(slot->buf) || - fil_page_is_encrypted(slot->buf)) { - os_slot_alloc_page_buf2(slot); - os_slot_alloc_tmp_encryption_buf(slot); - ut_ad(slot->message1 != NULL); - - // Decrypt the data - fil_space_decrypt(fil_node_get_space_id(slot->message1), - slot->buf, - slot->len, - slot->page_buf2); - // Copy decrypted buffer back to buf - memcpy(slot->buf, slot->page_buf2, slot->len); - } - - /* If the table is page compressed and this - is read, we decompress before we announce - the read is complete. For writes, we free - the compressed page. */ - if (fil_page_is_compressed(slot->buf)) { - // We allocate memory for page compressed buffer if and only - // if it is not yet allocated. - os_slot_alloc_page_buf(slot); -#ifdef HAVE_LZO - if (fil_page_is_lzo_compressed(slot->buf)) { - os_slot_alloc_lzo_mem(slot); - } -#endif - fil_decompress_page(slot->page_buf, slot->buf, slot->len, slot->write_size); - } - } else { - /* OS_FILE_WRITE */ - if (slot->page_compression_success && - (fil_page_is_compressed(slot->page_buf) || - fil_page_is_compressed_encrypted(slot->buf))) { - ut_ad(slot->page_compression_page); - if (srv_use_trim && os_fallocate_failed == FALSE) { - // Deallocate unused blocks from file system - os_file_trim(slot); - } + if (slot->type == OS_FILE_WRITE) { + if (srv_use_trim && os_fallocate_failed == FALSE) { + // Deallocate unused blocks from file system + os_file_trim(slot); } } @@ -6140,8 +5844,7 @@ consecutive_loop: } else { ret = os_file_read( aio_slot->file, combined_buf, - aio_slot->offset, total_len, - aio_slot->page_compression); + aio_slot->offset, total_len); } srv_set_io_thread_op_info(global_segment, "file i/o done"); @@ -6714,91 +6417,6 @@ os_file_trim( } -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf2( -/*===================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - - if(slot->page_buf2 == NULL) { - byte* cbuf2; - byte* cbuf; - - cbuf2 = static_cast(ut_malloc(UNIV_PAGE_SIZE*2)); - cbuf = static_cast(ut_align(cbuf2, UNIV_PAGE_SIZE)); - slot->page_encryption_page = static_cast(cbuf2); - slot->page_buf2 = static_cast(cbuf); - memset(slot->page_encryption_page, 0, UNIV_PAGE_SIZE*2); - } -} - -/**********************************************************************//** -Allocate memory for temporal buffer used for page compression. This -buffer is freed later. */ -UNIV_INTERN -void -os_slot_alloc_page_buf( -/*===================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - if (slot->page_buf == NULL) { - byte* cbuf2; - byte* cbuf; - ulint asize = UNIV_PAGE_SIZE; -#ifdef HAVE_SNAPPY - asize += snappy_max_compressed_length(asize) - UNIV_PAGE_SIZE; -#endif - /* We allocate extra to avoid memory overwrite on - compression */ - cbuf2 = static_cast(ut_malloc(asize*2)); - cbuf = static_cast(ut_align(cbuf2, UNIV_PAGE_SIZE)); - slot->page_compression_page = static_cast(cbuf2); - slot->page_buf = static_cast(cbuf); - ut_a(slot->page_buf != NULL); - memset(slot->page_compression_page, 0, asize*2); - } -} - -#ifdef HAVE_LZO -/**********************************************************************//** -Allocate memory for temporal memory used for page compression when -LZO compression method is used */ -UNIV_INTERN -void -os_slot_alloc_lzo_mem( -/*===================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - if(slot->lzo_mem == NULL) { - slot->lzo_mem = static_cast(ut_malloc(LZO1X_1_15_MEM_COMPRESS)); - ut_a(slot->lzo_mem != NULL); - memset(slot->lzo_mem, 0, LZO1X_1_15_MEM_COMPRESS); - } -} -#endif - -/**********************************************************************//** -Allocate memory for temporal buffer used for page encryption. */ -UNIV_INTERN -void -os_slot_alloc_tmp_encryption_buf( -/*=============================*/ - os_aio_slot_t* slot) /*!< in: slot structure */ -{ - ut_a(slot != NULL); - if (slot->tmp_encryption_buf == NULL) { - slot->tmp_encryption_buf = static_cast(ut_malloc(64)); - memset(slot->tmp_encryption_buf, 0, 64); - } -} - /***********************************************************************//** Try to get number of bytes per sector from file system. @return file block size */ diff --git a/storage/xtradb/row/row0log.cc b/storage/xtradb/row/row0log.cc index 5a086ccebb4..ac0e75929a4 100644 --- a/storage/xtradb/row/row0log.cc +++ b/storage/xtradb/row/row0log.cc @@ -2552,7 +2552,7 @@ all_done: success = os_file_read_no_error_handling( OS_FILE_FROM_FD(index->online_log->fd), index->online_log->head.block, ofs, - srv_sort_buf_size, FALSE); + srv_sort_buf_size); if (!success) { fprintf(stderr, "InnoDB: unable to read temporary file" @@ -3380,7 +3380,7 @@ all_done: success = os_file_read_no_error_handling( OS_FILE_FROM_FD(index->online_log->fd), index->online_log->head.block, ofs, - srv_sort_buf_size, FALSE); + srv_sort_buf_size); if (!success) { fprintf(stderr, "InnoDB: unable to read temporary file" diff --git a/storage/xtradb/row/row0merge.cc b/storage/xtradb/row/row0merge.cc index 61494bed68a..fc08a4c6f07 100644 --- a/storage/xtradb/row/row0merge.cc +++ b/storage/xtradb/row/row0merge.cc @@ -786,7 +786,7 @@ row_merge_read( #endif /* UNIV_DEBUG */ success = os_file_read_no_error_handling(OS_FILE_FROM_FD(fd), buf, - ofs, srv_sort_buf_size, FALSE); + ofs, srv_sort_buf_size); #ifdef POSIX_FADV_DONTNEED /* Each block is read exactly once. Free up the file cache. */ diff --git a/storage/xtradb/row/row0mysql.cc b/storage/xtradb/row/row0mysql.cc index 5b2b9ac1503..5929bb21f7b 100644 --- a/storage/xtradb/row/row0mysql.cc +++ b/storage/xtradb/row/row0mysql.cc @@ -57,6 +57,7 @@ Created 9/17/2000 Heikki Tuuri #include "btr0sea.h" #include "btr0defragment.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "ibuf0ibuf.h" #include "fts0fts.h" #include "fts0types.h" diff --git a/storage/xtradb/srv/srv0srv.cc b/storage/xtradb/srv/srv0srv.cc index 37adca6975b..9396a713cad 100644 --- a/storage/xtradb/srv/srv0srv.cc +++ b/storage/xtradb/srv/srv0srv.cc @@ -75,10 +75,10 @@ Created 10/8/1995 Heikki Tuuri #include "mysql/plugin.h" #include "mysql/service_thd_wait.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "fil0pagecompress.h" #include #include "btr0scrub.h" -#include "fil0pageencryption.h" /* prototypes of new functions added to ha_innodb.cc for kill_idle_transaction */ ibool innobase_thd_is_idle(const void* thd); @@ -671,7 +671,7 @@ second. */ static time_t srv_last_log_flush_time; /** Default encryption key used for page encryption */ -UNIV_INTERN uint srv_default_page_encryption_key = DEFAULT_ENCRYPTION_KEY; +UNIV_INTERN uint srv_default_page_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; /** Enable semaphore request instrumentation */ UNIV_INTERN my_bool srv_instrument_semaphores = FALSE; diff --git a/storage/xtradb/srv/srv0start.cc b/storage/xtradb/srv/srv0start.cc index ddf261cc236..4d2aee6f08c 100644 --- a/storage/xtradb/srv/srv0start.cc +++ b/storage/xtradb/srv/srv0start.cc @@ -3,7 +3,7 @@ Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. Copyright (c) 2008, Google Inc. Copyright (c) 2009, Percona Inc. -Copyright (c) 2013, 2014, SkySQL Ab. All Rights Reserved. +Copyright (c) 2013, 2015, MariaDB Corporation Portions of this file contain modifications contributed and copyrighted by Google, Inc. Those modifications are gratefully acknowledged and are described @@ -52,6 +52,7 @@ Created 2/16/1996 Heikki Tuuri #include "os0file.h" #include "os0thread.h" #include "fil0fil.h" +#include "fil0crypt.h" #include "fsp0fsp.h" #include "rem0rec.h" #include "mtr0mtr.h" From 0ba9fa35bc119cbded96cd8587427be195603cec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Wed, 1 Apr 2015 19:37:00 +0300 Subject: [PATCH 10/65] InnoDB/XtraDB Encryption cleanup Step 2: -- Introduce temporal memory array to buffer pool where to allocate temporary memory for encryption/compression -- Rename PAGE_ENCRYPTION -> ENCRYPTION -- Rename PAGE_ENCRYPTION_KEY -> ENCRYPTION_KEY -- Rename innodb_default_page_encryption_key -> innodb_default_encryption_key -- Allow enable/disable encryption for tables by changing ENCRYPTION to enum having values DEFAULT, ON, OFF -- In create table store crypt_data if ENCRYPTION is ON or OFF -- Do not crypt tablespaces having ENCRYPTION=OFF -- Store encryption mode to crypt_data and redo-log --- storage/innobase/buf/buf0buf.cc | 338 +++++++++++----------- storage/innobase/buf/buf0dblwr.cc | 4 +- storage/innobase/buf/buf0flu.cc | 6 +- storage/innobase/buf/buf0rea.cc | 3 +- storage/innobase/fil/fil0crypt.cc | 44 ++- storage/innobase/fil/fil0fil.cc | 102 +++++-- storage/innobase/handler/ha_innodb.cc | 68 +++-- storage/innobase/handler/ha_innodb.h | 4 +- storage/innobase/handler/handler0alter.cc | 4 +- storage/innobase/include/buf0buf.h | 72 +++-- storage/innobase/include/buf0buf.ic | 17 +- storage/innobase/include/fil0crypt.h | 15 +- storage/innobase/include/fil0fil.h | 10 + storage/innobase/include/srv0srv.h | 4 +- storage/innobase/os/os0file.cc | 1 - storage/innobase/srv/srv0srv.cc | 4 +- storage/xtradb/buf/buf0buf.cc | 333 +++++++++++---------- storage/xtradb/buf/buf0dblwr.cc | 5 +- storage/xtradb/buf/buf0flu.cc | 6 +- storage/xtradb/buf/buf0rea.cc | 3 +- storage/xtradb/fil/fil0crypt.cc | 44 ++- storage/xtradb/fil/fil0fil.cc | 102 +++++-- storage/xtradb/handler/ha_innodb.cc | 68 +++-- storage/xtradb/handler/ha_innodb.h | 5 +- storage/xtradb/handler/handler0alter.cc | 4 +- storage/xtradb/include/buf0buf.h | 74 +++-- storage/xtradb/include/buf0buf.ic | 17 +- storage/xtradb/include/fil0crypt.h | 15 +- storage/xtradb/include/fil0fil.h | 10 + storage/xtradb/include/srv0srv.h | 4 +- storage/xtradb/srv/srv0srv.cc | 4 +- 31 files changed, 822 insertions(+), 568 deletions(-) diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index b2758e1253f..a4825adbbbb 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -59,6 +59,14 @@ Created 11/5/1995 Heikki Tuuri #include "ut0byte.h" #include +#ifdef HAVE_LZO +#include "lzo/lzo1x.h" +#endif + +/* Number of temporary slots used for encryption/compression +memory allocation before/after I/O operations */ +#define BUF_MAX_TMP_SLOTS 200 + /* IMPLEMENTATION OF THE BUFFER POOL ================================= @@ -1001,14 +1009,11 @@ buf_block_init( block->page.state = BUF_BLOCK_NOT_USED; block->page.buf_fix_count = 0; block->page.io_fix = BUF_IO_NONE; - block->page.crypt_buf = NULL; - block->page.crypt_buf_free = NULL; - block->page.comp_buf = NULL; - block->page.comp_buf_free = NULL; block->page.key_version = 0; - block->page.encrypt_later = false; - + block->page.real_size = 0; + block->page.write_size = 0; block->modify_clock = 0; + block->page.slot = NULL; #if defined UNIV_DEBUG_FILE_ACCESSES || defined UNIV_DEBUG block->page.file_page_was_freed = FALSE; @@ -1361,6 +1366,11 @@ buf_pool_init_instance( /* Initialize the iterator for single page scan search */ new(&buf_pool->single_scan_itr) LRUItr(buf_pool, &buf_pool->mutex); + /* Initialize the temporal memory array and slots */ + buf_pool->tmp_arr = (buf_tmp_array_t *)mem_zalloc(sizeof(buf_tmp_array_t)); + buf_pool->tmp_arr->n_slots = BUF_MAX_TMP_SLOTS; + buf_pool->tmp_arr->slots = (buf_tmp_buffer_t*)mem_zalloc(sizeof(buf_tmp_buffer_t) * BUF_MAX_TMP_SLOTS); + buf_pool_mutex_exit(buf_pool); return(DB_SUCCESS); @@ -1412,6 +1422,25 @@ buf_pool_free_instance( ha_clear(buf_pool->page_hash); hash_table_free(buf_pool->page_hash); hash_table_free(buf_pool->zip_hash); + + /* Free all used temporary slots */ + for(ulint i = 0; i < buf_pool->tmp_arr->n_slots; i++) { + buf_tmp_buffer_t* slot = &buf_pool->tmp_arr->slots[i]; +#ifdef HAVE_LZO + if (slot->lzo_mem) { + ut_free(slot->lzo_mem); + } +#endif + if (slot->crypt_buf_free) { + ut_free(slot->crypt_buf_free); + } + if (slot->comp_buf_free) { + ut_free(slot->comp_buf_free); + } + } + + mem_free(buf_pool->tmp_arr->slots); + mem_free(buf_pool->tmp_arr); } /********************************************************************//** @@ -3494,12 +3523,9 @@ buf_page_init_low( bpage->newest_modification = 0; bpage->oldest_modification = 0; bpage->write_size = 0; - bpage->crypt_buf = NULL; - bpage->crypt_buf_free = NULL; - bpage->comp_buf = NULL; - bpage->comp_buf_free = NULL; bpage->key_version = 0; - bpage->encrypt_later = false; + bpage->real_size = 0; + bpage->slot = NULL; HASH_INVALIDATE(bpage, hash); #if defined UNIV_DEBUG_FILE_ACCESSES || defined UNIV_DEBUG @@ -4366,7 +4392,11 @@ corrupt: } } else { /* io_type == BUF_IO_WRITE */ - buf_page_encrypt_after_write(bpage); + if (bpage->slot) { + /* Mark slot free */ + bpage->slot->reserved = false; + bpage->slot = NULL; + } } buf_pool_mutex_enter(buf_pool); @@ -5602,6 +5632,60 @@ buf_page_init_for_backup_restore( } #endif /* !UNIV_HOTBACKUP */ +/********************************************************************//** +Reserve unused slot from temporary memory array and allocate necessary +temporary memory if not yet allocated. +@return reserved slot */ +buf_tmp_buffer_t* +buf_pool_reserve_tmp_slot( +/*======================*/ + buf_pool_t* buf_pool, /*!< in: buffer pool where to + reserve */ + bool compressed) /*!< in: is file space compressed */ +{ + buf_tmp_buffer_t *free_slot=NULL; + + /* Array is protected by buf_pool mutex */ + buf_pool_mutex_enter(buf_pool); + + for(ulint i = 0; i < buf_pool->tmp_arr->n_slots; i++) { + buf_tmp_buffer_t *slot = &buf_pool->tmp_arr->slots[i]; + + if(slot->reserved == false) { + free_slot = slot; + break; + } + } + + /* We assume that free slot is found */ + ut_a(free_slot != NULL); + free_slot->reserved = true; + /* Now that we have reserved this slot we can release + buf_pool mutex */ + buf_pool_mutex_exit(buf_pool); + + /* Allocate temporary memory for encryption/decryption */ + if (free_slot->crypt_buf_free == NULL) { + free_slot->crypt_buf_free = static_cast(ut_malloc(UNIV_PAGE_SIZE*2)); + free_slot->crypt_buf = static_cast(ut_align(free_slot->crypt_buf_free, UNIV_PAGE_SIZE)); + memset(free_slot->crypt_buf_free, 0, UNIV_PAGE_SIZE *2); + } + + /* For page compressed tables allocate temporary memory for + compression/decompression */ + if (compressed && free_slot->comp_buf_free == NULL) { + free_slot->comp_buf_free = static_cast(ut_malloc(UNIV_PAGE_SIZE*2)); + free_slot->comp_buf = static_cast(ut_align(free_slot->comp_buf_free, UNIV_PAGE_SIZE)); + memset(free_slot->comp_buf_free, 0, UNIV_PAGE_SIZE *2); +#ifdef HAVE_LZO + free_slot->lzo_mem = static_cast(ut_malloc(LZO1X_1_15_MEM_COMPRESS)); + memset(free_slot->lzo_mem, 0, LZO1X_1_15_MEM_COMPRESS); +#endif + } + + return (free_slot); +} + /********************************************************************//** Encrypts a buffer page right before it's flushed to disk */ @@ -5609,11 +5693,17 @@ byte* buf_page_encrypt_before_write( /*==========================*/ buf_page_t* bpage, /*!< in/out: buffer page to be flushed */ - const byte* src_frame) /*!< in: src frame */ + const byte* src_frame, /*!< in: src frame */ + ulint space_id) /*!< in: space id */ { - bpage->encrypt_later = false; + fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space_id); - if (srv_encrypt_tables == FALSE) { + if (crypt_data != NULL && crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { + /* Encryption is disabled */ + return const_cast(src_frame); + } + + if (!srv_encrypt_tables && (crypt_data == NULL || crypt_data->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { /* Encryption is disabled */ return const_cast(src_frame); } @@ -5638,103 +5728,63 @@ buf_page_encrypt_before_write( ulint zip_size = buf_page_get_zip_size(bpage); ulint page_size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; + buf_pool_t* buf_pool = buf_pool_from_bpage(bpage); + bool page_compressed = fil_space_is_page_compressed(bpage->space); - /** - * TODO(jonaso): figure out more clever malloc strategy - * - * This implementation does a malloc/free per iop for encrypted - * tablespaces. Alternative strategies that have been considered are - * - * 1) use buf_block_alloc (i.e alloc from buffer pool) - * this does not work as buf_block_alloc will then be called - * when needing to flush a page, which might be triggered - * due to shortage of memory in buffer pool - * 2) allocate a buffer per fil_node_t - * this would break abstraction layers and has therfore not been - * considered a lot. - */ + /* Find free slot from temporary memory array */ + buf_tmp_buffer_t* slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); + bpage->slot = slot; - if (bpage->crypt_buf_free == NULL) { - bpage->crypt_buf_free = (byte*)malloc(page_size*2); - // TODO: Is 4k aligment enough ? - bpage->crypt_buf = (byte *)ut_align(bpage->crypt_buf_free, page_size); - } + byte *dst_frame = slot->crypt_buf; - byte *dst_frame = bpage->crypt_buf; - - if (!fil_space_is_page_compressed(bpage->space)) { - // encrypt page content - fil_space_encrypt(bpage->space, bpage->offset, - bpage->newest_modification, - src_frame, zip_size, dst_frame, 0); + if (!page_compressed) { + /* Encrypt page content */ + fil_space_encrypt(bpage->space, + bpage->offset, + bpage->newest_modification, + src_frame, + zip_size, + dst_frame); unsigned key_version = mach_read_from_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); ut_ad(key_version == 0 || key_version >= bpage->key_version); bpage->key_version = key_version; + bpage->real_size = zip_size; } else { - /** Compression and encryption is done later at os0file.cc */ - bpage->encrypt_later = true; - dst_frame = (byte *)src_frame; + /* First we compress the page content */ + ulint out_len = 0; + ulint block_size = fil_space_get_block_size(bpage->space, bpage->offset, page_size); + + byte *tmp = fil_compress_page(bpage->space, + (byte *)src_frame, + slot->comp_buf, + page_size, + fil_space_get_page_compression_level(bpage->space), + block_size, + &out_len, +#ifdef HAVE_LZO + slot->lzo_mem +#else + NULL +#endif + ); + + bpage->real_size = out_len; + + /* And then we encrypt the page content */ + fil_space_encrypt(bpage->space, + bpage->offset, + bpage->newest_modification, + tmp, + zip_size, + dst_frame); } // return dst_frame which will be written return dst_frame; } -/********************************************************************//** -Release memory after encrypted page has been written to disk -*/ -ibool -buf_page_encrypt_after_write( -/*=========================*/ - buf_page_t* bpage) /*!< in/out: buffer page flushed */ -{ - if (bpage->crypt_buf_free != NULL) { - free(bpage->crypt_buf_free); - bpage->crypt_buf_free = NULL; - bpage->crypt_buf = NULL; - } - - if (bpage->comp_buf_free != NULL) { - free(bpage->comp_buf_free); - bpage->comp_buf_free = NULL; - bpage->comp_buf = NULL; - } - - return (TRUE); -} - -/********************************************************************//** -Allocates memory to read in an encrypted page -*/ -byte* -buf_page_decrypt_before_read( -/*=========================*/ - buf_page_t* bpage, /*!< in/out: buffer page to be read */ - ulint zip_size) /*!< in: compressed page size, or 0 */ -{ - ulint size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; - - /* - Here we only need to allocate space for not header pages - in case of file space encryption. Table encryption is handled - later. - */ - if (!srv_encrypt_tables || bpage->offset == 0 || - fil_space_check_encryption_read(bpage->space) == false) - return zip_size ? bpage->zip.data : ((buf_block_t*) bpage)->frame; - - if (bpage->crypt_buf_free == NULL) - { - // allocate buffer to read data into - bpage->crypt_buf_free = (byte*)malloc(size*2); - // TODO: Is 4K aligment enough ? - bpage->crypt_buf = (byte*)ut_align(bpage->crypt_buf_free, size); - } - return bpage->crypt_buf; -} - /********************************************************************//** Decrypt page after it has been read from disk */ @@ -5752,96 +5802,58 @@ buf_page_decrypt_after_read( if (bpage->offset == 0) { /* File header pages are not encrypted */ - ut_a(bpage->crypt_buf == NULL); return (TRUE); } - - const byte* src_frame = bpage->crypt_buf != NULL ? - bpage->crypt_buf : dst_frame; - unsigned key_version = - mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + mach_read_from_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); bool page_compressed = fil_page_is_compressed(dst_frame); + buf_pool_t* buf_pool = buf_pool_from_bpage(bpage); + if (key_version == 0) { /* the page we read is unencrypted */ - if (fil_page_is_compressed(dst_frame)) { - if (bpage->comp_buf_free == NULL) { - bpage->comp_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); - // TODO: is 4k aligment enough ? - bpage->comp_buf = (byte*)ut_align(bpage->comp_buf_free, UNIV_PAGE_SIZE); - } + if (page_compressed) { + /* Find free slot from temporary memory array */ + buf_tmp_buffer_t* slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); - fil_decompress_page(bpage->comp_buf, dst_frame, size, NULL); - } else { - if (dst_frame != src_frame) { - /* but we had allocated a crypt_buf */ - // TODO: Can this be avoided ? - memcpy(dst_frame, src_frame, size); - } + fil_decompress_page(slot->comp_buf, + dst_frame, + size, + &bpage->write_size); + + /* Mark this slot as free */ + slot->reserved = false; } } else { /* the page we read is encrypted */ - if (dst_frame == src_frame) { - /* but we had NOT allocated a crypt buf - * malloc a buffer, copy page to it - * and then decrypt from that into real page*/ - bpage->crypt_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); - // TODO: is 4k aligment enough ? - src_frame = bpage->crypt_buf = (byte*)ut_align(bpage->crypt_buf_free, UNIV_PAGE_SIZE); - memcpy(bpage->crypt_buf, dst_frame, size); - } + /* Find free slot from temporary memory array */ + buf_tmp_buffer_t* slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); - /* decrypt from src_frame to dst_frame */ + memcpy(slot->crypt_buf, dst_frame, size); + + /* decrypt from crypt_buf to dst_frame */ fil_space_decrypt(bpage->space, - src_frame, size, dst_frame); + slot->crypt_buf, + size, + dst_frame); /* decompress from dst_frame to comp_buf and then copy to buffer pool */ if (page_compressed) { - if (bpage->comp_buf_free == NULL) { - bpage->comp_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); - // TODO: is 4k aligment enough ? - bpage->comp_buf = (byte*)ut_align(bpage->comp_buf_free, UNIV_PAGE_SIZE); - } - - fil_decompress_page(bpage->comp_buf, dst_frame, size, NULL); + fil_decompress_page(slot->comp_buf, + dst_frame, + size, + &bpage->write_size); } + + /* Mark this slot as free */ + slot->reserved = false; } bpage->key_version = key_version; - if (bpage->crypt_buf_free != NULL) { - // free temp page - free(bpage->crypt_buf_free); - bpage->crypt_buf = NULL; - bpage->crypt_buf_free = NULL; - } - - if (bpage->comp_buf_free != NULL) { - // free temp page - free(bpage->comp_buf_free); - bpage->comp_buf = NULL; - bpage->comp_buf_free = NULL; - } - return (TRUE); } - -/********************************************************************//** -Release memory allocated for decryption -*/ -void -buf_page_decrypt_cleanup( -/*=====================*/ - buf_page_t* bpage) /*!< in/out: buffer page */ -{ - if (bpage->crypt_buf != NULL) { - free(bpage->crypt_buf_free); - bpage->crypt_buf = NULL; - bpage->crypt_buf_free = NULL; - } -} diff --git a/storage/innobase/buf/buf0dblwr.cc b/storage/innobase/buf/buf0dblwr.cc index 53ef6ecb316..03681e8fbeb 100644 --- a/storage/innobase/buf/buf0dblwr.cc +++ b/storage/innobase/buf/buf0dblwr.cc @@ -872,7 +872,7 @@ buf_dblwr_write_block_to_datafile( 0, buf_block_get_page_no(block), 0, - UNIV_PAGE_SIZE, + bpage->real_size, frame, (void*) block, (ulint *)&bpage->write_size); @@ -1231,7 +1231,7 @@ retry: TRX_SYS_SPACE, 0, offset, 0, - UNIV_PAGE_SIZE, + bpage->real_size, frame, NULL, 0); diff --git a/storage/innobase/buf/buf0flu.cc b/storage/innobase/buf/buf0flu.cc index b8a34558867..d893d424b02 100644 --- a/storage/innobase/buf/buf0flu.cc +++ b/storage/innobase/buf/buf0flu.cc @@ -909,7 +909,7 @@ buf_flush_write_block_low( break; } - frame = buf_page_encrypt_before_write(bpage, frame); + frame = buf_page_encrypt_before_write(bpage, frame, space_id); if (!srv_use_doublewrite_buf || !buf_dblwr) { fil_io(OS_FILE_WRITE | OS_AIO_SIMULATED_WAKE_LATER, @@ -918,7 +918,7 @@ buf_flush_write_block_low( zip_size, buf_page_get_page_no(bpage), 0, - zip_size ? zip_size : UNIV_PAGE_SIZE, + zip_size ? zip_size : bpage->real_size, frame, bpage, &bpage->write_size); @@ -938,7 +938,7 @@ buf_flush_write_block_low( zip_size, buf_page_get_page_no(bpage), 0, - zip_size ? zip_size : UNIV_PAGE_SIZE, + zip_size ? zip_size : bpage->real_size, frame, bpage, &bpage->write_size); diff --git a/storage/innobase/buf/buf0rea.cc b/storage/innobase/buf/buf0rea.cc index 5917af7ca9d..b4b474c547f 100644 --- a/storage/innobase/buf/buf0rea.cc +++ b/storage/innobase/buf/buf0rea.cc @@ -176,7 +176,7 @@ buf_read_page_low( ut_ad(buf_page_in_file(bpage)); - byte* frame = buf_page_decrypt_before_read(bpage, zip_size); + byte* frame = zip_size ? bpage->zip.data : ((buf_block_t*) bpage)->frame; if (sync) { thd_wait_begin(NULL, THD_WAIT_DISKIO); @@ -202,7 +202,6 @@ buf_read_page_low( } if (*err != DB_SUCCESS) { - buf_page_decrypt_cleanup(bpage); if (ignore_nonexistent_pages || *err == DB_TABLESPACE_DELETED) { buf_read_page_handle_error(bpage); return(0); diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index aab0b1f5568..07636d27879 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -319,6 +319,7 @@ fil_space_create_crypt_data() &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->iv_length = iv_length; my_random_bytes(crypt_data->iv, iv_length); + crypt_data->encryption = FIL_SPACE_ENCRYPTION_DEFAULT; return crypt_data; } @@ -421,6 +422,9 @@ fil_space_read_crypt_data( uint min_key_version = mach_read_from_4 (page + offset + MAGIC_SZ + 2 + iv_length); + fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1( + page + offset + MAGIC_SZ + 2 + iv_length + 4); + const uint sz = sizeof(fil_space_crypt_t) + iv_length; fil_space_crypt_t* crypt_data = static_cast( malloc(sz)); @@ -429,6 +433,7 @@ fil_space_read_crypt_data( crypt_data->type = type; crypt_data->min_key_version = min_key_version; crypt_data->page0_offset = offset; + crypt_data->encryption = encryption; mutex_create(fil_crypt_data_mutex_key, &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->iv_length = iv_length; @@ -474,8 +479,9 @@ fil_space_write_crypt_data_low( page + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); const uint len = crypt_data->iv_length; const uint min_key_version = crypt_data->min_key_version; + const fil_encryption_t encryption = crypt_data->encryption; crypt_data->page0_offset = offset; - ut_a(2 + len + 4 + MAGIC_SZ < maxsize); + ut_a(2 + len + 4 + 1 + MAGIC_SZ < maxsize); /* redo log this as bytewise updates to page 0 @@ -489,8 +495,10 @@ fil_space_write_crypt_data_low( mtr); mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, min_key_version, MLOG_4BYTES, mtr); + mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len + 4, encryption, + MLOG_1BYTE, mtr); - byte* log_ptr = mlog_open(mtr, 11 + 12 + len); + byte* log_ptr = mlog_open(mtr, 11 + 13 + len); if (log_ptr != NULL) { log_ptr = mlog_write_initial_log_record_fast( @@ -507,6 +515,8 @@ fil_space_write_crypt_data_low( log_ptr += 1; mach_write_to_4(log_ptr, min_key_version); log_ptr += 4; + mach_write_to_1(log_ptr, encryption); + log_ptr += 1; mlog_close(mtr, log_ptr); mlog_catenate_string(mtr, crypt_data->iv, len); @@ -555,7 +565,8 @@ fil_parse_write_crypt_data( 2 + // size of offset 1 + // size of type 1 + // size of iv-len - 4; // size of min_key_version + 4 + // size of min_key_version + 1; // fil_encryption_t if (end_ptr - ptr < entry_size){ return NULL; @@ -582,9 +593,17 @@ fil_parse_write_crypt_data( return NULL; } + fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1(ptr); + ptr +=1; + + if (end_ptr - ptr < len) { + return NULL; + } + fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); crypt_data->page0_offset = offset; crypt_data->min_key_version = min_key_version; + crypt_data->encryption = encryption; memcpy(crypt_data->iv, ptr, len); ptr += len; @@ -610,7 +629,8 @@ fil_space_clear_crypt_data( 1 + // type 1 + // len len + // iv - 4; // min key version + 4 + // min key version + 1; // fil_encryption_t memset(page + offset, 0, size); } @@ -674,13 +694,11 @@ fil_space_encrypt( const byte* src_frame, /*!< in: Source page to be encrypted */ ulint zip_size, /*!< in: compressed size if row_format compressed */ - byte* dst_frame, /*!< in: outbut buffer */ - ulint encryption_key) /*!< in: encryption key id if page - encrypted */ + byte* dst_frame) /*!< in: outbut buffer */ { fil_space_crypt_t* crypt_data=NULL; ulint page_size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; - uint key_version = (uint)encryption_key; + uint key_version; unsigned char key[MY_AES_MAX_KEY_LENGTH]; uint key_length=MY_AES_MAX_KEY_LENGTH; uint aes_method; @@ -699,6 +717,7 @@ fil_space_encrypt( /* Get crypt data from file space */ crypt_data = fil_space_get_crypt_data(space); + key_version = crypt_data->keys[0].key_id; if (crypt_data == NULL) { //TODO: Is this really needed ? @@ -808,6 +827,10 @@ fil_space_check_encryption_read( return false; } + if (crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { + return false; + } + return true; } @@ -1352,6 +1375,11 @@ fil_crypt_space_needs_rotation( mutex_enter(&crypt_data->mutex); do { + if (crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { + /* This space is unencrypted by user request */ + break; + } + /* prevent threads from starting to rotate space */ if (crypt_data->rotate_state.starting) { /* recheck this space later */ diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 9d37de6d63b..9d0bb03c0e9 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -5543,6 +5543,74 @@ fil_report_invalid_page_access( (ulong) byte_offset, (ulong) len, (ulong) type); } +/********************************************************************//** +Find correct node from file space +@return node */ +static +fil_node_t* +fil_space_get_node( + fil_space_t* space, /*!< in: file spage */ + ulint space_id, /*!< in: space id */ + ulint* block_offset, /*!< in/out: offset in number of blocks */ + ulint byte_offset, /*!< in: remainder of offset in bytes; in + aio this must be divisible by the OS block + size */ + ulint len) /*!< in: how many bytes to read or write; this + must not cross a file boundary; in aio this + must be a block size multiple */ +{ + fil_node_t* node; + ut_ad(mutex_own(&fil_system->mutex)); + + node = UT_LIST_GET_FIRST(space->chain); + + for (;;) { + if (node == NULL) { + return(NULL); + } else if (fil_is_user_tablespace_id(space->id) + && node->size == 0) { + + /* We do not know the size of a single-table tablespace + before we open the file */ + break; + } else if (node->size > *block_offset) { + /* Found! */ + break; + } else { + *block_offset -= node->size; + node = UT_LIST_GET_NEXT(chain, node); + } + } + + return (node); +} +/********************************************************************//** +Return block size of node in file space +@return file block size */ +UNIV_INTERN +ulint +fil_space_get_block_size( +/*=====================*/ + ulint space_id, + ulint block_offset, + ulint len) +{ + ulint block_size = 512; + fil_space_t* space = fil_space_get_space(space_id); + + if (space) { + mutex_enter(&fil_system->mutex); + fil_node_t* node = fil_space_get_node(space, space_id, &block_offset, 0, len); + mutex_exit(&fil_system->mutex); + + if (node) { + block_size = node->file_block_size; + } + } + + return block_size; +} + /********************************************************************//** Reads or writes data. This operation is asynchronous (aio). @return DB_SUCCESS, or DB_TABLESPACE_DELETED if we are trying to do @@ -5589,7 +5657,7 @@ fil_io( ulint is_log; ulint wake_later; os_offset_t offset; - ibool ignore_nonexistent_pages; + bool ignore_nonexistent_pages; is_log = type & OS_FILE_LOG; type = type & ~OS_FILE_LOG; @@ -5674,34 +5742,18 @@ fil_io( ut_ad(mode != OS_AIO_IBUF || space->purpose == FIL_TABLESPACE); - node = UT_LIST_GET_FIRST(space->chain); + node = fil_space_get_node(space, space_id, &block_offset, byte_offset, len); - for (;;) { - if (node == NULL) { - if (ignore_nonexistent_pages) { - mutex_exit(&fil_system->mutex); - return(DB_ERROR); - } - - fil_report_invalid_page_access( + if (!node) { + if (ignore_nonexistent_pages) { + mutex_exit(&fil_system->mutex); + return(DB_ERROR); + } + fil_report_invalid_page_access( block_offset, space_id, space->name, byte_offset, len, type); - ut_error; - - } else if (fil_is_user_tablespace_id(space->id) - && node->size == 0) { - - /* We do not know the size of a single-table tablespace - before we open the file */ - break; - } else if (node->size > block_offset) { - /* Found! */ - break; - } else { - block_offset -= node->size; - node = UT_LIST_GET_NEXT(chain, node); - } + ut_error; } /* Open file if closed */ diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 311fdee4d3b..bd2d49995a0 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -566,10 +566,10 @@ ha_create_table_option innodb_table_option_list[]= HA_TOPTION_NUMBER("PAGE_COMPRESSION_LEVEL", page_compression_level, 0, 1, 9, 1), /* With this option user can enable atomic writes feature for this table */ HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0), - /* With this option the user can enable page encryption for the table */ - HA_TOPTION_BOOL("PAGE_ENCRYPTION", page_encryption, 0), + /* With this option the user can enable encryption for the table */ + HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT, ON, OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_NUMBER("PAGE_ENCRYPTION_KEY", page_encryption_key, 0, 1, 255, 1), + HA_TOPTION_NUMBER("ENCRYPTION_KEY", encryption_key, 0, 1, UINT_MAX32, 1), HA_TOPTION_END }; @@ -11285,20 +11285,21 @@ ha_innobase::check_table_options( enum row_type row_format = table->s->row_type; ha_table_option_struct *options= table->s->option_struct; atomic_writes_t awrites = (atomic_writes_t)options->atomic_writes; + fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - if (options->page_encryption) { + if (encrypt == FIL_SPACE_ENCRYPTION_ON) { if (srv_encrypt_tables) { push_warning( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_ENCRYPTION not available if innodb_encrypt_tables=ON"); + "InnoDB: ENCRYPTION not available if innodb_encrypt_tables=ON"); return "INNODB_ENCRYPT_TABLES"; } if (!use_tablespace) { push_warning( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_ENCRYPTION requires" + "InnoDB: ENCRYPTION requires" " innodb_file_per_table."); return "PAGE_ENCRYPTION"; } @@ -11307,14 +11308,6 @@ ha_innobase::check_table_options( /* Check page compression requirements */ if (options->page_compressed) { - if (srv_encrypt_tables) { - push_warning( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_COMPRESSION not available if innodb_encrypt_tables=ON"); - return "PAGE_COMPRESSED"; - } - if (row_format == ROW_TYPE_COMPRESSED) { push_warning( thd, Sql_condition::WARN_LEVEL_WARN, @@ -11384,29 +11377,29 @@ ha_innobase::check_table_options( } } - if (options->page_encryption_key != 0) { - if (options->page_encryption == false) { + if (options->encryption_key != 0) { + if (options->encryption == FIL_SPACE_ENCRYPTION_OFF) { /* ignore this to allow alter table without changing page_encryption_key ...*/ } - if (options->page_encryption_key < 1 || options->page_encryption_key > 255) { + if (options->encryption_key < 1) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: invalid PAGE_ENCRYPTION_KEY = %lu." - " Valid values are [1..255]", - options->page_encryption_key); - return "PAGE_ENCRYPTION_KEY"; + "InnoDB: invalid ENCRYPTION_KEY = %lu." + " Valid values are [1..INT32_MAX]", + options->encryption_key); + return "ENCRYPTION_KEY"; } - if (!has_encryption_key(options->page_encryption_key)) { + if (!has_encryption_key(options->encryption_key)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_ENCRYPTION_KEY encryption key %lu not available", - options->page_encryption_key + "InnoDB: ENCRYPTION_KEY encryption key %lu not available", + options->encryption_key ); - return "PAGE_ENCRYPTION_KEY"; + return "ENCRYPTION_KEY"; } } @@ -11467,6 +11460,11 @@ ha_innobase::create( const char* stmt; size_t stmt_len; + /* Cache table options */ + ha_table_option_struct *options= table->s->option_struct; + fil_encryption_t encrypt = (fil_encryption_t)options->encryption; + ulint key_id = (options->encryption_key == 0) ? srv_default_encryption_key : + options->encryption_key; DBUG_ENTER("ha_innobase::create"); @@ -11706,6 +11704,18 @@ ha_innobase::create( innobase_commit_low(trx); + /* If user has requested that table should be encrypted or table + should remain as unencrypted store crypt data */ + if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { + ulint maxsize; + ulint zip_size = fil_space_get_zip_size(innobase_table->space); + fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); + crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); + crypt_data->keys[0].key_id = key_id; + crypt_data->encryption = encrypt; + fil_space_set_crypt_data(innobase_table->space, crypt_data); + } + row_mysql_unlock_data_dictionary(trx); /* Flush the log to reduce probability that the .frm files and @@ -19146,12 +19156,12 @@ static MYSQL_SYSVAR_UINT(encryption_rotation_iops, srv_n_fil_crypt_iops, innodb_encryption_rotation_iops_update, srv_n_fil_crypt_iops, 0, UINT_MAX32, 0); -static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryption_key, +static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, PLUGIN_VAR_RQCMDARG, - "Encryption key used for page encryption.", + "Default encryption key used for table encryption.", NULL, NULL, - FIL_DEFAULT_ENCRYPTION_KEY, 1, 255, 0); + FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, @@ -19420,7 +19430,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(scrub_log), MYSQL_SYSVAR(scrub_log_interval), MYSQL_SYSVAR(encrypt_log), - MYSQL_SYSVAR(default_page_encryption_key), + MYSQL_SYSVAR(default_encryption_key), /* Scrubing feature */ MYSQL_SYSVAR(immediate_scrub_data_uncompressed), diff --git a/storage/innobase/handler/ha_innodb.h b/storage/innobase/handler/ha_innodb.h index 7807c7ca7e6..2b9f1506339 100644 --- a/storage/innobase/handler/ha_innodb.h +++ b/storage/innobase/handler/ha_innodb.h @@ -70,8 +70,8 @@ struct ha_table_option_struct srv_use_atomic_writes=1. Atomic writes are not used if value OFF.*/ - bool page_encryption; /*!< Flag for an encrypted table */ - int page_encryption_key; /*!< ID of the encryption key */ + uint encryption; /*!< DEFAULT, ON, OFF */ + int encryption_key; /*!< encryption key id*/ }; diff --git a/storage/innobase/handler/handler0alter.cc b/storage/innobase/handler/handler0alter.cc index 94f17e75358..327e4e92d1b 100644 --- a/storage/innobase/handler/handler0alter.cc +++ b/storage/innobase/handler/handler0alter.cc @@ -278,8 +278,8 @@ ha_innobase::check_if_supported_inplace_alter( DBUG_RETURN(HA_ALTER_INPLACE_NOT_SUPPORTED); } - if (new_options->page_encryption != old_options->page_encryption || - new_options->page_encryption_key != old_options->page_encryption_key) { + if (new_options->encryption != old_options->encryption || + new_options->encryption_key != old_options->encryption_key) { ha_alter_info->unsupported_reason = innobase_get_err_msg( ER_ALTER_OPERATION_NOT_SUPPORTED_REASON); DBUG_RETURN(HA_ALTER_INPLACE_NOT_SUPPORTED); diff --git a/storage/innobase/include/buf0buf.h b/storage/innobase/include/buf0buf.h index 1c84e68167e..d22d344162a 100644 --- a/storage/innobase/include/buf0buf.h +++ b/storage/innobase/include/buf0buf.h @@ -1445,16 +1445,19 @@ buf_flush_update_zip_checksum( The hook that is called just before a page is written to disk. The function encrypts the content of the page and returns a pointer to a frame that will be written instead of the real frame. */ +UNIV_INTERN byte* buf_page_encrypt_before_write( /*==========================*/ buf_page_t* page, /*!< in/out: buffer page to be flushed */ - const byte* frame); + const byte* frame, + ulint space_id); /********************************************************************** The hook that is called after page is written to disk. The function releases any resources needed for encryption that was allocated in buf_page_encrypt_before_write */ +UNIV_INTERN ibool buf_page_encrypt_after_write( /*=========================*/ @@ -1464,6 +1467,7 @@ buf_page_encrypt_after_write( The hook that is called just before a page is read from disk. The function allocates memory that is used to temporarily store disk content before getting decrypted */ +UNIV_INTERN byte* buf_page_decrypt_before_read( /*=========================*/ @@ -1474,19 +1478,35 @@ buf_page_decrypt_before_read( The hook that is called just after a page is read from disk. The function decrypt disk content into buf_page_t and releases the temporary buffer that was allocated in buf_page_decrypt_before_read */ +UNIV_INTERN ibool buf_page_decrypt_after_read( /*========================*/ buf_page_t* page); /*!< in/out: buffer page read from disk */ -/********************************************************************//** -Release memory allocated for page decryption. -Only used in scenarios where read fails, e.g due to tablespace being dropped */ -void -buf_page_decrypt_cleanup( -/*=====================*/ - buf_page_t* page); /*!< in/out: buffer page read from disk */ +/** @brief The temporary memory structure. +NOTE! The definition appears here only for other modules of this +directory (buf) to see it. Do not use from outside! */ + +typedef struct { + bool reserved; /*!< true if this slot is reserved + */ +#ifdef HAVE_LZO + byte* lzo_mem; /*!< Temporal memory used by LZO */ +#endif + byte* crypt_buf; /*!< for encryption the data needs to be + copied to a separate buffer before it's + encrypted&written. this as a page can be + read while it's being flushed */ + byte* crypt_buf_free; /*!< for encryption, allocated buffer + that is then alligned */ + byte* comp_buf; /*!< for compression we need + temporal buffer because page + can be read while it's being flushed */ + byte* comp_buf_free; /*!< for compression, allocated + buffer that is then alligned */ +} buf_tmp_buffer_t; /** The common buffer control block structure for compressed and uncompressed frames */ @@ -1559,20 +1579,15 @@ struct buf_page_t{ operation needed. */ unsigned key_version; /*!< key version for this block */ - byte* crypt_buf; /*!< for encryption the data needs to be - copied to a separate buffer before it's - encrypted&written. this as a page can be - read while it's being flushed */ - byte* crypt_buf_free; /*!< for encryption, allocated buffer - that is then alligned */ - byte* comp_buf; /*!< for compression we need - temporal buffer because page - can be read while it's being flushed */ - byte* comp_buf_free; /*!< for compression, allocated - buffer that is then alligned */ - bool encrypt_later; /*!< should we encrypt the page - at os0file.cc ? */ + ulint real_size; /*!< Real size of the page + Normal pages == UNIV_PAGE_SIZE + page compressed pages, payload + size alligned to sector boundary. + */ + buf_tmp_buffer_t* slot; /*!< Slot for temporary memory + used for encryption/compression + or NULL */ #ifndef UNIV_HOTBACKUP buf_page_t* hash; /*!< node used in chaining to buf_pool->page_hash or @@ -2017,6 +2032,17 @@ struct buf_buddy_stat_t { ib_uint64_t relocated_usec; }; +/** @brief The temporary memory array structure. + +NOTE! The definition appears here only for other modules of this +directory (buf) to see it. Do not use from outside! */ + +typedef struct { + ulint n_slots; /*!< Total number of slots */ + buf_tmp_buffer_t *slots; /*!< Pointer to the slots in the + array */ +} buf_tmp_array_t; + /** @brief The buffer pool structure. NOTE! The definition appears here only for other modules of this @@ -2200,6 +2226,10 @@ struct buf_pool_t{ pool watches. Protected by buf_pool->mutex. */ + buf_tmp_array_t* tmp_arr; + /*!< Array for temporal memory + used in compression and encryption */ + #if BUF_BUDDY_LOW > UNIV_ZIP_SIZE_MIN # error "BUF_BUDDY_LOW > UNIV_ZIP_SIZE_MIN" #endif diff --git a/storage/innobase/include/buf0buf.ic b/storage/innobase/include/buf0buf.ic index 842aa6758cd..53e7445d447 100644 --- a/storage/innobase/include/buf0buf.ic +++ b/storage/innobase/include/buf0buf.ic @@ -1464,28 +1464,15 @@ buf_get_nth_chunk_block( return(chunk->blocks); } -/********************************************************************//** -Get crypt buffer. */ -UNIV_INLINE -byte* -buf_page_get_crypt_buffer( -/*=========================*/ - const buf_page_t* bpage) /*!< in: buffer pool page */ -{ - return bpage->crypt_buf; -} - /********************************************************************//** Get buf frame. */ UNIV_INLINE void * buf_page_get_frame( -/*=========================*/ +/*===============*/ const buf_page_t* bpage) /*!< in: buffer pool page */ { - if (bpage->crypt_buf) { - return buf_page_get_crypt_buffer(bpage); - } else if (bpage->zip.data) { + if (bpage->zip.data) { return bpage->zip.data; } else { return ((buf_block_t*) bpage)->frame; diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h index 9d02034e4b2..359533dc50a 100644 --- a/storage/innobase/include/fil0crypt.h +++ b/storage/innobase/include/fil0crypt.h @@ -37,6 +37,14 @@ Created 04/01/2015 Jan Lindström /* This key will be used if nothing else is given */ #define FIL_DEFAULT_ENCRYPTION_KEY 1 +/** Enum values for encryption table option */ +typedef enum { + FIL_SPACE_ENCRYPTION_DEFAULT = 0, /* Tablespace encrypted if + srv_encrypt_tables = ON */ + FIL_SPACE_ENCRYPTION_ON = 1, /* Tablespace is encrypted always */ + FIL_SPACE_ENCRYPTION_OFF = 2 /* Tablespace is not encrypted */ +} fil_encryption_t; + /** * CRYPT_SCHEME_UNENCRYPTED * @@ -67,6 +75,8 @@ struct key_struct { uint key_version; /*!< Key version used as identifier */ + uint key_id; /*1< Key id used as + identifier */ byte key[MY_AES_MAX_KEY_LENGTH]; /*!< Cached L or key */ uint key_length; /*!< Key length */ }; @@ -95,6 +105,7 @@ struct fil_space_crypt_struct key_struct keys[3]; // cached L = AES_ECB(KEY, IV) uint min_key_version; // min key version for this space ulint page0_offset; // byte offset on page 0 for crypt data + fil_encryption_t encryption; // Encryption setup ib_mutex_t mutex; // mutex protecting following variables bool closing; // is tablespace being closed @@ -227,9 +238,7 @@ fil_space_encrypt( lsn_t lsn, /*!< in: page lsn */ const byte* src_frame,/*!< in: page frame */ ulint size, /*!< in: size of data to encrypt */ - byte* dst_frame, /*!< in: where to encrypt to */ - ulint page_encryption_key); /*!< in: page encryption key id if page - encrypted */ + byte* dst_frame); /*!< in: where to encrypt to */ /********************************************************************* Decrypt buffer page */ diff --git a/storage/innobase/include/fil0fil.h b/storage/innobase/include/fil0fil.h index 2c6c5804f65..7f2c00eb168 100644 --- a/storage/innobase/include/fil0fil.h +++ b/storage/innobase/include/fil0fil.h @@ -1272,6 +1272,16 @@ ulint fil_get_next_space( ulint id); /*!< in: space id */ +/*******************************************************************//** +Returns the block size of the file space +@return block size */ +UNIV_INTERN +ulint +fil_space_get_block_size( +/*=====================*/ + ulint id, /*!< in: space id */ + ulint offset, /*!< in: page offset */ + ulint len); /*!< in: page len */ #endif diff --git a/storage/innobase/include/srv0srv.h b/storage/innobase/include/srv0srv.h index 31db78ae5ee..314bce63c7b 100644 --- a/storage/innobase/include/srv0srv.h +++ b/storage/innobase/include/srv0srv.h @@ -562,8 +562,8 @@ that semaphore times out in InnoDB */ #define DEFAULT_SRV_FATAL_SEMAPHORE_TIMEOUT 600 extern ulong srv_fatal_semaphore_wait_threshold; -/** Default encryption key used for page encryption */ -extern uint srv_default_page_encryption_key; +/** Default encryption key used for tablespace encryption */ +extern uint srv_default_encryption_key; /** Enable semaphore request instrumentation */ extern my_bool srv_instrument_semaphores; diff --git a/storage/innobase/os/os0file.cc b/storage/innobase/os/os0file.cc index 1287ee76819..e17cf161973 100644 --- a/storage/innobase/os/os0file.cc +++ b/storage/innobase/os/os0file.cc @@ -242,7 +242,6 @@ struct os_aio_slot_t{ int n_bytes; /* bytes written/read. */ int ret; /* AIO return code */ #endif /* WIN_ASYNC_IO */ - byte *lzo_mem; /* Temporal memory used by LZO */ }; /** The asynchronous i/o array structure */ diff --git a/storage/innobase/srv/srv0srv.cc b/storage/innobase/srv/srv0srv.cc index 78954725001..d8c921fb612 100644 --- a/storage/innobase/srv/srv0srv.cc +++ b/storage/innobase/srv/srv0srv.cc @@ -523,8 +523,8 @@ thread ensures that we flush the log files at least once per second. */ static time_t srv_last_log_flush_time; -/** Default encryption key used for page encryption */ -UNIV_INTERN uint srv_default_page_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; +/** Default encryption key used for tablespace encryption */ +UNIV_INTERN uint srv_default_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; /** Enable semaphore request instrumentation */ UNIV_INTERN my_bool srv_instrument_semaphores = FALSE; diff --git a/storage/xtradb/buf/buf0buf.cc b/storage/xtradb/buf/buf0buf.cc index 56b0245da93..ab8dbadf0fa 100644 --- a/storage/xtradb/buf/buf0buf.cc +++ b/storage/xtradb/buf/buf0buf.cc @@ -95,6 +95,14 @@ _increment_page_get_statistics(buf_block_t* block, trx_t* trx) return; } +#ifdef HAVE_LZO +#include "lzo/lzo1x.h" +#endif + +/* Number of temporary slots used for encryption/compression +memory allocation before/after I/O operations */ +#define BUF_MAX_TMP_SLOTS 200 + /* IMPLEMENTATION OF THE BUFFER POOL ================================= @@ -1077,15 +1085,11 @@ buf_block_init( block->page.state = BUF_BLOCK_NOT_USED; block->page.buf_fix_count = 0; block->page.io_fix = BUF_IO_NONE; - block->page.crypt_buf = NULL; - block->page.crypt_buf_free = NULL; - block->page.comp_buf = NULL; - block->page.comp_buf_free = NULL; block->page.key_version = 0; - block->page.encrypt_later = false; - - + block->page.real_size = 0; + block->page.write_size = 0; block->modify_clock = 0; + block->page.slot = NULL; #if defined UNIV_DEBUG_FILE_ACCESSES || defined UNIV_DEBUG block->page.file_page_was_freed = FALSE; @@ -1438,6 +1442,11 @@ buf_pool_init_instance( /* All fields are initialized by mem_zalloc(). */ + /* Initialize the temporal memory array and slots */ + buf_pool->tmp_arr = (buf_tmp_array_t *)mem_zalloc(sizeof(buf_tmp_array_t)); + buf_pool->tmp_arr->n_slots = BUF_MAX_TMP_SLOTS; + buf_pool->tmp_arr->slots = (buf_tmp_buffer_t*)mem_zalloc(sizeof(buf_tmp_buffer_t) * BUF_MAX_TMP_SLOTS); + buf_pool->try_LRU_scan = TRUE; return(DB_SUCCESS); @@ -1489,6 +1498,9 @@ buf_pool_free_instance( ha_clear(buf_pool->page_hash); hash_table_free(buf_pool->page_hash); hash_table_free(buf_pool->zip_hash); + + mem_free(buf_pool->tmp_arr->slots); + mem_free(buf_pool->tmp_arr); } /********************************************************************//** @@ -3574,12 +3586,8 @@ buf_page_init_low( bpage->newest_modification = 0; bpage->oldest_modification = 0; bpage->write_size = 0; - bpage->crypt_buf = NULL; - bpage->crypt_buf_free = NULL; - bpage->comp_buf = NULL; - bpage->comp_buf_free = NULL; bpage->key_version = 0; - bpage->encrypt_later = false; + bpage->real_size = 0; HASH_INVALIDATE(bpage, hash); bpage->is_corrupt = FALSE; @@ -4498,7 +4506,11 @@ corrupt: } } else { /* io_type == BUF_IO_WRITE */ - buf_page_encrypt_after_write(bpage); + if (bpage->slot) { + /* Mark slot free */ + bpage->slot->reserved = false; + bpage->slot = NULL; + } } if (io_type == BUF_IO_WRITE @@ -5778,6 +5790,60 @@ buf_pool_mutex_exit( mutex_exit(&buf_pool->LRU_list_mutex); } +/********************************************************************//** +Reserve unused slot from temporary memory array and allocate necessary +temporary memory if not yet allocated. +@return reserved slot */ +buf_tmp_buffer_t* +buf_pool_reserve_tmp_slot( +/*======================*/ + buf_pool_t* buf_pool, /*!< in: buffer pool where to + reserve */ + bool compressed) /*!< in: is file space compressed */ +{ + buf_tmp_buffer_t *free_slot=NULL; + + /* Array is protected by buf_pool mutex */ + buf_pool_mutex_enter(buf_pool); + + for(ulint i = 0; i < buf_pool->tmp_arr->n_slots; i++) { + buf_tmp_buffer_t *slot = &buf_pool->tmp_arr->slots[i]; + + if(slot->reserved == false) { + free_slot = slot; + break; + } + } + + /* We assume that free slot is found */ + ut_a(free_slot != NULL); + free_slot->reserved = true; + /* Now that we have reserved this slot we can release + buf_pool mutex */ + buf_pool_mutex_exit(buf_pool); + + /* Allocate temporary memory for encryption/decryption */ + if (free_slot->crypt_buf_free == NULL) { + free_slot->crypt_buf_free = static_cast(ut_malloc(UNIV_PAGE_SIZE*2)); + free_slot->crypt_buf = static_cast(ut_align(free_slot->crypt_buf_free, UNIV_PAGE_SIZE)); + memset(free_slot->crypt_buf_free, 0, UNIV_PAGE_SIZE *2); + } + + /* For page compressed tables allocate temporary memory for + compression/decompression */ + if (compressed && free_slot->comp_buf_free == NULL) { + free_slot->comp_buf_free = static_cast(ut_malloc(UNIV_PAGE_SIZE*2)); + free_slot->comp_buf = static_cast(ut_align(free_slot->comp_buf_free, UNIV_PAGE_SIZE)); + memset(free_slot->comp_buf_free, 0, UNIV_PAGE_SIZE *2); +#ifdef HAVE_LZO + free_slot->lzo_mem = static_cast(ut_malloc(LZO1X_1_15_MEM_COMPRESS)); + memset(free_slot->lzo_mem, 0, LZO1X_1_15_MEM_COMPRESS); +#endif + } + + return (free_slot); +} + /********************************************************************//** Encrypts a buffer page right before it's flushed to disk */ @@ -5785,11 +5851,17 @@ byte* buf_page_encrypt_before_write( /*==========================*/ buf_page_t* bpage, /*!< in/out: buffer page to be flushed */ - const byte* src_frame) /*!< in: src frame */ + const byte* src_frame, /*!< in: src frame */ + ulint space_id) /*!< in: space id */ { - bpage->encrypt_later = false; + fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space_id); - if (srv_encrypt_tables == FALSE) { + if (crypt_data != NULL && crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { + /* Encryption is disabled */ + return const_cast(src_frame); + } + + if (!srv_encrypt_tables && (crypt_data == NULL || crypt_data->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { /* Encryption is disabled */ return const_cast(src_frame); } @@ -5814,103 +5886,63 @@ buf_page_encrypt_before_write( ulint zip_size = buf_page_get_zip_size(bpage); ulint page_size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; + buf_pool_t* buf_pool = buf_pool_from_bpage(bpage); + bool page_compressed = fil_space_is_page_compressed(bpage->space); - /** - * TODO(jonaso): figure out more clever malloc strategy - * - * This implementation does a malloc/free per iop for encrypted - * tablespaces. Alternative strategies that have been considered are - * - * 1) use buf_block_alloc (i.e alloc from buffer pool) - * this does not work as buf_block_alloc will then be called - * when needing to flush a page, which might be triggered - * due to shortage of memory in buffer pool - * 2) allocate a buffer per fil_node_t - * this would break abstraction layers and has therfore not been - * considered a lot. - */ + /* Find free slot from temporary memory array */ + buf_tmp_buffer_t* slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); + bpage->slot = slot; - if (bpage->crypt_buf_free == NULL) { - bpage->crypt_buf_free = (byte*)malloc(page_size*2); - // TODO: Is 4k aligment enough ? - bpage->crypt_buf = (byte *)ut_align(bpage->crypt_buf_free, page_size); - } + byte *dst_frame = slot->crypt_buf; - byte *dst_frame = bpage->crypt_buf; - - if (!fil_space_is_page_compressed(bpage->space)) { - // encrypt page content - fil_space_encrypt(bpage->space, bpage->offset, - bpage->newest_modification, - src_frame, zip_size, dst_frame, 0); + if (!page_compressed) { + /* Encrypt page content */ + fil_space_encrypt(bpage->space, + bpage->offset, + bpage->newest_modification, + src_frame, + zip_size, + dst_frame); unsigned key_version = mach_read_from_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); ut_ad(key_version == 0 || key_version >= bpage->key_version); bpage->key_version = key_version; + bpage->real_size = zip_size; } else { - /** Compression and encryption is done later at os0file.cc */ - bpage->encrypt_later = true; - dst_frame = (byte *)src_frame; + /* First we compress the page content */ + ulint out_len = 0; + ulint block_size = fil_space_get_block_size(bpage->space, bpage->offset, page_size); + + byte *tmp = fil_compress_page(bpage->space, + (byte *)src_frame, + slot->comp_buf, + page_size, + fil_space_get_page_compression_level(bpage->space), + block_size, + &out_len, +#ifdef HAVE_LZO + slot->lzo_mem +#else + NULL +#endif + ); + + bpage->real_size = out_len; + + /* And then we encrypt the page content */ + fil_space_encrypt(bpage->space, + bpage->offset, + bpage->newest_modification, + tmp, + zip_size, + dst_frame); } // return dst_frame which will be written return dst_frame; } -/********************************************************************//** -Release memory after encrypted page has been written to disk -*/ -ibool -buf_page_encrypt_after_write( -/*=========================*/ - buf_page_t* bpage) /*!< in/out: buffer page flushed */ -{ - if (bpage->crypt_buf_free != NULL) { - free(bpage->crypt_buf_free); - bpage->crypt_buf_free = NULL; - bpage->crypt_buf = NULL; - } - - if (bpage->comp_buf_free != NULL) { - free(bpage->comp_buf_free); - bpage->comp_buf_free = NULL; - bpage->comp_buf = NULL; - } - - return (TRUE); -} - -/********************************************************************//** -Allocates memory to read in an encrypted page -*/ -byte* -buf_page_decrypt_before_read( -/*=========================*/ - buf_page_t* bpage, /*!< in/out: buffer page to be read */ - ulint zip_size) /*!< in: compressed page size, or 0 */ -{ - ulint size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; - - /* - Here we only need to allocate space for not header pages - in case of file space encryption. Table encryption is handled - later. - */ - if (!srv_encrypt_tables || bpage->offset == 0 || - fil_space_check_encryption_read(bpage->space) == false) - return zip_size ? bpage->zip.data : ((buf_block_t*) bpage)->frame; - - if (bpage->crypt_buf_free == NULL) - { - // allocate buffer to read data into - bpage->crypt_buf_free = (byte*)malloc(size*2); - // TODO: Is 4K aligment enough ? - bpage->crypt_buf = (byte*)ut_align(bpage->crypt_buf_free, size); - } - return bpage->crypt_buf; -} - /********************************************************************//** Decrypt page after it has been read from disk */ @@ -5928,92 +5960,51 @@ buf_page_decrypt_after_read( if (bpage->offset == 0) { /* File header pages are not encrypted */ - ut_a(bpage->crypt_buf == NULL); return (TRUE); } - const byte* src_frame = bpage->crypt_buf != NULL ? - bpage->crypt_buf : dst_frame; - unsigned key_version = - mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + mach_read_from_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); bool page_compressed = fil_page_is_compressed(dst_frame); + buf_pool_t* buf_pool = buf_pool_from_bpage(bpage); if (key_version == 0) { /* the page we read is unencrypted */ - if (fil_page_is_compressed(dst_frame)) { - if (bpage->comp_buf_free == NULL) { - bpage->comp_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); - // TODO: is 4k aligment enough ? - bpage->comp_buf = (byte*)ut_align(bpage->comp_buf_free, UNIV_PAGE_SIZE); - } - - fil_decompress_page(bpage->comp_buf, dst_frame, size, NULL); - } else { - if (dst_frame != src_frame) { - /* but we had allocated a crypt_buf */ - // TODO: Can this be avoided ? - memcpy(dst_frame, src_frame, size); - } - } - } else { - /* the page we read is encrypted */ - if (dst_frame == src_frame) { - /* but we had NOT allocated a crypt buf - * malloc a buffer, copy page to it - * and then decrypt from that into real page*/ - bpage->crypt_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); - // TODO: is 4k aligment enough ? - src_frame = bpage->crypt_buf = (byte*)ut_align(bpage->crypt_buf_free, UNIV_PAGE_SIZE); - memcpy(bpage->crypt_buf, dst_frame, size); - } - /* decrypt from src_frame to dst_frame */ - fil_space_decrypt(bpage->space, - src_frame, size, dst_frame); - - /* decompress from dst_frame to comp_buf and then copy to - buffer pool */ if (page_compressed) { - if (bpage->comp_buf_free == NULL) { - bpage->comp_buf_free = (byte *)malloc(UNIV_PAGE_SIZE*2); - // TODO: is 4k aligment enough ? - bpage->comp_buf = (byte*)ut_align(bpage->comp_buf_free, UNIV_PAGE_SIZE); - } + /* Find free slot from temporary memory array */ + buf_tmp_buffer_t* slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); - fil_decompress_page(bpage->comp_buf, dst_frame, size, NULL); - } + fil_decompress_page(slot->comp_buf, + dst_frame, + size, + &bpage->write_size); + + /* Mark this slot as free */ + slot->reserved = false; + } + } else { + /* Find free slot from temporary memory array */ + buf_tmp_buffer_t* slot = buf_pool_reserve_tmp_slot(buf_pool, page_compressed); + memcpy(slot->crypt_buf, dst_frame, size); + + /* decrypt from crypt_buf to dst_frame */ + fil_space_decrypt(bpage->space, + slot->crypt_buf, + size, + dst_frame); + + if (page_compressed) { + fil_decompress_page(slot->comp_buf, + dst_frame, + size, + &bpage->write_size); + } + + /* Mark this slot as free */ + slot->reserved = false; } bpage->key_version = key_version; - if (bpage->crypt_buf_free != NULL) { - // free temp page - free(bpage->crypt_buf_free); - bpage->crypt_buf = NULL; - bpage->crypt_buf_free = NULL; - } - - if (bpage->comp_buf_free != NULL) { - // free temp page - free(bpage->comp_buf_free); - bpage->comp_buf = NULL; - bpage->comp_buf_free = NULL; - } - return (TRUE); } - -/********************************************************************//** -Release memory allocated for decryption -*/ -void -buf_page_decrypt_cleanup( -/*=====================*/ - buf_page_t* bpage) /*!< in/out: buffer page */ -{ - if (bpage->crypt_buf != NULL) { - free(bpage->crypt_buf_free); - bpage->crypt_buf = NULL; - bpage->crypt_buf_free = NULL; - } -} diff --git a/storage/xtradb/buf/buf0dblwr.cc b/storage/xtradb/buf/buf0dblwr.cc index ec733dd5a73..b0fdc58e4d2 100644 --- a/storage/xtradb/buf/buf0dblwr.cc +++ b/storage/xtradb/buf/buf0dblwr.cc @@ -871,7 +871,7 @@ buf_dblwr_write_block_to_datafile( 0, buf_block_get_page_no(block), 0, - UNIV_PAGE_SIZE, + bpage->real_size, frame, (void*) block, (ulint *)&bpage->write_size); @@ -1247,7 +1247,8 @@ retry: TRX_SYS_SPACE, 0, offset, - 0, UNIV_PAGE_SIZE, + 0, + bpage->real_size, frame, NULL, 0); diff --git a/storage/xtradb/buf/buf0flu.cc b/storage/xtradb/buf/buf0flu.cc index d023e2ff227..6443043310b 100644 --- a/storage/xtradb/buf/buf0flu.cc +++ b/storage/xtradb/buf/buf0flu.cc @@ -951,7 +951,7 @@ buf_flush_write_block_low( break; } - frame = buf_page_encrypt_before_write(bpage, frame); + frame = buf_page_encrypt_before_write(bpage, frame, space_id); if (!srv_use_doublewrite_buf || !buf_dblwr) { fil_io(OS_FILE_WRITE | OS_AIO_SIMULATED_WAKE_LATER, @@ -960,7 +960,7 @@ buf_flush_write_block_low( zip_size, buf_page_get_page_no(bpage), 0, - zip_size ? zip_size : UNIV_PAGE_SIZE, + zip_size ? zip_size : bpage->real_size, frame, bpage, &bpage->write_size); @@ -979,7 +979,7 @@ buf_flush_write_block_low( zip_size, buf_page_get_page_no(bpage), 0, - zip_size ? zip_size : UNIV_PAGE_SIZE, + zip_size ? zip_size : bpage->real_size, frame, bpage, &bpage->write_size); diff --git a/storage/xtradb/buf/buf0rea.cc b/storage/xtradb/buf/buf0rea.cc index 164aa3c62c1..6c74c30739e 100644 --- a/storage/xtradb/buf/buf0rea.cc +++ b/storage/xtradb/buf/buf0rea.cc @@ -222,7 +222,7 @@ not_to_recover: ut_ad(buf_page_in_file(bpage)); ut_ad(!mutex_own(&buf_pool_from_bpage(bpage)->LRU_list_mutex)); - byte* frame = buf_page_decrypt_before_read(bpage, zip_size); + byte* frame = zip_size ? bpage->zip.data : ((buf_block_t*) bpage)->frame; if (sync) { thd_wait_begin(NULL, THD_WAIT_DISKIO); @@ -247,7 +247,6 @@ not_to_recover: } if (*err != DB_SUCCESS) { - buf_page_decrypt_cleanup(bpage); if (ignore_nonexistent_pages || *err == DB_TABLESPACE_DELETED) { buf_read_page_handle_error(bpage); return(0); diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index aab0b1f5568..07636d27879 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -319,6 +319,7 @@ fil_space_create_crypt_data() &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->iv_length = iv_length; my_random_bytes(crypt_data->iv, iv_length); + crypt_data->encryption = FIL_SPACE_ENCRYPTION_DEFAULT; return crypt_data; } @@ -421,6 +422,9 @@ fil_space_read_crypt_data( uint min_key_version = mach_read_from_4 (page + offset + MAGIC_SZ + 2 + iv_length); + fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1( + page + offset + MAGIC_SZ + 2 + iv_length + 4); + const uint sz = sizeof(fil_space_crypt_t) + iv_length; fil_space_crypt_t* crypt_data = static_cast( malloc(sz)); @@ -429,6 +433,7 @@ fil_space_read_crypt_data( crypt_data->type = type; crypt_data->min_key_version = min_key_version; crypt_data->page0_offset = offset; + crypt_data->encryption = encryption; mutex_create(fil_crypt_data_mutex_key, &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->iv_length = iv_length; @@ -474,8 +479,9 @@ fil_space_write_crypt_data_low( page + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); const uint len = crypt_data->iv_length; const uint min_key_version = crypt_data->min_key_version; + const fil_encryption_t encryption = crypt_data->encryption; crypt_data->page0_offset = offset; - ut_a(2 + len + 4 + MAGIC_SZ < maxsize); + ut_a(2 + len + 4 + 1 + MAGIC_SZ < maxsize); /* redo log this as bytewise updates to page 0 @@ -489,8 +495,10 @@ fil_space_write_crypt_data_low( mtr); mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, min_key_version, MLOG_4BYTES, mtr); + mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len + 4, encryption, + MLOG_1BYTE, mtr); - byte* log_ptr = mlog_open(mtr, 11 + 12 + len); + byte* log_ptr = mlog_open(mtr, 11 + 13 + len); if (log_ptr != NULL) { log_ptr = mlog_write_initial_log_record_fast( @@ -507,6 +515,8 @@ fil_space_write_crypt_data_low( log_ptr += 1; mach_write_to_4(log_ptr, min_key_version); log_ptr += 4; + mach_write_to_1(log_ptr, encryption); + log_ptr += 1; mlog_close(mtr, log_ptr); mlog_catenate_string(mtr, crypt_data->iv, len); @@ -555,7 +565,8 @@ fil_parse_write_crypt_data( 2 + // size of offset 1 + // size of type 1 + // size of iv-len - 4; // size of min_key_version + 4 + // size of min_key_version + 1; // fil_encryption_t if (end_ptr - ptr < entry_size){ return NULL; @@ -582,9 +593,17 @@ fil_parse_write_crypt_data( return NULL; } + fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1(ptr); + ptr +=1; + + if (end_ptr - ptr < len) { + return NULL; + } + fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); crypt_data->page0_offset = offset; crypt_data->min_key_version = min_key_version; + crypt_data->encryption = encryption; memcpy(crypt_data->iv, ptr, len); ptr += len; @@ -610,7 +629,8 @@ fil_space_clear_crypt_data( 1 + // type 1 + // len len + // iv - 4; // min key version + 4 + // min key version + 1; // fil_encryption_t memset(page + offset, 0, size); } @@ -674,13 +694,11 @@ fil_space_encrypt( const byte* src_frame, /*!< in: Source page to be encrypted */ ulint zip_size, /*!< in: compressed size if row_format compressed */ - byte* dst_frame, /*!< in: outbut buffer */ - ulint encryption_key) /*!< in: encryption key id if page - encrypted */ + byte* dst_frame) /*!< in: outbut buffer */ { fil_space_crypt_t* crypt_data=NULL; ulint page_size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; - uint key_version = (uint)encryption_key; + uint key_version; unsigned char key[MY_AES_MAX_KEY_LENGTH]; uint key_length=MY_AES_MAX_KEY_LENGTH; uint aes_method; @@ -699,6 +717,7 @@ fil_space_encrypt( /* Get crypt data from file space */ crypt_data = fil_space_get_crypt_data(space); + key_version = crypt_data->keys[0].key_id; if (crypt_data == NULL) { //TODO: Is this really needed ? @@ -808,6 +827,10 @@ fil_space_check_encryption_read( return false; } + if (crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { + return false; + } + return true; } @@ -1352,6 +1375,11 @@ fil_crypt_space_needs_rotation( mutex_enter(&crypt_data->mutex); do { + if (crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { + /* This space is unencrypted by user request */ + break; + } + /* prevent threads from starting to rotate space */ if (crypt_data->rotate_state.starting) { /* recheck this space later */ diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 6b776edd2f9..1084f90c720 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -5579,6 +5579,74 @@ fil_report_invalid_page_access( (ulong) byte_offset, (ulong) len, (ulong) type); } +/********************************************************************//** +Find correct node from file space +@return node */ +static +fil_node_t* +fil_space_get_node( + fil_space_t* space, /*!< in: file spage */ + ulint space_id, /*!< in: space id */ + ulint* block_offset, /*!< in/out: offset in number of blocks */ + ulint byte_offset, /*!< in: remainder of offset in bytes; in + aio this must be divisible by the OS block + size */ + ulint len) /*!< in: how many bytes to read or write; this + must not cross a file boundary; in aio this + must be a block size multiple */ +{ + fil_node_t* node; + ut_ad(mutex_own(&fil_system->mutex)); + + node = UT_LIST_GET_FIRST(space->chain); + + for (;;) { + if (node == NULL) { + return(NULL); + } else if (fil_is_user_tablespace_id(space->id) + && node->size == 0) { + + /* We do not know the size of a single-table tablespace + before we open the file */ + break; + } else if (node->size > *block_offset) { + /* Found! */ + break; + } else { + *block_offset -= node->size; + node = UT_LIST_GET_NEXT(chain, node); + } + } + + return (node); +} +/********************************************************************//** +Return block size of node in file space +@return file block size */ +UNIV_INTERN +ulint +fil_space_get_block_size( +/*=====================*/ + ulint space_id, + ulint block_offset, + ulint len) +{ + ulint block_size = 512; + fil_space_t* space = fil_space_get_space(space_id); + + if (space) { + mutex_enter(&fil_system->mutex); + fil_node_t* node = fil_space_get_node(space, space_id, &block_offset, 0, len); + mutex_exit(&fil_system->mutex); + + if (node) { + block_size = node->file_block_size; + } + } + + return block_size; +} + /********************************************************************//** Reads or writes data. This operation is asynchronous (aio). @return DB_SUCCESS, or DB_TABLESPACE_DELETED if we are trying to do @@ -5626,7 +5694,7 @@ _fil_io( ulint is_log; ulint wake_later; os_offset_t offset; - ibool ignore_nonexistent_pages; + bool ignore_nonexistent_pages; is_log = type & OS_FILE_LOG; type = type & ~OS_FILE_LOG; @@ -5711,34 +5779,18 @@ _fil_io( ut_ad(mode != OS_AIO_IBUF || space->purpose == FIL_TABLESPACE); - node = UT_LIST_GET_FIRST(space->chain); + node = fil_space_get_node(space, space_id, &block_offset, byte_offset, len); - for (;;) { - if (node == NULL) { - if (ignore_nonexistent_pages) { - mutex_exit(&fil_system->mutex); - return(DB_ERROR); - } - - fil_report_invalid_page_access( + if (!node) { + if (ignore_nonexistent_pages) { + mutex_exit(&fil_system->mutex); + return(DB_ERROR); + } + fil_report_invalid_page_access( block_offset, space_id, space->name, byte_offset, len, type); - ut_error; - - } else if (fil_is_user_tablespace_id(space->id) - && node->size == 0) { - - /* We do not know the size of a single-table tablespace - before we open the file */ - break; - } else if (node->size > block_offset) { - /* Found! */ - break; - } else { - block_offset -= node->size; - node = UT_LIST_GET_NEXT(chain, node); - } + ut_error; } /* Open file if closed */ diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index cb6b7d1a263..9f4f52b4f4a 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -631,10 +631,10 @@ ha_create_table_option innodb_table_option_list[]= HA_TOPTION_NUMBER("PAGE_COMPRESSION_LEVEL", page_compression_level, 0, 1, 9, 1), /* With this option user can enable atomic writes feature for this table */ HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0), - /* With this option the user can enable page encryption for the table */ - HA_TOPTION_BOOL("PAGE_ENCRYPTION", page_encryption, 0), + /* With this option the user can enable encryption for the table */ + HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT, ON, OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_NUMBER("PAGE_ENCRYPTION_KEY", page_encryption_key, 0, 1, 255, 1), + HA_TOPTION_NUMBER("ENCRYPTION_KEY", encryption_key, 0, 1, UINT_MAX32, 1), HA_TOPTION_END }; @@ -11791,13 +11791,14 @@ ha_innobase::check_table_options( enum row_type row_format = table->s->row_type; ha_table_option_struct *options= table->s->option_struct; atomic_writes_t awrites = (atomic_writes_t)options->atomic_writes; + fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - if (options->page_encryption) { + if (encrypt == FIL_SPACE_ENCRYPTION_ON) { if (srv_encrypt_tables) { push_warning( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_ENCRYPTION not available if innodb_encrypt_tables=ON"); + "InnoDB: ENCRYPTION not available if innodb_encrypt_tables=ON"); return "INNODB_ENCRYPT_TABLES"; } @@ -11805,7 +11806,7 @@ ha_innobase::check_table_options( push_warning( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_ENCRYPTION requires" + "InnoDB: ENCRYPTION requires" " innodb_file_per_table."); return "PAGE_ENCRYPTION"; } @@ -11814,14 +11815,6 @@ ha_innobase::check_table_options( /* Check page compression requirements */ if (options->page_compressed) { - if (srv_encrypt_tables) { - push_warning( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_COMPRESSION not available if innodb_encrypt_tables=ON"); - return "PAGE_COMPRESSED"; - } - if (row_format == ROW_TYPE_COMPRESSED) { push_warning( thd, Sql_condition::WARN_LEVEL_WARN, @@ -11891,29 +11884,29 @@ ha_innobase::check_table_options( } } - if (options->page_encryption_key != 0) { - if (options->page_encryption == false) { + if (options->encryption_key != 0) { + if (options->encryption == FIL_SPACE_ENCRYPTION_OFF) { /* ignore this to allow alter table without changing page_encryption_key ...*/ } - if (options->page_encryption_key < 1 || options->page_encryption_key > 255) { + if (options->encryption_key < 1) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: invalid PAGE_ENCRYPTION_KEY = %lu." - " Valid values are [1..255]", - options->page_encryption_key); - return "PAGE_ENCRYPTION_KEY"; + "InnoDB: invalid ENCRYPTION_KEY = %lu." + " Valid values are [1..UINTMAX32]", + options->encryption_key); + return "ENCRYPTION_KEY"; } - if (!has_encryption_key(options->page_encryption_key)) { + if (!has_encryption_key(options->encryption_key)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: PAGE_ENCRYPTION_KEY encryption key %lu not available", - options->page_encryption_key + "InnoDB: ENCRYPTION_KEY %lu not available", + options->encryption_key ); - return "PAGE_ENCRYPTION_KEY"; + return "ENCRYPTION_KEY"; } } @@ -11975,6 +11968,11 @@ ha_innobase::create( const char* stmt; size_t stmt_len; + /* Cache table options */ + ha_table_option_struct *options= table->s->option_struct; + fil_encryption_t encrypt = (fil_encryption_t)options->encryption; + ulint key_id = (options->encryption_key == 0) ? srv_default_encryption_key : + options->encryption_key; DBUG_ENTER("ha_innobase::create"); @@ -12220,6 +12218,18 @@ ha_innobase::create( innobase_commit_low(trx); + /* If user has requested that table should be encrypted or table + should remain as unencrypted store crypt data */ + if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { + ulint maxsize; + ulint zip_size = fil_space_get_zip_size(innobase_table->space); + fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); + crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); + crypt_data->keys[0].key_id = key_id; + crypt_data->encryption = encrypt; + fil_space_set_crypt_data(innobase_table->space, crypt_data); + } + row_mysql_unlock_data_dictionary(trx); /* Flush the log to reduce probability that the .frm files and @@ -20329,12 +20339,12 @@ static MYSQL_SYSVAR_UINT(encryption_rotation_iops, srv_n_fil_crypt_iops, innodb_encryption_rotation_iops_update, srv_n_fil_crypt_iops, 0, UINT_MAX32, 0); -static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryption_key, +static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, PLUGIN_VAR_RQCMDARG, - "Encryption key used for page encryption.", + "Default encryption key used for table encryption.", NULL, NULL, - FIL_DEFAULT_ENCRYPTION_KEY, 1, 255, 0); + FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, @@ -20641,7 +20651,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(scrub_log), MYSQL_SYSVAR(scrub_log_interval), MYSQL_SYSVAR(encrypt_log), - MYSQL_SYSVAR(default_page_encryption_key), + MYSQL_SYSVAR(default_encryption_key), /* Scrubing feature */ MYSQL_SYSVAR(immediate_scrub_data_uncompressed), MYSQL_SYSVAR(background_scrub_data_uncompressed), diff --git a/storage/xtradb/handler/ha_innodb.h b/storage/xtradb/handler/ha_innodb.h index 0acf77da28f..fdc6f9521aa 100644 --- a/storage/xtradb/handler/ha_innodb.h +++ b/storage/xtradb/handler/ha_innodb.h @@ -71,9 +71,8 @@ struct ha_table_option_struct srv_use_atomic_writes=1. Atomic writes are not used if value OFF.*/ - bool page_encryption; /*!< Flag for an encrypted table */ - /* Following can't be unsigned as it's compared with ULINT_UNDEFINED */ - int page_encryption_key; /*!< ID of the encryption key */ + uint encryption; /*!< DEFAULT, ON, OFF */ + int encryption_key; /*!< encryption key id */ }; /** The class defining a handle to an Innodb table */ diff --git a/storage/xtradb/handler/handler0alter.cc b/storage/xtradb/handler/handler0alter.cc index 7e8e6e4598e..9fe3cbc2bd1 100644 --- a/storage/xtradb/handler/handler0alter.cc +++ b/storage/xtradb/handler/handler0alter.cc @@ -282,8 +282,8 @@ ha_innobase::check_if_supported_inplace_alter( DBUG_RETURN(HA_ALTER_INPLACE_NOT_SUPPORTED); } - if (new_options->page_encryption != old_options->page_encryption || - new_options->page_encryption_key != old_options->page_encryption_key) { + if (new_options->encryption != old_options->encryption || + new_options->encryption_key != old_options->encryption_key) { ha_alter_info->unsupported_reason = innobase_get_err_msg( ER_ALTER_OPERATION_NOT_SUPPORTED_REASON); DBUG_RETURN(HA_ALTER_INPLACE_NOT_SUPPORTED); diff --git a/storage/xtradb/include/buf0buf.h b/storage/xtradb/include/buf0buf.h index 7eb58216698..912fbb9194f 100644 --- a/storage/xtradb/include/buf0buf.h +++ b/storage/xtradb/include/buf0buf.h @@ -1469,16 +1469,19 @@ buf_own_zip_mutex_for_page( The hook that is called just before a page is written to disk. The function encrypts the content of the page and returns a pointer to a frame that will be written instead of the real frame. */ +UNIV_INTERN byte* buf_page_encrypt_before_write( /*==========================*/ buf_page_t* page, /*!< in/out: buffer page to be flushed */ - const byte* frame); + const byte* frame, + ulint space_id); /********************************************************************** The hook that is called after page is written to disk. The function releases any resources needed for encryption that was allocated in buf_page_encrypt_before_write */ +UNIV_INTERN ibool buf_page_encrypt_after_write( /*=========================*/ @@ -1488,6 +1491,7 @@ buf_page_encrypt_after_write( The hook that is called just before a page is read from disk. The function allocates memory that is used to temporarily store disk content before getting decrypted */ +UNIV_INTERN byte* buf_page_decrypt_before_read( /*=========================*/ @@ -1498,19 +1502,35 @@ buf_page_decrypt_before_read( The hook that is called just after a page is read from disk. The function decrypt disk content into buf_page_t and releases the temporary buffer that was allocated in buf_page_decrypt_before_read */ +UNIV_INTERN ibool buf_page_decrypt_after_read( /*========================*/ buf_page_t* page); /*!< in/out: buffer page read from disk */ -/********************************************************************//** -Release memory allocated for page decryption. -Only used in scenarios where read fails, e.g due to tablespace being dropped */ -void -buf_page_decrypt_cleanup( -/*=====================*/ - buf_page_t* page); /*!< in/out: buffer page read from disk */ +/** @brief The temporary memory structure. +NOTE! The definition appears here only for other modules of this +directory (buf) to see it. Do not use from outside! */ + +typedef struct { + bool reserved; /*!< true if this slot is reserved + */ +#ifdef HAVE_LZO + byte* lzo_mem; /*!< Temporal memory used by LZO */ +#endif + byte* crypt_buf; /*!< for encryption the data needs to be + copied to a separate buffer before it's + encrypted&written. this as a page can be + read while it's being flushed */ + byte* crypt_buf_free; /*!< for encryption, allocated buffer + that is then alligned */ + byte* comp_buf; /*!< for compression we need + temporal buffer because page + can be read while it's being flushed */ + byte* comp_buf_free; /*!< for compression, allocated + buffer that is then alligned */ +} buf_tmp_buffer_t; /** The common buffer control block structure for compressed and uncompressed frames */ @@ -1587,19 +1607,16 @@ struct buf_page_t{ operation needed. */ unsigned key_version; /*!< key version for this block */ - byte* crypt_buf; /*!< for encryption the data needs to be - copied to a separate buffer before it's - encrypted&written. this as a page can be - read while it's being flushed */ - byte* crypt_buf_free; /*!< for encryption, allocated buffer - that is then alligned */ - byte* comp_buf; /*!< for compression we need - temporal buffer because page - can be read while it's being flushed */ - byte* comp_buf_free; /*!< for compression, allocated - buffer that is then alligned */ - bool encrypt_later; /*!< should we encrypt the page - at os0file.cc ? */ + + ulint real_size; /*!< Real size of the page + Normal pages == UNIV_PAGE_SIZE + page compressed pages, payload + size alligned to sector boundary. + */ + + buf_tmp_buffer_t* slot; /*!< Slot for temporary memory + used for encryption/compression + or NULL */ #ifndef UNIV_HOTBACKUP buf_page_t* hash; /*!< node used in chaining to buf_pool->page_hash or @@ -1918,6 +1935,17 @@ struct buf_buddy_stat_t { ib_uint64_t relocated_usec; }; +/** @brief The temporary memory array structure. + +NOTE! The definition appears here only for other modules of this +directory (buf) to see it. Do not use from outside! */ + +typedef struct { + ulint n_slots; /*!< Total number of slots */ + buf_tmp_buffer_t *slots; /*!< Pointer to the slots in the + array */ +} buf_tmp_array_t; + /** @brief The buffer pool structure. NOTE! The definition appears here only for other modules of this @@ -2091,6 +2119,10 @@ struct buf_pool_t{ /*!< Sentinel records for buffer pool watches. */ + buf_tmp_array_t* tmp_arr; + /*!< Array for temporal memory + used in compression and encryption */ + #if BUF_BUDDY_LOW > UNIV_ZIP_SIZE_MIN # error "BUF_BUDDY_LOW > UNIV_ZIP_SIZE_MIN" #endif diff --git a/storage/xtradb/include/buf0buf.ic b/storage/xtradb/include/buf0buf.ic index b4cbba29f3c..7f6cceade36 100644 --- a/storage/xtradb/include/buf0buf.ic +++ b/storage/xtradb/include/buf0buf.ic @@ -925,28 +925,15 @@ buf_block_free( mutex_exit(&block->mutex); } -/********************************************************************//** -Get crypt buffer. */ -UNIV_INLINE -byte* -buf_page_get_crypt_buffer( -/*=========================*/ - const buf_page_t* bpage) /*!< in: buffer pool page */ -{ - return bpage->crypt_buf; -} - /********************************************************************//** Get buf frame. */ UNIV_INLINE void * buf_page_get_frame( -/*=========================*/ +/*===============*/ const buf_page_t* bpage) /*!< in: buffer pool page */ { - if (bpage->crypt_buf) { - return buf_page_get_crypt_buffer(bpage); - } else if (bpage->zip.data) { + if (bpage->zip.data) { return bpage->zip.data; } else { return ((buf_block_t*) bpage)->frame; diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h index 9d02034e4b2..359533dc50a 100644 --- a/storage/xtradb/include/fil0crypt.h +++ b/storage/xtradb/include/fil0crypt.h @@ -37,6 +37,14 @@ Created 04/01/2015 Jan Lindström /* This key will be used if nothing else is given */ #define FIL_DEFAULT_ENCRYPTION_KEY 1 +/** Enum values for encryption table option */ +typedef enum { + FIL_SPACE_ENCRYPTION_DEFAULT = 0, /* Tablespace encrypted if + srv_encrypt_tables = ON */ + FIL_SPACE_ENCRYPTION_ON = 1, /* Tablespace is encrypted always */ + FIL_SPACE_ENCRYPTION_OFF = 2 /* Tablespace is not encrypted */ +} fil_encryption_t; + /** * CRYPT_SCHEME_UNENCRYPTED * @@ -67,6 +75,8 @@ struct key_struct { uint key_version; /*!< Key version used as identifier */ + uint key_id; /*1< Key id used as + identifier */ byte key[MY_AES_MAX_KEY_LENGTH]; /*!< Cached L or key */ uint key_length; /*!< Key length */ }; @@ -95,6 +105,7 @@ struct fil_space_crypt_struct key_struct keys[3]; // cached L = AES_ECB(KEY, IV) uint min_key_version; // min key version for this space ulint page0_offset; // byte offset on page 0 for crypt data + fil_encryption_t encryption; // Encryption setup ib_mutex_t mutex; // mutex protecting following variables bool closing; // is tablespace being closed @@ -227,9 +238,7 @@ fil_space_encrypt( lsn_t lsn, /*!< in: page lsn */ const byte* src_frame,/*!< in: page frame */ ulint size, /*!< in: size of data to encrypt */ - byte* dst_frame, /*!< in: where to encrypt to */ - ulint page_encryption_key); /*!< in: page encryption key id if page - encrypted */ + byte* dst_frame); /*!< in: where to encrypt to */ /********************************************************************* Decrypt buffer page */ diff --git a/storage/xtradb/include/fil0fil.h b/storage/xtradb/include/fil0fil.h index 91653c4bb7d..c7ecaf8b628 100644 --- a/storage/xtradb/include/fil0fil.h +++ b/storage/xtradb/include/fil0fil.h @@ -982,6 +982,16 @@ _fil_io( #define fil_io(type, sync, space_id, zip_size, block_offset, byte_offset, len, buf, message, write_size) \ _fil_io(type, sync, space_id, zip_size, block_offset, byte_offset, len, buf, message, write_size, NULL) +/*******************************************************************//** +Returns the block size of the file space +@return block size */ +UNIV_INTERN +ulint +fil_space_get_block_size( +/*=====================*/ + ulint id, /*!< in: space id */ + ulint offset, /*!< in: page offset */ + ulint len); /*!< in: page len */ /**********************************************************************//** Waits for an aio operation to complete. This function is used to write the diff --git a/storage/xtradb/include/srv0srv.h b/storage/xtradb/include/srv0srv.h index de33f767021..7387f11bd6e 100644 --- a/storage/xtradb/include/srv0srv.h +++ b/storage/xtradb/include/srv0srv.h @@ -705,8 +705,8 @@ that semaphore times out in InnoDB */ #define DEFAULT_SRV_FATAL_SEMAPHORE_TIMEOUT 600 extern ulong srv_fatal_semaphore_wait_threshold; -/** Default encryption key used for page encryption */ -extern uint srv_default_page_encryption_key; +/** Default encryption key used for tablespace encryption */ +extern uint srv_default_encryption_key; /** Enable semaphore request instrumentation */ extern my_bool srv_instrument_semaphores; diff --git a/storage/xtradb/srv/srv0srv.cc b/storage/xtradb/srv/srv0srv.cc index 9396a713cad..df3982b98cd 100644 --- a/storage/xtradb/srv/srv0srv.cc +++ b/storage/xtradb/srv/srv0srv.cc @@ -670,8 +670,8 @@ thread ensures that we flush the log files at least once per second. */ static time_t srv_last_log_flush_time; -/** Default encryption key used for page encryption */ -UNIV_INTERN uint srv_default_page_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; +/** Default encryption key used for tablespace encryption */ +UNIV_INTERN uint srv_default_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; /** Enable semaphore request instrumentation */ UNIV_INTERN my_bool srv_instrument_semaphores = FALSE; From 71ec0463af4fb7658d2f37d3a054e50fa49cfb2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Wed, 1 Apr 2015 20:33:50 +0300 Subject: [PATCH 11/65] Encryption cleanup Step 3: -- Make encrytion_algorithm changeable by SUPER -- Remove AES_ECB method from encryption_algorithms -- Support AES method change by storing used method on InnoDB/XtraDB objects -- Store used AES method to crypt_data as different crypt types -- Store used AES method to redo/undo logs and checkpoint -- Store used AES method on every encrypted page after key_version -- Add test --- include/my_aes.h | 4 +- .../encryption_algorithms.combinations | 3 - mysql-test/r/mysqld--help.result | 4 +- .../innodb/r/innodb_encryption_change.result | 89 +++++++ .../innodb/t/innodb_encryption_change.opt | 7 + .../innodb/t/innodb_encryption_change.test | 229 ++++++++++++++++++ .../r/encryption_algorithm_basic.result | 5 +- .../r/sysvars_server_notembedded.result | 4 +- .../t/encryption_algorithm_basic.test | 28 ++- sql/sys_vars.cc | 25 +- storage/innobase/buf/buf0buf.cc | 13 + storage/innobase/fil/fil0crypt.cc | 55 +---- storage/innobase/fil/fil0fil.cc | 21 +- storage/innobase/fil/fil0pagecompress.cc | 2 + storage/innobase/include/fil0crypt.ic | 51 ++++ storage/innobase/include/fil0pagecompress.h | 15 +- storage/innobase/include/log0crypt.h | 2 + storage/innobase/include/log0log.h | 8 +- storage/innobase/log/log0crypt.cc | 65 +++-- storage/innobase/log/log0recv.cc | 3 + storage/xtradb/buf/buf0buf.cc | 13 + storage/xtradb/fil/fil0crypt.cc | 50 ---- storage/xtradb/fil/fil0fil.cc | 21 +- storage/xtradb/fil/fil0pagecompress.cc | 2 + storage/xtradb/include/fil0crypt.ic | 51 ++++ storage/xtradb/include/fil0pagecompress.h | 15 +- storage/xtradb/include/log0crypt.h | 2 + storage/xtradb/include/log0log.h | 8 +- storage/xtradb/log/log0crypt.cc | 64 +++-- storage/xtradb/log/log0recv.cc | 3 + 30 files changed, 676 insertions(+), 186 deletions(-) create mode 100644 mysql-test/suite/innodb/r/innodb_encryption_change.result create mode 100644 mysql-test/suite/innodb/t/innodb_encryption_change.opt create mode 100644 mysql-test/suite/innodb/t/innodb_encryption_change.test diff --git a/include/my_aes.h b/include/my_aes.h index 057fa1e9860..de565960f60 100644 --- a/include/my_aes.h +++ b/include/my_aes.h @@ -115,8 +115,8 @@ extern MYSQL_PLUGIN_IMPORT my_aes_decrypt_dynamic_type my_aes_decrypt_dynamic; enum enum_my_aes_encryption_algorithm { - MY_AES_ALGORITHM_NONE, MY_AES_ALGORITHM_ECB, MY_AES_ALGORITHM_CBC, - MY_AES_ALGORITHM_CTR + MY_AES_ALGORITHM_NONE, MY_AES_ALGORITHM_CTR, + MY_AES_ALGORITHM_CBC, MY_AES_ALGORITHM_ECB }; my_aes_decrypt_dynamic_type get_aes_decrypt_func(enum enum_my_aes_encryption_algorithm method); diff --git a/mysql-test/include/encryption_algorithms.combinations b/mysql-test/include/encryption_algorithms.combinations index 09c1e91e1cd..a97d6b79be8 100644 --- a/mysql-test/include/encryption_algorithms.combinations +++ b/mysql-test/include/encryption_algorithms.combinations @@ -1,8 +1,5 @@ [cbc] encryption-algorithm=aes_cbc -[ecb] -encryption-algorithm=aes_ecb - [ctr] encryption-algorithm=aes_ctr diff --git a/mysql-test/r/mysqld--help.result b/mysql-test/r/mysqld--help.result index 7d59ecd1dc2..edc4fe2a9cd 100644 --- a/mysql-test/r/mysqld--help.result +++ b/mysql-test/r/mysqld--help.result @@ -167,8 +167,8 @@ The following options may be given as the first argument: execution) --encryption-algorithm=name Which encryption algorithm to use for table encryption. - aes_cbc is the recommended one.. One of: none, aes_ecb, - aes_cbc, aes_ctr + aes_cbc is the recommended one.. One of: none, aes_cbc, + aes_ctr --enforce-storage-engine=name Force the use of a storage engine for new tables --event-scheduler[=name] diff --git a/mysql-test/suite/innodb/r/innodb_encryption_change.result b/mysql-test/suite/innodb/r/innodb_encryption_change.result new file mode 100644 index 00000000000..90100852d33 --- /dev/null +++ b/mysql-test/suite/innodb/r/innodb_encryption_change.result @@ -0,0 +1,89 @@ +SET @start_global_value = @@global.innodb_encryption_threads; +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +SHOW VARIABLES LIKE 'innodb_encrypt%'; +Variable_name Value +innodb_encrypt_log ON +innodb_encrypt_tables OFF +innodb_encryption_rotate_key_age 15 +innodb_encryption_rotation_iops 100 +innodb_encryption_threads 0 +DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; +Field Type Null Key Default Extra +SPACE int(11) unsigned NO 0 +NAME varchar(655) YES NULL +ENCRYPTION_SCHEME int(11) unsigned NO 0 +KEYSERVER_REQUESTS int(11) unsigned NO 0 +MIN_KEY_VERSION int(11) unsigned NO 0 +CURRENT_KEY_VERSION int(11) unsigned NO 0 +KEY_ROTATION_PAGE_NUMBER bigint(21) unsigned YES NULL +KEY_ROTATION_MAX_PAGE_NUMBER bigint(21) unsigned YES NULL +create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant; +create procedure innodb_insert_proc (repeat_count int) +begin +declare current_num int; +set current_num = 0; +while current_num < repeat_count do +insert into innodb_normal values(current_num, substring(MD5(RAND()), -64)); +set current_num = current_num + 1; +end while; +end// +commit; +set autocommit=0; +call innodb_insert_proc(2000); +commit; +set autocommit=1; +insert into innodb_compact select * from innodb_normal; +insert into innodb_dynamic select * from innodb_normal; +insert into innodb_compressed select * from innodb_normal; +insert into innodb_redundant select * from innodb_normal; +" Start encrypt tablespaces +SET GLOBAL innodb_encrypt_tables = on; +SET GLOBAL innodb_encryption_threads = 4; +# Wait max 5 min for key encryption threads to encrypt one space +# Success! +# Wait max 10 min for key encryption threads to encrypt all space +# Success! +# Now turn off encryption and wait for threads to decrypt everything +SET GLOBAL innodb_encrypt_tables = off; +set GLOBAL encryption_algorithm = aes_cbc; +# Wait max 10 min for key encryption threads to decrypt all space +# Success! +# Shutdown innodb_encryption_threads +SET GLOBAL innodb_encryption_threads=0; +# Turn on encryption +# since threads are off tables should remain unencrypted +SET GLOBAL innodb_encrypt_tables = on; +# Wait 15s to check that nothing gets encrypted +# Success! +# Startup innodb_encryption_threads +SET GLOBAL innodb_encryption_threads=4; +# Wait 1 min to check that it start encrypting again +# Success! +# Wait max 10 min for key encryption threads to decrypt all space +# Success! +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +variable_value >= 0 +1 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +variable_value >= 0 +1 +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +variable_value = 0 +1 +SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; +variable_value > 0 +0 +SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; +variable_value > 0 +0 +drop procedure innodb_insert_proc; +drop table innodb_normal; +drop table innodb_compact; +drop table innodb_dynamic; +drop table innodb_compressed; +drop table innodb_redundant; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_change.opt b/mysql-test/suite/innodb/t/innodb_encryption_change.opt new file mode 100644 index 00000000000..0839ecf7942 --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_change.opt @@ -0,0 +1,7 @@ +--aria-encrypt-tables=ON +--encrypt-tmp-disk-tables=ON +--innodb-encryption-rotate-key-age=15 +--innodb-encryption-threads=0 +--innodb-tablespaces-encryption +--innodb-encrypt-log=ON + diff --git a/mysql-test/suite/innodb/t/innodb_encryption_change.test b/mysql-test/suite/innodb/t/innodb_encryption_change.test new file mode 100644 index 00000000000..6c5eab50b84 --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_change.test @@ -0,0 +1,229 @@ +# +# +# +-- source include/have_innodb.inc +-- source include/have_example_key_management_plugin.inc + +# embedded does not support restart +-- source include/not_embedded.inc + +--disable_query_log +let $orig_algorithm=`SELECT @@encryption_algorithm`; +let $innodb_file_format_orig = `SELECT @@innodb_file_format`; +let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`; +let $encrypt_tables_orig = `SELECT @@innodb_encrypt_tables`; +--enable_query_log + +SET @start_global_value = @@global.innodb_encryption_threads; +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; + +--disable_query_log +EVAL SET GLOBAL encryption_algorithm = $orig_algorithm; +--enable_query_log + +SHOW VARIABLES LIKE 'innodb_encrypt%'; + +DESCRIBE INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; + +create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant; + +delimiter //; +create procedure innodb_insert_proc (repeat_count int) +begin + declare current_num int; + set current_num = 0; + while current_num < repeat_count do + insert into innodb_normal values(current_num, substring(MD5(RAND()), -64)); + set current_num = current_num + 1; + end while; +end// +delimiter ;// +commit; + +set autocommit=0; +call innodb_insert_proc(2000); +commit; +set autocommit=1; + +insert into innodb_compact select * from innodb_normal; +insert into innodb_dynamic select * from innodb_normal; +insert into innodb_compressed select * from innodb_normal; +insert into innodb_redundant select * from innodb_normal; + +--echo " Start encrypt tablespaces +SET GLOBAL innodb_encrypt_tables = on; +SET GLOBAL innodb_encryption_threads = 4; + +--echo # Wait max 5 min for key encryption threads to encrypt one space +let $cnt=300; +while ($cnt) +{ + let $success=`SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION > 0`; + if ($success) + { + let $cnt=0; + } + if (!$success) + { + real_sleep 1; + dec $cnt; + } +} +if (!$success) +{ + SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; + SHOW STATUS LIKE 'innodb_encryption%'; + -- die Timeout waiting for encryption threads +} +--echo # Success! + +--echo # Wait max 10 min for key encryption threads to encrypt all space +let $cnt=600; +while ($cnt) +{ + let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`; + if ($success) + { + let $cnt=0; + } + if (!$success) + { + real_sleep 1; + dec $cnt; + } +} +if (!$success) +{ + SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; + SHOW STATUS LIKE 'innodb_encryption%'; + -- die Timeout waiting for encryption threads +} +--echo # Success! + +--echo # Now turn off encryption and wait for threads to decrypt everything +SET GLOBAL innodb_encrypt_tables = off; +set GLOBAL encryption_algorithm = aes_cbc; + +--echo # Wait max 10 min for key encryption threads to decrypt all space +let $cnt=600; +while ($cnt) +{ + let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`; + if ($success) + { + let $cnt=0; + } + if (!$success) + { + real_sleep 1; + dec $cnt; + } +} +if (!$success) +{ + SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; + SHOW STATUS LIKE 'innodb_encryption%'; + -- die Timeout waiting for encryption threads +} +--echo # Success! + +--echo # Shutdown innodb_encryption_threads +SET GLOBAL innodb_encryption_threads=0; + +--echo # Turn on encryption +--echo # since threads are off tables should remain unencrypted +SET GLOBAL innodb_encrypt_tables = on; + +--echo # Wait 15s to check that nothing gets encrypted +let $cnt=15; +while ($cnt) +{ + let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`; + if ($success) + { + real_sleep 1; + dec $cnt; + } + if (!$success) + { + SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; + -- die Failure, tablespace getting encrypted even if innodb_encryption_threads=0 + } +} +--echo # Success! + +--echo # Startup innodb_encryption_threads +SET GLOBAL innodb_encryption_threads=4; + +--echo # Wait 1 min to check that it start encrypting again +let $cnt=60; +while ($cnt) +{ + let $success=`SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 OR KEY_ROTATION_PAGE_NUMBER IS NOT NULL`; + if ($success) + { + let $cnt=0; + } + if (!$success) + { + real_sleep 1; + dec $cnt; + } +} +if (!$success) +{ + SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; + SHOW STATUS LIKE 'innodb_encryption%'; + -- die Timeout waiting for encryption threads +} +--echo # Success! +--echo # Wait max 10 min for key encryption threads to decrypt all space +let $cnt=600; +while ($cnt) +{ + let $success=`SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`; + if ($success) + { + let $cnt=0; + } + if (!$success) + { + real_sleep 1; + dec $cnt; + } +} +if (!$success) +{ + SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION; + SHOW STATUS LIKE 'innodb_encryption%'; + -- die Timeout waiting for encryption threads +} +--echo # Success! + +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; +SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; + +drop procedure innodb_insert_proc; +drop table innodb_normal; +drop table innodb_compact; +drop table innodb_dynamic; +drop table innodb_compressed; +drop table innodb_redundant; + +# reset system +--disable_query_log +EVAL SET GLOBAL innodb_encrypt_tables = $encrypt_tables_orig; +SET GLOBAL innodb_encryption_threads=@start_global_value; +EVAL SET GLOBAL encryption_algorithm = $orig_algorithm; +EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig; +EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig; +--enable_query_log + diff --git a/mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result b/mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result index a9101b0f950..02858af1d8d 100644 --- a/mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result +++ b/mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result @@ -3,5 +3,6 @@ select @@global.encryption_algorithm; none select @@session.encryption_algorithm; ERROR HY000: Variable 'encryption_algorithm' is a GLOBAL variable -set global encryption_algorithm="none"; -ERROR HY000: Variable 'encryption_algorithm' is a read only variable +set global encryption_algorithm = aes_cbc; +set global encryption_algorithm = aes_cbc; +ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result index 7908300bf8f..9d4c2f7bbca 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result +++ b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result @@ -706,8 +706,8 @@ VARIABLE_COMMENT Which encryption algorithm to use for table encryption. aes_cbc NUMERIC_MIN_VALUE NULL NUMERIC_MAX_VALUE NULL NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST none,aes_ecb,aes_cbc,aes_ctr -READ_ONLY YES +ENUM_VALUE_LIST none,aes_cbc,aes_ctr +READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME ENCRYPT_TMP_DISK_TABLES SESSION_VALUE NULL diff --git a/mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test b/mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test index 065453eba34..8e1e1906f1e 100644 --- a/mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test +++ b/mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test @@ -1,13 +1,33 @@ -# bool global +# enum global +--disable_query_log +let $orig_algorithm=`SELECT @@encryption_algorithm`; +--enable_query_log +# # exists as global only # select @@global.encryption_algorithm; --error ER_INCORRECT_GLOBAL_LOCAL_VAR select @@session.encryption_algorithm; +set global encryption_algorithm = aes_cbc; + # -# show that it's not writable +# Check changeable only by super # ---error 1238 -set global encryption_algorithm="none"; +--source include/add_anonymous_users.inc + +connect (con1,localhost,user_1,,); +connection con1; +--error 1227 +set global encryption_algorithm = aes_cbc; + +connection default; + +--source include/delete_anonymous_users.inc + +# reset system +--disable_query_log +EVAL SET GLOBAL encryption_algorithm = $orig_algorithm; +--enable_query_log + diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 734b6ed9171..31b0e6fd22a 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -63,7 +63,7 @@ #include "opt_range.h" #include "rpl_parallel.h" #include "encryption_keys.h" - +#include "my_aes.h" /* The rule for this file: everything should be 'static'. When a sys_var variable or a function from this file is - in very rare cases - needed @@ -5185,13 +5185,30 @@ static Sys_var_mybool Sys_encrypt_tmp_disk_tables( GLOBAL_VAR(encrypt_tmp_disk_tables), CMD_LINE(OPT_ARG), DEFAULT(FALSE)); + +static bool fix_encryption_algorithm(sys_var *self, THD *thd, + enum_var_type type) +{ + if (my_aes_init_dynamic_encrypt((enum_my_aes_encryption_algorithm) + encryption_algorithm)) + { + fprintf(stderr, "Can't initialize encryption algorithm to \"%s\".\nCheck that the program is linked with the right library (openssl?)\n", + encryption_algorithm_names[encryption_algorithm]); + return true; + } + + return false; +} + const char *encryption_algorithm_names[]= -{ "none", "aes_ecb", "aes_cbc", "aes_ctr", 0 }; +{ "none", "aes_cbc", "aes_ctr", 0 }; static Sys_var_enum Sys_encryption_algorithm( "encryption_algorithm", "Which encryption algorithm to use for table encryption. aes_cbc is the recommended one.", - READ_ONLY GLOBAL_VAR(encryption_algorithm),CMD_LINE(REQUIRED_ARG), - encryption_algorithm_names, DEFAULT(0)); + GLOBAL_VAR(encryption_algorithm),CMD_LINE(REQUIRED_ARG), + encryption_algorithm_names, DEFAULT(0), + NO_MUTEX_GUARD, NOT_IN_BINLOG, + ON_CHECK(0), ON_UPDATE(fix_encryption_algorithm)); static bool check_pseudo_slave_mode(sys_var *self, THD *thd, set_var *var) { diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index a4825adbbbb..6f01f884a83 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -2454,6 +2454,19 @@ buf_block_align_instance( == 0xffffffff); break; case BUF_BLOCK_FILE_PAGE: + if (block->page.space + != page_get_space_id(page_align(ptr))) { + fprintf(stderr, "Block space id %du page space id %lu page type %s\n", + block->page.space, page_get_space_id(page_align(ptr)), + fil_get_page_type_name(mach_read_from_4(ptr + FIL_PAGE_TYPE))); + } + + if (block->page.offset + != page_get_page_no(page_align(ptr))) { + fprintf(stderr, "Block offset %du page offset %lu page type %s\n", + block->page.offset, page_get_page_no(page_align(ptr)), + fil_get_page_type_name(mach_read_from_4(ptr + FIL_PAGE_TYPE))); + } ut_ad(block->page.space == page_get_space_id(page_align(ptr))); ut_ad(block->page.offset diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 07636d27879..bc927b86e70 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -23,8 +23,6 @@ Created Jonas Oreland Google Modified Jan Lindström jan.lindstrom@mariadb.com *******************************************************/ -#include "fil0fil.h" -#include "fil0crypt.h" #include "srv0srv.h" #include "srv0start.h" #include "mach0data.h" @@ -37,6 +35,8 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "fsp0fsp.h" #include "fil0pagecompress.h" #include "ha_prototypes.h" // IB_LOG_ +#include "fil0fil.h" +#include "fil0crypt.h" #include @@ -119,34 +119,6 @@ static const unsigned char CRYPT_MAGIC[MAGIC_SZ] = { static const unsigned char EMPTY_PATTERN[MAGIC_SZ] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; -/****************************************************************** -Map used AES method to crypt scheme -@return used AES crypt scheme */ -UNIV_INTERN -uint -fil_crypt_get_aes_method( -/*=====================*/ - uint aes_method) -{ - switch (aes_method) { - case MY_AES_ALGORITHM_NONE: - return (uint) CRYPT_SCHEME_1_UNENCRYPTED; - break; - case MY_AES_ALGORITHM_CTR: - return (uint) CRYPT_SCHEME_1_CTR; - break; - case MY_AES_ALGORITHM_CBC: - return (uint) CRYPT_SCHEME_1_CBC; - break; - default: - ib_logf(IB_LOG_LEVEL_FATAL, - "Current AES method %d not supported.\n", aes_method); - ut_error; - } - - return (uint) CRYPT_SCHEME_1_UNENCRYPTED; -} - /********************************************************************* Init space crypt */ UNIV_INTERN @@ -659,29 +631,6 @@ fil_space_check_encryption_write( return true; } -/****************************************************************** -Map current aes method -@return AES method */ -UNIV_INTERN -uint -fil_crypt_map_aes_method( -/*=====================*/ - uint aes_method) /*!< in: AES method */ -{ - switch((fil_crypt_method_t)aes_method) { - case CRYPT_SCHEME_1_CTR: - return (uint)MY_AES_ALGORITHM_CTR; - break; - case CRYPT_SCHEME_1_CBC: - return (uint)MY_AES_ALGORITHM_CBC; - break; - default: - ib_logf(IB_LOG_LEVEL_FATAL, - "Current AES method %d not supported.\n", (int)aes_method); - ut_error; - } -} - /****************************************************************** Encrypt a page */ UNIV_INTERN diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 9d0bb03c0e9..35d55af819b 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -6858,7 +6858,7 @@ Get crypt data for a tablespace */ UNIV_INTERN fil_space_crypt_t* fil_space_get_crypt_data( -/*==================*/ +/*=====================*/ ulint id) /*!< in: space id */ { fil_space_t* space; @@ -6879,12 +6879,29 @@ fil_space_get_crypt_data( return(crypt_data); } +/****************************************************************** +Get crypt data for a tablespace */ +UNIV_INTERN +fil_space_crypt_t* +fil_space_crypt_data( +/*=================*/ + fil_space_t* space) /*!< in: filespace */ +{ + fil_space_crypt_t* crypt_data = NULL; + + if (space != NULL) { + crypt_data = space->crypt_data; + } + + return(crypt_data); +} + /****************************************************************** Get crypt data for a tablespace */ UNIV_INTERN void fil_space_set_crypt_data( -/*==================*/ +/*=====================*/ ulint id, /*!< in: space id */ fil_space_crypt_t* crypt_data) /*!< in: crypt data */ { diff --git a/storage/innobase/fil/fil0pagecompress.cc b/storage/innobase/fil/fil0pagecompress.cc index 1c3db26372d..4b5931489d2 100644 --- a/storage/innobase/fil/fil0pagecompress.cc +++ b/storage/innobase/fil/fil0pagecompress.cc @@ -87,6 +87,7 @@ static ulint srv_data_read, srv_data_written; For page compressed pages compress the page before actual write operation. @return compressed page to be written*/ +UNIV_INTERN byte* fil_compress_page( /*==============*/ @@ -379,6 +380,7 @@ fil_compress_page( /****************************************************************//** For page compressed pages decompress the page after actual read operation. */ +UNIV_INTERN void fil_decompress_page( /*================*/ diff --git a/storage/innobase/include/fil0crypt.ic b/storage/innobase/include/fil0crypt.ic index b753ca5cb4f..48862910dc4 100644 --- a/storage/innobase/include/fil0crypt.ic +++ b/storage/innobase/include/fil0crypt.ic @@ -67,3 +67,54 @@ fil_page_encryption_status( } return 0; } + +/****************************************************************** +Map used AES method to crypt scheme +@return used AES crypt scheme */ +UNIV_INLINE +uint +fil_crypt_get_aes_method( +/*=====================*/ + uint aes_method) +{ + switch (aes_method) { + case MY_AES_ALGORITHM_NONE: + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; + break; + case MY_AES_ALGORITHM_CTR: + return (uint) CRYPT_SCHEME_1_CTR; + break; + case MY_AES_ALGORITHM_CBC: + return (uint) CRYPT_SCHEME_1_CBC; + break; + default: + ib_logf(IB_LOG_LEVEL_FATAL, + "Current AES method %d not supported.\n", aes_method); + ut_error; + } + + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; +} + +/****************************************************************** +Map current aes method +@return AES method */ +UNIV_INLINE +uint +fil_crypt_map_aes_method( +/*=====================*/ + uint aes_method) /*!< in: AES method */ +{ + switch((fil_crypt_method_t)aes_method) { + case CRYPT_SCHEME_1_CTR: + return (uint)MY_AES_ALGORITHM_CTR; + break; + case CRYPT_SCHEME_1_CBC: + return (uint)MY_AES_ALGORITHM_CBC; + break; + default: + ib_logf(IB_LOG_LEVEL_FATAL, + "Current AES method %d not supported.\n", (int)aes_method); + ut_error; + } +} diff --git a/storage/innobase/include/fil0pagecompress.h b/storage/innobase/include/fil0pagecompress.h index c797c221efc..1c2c1730b8e 100644 --- a/storage/innobase/include/fil0pagecompress.h +++ b/storage/innobase/include/fil0pagecompress.h @@ -34,6 +34,7 @@ Created 11/12/2013 Jan Lindström jan.lindstrom@skysql.com Returns the page compression level flag of the space, or 0 if the space is not compressed. The tablespace must be cached in the memory cache. @return page compression level if page compressed, ULINT_UNDEFINED if space not found */ +UNIV_INTERN ulint fil_space_get_page_compression_level( /*=================================*/ @@ -42,6 +43,7 @@ fil_space_get_page_compression_level( Returns the page compression flag of the space, or false if the space is not compressed. The tablespace must be cached in the memory cache. @return true if page compressed, false if not or space not found */ +UNIV_INTERN ibool fil_space_is_page_compressed( /*=========================*/ @@ -50,6 +52,7 @@ fil_space_is_page_compressed( Returns the page compression flag of the space, or false if the space is not compressed. The tablespace must be cached in the memory cache. @return true if page compressed, false if not or space not found */ +UNIV_INTERN ibool fil_space_get_page_compressed( /*=========================*/ @@ -58,6 +61,7 @@ fil_space_get_page_compressed( Returns the atomic writes flag of the space, or false if the space is not using atomic writes. The tablespace must be cached in the memory cache. @return atomic write table option value */ +UNIV_INTERN atomic_writes_t fil_space_get_atomic_writes( /*=========================*/ @@ -65,6 +69,7 @@ fil_space_get_atomic_writes( /*******************************************************************//** Find out wheather the page is index page or not @return true if page type index page, false if not */ +UNIV_INTERN ibool fil_page_is_index_page( /*===================*/ @@ -74,6 +79,7 @@ fil_page_is_index_page( Get the name of the compression algorithm used for page compression. @return compression algorithm name or "UNKNOWN" if not known*/ +UNIV_INTERN const char* fil_get_compression_alg_name( /*=========================*/ @@ -83,6 +89,7 @@ fil_get_compression_alg_name( For page compressed pages compress the page before actual write operation. @return compressed page to be written*/ +UNIV_INTERN byte* fil_compress_page( /*==============*/ @@ -102,6 +109,7 @@ fil_compress_page( For page compressed pages decompress the page after actual read operation. @return uncompressed page */ +UNIV_INTERN void fil_decompress_page( /*================*/ @@ -115,6 +123,7 @@ fil_decompress_page( /****************************************************************//** Get space id from fil node @return space id*/ +UNIV_INTERN ulint fil_node_get_space_id( /*==================*/ @@ -123,13 +132,16 @@ fil_node_get_space_id( /****************************************************************//** Get block size from fil node @return block size*/ +UNIV_INTERN ulint fil_node_get_block_size( +/*====================*/ fil_node_t* node); /*!< in: Node where to get block size */ /*******************************************************************//** Find out wheather the page is page compressed -@return true if page is page compressed*/ +@return true if page is page compressed */ +UNIV_INTERN ibool fil_page_is_compressed( /*===================*/ @@ -138,6 +150,7 @@ fil_page_is_compressed( /*******************************************************************//** Find out wheather the page is page compressed with lzo method @return true if page is page compressed with lzo method*/ +UNIV_INTERN ibool fil_page_is_lzo_compressed( /*=======================*/ diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index 9c7c0229ba4..cbb430d5209 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -23,6 +23,8 @@ extern my_bool srv_encrypt_log; extern byte redo_log_crypt_msg[MY_AES_BLOCK_SIZE]; /* IV to concatenate with counter used by AES_CTR for redo log crypto. */ extern byte aes_ctr_nonce[MY_AES_BLOCK_SIZE]; +/* AES method used for redo log encryption/decryption. */ +extern byte redo_aes_method; /*********************************************************************//** Generate a 128-bit random message used to generate redo log crypto key. diff --git a/storage/innobase/include/log0log.h b/storage/innobase/include/log0log.h index 79667097724..f3a60c59fc2 100644 --- a/storage/innobase/include/log0log.h +++ b/storage/innobase/include/log0log.h @@ -678,7 +678,7 @@ extern log_t* log_sys; #define LOG_CHECKPOINT_OFFSET_HIGH32 (16 + LOG_CHECKPOINT_ARRAY_END) #define LOG_CRYPT_VER (20 + LOG_CHECKPOINT_ARRAY_END) /*!< 32-bit key version. Corresponding - key has been used for log records with + key has been used for log records with lsn <= the checkpoint' lsn */ #define LOG_CRYPT_MSG (24 + LOG_CHECKPOINT_ARRAY_END) /*!< a 128-bit value used to @@ -688,8 +688,10 @@ extern log_t* log_sys; 15-byte random number.*/ #define LOG_CRYPT_IV (40 + LOG_CHECKPOINT_ARRAY_END) /*!< a 128-bit random number used as - AES-CTR iv/nonce for redo log */ -#define LOG_CHECKPOINT_SIZE (56 + LOG_CHECKPOINT_ARRAY_END) + AES-* iv/nonce for redo log */ +#define LOG_CRYPT_METHOD (56 + LOG_CHECKPOINT_ARRAY_END) + /*!< AES method used */ +#define LOG_CHECKPOINT_SIZE (57 + LOG_CHECKPOINT_ARRAY_END) /* Offsets of a log file header */ #define LOG_GROUP_ID 0 /* log group number */ diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index 6f487e36b56..349338b974c 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -30,6 +30,9 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "log0log.h" #include "srv0start.h" // for srv_start_lsn #include "log0recv.h" // for recv_sys +#include "ha_prototypes.h" // ib_logf +#include "fil0fil.h" // for page types +#include "fil0crypt.h" // for aes_method #include "mysql/plugin_encryption_key_management.h" // for BAD_ENCRYPTION_KEY_VERSION #include "ha_prototypes.h" // IB_LOG_ @@ -43,15 +46,17 @@ UNIV_INTERN my_bool srv_encrypt_log = FALSE; static const byte redo_log_purpose_byte = 0x02; /* Plain text used by AES_ECB to generate redo log crypt key. */ byte redo_log_crypt_msg[MY_AES_BLOCK_SIZE] = {0}; -/* IV to concatenate with counter used by AES_CTR for redo log +/* IV to concatenate with counter used by AES for redo log * encryption/decryption. */ byte aes_ctr_nonce[MY_AES_BLOCK_SIZE] = {0}; +/* AES method used for redo log encryption/decryption. */ +byte redo_aes_method = 0; /*********************************************************************//** Generate a 128-bit value used to generate crypt key for redo log. It is generated via the concatenation of 1 purpose byte (0x02) and 15-byte random number. -Init AES-CTR iv/nonce with random number. +Init AES iv/nonce with random number. It is called when: - redo logs do not exist when start up, or - transition from without crypto. @@ -69,8 +74,8 @@ log_init_crypt_msg_and_nonce(void) /*==============================*/ { mach_write_to_1(redo_log_crypt_msg, redo_log_purpose_byte); - if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != AES_OK) - { + + if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " "%u-byte random number as crypto msg failed.", @@ -78,14 +83,16 @@ log_init_crypt_msg_and_nonce(void) abort(); } - if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != AES_OK) - { + if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " - "%u-byte random number as AES_CTR nonce failed.", + "%u-byte random number failed.", MY_AES_BLOCK_SIZE); abort(); } + + /* Set up current AES method */ + redo_aes_method = (byte)fil_crypt_get_aes_method(current_aes_dynamic_method); } /*********************************************************************//** @@ -98,16 +105,14 @@ log_init_crypt_key( const uint crypt_ver, /*< in: key version */ byte* key) /*< out: crypt key*/ { - if (crypt_ver == UNENCRYPTED_KEY_VER) - { + if (crypt_ver == UNENCRYPTED_KEY_VER) { ib_logf(IB_LOG_LEVEL_INFO, "Redo log crypto: unencrypted key ver."); memset(key, 0, MY_AES_BLOCK_SIZE); return; } - if (crypt_msg[PURPOSE_BYTE_OFFSET] != redo_log_purpose_byte) - { + if (crypt_msg[PURPOSE_BYTE_OFFSET] != redo_log_purpose_byte) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: msg type mismatched. " "Expected: %x; Actual: %x.", @@ -116,8 +121,8 @@ log_init_crypt_key( } byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; - if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE)) - { + + if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " "from key version failed."); @@ -125,15 +130,16 @@ log_init_crypt_key( } uint32 dst_len; + my_aes_encrypt_dynamic_type func= get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); + int rc= (*func)(crypt_msg, MY_AES_BLOCK_SIZE, //src, srclen key, &dst_len, //dst, &dstlen (unsigned char*)&mysqld_key, sizeof(mysqld_key), NULL, 0, 1); - if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) - { + if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting redo log crypto key " "failed."); @@ -158,7 +164,7 @@ log_block_get_start_lsn( } /*********************************************************************//** -Call AES CTR to encrypt/decrypt log blocks. */ +Call AES to encrypt/decrypt log blocks. */ static Crypt_result log_blocks_crypt( @@ -175,21 +181,22 @@ log_blocks_crypt( ulint log_block_no, log_block_start_lsn; byte *key; ulint lsn; - if (is_encrypt) - { + uint aes_method = (uint)redo_aes_method; + + if (is_encrypt) { ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER); key = (byte *)(log_sys->redo_log_crypt_key); lsn = log_sys->lsn; - } else { ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER); key = (byte *)(recv_sys->recv_log_crypt_key); lsn = srv_start_lsn; } + ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0); src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE; - for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) - { + + for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) { log_block_no = log_block_get_hdr_no(log_block); log_block_start_lsn = log_block_get_start_lsn(lsn, log_block_no); @@ -205,11 +212,13 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = (* my_aes_encrypt_dynamic)(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, - 1); + my_aes_encrypt_dynamic_type func = get_aes_encrypt_func((enum_my_aes_encryption_algorithm)fil_crypt_map_aes_method(aes_method)); + + int rc = (*func)(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)key, 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, + 1); ut_a(rc == AES_OK); ut_a(dst_len == src_len); @@ -302,13 +311,17 @@ log_crypt_write_checkpoint_buf( { ut_a(log_sys); mach_write_to_4(buf + LOG_CRYPT_VER, log_sys->redo_log_crypt_ver); + if (!srv_encrypt_log || log_sys->redo_log_crypt_ver == UNENCRYPTED_KEY_VER) { memset(buf + LOG_CRYPT_MSG, 0, MY_AES_BLOCK_SIZE); memset(buf + LOG_CRYPT_IV, 0, MY_AES_BLOCK_SIZE); + memset(buf + LOG_CRYPT_METHOD, 0, 1); return; } + ut_a(redo_log_crypt_msg[PURPOSE_BYTE_OFFSET] == redo_log_purpose_byte); memcpy(buf + LOG_CRYPT_MSG, redo_log_crypt_msg, MY_AES_BLOCK_SIZE); memcpy(buf + LOG_CRYPT_IV, aes_ctr_nonce, MY_AES_BLOCK_SIZE); + mach_write_to_1(buf + LOG_CRYPT_METHOD, redo_aes_method); } diff --git a/storage/innobase/log/log0recv.cc b/storage/innobase/log/log0recv.cc index 3b8c4878e32..c8a65290100 100644 --- a/storage/innobase/log/log0recv.cc +++ b/storage/innobase/log/log0recv.cc @@ -3088,13 +3088,16 @@ recv_recovery_from_checkpoint_start_func( #ifdef UNIV_LOG_ARCHIVE archived_lsn = mach_read_from_8(buf + LOG_CHECKPOINT_ARCHIVED_LSN); #endif /* UNIV_LOG_ARCHIVE */ + recv_crypt_ver = mach_read_from_4(buf + LOG_CRYPT_VER); + if (recv_crypt_ver == UNENCRYPTED_KEY_VER) { log_init_crypt_msg_and_nonce(); } else { ut_memcpy(redo_log_crypt_msg, buf + LOG_CRYPT_MSG, MY_AES_BLOCK_SIZE); ut_memcpy(aes_ctr_nonce, buf + LOG_CRYPT_IV, MY_AES_BLOCK_SIZE); + redo_aes_method = (byte)mach_read_from_1(buf + LOG_CRYPT_METHOD); } /* Read the first log file header to print a note if this is diff --git a/storage/xtradb/buf/buf0buf.cc b/storage/xtradb/buf/buf0buf.cc index ab8dbadf0fa..1bccc695223 100644 --- a/storage/xtradb/buf/buf0buf.cc +++ b/storage/xtradb/buf/buf0buf.cc @@ -2450,6 +2450,19 @@ buf_block_align_instance( == 0xffffffff); break; case BUF_BLOCK_FILE_PAGE: + if (block->page.space + != page_get_space_id(page_align(ptr))) { + fprintf(stderr, "Block space id %du page space id %lu page type %s\n", + block->page.space, page_get_space_id(page_align(ptr)), + fil_get_page_type_name(mach_read_from_4(ptr + FIL_PAGE_TYPE))); + } + + if (block->page.offset + != page_get_page_no(page_align(ptr))) { + fprintf(stderr, "Block offset %du page offset %lu page type %s\n", + block->page.offset, page_get_page_no(page_align(ptr)), + fil_get_page_type_name(mach_read_from_4(ptr + FIL_PAGE_TYPE))); + } ut_ad(block->page.space == page_get_space_id(page_align(ptr))); ut_ad(block->page.offset diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 07636d27879..fcff53e6823 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -119,33 +119,6 @@ static const unsigned char CRYPT_MAGIC[MAGIC_SZ] = { static const unsigned char EMPTY_PATTERN[MAGIC_SZ] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; -/****************************************************************** -Map used AES method to crypt scheme -@return used AES crypt scheme */ -UNIV_INTERN -uint -fil_crypt_get_aes_method( -/*=====================*/ - uint aes_method) -{ - switch (aes_method) { - case MY_AES_ALGORITHM_NONE: - return (uint) CRYPT_SCHEME_1_UNENCRYPTED; - break; - case MY_AES_ALGORITHM_CTR: - return (uint) CRYPT_SCHEME_1_CTR; - break; - case MY_AES_ALGORITHM_CBC: - return (uint) CRYPT_SCHEME_1_CBC; - break; - default: - ib_logf(IB_LOG_LEVEL_FATAL, - "Current AES method %d not supported.\n", aes_method); - ut_error; - } - - return (uint) CRYPT_SCHEME_1_UNENCRYPTED; -} /********************************************************************* Init space crypt */ @@ -659,29 +632,6 @@ fil_space_check_encryption_write( return true; } -/****************************************************************** -Map current aes method -@return AES method */ -UNIV_INTERN -uint -fil_crypt_map_aes_method( -/*=====================*/ - uint aes_method) /*!< in: AES method */ -{ - switch((fil_crypt_method_t)aes_method) { - case CRYPT_SCHEME_1_CTR: - return (uint)MY_AES_ALGORITHM_CTR; - break; - case CRYPT_SCHEME_1_CBC: - return (uint)MY_AES_ALGORITHM_CBC; - break; - default: - ib_logf(IB_LOG_LEVEL_FATAL, - "Current AES method %d not supported.\n", (int)aes_method); - ut_error; - } -} - /****************************************************************** Encrypt a page */ UNIV_INTERN diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 1084f90c720..f78e281eca6 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -6992,7 +6992,7 @@ Get crypt data for a tablespace */ UNIV_INTERN fil_space_crypt_t* fil_space_get_crypt_data( -/*==================*/ +/*=====================*/ ulint id) /*!< in: space id */ { fil_space_t* space; @@ -7013,12 +7013,29 @@ fil_space_get_crypt_data( return(crypt_data); } +/****************************************************************** +Get crypt data for a tablespace */ +UNIV_INTERN +fil_space_crypt_t* +fil_space_crypt_data( +/*=================*/ + fil_space_t* space) /*!< in: filespace */ +{ + fil_space_crypt_t* crypt_data = NULL; + + if (space != NULL) { + crypt_data = space->crypt_data; + } + + return(crypt_data); +} + /****************************************************************** Get crypt data for a tablespace */ UNIV_INTERN void fil_space_set_crypt_data( -/*==================*/ +/*=====================*/ ulint id, /*!< in: space id */ fil_space_crypt_t* crypt_data) /*!< in: crypt data */ { diff --git a/storage/xtradb/fil/fil0pagecompress.cc b/storage/xtradb/fil/fil0pagecompress.cc index d394ca5215c..c36165bcf9c 100644 --- a/storage/xtradb/fil/fil0pagecompress.cc +++ b/storage/xtradb/fil/fil0pagecompress.cc @@ -87,6 +87,7 @@ static ulint srv_data_read, srv_data_written; For page compressed pages compress the page before actual write operation. @return compressed page to be written*/ +UNIV_INTERN byte* fil_compress_page( /*==============*/ @@ -373,6 +374,7 @@ fil_compress_page( /****************************************************************//** For page compressed pages decompress the page after actual read operation. */ +UNIV_INTERN void fil_decompress_page( /*================*/ diff --git a/storage/xtradb/include/fil0crypt.ic b/storage/xtradb/include/fil0crypt.ic index b753ca5cb4f..48862910dc4 100644 --- a/storage/xtradb/include/fil0crypt.ic +++ b/storage/xtradb/include/fil0crypt.ic @@ -67,3 +67,54 @@ fil_page_encryption_status( } return 0; } + +/****************************************************************** +Map used AES method to crypt scheme +@return used AES crypt scheme */ +UNIV_INLINE +uint +fil_crypt_get_aes_method( +/*=====================*/ + uint aes_method) +{ + switch (aes_method) { + case MY_AES_ALGORITHM_NONE: + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; + break; + case MY_AES_ALGORITHM_CTR: + return (uint) CRYPT_SCHEME_1_CTR; + break; + case MY_AES_ALGORITHM_CBC: + return (uint) CRYPT_SCHEME_1_CBC; + break; + default: + ib_logf(IB_LOG_LEVEL_FATAL, + "Current AES method %d not supported.\n", aes_method); + ut_error; + } + + return (uint) CRYPT_SCHEME_1_UNENCRYPTED; +} + +/****************************************************************** +Map current aes method +@return AES method */ +UNIV_INLINE +uint +fil_crypt_map_aes_method( +/*=====================*/ + uint aes_method) /*!< in: AES method */ +{ + switch((fil_crypt_method_t)aes_method) { + case CRYPT_SCHEME_1_CTR: + return (uint)MY_AES_ALGORITHM_CTR; + break; + case CRYPT_SCHEME_1_CBC: + return (uint)MY_AES_ALGORITHM_CBC; + break; + default: + ib_logf(IB_LOG_LEVEL_FATAL, + "Current AES method %d not supported.\n", (int)aes_method); + ut_error; + } +} diff --git a/storage/xtradb/include/fil0pagecompress.h b/storage/xtradb/include/fil0pagecompress.h index c797c221efc..1c2c1730b8e 100644 --- a/storage/xtradb/include/fil0pagecompress.h +++ b/storage/xtradb/include/fil0pagecompress.h @@ -34,6 +34,7 @@ Created 11/12/2013 Jan Lindström jan.lindstrom@skysql.com Returns the page compression level flag of the space, or 0 if the space is not compressed. The tablespace must be cached in the memory cache. @return page compression level if page compressed, ULINT_UNDEFINED if space not found */ +UNIV_INTERN ulint fil_space_get_page_compression_level( /*=================================*/ @@ -42,6 +43,7 @@ fil_space_get_page_compression_level( Returns the page compression flag of the space, or false if the space is not compressed. The tablespace must be cached in the memory cache. @return true if page compressed, false if not or space not found */ +UNIV_INTERN ibool fil_space_is_page_compressed( /*=========================*/ @@ -50,6 +52,7 @@ fil_space_is_page_compressed( Returns the page compression flag of the space, or false if the space is not compressed. The tablespace must be cached in the memory cache. @return true if page compressed, false if not or space not found */ +UNIV_INTERN ibool fil_space_get_page_compressed( /*=========================*/ @@ -58,6 +61,7 @@ fil_space_get_page_compressed( Returns the atomic writes flag of the space, or false if the space is not using atomic writes. The tablespace must be cached in the memory cache. @return atomic write table option value */ +UNIV_INTERN atomic_writes_t fil_space_get_atomic_writes( /*=========================*/ @@ -65,6 +69,7 @@ fil_space_get_atomic_writes( /*******************************************************************//** Find out wheather the page is index page or not @return true if page type index page, false if not */ +UNIV_INTERN ibool fil_page_is_index_page( /*===================*/ @@ -74,6 +79,7 @@ fil_page_is_index_page( Get the name of the compression algorithm used for page compression. @return compression algorithm name or "UNKNOWN" if not known*/ +UNIV_INTERN const char* fil_get_compression_alg_name( /*=========================*/ @@ -83,6 +89,7 @@ fil_get_compression_alg_name( For page compressed pages compress the page before actual write operation. @return compressed page to be written*/ +UNIV_INTERN byte* fil_compress_page( /*==============*/ @@ -102,6 +109,7 @@ fil_compress_page( For page compressed pages decompress the page after actual read operation. @return uncompressed page */ +UNIV_INTERN void fil_decompress_page( /*================*/ @@ -115,6 +123,7 @@ fil_decompress_page( /****************************************************************//** Get space id from fil node @return space id*/ +UNIV_INTERN ulint fil_node_get_space_id( /*==================*/ @@ -123,13 +132,16 @@ fil_node_get_space_id( /****************************************************************//** Get block size from fil node @return block size*/ +UNIV_INTERN ulint fil_node_get_block_size( +/*====================*/ fil_node_t* node); /*!< in: Node where to get block size */ /*******************************************************************//** Find out wheather the page is page compressed -@return true if page is page compressed*/ +@return true if page is page compressed */ +UNIV_INTERN ibool fil_page_is_compressed( /*===================*/ @@ -138,6 +150,7 @@ fil_page_is_compressed( /*******************************************************************//** Find out wheather the page is page compressed with lzo method @return true if page is page compressed with lzo method*/ +UNIV_INTERN ibool fil_page_is_lzo_compressed( /*=======================*/ diff --git a/storage/xtradb/include/log0crypt.h b/storage/xtradb/include/log0crypt.h index 9c7c0229ba4..cbb430d5209 100644 --- a/storage/xtradb/include/log0crypt.h +++ b/storage/xtradb/include/log0crypt.h @@ -23,6 +23,8 @@ extern my_bool srv_encrypt_log; extern byte redo_log_crypt_msg[MY_AES_BLOCK_SIZE]; /* IV to concatenate with counter used by AES_CTR for redo log crypto. */ extern byte aes_ctr_nonce[MY_AES_BLOCK_SIZE]; +/* AES method used for redo log encryption/decryption. */ +extern byte redo_aes_method; /*********************************************************************//** Generate a 128-bit random message used to generate redo log crypto key. diff --git a/storage/xtradb/include/log0log.h b/storage/xtradb/include/log0log.h index cda4a692aec..b40ebd5d7a9 100644 --- a/storage/xtradb/include/log0log.h +++ b/storage/xtradb/include/log0log.h @@ -748,7 +748,7 @@ extern log_t* log_sys; #define LOG_CHECKPOINT_OFFSET_HIGH32 (16 + LOG_CHECKPOINT_ARRAY_END) #define LOG_CRYPT_VER (20 + LOG_CHECKPOINT_ARRAY_END) /*!< 32-bit key version. Corresponding - key has been used for log records with + key has been used for log records with lsn <= the checkpoint' lsn */ #define LOG_CRYPT_MSG (24 + LOG_CHECKPOINT_ARRAY_END) /*!< a 128-bit value used to @@ -758,8 +758,10 @@ extern log_t* log_sys; 15-byte random number.*/ #define LOG_CRYPT_IV (40 + LOG_CHECKPOINT_ARRAY_END) /*!< a 128-bit random number used as - AES-CTR iv/nonce for redo log */ -#define LOG_CHECKPOINT_SIZE (56 + LOG_CHECKPOINT_ARRAY_END) + AES-* iv/nonce for redo log */ +#define LOG_CRYPT_METHOD (56 + LOG_CHECKPOINT_ARRAY_END) + /*!< AES method used */ +#define LOG_CHECKPOINT_SIZE (57 + LOG_CHECKPOINT_ARRAY_END) /* Offsets of a log file header */ #define LOG_GROUP_ID 0 /* log group number */ diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index abebdd8c61a..97ea84e00ad 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -31,6 +31,8 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "log0log.h" #include "srv0start.h" // for srv_start_lsn #include "log0recv.h" // for recv_sys +#include "fil0fil.h" // for page types +#include "fil0crypt.h" // for aes_method #include "mysql/plugin_encryption_key_management.h" // for BAD_ENCRYPTION_KEY_VERSION #include "ha_prototypes.h" // IB_LOG_ @@ -44,15 +46,17 @@ UNIV_INTERN my_bool srv_encrypt_log = FALSE; static const byte redo_log_purpose_byte = 0x02; /* Plain text used by AES_ECB to generate redo log crypt key. */ byte redo_log_crypt_msg[MY_AES_BLOCK_SIZE] = {0}; -/* IV to concatenate with counter used by AES_CTR for redo log +/* IV to concatenate with counter used by AES for redo log * encryption/decryption. */ byte aes_ctr_nonce[MY_AES_BLOCK_SIZE] = {0}; +/* AES method used for redo log encryption/decryption. */ +byte redo_aes_method = 0; /*********************************************************************//** Generate a 128-bit value used to generate crypt key for redo log. It is generated via the concatenation of 1 purpose byte (0x02) and 15-byte random number. -Init AES-CTR iv/nonce with random number. +Init AES iv/nonce with random number. It is called when: - redo logs do not exist when start up, or - transition from without crypto. @@ -70,8 +74,8 @@ log_init_crypt_msg_and_nonce(void) /*==============================*/ { mach_write_to_1(redo_log_crypt_msg, redo_log_purpose_byte); - if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != AES_OK) - { + + if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " "%u-byte random number as crypto msg failed.", @@ -79,14 +83,16 @@ log_init_crypt_msg_and_nonce(void) abort(); } - if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != AES_OK) - { + if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " - "%u-byte random number as AES_CTR nonce failed.", + "%u-byte random number failed.", MY_AES_BLOCK_SIZE); abort(); } + + /* Set up current AES method */ + redo_aes_method = (byte)fil_crypt_get_aes_method(current_aes_dynamic_method); } /*********************************************************************//** @@ -99,16 +105,14 @@ log_init_crypt_key( const uint crypt_ver, /*< in: key version */ byte* key) /*< out: crypt key*/ { - if (crypt_ver == UNENCRYPTED_KEY_VER) - { + if (crypt_ver == UNENCRYPTED_KEY_VER) { ib_logf(IB_LOG_LEVEL_INFO, "Redo log crypto: unencrypted key ver."); memset(key, 0, MY_AES_BLOCK_SIZE); return; } - if (crypt_msg[PURPOSE_BYTE_OFFSET] != redo_log_purpose_byte) - { + if (crypt_msg[PURPOSE_BYTE_OFFSET] != redo_log_purpose_byte) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: msg type mismatched. " "Expected: %x; Actual: %x.", @@ -117,8 +121,8 @@ log_init_crypt_key( } byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; - if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE)) - { + + if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " "from key version failed."); @@ -126,15 +130,16 @@ log_init_crypt_key( } uint32 dst_len; + my_aes_encrypt_dynamic_type func= get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); + int rc= (*func)(crypt_msg, MY_AES_BLOCK_SIZE, //src, srclen key, &dst_len, //dst, &dstlen (unsigned char*)&mysqld_key, sizeof(mysqld_key), NULL, 0, 1); - if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) - { + if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting redo log crypto key " "failed."); @@ -159,7 +164,7 @@ log_block_get_start_lsn( } /*********************************************************************//** -Call AES CTR to encrypt/decrypt log blocks. */ +Call AES to encrypt/decrypt log blocks. */ static Crypt_result log_blocks_crypt( @@ -176,21 +181,22 @@ log_blocks_crypt( ulint log_block_no, log_block_start_lsn; byte *key; ulint lsn; - if (is_encrypt) - { + uint aes_method = (uint)redo_aes_method; + + if (is_encrypt) { ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER); key = (byte *)(log_sys->redo_log_crypt_key); lsn = log_sys->lsn; - } else { ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER); key = (byte *)(recv_sys->recv_log_crypt_key); lsn = srv_start_lsn; } + ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0); src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE; - for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) - { + + for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) { log_block_no = log_block_get_hdr_no(log_block); log_block_start_lsn = log_block_get_start_lsn(lsn, log_block_no); @@ -206,11 +212,13 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = (* my_aes_encrypt_dynamic)(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, - 1); + my_aes_encrypt_dynamic_type func = get_aes_encrypt_func((enum_my_aes_encryption_algorithm)fil_crypt_map_aes_method(aes_method)); + + int rc = (*func)(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)key, 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, + 1); ut_a(rc == AES_OK); ut_a(dst_len == src_len); @@ -303,13 +311,17 @@ log_crypt_write_checkpoint_buf( { ut_a(log_sys); mach_write_to_4(buf + LOG_CRYPT_VER, log_sys->redo_log_crypt_ver); + if (!srv_encrypt_log || log_sys->redo_log_crypt_ver == UNENCRYPTED_KEY_VER) { memset(buf + LOG_CRYPT_MSG, 0, MY_AES_BLOCK_SIZE); memset(buf + LOG_CRYPT_IV, 0, MY_AES_BLOCK_SIZE); + memset(buf + LOG_CRYPT_METHOD, 0, 1); return; } + ut_a(redo_log_crypt_msg[PURPOSE_BYTE_OFFSET] == redo_log_purpose_byte); memcpy(buf + LOG_CRYPT_MSG, redo_log_crypt_msg, MY_AES_BLOCK_SIZE); memcpy(buf + LOG_CRYPT_IV, aes_ctr_nonce, MY_AES_BLOCK_SIZE); + mach_write_to_1(buf + LOG_CRYPT_METHOD, redo_aes_method); } diff --git a/storage/xtradb/log/log0recv.cc b/storage/xtradb/log/log0recv.cc index 46f5954d44f..61386930b22 100644 --- a/storage/xtradb/log/log0recv.cc +++ b/storage/xtradb/log/log0recv.cc @@ -3164,13 +3164,16 @@ recv_recovery_from_checkpoint_start_func( #ifdef UNIV_LOG_ARCHIVE archived_lsn = mach_read_from_8(buf + LOG_CHECKPOINT_ARCHIVED_LSN); #endif /* UNIV_LOG_ARCHIVE */ + recv_crypt_ver = mach_read_from_4(buf + LOG_CRYPT_VER); + if (recv_crypt_ver == UNENCRYPTED_KEY_VER) { log_init_crypt_msg_and_nonce(); } else { ut_memcpy(redo_log_crypt_msg, buf + LOG_CRYPT_MSG, MY_AES_BLOCK_SIZE); ut_memcpy(aes_ctr_nonce, buf + LOG_CRYPT_IV, MY_AES_BLOCK_SIZE); + redo_aes_method = (byte)mach_read_from_1(buf + LOG_CRYPT_METHOD); } /* Read the first log file header to print a note if this is From af768c2f228f90c949c6dae94d34a7296ffd943c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Wed, 1 Apr 2015 22:03:14 +0300 Subject: [PATCH 12/65] InnoDB/XtraDB Encryption code cleanup Step 4: -- Review fixes -- Rename pages_page_* to pages_* -- Remove unnecessary code --- storage/innobase/fil/fil0crypt.cc | 54 ++++++--------- storage/innobase/handler/ha_innodb.cc | 10 ++- storage/innobase/include/srv0mon.h | 5 +- storage/innobase/include/srv0srv.h | 20 +++--- storage/innobase/srv/srv0mon.cc | 28 +++----- storage/innobase/srv/srv0srv.cc | 5 +- storage/xtradb/fil/fil0crypt.cc | 54 ++++++--------- storage/xtradb/fil/fil0fil.cc | 97 +++++++++------------------ storage/xtradb/handler/ha_innodb.cc | 10 ++- storage/xtradb/include/srv0mon.h | 5 +- storage/xtradb/include/srv0srv.h | 20 +++--- storage/xtradb/srv/srv0mon.cc | 28 +++----- storage/xtradb/srv/srv0srv.cc | 5 +- 13 files changed, 128 insertions(+), 213 deletions(-) diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index bc927b86e70..b2137328267 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -180,20 +180,12 @@ fil_crypt_get_key( crypt_data->keys[i] = crypt_data->keys[i - 1]; } - if (has_encryption_key(version)) { - int rc; - *key_length = get_encryption_key_size(version); + *key_length = sizeof(keybuf); + int rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length); - rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length); - - if (rc != CRYPT_KEY_OK) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d can not be found. Reason=%d", version, rc); - ut_error; - } - } else { + if (rc != CRYPT_KEY_OK) { ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d not found", version); + "Key %d can not be found. Reason=%d", version, rc); ut_error; } @@ -207,15 +199,15 @@ fil_crypt_get_key( /* We use AES_ECB to encryp IV */ my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc = (*func)(src, /* Data to be encrypted = IV */ - srclen, /* data length */ - buf, /* Output buffer */ - &buflen, /* Output buffer */ - keybuf, /* Key */ - *key_length, /* Key length */ - NULL, /* AES_ECB does not use IV */ - 0, /* IV-length */ - 1); /* NoPadding */ + rc = (*func)(src, /* Data to be encrypted = IV */ + srclen, /* data length */ + buf, /* Output buffer */ + &buflen, /* Output buffer */ + keybuf, /* Key */ + *key_length, /* Key length */ + NULL, /* AES_ECB does not use IV */ + 0, /* IV-length */ + 1); /* NoPadding */ if (rc != AES_OK) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -250,14 +242,12 @@ fil_crypt_get_latest_key( fil_space_crypt_t* crypt_data, /*!< in: crypt data */ uint* version) /*!< in: Key version */ { - if (srv_encrypt_tables) { - // used for key rotation - get the next key id from the key provider - int rc = get_latest_encryption_key_version(); + // used for key rotation - get the next key id from the key provider + int rc = get_latest_encryption_key_version(); - // if no new key was created use the last one - if (rc >= 0) { - *version = rc; - } + // if no new key was created use the last one + if (rc >= 0) { + *version = rc; } return fil_crypt_get_key(dst, key_length, crypt_data, *version); @@ -423,10 +413,6 @@ fil_space_destroy_crypt_data( fil_space_crypt_t **crypt_data) /*!< out: crypt data */ { if (crypt_data != NULL && (*crypt_data) != NULL) { - /* lock (and unlock) mutex to make sure no one has it locked - * currently */ - mutex_enter(& (*crypt_data)->mutex); - mutex_exit(& (*crypt_data)->mutex); mutex_free(& (*crypt_data)->mutex); free(*crypt_data); (*crypt_data) = NULL; @@ -755,6 +741,8 @@ fil_space_encrypt( /* Store compression algorithm (for page compresed tables) or 0 */ mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 6, compression_algo); + + srv_stats.pages_encrypted.inc(); } /********************************************************************* @@ -934,6 +922,8 @@ fil_space_decrypt( compression_algo); } + srv_stats.pages_decrypted.inc(); + return true; /* page was decrypted */ } diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index bd2d49995a0..bc49b1988f1 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -815,12 +815,10 @@ static SHOW_VAR innodb_status_variables[]= { (char*) &export_vars.innodb_pages_page_decompressed, SHOW_LONGLONG}, {"num_pages_page_compression_error", (char*) &export_vars.innodb_pages_page_compression_error, SHOW_LONGLONG}, - {"num_pages_page_encrypted", - (char*) &export_vars.innodb_pages_page_encrypted, SHOW_LONGLONG}, - {"num_pages_page_decrypted", - (char*) &export_vars.innodb_pages_page_decrypted, SHOW_LONGLONG}, - {"num_pages_page_encryption_error", - (char*) &export_vars.innodb_pages_page_encryption_error, SHOW_LONGLONG}, + {"num_pages_encrypted", + (char*) &export_vars.innodb_pages_encrypted, SHOW_LONGLONG}, + {"num_pages_decrypted", + (char*) &export_vars.innodb_pages_decrypted, SHOW_LONGLONG}, {"have_lz4", (char*) &innodb_have_lz4, SHOW_BOOL}, {"have_lzo", diff --git a/storage/innobase/include/srv0mon.h b/storage/innobase/include/srv0mon.h index d1d902ef57d..79a8a5bf848 100644 --- a/storage/innobase/include/srv0mon.h +++ b/storage/innobase/include/srv0mon.h @@ -328,9 +328,8 @@ enum monitor_id_t { MONITOR_OVLD_PAGES_PAGE_COMPRESSION_ERROR, /* New monitor variables for page encryption */ - MONITOR_OVLD_PAGES_PAGE_ENCRYPTED, - MONITOR_OVLD_PAGES_PAGE_DECRYPTED, - MONITOR_OVLD_PAGES_PAGE_ENCRYPTION_ERROR, + MONITOR_OVLD_PAGES_ENCRYPTED, + MONITOR_OVLD_PAGES_DECRYPTED, /* Index related counters */ MONITOR_MODULE_INDEX, diff --git a/storage/innobase/include/srv0srv.h b/storage/innobase/include/srv0srv.h index 314bce63c7b..bfc65dbc51a 100644 --- a/storage/innobase/include/srv0srv.h +++ b/storage/innobase/include/srv0srv.h @@ -133,12 +133,10 @@ struct srv_stats_t { ulint_ctr_64_t pages_page_decompressed; /* Number of page compression errors */ ulint_ctr_64_t pages_page_compression_error; - /* Number of pages encrypted with page encryption */ - ulint_ctr_64_t pages_page_encrypted; - /* Number of pages decrypted with page encryption */ - ulint_ctr_64_t pages_page_decrypted; - /* Number of page encryption errors */ - ulint_ctr_64_t pages_page_encryption_error; + /* Number of pages encrypted */ + ulint_ctr_64_t pages_encrypted; + /* Number of pages decrypted */ + ulint_ctr_64_t pages_decrypted; /** Number of data read in total (in bytes) */ ulint_ctr_1_t data_read; @@ -1020,12 +1018,10 @@ struct export_var_t{ compression */ ib_int64_t innodb_pages_page_compression_error;/*!< Number of page compression errors */ - ib_int64_t innodb_pages_page_encrypted;/*!< Number of pages - encrypted by page encryption */ - ib_int64_t innodb_pages_page_decrypted;/*!< Number of pages - decrypted by page encryption */ - ib_int64_t innodb_pages_page_encryption_error;/*!< Number of page - encryption errors */ + ib_int64_t innodb_pages_encrypted; /*!< Number of pages + encrypted */ + ib_int64_t innodb_pages_decrypted; /*!< Number of pages + decrypted */ ulint innodb_sec_rec_cluster_reads; /*!< srv_sec_rec_cluster_reads */ ulint innodb_sec_rec_cluster_reads_avoided; diff --git a/storage/innobase/srv/srv0mon.cc b/storage/innobase/srv/srv0mon.cc index 39481a90c00..0bcc876f591 100644 --- a/storage/innobase/srv/srv0mon.cc +++ b/storage/innobase/srv/srv0mon.cc @@ -985,20 +985,15 @@ static monitor_info_t innodb_counter_info[] = MONITOR_NONE, MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_COMPRESSION_ERROR}, - {"compress_pages_page_encrypted", "compression", - "Number of pages encrypted by page encryption", + {"compress_pages_encrypted", "compression", + "Number of pages encrypted", MONITOR_NONE, - MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_ENCRYPTED}, + MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_ENCRYPTED}, - {"compress_pages_page_decrypted", "compression", - "Number of pages decrypted by page encryption", + {"compress_pages_decrypted", "compression", + "Number of pages decrypted", MONITOR_NONE, - MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_DECRYPTED}, - - {"compress_pages_page_encryption_error", "compression", - "Number of page encryption errors ", - MONITOR_NONE, - MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_ENCRYPTION_ERROR}, + MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_DECRYPTED}, /* ========== Counters for Index ========== */ {"module_index", "index", "Index Manager", @@ -2014,14 +2009,11 @@ srv_mon_process_existing_counter( case MONITOR_OVLD_PAGES_PAGE_COMPRESSION_ERROR: value = srv_stats.pages_page_compression_error; break; - case MONITOR_OVLD_PAGES_PAGE_ENCRYPTED: - value = srv_stats.pages_page_encrypted; + case MONITOR_OVLD_PAGES_ENCRYPTED: + value = srv_stats.pages_encrypted; break; - case MONITOR_OVLD_PAGES_PAGE_DECRYPTED: - value = srv_stats.pages_page_decrypted; - break; - case MONITOR_OVLD_PAGES_PAGE_ENCRYPTION_ERROR: - value = srv_stats.pages_page_encryption_error; + case MONITOR_OVLD_PAGES_DECRYPTED: + value = srv_stats.pages_decrypted; break; default: diff --git a/storage/innobase/srv/srv0srv.cc b/storage/innobase/srv/srv0srv.cc index d8c921fb612..c19da5dfd91 100644 --- a/storage/innobase/srv/srv0srv.cc +++ b/storage/innobase/srv/srv0srv.cc @@ -1601,9 +1601,8 @@ srv_export_innodb_status(void) export_vars.innodb_page_compressed_trim_op_saved = srv_stats.page_compressed_trim_op_saved; export_vars.innodb_pages_page_decompressed = srv_stats.pages_page_decompressed; export_vars.innodb_pages_page_compression_error = srv_stats.pages_page_compression_error; - export_vars.innodb_pages_page_decrypted = srv_stats.pages_page_decrypted; - export_vars.innodb_pages_page_encrypted = srv_stats.pages_page_encrypted; - export_vars.innodb_pages_page_encryption_error = srv_stats.pages_page_encryption_error; + export_vars.innodb_pages_decrypted = srv_stats.pages_decrypted; + export_vars.innodb_pages_encrypted = srv_stats.pages_encrypted; export_vars.innodb_defragment_compression_failures = btr_defragment_compression_failures; diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index fcff53e6823..c1ad7c88e68 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -181,20 +181,12 @@ fil_crypt_get_key( crypt_data->keys[i] = crypt_data->keys[i - 1]; } - if (has_encryption_key(version)) { - int rc; - *key_length = get_encryption_key_size(version); + *key_length = sizeof(keybuf); + int rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length); - rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length); - - if (rc != CRYPT_KEY_OK) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d can not be found. Reason=%d", version, rc); - ut_error; - } - } else { + if (rc != CRYPT_KEY_OK) { ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d not found", version); + "Key %d can not be found. Reason=%d", version, rc); ut_error; } @@ -208,15 +200,15 @@ fil_crypt_get_key( /* We use AES_ECB to encryp IV */ my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc = (*func)(src, /* Data to be encrypted = IV */ - srclen, /* data length */ - buf, /* Output buffer */ - &buflen, /* Output buffer */ - keybuf, /* Key */ - *key_length, /* Key length */ - NULL, /* AES_ECB does not use IV */ - 0, /* IV-length */ - 1); /* NoPadding */ + rc = (*func)(src, /* Data to be encrypted = IV */ + srclen, /* data length */ + buf, /* Output buffer */ + &buflen, /* Output buffer */ + keybuf, /* Key */ + *key_length, /* Key length */ + NULL, /* AES_ECB does not use IV */ + 0, /* IV-length */ + 1); /* NoPadding */ if (rc != AES_OK) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -251,14 +243,12 @@ fil_crypt_get_latest_key( fil_space_crypt_t* crypt_data, /*!< in: crypt data */ uint* version) /*!< in: Key version */ { - if (srv_encrypt_tables) { - // used for key rotation - get the next key id from the key provider - int rc = get_latest_encryption_key_version(); + // used for key rotation - get the next key id from the key provider + int rc = get_latest_encryption_key_version(); - // if no new key was created use the last one - if (rc >= 0) { - *version = rc; - } + // if no new key was created use the last one + if (rc >= 0) { + *version = rc; } return fil_crypt_get_key(dst, key_length, crypt_data, *version); @@ -424,10 +414,6 @@ fil_space_destroy_crypt_data( fil_space_crypt_t **crypt_data) /*!< out: crypt data */ { if (crypt_data != NULL && (*crypt_data) != NULL) { - /* lock (and unlock) mutex to make sure no one has it locked - * currently */ - mutex_enter(& (*crypt_data)->mutex); - mutex_exit(& (*crypt_data)->mutex); mutex_free(& (*crypt_data)->mutex); free(*crypt_data); (*crypt_data) = NULL; @@ -756,6 +742,8 @@ fil_space_encrypt( /* Store compression algorithm (for page compresed tables) or 0 */ mach_write_to_2(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 6, compression_algo); + + srv_stats.pages_encrypted.inc(); } /********************************************************************* @@ -935,6 +923,8 @@ fil_space_decrypt( compression_algo); } + srv_stats.pages_decrypted.inc(); + return true; /* page was decrypted */ } diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index f78e281eca6..e4925182ee7 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -650,20 +650,6 @@ fil_node_open_file( success = os_file_read(node->handle, page, 0, UNIV_PAGE_SIZE); - if (fil_page_is_encrypted(page)) { - /* if page is (still) encrypted, write an error and return. - * Otherwise the server would crash if decrypting is not possible. - * This may be the case, if the key file could not be - * opened on server startup. - */ - ib_logf(IB_LOG_LEVEL_ERROR, - "InnoDB: can not decrypt page, because " - "keys could not be read.\n" - ); - return false; - - } - space_id = fsp_header_get_space_id(page); flags = fsp_header_get_flags(page); @@ -1939,7 +1925,6 @@ fil_check_first_page( { ulint space_id; ulint flags; - ulint page_is_encrypted; if (srv_force_recovery >= SRV_FORCE_IGNORE_CORRUPT) { return(NULL); @@ -1947,20 +1932,14 @@ fil_check_first_page( space_id = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_ID + page); flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + page); - /* Note: the 1st page is usually not encrypted. If the Key Provider - or the encryption key is not available, the - check for reading the first page should intentionally fail - with "can not decrypt" message. */ - page_is_encrypted = fil_page_encryption_status(page, space_id); - if (!page_is_encrypted) { - if (UNIV_PAGE_SIZE != fsp_flags_get_page_size(flags)) { - fprintf(stderr, - "InnoDB: Error: Current page size %lu != " - " page size on page %lu\n", - UNIV_PAGE_SIZE, fsp_flags_get_page_size(flags)); - return("innodb-page-size mismatch"); - } + if (UNIV_PAGE_SIZE != fsp_flags_get_page_size(flags)) { + fprintf(stderr, + "InnoDB: Error: Current page size %lu != " + " page size on page %lu\n", + UNIV_PAGE_SIZE, fsp_flags_get_page_size(flags)); + + return("innodb-page-size mismatch"); } if (!space_id && !flags) { @@ -1976,17 +1955,9 @@ fil_check_first_page( } } - if (!page_is_encrypted && buf_page_is_corrupted( + if (buf_page_is_corrupted( false, page, fsp_flags_get_zip_size(flags))) { return("checksum mismatch"); - } else { - if (page_is_encrypted) { - /* this error message is interpreted by the calling method, which is - * executed if the server starts in recovery mode. - */ - return(FIL_MSG_CANNOT_DECRYPT); - - } } if (page_get_space_id(page) == space_id @@ -2024,6 +1995,7 @@ fil_read_first_page( byte* page; lsn_t flushed_lsn; const char* check_msg = NULL; + fil_space_crypt_t* cdata; buf = static_cast(ut_malloc(2 * UNIV_PAGE_SIZE)); @@ -2042,13 +2014,6 @@ fil_read_first_page( *space_id = fsp_header_get_space_id(page); } - /* Page is page compressed page, need to decompress, before - continue. */ - if (fil_page_is_compressed(page)) { - ulint write_size=0; - fil_decompress_page(NULL, page, UNIV_PAGE_SIZE, &write_size); - } - if (!one_read_already) { check_msg = fil_check_first_page(page); } @@ -2056,12 +2021,30 @@ fil_read_first_page( flushed_lsn = mach_read_from_8(page + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + + ulint space = fsp_header_get_space_id(page); + ulint offset = fsp_header_get_crypt_offset( + fsp_flags_get_zip_size(*flags), NULL); + cdata = fil_space_read_crypt_data(space, page, offset); + + /* If file space is encrypted we need to have at least some + encryption service available where to get keys */ + if ((cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_ON) || + ( srv_encrypt_tables && + cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { + int rc = get_latest_encryption_key_version(); + + if (rc < 0) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Tablespace id %ld encrypted but encryption service" + " not available. Can't continue opening tablespace.\n", + space); + ut_error; + } + } + if (crypt_data) { - ulint space = fsp_header_get_space_id(page); - ulint offset = - fsp_header_get_crypt_offset( - fsp_flags_get_zip_size(*flags), NULL); - *crypt_data = fil_space_read_crypt_data(space, page, offset); + *crypt_data = cdata; } ut_free(buf); @@ -4216,7 +4199,6 @@ fil_validate_single_table_tablespace( check_first_page: fsp->success = TRUE; - fsp->encryption_error = 0; if (const char* check_msg = fil_read_first_page( fsp->file, FALSE, &fsp->flags, &fsp->id, &fsp->lsn, &fsp->lsn, ULINT_UNDEFINED, &fsp->crypt_data)) { @@ -4224,14 +4206,6 @@ check_first_page: "%s in tablespace %s (table %s)", check_msg, fsp->filepath, tablename); fsp->success = FALSE; - if (strncmp(check_msg, FIL_MSG_CANNOT_DECRYPT, strlen(check_msg))==0) { - /* by returning here, it should be avoided, that the server crashes, - * if started in recovery mode and can not decrypt tables, if - * the key file can not be read. - */ - fsp->encryption_error = 1; - return; - } } if (!fsp->success) { @@ -4386,13 +4360,6 @@ fil_load_single_table_tablespace( if (!def.success && !remote.success) { - if (def.encryption_error || remote.encryption_error) { - fprintf(stderr, - "InnoDB: Error: could not open single-table" - " tablespace file %s. Encryption error!\n", def.filepath); - return; - } - /* The following call prints an error message */ os_file_get_last_error(true); fprintf(stderr, diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 9f4f52b4f4a..e9ec7c1087b 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -1013,12 +1013,10 @@ static SHOW_VAR innodb_status_variables[]= { (char*) &export_vars.innodb_pages_page_decompressed, SHOW_LONGLONG}, {"num_pages_page_compression_error", (char*) &export_vars.innodb_pages_page_compression_error, SHOW_LONGLONG}, - {"num_pages_page_encrypted", - (char*) &export_vars.innodb_pages_page_encrypted, SHOW_LONGLONG}, - {"num_pages_page_decrypted", - (char*) &export_vars.innodb_pages_page_decrypted, SHOW_LONGLONG}, - {"num_pages_page_encryption_error", - (char*) &export_vars.innodb_pages_page_encryption_error, SHOW_LONGLONG}, + {"num_pages_encrypted", + (char*) &export_vars.innodb_pages_encrypted, SHOW_LONGLONG}, + {"num_pages_decrypted", + (char*) &export_vars.innodb_pages_decrypted, SHOW_LONGLONG}, {"have_lz4", (char*) &innodb_have_lz4, SHOW_BOOL}, {"have_lzo", diff --git a/storage/xtradb/include/srv0mon.h b/storage/xtradb/include/srv0mon.h index 70868463448..094eb0de610 100644 --- a/storage/xtradb/include/srv0mon.h +++ b/storage/xtradb/include/srv0mon.h @@ -329,9 +329,8 @@ enum monitor_id_t { MONITOR_OVLD_PAGES_PAGE_COMPRESSION_ERROR, /* New monitor variables for page encryption */ - MONITOR_OVLD_PAGES_PAGE_ENCRYPTED, - MONITOR_OVLD_PAGES_PAGE_DECRYPTED, - MONITOR_OVLD_PAGES_PAGE_ENCRYPTION_ERROR, + MONITOR_OVLD_PAGES_ENCRYPTED, + MONITOR_OVLD_PAGES_DECRYPTED, /* Index related counters */ MONITOR_MODULE_INDEX, diff --git a/storage/xtradb/include/srv0srv.h b/storage/xtradb/include/srv0srv.h index 7387f11bd6e..3cf312a4b4d 100644 --- a/storage/xtradb/include/srv0srv.h +++ b/storage/xtradb/include/srv0srv.h @@ -133,12 +133,10 @@ struct srv_stats_t { ulint_ctr_64_t pages_page_decompressed; /* Number of page compression errors */ ulint_ctr_64_t pages_page_compression_error; - /* Number of pages encrypted with page encryption */ - ulint_ctr_64_t pages_page_encrypted; - /* Number of pages decrypted with page encryption */ - ulint_ctr_64_t pages_page_decrypted; - /* Number of page encryption errors */ - ulint_ctr_64_t pages_page_encryption_error; + /* Number of pages encrypted */ + ulint_ctr_64_t pages_encrypted; + /* Number of pages decrypted */ + ulint_ctr_64_t pages_decrypted; /** Number of data read in total (in bytes) */ ulint_ctr_1_t data_read; @@ -1238,12 +1236,10 @@ struct export_var_t{ compression */ ib_int64_t innodb_pages_page_compression_error;/*!< Number of page compression errors */ - ib_int64_t innodb_pages_page_encrypted;/*!< Number of pages - encrypted by page encryption */ - ib_int64_t innodb_pages_page_decrypted;/*!< Number of pages - decrypted by page encryption */ - ib_int64_t innodb_pages_page_encryption_error;/*!< Number of page - encryption errors */ + ib_int64_t innodb_pages_encrypted; /*!< Number of pages + encrypted */ + ib_int64_t innodb_pages_decrypted; /*!< Number of pages + decrypted */ ulint innodb_sec_rec_cluster_reads; /*!< srv_sec_rec_cluster_reads */ ulint innodb_sec_rec_cluster_reads_avoided; diff --git a/storage/xtradb/srv/srv0mon.cc b/storage/xtradb/srv/srv0mon.cc index 5bac6214c5b..6595c42ca40 100644 --- a/storage/xtradb/srv/srv0mon.cc +++ b/storage/xtradb/srv/srv0mon.cc @@ -985,20 +985,15 @@ static monitor_info_t innodb_counter_info[] = MONITOR_NONE, MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_COMPRESSION_ERROR}, - {"compress_pages_page_encrypted", "compression", - "Number of pages encrypted by page encryption", + {"compress_pages_encrypted", "compression", + "Number of pages encrypted", MONITOR_NONE, - MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_ENCRYPTED}, + MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_ENCRYPTED}, - {"compress_pages_page_decrypted", "compression", - "Number of pages decrypted by page encryption", + {"compress_pages_decrypted", "compression", + "Number of pages decrypted", MONITOR_NONE, - MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_DECRYPTED}, - - {"compress_pages_page_encryption_error", "compression", - "Number of page encryption errors ", - MONITOR_NONE, - MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_PAGE_ENCRYPTION_ERROR}, + MONITOR_DEFAULT_START, MONITOR_OVLD_PAGES_DECRYPTED}, /* ========== Counters for Index ========== */ {"module_index", "index", "Index Manager", @@ -2013,14 +2008,11 @@ srv_mon_process_existing_counter( case MONITOR_OVLD_PAGES_PAGE_COMPRESSION_ERROR: value = srv_stats.pages_page_compression_error; break; - case MONITOR_OVLD_PAGES_PAGE_ENCRYPTED: - value = srv_stats.pages_page_encrypted; + case MONITOR_OVLD_PAGES_ENCRYPTED: + value = srv_stats.pages_encrypted; break; - case MONITOR_OVLD_PAGES_PAGE_DECRYPTED: - value = srv_stats.pages_page_decrypted; - break; - case MONITOR_OVLD_PAGES_PAGE_ENCRYPTION_ERROR: - value = srv_stats.pages_page_encryption_error; + case MONITOR_OVLD_PAGES_DECRYPTED: + value = srv_stats.pages_decrypted; break; default: diff --git a/storage/xtradb/srv/srv0srv.cc b/storage/xtradb/srv/srv0srv.cc index df3982b98cd..0391cd9eecb 100644 --- a/storage/xtradb/srv/srv0srv.cc +++ b/storage/xtradb/srv/srv0srv.cc @@ -1990,9 +1990,8 @@ srv_export_innodb_status(void) export_vars.innodb_page_compressed_trim_op_saved = srv_stats.page_compressed_trim_op_saved; export_vars.innodb_pages_page_decompressed = srv_stats.pages_page_decompressed; export_vars.innodb_pages_page_compression_error = srv_stats.pages_page_compression_error; - export_vars.innodb_pages_page_decrypted = srv_stats.pages_page_decrypted; - export_vars.innodb_pages_page_encrypted = srv_stats.pages_page_encrypted; - export_vars.innodb_pages_page_encryption_error = srv_stats.pages_page_encryption_error; + export_vars.innodb_pages_decrypted = srv_stats.pages_decrypted; + export_vars.innodb_pages_encrypted = srv_stats.pages_encrypted; export_vars.innodb_defragment_compression_failures = btr_defragment_compression_failures; From 4865fd105a56540587d065826ce652fb0850f876 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Thu, 2 Apr 2015 13:49:50 +0300 Subject: [PATCH 13/65] InnoDB/XtraDB Encryption cleanup Step 5: -- Rename encryption_key -> encryption_key_id -- Remove unnecessary code -- Fix few bugs found -- Fix test cases and results files --- .../r/innodb-page_encryption-32k.result | 125 ++++++++++++++++++ .../innodb/r/innodb-page_encryption.result | 53 +++----- .../innodb-page_encryption_compression.result | 55 +++----- ...nodb-page_encryption_log_encryption.result | 45 +++---- .../innodb_encryption-page-compression.result | 6 - .../innodb/r/innodb_encryption_change.result | 7 +- .../innodb/r/innodb_encryption_tables.result | 24 ++-- .../suite/innodb/r/innodb_monitor.result | 5 +- .../innodb/t/innodb-page_encryption-32k.test | 16 ++- .../innodb/t/innodb-page_encryption.test | 39 +++--- .../t/innodb-page_encryption_compression.test | 36 +++-- ...innodb-page_encryption_log_encryption.test | 32 +++-- .../t/innodb_encryption-page-compression.test | 10 -- .../innodb/t/innodb_encryption_change.test | 5 +- .../innodb/t/innodb_encryption_tables.test | 16 +-- mysql-test/suite/sys_vars/r/all_vars.result | 1 + ...b_default_page_encryption_key_basic.result | 100 +++++++------- .../r/innodb_monitor_disable_basic.result | 5 +- .../r/innodb_monitor_enable_basic.result | 5 +- .../r/innodb_monitor_reset_all_basic.result | 5 +- .../r/innodb_monitor_reset_basic.result | 5 +- .../suite/sys_vars/r/sysvars_innodb.result | 6 +- ...odb_default_page_encryption_key_basic.test | 56 ++++---- storage/innobase/buf/buf0buf.cc | 3 +- storage/innobase/fil/fil0fil.cc | 88 +++++------- storage/innobase/handler/ha_innodb.cc | 64 ++++----- storage/innobase/handler/ha_innodb.h | 2 +- storage/innobase/handler/handler0alter.cc | 2 +- storage/innobase/include/fil0crypt.h | 2 +- storage/innobase/include/srv0srv.h | 3 +- storage/xtradb/buf/buf0buf.cc | 3 +- storage/xtradb/handler/ha_innodb.cc | 66 ++++----- storage/xtradb/handler/ha_innodb.h | 2 +- storage/xtradb/handler/handler0alter.cc | 2 +- storage/xtradb/include/fil0crypt.h | 2 +- storage/xtradb/include/fsp0fsp.h | 4 +- storage/xtradb/include/srv0srv.h | 3 +- 37 files changed, 466 insertions(+), 437 deletions(-) create mode 100644 mysql-test/suite/innodb/r/innodb-page_encryption-32k.result diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption-32k.result b/mysql-test/suite/innodb/r/innodb-page_encryption-32k.result new file mode 100644 index 00000000000..f46cf798110 --- /dev/null +++ b/mysql-test/suite/innodb/r/innodb-page_encryption-32k.result @@ -0,0 +1,125 @@ +call mtr.add_suppression("InnoDB: Warning: innodb_page_size has been changed from default value *"); +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +show create table innodb_compact; +Table Create Table +innodb_compact CREATE TABLE `innodb_compact` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 +show create table innodb_dynamic; +Table Create Table +innodb_dynamic CREATE TABLE `innodb_dynamic` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=3 +show create table innodb_redundant; +Table Create Table +innodb_redundant CREATE TABLE `innodb_redundant` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encryption`='ON' `encryption_key_id`=4 +create procedure innodb_insert_proc (repeat_count int) +begin +declare current_num int; +set current_num = 0; +while current_num < repeat_count do +insert into innodb_normal values(current_num, substring(MD5(RAND()), -150)); +set current_num = current_num + 1; +end while; +end// +commit; +set autocommit=0; +call innodb_insert_proc(5000); +commit; +set autocommit=1; +insert into innodb_compact select * from innodb_normal; +insert into innodb_dynamic select * from innodb_normal; +insert into innodb_redundant select * from innodb_normal; +update innodb_compact set c1 = c1 + 1; +update innodb_dynamic set c1 = c1 + 1; +update innodb_redundant set c1 = c1 + 1; +select count(*) from innodb_compact where c1 < 1500000; +count(*) +5000 +select count(*) from innodb_dynamic where c1 < 1500000; +count(*) +5000 +select count(*) from innodb_redundant where c1 < 1500000; +count(*) +5000 +update innodb_compact set c1 = c1 + 1; +update innodb_dynamic set c1 = c1 + 1; +update innodb_redundant set c1 = c1 + 1; +select count(*) from innodb_compact where c1 < 1500000; +count(*) +5000 +select count(*) from innodb_dynamic where c1 < 1500000; +count(*) +5000 +select count(*) from innodb_redundant where c1 < 1500000; +count(*) +5000 +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +show create table innodb_compact; +Table Create Table +innodb_compact CREATE TABLE `innodb_compact` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +Warnings: +Warning 1478 InnoDB: ROW_FORMAT=DYNAMIC requires innodb_file_format > Antelope. +Warning 1478 InnoDB: assuming ROW_FORMAT=COMPACT. +show create table innodb_dynamic; +Table Create Table +innodb_dynamic CREATE TABLE `innodb_dynamic` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC +alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +show create table innodb_redundant; +Table Create Table +innodb_redundant CREATE TABLE `innodb_redundant` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT +show create table innodb_compact; +Table Create Table +innodb_compact CREATE TABLE `innodb_compact` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT +show create table innodb_dynamic; +Table Create Table +innodb_dynamic CREATE TABLE `innodb_dynamic` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC +show create table innodb_redundant; +Table Create Table +innodb_redundant CREATE TABLE `innodb_redundant` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT +update innodb_compact set c1 = c1 + 1; +update innodb_dynamic set c1 = c1 + 1; +update innodb_redundant set c1 = c1 + 1; +select count(*) from innodb_compact where c1 < 1500000; +count(*) +5000 +select count(*) from innodb_dynamic where c1 < 1500000; +count(*) +5000 +select count(*) from innodb_redundant where c1 < 1500000; +count(*) +5000 +drop procedure innodb_insert_proc; +drop table innodb_normal; +drop table innodb_compact; +drop table innodb_dynamic; +drop table innodb_redundant; diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption.result index dfc93508b90..ac45e964d12 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption.result @@ -1,42 +1,42 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; -SET GLOBAL innodb_default_page_encryption_key = 5; -create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb page_encryption=1; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +SET GLOBAL innodb_default_encryption_key = 5; +create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encryption='ON'; show create table innodb_defkey; Table Create Table innodb_defkey CREATE TABLE `innodb_defkey` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `page_encryption`=1 `page_encryption_key`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `page_encryption`=1 `page_encryption_key`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `encryption`='ON' `encryption_key_id`=2 show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `page_encryption`=1 `page_encryption_key`=3 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=3 show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `page_encryption`=1 `page_encryption_key`=4 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encryption`='ON' `encryption_key_id`=4 create procedure innodb_insert_proc (repeat_count int) begin declare current_num int; @@ -97,15 +97,12 @@ select count(*) from innodb_defkey t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; update innodb_normal set c1 = c1 +1; @@ -149,37 +146,34 @@ select count(*) from innodb_defkey t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 -alter table innodb_compact engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT -alter table innodb_compressed engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED -alter table innodb_dynamic engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC -alter table innodb_redundant engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( @@ -217,7 +211,7 @@ Table Create Table innodb_defkey CREATE TABLE `innodb_defkey` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' update innodb_normal set c1 = c1 +1; update innodb_compact set c1 = c1 + 1; update innodb_compressed set c1 = c1 + 1; @@ -251,13 +245,10 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value = 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -variable_value = 0 -1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value = 0 1 drop procedure innodb_insert_proc; diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result b/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result index 781a29cb276..20e91e62b2f 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result @@ -2,8 +2,8 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; set global innodb_compression_algorithm = 1; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb page_compressed=1; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1 page_compressed=1; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=2 page_compressed=1; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1 page_compressed=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=2 page_compressed=1; show warnings; Level Code Message show create table innodb_normal; @@ -17,13 +17,13 @@ Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `page_encryption`=1 `page_encryption_key`=1 `page_compressed`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 `page_compressed`=1 show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `page_encryption`=1 `page_encryption_key`=2 `page_compressed`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=2 `page_compressed`=1 create procedure innodb_insert_proc (repeat_count int) begin declare current_num int; @@ -60,21 +60,16 @@ select count(*) from innodb_dynamic t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 5000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_compressed'; variable_value >= 0 -1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decompressed'; variable_value >= 0 -1 SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; set global innodb_compression_algorithm = 1; @@ -98,21 +93,16 @@ select count(*) from innodb_dynamic t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 5000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; -variable_value > 0 -1 -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; -variable_value > 0 -1 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_compressed'; +variable_value >= 0 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decompressed'; +variable_value >= 0 alter table innodb_normal engine=innodb page_compressed=DEFAULT; show create table innodb_normal; Table Create Table @@ -120,14 +110,14 @@ innodb_normal CREATE TABLE `innodb_normal` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 -alter table innodb_compact engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT page_compressed=DEFAULT; +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT -alter table innodb_dynamic engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT page_compressed=DEFAULT; +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( @@ -174,21 +164,16 @@ select count(*) from innodb_dynamic t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 5000 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value = 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value = 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_compressed'; variable_value = 0 -1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decompressed'; variable_value = 0 -1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; -variable_value = 0 -1 drop procedure innodb_insert_proc; drop table innodb_normal; drop table innodb_compact; diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result index 3830bfee22b..a74c660da68 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result @@ -4,34 +4,34 @@ call mtr.add_suppression("InnoDB: Redo log crypto: Can't initialize to key versi SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `page_encryption`=1 `page_encryption_key`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `page_encryption`=1 `page_encryption_key`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `encryption`='ON' `encryption_key_id`=2 show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `page_encryption`=1 `page_encryption_key`=3 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=3 show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `page_encryption`=1 `page_encryption_key`=4 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encryption`='ON' `encryption_key_id`=4 create procedure innodb_insert_proc (repeat_count int) begin declare current_num int; @@ -83,15 +83,12 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; update innodb_normal set c1 = c1 +1; @@ -127,37 +124,34 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 -alter table innodb_compact engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT -alter table innodb_compressed engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED -alter table innodb_dynamic engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC -alter table innodb_redundant engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( @@ -223,13 +217,10 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value = 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -variable_value = 0 -1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value = 0 1 drop procedure innodb_insert_proc; diff --git a/mysql-test/suite/innodb/r/innodb_encryption-page-compression.result b/mysql-test/suite/innodb/r/innodb_encryption-page-compression.result index d4a049d36d0..c46cfebd7d2 100644 --- a/mysql-test/suite/innodb/r/innodb_encryption-page-compression.result +++ b/mysql-test/suite/innodb/r/innodb_encryption-page-compression.result @@ -1,9 +1,3 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; set global innodb_compression_algorithm = 1; -create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb page_compressed=1; -ERROR HY000: Can't create table `test`.`innodb_normal` (errno: 140 "Wrong create options") -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_compressed=1; -ERROR HY000: Can't create table `test`.`innodb_compact` (errno: 140 "Wrong create options") -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_compressed=1; -ERROR HY000: Can't create table `test`.`innodb_dynamic` (errno: 140 "Wrong create options") diff --git a/mysql-test/suite/innodb/r/innodb_encryption_change.result b/mysql-test/suite/innodb/r/innodb_encryption_change.result index 90100852d33..513b2a5902e 100644 --- a/mysql-test/suite/innodb/r/innodb_encryption_change.result +++ b/mysql-test/suite/innodb/r/innodb_encryption_change.result @@ -66,15 +66,12 @@ SET GLOBAL innodb_encryption_threads=4; # Success! # Wait max 10 min for key encryption threads to decrypt all space # Success! -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; variable_value > 0 0 diff --git a/mysql-test/suite/innodb/r/innodb_encryption_tables.result b/mysql-test/suite/innodb/r/innodb_encryption_tables.result index f07aa62837c..ee5be0bfdd3 100644 --- a/mysql-test/suite/innodb/r/innodb_encryption_tables.result +++ b/mysql-test/suite/innodb/r/innodb_encryption_tables.result @@ -91,15 +91,12 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 -1 SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; variable_value >= 0 1 @@ -144,21 +141,18 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; variable_value >= 0 1 -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -variable_value = 0 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; +variable_value >= 0 +1 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; +variable_value >= 0 1 -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; -variable_value > 0 -0 -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; -variable_value > 0 -0 drop procedure innodb_insert_proc; drop table innodb_normal; drop table innodb_compact; diff --git a/mysql-test/suite/innodb/r/innodb_monitor.result b/mysql-test/suite/innodb/r/innodb_monitor.result index 02e72ae6a80..0977c8b8594 100644 --- a/mysql-test/suite/innodb/r/innodb_monitor.result +++ b/mysql-test/suite/innodb/r/innodb_monitor.result @@ -180,9 +180,8 @@ compress_page_compressed_trim_op disabled compress_page_compressed_trim_op_saved disabled compress_pages_page_decompressed disabled compress_pages_page_compression_error disabled -compress_pages_page_encrypted disabled -compress_pages_page_decrypted disabled -compress_pages_page_encryption_error disabled +compress_pages_encrypted disabled +compress_pages_decrypted disabled index_page_splits disabled index_page_merge_attempts disabled index_page_merge_successful disabled diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test b/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test index e96e352da12..765ba7cb354 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test @@ -1,7 +1,9 @@ --source include/no_valgrind_without_big.inc +--source include/not_embedded.inc # Tests for setting innodb-page-size=32k; ---source include/have_xtradb.inc +--source include/have_innodb.inc --source include/have_innodb_32k.inc +--source include/have_file_key_management_plugin.inc call mtr.add_suppression("InnoDB: Warning: innodb_page_size has been changed from default value *"); @@ -15,9 +17,9 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; show create table innodb_compact; show create table innodb_dynamic; @@ -61,11 +63,11 @@ select count(*) from innodb_compact where c1 < 1500000; select count(*) from innodb_dynamic where c1 < 1500000; select count(*) from innodb_redundant where c1 < 1500000; -alter table innodb_compact engine=innodb page_encryption=0; +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; -alter table innodb_dynamic engine=innodb page_encryption=0; +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; -alter table innodb_redundant engine=innodb page_encryption=0; +alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; --source include/restart_mysqld.inc diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption.test b/mysql-test/suite/innodb/t/innodb-page_encryption.test index 66927d1905f..25f477996db 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption.test @@ -4,20 +4,20 @@ --disable_query_log let $innodb_file_format_orig = `SELECT @@innodb_file_format`; let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`; -let $default_page_encryption_key = `SELECT @@innodb_default_page_encryption_key`; +let $default_encryption_key = `SELECT @@innodb_default_encryption_key`; --enable_query_log SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; -SET GLOBAL innodb_default_page_encryption_key = 5; -create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb page_encryption=1; +SET GLOBAL innodb_default_encryption_key = 5; +create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encryption='ON'; show create table innodb_defkey; show create table innodb_compact; @@ -73,9 +73,8 @@ select count(*) from innodb_defkey t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; # Note there that these variables are updated only when real I/O is done, thus they are not reliable -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; --source include/restart_mysqld.inc @@ -104,17 +103,16 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_defkey t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; -alter table innodb_compact engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; -alter table innodb_compressed engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; -alter table innodb_dynamic engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; -alter table innodb_redundant engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; --source include/restart_mysqld.inc @@ -147,9 +145,8 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; # After alter+restart these should be 0 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; drop procedure innodb_insert_proc; drop table innodb_normal; @@ -163,5 +160,5 @@ drop table innodb_defkey; --disable_query_log EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig; EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig; -EVAL SET GLOBAL innodb_default_page_encryption_key = $default_page_encryption_key; +EVAL SET GLOBAL innodb_default_encryption_key = $default_encryption_key; --enable_query_log diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test b/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test index 6b9fb5bca9d..6123745d5c6 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test @@ -1,4 +1,5 @@ -- source include/have_innodb.inc +-- source include/not_embedded.inc -- source include/have_file_key_management_plugin.inc --disable_query_log @@ -13,8 +14,8 @@ SET GLOBAL innodb_file_per_table = ON; set global innodb_compression_algorithm = 1; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb page_compressed=1; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1 page_compressed=1; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=2 page_compressed=1; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1 page_compressed=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=2 page_compressed=1; show warnings; show create table innodb_normal; @@ -53,11 +54,10 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_dynamic t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_compressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decompressed'; --source include/restart_mysqld.inc @@ -77,17 +77,16 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_dynamic t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_compressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decompressed'; alter table innodb_normal engine=innodb page_compressed=DEFAULT; show create table innodb_normal; -alter table innodb_compact engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT page_compressed=DEFAULT; +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_compact; -alter table innodb_dynamic engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT page_compressed=DEFAULT; +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_dynamic; --source include/restart_mysqld.inc @@ -110,11 +109,10 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_dynamic t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_compressed'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decompressed'; drop procedure innodb_insert_proc; drop table innodb_normal; diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test b/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test index abff5d93083..49deeff8008 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test @@ -1,4 +1,5 @@ -- source include/have_innodb.inc +-- source include/not_embedded.inc -- source include/have_file_key_management_plugin.inc --disable_query_log @@ -14,10 +15,10 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; show create table innodb_compact; show create table innodb_compressed; @@ -66,9 +67,8 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; # Note there that these variables are updated only when real I/O is done, thus they are not reliable -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; --source include/restart_mysqld.inc @@ -93,17 +93,16 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; -alter table innodb_compact engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; -alter table innodb_compressed engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; -alter table innodb_dynamic engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; -alter table innodb_redundant engine=innodb page_encryption=DEFAULT page_encryption_key=DEFAULT; +alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; --source include/restart_mysqld.inc @@ -135,9 +134,8 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; # After alter+restart these should be 0 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; drop procedure innodb_insert_proc; drop table innodb_normal; diff --git a/mysql-test/suite/innodb/t/innodb_encryption-page-compression.test b/mysql-test/suite/innodb/t/innodb_encryption-page-compression.test index 48a9a780e0d..34962167ef1 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption-page-compression.test +++ b/mysql-test/suite/innodb/t/innodb_encryption-page-compression.test @@ -15,16 +15,6 @@ SET GLOBAL innodb_file_per_table = ON; # zlib set global innodb_compression_algorithm = 1; ---replace_regex /#sql-[0-9a-f_]*`/#sql-temporary`/ ---error 1005 -create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb page_compressed=1; ---replace_regex /#sql-[0-9a-f_]*`/#sql-temporary`/ ---error 1005 -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_compressed=1; ---replace_regex /#sql-[0-9a-f_]*`/#sql-temporary`/ ---error 1005 -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_compressed=1; - # reset system --disable_query_log EVAL SET GLOBAL innodb_compression_algorithm = $innodb_compression_algorithm_orig; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_change.test b/mysql-test/suite/innodb/t/innodb_encryption_change.test index 6c5eab50b84..8e9e1603196 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption_change.test +++ b/mysql-test/suite/innodb/t/innodb_encryption_change.test @@ -205,9 +205,8 @@ if (!$success) } --echo # Success! -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_tables.test b/mysql-test/suite/innodb/t/innodb_encryption_tables.test index d192a16ffd4..6d378270ad9 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption_tables.test +++ b/mysql-test/suite/innodb/t/innodb_encryption_tables.test @@ -1,6 +1,6 @@ -- source include/have_innodb.inc -- source include/have_example_key_management_plugin.inc ---source include/not_embedded.inc +-- source include/not_embedded.inc --disable_query_log let $innodb_file_format_orig = `SELECT @@innodb_file_format`; @@ -66,9 +66,8 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; @@ -96,11 +95,10 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted'; -SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encryption_error'; -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; -SELECT variable_value > 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_compressed'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decompressed'; drop procedure innodb_insert_proc; drop table innodb_normal; diff --git a/mysql-test/suite/sys_vars/r/all_vars.result b/mysql-test/suite/sys_vars/r/all_vars.result index 840da8405c3..8a8d8741236 100644 --- a/mysql-test/suite/sys_vars/r/all_vars.result +++ b/mysql-test/suite/sys_vars/r/all_vars.result @@ -10,6 +10,7 @@ there should be *no* long test name listed below: select distinct variable_name as `there should be *no* variables listed below:` from t2 left join t1 on variable_name=test_name where test_name is null; there should be *no* variables listed below: +innodb_default_encryption_key strict_password_validation drop table t1; drop table t2; diff --git a/mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result b/mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result index 1e779d7c4f6..b18a9301483 100644 --- a/mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result +++ b/mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result @@ -1,71 +1,71 @@ -SET @start_global_value = @@global.innodb_default_page_encryption_key; +SET @start_global_value = @@global.innodb_default_encryption_key; SELECT @start_global_value; @start_global_value 1 Valid value 0-9 -select @@global.innodb_default_page_encryption_key <= 9; -@@global.innodb_default_page_encryption_key <= 9 +select @@global.innodb_default_encryption_key <= 9; +@@global.innodb_default_encryption_key <= 9 1 -select @@global.innodb_default_page_encryption_key; -@@global.innodb_default_page_encryption_key +select @@global.innodb_default_encryption_key; +@@global.innodb_default_encryption_key 1 -select @@session.innodb_default_page_encryption_key; -ERROR HY000: Variable 'innodb_default_page_encryption_key' is a GLOBAL variable -show global variables like 'innodb_default_page_encryption_key'; +select @@session.innodb_default_encryption_key; +ERROR HY000: Variable 'innodb_default_encryption_key' is a GLOBAL variable +show global variables like 'innodb_default_encryption_key'; Variable_name Value -innodb_default_page_encryption_key 1 -show session variables like 'innodb_default_page_encryption_key'; +innodb_default_encryption_key 1 +show session variables like 'innodb_default_encryption_key'; Variable_name Value -innodb_default_page_encryption_key 1 -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; +innodb_default_encryption_key 1 +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 1 -select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key'; +INNODB_DEFAULT_ENCRYPTION_KEY 1 +select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 1 -set global innodb_default_page_encryption_key=2; -select @@global.innodb_default_page_encryption_key; -@@global.innodb_default_page_encryption_key +INNODB_DEFAULT_ENCRYPTION_KEY 1 +set global innodb_default_encryption_key=2; +select @@global.innodb_default_encryption_key; +@@global.innodb_default_encryption_key 2 -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 2 -select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key'; +INNODB_DEFAULT_ENCRYPTION_KEY 2 +select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 2 -set session innodb_default_page_encryption_key=4; -ERROR HY000: Variable 'innodb_default_page_encryption_key' is a GLOBAL variable and should be set with SET GLOBAL -set global innodb_default_page_encryption_key=1.1; -ERROR 42000: Incorrect argument type to variable 'innodb_default_page_encryption_key' -set global innodb_default_page_encryption_key=1e1; -ERROR 42000: Incorrect argument type to variable 'innodb_default_page_encryption_key' -set global innodb_default_page_encryption_key="foo"; -ERROR 42000: Incorrect argument type to variable 'innodb_default_page_encryption_key' -set global innodb_default_page_encryption_key=10; -select @@global.innodb_default_page_encryption_key; -@@global.innodb_default_page_encryption_key +INNODB_DEFAULT_ENCRYPTION_KEY 2 +set session innodb_default_encryption_key=4; +ERROR HY000: Variable 'innodb_default_encryption_key' is a GLOBAL variable and should be set with SET GLOBAL +set global innodb_default_encryption_key=1.1; +ERROR 42000: Incorrect argument type to variable 'innodb_default_encryption_key' +set global innodb_default_encryption_key=1e1; +ERROR 42000: Incorrect argument type to variable 'innodb_default_encryption_key' +set global innodb_default_encryption_key="foo"; +ERROR 42000: Incorrect argument type to variable 'innodb_default_encryption_key' +set global innodb_default_encryption_key=10; +select @@global.innodb_default_encryption_key; +@@global.innodb_default_encryption_key 10 -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 10 -set global innodb_default_page_encryption_key=-7; +INNODB_DEFAULT_ENCRYPTION_KEY 10 +set global innodb_default_encryption_key=-7; Warnings: -Warning 1292 Truncated incorrect innodb_default_page_encryption_k value: '-7' -select @@global.innodb_default_page_encryption_key; -@@global.innodb_default_page_encryption_key +Warning 1292 Truncated incorrect innodb_default_encryption_key value: '-7' +select @@global.innodb_default_encryption_key; +@@global.innodb_default_encryption_key 1 -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 1 -set global innodb_default_page_encryption_key=1; -select @@global.innodb_default_page_encryption_key; -@@global.innodb_default_page_encryption_key +INNODB_DEFAULT_ENCRYPTION_KEY 1 +set global innodb_default_encryption_key=1; +select @@global.innodb_default_encryption_key; +@@global.innodb_default_encryption_key 1 -set global innodb_default_page_encryption_key=255; -select @@global.innodb_default_page_encryption_key; -@@global.innodb_default_page_encryption_key +set global innodb_default_encryption_key=255; +select @@global.innodb_default_encryption_key; +@@global.innodb_default_encryption_key 255 -SET @@global.innodb_default_page_encryption_key = @start_global_value; -SELECT @@global.innodb_default_page_encryption_key; -@@global.innodb_default_page_encryption_key +SET @@global.innodb_default_encryption_key = @start_global_value; +SELECT @@global.innodb_default_encryption_key; +@@global.innodb_default_encryption_key 1 diff --git a/mysql-test/suite/sys_vars/r/innodb_monitor_disable_basic.result b/mysql-test/suite/sys_vars/r/innodb_monitor_disable_basic.result index 85fe22dd816..d992695a7fe 100644 --- a/mysql-test/suite/sys_vars/r/innodb_monitor_disable_basic.result +++ b/mysql-test/suite/sys_vars/r/innodb_monitor_disable_basic.result @@ -180,9 +180,8 @@ compress_page_compressed_trim_op disabled compress_page_compressed_trim_op_saved disabled compress_pages_page_decompressed disabled compress_pages_page_compression_error disabled -compress_pages_page_encrypted disabled -compress_pages_page_decrypted disabled -compress_pages_page_encryption_error disabled +compress_pages_encrypted disabled +compress_pages_decrypted disabled index_page_splits disabled index_page_merge_attempts disabled index_page_merge_successful disabled diff --git a/mysql-test/suite/sys_vars/r/innodb_monitor_enable_basic.result b/mysql-test/suite/sys_vars/r/innodb_monitor_enable_basic.result index 85fe22dd816..d992695a7fe 100644 --- a/mysql-test/suite/sys_vars/r/innodb_monitor_enable_basic.result +++ b/mysql-test/suite/sys_vars/r/innodb_monitor_enable_basic.result @@ -180,9 +180,8 @@ compress_page_compressed_trim_op disabled compress_page_compressed_trim_op_saved disabled compress_pages_page_decompressed disabled compress_pages_page_compression_error disabled -compress_pages_page_encrypted disabled -compress_pages_page_decrypted disabled -compress_pages_page_encryption_error disabled +compress_pages_encrypted disabled +compress_pages_decrypted disabled index_page_splits disabled index_page_merge_attempts disabled index_page_merge_successful disabled diff --git a/mysql-test/suite/sys_vars/r/innodb_monitor_reset_all_basic.result b/mysql-test/suite/sys_vars/r/innodb_monitor_reset_all_basic.result index 85fe22dd816..d992695a7fe 100644 --- a/mysql-test/suite/sys_vars/r/innodb_monitor_reset_all_basic.result +++ b/mysql-test/suite/sys_vars/r/innodb_monitor_reset_all_basic.result @@ -180,9 +180,8 @@ compress_page_compressed_trim_op disabled compress_page_compressed_trim_op_saved disabled compress_pages_page_decompressed disabled compress_pages_page_compression_error disabled -compress_pages_page_encrypted disabled -compress_pages_page_decrypted disabled -compress_pages_page_encryption_error disabled +compress_pages_encrypted disabled +compress_pages_decrypted disabled index_page_splits disabled index_page_merge_attempts disabled index_page_merge_successful disabled diff --git a/mysql-test/suite/sys_vars/r/innodb_monitor_reset_basic.result b/mysql-test/suite/sys_vars/r/innodb_monitor_reset_basic.result index 85fe22dd816..d992695a7fe 100644 --- a/mysql-test/suite/sys_vars/r/innodb_monitor_reset_basic.result +++ b/mysql-test/suite/sys_vars/r/innodb_monitor_reset_basic.result @@ -180,9 +180,8 @@ compress_page_compressed_trim_op disabled compress_page_compressed_trim_op_saved disabled compress_pages_page_decompressed disabled compress_pages_page_compression_error disabled -compress_pages_page_encrypted disabled -compress_pages_page_decrypted disabled -compress_pages_page_encryption_error disabled +compress_pages_encrypted disabled +compress_pages_decrypted disabled index_page_splits disabled index_page_merge_attempts disabled index_page_merge_successful disabled diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result index 867fe02d454..fc4f75ba801 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result @@ -565,16 +565,16 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY YES COMMAND_LINE_ARGUMENT REQUIRED -VARIABLE_NAME INNODB_DEFAULT_PAGE_ENCRYPTION_KEY +VARIABLE_NAME INNODB_DEFAULT_ENCRYPTION_KEY SESSION_VALUE NULL GLOBAL_VALUE 1 GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE 1 VARIABLE_SCOPE GLOBAL VARIABLE_TYPE INT UNSIGNED -VARIABLE_COMMENT Encryption key used for page encryption. +VARIABLE_COMMENT Default encryption key used for table encryption. NUMERIC_MIN_VALUE 1 -NUMERIC_MAX_VALUE 255 +NUMERIC_MAX_VALUE 4294967295 NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO diff --git a/mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test b/mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test index c8a02cb8c74..b93ca26ba01 100644 --- a/mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test +++ b/mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test @@ -1,60 +1,60 @@ --source include/have_innodb.inc -SET @start_global_value = @@global.innodb_default_page_encryption_key; +SET @start_global_value = @@global.innodb_default_encryption_key; SELECT @start_global_value; # # exists as global only # --echo Valid value 0-9 -select @@global.innodb_default_page_encryption_key <= 9; -select @@global.innodb_default_page_encryption_key; +select @@global.innodb_default_encryption_key <= 9; +select @@global.innodb_default_encryption_key; --error ER_INCORRECT_GLOBAL_LOCAL_VAR -select @@session.innodb_default_page_encryption_key; -show global variables like 'innodb_default_page_encryption_key'; -show session variables like 'innodb_default_page_encryption_key'; -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; -select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key'; +select @@session.innodb_default_encryption_key; +show global variables like 'innodb_default_encryption_key'; +show session variables like 'innodb_default_encryption_key'; +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; +select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; # # show that it's writable # -set global innodb_default_page_encryption_key=2; -select @@global.innodb_default_page_encryption_key; -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; -select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key'; +set global innodb_default_encryption_key=2; +select @@global.innodb_default_encryption_key; +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; +select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; --error ER_GLOBAL_VARIABLE -set session innodb_default_page_encryption_key=4; +set session innodb_default_encryption_key=4; # # incorrect types # --error ER_WRONG_TYPE_FOR_VAR -set global innodb_default_page_encryption_key=1.1; +set global innodb_default_encryption_key=1.1; --error ER_WRONG_TYPE_FOR_VAR -set global innodb_default_page_encryption_key=1e1; +set global innodb_default_encryption_key=1e1; --error ER_WRONG_TYPE_FOR_VAR -set global innodb_default_page_encryption_key="foo"; +set global innodb_default_encryption_key="foo"; -set global innodb_default_page_encryption_key=10; -select @@global.innodb_default_page_encryption_key; -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; -set global innodb_default_page_encryption_key=-7; -select @@global.innodb_default_page_encryption_key; -select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key'; +set global innodb_default_encryption_key=10; +select @@global.innodb_default_encryption_key; +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; +set global innodb_default_encryption_key=-7; +select @@global.innodb_default_encryption_key; +select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; # # min/max values # -set global innodb_default_page_encryption_key=1; -select @@global.innodb_default_page_encryption_key; -set global innodb_default_page_encryption_key=255; -select @@global.innodb_default_page_encryption_key; +set global innodb_default_encryption_key=1; +select @@global.innodb_default_encryption_key; +set global innodb_default_encryption_key=255; +select @@global.innodb_default_encryption_key; # # cleanup # -SET @@global.innodb_default_page_encryption_key = @start_global_value; -SELECT @@global.innodb_default_page_encryption_key; +SET @@global.innodb_default_encryption_key = @start_global_value; +SELECT @@global.innodb_default_encryption_key; diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index 6f01f884a83..de6cf97230c 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -5710,6 +5710,7 @@ buf_page_encrypt_before_write( ulint space_id) /*!< in: space id */ { fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space_id); + bpage->real_size = UNIV_PAGE_SIZE; if (crypt_data != NULL && crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { /* Encryption is disabled */ @@ -5763,7 +5764,7 @@ buf_page_encrypt_before_write( mach_read_from_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); ut_ad(key_version == 0 || key_version >= bpage->key_version); bpage->key_version = key_version; - bpage->real_size = zip_size; + bpage->real_size = page_size; } else { /* First we compress the page content */ ulint out_len = 0; diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 35d55af819b..d26c33c2925 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -647,20 +647,6 @@ fil_node_open_file( success = os_file_read(node->handle, page, 0, UNIV_PAGE_SIZE); - if (fil_page_is_encrypted(page)) { - /* if page is (still) encrypted, write an error and return. - * Otherwise the server would crash if decrypting is not possible. - * This may be the case, if the key file could not be - * opened on server startup. - */ - ib_logf(IB_LOG_LEVEL_ERROR, - "InnoDB: can not decrypt page, because " - "keys could not be read.\n" - ); - return false; - - } - space_id = fsp_header_get_space_id(page); flags = fsp_header_get_flags(page); @@ -1896,7 +1882,6 @@ fil_check_first_page( { ulint space_id; ulint flags; - ulint page_is_encrypted; if (srv_force_recovery >= SRV_FORCE_IGNORE_CORRUPT) { return(NULL); @@ -1904,20 +1889,14 @@ fil_check_first_page( space_id = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_ID + page); flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + page); - /* Note: the 1st page is usually not encrypted. If the Key Provider - or the encryption key is not available, the - check for reading the first page should intentionally fail - with "can not decrypt" message. */ - page_is_encrypted = fil_page_encryption_status(page, space_id); - if (!page_is_encrypted) { - if (UNIV_PAGE_SIZE != fsp_flags_get_page_size(flags)) { - fprintf(stderr, - "InnoDB: Error: Current page size %lu != " - " page size on page %lu\n", - UNIV_PAGE_SIZE, fsp_flags_get_page_size(flags)); - return("innodb-page-size mismatch"); - } + if (UNIV_PAGE_SIZE != fsp_flags_get_page_size(flags)) { + fprintf(stderr, + "InnoDB: Error: Current page size %lu != " + " page size on page %lu\n", + UNIV_PAGE_SIZE, fsp_flags_get_page_size(flags)); + + return("innodb-page-size mismatch"); } if (!space_id && !flags) { @@ -1933,17 +1912,9 @@ fil_check_first_page( } } - if (!page_is_encrypted && buf_page_is_corrupted( + if (buf_page_is_corrupted( false, page, fsp_flags_get_zip_size(flags))) { return("checksum mismatch"); - } else { - if (page_is_encrypted) { - /* this error message is interpreted by the calling method, which is - * executed if the server starts in recovery mode. - */ - return(FIL_MSG_CANNOT_DECRYPT); - - } } if (page_get_space_id(page) == space_id @@ -1987,6 +1958,7 @@ fil_read_first_page( byte* page; lsn_t flushed_lsn; const char* check_msg = NULL; + fil_space_crypt_t* cdata; buf = static_cast(ut_malloc(2 * UNIV_PAGE_SIZE)); @@ -2005,13 +1977,6 @@ fil_read_first_page( *space_id = fsp_header_get_space_id(page); } - /* Page is page compressed page, need to decompress, before - continue. */ - if (fil_page_is_compressed(page)) { - ulint write_size=0; - fil_decompress_page(NULL, page, UNIV_PAGE_SIZE, &write_size); - } - if (!one_read_already) { check_msg = fil_check_first_page(page); } @@ -2019,12 +1984,29 @@ fil_read_first_page( flushed_lsn = mach_read_from_8(page + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); + ulint space = fsp_header_get_space_id(page); + ulint offset = fsp_header_get_crypt_offset( + fsp_flags_get_zip_size(*flags), NULL); + cdata = fil_space_read_crypt_data(space, page, offset); + + /* If file space is encrypted we need to have at least some + encryption service available where to get keys */ + if ((cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_ON) || + ( srv_encrypt_tables && + cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { + int rc = get_latest_encryption_key_version(); + + if (rc < 0) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Tablespace id %ld encrypted but encryption service" + " not available. Can't continue opening tablespace.\n", + space); + ut_error; + } + } + if (crypt_data) { - ulint space = fsp_header_get_space_id(page); - ulint offset = - fsp_header_get_crypt_offset( - fsp_flags_get_zip_size(*flags), NULL); - *crypt_data = fil_space_read_crypt_data(space, page, offset); + *crypt_data = cdata; } ut_free(buf); @@ -4203,14 +4185,6 @@ check_first_page: "%s in tablespace %s (table %s)", check_msg, fsp->filepath, tablename); fsp->success = FALSE; - if (strncmp(check_msg, FIL_MSG_CANNOT_DECRYPT, strlen(check_msg))==0) { - /* by returning here, it should be avoided, that the server crashes, - * if started in recovery mode and can not decrypt tables, if - * the key file can not be read. - */ - fsp->encryption_error = 1; - return; - } } if (!fsp->success) { diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index bc49b1988f1..fdc4d7f1ba4 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -567,9 +567,9 @@ ha_create_table_option innodb_table_option_list[]= /* With this option user can enable atomic writes feature for this table */ HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0), /* With this option the user can enable encryption for the table */ - HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT, ON, OFF", 0), + HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_NUMBER("ENCRYPTION_KEY", encryption_key, 0, 1, UINT_MAX32, 1), + HA_TOPTION_NUMBER("ENCRYPTION_KEY_ID", encryption_key_id, 0, 1, UINT_MAX32, 1), HA_TOPTION_END }; @@ -11375,29 +11375,19 @@ ha_innobase::check_table_options( } } - if (options->encryption_key != 0) { + if (options->encryption_key_id != 0) { if (options->encryption == FIL_SPACE_ENCRYPTION_OFF) { /* ignore this to allow alter table without changing page_encryption_key ...*/ } - if (options->encryption_key < 1) { + if (!has_encryption_key(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: invalid ENCRYPTION_KEY = %lu." - " Valid values are [1..INT32_MAX]", - options->encryption_key); - return "ENCRYPTION_KEY"; - } - - if (!has_encryption_key(options->encryption_key)) { - push_warning_printf( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION_KEY encryption key %lu not available", - options->encryption_key + "InnoDB: ENCRYPTION_KEY_ID key %lu not available", + options->encryption_key_id ); - return "ENCRYPTION_KEY"; + return "ENCRYPTION_KEY_ID"; } } @@ -11459,10 +11449,10 @@ ha_innobase::create( const char* stmt; size_t stmt_len; /* Cache table options */ - ha_table_option_struct *options= table->s->option_struct; + ha_table_option_struct *options= form->s->option_struct; fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - ulint key_id = (options->encryption_key == 0) ? srv_default_encryption_key : - options->encryption_key; + ulint key_id = (options->encryption_key_id == 0) ? srv_default_encryption_key : + options->encryption_key_id; DBUG_ENTER("ha_innobase::create"); @@ -11702,18 +11692,6 @@ ha_innobase::create( innobase_commit_low(trx); - /* If user has requested that table should be encrypted or table - should remain as unencrypted store crypt data */ - if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { - ulint maxsize; - ulint zip_size = fil_space_get_zip_size(innobase_table->space); - fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); - crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); - crypt_data->keys[0].key_id = key_id; - crypt_data->encryption = encrypt; - fil_space_set_crypt_data(innobase_table->space, crypt_data); - } - row_mysql_unlock_data_dictionary(trx); /* Flush the log to reduce probability that the .frm files and @@ -11727,6 +11705,28 @@ ha_innobase::create( DBUG_ASSERT(innobase_table != 0); + /* If user has requested that table should be encrypted or table + should remain as unencrypted store crypt data */ + if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { + ulint maxsize; + ulint zip_size = fil_space_get_zip_size(innobase_table->space); + fil_space_crypt_t* old_crypt_data = fil_space_get_crypt_data(innobase_table->space); + fil_space_crypt_t* crypt_data; + + crypt_data = fil_space_create_crypt_data(); + crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); + crypt_data->keys[0].key_id = key_id; + crypt_data->encryption = encrypt; + + /* If there is old crypt data, copy IV */ + if (old_crypt_data) { + memcpy(crypt_data->iv, old_crypt_data->iv, old_crypt_data->iv_length); + crypt_data->iv_length = old_crypt_data->iv_length; + } + + fil_space_set_crypt_data(innobase_table->space, crypt_data); + } + innobase_copy_frm_flags_from_create_info(innobase_table, create_info); dict_stats_update(innobase_table, DICT_STATS_EMPTY_TABLE); diff --git a/storage/innobase/handler/ha_innodb.h b/storage/innobase/handler/ha_innodb.h index 2b9f1506339..b613053a992 100644 --- a/storage/innobase/handler/ha_innodb.h +++ b/storage/innobase/handler/ha_innodb.h @@ -71,7 +71,7 @@ struct ha_table_option_struct Atomic writes are not used if value OFF.*/ uint encryption; /*!< DEFAULT, ON, OFF */ - int encryption_key; /*!< encryption key id*/ + int encryption_key_id; /*!< encryption key id*/ }; diff --git a/storage/innobase/handler/handler0alter.cc b/storage/innobase/handler/handler0alter.cc index 327e4e92d1b..dc5c5d85b8d 100644 --- a/storage/innobase/handler/handler0alter.cc +++ b/storage/innobase/handler/handler0alter.cc @@ -279,7 +279,7 @@ ha_innobase::check_if_supported_inplace_alter( } if (new_options->encryption != old_options->encryption || - new_options->encryption_key != old_options->encryption_key) { + new_options->encryption_key_id != old_options->encryption_key_id) { ha_alter_info->unsupported_reason = innobase_get_err_msg( ER_ALTER_OPERATION_NOT_SUPPORTED_REASON); DBUG_RETURN(HA_ALTER_INPLACE_NOT_SUPPORTED); diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h index 359533dc50a..da32d29e9e1 100644 --- a/storage/innobase/include/fil0crypt.h +++ b/storage/innobase/include/fil0crypt.h @@ -159,7 +159,7 @@ void fil_space_set_crypt_data( /*======================*/ ulint space, /*!< in: tablespace id */ - fil_space_crypt_t* crypt_data); /*!< in: crypt data */ + fil_space_crypt_t* crypt_data); /*!< in: crypt data to set */ /********************************************************************* Compare crypt data*/ diff --git a/storage/innobase/include/srv0srv.h b/storage/innobase/include/srv0srv.h index bfc65dbc51a..11e648efc85 100644 --- a/storage/innobase/include/srv0srv.h +++ b/storage/innobase/include/srv0srv.h @@ -1024,8 +1024,7 @@ struct export_var_t{ decrypted */ ulint innodb_sec_rec_cluster_reads; /*!< srv_sec_rec_cluster_reads */ - ulint innodb_sec_rec_cluster_reads_avoided; - /*!< srv_sec_rec_cluster_reads_avoided */ + ulint innodb_sec_rec_cluster_reads_avoided;/*!< srv_sec_rec_cluster_reads_avoided */ ulint innodb_encryption_rotation_pages_read_from_cache; ulint innodb_encryption_rotation_pages_read_from_disk; diff --git a/storage/xtradb/buf/buf0buf.cc b/storage/xtradb/buf/buf0buf.cc index 1bccc695223..bb8e9c6cce2 100644 --- a/storage/xtradb/buf/buf0buf.cc +++ b/storage/xtradb/buf/buf0buf.cc @@ -5868,6 +5868,7 @@ buf_page_encrypt_before_write( ulint space_id) /*!< in: space id */ { fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space_id); + bpage->real_size = UNIV_PAGE_SIZE; if (crypt_data != NULL && crypt_data->encryption == FIL_SPACE_ENCRYPTION_OFF) { /* Encryption is disabled */ @@ -5921,7 +5922,7 @@ buf_page_encrypt_before_write( mach_read_from_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); ut_ad(key_version == 0 || key_version >= bpage->key_version); bpage->key_version = key_version; - bpage->real_size = zip_size; + bpage->real_size = page_size; } else { /* First we compress the page content */ ulint out_len = 0; diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index e9ec7c1087b..ca61605c1f9 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -632,9 +632,9 @@ ha_create_table_option innodb_table_option_list[]= /* With this option user can enable atomic writes feature for this table */ HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0), /* With this option the user can enable encryption for the table */ - HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT, ON, OFF", 0), + HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_NUMBER("ENCRYPTION_KEY", encryption_key, 0, 1, UINT_MAX32, 1), + HA_TOPTION_NUMBER("ENCRYPTION_KEY_ID", encryption_key_id, 0, 1, UINT_MAX32, 1), HA_TOPTION_END }; @@ -11882,29 +11882,19 @@ ha_innobase::check_table_options( } } - if (options->encryption_key != 0) { + if (options->encryption_key_id != 0) { if (options->encryption == FIL_SPACE_ENCRYPTION_OFF) { /* ignore this to allow alter table without changing page_encryption_key ...*/ } - if (options->encryption_key < 1) { + if (!has_encryption_key(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: invalid ENCRYPTION_KEY = %lu." - " Valid values are [1..UINTMAX32]", - options->encryption_key); - return "ENCRYPTION_KEY"; - } - - if (!has_encryption_key(options->encryption_key)) { - push_warning_printf( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION_KEY %lu not available", - options->encryption_key + "InnoDB: ENCRYPTION_KEY_ID %lu not available", + options->encryption_key_id ); - return "ENCRYPTION_KEY"; + return "ENCRYPTION_KEY_ID"; } } @@ -11967,10 +11957,10 @@ ha_innobase::create( const char* stmt; size_t stmt_len; /* Cache table options */ - ha_table_option_struct *options= table->s->option_struct; + ha_table_option_struct *options= form->s->option_struct; fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - ulint key_id = (options->encryption_key == 0) ? srv_default_encryption_key : - options->encryption_key; + ulint key_id = (options->encryption_key_id == 0) ? srv_default_encryption_key : + options->encryption_key_id; DBUG_ENTER("ha_innobase::create"); @@ -12216,18 +12206,6 @@ ha_innobase::create( innobase_commit_low(trx); - /* If user has requested that table should be encrypted or table - should remain as unencrypted store crypt data */ - if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { - ulint maxsize; - ulint zip_size = fil_space_get_zip_size(innobase_table->space); - fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); - crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); - crypt_data->keys[0].key_id = key_id; - crypt_data->encryption = encrypt; - fil_space_set_crypt_data(innobase_table->space, crypt_data); - } - row_mysql_unlock_data_dictionary(trx); /* Flush the log to reduce probability that the .frm files and @@ -12241,6 +12219,28 @@ ha_innobase::create( DBUG_ASSERT(innobase_table != 0); + /* If user has requested that table should be encrypted or table + should remain as unencrypted store crypt data */ + if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { + ulint maxsize; + ulint zip_size = fil_space_get_zip_size(innobase_table->space); + fil_space_crypt_t* old_crypt_data = fil_space_get_crypt_data(innobase_table->space); + fil_space_crypt_t* crypt_data; + + crypt_data = fil_space_create_crypt_data(); + crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); + crypt_data->keys[0].key_id = key_id; + crypt_data->encryption = encrypt; + + /* If there is old crypt data, copy IV */ + if (old_crypt_data) { + memcpy(crypt_data->iv, old_crypt_data->iv, old_crypt_data->iv_length); + crypt_data->iv_length = old_crypt_data->iv_length; + } + + fil_space_set_crypt_data(innobase_table->space, crypt_data); + } + innobase_copy_frm_flags_from_create_info(innobase_table, create_info); dict_stats_update(innobase_table, DICT_STATS_EMPTY_TABLE); @@ -20339,7 +20339,7 @@ static MYSQL_SYSVAR_UINT(encryption_rotation_iops, srv_n_fil_crypt_iops, static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, PLUGIN_VAR_RQCMDARG, - "Default encryption key used for table encryption.", + "Default encryption key id used for table encryption.", NULL, NULL, FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); diff --git a/storage/xtradb/handler/ha_innodb.h b/storage/xtradb/handler/ha_innodb.h index fdc6f9521aa..aadd2fc5bb8 100644 --- a/storage/xtradb/handler/ha_innodb.h +++ b/storage/xtradb/handler/ha_innodb.h @@ -72,7 +72,7 @@ struct ha_table_option_struct Atomic writes are not used if value OFF.*/ uint encryption; /*!< DEFAULT, ON, OFF */ - int encryption_key; /*!< encryption key id */ + int encryption_key_id; /*!< encryption key id */ }; /** The class defining a handle to an Innodb table */ diff --git a/storage/xtradb/handler/handler0alter.cc b/storage/xtradb/handler/handler0alter.cc index 9fe3cbc2bd1..8b1bd89d1c5 100644 --- a/storage/xtradb/handler/handler0alter.cc +++ b/storage/xtradb/handler/handler0alter.cc @@ -283,7 +283,7 @@ ha_innobase::check_if_supported_inplace_alter( } if (new_options->encryption != old_options->encryption || - new_options->encryption_key != old_options->encryption_key) { + new_options->encryption_key_id != old_options->encryption_key_id) { ha_alter_info->unsupported_reason = innobase_get_err_msg( ER_ALTER_OPERATION_NOT_SUPPORTED_REASON); DBUG_RETURN(HA_ALTER_INPLACE_NOT_SUPPORTED); diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h index 359533dc50a..da32d29e9e1 100644 --- a/storage/xtradb/include/fil0crypt.h +++ b/storage/xtradb/include/fil0crypt.h @@ -159,7 +159,7 @@ void fil_space_set_crypt_data( /*======================*/ ulint space, /*!< in: tablespace id */ - fil_space_crypt_t* crypt_data); /*!< in: crypt data */ + fil_space_crypt_t* crypt_data); /*!< in: crypt data to set */ /********************************************************************* Compare crypt data*/ diff --git a/storage/xtradb/include/fsp0fsp.h b/storage/xtradb/include/fsp0fsp.h index 3d3d482a6c0..8fdacc51277 100644 --- a/storage/xtradb/include/fsp0fsp.h +++ b/storage/xtradb/include/fsp0fsp.h @@ -94,8 +94,8 @@ dictionary */ #define FSP_FLAGS_POS_ATOMIC_WRITES (FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL \ + FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL) /** Zero relative shift position of the PAGE_SSIZE field */ -#define FSP_FLAGS_POS_PAGE_SSIZE (FSP_FLAGS_POS_PAGE_COMPRESSION_LEVEL \ - + FSP_FLAGS_WIDTH_PAGE_COMPRESSION_LEVEL) +#define FSP_FLAGS_POS_PAGE_SSIZE (FSP_FLAGS_POS_ATOMIC_WRITES \ + + FSP_FLAGS_WIDTH_ATOMIC_WRITES) /** Zero relative shift position of the start of the DATA DIR bits */ #define FSP_FLAGS_POS_DATA_DIR (FSP_FLAGS_POS_PAGE_SSIZE \ + FSP_FLAGS_WIDTH_PAGE_SSIZE) diff --git a/storage/xtradb/include/srv0srv.h b/storage/xtradb/include/srv0srv.h index 3cf312a4b4d..0135529ffe3 100644 --- a/storage/xtradb/include/srv0srv.h +++ b/storage/xtradb/include/srv0srv.h @@ -1242,8 +1242,7 @@ struct export_var_t{ decrypted */ ulint innodb_sec_rec_cluster_reads; /*!< srv_sec_rec_cluster_reads */ - ulint innodb_sec_rec_cluster_reads_avoided; - /*!< srv_sec_rec_cluster_reads_avoided */ + ulint innodb_sec_rec_cluster_reads_avoided; /*!< srv_sec_rec_cluster_reads_avoided */ ulint innodb_encryption_rotation_pages_read_from_cache; ulint innodb_encryption_rotation_pages_read_from_disk; From d2b87801b68e81ae4225f90bbcab03c7e35aea01 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Thu, 2 Apr 2015 16:52:30 +0300 Subject: [PATCH 14/65] Fix test failure on these scrub tests. --- .../innodb/t/innodb_scrub_background.opt | 19 +++++----------- .../innodb/t/innodb_scrub_compressed.opt | 22 ++++++------------- 2 files changed, 13 insertions(+), 28 deletions(-) diff --git a/mysql-test/suite/innodb/t/innodb_scrub_background.opt b/mysql-test/suite/innodb/t/innodb_scrub_background.opt index bb1f4ce4e86..cd5f74570bb 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub_background.opt +++ b/mysql-test/suite/innodb/t/innodb_scrub_background.opt @@ -1,14 +1,7 @@ ---innodb-file-per-table=1 ---innodb-file-format=Barracuda ---innodb-encrypt-tables=0 ---innodb-encryption-threads=0 ---innodb-immediate-scrub-data-uncompressed=OFF ---innodb-background-scrub-data-uncompressed=ON ---innodb-background-scrub-data-compressed=ON +--innodb_file_per_table=1 +--innodb_file_format=Barracuda +--innodb-immediate-scrub-data-uncompressed=OFF +--innodb-background-scrub-data-uncompressed=ON +--innodb-background-scrub-data-compressed=ON --loose-innodb-scrub-force-testing=ON ---encrypt-tmp-disk-tables=ON ---aria-encrypt-tables=ON ---innodb-encryption-threads=4 ---innodb-encryption-rotate-key-age=15 ---innodb-encrypt-tables=ON ---innodb-tablespaces-scrubbing +--innodb-tablespaces_scrubbing diff --git a/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt b/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt index ac7ef8a1675..c94e9b34300 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt +++ b/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt @@ -1,15 +1,7 @@ ---innodb-file-per-table=1 ---innodb-file-format=Barracuda ---innodb-encrypt-tables=off ---innodb-immediate-scrub-data-uncompressed=ON ---innodb-background-scrub-data-uncompressed=ON ---innodb-background-scrub-data-compressed=ON ---loose-innodb-scrub-force-testing=ON ---innodb-encryption-threads=0 ---encrypt-tmp-disk-tables=ON ---aria-encrypt-tables=ON ---innodb-encryption-threads=4 ---innodb-encryption-rotate-key-age=15 ---innodb-encrypt-tables=ON ---innodb-tablespaces-scrubbing - +--innodb_file_per_table=1 +--innodb_file_format=Barracuda +--innodb-immediate-scrub-data-uncompressed=ON +--innodb-background-scrub-data-uncompressed=ON +--innodb-background-scrub-data-compressed=ON +--loose-innodb-scrub-force-testing=ON +--innodb-tablespaces_scrubbing From f444d13a3bd861ec86530e22cd861f25e2b350df Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 25 Mar 2015 16:11:16 +0100 Subject: [PATCH 15/65] my_aes* functions: support for different key lengths to: different key lengths --- mysys_ssl/my_crypt.cc | 52 +++++++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 14 deletions(-) diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index c5db08e331d..3e8ec854f59 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -19,7 +19,7 @@ #include // TODO -// different key lengths +// 2. padding #ifdef HAVE_YASSL #include "aes.hpp" @@ -29,8 +29,8 @@ static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION; static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION; typedef TaoCrypt::Mode CipherMode; -static inline CipherMode EVP_aes_128_ecb() { return TaoCrypt::ECB; } -static inline CipherMode EVP_aes_128_cbc() { return TaoCrypt::CBC; } +static inline CipherMode aes_ecb(uint8) { return TaoCrypt::ECB; } +static inline CipherMode aes_cbc(uint8) { return TaoCrypt::CBC; } typedef TaoCrypt::byte KeyByte; @@ -43,12 +43,30 @@ static const Dir CRYPT_ENCRYPT = 1; static const Dir CRYPT_DECRYPT = 0; typedef const EVP_CIPHER *CipherMode; + +#define make_aes_dispatcher(mode) \ + static inline CipherMode aes_ ## mode(uint8 key_length) \ + { \ + switch (key_length) { \ + case 16: return EVP_aes_128_ ## mode(); \ + case 24: return EVP_aes_192_ ## mode(); \ + case 32: return EVP_aes_256_ ## mode(); \ + default: return 0; \ + } \ + } + +make_aes_dispatcher(ecb) +make_aes_dispatcher(cbc) +#ifdef HAVE_EncryptAes128Ctr +make_aes_dispatcher(ctr) +#endif + +typedef uchar KeyByte; + struct MyCTX : EVP_CIPHER_CTX { MyCTX() { EVP_CIPHER_CTX_init(this); } ~MyCTX() { EVP_CIPHER_CTX_cleanup(this); } }; - -typedef uchar KeyByte; #endif static int do_crypt(CipherMode cipher, Dir dir, @@ -63,6 +81,9 @@ static int do_crypt(CipherMode cipher, Dir dir, #ifdef HAVE_YASSL TaoCrypt::AES ctx(dir, cipher); + if (key_length != 16 && key_length != 24 && key_length != 32) + return AES_BAD_KEYSIZE; + ctx.SetKey(key, key_length); if (iv) { @@ -76,6 +97,10 @@ static int do_crypt(CipherMode cipher, Dir dir, #else // HAVE_OPENSSL int fin; struct MyCTX ctx; + + if (!cipher) + return AES_BAD_KEYSIZE; + if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, dir)) return AES_OPENSSL_ERROR; @@ -96,7 +121,7 @@ static int do_crypt(CipherMode cipher, Dir dir, if (tail) { /* - Not much we can do here, block cyphers cannot encrypt data that aren't + Not much we can do here, block ciphers cannot encrypt data that aren't a multiple of the block length. At least not without padding. What we do here, we XOR the tail with the previous encrypted block. */ @@ -115,8 +140,6 @@ static int do_crypt(CipherMode cipher, Dir dir, C_MODE_START -/* CTR is a stream cypher mode, it needs no special padding code */ - #ifdef HAVE_EncryptAes128Ctr int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, @@ -125,7 +148,8 @@ int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, const uchar* iv, uint8 iv_length, uint no_padding) { - return do_crypt(EVP_aes_128_ctr(), CRYPT_ENCRYPT, source, source_length, + /* CTR is a stream cipher mode, it needs no special padding code */ + return do_crypt(aes_ctr(key_length), CRYPT_ENCRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, 0); } @@ -136,7 +160,7 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, const uchar* iv, uint8 iv_length, uint no_padding) { - return do_crypt(EVP_aes_128_ctr(), CRYPT_DECRYPT, source, source_length, + return do_crypt(aes_ctr(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, 0); } @@ -148,7 +172,7 @@ int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, const uchar* iv, uint8 iv_length, uint no_padding) { - return do_crypt(EVP_aes_128_ecb(), CRYPT_ENCRYPT, source, source_length, + return do_crypt(aes_ecb(key_length), CRYPT_ENCRYPT, source, source_length, dest, dest_length, key, key_length, 0, 0, no_padding); } @@ -158,7 +182,7 @@ int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, const uchar* iv, uint8 iv_length, uint no_padding) { - return do_crypt(EVP_aes_128_ecb(), CRYPT_DECRYPT, source, source_length, + return do_crypt(aes_ecb(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, 0, 0, no_padding); } @@ -168,7 +192,7 @@ int my_aes_encrypt_cbc(const uchar* source, uint32 source_length, const uchar* iv, uint8 iv_length, uint no_padding) { - return do_crypt(EVP_aes_128_cbc(), CRYPT_ENCRYPT, source, source_length, + return do_crypt(aes_cbc(key_length), CRYPT_ENCRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, no_padding); } @@ -178,7 +202,7 @@ int my_aes_decrypt_cbc(const uchar* source, uint32 source_length, const uchar* iv, uint8 iv_length, uint no_padding) { - return do_crypt(EVP_aes_128_cbc(), CRYPT_DECRYPT, source, source_length, + return do_crypt(aes_cbc(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, no_padding); } From 91f7363e4baff9debe43cf039fe4525c43aee4cc Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 25 Mar 2015 19:35:22 +0100 Subject: [PATCH 16/65] yassl padding --- mysys_ssl/my_crypt.cc | 44 ++++++++++++++++++++++++++++++++----------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 3e8ec854f59..60072a5bbaf 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -18,9 +18,6 @@ #include #include -// TODO -// 2. padding - #ifdef HAVE_YASSL #include "aes.hpp" @@ -75,13 +72,12 @@ static int do_crypt(CipherMode cipher, Dir dir, const KeyByte *key, uint8 key_length, const KeyByte *iv, uint8 iv_length, int no_padding) { - int tail= no_padding ? source_length % MY_AES_BLOCK_SIZE : 0; - DBUG_ASSERT(source_length - tail >= MY_AES_BLOCK_SIZE); + int tail= source_length % MY_AES_BLOCK_SIZE; #ifdef HAVE_YASSL TaoCrypt::AES ctx(dir, cipher); - if (key_length != 16 && key_length != 24 && key_length != 32) + if (unlikely(key_length != 16 && key_length != 24 && key_length != 32)) return AES_BAD_KEYSIZE; ctx.SetKey(key, key_length); @@ -93,12 +89,33 @@ static int do_crypt(CipherMode cipher, Dir dir, DBUG_ASSERT(TaoCrypt::AES::BLOCK_SIZE == MY_AES_BLOCK_SIZE); ctx.Process(dest, source, source_length - tail); - *dest_length= source_length; + *dest_length= source_length - tail; + + /* unlike OpenSSL, YaSSL doesn't support PKCS#7 padding */ + if (!no_padding) + { + if (dir == CRYPT_ENCRYPT) + { + uchar buf[MY_AES_BLOCK_SIZE]; + memcpy(buf, source + source_length - tail, tail); + memset(buf + tail, MY_AES_BLOCK_SIZE - tail, MY_AES_BLOCK_SIZE - tail); + ctx.Process(dest + *dest_length, buf, MY_AES_BLOCK_SIZE); + *dest_length+= MY_AES_BLOCK_SIZE; + } + else + { + int n= dest[source_length - 1]; + if (tail || n == 0 || n > MY_AES_BLOCK_SIZE) + return AES_OPENSSL_ERROR; + *dest_length-= n; + } + } + #else // HAVE_OPENSSL int fin; struct MyCTX ctx; - if (!cipher) + if (unlikely(!cipher)) return AES_BAD_KEYSIZE; if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, dir)) @@ -110,7 +127,9 @@ static int do_crypt(CipherMode cipher, Dir dir, DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length); DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding); - if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length - tail)) + /* use built-in OpenSSL padding, if possible */ + if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, + source, source_length - (no_padding ? tail : 0))) return AES_OPENSSL_ERROR; if (!EVP_CipherFinal_ex(&ctx, dest + *dest_length, &fin)) return AES_OPENSSL_ERROR; @@ -118,14 +137,17 @@ static int do_crypt(CipherMode cipher, Dir dir, #endif - if (tail) + if (no_padding && tail) { /* - Not much we can do here, block ciphers cannot encrypt data that aren't + Not much we can do, block ciphers cannot encrypt data that aren't a multiple of the block length. At least not without padding. What we do here, we XOR the tail with the previous encrypted block. */ + if (unlikely(source_length < MY_AES_BLOCK_SIZE)) + return AES_OPENSSL_ERROR; + const uchar *s= source + source_length - tail; const uchar *e= source + source_length; uchar *d= dest + source_length - tail; From b937574293ee731dc7b5c949d27fede1f5d17db5 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 25 Mar 2015 19:36:10 +0100 Subject: [PATCH 17/65] remove old my_aes_encrypt/decrypt and simplify Item_func_aes_encrypt/decrypt --- include/my_aes.h | 49 ---------- mysys_ssl/my_aes.cc | 229 -------------------------------------------- sql/item_strfunc.cc | 81 +++++++--------- sql/item_strfunc.h | 24 +++-- 4 files changed, 52 insertions(+), 331 deletions(-) diff --git a/include/my_aes.h b/include/my_aes.h index 3d9c9c1a8c9..e7376a6b08e 100644 --- a/include/my_aes.h +++ b/include/my_aes.h @@ -47,8 +47,6 @@ typedef int Crypt_result; C_MODE_START -#define AES_KEY_LENGTH 128 /* Must be 128 192 or 256 */ - /** Crypt buffer with AES dynamic (defined at startup) encryption algorithm. @@ -127,53 +125,6 @@ my_bool my_aes_init_dynamic_encrypt(enum enum_my_aes_encryption_algorithm method extern MYSQL_PLUGIN_IMPORT enum enum_my_aes_encryption_algorithm current_aes_dynamic_method; -/** - Crypt buffer with AES encryption algorithm. - - SYNOPSIS - my_aes_encrypt() - - @param source Pointer to data for encryption - @param source_length Size of encryption data - @param dest Buffer to place encrypted data (must be large enough) - @param key Key to be used for encryption - @param kel_length Length of the key. Will handle keys of any length - - @return Size of encrypted data, or negative in case of error. -*/ - -int my_aes_encrypt(const uchar *source, int source_length, uchar *dest, - const char *key, int key_length); - -/** - DeCrypt buffer with AES encryption algorithm. - - SYNOPSIS - my_aes_decrypt() - - @param source Pointer to data for decryption - @param source_length size of encrypted data - @param dest buffer to place decrypted data (must be large enough) - @param key Key to be used for decryption - @param kel_length Length of the key. Will handle keys of any length - - @return size of original data, or negative in case of error. -*/ - - -int my_aes_decrypt(const uchar *source, int source_length, uchar *dest, - const char *key, int key_length); - -/** - get size of buffer which will be large enough for encrypted data - - SYNOPSIS - my_aes_get_size() - @param source_length Length of data to be encrypted - - @return Size of buffer required to store encrypted data -*/ - int my_aes_get_size(int source_length); C_MODE_END diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc index 0a81cef9ab1..97af3c39381 100644 --- a/mysys_ssl/my_aes.cc +++ b/mysys_ssl/my_aes.cc @@ -13,93 +13,11 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - #include #include #include #include -#if defined(HAVE_YASSL) -#include "aes.hpp" -#include "openssl/ssl.h" -#include "crypto_wrapper.hpp" -#elif defined(HAVE_OPENSSL) -#include -#include -#include -#include - -// Wrap C struct, to ensure resources are released. -struct MyCipherCtx -{ - MyCipherCtx() { memset(&ctx, 0, sizeof(ctx)); } - ~MyCipherCtx() { EVP_CIPHER_CTX_cleanup(&ctx); } - - EVP_CIPHER_CTX ctx; -}; -#endif - -enum encrypt_dir { MY_AES_ENCRYPT, MY_AES_DECRYPT }; - -/** - This is internal function just keeps joint code of Key generation - - SYNOPSIS - my_aes_create_key() - @param key [in] Key to use for real key creation - @param key_length [in] Length of the key - @param rkey [out] Real key (used by OpenSSL/YaSSL) - - @return - 0 Ok - -1 Error; Note: The current impementation never returns this -*/ - -static int my_aes_create_key(const char *key, int key_length, uint8 *rkey) -{ - uint8 *rkey_end= rkey + AES_KEY_LENGTH / 8; /* Real key boundary */ - uint8 *ptr; /* Start of the real key*/ - const char *sptr; /* Start of the working key */ - const char *key_end= key + key_length; /* Working key boundary*/ - - memset(rkey, 0, AES_KEY_LENGTH / 8); /* Set initial key */ - - for (ptr= rkey, sptr= key; sptr < key_end; ptr ++, sptr ++) - { - if (ptr == rkey_end) - /* Just loop over tmp_key until we used all key */ - ptr= rkey; - *ptr ^= (uint8) *sptr; - } -#ifdef AES_USE_KEY_BITS - /* - This block is intended to allow more weak encryption if application - build with libmysqld needs to correspond to export regulations - It should be never used in normal distribution as does not give - any speed improvement. - To get worse security define AES_USE_KEY_BITS to number of bits - you want key to be. It should be divisible by 8 - - WARNING: Changing this value results in changing of enryption for - all key lengths so altering this value will result in impossibility - to decrypt data encrypted with previous value - */ -#define AES_USE_KEY_BYTES (AES_USE_KEY_BITS/8) - /* - To get weaker key we use first AES_USE_KEY_BYTES bytes of created key - and cyclically copy them until we created all required key length - */ - for (ptr= rkey+AES_USE_KEY_BYTES, sptr=rkey ; ptr < rkey_end; - ptr ++, sptr ++) - { - if (sptr == rkey + AES_USE_KEY_BYTES) - sptr= rkey; - *ptr= *sptr; - } -#endif - return 0; -} - /** Encryption interface that doesn't do anything (for testing) @@ -258,153 +176,6 @@ get_aes_encrypt_func(enum_my_aes_encryption_algorithm method) return NULL; } - -/**************************************************************** - Encryption function visible to MariaDB users -****************************************************************/ - -int my_aes_encrypt(const uchar* source, int source_length, uchar* dest, - const char* key, int key_length) -{ -#if defined(HAVE_YASSL) - TaoCrypt::AES_ECB_Encryption enc; - - /* 128 bit block used for padding */ - uint8 block[MY_AES_BLOCK_SIZE]; - int num_blocks; /* number of complete blocks */ - int i; -#elif defined(HAVE_OPENSSL) - MyCipherCtx ctx; - int u_len, f_len; -#endif - - /* The real key to be used for encryption */ - uint8 rkey[AES_KEY_LENGTH / 8]; - int rc; /* result codes */ - - if ((rc= my_aes_create_key(key, key_length, rkey))) - return rc; - -#if defined(HAVE_YASSL) - enc.SetKey((const TaoCrypt::byte *) rkey, MY_AES_BLOCK_SIZE); - - num_blocks = source_length / MY_AES_BLOCK_SIZE; - - for (i = num_blocks; i > 0; i--) /* Encode complete blocks */ - { - enc.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - source += MY_AES_BLOCK_SIZE; - dest += MY_AES_BLOCK_SIZE; - } - - /* Encode the rest. We always have incomplete block */ - char pad_len = MY_AES_BLOCK_SIZE - (source_length - - MY_AES_BLOCK_SIZE * num_blocks); - memcpy(block, source, 16 - pad_len); - memset(block + MY_AES_BLOCK_SIZE - pad_len, pad_len, pad_len); - - enc.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) block, - MY_AES_BLOCK_SIZE); - - return MY_AES_BLOCK_SIZE * (num_blocks + 1); -#elif defined(HAVE_OPENSSL) - if (! EVP_EncryptInit(&ctx.ctx, EVP_aes_128_ecb(), - (const unsigned char *) rkey, NULL)) - return AES_BAD_DATA; /* Error */ - if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, - (unsigned const char *) source, source_length)) - return AES_BAD_DATA; /* Error */ - if (! EVP_EncryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) - return AES_BAD_DATA; /* Error */ - - return u_len + f_len; -#endif -} - - -/** - DeCrypt buffer with AES encryption algorithm. - - SYNOPSIS - my_aes_decrypt() - @param source [in] Pointer to data for decryption - @param source_length [in] Size of encrypted data - @param dest [out] Buffer to place decrypted data (must - be large enough) - @param key [in] Key to be used for decryption - @param key_length [in] Length of the key. Will handle keys of any length - - @return - >= 0 Size of encrypted data - < 0 Error -*/ - -int my_aes_decrypt(const uchar *source, int source_length, uchar *dest, - const char *key, int key_length) -{ -#if defined(HAVE_YASSL) - TaoCrypt::AES_ECB_Decryption dec; - /* 128 bit block used for padding */ - uint8 block[MY_AES_BLOCK_SIZE]; - int num_blocks; /* Number of complete blocks */ - int i; -#elif defined(HAVE_OPENSSL) - MyCipherCtx ctx; - int u_len, f_len; -#endif - - /* The real key to be used for decryption */ - uint8 rkey[AES_KEY_LENGTH / 8]; - int rc; /* Result codes */ - - if ((rc= my_aes_create_key(key, key_length, rkey))) - return rc; - -#if defined(HAVE_YASSL) - dec.SetKey((const TaoCrypt::byte *) rkey, MY_AES_BLOCK_SIZE); - - num_blocks = source_length / MY_AES_BLOCK_SIZE; - - if ((source_length != num_blocks * MY_AES_BLOCK_SIZE) || num_blocks == 0 ) - /* Input size has to be even and at least one block */ - return AES_BAD_DATA; - - /* Decode all but last blocks */ - for (i = num_blocks - 1; i > 0; i--) - { - dec.Process((TaoCrypt::byte *) dest, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - source += MY_AES_BLOCK_SIZE; - dest += MY_AES_BLOCK_SIZE; - } - - dec.Process((TaoCrypt::byte *) block, (const TaoCrypt::byte *) source, - MY_AES_BLOCK_SIZE); - - /* Use last char in the block as size */ - uint pad_len = (uint) (uchar) block[MY_AES_BLOCK_SIZE - 1]; - - if (pad_len > MY_AES_BLOCK_SIZE) - return AES_BAD_DATA; - /* We could also check whole padding but we do not really need this */ - - memcpy(dest, block, MY_AES_BLOCK_SIZE - pad_len); - return MY_AES_BLOCK_SIZE * num_blocks - pad_len; -#elif defined(HAVE_OPENSSL) - if (! EVP_DecryptInit(&ctx.ctx, EVP_aes_128_ecb(), - (const unsigned char *) rkey, NULL)) - return AES_BAD_DATA; /* Error */ - if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, - (unsigned const char *) source, source_length)) - return AES_BAD_DATA; /* Error */ - if (! EVP_DecryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) - return AES_BAD_DATA; /* Error */ - return u_len + f_len; -#endif -} - - /** Get size of buffer which will be large enough for encrypted data diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 32b6d6348ac..544284b2c0b 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -366,29 +366,48 @@ void Item_func_sha2::fix_length_and_dec() } /* Implementation of AES encryption routines */ +void Item_aes_crypt::create_key(String *user_key, uchar *real_key) +{ + uchar *real_key_end= real_key + AES_KEY_LENGTH / 8; + uchar *ptr; + const char *sptr= user_key->ptr(); + const char *key_end= sptr + user_key->length(); -String *Item_func_aes_encrypt::val_str(String *str) + bzero(real_key, AES_KEY_LENGTH / 8); + + for (ptr= real_key; sptr < key_end; ptr++, sptr++) + { + if (ptr == real_key_end) + ptr= real_key; + *ptr ^= (uchar) *sptr; + } +} + + +String *Item_aes_crypt::val_str(String *str) { DBUG_ASSERT(fixed == 1); - char key_buff[80]; - String tmp_key_value(key_buff, sizeof(key_buff), system_charset_info); - String *sptr= args[0]->val_str(str); // String to encrypt - String *key= args[1]->val_str(&tmp_key_value); // key - int aes_length; - if (sptr && key) // we need both arguments to be not NULL + StringBuffer<80> user_key_buf; + String *sptr= args[0]->val_str(str); + String *user_key= args[1]->val_str(&user_key_buf); + uint32 aes_length; + + if (sptr && user_key) // we need both arguments to be not NULL { null_value=0; aes_length=my_aes_get_size(sptr->length()); // Calculate result length if (!str_value.alloc(aes_length)) // Ensure that memory is free { - // finally encrypt directly to allocated buffer. - if (my_aes_encrypt((const uchar*) sptr->ptr(), sptr->length(), (uchar*) str_value.ptr(), - key->ptr(), key->length()) == aes_length) + uchar rkey[AES_KEY_LENGTH / 8]; + create_key(user_key, rkey); + + if (crypt((uchar*)sptr->ptr(), sptr->length(), + (uchar*)str_value.ptr(), &aes_length, + rkey, AES_KEY_LENGTH / 8, 0, 0, 0) == AES_OK) { - // We got the expected result length - str_value.length((uint) aes_length); - return &str_value; + str_value.length((uint) aes_length); + return &str_value; } } } @@ -396,43 +415,10 @@ String *Item_func_aes_encrypt::val_str(String *str) return 0; } - void Item_func_aes_encrypt::fix_length_and_dec() { max_length=my_aes_get_size(args[0]->max_length); -} - - -String *Item_func_aes_decrypt::val_str(String *str) -{ - DBUG_ASSERT(fixed == 1); - char key_buff[80]; - String tmp_key_value(key_buff, sizeof(key_buff), system_charset_info); - String *sptr, *key; - DBUG_ENTER("Item_func_aes_decrypt::val_str"); - - sptr= args[0]->val_str(str); // String to decrypt - key= args[1]->val_str(&tmp_key_value); // Key - if (sptr && key) // Need to have both arguments not NULL - { - null_value=0; - if (!str_value.alloc(sptr->length())) // Ensure that memory is free - { - // finally decrypt directly to allocated buffer. - int length; - length=my_aes_decrypt((const uchar*)sptr->ptr(), sptr->length(), - (uchar*) str_value.ptr(), - key->ptr(), key->length()); - if (length >= 0) // if we got correct data data - { - str_value.length((uint) length); - DBUG_RETURN(&str_value); - } - } - } - // Bad parameters. No memory or bad data will all go here - null_value=1; - DBUG_RETURN(0); + crypt= my_aes_encrypt_ecb; } @@ -440,6 +426,7 @@ void Item_func_aes_decrypt::fix_length_and_dec() { max_length=args[0]->max_length; maybe_null= 1; + crypt= my_aes_decrypt_ecb; } diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index b79009c6778..e11d2c41bc6 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -134,21 +134,33 @@ public: const char *func_name() const { return "from_base64"; } }; +#include -class Item_func_aes_encrypt :public Item_str_func +class Item_aes_crypt :public Item_str_func +{ + enum { AES_KEY_LENGTH = 128 }; + void create_key(String *user_key, uchar* key); + +protected: + my_aes_encrypt_dynamic_type crypt; + +public: + Item_aes_crypt(Item *a, Item *b) :Item_str_func(a,b) {} + String *val_str(String *); +}; + +class Item_func_aes_encrypt :public Item_aes_crypt { public: - Item_func_aes_encrypt(Item *a, Item *b) :Item_str_func(a,b) {} - String *val_str(String *); + Item_func_aes_encrypt(Item *a, Item *b) :Item_aes_crypt(a,b) {} void fix_length_and_dec(); const char *func_name() const { return "aes_encrypt"; } }; -class Item_func_aes_decrypt :public Item_str_func +class Item_func_aes_decrypt :public Item_aes_crypt { public: - Item_func_aes_decrypt(Item *a, Item *b) :Item_str_func(a,b) {} - String *val_str(String *); + Item_func_aes_decrypt(Item *a, Item *b) :Item_aes_crypt(a,b) {} void fix_length_and_dec(); const char *func_name() const { return "aes_decrypt"; } }; From c238e68d96cb61ff404ab8cf0e21898d832604a9 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 11:12:02 +0100 Subject: [PATCH 18/65] move debug_use_static_encryption_keys and debug_encryption_key_version to a plugin --- .../innodb/r/innodb_encryption_debug.result | 19 ++++ .../innodb/t/innodb_encryption_debug.opt | 5 + .../innodb/t/innodb_encryption_debug.test | 13 +++ ...ug_use_static_encryption_keys_basic.result | 3 - .../suite/sys_vars/r/sysvars_debug.result | 28 ------ .../t/debug_encryption_key_version_basic.test | 3 - ...ebug_use_static_encryption_keys_basic.test | 3 - .../CMakeLists.txt | 2 + .../debug_key_management_plugin.cc | 98 +++++++++++++++++++ sql/encryption_keys.cc | 29 ------ sql/encryption_keys.h | 11 --- sql/sys_vars.cc | 17 ---- 12 files changed, 137 insertions(+), 94 deletions(-) create mode 100644 mysql-test/suite/innodb/r/innodb_encryption_debug.result create mode 100644 mysql-test/suite/innodb/t/innodb_encryption_debug.opt create mode 100644 mysql-test/suite/innodb/t/innodb_encryption_debug.test delete mode 100644 mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result delete mode 100644 mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test delete mode 100644 mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test create mode 100644 plugin/debug_key_management_plugin/CMakeLists.txt create mode 100644 plugin/debug_key_management_plugin/debug_key_management_plugin.cc delete mode 100644 sql/encryption_keys.h diff --git a/mysql-test/suite/innodb/r/innodb_encryption_debug.result b/mysql-test/suite/innodb/r/innodb_encryption_debug.result new file mode 100644 index 00000000000..808ebbf3f74 --- /dev/null +++ b/mysql-test/suite/innodb/r/innodb_encryption_debug.result @@ -0,0 +1,19 @@ +show variables like 'innodb_encrypt%'; +Variable_name Value +innodb_encrypt_log OFF +innodb_encrypt_tables ON +innodb_encryption_rotate_key_age 2 +innodb_encryption_rotation_iops 100 +innodb_encryption_threads 4 +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +space name min_key_version current_key_version +1 mysql/innodb_table_stats 0 1 +2 mysql/innodb_index_stats 0 1 +0 NULL 0 1 +set global debug_key_management_plugin_version=10; +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +space name min_key_version current_key_version +1 mysql/innodb_table_stats 0 10 +2 mysql/innodb_index_stats 0 10 +0 NULL 0 10 +set global debug_key_management_plugin_version=1; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.opt b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt new file mode 100644 index 00000000000..d7c0b5bcd6a --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt @@ -0,0 +1,5 @@ +--innodb-encrypt-tables=ON +--innodb-encryption-rotate-key-age=2 +--innodb-encryption-threads=4 +--innodb-tablespaces-encryption +--plugin-load-add=$DEBUG_KEY_MANAGEMENT_PLUGIN_SO diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.test b/mysql-test/suite/innodb/t/innodb_encryption_debug.test new file mode 100644 index 00000000000..cc455d87945 --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.test @@ -0,0 +1,13 @@ +-- source include/have_innodb.inc +if (`select count(*) = 0 from information_schema.plugins + where plugin_name = 'debug_key_management_plugin' and plugin_status='active'`) +{ + --skip Needs debug_key_management_plugin +} + +show variables like 'innodb_encrypt%'; +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +set global debug_key_management_plugin_version=10; +select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; +set global debug_key_management_plugin_version=1; + diff --git a/mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result b/mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result deleted file mode 100644 index a0d4f45cdbf..00000000000 --- a/mysql-test/suite/sys_vars/r/debug_use_static_encryption_keys_basic.result +++ /dev/null @@ -1,3 +0,0 @@ -show global variables like "debug_use_static_encryption_keys"; -Variable_name Value -debug_use_static_encryption_keys OFF diff --git a/mysql-test/suite/sys_vars/r/sysvars_debug.result b/mysql-test/suite/sys_vars/r/sysvars_debug.result index b7f169dc22e..a46e135af0a 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_debug.result +++ b/mysql-test/suite/sys_vars/r/sysvars_debug.result @@ -57,20 +57,6 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL -VARIABLE_NAME DEBUG_ENCRYPTION_KEY_VERSION -SESSION_VALUE NULL -GLOBAL_VALUE 0 -GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE 0 -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE INT UNSIGNED -VARIABLE_COMMENT Encryption key version. Only to be used in internal testing. -NUMERIC_MIN_VALUE 0 -NUMERIC_MAX_VALUE 4294967295 -NUMERIC_BLOCK_SIZE 1 -ENUM_VALUE_LIST NULL -READ_ONLY NO -COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME DEBUG_MUTEX_DEADLOCK_DETECTOR SESSION_VALUE NULL GLOBAL_VALUE ON @@ -113,17 +99,3 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT NULL -VARIABLE_NAME DEBUG_USE_STATIC_ENCRYPTION_KEYS -SESSION_VALUE NULL -GLOBAL_VALUE OFF -GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE OFF -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Enable use of nonrandom encryption keys. Only to be used in internal testing -NUMERIC_MIN_VALUE NULL -NUMERIC_MAX_VALUE NULL -NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST OFF,ON -READ_ONLY YES -COMMAND_LINE_ARGUMENT OPTIONAL diff --git a/mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test b/mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test deleted file mode 100644 index 007724b0966..00000000000 --- a/mysql-test/suite/sys_vars/t/debug_encryption_key_version_basic.test +++ /dev/null @@ -1,3 +0,0 @@ ---source include/have_debug.inc -# This is just to satisfy all_vars -select 1; diff --git a/mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test b/mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test deleted file mode 100644 index 2e0d51e89b7..00000000000 --- a/mysql-test/suite/sys_vars/t/debug_use_static_encryption_keys_basic.test +++ /dev/null @@ -1,3 +0,0 @@ -# This is just to satisfy all_vars ---source include/have_debug.inc -show global variables like "debug_use_static_encryption_keys"; diff --git a/plugin/debug_key_management_plugin/CMakeLists.txt b/plugin/debug_key_management_plugin/CMakeLists.txt new file mode 100644 index 00000000000..d61adf00537 --- /dev/null +++ b/plugin/debug_key_management_plugin/CMakeLists.txt @@ -0,0 +1,2 @@ +MYSQL_ADD_PLUGIN(DEBUG_KEY_MANAGEMENT_PLUGIN debug_key_management_plugin.cc + MODULE_ONLY) diff --git a/plugin/debug_key_management_plugin/debug_key_management_plugin.cc b/plugin/debug_key_management_plugin/debug_key_management_plugin.cc new file mode 100644 index 00000000000..98873687556 --- /dev/null +++ b/plugin/debug_key_management_plugin/debug_key_management_plugin.cc @@ -0,0 +1,98 @@ +/* + Copyright (c) 2015 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/** + Debug key management plugin. + It's used to debug the encryption code with a fixed keys that change + only on user request. + + THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET! + DO NOT USE THIS PLUGIN IN PRODUCTION! EVER! +*/ + +#include +#include +#include +#include + +static uint key_version; + +static MYSQL_SYSVAR_UINT(version, key_version, PLUGIN_VAR_RQCMDARG, + "Latest key version", NULL, NULL, 1, 0, UINT_MAX, 1); + +static struct st_mysql_sys_var* sysvars[] = { + MYSQL_SYSVAR(version), + NULL +}; + +static unsigned int get_latest_key_version() +{ + return key_version; +} + +static int get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen) +{ + if (buflen < 4) + return 1; + memset(dstbuf, 0, buflen); + mi_int4store(dstbuf, version); + return 0; +} + +static unsigned int has_key(unsigned int ver) +{ + return 1; +} + +static unsigned int get_key_size(unsigned int ver) +{ + return 16; +} + +static int get_iv(unsigned int ver, unsigned char* dstbuf, unsigned buflen) +{ + return 0; // to be removed +} + +struct st_mariadb_encryption_key_management debug_key_management_plugin= { + MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, + get_latest_key_version, + has_key, + get_key_size, + get_key, + get_iv +}; + +/* + Plugin library descriptor +*/ +maria_declare_plugin(debug_key_management_plugin) +{ + MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, + &debug_key_management_plugin, + "debug_key_management_plugin", + "Sergei Golubchik", + "Debug key management plugin", + PLUGIN_LICENSE_GPL, + NULL, + NULL, + 0x0100, + NULL, + sysvars, + "1.0", + MariaDB_PLUGIN_MATURITY_EXPERIMENTAL +} +maria_declare_plugin_end; diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index 07a5d346a05..631fee7623b 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -1,30 +1,14 @@ #include #include -#include "encryption_keys.h" #include "log.h" #include "sql_plugin.h" -#ifndef DBUG_OFF -my_bool debug_use_static_encryption_keys = 0; -uint opt_debug_encryption_key_version = 0; -#endif - /* there can be only one encryption key management plugin enabled */ static plugin_ref encryption_key_manager= 0; static struct st_mariadb_encryption_key_management *handle; unsigned int get_latest_encryption_key_version() { -#ifndef DBUG_OFF - if (debug_use_static_encryption_keys) - { - //mysql_mutex_lock(&LOCK_global_system_variables); - uint res = opt_debug_encryption_key_version; - //mysql_mutex_unlock(&LOCK_global_system_variables); - return res; - } -#endif - if (encryption_key_manager) return handle->get_latest_key_version(); @@ -49,19 +33,6 @@ unsigned int get_encryption_key_size(uint version) int get_encryption_key(uint version, uchar* key, uint size) { -#ifndef DBUG_OFF - if (debug_use_static_encryption_keys) - { - memset(key, 0, size); - // Just don't support tiny keys, no point anyway. - if (size < 4) - return 1; - - mi_int4store(key, version); - return 0; - } -#endif - if (encryption_key_manager) return handle->get_key(version, key, size); diff --git a/sql/encryption_keys.h b/sql/encryption_keys.h deleted file mode 100644 index 10907c1332a..00000000000 --- a/sql/encryption_keys.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef SQL_CRYPTOKEY_INCLUDED -#define SQL_CRYPTOKEY_INCLUDED - -#include "my_global.h" - -#ifndef DBUG_OFF - extern my_bool debug_use_static_encryption_keys; -extern uint opt_debug_encryption_key_version; -#endif /* DBUG_OFF */ - -#endif // SQL_CRYPTOKEY_INCLUDED diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 734b6ed9171..9cba8739eee 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -62,7 +62,6 @@ #include "sql_repl.h" #include "opt_range.h" #include "rpl_parallel.h" -#include "encryption_keys.h" /* The rule for this file: everything should be 'static'. When a sys_var @@ -1126,22 +1125,6 @@ static Sys_var_mybool Sys_log_bin( READ_ONLY GLOBAL_VAR(opt_bin_log), NO_CMD_LINE, DEFAULT(FALSE)); -#ifndef DBUG_OFF -static Sys_var_mybool Sys_debug_use_static_keys( - "debug_use_static_encryption_keys", - "Enable use of nonrandom encryption keys. Only to be used in " - "internal testing", - READ_ONLY GLOBAL_VAR(debug_use_static_encryption_keys), - CMD_LINE(OPT_ARG), DEFAULT(FALSE)); - -static Sys_var_uint Sys_debug_encryption_key_version( - "debug_encryption_key_version", - "Encryption key version. Only to be used in internal testing.", - GLOBAL_VAR(opt_debug_encryption_key_version), - CMD_LINE(REQUIRED_ARG), VALID_RANGE(0,UINT_MAX), DEFAULT(0), - BLOCK_SIZE(1)); -#endif - static Sys_var_mybool Sys_trust_function_creators( "log_bin_trust_function_creators", "If set to FALSE (the default), then when --log-bin is used, creation " From 5d8dbee97ba41fc36358cec94ae05e53a8bde0f8 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 14:01:39 +0100 Subject: [PATCH 19/65] remove get_iv() from the key management plugin API now IVs are always handled internally --- include/mysql/plugin_audit.h.pp | 2 -- include/mysql/plugin_auth.h.pp | 2 -- .../mysql/plugin_encryption_key_management.h | 9 ------ .../plugin_encryption_key_management.h.pp | 3 -- include/mysql/plugin_ftparser.h.pp | 2 -- include/mysql/plugin_password_validation.h.pp | 2 -- include/mysql/service_encryption_keys.h | 3 -- .../debug_key_management_plugin.cc | 8 +---- .../example_key_management_plugin.cc | 17 +---------- .../file_key_management_plugin.cc | 29 +------------------ sql/encryption_keys.cc | 8 ----- sql/sql_plugin_services.h | 3 +- 12 files changed, 4 insertions(+), 84 deletions(-) diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index 8a04186ff77..22bd8d52a30 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -203,13 +203,11 @@ extern struct encryption_keys_service_st { unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_size_func)(unsigned int); int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); - int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key_size(unsigned int version); int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); -int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index 8fbd7cd38c2..e14d5359c19 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -203,13 +203,11 @@ extern struct encryption_keys_service_st { unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_size_func)(unsigned int); int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); - int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key_size(unsigned int version); int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); -int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_encryption_key_management.h b/include/mysql/plugin_encryption_key_management.h index af7730e5ee7..b989fa14db1 100644 --- a/include/mysql/plugin_encryption_key_management.h +++ b/include/mysql/plugin_encryption_key_management.h @@ -59,15 +59,6 @@ struct st_mariadb_encryption_key_management @return 0 on success, non-zero on failure */ int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize); - - /** - function returning an IV for a key version - - the IV is put in 'iv' buffer, that has size of 'ivbufsize' bytes. - - @return 0 on success, non-zero on failure - */ - int (*get_iv)(unsigned int version, unsigned char* iv, unsigned int ivbufsize); }; #endif diff --git a/include/mysql/plugin_encryption_key_management.h.pp b/include/mysql/plugin_encryption_key_management.h.pp index fc162e143c6..9012fe9252b 100644 --- a/include/mysql/plugin_encryption_key_management.h.pp +++ b/include/mysql/plugin_encryption_key_management.h.pp @@ -203,13 +203,11 @@ extern struct encryption_keys_service_st { unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_size_func)(unsigned int); int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); - int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key_size(unsigned int version); int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); -int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; @@ -373,5 +371,4 @@ struct st_mariadb_encryption_key_management unsigned int (*has_key_version)(unsigned int version); unsigned int (*get_key_size)(unsigned int version); int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize); - int (*get_iv)(unsigned int version, unsigned char* iv, unsigned int ivbufsize); }; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index 16374df7936..bd9ec23c811 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -203,13 +203,11 @@ extern struct encryption_keys_service_st { unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_size_func)(unsigned int); int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); - int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key_size(unsigned int version); int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); -int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index 2902a368985..b417dbb5e6d 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -203,13 +203,11 @@ extern struct encryption_keys_service_st { unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_size_func)(unsigned int); int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); - int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key_size(unsigned int version); int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); -int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h index 69cbcb70592..063f3444f5f 100644 --- a/include/mysql/service_encryption_keys.h +++ b/include/mysql/service_encryption_keys.h @@ -30,7 +30,6 @@ extern struct encryption_keys_service_st { unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_size_func)(unsigned int); int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); - int (*get_encryption_iv_func)(unsigned int, unsigned char*, unsigned int); } *encryption_keys_service; #ifdef MYSQL_DYNAMIC_PLUGIN @@ -39,7 +38,6 @@ extern struct encryption_keys_service_st { #define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) #define get_encryption_key_size(V) encryption_keys_service->get_encryption_key_size_func(V) #define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) -#define get_encryption_iv(V, I, S) encryption_keys_service->get_encryption_iv_func((V), (I), (S)) #else @@ -47,7 +45,6 @@ unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key_size(unsigned int version); int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); -int get_encryption_iv(unsigned int version, unsigned char* iv, unsigned int ivbufsize); #endif diff --git a/plugin/debug_key_management_plugin/debug_key_management_plugin.cc b/plugin/debug_key_management_plugin/debug_key_management_plugin.cc index 98873687556..66c76523540 100644 --- a/plugin/debug_key_management_plugin/debug_key_management_plugin.cc +++ b/plugin/debug_key_management_plugin/debug_key_management_plugin.cc @@ -62,18 +62,12 @@ static unsigned int get_key_size(unsigned int ver) return 16; } -static int get_iv(unsigned int ver, unsigned char* dstbuf, unsigned buflen) -{ - return 0; // to be removed -} - struct st_mariadb_encryption_key_management debug_key_management_plugin= { MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, get_latest_key_version, has_key, get_key_size, - get_key, - get_iv + get_key }; /* diff --git a/plugin/example_key_management_plugin/example_key_management_plugin.cc b/plugin/example_key_management_plugin/example_key_management_plugin.cc index 62050eb48f2..6ccdfa5f4c5 100644 --- a/plugin/example_key_management_plugin/example_key_management_plugin.cc +++ b/plugin/example_key_management_plugin/example_key_management_plugin.cc @@ -86,20 +86,6 @@ static unsigned int get_key_size(unsigned int keyID) return 16; } -static int get_iv(unsigned int keyID, unsigned char* dstbuf, unsigned buflen) -{ - if (buflen < 16) - { - return CRYPT_BUFFER_TO_SMALL; - } - - for (int i=0; i<16; i++) - dstbuf[i] = 0; - - return CRYPT_KEY_OK; -} - - static int example_key_management_plugin_init(void *p) { /* init */ @@ -131,8 +117,7 @@ struct st_mariadb_encryption_key_management example_key_management_plugin= { get_latest_key_version, has_key_func, get_key_size, - get_key, - get_iv + get_key }; /* diff --git a/plugin/file_key_management_plugin/file_key_management_plugin.cc b/plugin/file_key_management_plugin/file_key_management_plugin.cc index 780aeb81f18..17e5dd089b5 100644 --- a/plugin/file_key_management_plugin/file_key_management_plugin.cc +++ b/plugin/file_key_management_plugin/file_key_management_plugin.cc @@ -204,32 +204,6 @@ static int get_key_from_key_file(unsigned int keyID, unsigned char* dstbuf, } } -static int get_iv_from_key_file(unsigned int keyID, unsigned char* dstbuf, - unsigned buflen) -{ - keyentry* entry = KeySingleton::getInstance().getKeys((int)keyID); - - if (entry != NULL) - { - char* ivString = entry->iv; - size_t iv_len = strlen(ivString)/2; - - if (buflen < iv_len) - { - return CRYPT_BUFFER_TO_SMALL; - } - - my_aes_hex2uint(ivString, (unsigned char*)dstbuf, iv_len); - - return CRYPT_KEY_OK; - } - else - { - return CRYPT_KEY_UNKNOWN; - } -} - - static int file_key_management_plugin_init(void *p) { /* init */ @@ -265,8 +239,7 @@ struct st_mariadb_encryption_key_management file_key_management_plugin= { get_highest_key_used_in_key_file, has_key_from_key_file, get_key_size_from_key_file, - get_key_from_key_file, - get_iv_from_key_file + get_key_from_key_file }; /* diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index 631fee7623b..160c2fd55d7 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -39,14 +39,6 @@ int get_encryption_key(uint version, uchar* key, uint size) return 1; } -int get_encryption_iv(uint version, uchar* iv, uint size) -{ - if (encryption_key_manager) - return handle->get_iv(version, iv, size); - - return 1; -} - int initialize_encryption_key_management_plugin(st_plugin_int *plugin) { if (encryption_key_manager) diff --git a/sql/sql_plugin_services.h b/sql/sql_plugin_services.h index aeb2d75efc5..8da2af801cf 100644 --- a/sql/sql_plugin_services.h +++ b/sql/sql_plugin_services.h @@ -144,8 +144,7 @@ static struct encryption_keys_service_st encryption_keys_handler= get_latest_encryption_key_version, has_encryption_key, get_encryption_key_size, - get_encryption_key, - get_encryption_iv + get_encryption_key }; static struct thd_specifics_service_st thd_specifics_handler= From 7a387c01586ae5107f2c2c64d3cdd420de83e168 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 15:37:40 +0100 Subject: [PATCH 20/65] table->keep_row_order no longer need to force DYNAMIC_RECORD for temporary Aria tables. It can use a faster BLOCK_RECORD --- sql/sql_select.cc | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 7cf5f65c350..b1dc3083381 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -16979,20 +16979,15 @@ bool create_internal_tmp_table(TABLE *table, KEY *keyinfo, { enum data_file_type file_type= table->no_rows ? NO_RECORD : (share->reclength < 64 && !share->blob_fields ? STATIC_RECORD : - table->used_for_duplicate_elimination || table->keep_row_order ? - DYNAMIC_RECORD : BLOCK_RECORD); - uint create_flags= HA_CREATE_TMP_TABLE | HA_CREATE_INTERNAL_TABLE; + table->used_for_duplicate_elimination ? DYNAMIC_RECORD : BLOCK_RECORD); + uint create_flags= HA_CREATE_TMP_TABLE | HA_CREATE_INTERNAL_TABLE | + (table->keep_row_order ? HA_PRESERVE_INSERT_ORDER : 0); if (file_type != NO_RECORD && encrypt_tmp_disk_tables) { /* encryption is only supported for BLOCK_RECORD */ file_type= BLOCK_RECORD; create_flags|= HA_CREATE_ENCRYPTED; - if (table->keep_row_order) - { - create_flags|= HA_PRESERVE_INSERT_ORDER; - } - if (table->used_for_duplicate_elimination) { /* From 39865322c6026ecd0c935ba2884c20799eef7e5f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 15:57:08 +0100 Subject: [PATCH 21/65] remove a google specific script --- tests/test_innodb_log_encryption.sh | 119 ---------------------------- 1 file changed, 119 deletions(-) delete mode 100644 tests/test_innodb_log_encryption.sh diff --git a/tests/test_innodb_log_encryption.sh b/tests/test_innodb_log_encryption.sh deleted file mode 100644 index 774afa76d3b..00000000000 --- a/tests/test_innodb_log_encryption.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash -################################################################## -# - restart server with default (no encryption, no key ver and key). -# - verify various inputs will not corrupt. -# - verify transition from without crypto to with crypto and vice versa work. -# - verify transition from various key versions, including dynamically change it -# after startup, work. -################################################################## -TEST_INSTANCE_NAME="test" -TEST_INSTANCE_DIR="/tmp/instance" -TEST_INSTANCE_PATH=${TEST_INSTANCE_DIR}/${TEST_INSTANCE_NAME} -TEST_INSTANCE_SOCK_FILENAME=mysql.sock -TEST_INSTANCE_SOCK=${TEST_INSTANCE_PATH}/${TEST_INSTANCE_SOCK_FILENAME} -TEST_INSTANCE_ERR_FILE=${TEST_INSTANCE_PATH}/mysql.err -TEST_INSTANCE_DATA_DIR=${TEST_INSTANCE_PATH}/datadir - -google/instance restart ${TEST_INSTANCE_NAME} - -MYSQLD_EXTRA_ARGS="--debug_use_static_keys" google/instance restart ${TEST_INSTANCE_NAME} - -MYSQLD_EXTRA_ARGS="--innodb_encrypt_log=1" google/instance restart ${TEST_INSTANCE_NAME} - -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --innodb_encrypt_log=1" google/instance restart ${TEST_INSTANCE_NAME} - -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --debug_crypto_key_version=11" google/instance restart ${TEST_INSTANCE_NAME} - -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --debug_crypto_key_version=12 --innodb_encrypt_log=1" google/instance restart ${TEST_INSTANCE_NAME} - -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --debug_crypto_key_version=123 --innodb_encrypt_log=1" google/instance restart ${TEST_INSTANCE_NAME} - -# -- manually create a database sbtest -# mysql> create database sbtest; - -sysbench --test=oltp --oltp-table-size=1000 --mysql-user=root --mysql-socket=${TEST_INSTANCE_SOCK} prepare & - -sysbench --num-threads=10 --test=oltp --oltp-table-size=1000 --mysql-user=root --mysql-socket=${TEST_INSTANCE_SOCK} run & - -# -- change key version through mysql client -# mysql -S ${TEST_INSTANCE_SOCK} k -u root -# mysql> set global variable debug_crypto_key_version=7; -# ps aux | grep mysqld -# -- simulate a fast shutdown -# kill - -MYSQLD_EXTRA_ARGS="--debug_use_static_keys" google/instance restart ${TEST_INSTANCE_NAME} - -google/instance restart ${TEST_INSTANCE_NAME} - -grep -n corrupt ${TEST_INSTANCE_ERR_FILE} | tail -100 - -################################################################## -# - clean shutdown. -# - remove InnoDB redo log files. -# - start the server with encryption on. -# - verify no corruption. -################################################################## -MYSQLD_EXTRA_ARGS="--innodb_fast_shutdown=0" google/instance restart ${TEST_INSTANCE_NAME} -google/instance stop ${TEST_INSTANCE_NAME} -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile0 ${TEST_INSTANCE_DATA_DIR}/ib_logfile0.1 -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile1 ${TEST_INSTANCE_DATA_DIR}/ib_logfile1.1 -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --debug_crypto_key_version=777 --innodb_encrypt_log=1 --innodb_fast_shutdown=0" google/instance start ${TEST_INSTANCE_NAME} -grep -n corrupt ${TEST_INSTANCE_ERR_FILE} | tail -100 -################################################################## -# - clean shutdown. -# - remove InnoDB redo log files. -# - start the server with encryption off. -# - verify no corruption. -################################################################## -google/instance stop ${TEST_INSTANCE_NAME} -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile0 ${TEST_INSTANCE_DATA_DIR}/ib_logfile0.2 -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile1 ${TEST_INSTANCE_DATA_DIR}/ib_logfile1.2 -google/instance start ${TEST_INSTANCE_NAME} -grep -n corrupt ${TEST_INSTANCE_ERR_FILE} | tail -100 -################################################################## -# - verify fresh start of mysqld instance with encryption off. -################################################################## -google/instance stop ${TEST_INSTANCE_NAME} -mv ${TEST_INSTANCE_DIR} ${TEST_INSTANCE_DIR}.200 -google/instance start ${TEST_INSTANCE_NAME} -grep -n corrupt ${TEST_INSTANCE_ERR_FILE} | tail -100 -################################################################## -# - verify fresh start of mysqld instance with encryption on. -################################################################## -google/instance stop ${TEST_INSTANCE_NAME} -mv ${TEST_INSTANCE_DIR} ${TEST_INSTANCE_DIR}.300 -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --debug_crypto_key_version=888 --innodb_encrypt_log=1" google/instance start ${TEST_INSTANCE_NAME} -grep -n corrupt ${TEST_INSTANCE_ERR_FILE} | tail -100 -################################################################## -# - fast shutdown. -# - remove InnoDB redo log files. -# - start the server with encryption on. -# - verify no corruption. -################################################################## -google/instance stop ${TEST_INSTANCE_NAME} -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile0 ${TEST_INSTANCE_DATA_DIR}/ib_logfile0.3 -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile1 ${TEST_INSTANCE_DATA_DIR}/ib_logfile1.3 -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --debug_crypto_key_version=999 --innodb_encrypt_log=1" google/instance start ${TEST_INSTANCE_NAME} -grep -n corrupt ${TEST_INSTANCE_ERR_FILE} | tail -100 -################################################################## -# - fast shutdown while running workload. -# - remove InnoDB redo log files. -# - start the server with encryption on. -# - verify no corruption. -################################################################## -# -- manually create a database sbtest -# mysql> create database sbtest; -sysbench --test=oltp --oltp-table-size=1000 --mysql-user=root --mysql-socket=${TEST_INSTANCE_SOCK} prepare & -sysbench --num-threads=10 --test=oltp --oltp-table-size=1000 --mysql-user=root --mysql-socket=${TEST_INSTANCE_SOCK} run & -google/instance stop ${TEST_INSTANCE_NAME} -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile0 ${TEST_INSTANCE_DATA_DIR}/ib_logfile0.4 -mv ${TEST_INSTANCE_DATA_DIR}/ib_logfile1 ${TEST_INSTANCE_DATA_DIR}/ib_logfile1.4 -MYSQLD_EXTRA_ARGS="--debug_use_static_keys --debug_crypto_key_version=333 --innodb_encrypt_log=1" google/instance start ${TEST_INSTANCE_NAME} -grep -n corrupt ${TEST_INSTANCE_ERR_FILE} | tail -100 -################################################################## -# - clean up -################################################################## -google/instance stop ${TEST_INSTANCE_NAME} -MYSQLD_EXTRA_ARGS="--debug_use_static_keys" google/instance start ${TEST_INSTANCE_NAME} -google/instance stop ${TEST_INSTANCE_NAME} From f379c9a8203233f4c2eb2c9a4c6dae819bd4b78c Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 17:00:49 +0100 Subject: [PATCH 22/65] remove Aria-only handler flag --- include/my_base.h | 3 +-- sql/sql_select.cc | 1 - storage/maria/ha_maria.cc | 5 ----- storage/maria/ma_create.c | 2 +- 4 files changed, 2 insertions(+), 9 deletions(-) diff --git a/include/my_base.h b/include/my_base.h index b0a15a11dc8..a52ad51485e 100644 --- a/include/my_base.h +++ b/include/my_base.h @@ -354,8 +354,7 @@ enum ha_base_keytype { #define HA_CREATE_DELAY_KEY_WRITE 64 #define HA_CREATE_RELIES_ON_SQL_LAYER 128 #define HA_CREATE_INTERNAL_TABLE 256 -#define HA_CREATE_ENCRYPTED 512 -#define HA_PRESERVE_INSERT_ORDER 1024 +#define HA_PRESERVE_INSERT_ORDER 512 /* Flags used by start_bulk_insert */ diff --git a/sql/sql_select.cc b/sql/sql_select.cc index b1dc3083381..8688b30331e 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -16987,7 +16987,6 @@ bool create_internal_tmp_table(TABLE *table, KEY *keyinfo, { /* encryption is only supported for BLOCK_RECORD */ file_type= BLOCK_RECORD; - create_flags|= HA_CREATE_ENCRYPTED; if (table->used_for_duplicate_elimination) { /* diff --git a/storage/maria/ha_maria.cc b/storage/maria/ha_maria.cc index 4b95725a743..fba0beda802 100644 --- a/storage/maria/ha_maria.cc +++ b/storage/maria/ha_maria.cc @@ -3138,11 +3138,6 @@ int ha_maria::create(const char *name, register TABLE *table_arg, ha_create_info->page_checksum == HA_CHOICE_YES) create_flags|= HA_CREATE_PAGE_CHECKSUM; - mysql_mutex_lock(&LOCK_global_system_variables); - mysql_mutex_unlock(&LOCK_global_system_variables); - if (row_type == BLOCK_RECORD && maria_encrypt_tables) - create_flags|= HA_CREATE_ENCRYPTED; - (void) translog_log_debug_info(0, LOGREC_DEBUG_INFO_QUERY, (uchar*) thd->query(), thd->query_length()); diff --git a/storage/maria/ma_create.c b/storage/maria/ma_create.c index 35491b1d31d..f160499a94e 100644 --- a/storage/maria/ma_create.c +++ b/storage/maria/ma_create.c @@ -73,7 +73,7 @@ int maria_create(const char *name, enum data_file_type datafile_type, my_bool forced_packed; myf sync_dir= 0; uchar *log_data= NULL; - my_bool encrypted= MY_TEST(flags & HA_CREATE_ENCRYPTED); + my_bool encrypted= maria_encrypt_tables && datafile_type == BLOCK_RECORD; my_bool insert_order= MY_TEST(flags & HA_PRESERVE_INSERT_ORDER); uint crypt_page_header_space= 0; DBUG_ENTER("maria_create"); From 2643cc545fe76ee59883497cf50fc64c7be975b2 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 17:20:23 +0100 Subject: [PATCH 23/65] Don't crash the server if en-/decryption fails in Aria --- storage/maria/ma_crypt.c | 74 +++++++++++++++++++++------------------- storage/maria/ma_open.c | 3 +- 2 files changed, 40 insertions(+), 37 deletions(-) diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index f21f2c4d964..23338bc8b15 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -33,17 +33,6 @@ struct st_maria_crypt_data uchar iv[1]; // var size }; -static -void -fatal(const char * fmt, ...) -{ - va_list args; - va_start(args,fmt); - vfprintf(stderr, fmt, args); - va_end(args); - abort(); -} - uint ma_crypt_get_data_page_header_space() { @@ -143,18 +132,21 @@ ma_crypt_read(MARIA_SHARE* share, uchar *buff) /* currently only supported type */ if (type != CRYPT_SCHEME_1) { - fatal("Unsupported crypt scheme! type: %d iv_length: %d\n", - type, iv_length); + my_printf_error(HA_ERR_UNSUPPORTED, + "Unsupported crypt scheme! type: %d iv_length: %d\n", + MYF(ME_FATALERROR|ME_NOREFRESH), + type, iv_length); + return 0; } share->crypt_page_header_space= CRYPT_SCHEME_1_KEY_VERSION_SIZE; return buff + 2 + iv_length; } -static void ma_encrypt(MARIA_CRYPT_DATA *, const uchar *, uchar *, uint, - uint, LSN, uint *); -static void ma_decrypt(MARIA_CRYPT_DATA *, const uchar *, uchar *, uint, - uint, LSN, uint); +static int ma_encrypt(MARIA_CRYPT_DATA *, const uchar *, uchar *, uint, + uint, LSN, uint *); +static int ma_decrypt(MARIA_CRYPT_DATA *, const uchar *, uchar *, uint, + uint, LSN, uint); static my_bool ma_crypt_pre_read_hook(PAGECACHE_IO_HOOK_ARGS *args) { @@ -196,9 +188,9 @@ static my_bool ma_crypt_data_post_read_hook(int res, /* 1 - copy head */ memcpy(dst, src, head); /* 2 - decrypt page */ - ma_decrypt(share->crypt_data, - src + head, dst + head, size - (head + tail), pageno, lsn, - key_version); + res= ma_decrypt(share->crypt_data, + src + head, dst + head, size - (head + tail), pageno, lsn, + key_version); /* 3 - copy tail */ memcpy(dst + size - tail, src + size - tail, tail); /* 4 clear key version to get correct crc */ @@ -263,9 +255,10 @@ static my_bool ma_crypt_data_pre_write_hook(PAGECACHE_IO_HOOK_ARGS *args) /* 1 - copy head */ memcpy(dst, src, head); /* 2 - encrypt page */ - ma_encrypt(share->crypt_data, - src + head, dst + head, size - (head + tail), pageno, lsn, - &key_version); + if (ma_encrypt(share->crypt_data, + src + head, dst + head, size - (head + tail), pageno, lsn, + &key_version)) + return 1; /* 3 - copy tail */ memcpy(dst + size - tail, src + size - tail, tail); /* 4 - store key version */ @@ -329,8 +322,8 @@ static my_bool ma_crypt_index_post_read_hook(int res, /* 1 - copy head */ memcpy(dst, src, head); /* 2 - decrypt page */ - ma_decrypt(share->crypt_data, - src + head, dst + head, size, pageno, lsn, key_version); + res= ma_decrypt(share->crypt_data, + src + head, dst + head, size, pageno, lsn, key_version); /* 3 - copy tail */ memcpy(dst + block_size - tail, src + block_size - tail, tail); /* 4 clear key version to get correct crc */ @@ -382,8 +375,9 @@ static my_bool ma_crypt_index_pre_write_hook(PAGECACHE_IO_HOOK_ARGS *args) /* 1 - copy head */ memcpy(dst, src, head); /* 2 - encrypt page */ - ma_encrypt(share->crypt_data, - src + head, dst + head, size, pageno, lsn, &key_version); + if (ma_encrypt(share->crypt_data, + src + head, dst + head, size, pageno, lsn, &key_version)) + return 1; /* 3 - copy tail */ memcpy(dst + block_size - tail, src + block_size - tail, tail); /* 4 - store key version */ @@ -409,7 +403,7 @@ void ma_crypt_set_index_pagecache_callbacks(PAGECACHE_FILE *file, #define COUNTER_LEN MY_AES_BLOCK_SIZE -static void ma_encrypt(MARIA_CRYPT_DATA *crypt_data, +static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, const uchar *src, uchar *dst, uint size, uint pageno, LSN lsn, uint *key_version) @@ -434,17 +428,21 @@ static void ma_encrypt(MARIA_CRYPT_DATA *crypt_data, DBUG_ASSERT(dstlen == size); if (! (rc == AES_OK && dstlen == size)) { - fatal("failed to encrypt! rc: %d, dstlen: %d size: %d\n", - rc, dstlen, (int)size); + my_printf_error(HA_ERR_GENERIC, + "failed to encrypt! rc: %d, dstlen: %u size: %u\n", + MYF(ME_FATALERROR|ME_NOREFRESH), + rc, dstlen, size); + return 1; } *key_version= 1; + return 0; } -static void ma_decrypt(MARIA_CRYPT_DATA *crypt_data, - const uchar *src, uchar *dst, uint size, - uint pageno, LSN lsn, - uint key_version) +static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, + const uchar *src, uchar *dst, uint size, + uint pageno, LSN lsn, + uint key_version) { int rc; uint32 dstlen; @@ -466,7 +464,11 @@ static void ma_decrypt(MARIA_CRYPT_DATA *crypt_data, DBUG_ASSERT(dstlen == size); if (! (rc == AES_OK && dstlen == size)) { - fatal("failed to decrypt! rc: %d, dstlen: %d size: %d\n", - rc, dstlen, (int)size); + my_printf_error(HA_ERR_GENERIC, + "failed to encrypt! rc: %d, dstlen: %u size: %u\n", + MYF(ME_FATALERROR|ME_NOREFRESH), + rc, dstlen, size); + return 1; } + return 0; } diff --git a/storage/maria/ma_open.c b/storage/maria/ma_open.c index 271a0ee8d53..42861e92ed4 100644 --- a/storage/maria/ma_open.c +++ b/storage/maria/ma_open.c @@ -837,7 +837,8 @@ MARIA_HA *maria_open(const char *name, int mode, uint open_flags) if (MY_TEST(share->base.extra_options & MA_EXTRA_OPTIONS_ENCRYPTED)) { - disk_pos= ma_crypt_read(share, disk_pos); + if (!(disk_pos= ma_crypt_read(share, disk_pos))) + goto err; } if ((share->data_file_type == BLOCK_RECORD || From 817a63f273a3797bf2cb6317d89fca196c0b0bfc Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 26 Mar 2015 17:40:52 +0100 Subject: [PATCH 24/65] pass the correct key length to encryption routines --- storage/maria/ma_crypt.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index 23338bc8b15..c471a246bbf 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -411,7 +411,6 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, int rc; uint32 dstlen; uchar counter[COUNTER_LEN]; - uchar *key= crypt_data->iv; // create counter block memcpy(counter + 0, crypt_data->iv + CRYPT_SCHEME_1_IV_LEN, 4); @@ -420,7 +419,7 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, rc = my_aes_encrypt_dynamic(src, size, dst, &dstlen, - key, sizeof(crypt_data->iv), + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, counter, sizeof(counter), 1); @@ -447,7 +446,6 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, int rc; uint32 dstlen; uchar counter[COUNTER_LEN]; - uchar *key= crypt_data->iv; // create counter block memcpy(counter + 0, crypt_data->iv + CRYPT_SCHEME_1_IV_LEN, 4); @@ -456,7 +454,7 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, rc = my_aes_decrypt_dynamic(src, size, dst, &dstlen, - key, sizeof(crypt_data->iv), + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, counter, sizeof(counter), 1); From 88632726e88471d492a6125f0cd4a4a3c25a6923 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 27 Mar 2015 15:58:02 +0100 Subject: [PATCH 25/65] rename plugins to remove "_plugin" from the plugin name --- .../include/have_example_key_management_plugin.inc | 4 ++-- .../include/have_example_key_management_plugin.opt | 4 ++-- mysql-test/include/have_file_key_management_plugin.inc | 4 ++-- mysql-test/include/have_file_key_management_plugin.opt | 6 +++--- .../suite/innodb/r/innodb_encryption_debug.result | 4 ++-- mysql-test/suite/innodb/t/innodb_encryption_debug.opt | 2 +- mysql-test/suite/innodb/t/innodb_encryption_debug.test | 8 ++++---- mysql-test/suite/plugins/r/show_all_plugins.result | 2 +- mysql-test/suite/plugins/t/show_all_plugins.test | 2 +- plugin/debug_key_management/CMakeLists.txt | 2 ++ .../debug_key_management_plugin.cc | 4 ++-- plugin/debug_key_management_plugin/CMakeLists.txt | 2 -- plugin/example_key_management/CMakeLists.txt | 2 ++ .../example_key_management_plugin.cc | 4 ++-- plugin/example_key_management_plugin/CMakeLists.txt | 2 -- .../CMakeLists.txt | 2 +- .../EncKeys.cc | 0 .../EncKeys.h | 0 .../KeySingleton.cc | 0 .../KeySingleton.h | 0 .../file_key_management_plugin.cc | 10 +++++----- 21 files changed, 32 insertions(+), 32 deletions(-) create mode 100644 plugin/debug_key_management/CMakeLists.txt rename plugin/{debug_key_management_plugin => debug_key_management}/debug_key_management_plugin.cc (96%) delete mode 100644 plugin/debug_key_management_plugin/CMakeLists.txt create mode 100644 plugin/example_key_management/CMakeLists.txt rename plugin/{example_key_management_plugin => example_key_management}/example_key_management_plugin.cc (97%) delete mode 100644 plugin/example_key_management_plugin/CMakeLists.txt rename plugin/{file_key_management_plugin => file_key_management}/CMakeLists.txt (66%) rename plugin/{file_key_management_plugin => file_key_management}/EncKeys.cc (100%) rename plugin/{file_key_management_plugin => file_key_management}/EncKeys.h (100%) rename plugin/{file_key_management_plugin => file_key_management}/KeySingleton.cc (100%) rename plugin/{file_key_management_plugin => file_key_management}/KeySingleton.h (100%) rename plugin/{file_key_management_plugin => file_key_management}/file_key_management_plugin.cc (96%) diff --git a/mysql-test/include/have_example_key_management_plugin.inc b/mysql-test/include/have_example_key_management_plugin.inc index 3bb4529b623..756a9e39f3d 100644 --- a/mysql-test/include/have_example_key_management_plugin.inc +++ b/mysql-test/include/have_example_key_management_plugin.inc @@ -1,7 +1,7 @@ -- source encryption_algorithms.inc if (`select count(*) = 0 from information_schema.plugins - where plugin_name = 'example_key_management_plugin' and plugin_status='active'`) + where plugin_name = 'example_key_management' and plugin_status='active'`) { - --skip Needs example_key_management_plugin + --skip Needs example_key_management } diff --git a/mysql-test/include/have_example_key_management_plugin.opt b/mysql-test/include/have_example_key_management_plugin.opt index 581ee1c73b9..ce7f1ddef7e 100644 --- a/mysql-test/include/have_example_key_management_plugin.opt +++ b/mysql-test/include/have_example_key_management_plugin.opt @@ -1,2 +1,2 @@ ---plugin-load-add=$EXAMPLE_KEY_MANAGEMENT_PLUGIN_SO ---loose-example-key-management-plugin +--plugin-load-add=$EXAMPLE_KEY_MANAGEMENT_SO +--loose-example-key-management diff --git a/mysql-test/include/have_file_key_management_plugin.inc b/mysql-test/include/have_file_key_management_plugin.inc index 3b3eb036ede..cd2f9510a53 100644 --- a/mysql-test/include/have_file_key_management_plugin.inc +++ b/mysql-test/include/have_file_key_management_plugin.inc @@ -1,7 +1,7 @@ -- source encryption_algorithms.inc if (`select count(*) = 0 from information_schema.plugins - where plugin_name = 'file_key_management_plugin' and plugin_status='active'`) + where plugin_name = 'file_key_management' and plugin_status='active'`) { - --skip Needs file_key_management_plugin + --skip Needs file_key_management } diff --git a/mysql-test/include/have_file_key_management_plugin.opt b/mysql-test/include/have_file_key_management_plugin.opt index 5aa1ce18b00..76808d02a7a 100644 --- a/mysql-test/include/have_file_key_management_plugin.opt +++ b/mysql-test/include/have_file_key_management_plugin.opt @@ -1,4 +1,4 @@ ---plugin-load-add=$FILE_KEY_MANAGEMENT_PLUGIN_SO ---loose-file-key-management-plugin ---loose-file-key-management-plugin-filename=$MYSQL_TEST_DIR/std_data/keys.txt +--plugin-load-add=$FILE_KEY_MANAGEMENT_SO +--loose-file-key-management +--loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys.txt diff --git a/mysql-test/suite/innodb/r/innodb_encryption_debug.result b/mysql-test/suite/innodb/r/innodb_encryption_debug.result index 808ebbf3f74..781796bb69a 100644 --- a/mysql-test/suite/innodb/r/innodb_encryption_debug.result +++ b/mysql-test/suite/innodb/r/innodb_encryption_debug.result @@ -10,10 +10,10 @@ space name min_key_version current_key_version 1 mysql/innodb_table_stats 0 1 2 mysql/innodb_index_stats 0 1 0 NULL 0 1 -set global debug_key_management_plugin_version=10; +set global debug_key_management_version=10; select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; space name min_key_version current_key_version 1 mysql/innodb_table_stats 0 10 2 mysql/innodb_index_stats 0 10 0 NULL 0 10 -set global debug_key_management_plugin_version=1; +set global debug_key_management_version=1; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.opt b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt index d7c0b5bcd6a..11f1e90d481 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption_debug.opt +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt @@ -2,4 +2,4 @@ --innodb-encryption-rotate-key-age=2 --innodb-encryption-threads=4 --innodb-tablespaces-encryption ---plugin-load-add=$DEBUG_KEY_MANAGEMENT_PLUGIN_SO +--plugin-load-add=$DEBUG_KEY_MANAGEMENT_SO diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.test b/mysql-test/suite/innodb/t/innodb_encryption_debug.test index cc455d87945..13c2a786d6a 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption_debug.test +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.test @@ -1,13 +1,13 @@ -- source include/have_innodb.inc if (`select count(*) = 0 from information_schema.plugins - where plugin_name = 'debug_key_management_plugin' and plugin_status='active'`) + where plugin_name = 'debug_key_management' and plugin_status='active'`) { - --skip Needs debug_key_management_plugin + --skip Needs debug_key_management } show variables like 'innodb_encrypt%'; select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; -set global debug_key_management_plugin_version=10; +set global debug_key_management_version=10; select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; -set global debug_key_management_plugin_version=1; +set global debug_key_management_version=1; diff --git a/mysql-test/suite/plugins/r/show_all_plugins.result b/mysql-test/suite/plugins/r/show_all_plugins.result index 5fe80e23af0..f656811674e 100644 --- a/mysql-test/suite/plugins/r/show_all_plugins.result +++ b/mysql-test/suite/plugins/r/show_all_plugins.result @@ -21,7 +21,7 @@ Name Status Type Library License EXAMPLE NOT INSTALLED STORAGE ENGINE ha_example.so GPL UNUSABLE NOT INSTALLED DAEMON ha_example.so GPL daemon_example NOT INSTALLED DAEMON libdaemon_example.so GPL -example_key_management_plugin NOT INSTALLED ENCRYPTION KEY MANAGEMENT example_key_management_plugin.so GPL +example_key_management NOT INSTALLED ENCRYPTION KEY MANAGEMENT example_key_management.so GPL three_attempts NOT INSTALLED AUTHENTICATION dialog_examples.so GPL two_questions NOT INSTALLED AUTHENTICATION dialog_examples.so GPL show status like '%libraries%'; diff --git a/mysql-test/suite/plugins/t/show_all_plugins.test b/mysql-test/suite/plugins/t/show_all_plugins.test index 5d57def449b..103b6bead5a 100644 --- a/mysql-test/suite/plugins/t/show_all_plugins.test +++ b/mysql-test/suite/plugins/t/show_all_plugins.test @@ -2,7 +2,7 @@ if (!$DIALOG_EXAMPLES_SO) { skip requires dialog_examples.so; } if (!$HA_EXAMPLE_SO) { skip requires ha_examples.so; } if (!$LIBDAEMON_EXAMPLE_SO) { skip requires libdaemon_examples.so; } if (!$UDF_EXAMPLE_SO) { skip requires udf_example.so; } -if (!$EXAMPLE_KEY_MANAGEMENT_PLUGIN_SO) { skip requires example_key_management_plugin_so; } +if (!$EXAMPLE_KEY_MANAGEMENT_SO) { skip requires example_key_management.so; } flush status; show status like '%libraries%'; diff --git a/plugin/debug_key_management/CMakeLists.txt b/plugin/debug_key_management/CMakeLists.txt new file mode 100644 index 00000000000..101a790023d --- /dev/null +++ b/plugin/debug_key_management/CMakeLists.txt @@ -0,0 +1,2 @@ +MYSQL_ADD_PLUGIN(DEBUG_KEY_MANAGEMENT debug_key_management_plugin.cc + MODULE_ONLY) diff --git a/plugin/debug_key_management_plugin/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc similarity index 96% rename from plugin/debug_key_management_plugin/debug_key_management_plugin.cc rename to plugin/debug_key_management/debug_key_management_plugin.cc index 66c76523540..1d332e62381 100644 --- a/plugin/debug_key_management_plugin/debug_key_management_plugin.cc +++ b/plugin/debug_key_management/debug_key_management_plugin.cc @@ -73,11 +73,11 @@ struct st_mariadb_encryption_key_management debug_key_management_plugin= { /* Plugin library descriptor */ -maria_declare_plugin(debug_key_management_plugin) +maria_declare_plugin(debug_key_management) { MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, &debug_key_management_plugin, - "debug_key_management_plugin", + "debug_key_management", "Sergei Golubchik", "Debug key management plugin", PLUGIN_LICENSE_GPL, diff --git a/plugin/debug_key_management_plugin/CMakeLists.txt b/plugin/debug_key_management_plugin/CMakeLists.txt deleted file mode 100644 index d61adf00537..00000000000 --- a/plugin/debug_key_management_plugin/CMakeLists.txt +++ /dev/null @@ -1,2 +0,0 @@ -MYSQL_ADD_PLUGIN(DEBUG_KEY_MANAGEMENT_PLUGIN debug_key_management_plugin.cc - MODULE_ONLY) diff --git a/plugin/example_key_management/CMakeLists.txt b/plugin/example_key_management/CMakeLists.txt new file mode 100644 index 00000000000..a121e6c1f7d --- /dev/null +++ b/plugin/example_key_management/CMakeLists.txt @@ -0,0 +1,2 @@ +MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT example_key_management_plugin.cc + MODULE_ONLY) diff --git a/plugin/example_key_management_plugin/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc similarity index 97% rename from plugin/example_key_management_plugin/example_key_management_plugin.cc rename to plugin/example_key_management/example_key_management_plugin.cc index 6ccdfa5f4c5..6548baef20c 100644 --- a/plugin/example_key_management_plugin/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -123,11 +123,11 @@ struct st_mariadb_encryption_key_management example_key_management_plugin= { /* Plugin library descriptor */ -maria_declare_plugin(example_key_management_plugin) +maria_declare_plugin(example_key_management) { MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, &example_key_management_plugin, - "example_key_management_plugin", + "example_key_management", "Jonas Oreland", "Example key management plugin", PLUGIN_LICENSE_GPL, diff --git a/plugin/example_key_management_plugin/CMakeLists.txt b/plugin/example_key_management_plugin/CMakeLists.txt deleted file mode 100644 index 95ff433dc43..00000000000 --- a/plugin/example_key_management_plugin/CMakeLists.txt +++ /dev/null @@ -1,2 +0,0 @@ -MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT_PLUGIN example_key_management_plugin.cc - MODULE_ONLY) diff --git a/plugin/file_key_management_plugin/CMakeLists.txt b/plugin/file_key_management/CMakeLists.txt similarity index 66% rename from plugin/file_key_management_plugin/CMakeLists.txt rename to plugin/file_key_management/CMakeLists.txt index 8a0429e979e..15c0357f47b 100644 --- a/plugin/file_key_management_plugin/CMakeLists.txt +++ b/plugin/file_key_management/CMakeLists.txt @@ -1,6 +1,6 @@ SET(FILE_KEY_MANAGEMENT_PLUGIN_SOURCES file_key_management_plugin.cc EncKeys.cc KeySingleton.cc) IF(NOT SSL_SOURCES) - MYSQL_ADD_PLUGIN(FILE_KEY_MANAGEMENT_PLUGIN ${FILE_KEY_MANAGEMENT_PLUGIN_SOURCES} + MYSQL_ADD_PLUGIN(FILE_KEY_MANAGEMENT ${FILE_KEY_MANAGEMENT_PLUGIN_SOURCES} LINK_LIBRARIES pcre) ENDIF() diff --git a/plugin/file_key_management_plugin/EncKeys.cc b/plugin/file_key_management/EncKeys.cc similarity index 100% rename from plugin/file_key_management_plugin/EncKeys.cc rename to plugin/file_key_management/EncKeys.cc diff --git a/plugin/file_key_management_plugin/EncKeys.h b/plugin/file_key_management/EncKeys.h similarity index 100% rename from plugin/file_key_management_plugin/EncKeys.h rename to plugin/file_key_management/EncKeys.h diff --git a/plugin/file_key_management_plugin/KeySingleton.cc b/plugin/file_key_management/KeySingleton.cc similarity index 100% rename from plugin/file_key_management_plugin/KeySingleton.cc rename to plugin/file_key_management/KeySingleton.cc diff --git a/plugin/file_key_management_plugin/KeySingleton.h b/plugin/file_key_management/KeySingleton.h similarity index 100% rename from plugin/file_key_management_plugin/KeySingleton.h rename to plugin/file_key_management/KeySingleton.h diff --git a/plugin/file_key_management_plugin/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc similarity index 96% rename from plugin/file_key_management_plugin/file_key_management_plugin.cc rename to plugin/file_key_management/file_key_management_plugin.cc index 17e5dd089b5..806d50938dd 100644 --- a/plugin/file_key_management_plugin/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -211,13 +211,13 @@ static int file_key_management_plugin_init(void *p) if (current_aes_dynamic_method == MY_AES_ALGORITHM_NONE) { sql_print_error("No encryption method choosen with --encryption-algorithm. " - "file_key_management_plugin disabled"); + "file_key_management disabled"); return 1; } if (filename == NULL || strcmp("", filename) == 0) { - sql_print_error("Parameter file_key_management_plugin_filename is required"); + sql_print_error("Parameter file_key_management_filename is required"); return 1; } @@ -245,13 +245,13 @@ struct st_mariadb_encryption_key_management file_key_management_plugin= { /* Plugin library descriptor */ -maria_declare_plugin(file_key_management_plugin) +maria_declare_plugin(file_key_management) { MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, &file_key_management_plugin, - "file_key_management_plugin", + "file_key_management", "Denis Endro eperi GmbH", - "File key management plugin", + "File-based key management plugin", PLUGIN_LICENSE_GPL, file_key_management_plugin_init, /* Plugin Init */ file_key_management_plugin_deinit, /* Plugin Deinit */ From 5fcba6eb264e0f0af2eb83502bc8da031bef567f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sat, 28 Mar 2015 10:55:31 +0100 Subject: [PATCH 26/65] small cleanup * my_aes.h doesn't compile without my_global.h * typo in a comment * redundant condition * if encryption plugin fails, there's no encryption_key_manager at plugin deinit time * encryption plugin tests must run when plugin.so is present, not when a plugin is active (otherwise the test will be skipped when plugin fails to initialize). --- include/my_aes.h | 2 ++ include/mysql/service_thd_alloc.h | 2 +- mysql-test/include/have_example_key_management_plugin.inc | 3 +-- mysql-test/include/have_file_key_management_plugin.inc | 3 +-- mysys/my_fopen.c | 3 +-- sql/encryption_keys.cc | 5 ++--- 6 files changed, 8 insertions(+), 10 deletions(-) diff --git a/include/my_aes.h b/include/my_aes.h index e7376a6b08e..824fa5540ef 100644 --- a/include/my_aes.h +++ b/include/my_aes.h @@ -22,6 +22,8 @@ #ifndef MY_AES_INCLUDED #define MY_AES_INCLUDED +#include + typedef int Crypt_result; #define AES_OK 0 diff --git a/include/mysql/service_thd_alloc.h b/include/mysql/service_thd_alloc.h index 645fb310cbc..e92f81b52c3 100644 --- a/include/mysql/service_thd_alloc.h +++ b/include/mysql/service_thd_alloc.h @@ -16,7 +16,7 @@ /** @file - This service provdes functions to allocate memory in a connection local + This service provides functions to allocate memory in a connection local memory pool. The memory allocated there will be automatically freed at the end of the statement, don't use it for allocations that should live longer than that. For short living allocations this is more efficient than diff --git a/mysql-test/include/have_example_key_management_plugin.inc b/mysql-test/include/have_example_key_management_plugin.inc index 756a9e39f3d..d04aad2532f 100644 --- a/mysql-test/include/have_example_key_management_plugin.inc +++ b/mysql-test/include/have_example_key_management_plugin.inc @@ -1,7 +1,6 @@ -- source encryption_algorithms.inc -if (`select count(*) = 0 from information_schema.plugins - where plugin_name = 'example_key_management' and plugin_status='active'`) +if (!$EXAMPLE_KEY_MANAGEMENT_SO) { --skip Needs example_key_management } diff --git a/mysql-test/include/have_file_key_management_plugin.inc b/mysql-test/include/have_file_key_management_plugin.inc index cd2f9510a53..f85214332f7 100644 --- a/mysql-test/include/have_file_key_management_plugin.inc +++ b/mysql-test/include/have_file_key_management_plugin.inc @@ -1,7 +1,6 @@ -- source encryption_algorithms.inc -if (`select count(*) = 0 from information_schema.plugins - where plugin_name = 'file_key_management' and plugin_status='active'`) +if (!$FILE_KEY_MANAGEMENT_SO) { --skip Needs file_key_management } diff --git a/mysys/my_fopen.c b/mysys/my_fopen.c index ede434f2c32..3ec5e0ba0b1 100644 --- a/mysys/my_fopen.c +++ b/mysys/my_fopen.c @@ -87,8 +87,7 @@ FILE *my_fopen(const char *filename, int flags, myf MyFlags) my_errno=errno; DBUG_PRINT("error",("Got error %d on open",my_errno)); if (MyFlags & (MY_FFNF | MY_FAE | MY_WME)) - my_error((flags & O_RDONLY) || (flags == O_RDONLY ) ? EE_FILENOTFOUND : - EE_CANTCREATEFILE, + my_error((flags & O_RDONLY) ? EE_FILENOTFOUND : EE_CANTCREATEFILE, MYF(ME_BELL+ME_WAITTANG), filename, my_errno); DBUG_RETURN((FILE*) 0); } /* my_fopen */ diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index 160c2fd55d7..f3e8fe6a9d2 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -59,14 +59,13 @@ int initialize_encryption_key_management_plugin(st_plugin_int *plugin) int finalize_encryption_key_management_plugin(st_plugin_int *plugin) { - DBUG_ASSERT(encryption_key_manager); - if (plugin->plugin->deinit && plugin->plugin->deinit(NULL)) { DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.", plugin->name.str)); } - plugin_unlock(NULL, encryption_key_manager); + if (encryption_key_manager) + plugin_unlock(NULL, encryption_key_manager); encryption_key_manager= 0; return 0; } From 32e5304bff0effeef3354ebf6fd25fe0eb4ae124 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sat, 28 Mar 2015 18:05:53 +0100 Subject: [PATCH 27/65] mtr: fix testname,combination syntax to work in many-combination case in particular, "innodb.innodb-page_encryption,xtradb" should select these three tests: innodb.innodb-page_encryption 'cbc,xtradb' [ pass ] 35563 innodb.innodb-page_encryption 'ctr,xtradb' [ pass ] 36858 innodb.innodb-page_encryption 'ecb,xtradb' [ pass ] 36741 and deselect all innodb_plugin tests. This was not the case, because the %test_combs hash was destructively modified in the loop --- mysql-test/lib/mtr_cases.pm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/mysql-test/lib/mtr_cases.pm b/mysql-test/lib/mtr_cases.pm index 97348cd39fc..60535a2009b 100644 --- a/mysql-test/lib/mtr_cases.pm +++ b/mysql-test/lib/mtr_cases.pm @@ -618,7 +618,7 @@ sub make_combinations($$@) if (My::Options::is_set($test->{master_opt}, $comb->{comb_opt}) && My::Options::is_set($test->{slave_opt}, $comb->{comb_opt}) ){ - delete $test_combs->{$comb->{name}}; + $test_combs->{$comb->{name}} = 2; # Add combination name short name push @{$test->{combinations}}, $comb->{name}; @@ -627,8 +627,9 @@ sub make_combinations($$@) } # Skip all other combinations, if this combination is forced - if (delete $test_combs->{$comb->{name}}) { + if ($test_combs->{$comb->{name}}) { @combinations = ($comb); # run the loop below only for this combination + $test_combs->{$comb->{name}} = 2; last; } } @@ -858,9 +859,10 @@ sub collect_one_test_case { { @cases = map make_combinations($_, \%test_combs, @{$comb}), @cases; } - if (keys %test_combs) { + my @no_combs = grep { $test_combs{$_} == 1 } keys %test_combs; + if (@no_combs) { mtr_error("Could not run $name with '".( - join(',', sort keys %test_combs))."' combination(s)"); + join(',', sort @no_combs))."' combination(s)"); } for $tinfo (@cases) { From beea77869557486aa3ece65b57b7807f72fcbc75 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Mon, 30 Mar 2015 17:13:42 +0200 Subject: [PATCH 28/65] copy-paste bug in service_sha1.h --- include/mysql/service_sha1.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mysql/service_sha1.h b/include/mysql/service_sha1.h index 609e173e8ce..e000c898dd7 100644 --- a/include/mysql/service_sha1.h +++ b/include/mysql/service_sha1.h @@ -44,10 +44,10 @@ extern struct my_sha1_service_st { #define my_sha1(A,B,C) my_sha1_service->my_sha1_type(A,B,C) #define my_sha1_multi my_sha1_service->my_sha1_multi_type -#define my_sha1_context_size_type() my_sha1_service->my_sha1_context_size_type() -#define my_sha1_init_type(A) my_sha1_service->my_sha1_init_type(A) -#define my_sha1_input_type(A,B,C) my_sha1_service->my_sha1_input_type(A,B,C) -#define my_sha1_result_type(A,B) my_sha1_service->my_sha1_result_type(A,B) +#define my_sha1_context_size() my_sha1_service->my_sha1_context_size_type() +#define my_sha1_init(A) my_sha1_service->my_sha1_init_type(A) +#define my_sha1_input(A,B,C) my_sha1_service->my_sha1_input_type(A,B,C) +#define my_sha1_result(A,B) my_sha1_service->my_sha1_result_type(A,B) #else From 9bda4bc52a1c36ec61589e9006edc3f8ac5fec0b Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Mon, 30 Mar 2015 14:16:34 +0200 Subject: [PATCH 29/65] report a plugin loading offset at dlopen time not an address of some arbitrarily chosen symbol; not when plugin is successfully loaded (which means - no info when plugin->init failed); --- sql/sql_plugin.cc | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index 30ab2531a1e..5c4a7b5af97 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -43,6 +43,10 @@ #define REPORT_TO_LOG 1 #define REPORT_TO_USER 2 +#ifdef HAVE_LINK_H +#include +#endif + extern struct st_maria_plugin *mysql_optional_plugins[]; extern struct st_maria_plugin *mysql_mandatory_plugins[]; @@ -767,6 +771,14 @@ static st_plugin_dl *plugin_dl_add(const LEX_STRING *dl, int report) } dlopen_count++; +#ifdef HAVE_LINK_H + if (global_system_variables.log_warnings > 2) + { + struct link_map *lm = (struct link_map*) plugin_dl.handle; + sql_print_information("Loaded '%s' with offset 0x%lx", dl->str, lm->l_addr); + } +#endif + /* Checks which plugin interface present and reads info */ if (!(sym= dlsym(plugin_dl.handle, maria_plugin_interface_version_sym))) { @@ -1385,16 +1397,6 @@ static int plugin_initialize(MEM_ROOT *tmp_root, struct st_plugin_int *plugin, goto err; } - if (plugin->plugin_dl && global_system_variables.log_warnings >= 9) - { - void *sym= dlsym(plugin->plugin_dl->handle, - plugin->plugin_dl->mariaversion ? - maria_plugin_declarations_sym : plugin_declarations_sym); - DBUG_ASSERT(sym); - sql_print_information("Plugin %s loaded at %p", - plugin->name.str, sym); - } - if (plugin_type_initialize[plugin->plugin->type]) { if ((*plugin_type_initialize[plugin->plugin->type])(plugin)) From e02749aaf5559384ef130e53aaaf02a33e5bcac3 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sat, 28 Mar 2015 13:25:25 +0100 Subject: [PATCH 30/65] completely rewrote file_key_management plugin numerous issues fixed: * buffer overflows * error conditions aren't checked (crash if file doesn't exist) * accessing random unallocated memory * hard-coded password * arbitrary hard-coded key id limit * incomprehensible error messages (for key_id == 0 it reported "The key could not be initialized", for syntax errors the message was "Wrong match of the keyID, see the template", for a key id larger than hard-coded limit the message was "No asked key", and there was an error "Is comment" for a comment). * tons of small mallocs, many are freed few lines down in the code * malloc(N) and new char[N] are used both, even in the same function * redundant memory copies * pcre - "I can solve it with regular expressions" - with incorrect regexes * parser context stored in a singleton * keys are stored as strings and are strlen-ed and hex2bin-ed on every get_key() request * lots of useless code (e.g. sprintf instead of a pointer assignment, checking of the file length to read a part of it in a fixed buffer, multiplying by sizeof(char) in many places, etc) * this list is not exhaustive --- mysql-test/std_data/keys.txt | 12 +- plugin/file_key_management/CMakeLists.txt | 8 +- plugin/file_key_management/EncKeys.cc | 477 ------------------ plugin/file_key_management/EncKeys.h | 112 ---- plugin/file_key_management/KeySingleton.cc | 64 --- plugin/file_key_management/KeySingleton.h | 58 --- .../file_key_management_plugin.cc | 195 ++----- plugin/file_key_management/parser.cc | 365 ++++++++++++++ plugin/file_key_management/parser.h | 54 ++ 9 files changed, 461 insertions(+), 884 deletions(-) delete mode 100644 plugin/file_key_management/EncKeys.cc delete mode 100644 plugin/file_key_management/EncKeys.h delete mode 100644 plugin/file_key_management/KeySingleton.cc delete mode 100644 plugin/file_key_management/KeySingleton.h create mode 100644 plugin/file_key_management/parser.cc create mode 100644 plugin/file_key_management/parser.h diff --git a/mysql-test/std_data/keys.txt b/mysql-test/std_data/keys.txt index 419b76f698f..389f261fc53 100644 --- a/mysql-test/std_data/keys.txt +++ b/mysql-test/std_data/keys.txt @@ -1,6 +1,6 @@ -1;F5502320F8429037B8DAEF761B189D12;770A8A65DA156D24EE2A093277530142 -2;35B2FF0795FB84BBD666DB8430CA214E;4D92199549E0F2EF009B4160F3582E5528A11A45017F3EF8 -3;7E892875A52C59A3B588306B13C31FBD;B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF -4;021B0663D4DD7B54E2EBC852677E40BD;18420B5CBA31CCDFFE9716E91EB61374D05914F3ADE23E03 -5;9BF92CEA026CE732DA80821122A8CE97;966050D7777350B6FD5CCB3E5F648DA45C63BEFB6DEDDFA13443F156B7D35C84 -6;BC44D4AFD2D9FCD82A679E4DC6700D06;B5EA210C8C09EF20DB95EC584714A89F +1;770A8A65DA156D24EE2A093277530142 +2;4D92199549E0F2EF009B4160F3582E5528A11A45017F3EF8 +3;B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF +4;18420B5CBA31CCDFFE9716E91EB61374D05914F3ADE23E03 +5;966050D7777350B6FD5CCB3E5F648DA45C63BEFB6DEDDFA13443F156B7D35C84 +6;B5EA210C8C09EF20DB95EC584714A89F diff --git a/plugin/file_key_management/CMakeLists.txt b/plugin/file_key_management/CMakeLists.txt index 15c0357f47b..c2f13fb9f63 100644 --- a/plugin/file_key_management/CMakeLists.txt +++ b/plugin/file_key_management/CMakeLists.txt @@ -1,6 +1,4 @@ -SET(FILE_KEY_MANAGEMENT_PLUGIN_SOURCES file_key_management_plugin.cc EncKeys.cc KeySingleton.cc) +SET(FILE_KEY_MANAGEMENT_PLUGIN_SOURCES file_key_management_plugin.cc parser.cc) -IF(NOT SSL_SOURCES) - MYSQL_ADD_PLUGIN(FILE_KEY_MANAGEMENT ${FILE_KEY_MANAGEMENT_PLUGIN_SOURCES} - LINK_LIBRARIES pcre) -ENDIF() +INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/sql) +MYSQL_ADD_PLUGIN(FILE_KEY_MANAGEMENT ${FILE_KEY_MANAGEMENT_PLUGIN_SOURCES}) diff --git a/plugin/file_key_management/EncKeys.cc b/plugin/file_key_management/EncKeys.cc deleted file mode 100644 index 77e28878832..00000000000 --- a/plugin/file_key_management/EncKeys.cc +++ /dev/null @@ -1,477 +0,0 @@ -/* Copyright (C) 2014 eperi GmbH. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************//** - @file EncKeys.cc - A class to keep keys for encryption/decryption. - -How it works... -The location and usage can be configured via the configuration file. -Example - -[mysqld] -... -file_key_management_plugin_filename = /home/mdb/keys.enc -file_key_management_plugin_filekey = secret -file_key_management_plugin_encryption_method = aes_cbc - -... - -Optional configuration value -file_key_management_plugin_encryption_method determines the method -used for encryption. -Supported are aes_cbc, aes_ecb or aes_ctr. aes_cbc is default. -The plug-in sets the default aes encryption/decryption method to the given method. - -The keys are read from a file. -The filename is set up via the file_key_management_plugin_filename -configuration value. -file_key_management_plugin_filename is used to configure the absolute -path to this file. - -Examples: -file_key_management_plugin_filename = \\\\unc\\keys.enc (windows share) -file_key_management_plugin_filename = e:/tmp/keys.enc (windows path) -file_key_management_plugin_filename = /tmp/keys.enc (linux path) - -The key file contains AES keys and initialization vectors as -hex-encoded Strings. -Supported are keys of size 128, 192 or 256 bits. IV consists of 16 bytes. -Example: -1;F5502320F8429037B8DAEF761B189D12;770A8A65DA156D24EE2A093277530142 - -1 is the key identifier which can be used for table creation, a 16 -byte IV follows, and finally a 16 byte AES key. -255 entries are supported. - -The key file should be encrypted and the key to decrypt the file can -be given with the optional file_key_management_plugin_filekey -parameter. - -The file key can also be located if FILE: is prepended to the -key. Then the following part is interpreted as absolute path to the -file containing the file key. This file can optionally be encrypted, -currently with a fix key. - -Example: - -file_key_management_plugin_filekey = FILE:y:/secret256.enc - -If the key file can not be read at server startup, for example if the -file key is not present, page_encryption feature is not availabe and -access to page_encryption tables is not possible. - -Open SSL command line utility can be used to create an encrypted key file. -Examples: -openssl enc –aes-256-cbc –md sha1 –k secret –in keys.txt –out keys.enc -openssl enc –aes-256-cbc –md sha1 –k –in secret –out secret.enc - - Created 09/15/2014 -***********************************************************************/ - -#ifdef __WIN__ -#define PCRE_STATIC 1 -#endif - -#include -#include /* For sql_print_error */ -#include "EncKeys.h" -#include -#include -#include -#include -#include -#include - -const char* EncKeys::strMAGIC= "Salted__"; -const int EncKeys::magicSize= 8;//strlen(strMAGIC); // 8 byte -const char* EncKeys::newLine= "\n"; - -const char* EncKeys::errorNoKeyId= "KeyID %u not found or with error. Check the key and the log file.\n"; -const char* EncKeys::errorInMatches= "Wrong match of the keyID in line %u, see the template.\n"; -const char* EncKeys::errorExceedKeyFileSize= "The size of the key file %s exceeds " - "the maximum allowed of %u bytes.\n"; -const char* EncKeys::errorExceedKeySize= "The key size exceeds the maximum allowed size of %u in line %u.\n"; -const char* EncKeys::errorEqualDoubleKey= "More than one identical key with keyID %u found" - " in lines %u and %u.\nDelete one of them in the key file.\n"; -const char* EncKeys::errorUnequalDoubleKey= "More than one not identical key with keyID %u found" - " in lines %u and %u.\nChoose the right one and delete the other in the key file.\n" - "I'll take the key from line %u\n"; -#define errorNoInitializedKey "The key could not be initialized.\n" -const char* EncKeys::errorNotImplemented= "Initializing keys through key server is not" - " yet implemented.\nYou can not read encrypted tables or columns\n\n"; -const char* EncKeys::errorOpenFile= "Could not open %s for reading. You can not read encrypted tables or columns.\n\n"; -const char* EncKeys::errorReadingFile= "Could not read from %s. You can not read encrypted tables or columns\n\n"; -const char* EncKeys::errorFileSize= "Could not get the file size from %s. You can not read encrypted tables or columns\n\n"; -const char* EncKeys::errorFalseFileKey= "Wrong encryption / decryption key for keyfile '%s'.\n"; - -/* read this from a secret source in some later version */ -const char* EncKeys::initialPwd= "lg28s9ac5ffa537fd8798875c98e190df289da7e047c05"; - -EncKeys::EncKeys() -{ - countKeys= keyLineInKeyFile= 0; - for (int ii= 0; ii < MAX_KEYS; ii++) { - keys[ii].id= 0; - keys[ii].iv= keys[ii].key= NULL; - } - oneKey= NULL; -} - - -EncKeys::~EncKeys() -{ - for (int ii= MAX_KEYS - 1; ii >= 0 ; ii--) { - delete[] keys[ii].iv; - keys[ii].iv= NULL; - delete[] keys[ii].key; - keys[ii].key= NULL; - } -} - - -bool EncKeys::initKeys(const char *filename, const char *filekey) -{ - if (filename==NULL) - return false; - - const char *MAGIC= "FILE:"; - const short MAGIC_LEN= 5; - - char *secret= (char*) malloc(MAX_SECRET_SIZE +1 * sizeof(char)); - - if (filekey != NULL) - { - //If secret starts with FILE: interpret the secret as filename. - if(memcmp(MAGIC, filekey, MAGIC_LEN) == 0) - { - int fk_len= strlen(filekey); - char *secretfile= (char*)malloc((1 + fk_len - MAGIC_LEN)* sizeof(char)); - memcpy(secretfile, filekey+MAGIC_LEN, fk_len - MAGIC_LEN); - secretfile[fk_len-MAGIC_LEN]= '\0'; - parseSecret(secretfile, secret); - free(secretfile); - } else - { - sprintf(secret, "%s", filekey); - } - } - - int ret= parseFile((const char *)filename, 254, secret); - free(secret); - return (ret==NO_ERROR_KEY_FILE_PARSE_OK); -} - - -/* - secret is limited to MAX_SECRET_SIZE characters -*/ - -void EncKeys::parseSecret(const char *secretfile, char *secret) -{ - size_t maxSize= (MAX_SECRET_SIZE +16 + magicSize*2) ; - char* buf= (char*)malloc((maxSize) * sizeof(char)); - char* _initPwd= (char*)malloc((strlen(initialPwd)+1) * sizeof(char)); - FILE *fp= fopen(secretfile, "rb"); - fseek(fp, 0L, SEEK_END); - long file_size= ftell(fp); - rewind(fp); - size_t bytes_to_read= ((maxSize >= (size_t) file_size) ? (size_t) file_size : - maxSize); - bytes_to_read= fread(buf, 1, bytes_to_read, fp); - if (memcmp(buf, strMAGIC, magicSize)) - { - bytes_to_read= (bytes_to_read>MAX_SECRET_SIZE) ? MAX_SECRET_SIZE : - bytes_to_read; - memcpy(secret, buf, bytes_to_read); - secret[bytes_to_read]= '\0'; - } - else - { - unsigned char salt[magicSize]; - unsigned char *key= new unsigned char[keySize32]; - unsigned char *iv= new unsigned char[ivSize16]; - memcpy(&salt, buf + magicSize, magicSize); - memcpy(_initPwd, initialPwd, strlen(initialPwd)); - _initPwd[strlen(initialPwd)]= '\0'; - my_bytes_to_key((unsigned char *) salt, _initPwd, key, iv); - uint32 d_size= 0; - my_aes_decrypt_dynamic_type func= get_aes_decrypt_func(MY_AES_ALGORITHM_CBC); - int re= (* func)((const uchar*)buf + 2 * magicSize, - bytes_to_read - 2 * magicSize, - (uchar*)secret, &d_size, (const uchar*)key, keySize32, - iv, ivSize16, 0); - if (re) - d_size= 0; - if (d_size>EncKeys::MAX_SECRET_SIZE) - { - d_size= EncKeys::MAX_SECRET_SIZE; - } - secret[d_size]= '\0'; - delete[] key; - delete[] iv; - } - free(buf); - free(_initPwd); - fclose(fp); -} - - -/** - * Returns a struct keyentry with the asked 'id' or NULL. - */ -keyentry *EncKeys::getKeys(int id) -{ - if (KEY_MIN <= id && KEY_MAX >= id && (&keys[id - 1])->iv) - { - return &keys[id - 1]; - } -#ifndef DBUG_OFF - else - { - sql_print_error(errorNoKeyId, id); - } -#endif - return NULL; -} - -/** - Get the keys from the key file and decrypt it with the - key . Store the keys with id smaller then in an - array of structs keyentry. Returns NO_ERROR_PARSE_OK or an - appropriate error code. - */ - -int EncKeys::parseFile(const char* filename, const uint32 maxKeyId, - const char *secret) -{ - int errorCode= 0; - char *buffer= decryptFile(filename, secret, &errorCode); - - if (errorCode != NO_ERROR_PARSE_OK) - return errorCode; - errorCode= NO_ERROR_KEY_FILE_PARSE_OK; - - char *line= strtok(buffer, newLine); - while (NULL != line) - { - keyLineInKeyFile++; - switch (parseLine(line, maxKeyId)) { - case NO_ERROR_PARSE_OK: - keys[oneKey->id - 1]= *oneKey; - delete(oneKey); - countKeys++; - break; - case ERROR_ID_TOO_BIG: - sql_print_error(errorExceedKeySize, KEY_MAX, - keyLineInKeyFile); - sql_print_error(" ---> %s\n", line); - errorCode= ERROR_KEY_FILE_EXCEEDS_MAX_NUMBERS_OF_KEYS; - break; - case ERROR_NOINITIALIZEDKEY: - sql_print_error(errorNoInitializedKey); - sql_print_error(" ----> %s\n", line); - errorCode= ERROR_KEY_FILE_PARSE_NULL; - break; - case ERROR_WRONG_NUMBER_OF_MATCHES: - sql_print_error(errorInMatches, keyLineInKeyFile); - sql_print_error(" -----> %s\n", line); - errorCode= ERROR_KEY_FILE_PARSE_NULL; - break; - case NO_ERROR_KEY_GREATER_THAN_ASKED: - sql_print_error("No asked key in line %u: %s\n", - keyLineInKeyFile, line); - break; - case NO_ERROR_ISCOMMENT: - sql_print_error("Is comment in line %u: %s\n", - keyLineInKeyFile, line); - default: - break; - } - line= strtok(NULL, newLine); - } - - free(line); - line= NULL; - delete[] buffer; - buffer= NULL; - return errorCode; -} - - -int EncKeys::parseLine(const char *line, const uint32 maxKeyId) -{ - int ret= NO_ERROR_PARSE_OK; - if (isComment(line)) - ret= NO_ERROR_ISCOMMENT; - else - { - const char *error_p= NULL; - int offset; - pcre *pattern= pcre_compile( - "([0-9]+);([0-9,a-f,A-F]{32});([0-9,a-f,A-F]{64}|[0-9,a-f,A-F]{48}|[0-9,a-f,A-F]{32})", - 0, &error_p, &offset, NULL); - if (NULL != error_p) - sql_print_error("Error: %s\nOffset: %d\n", error_p, offset); - - int m_len= (int) strlen(line), ovector[MAX_OFFSETS_IN_PCRE_PATTERNS]; - int rc= pcre_exec(pattern, NULL, line, m_len, 0, 0, ovector, - MAX_OFFSETS_IN_PCRE_PATTERNS); - pcre_free(pattern); - if (4 == rc) - { - char lin[MAX_KEY_LINE_SIZE + 1]; - strncpy(lin, line, MAX_KEY_LINE_SIZE); - lin[MAX_KEY_LINE_SIZE]= '\0'; - char *substring_start= lin + ovector[2]; - int substr_length= ovector[3] - ovector[2]; - if (3 < substr_length) - ret= ERROR_ID_TOO_BIG; - else - { - char buffer[4]; - sprintf(buffer, "%.*s", substr_length, substring_start); - uint32 id= atoi(buffer); - if (0 == id) ret= ERROR_NOINITIALIZEDKEY; - else if (KEY_MAX < id) ret= ERROR_ID_TOO_BIG; - else if (maxKeyId < id) ret= NO_ERROR_KEY_GREATER_THAN_ASKED; - else - { - oneKey= new keyentry; - oneKey->id= id; - substring_start= lin + ovector[4]; - substr_length= ovector[5] - ovector[4]; - oneKey->iv= new char[substr_length + 1]; - sprintf(oneKey->iv, "%.*s", substr_length, substring_start); - substring_start= lin + ovector[6]; - substr_length= ovector[7] - ovector[6]; - oneKey->key= new char[substr_length + 1]; - sprintf(oneKey->key, "%.*s", substr_length, substring_start); - } - } - } - else - ret= ERROR_WRONG_NUMBER_OF_MATCHES; - } - return ret; -} - -/** - Decrypt the key file 'filename' if it is encrypted with the key - 'secret'. Store the content of the decrypted file in 'buffer'. The - buffer has to be freed in the calling function. - */ - -char* EncKeys::decryptFile(const char* filename, const char *secret, - int *errorCode) -{ - *errorCode= NO_ERROR_PARSE_OK; - FILE *fp= fopen(filename, "rb"); - if (NULL == fp) - { - sql_print_error(errorOpenFile, filename); - *errorCode= ERROR_OPEN_FILE; - return NULL; - } - - if (fseek(fp, 0L, SEEK_END)) - { - *errorCode= ERROR_READING_FILE; - return NULL; - } - long file_size= ftell(fp); // get the file size - if (MAX_KEY_FILE_SIZE < file_size) - { - sql_print_error(errorExceedKeyFileSize, filename, MAX_KEY_FILE_SIZE); - *errorCode= ERROR_KEY_FILE_TOO_BIG; - fclose(fp); - return NULL; - } - else if (-1L == file_size) - { - sql_print_error(errorFileSize, filename); - *errorCode= ERROR_READING_FILE; - return NULL; - } - - rewind(fp); - //Read file into buffer - uchar *buffer= new uchar[file_size + 1]; - file_size= fread(buffer, 1, file_size, fp); - buffer[file_size]= '\0'; - fclose(fp); - //Check for file encryption - if (0 == memcmp(buffer, strMAGIC, magicSize)) - { - //If file is encrypted, decrypt it first. - unsigned char salt[magicSize]; - unsigned char *key= new unsigned char[keySize32]; - unsigned char *iv= new unsigned char[ivSize16]; - uchar *decrypted= new uchar[file_size]; - memcpy(&salt, buffer + magicSize, magicSize); - my_bytes_to_key((unsigned char *) salt, secret, key, iv); - uint32 d_size= 0; - my_aes_decrypt_dynamic_type func= get_aes_decrypt_func(MY_AES_ALGORITHM_CBC); - int res= (* func)((const uchar*)buffer + 2 * magicSize, - file_size - 2 * magicSize, - decrypted, &d_size, (const uchar*) key, keySize32, - iv, ivSize16, 0); - if(0 != res) - { - *errorCode= ERROR_FALSE_FILE_KEY; - delete[] buffer; buffer= NULL; - sql_print_error(errorFalseFileKey, filename); - } - else - { - memcpy(buffer, decrypted, d_size); - buffer[d_size]= '\0'; - } - - delete[] decrypted; decrypted= NULL; - delete[] key; key= NULL; - delete[] iv; iv= NULL; - } - return (char*) buffer; -} - -bool EncKeys::isComment(const char *line) -{ - const char *error_p; - int offset, m_len= (int) strlen(line), - ovector[MAX_OFFSETS_IN_PCRE_PATTERNS]; - pcre *pattern= pcre_compile("\\s*#.*", 0, &error_p, &offset, NULL); - int rc= pcre_exec(pattern, NULL, line, m_len, 0, 0, ovector, - MAX_OFFSETS_IN_PCRE_PATTERNS); - pcre_free(pattern); - return (rc >= 0); -} - - -void EncKeys::printKeyEntry(uint32 id) -{ -#ifndef DBUG_OFF - keyentry *entry= getKeys(id); - if (NULL == entry) - { - sql_print_error("No such keyID: %u\n",id); - } - else - { - sql_print_error("Key: id: %3u\tiv:%lu bytes\tkey:%lu bytes\n", - entry->id, strlen(entry->iv)/2, strlen(entry->key)/2); - } -#endif /* DBUG_OFF */ -} diff --git a/plugin/file_key_management/EncKeys.h b/plugin/file_key_management/EncKeys.h deleted file mode 100644 index 8d57237f375..00000000000 --- a/plugin/file_key_management/EncKeys.h +++ /dev/null @@ -1,112 +0,0 @@ -/* Copyright (C) 2014 eperi GmbH. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************//** -@file EncKeys.h -A structure and class to keep keys for encryption/decryption. - -Created 09/15/2014 -***********************************************************************/ - -#ifndef ENCKEYS_H_ -#define ENCKEYS_H_ - -#include -#include -#include - -/** - Calculate key and iv from a given salt and secret as it is handled in openssl - encrypted files via console - - SYNOPSIS - my_bytes_to_key() - - @param salt [in] the given salt as extracted from the encrypted file - @param secret [in] the given secret as String, provided by the user - @param key [out] 32 Bytes of key are written to this pointer - @param iv [out] 16 Bytes of iv are written to this pointer - */ - -void my_bytes_to_key(const uchar *salt, - const char *secret, uchar *key, - uchar *iv); - -/** - Decode Hexencoded String to uint8[]. - - SYNOPSIS - my_aes_hex2uint() - @param iv [in] Pointer to hexadecimal encoded IV String - @param dest [out] Pointer to output uint8 array. Memory needs to be - allocated by caller - @param iv_length [in] Size of destination array. - */ - -void my_aes_hex2uint(const char *in, uchar *out, int dest_length); - -struct keyentry { - uint32 id; - char *iv; - char *key; -}; - -class EncKeys -{ -private: - static const char *strMAGIC, *newLine; - static const int magicSize; - - enum constants { MAX_OFFSETS_IN_PCRE_PATTERNS = 30}; - enum keyAttributes { KEY_MIN = 1, KEY_MAX = 255, MAX_KEYS = 255, - MAX_IVLEN = 256, MAX_KEYLEN = 512, ivSize16 = 16, keySize32 = 32 }; - enum keyInitType { KEYINITTYPE_FILE = 1, KEYINITTYPE_SERVER = 2 }; - enum errorAttributes { MAX_KEY_LINE_SIZE = 3 * MAX_KEYLEN, MAX_KEY_FILE_SIZE = 1048576 }; - enum errorCodesLine { NO_ERROR_PARSE_OK = 0, NO_ERROR_ISCOMMENT = 10, NO_ERROR_KEY_GREATER_THAN_ASKED = 20, - ERROR_NOINITIALIZEDKEY = 30, ERROR_ID_TOO_BIG = 40, ERROR_WRONG_NUMBER_OF_MATCHES = 50, - ERROR_EQUAL_DOUBLE_KEY = 60, ERROR_UNEQUAL_DOUBLE_KEY = 70 }; - - static const char *errorNoKeyId, *errorInMatches, *errorExceedKeyFileSize, - *errorExceedKeySize, *errorEqualDoubleKey, *errorUnequalDoubleKey, - *errorNoInitializedKey, *errorFalseFileKey, - *errorNotImplemented, *errorOpenFile, *errorReadingFile, *errorFileSize; - - static const char* initialPwd; - uint32 countKeys, keyLineInKeyFile; - keyentry keys[MAX_KEYS], *oneKey; - - void printKeyEntry( uint32 id); - bool isComment( const char *line); - char * decryptFile( const char* filename, const char *secret, int *errorCode); - int parseFile( const char* filename, const uint32 maxKeyId, const char *secret); - int parseLine( const char *line, const uint32 maxKeyId); - -public: - static const size_t MAX_SECRET_SIZE = 256; - - enum errorCodesFile { NO_ERROR_KEY_FILE_PARSE_OK = 0, ERROR_KEY_FILE_PARSE_NULL = 110, - ERROR_KEY_FILE_TOO_BIG = 120, ERROR_KEY_FILE_EXCEEDS_MAX_NUMBERS_OF_KEYS = 130, - ERROR_OPEN_FILE = 140, ERROR_READING_FILE = 150, ERROR_FALSE_FILE_KEY = 160, - ERROR_KEYINITTYPE_SERVER_NOT_IMPLEMENTED = 170, ERROR_ENCRYPTION_SECRET_NULL = 180 }; - EncKeys(); - virtual ~EncKeys(); - bool initKeys( const char *filename, const char *filekey); - keyentry *getKeys( int id); - /* made public for unit testing */ - static void parseSecret( const char *filename, char *secret ); - -}; - -#endif /* ENCKEYS_H_ */ diff --git a/plugin/file_key_management/KeySingleton.cc b/plugin/file_key_management/KeySingleton.cc deleted file mode 100644 index 936a7cf71a9..00000000000 --- a/plugin/file_key_management/KeySingleton.cc +++ /dev/null @@ -1,64 +0,0 @@ -/* Copyright (C) 2014 eperi GmbH. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************//** -@file KeySingleton.cc -Implementation of single pattern to keep keys for encrypting/decrypting pages. - -Created 09/13/2014 -***********************************************************************/ - - -#include -#include -#include "KeySingleton.h" - -bool KeySingleton::instanceInited = false; -KeySingleton KeySingleton::theInstance; -EncKeys KeySingleton::encKeys; - -KeySingleton & KeySingleton::getInstance() -{ -#ifndef DBUG_OFF - if( !instanceInited) - { - sql_print_error("Encryption / decryption keys were not initialized. " - "You can not read encrypted tables or columns\n"); - } -#endif /* DBUG_OFF */ - return theInstance; -} - -KeySingleton & KeySingleton::getInstance(const char *filename, - const char *filekey) -{ - if (!instanceInited) - { - if (!(instanceInited = encKeys.initKeys(filename, filekey))) - sql_print_error("Could not initialize any of the encryption / " - "decryption keys. You can not read encrypted tables"); - } - return theInstance; -} - -keyentry *KeySingleton::getKeys(int id) -{ - return encKeys.getKeys(id); -} - -bool KeySingleton::hasKey(int id) -{ - return encKeys.getKeys(id) != NULL; -} diff --git a/plugin/file_key_management/KeySingleton.h b/plugin/file_key_management/KeySingleton.h deleted file mode 100644 index 37246c1b802..00000000000 --- a/plugin/file_key_management/KeySingleton.h +++ /dev/null @@ -1,58 +0,0 @@ -/* Copyright (C) 2014 eperi GmbH. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/******************************************************************//** -@file KeySingletonPattern.h -Implementation of single pattern to keep keys for encrypting/decrypting pages. - -Created 09/13/2014 -***********************************************************************/ - - -#ifndef KEYSINGLETON_H_ -#define KEYSINGLETON_H_ - -#include "EncKeys.h" - - -class KeySingleton -{ -private: - static bool instanceInited; - static KeySingleton theInstance; - static EncKeys encKeys; - - // No new instance or object possible - KeySingleton() {} - - // No new instance possible through copy constructor - KeySingleton( const KeySingleton&) {} - - // No new instance possible through copy - KeySingleton & operator = (const KeySingleton&); - -public: - virtual ~KeySingleton() {encKeys.~EncKeys();} - static KeySingleton& getInstance(); - // Init the instance for only one time - static KeySingleton& getInstance(const char *filename, const char *filekey); - keyentry *getKeys(int id); - bool hasKey(int id); - static bool isAvailable() { - return instanceInited; - } -}; - -#endif /* KEYSINGLETON_H_ */ diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index 806d50938dd..125f5b6e91d 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -14,27 +14,23 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -#include +#include "parser.h" #include #include -#include -#include "sql_class.h" -#include "KeySingleton.h" -#include "EncKeys.h" +#include -/* Encryption for tables and columns */ -static char* filename = NULL; -static char* filekey = NULL; +static char* filename; +static char* filekey; static MYSQL_SYSVAR_STR(filename, filename, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, "Path and name of the key file.", - NULL, NULL, NULL); + NULL, NULL, ""); static MYSQL_SYSVAR_STR(filekey, filekey, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, "Key to encrypt / decrypt the keyfile.", - NULL, NULL, NULL); + NULL, NULL, ""); static struct st_mysql_sys_var* settings[] = { MYSQL_SYSVAR(filename), @@ -42,103 +38,24 @@ static struct st_mysql_sys_var* settings[] = { NULL }; -/** - Decode Hexencoded String to uint8[]. +Dynamic_array keys(static_cast(0)); - SYNOPSIS - my_aes_hex2uint() - @param iv [in] Pointer to hexadecimal encoded IV String - @param dest [out] Pointer to output uint8 array. Memory allocated by caller - @param iv_length [in] Size of destination array. - */ - -void my_aes_hex2uint(const char* in, unsigned char *out, int dest_length) +static keyentry *get_key(unsigned int key_id) { - const char *pos= in; - int count; - for (count = 0; count < dest_length; count++) + keyentry *a= keys.front(), *b= keys.back() + 1, *c; + while (b - a > 1) { - uchar res; - sscanf(pos, "%2hhx", &res); - out[count] = res; - pos += 2 * sizeof(char); + c= a + (b - a)/2; + if (c->id == key_id) + return c; + else if (c->id < key_id) + a= c; + else + b= c; } + return a->id == key_id ? a : 0; } - -/** - Calculate key and iv from a given salt and secret as it is handled - in openssl encrypted files via console - - SYNOPSIS - my_bytes_to_key() - @param salt [in] the given salt as extracted from the encrypted file - @param secret [in] the given secret as String, provided by the user - @param key [out] 32 Bytes of key are written to this pointer - @param iv [out] 16 Bytes of iv are written to this pointer -*/ - -void my_bytes_to_key(const unsigned char *salt, const char *secret, unsigned char *key, - unsigned char *iv) -{ -#ifdef HAVE_YASSL - /* the yassl function has no support for SHA1. Reason unknown. */ - int keyLen = 32; - int ivLen = 16; - int EVP_SALT_SZ = 8; - const int SHA_LEN = 20; - yaSSL::SHA myMD; - uint digestSz = myMD.get_digestSize(); - unsigned char digest[SHA_LEN]; // max size - int sz = strlen(secret); - int count = 1; - int keyLeft = keyLen; - int ivLeft = ivLen; - int keyOutput = 0; - - while (keyOutput < (keyLen + ivLen)) - { - int digestLeft = digestSz; - if (keyOutput) // first time D_0 is empty - myMD.update(digest, digestSz); - myMD.update((yaSSL::byte* )secret, sz); - if (salt) - myMD.update(salt, EVP_SALT_SZ); - myMD.get_digest(digest); - for (int j = 1; j < count; j++) - { - myMD.update(digest, digestSz); - myMD.get_digest(digest); - } - - if (keyLeft) - { - int store = MY_MIN(keyLeft, static_cast(digestSz)); - memcpy(&key[keyLen - keyLeft], digest, store); - - keyOutput += store; - keyLeft -= store; - digestLeft -= store; - } - - if (ivLeft && digestLeft) - { - int store = MY_MIN(ivLeft, digestLeft); - memcpy(&iv[ivLen - ivLeft], &digest[digestSz - digestLeft], store); - - keyOutput += store; - ivLeft -= store; - } - } -#elif defined(HAVE_OPENSSL) - const EVP_CIPHER *type = EVP_aes_256_cbc(); - const EVP_MD *digest = EVP_sha1(); - EVP_BytesToKey(type, digest, salt, (uchar*) secret, strlen(secret), 1, key, iv); -#endif -} - - - /** This method is using with the id 0 if exists. This method is used by innobase/xtradb for the key @@ -147,91 +64,45 @@ void my_bytes_to_key(const unsigned char *salt, const char *secret, unsigned cha static unsigned int get_highest_key_used_in_key_file() { - if (KeySingleton::getInstance().hasKey(0)) - { - return 0; - } - else - return CRYPT_KEY_UNKNOWN; + return 0; } -static unsigned int has_key_from_key_file(unsigned int keyID) +static unsigned int has_key_from_key_file(unsigned int key_id) { - keyentry* entry = KeySingleton::getInstance().getKeys(keyID); + keyentry* entry = get_key(key_id); return entry != NULL; } -static unsigned int get_key_size_from_key_file(unsigned int keyID) +static unsigned int get_key_size_from_key_file(unsigned int key_id) { - keyentry* entry = KeySingleton::getInstance().getKeys(keyID); + keyentry* entry = get_key(key_id); - if (entry != NULL) - { - char* keyString = entry->key; - size_t key_len = strlen(keyString)/2; - - return key_len; - } - else - { - return CRYPT_KEY_UNKNOWN; - } + return entry ? entry->length : CRYPT_KEY_UNKNOWN; } -static int get_key_from_key_file(unsigned int keyID, unsigned char* dstbuf, +static int get_key_from_key_file(unsigned int key_id, unsigned char* dstbuf, unsigned buflen) { - keyentry* entry = KeySingleton::getInstance().getKeys((int)keyID); + keyentry* entry = get_key(key_id); if (entry != NULL) { - char* keyString = entry->key; - size_t key_len = strlen(keyString)/2; - - if (buflen < key_len) - { + if (buflen < entry->length) return CRYPT_BUFFER_TO_SMALL; - } - my_aes_hex2uint(keyString, (unsigned char*)dstbuf, key_len); + memcpy(dstbuf, entry->key, entry->length); return CRYPT_KEY_OK; } else - { return CRYPT_KEY_UNKNOWN; - } } static int file_key_management_plugin_init(void *p) { - /* init */ - - if (current_aes_dynamic_method == MY_AES_ALGORITHM_NONE) - { - sql_print_error("No encryption method choosen with --encryption-algorithm. " - "file_key_management disabled"); - return 1; - } - - if (filename == NULL || strcmp("", filename) == 0) - { - sql_print_error("Parameter file_key_management_filename is required"); - - return 1; - } - - KeySingleton::getInstance(filename, filekey); - - return 0; -} - -static int file_key_management_plugin_deinit(void *p) -{ - KeySingleton::getInstance().~KeySingleton(); - - return 0; + Parser parser(filename, filekey); + return parser.parse(&keys); } struct st_mariadb_encryption_key_management file_key_management_plugin= { @@ -253,12 +124,12 @@ maria_declare_plugin(file_key_management) "Denis Endro eperi GmbH", "File-based key management plugin", PLUGIN_LICENSE_GPL, - file_key_management_plugin_init, /* Plugin Init */ - file_key_management_plugin_deinit, /* Plugin Deinit */ + file_key_management_plugin_init, + NULL, 0x0100 /* 1.0 */, NULL, /* status variables */ settings, "1.0", - MariaDB_PLUGIN_MATURITY_UNKNOWN + MariaDB_PLUGIN_MATURITY_ALPHA } maria_declare_plugin_end; diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc new file mode 100644 index 00000000000..1a2d48c2471 --- /dev/null +++ b/plugin/file_key_management/parser.cc @@ -0,0 +1,365 @@ +/* Copyright (C) 2014 eperi GmbH. + Copyright (C) 2015 MariaDB Corporation + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/******************************************************************//** + @file Parser.cc + A class to parse the key file + +How it works... +The location and usage can be configured via the configuration file. +Example + +[mysqld] +... +file_key_management_filename = /home/mdb/keys.enc +file_key_management_filekey = secret +... + +The keys are read from a file. +The filename is set up via the file_key_management_filename +configuration value. +file_key_management_filename is used to configure the absolute +path to this file. + +Examples: +file_key_management_filename = \\\\unc\\keys.enc (windows share) +file_key_management_filename = e:/tmp/keys.enc (windows path) +file_key_management_filename = /tmp/keys.enc (linux path) + +The key file contains AES keys as hex-encoded strings. +Supported are keys of size 128, 192 or 256 bits. +Example: +1;F5502320F8429037B8DAEF761B189D12 +2;770A8A65DA156D24EE2A093277530142770A8A65DA156D24EE2A093277530142 + +1 is the key identifier which can be used for table creation, +it is followed by a AES key + +The key file could be encrypted and the key to decrypt the file can +be given with the optional file_key_management_filekey +parameter. + +The file key can also be located if FILE: is prepended to the +key. Then the following part is interpreted as absolute path to the +file containing the file key (which must be a text - not binary - string). + +Example: + +file_key_management_filekey = FILE:y:/secret256.enc + +If the key file can not be read at server startup, for example if the +file key is not present, the plugin will not start +access to encrypted tables will not be possible. + +Open SSL command line utility can be used to create an encrypted key file. +Example: +openssl enc -aes-256-cbc -md sha1 -k "secret" -in keys.txt -out keys.enc +***********************************************************************/ + +#include "parser.h" +#include +#include + +#define FILE_PREFIX "FILE:" +#define MAX_KEY_FILE_SIZE 1024*1024 +#define MAX_SECRET_SIZE 256 + +/* + The values below are what one gets after + openssl enc -aes-256-cbc -md sha1 -k "secret" -in keys.txt -out keys.enc +*/ +#define OpenSSL_prefix "Salted__" +#define OpenSSL_prefix_len (sizeof(OpenSSL_prefix) - 1) +#define OpenSSL_salt_len 8 +#define OpenSSL_key_len 32 +#define OpenSSL_iv_len 16 + +/** + Calculate key and iv from a given salt and secret as in the + openssl command-line tool + + @param salt [in] the given salt as extracted from the encrypted file + @param secret [in] the given secret as String, provided by the user + @param key [out] 32 Bytes of key are written to this pointer + @param iv [out] 16 Bytes of iv are written to this pointer + + Note, that in openssl this whole function can be reduced to + + #include + EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, + secret, strlen(secret), 1, key, iv); + + but alas! we want to support yassl too +*/ + +void Parser::bytes_to_key(const unsigned char *salt, const char *input, + unsigned char *key, unsigned char *iv) +{ + unsigned char digest[MY_SHA1_HASH_SIZE]; + int key_left = OpenSSL_key_len; + int iv_left = OpenSSL_iv_len; + const size_t ilen= strlen(input); + const size_t slen= OpenSSL_salt_len; // either this or explicit (size_t) casts below + + my_sha1_multi(digest, input, ilen, salt, slen, NullS); + + while (iv_left) + { + int left= MY_SHA1_HASH_SIZE; + if (key_left) + { + int store = MY_MIN(key_left, MY_SHA1_HASH_SIZE); + memcpy(&key[OpenSSL_key_len - key_left], digest, store); + + key_left -= store; + left -= store; + } + + if (iv_left && left) + { + int store= MY_MIN(iv_left, left); + memcpy(&iv[OpenSSL_iv_len - iv_left], &digest[MY_SHA1_HASH_SIZE - left], store); + + iv_left -= store; + } + + if (iv_left) + my_sha1_multi(digest, digest, MY_SHA1_HASH_SIZE, + input, ilen, salt, slen, NullS); + } +} + + +bool Parser::parse(Dynamic_array *keys) +{ + const char *secret= filekey; + char buf[MAX_SECRET_SIZE + 1]; + + //If secret starts with FILE: interpret the secret as a filename. + if (is_prefix(filekey, FILE_PREFIX)) + { + if (read_filekey(filekey + sizeof(FILE_PREFIX) - 1, buf)) + return 1; + secret= buf; + } + + return parse_file(keys, secret); +} + + +/* + secret is limited to MAX_SECRET_SIZE characters +*/ + +bool Parser::read_filekey(const char *filekey, char *secret) +{ + int f= my_open(filekey, O_RDONLY, MYF(MY_WME)); + if (f == -1) + return 1; + int len= my_read(f, (uchar*)secret, MAX_SECRET_SIZE, MYF(MY_WME)); + my_close(f, MYF(MY_WME)); + if (len <= 0) + return 1; + secret[len]= '\0'; + return 0; +} + +static int sort_keys(const keyentry *k1, const keyentry *k2) +{ + return k1->id < k2->id ? -1 : k1->id > k2->id; +} + +/** + Get the keys from the key file and decrypt it with the + key . Store the keys with id smaller then in an + array of structs keyentry. + + @return 0 when ok, 1 for an error + */ + +bool Parser::parse_file(Dynamic_array *keys, const char *secret) +{ + char *buffer= read_and_decrypt_file(secret); + + if (!buffer) + return 1; + + keyentry key; + char *line=buffer; + + while (*line) + { + line_number++; + switch (parse_line(&line, &key)) { + case 1: // comment + break; + case -1: // error + my_free(buffer); + return 1; + case 0: + if (keys->push(key)) + return 1; + break; + } + } + + keys->sort(sort_keys); + + my_free(buffer); + return 0; +} + +void Parser::report_error(const char *reason, uint position) +{ + my_printf_error(EE_READ, "%s at %s line %u, column %u", + MYF(ME_NOREFRESH), reason, filename, line_number, position + 1); +} + +/* + return 0 - new key + 1 - comment + -1 - error +*/ +int Parser::parse_line(char **line_ptr, keyentry *key) +{ + int res= 1; + char *p= *line_ptr; + while (isspace(*p) && *p != '\n') p++; + if (*p != '#' && *p != '\n') + { + int error; + p+= 100; // the number will surely end here (on a non-digit or with an overflow) + longlong id= my_strtoll10(p - 100, &p, &error); + if (error) + { + report_error("Syntax error", p - *line_ptr); + return -1; + } + + if (id < 1 || id > UINT_MAX32) + { + report_error("Invalid key id", p - *line_ptr); + return -1; + } + + if (*p != ';') + { + report_error("Syntax error", p - *line_ptr); + return -1; + } + + p++; + key->id= id; + key->length=0; + while (isxdigit(p[0]) && isxdigit(p[1]) && key->length < sizeof(key->key)) + { + key->key[key->length++] = from_hex(p[0]) * 16 + from_hex(p[1]); + p+=2; + } + if (isxdigit(*p) || + (key->length != 16 && key->length != 24 && key->length != 32)) + { + report_error("Invalid key", p - *line_ptr); + return -1; + } + + res= 0; + } + while (*p && *p != '\n') p++; + *line_ptr= *p == '\n' ? p + 1 : p; + return res; +} + +/** + Decrypt the key file 'filename' if it is encrypted with the key + 'secret'. Store the content of the decrypted file in 'buffer'. The + buffer has to be freed in the calling function. + */ + +char* Parser::read_and_decrypt_file(const char *secret) +{ + int f= my_open(filename, O_RDONLY, MYF(MY_WME)); + if (f < 0) + goto err0; + + my_off_t file_size; + file_size= my_seek(f, 0, SEEK_END, MYF(MY_WME)); + + if (file_size == MY_FILEPOS_ERROR) + goto err1; + + if (file_size > MAX_KEY_FILE_SIZE) + { + my_error(EE_READ, MYF(0), filename, EFBIG); + goto err1; + } + + //Read file into buffer + uchar *buffer; + buffer= (uchar*)my_malloc(file_size + 1, MYF(MY_WME)); + if (!buffer) + goto err1; + + if (my_pread(f, buffer, file_size, 0, MYF(MY_WME)) != file_size) + goto err2; + +// Check for file encryption + uchar *decrypted; + if (is_prefix((char*)buffer, OpenSSL_prefix)) + { + uchar key[OpenSSL_key_len]; + uchar iv[OpenSSL_iv_len]; + + decrypted= (uchar*)my_malloc(file_size, MYF(MY_WME)); + if (!decrypted) + goto err2; + + bytes_to_key(buffer + OpenSSL_prefix_len, secret, key, iv); + uint32 d_size; + if (my_aes_decrypt_cbc(buffer + OpenSSL_prefix_len + OpenSSL_salt_len, + file_size - OpenSSL_prefix_len - OpenSSL_salt_len, + decrypted, &d_size, key, OpenSSL_key_len, + iv, OpenSSL_iv_len, 0)) + + { + my_printf_error(EE_READ, "Cannot decrypt %s. Wrong key?", MYF(ME_NOREFRESH), filename); + goto err3; + } + + my_free(buffer); + buffer= decrypted; + file_size= d_size; + } + else if (*secret) + { + my_printf_error(EE_READ, "Cannot decrypt %s. Not encrypted", MYF(ME_NOREFRESH), filename); + goto err2; + } + + buffer[file_size]= '\0'; + my_close(f, MYF(MY_WME)); + return (char*) buffer; + +err3: + my_free(decrypted); +err2: + my_free(buffer); +err1: + my_close(f, MYF(MY_WME)); +err0: + return NULL; +} + diff --git a/plugin/file_key_management/parser.h b/plugin/file_key_management/parser.h new file mode 100644 index 00000000000..c8349db70a0 --- /dev/null +++ b/plugin/file_key_management/parser.h @@ -0,0 +1,54 @@ +/* Copyright (C) 2014 eperi GmbH. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/******************************************************************//** +@file Parser.h +A structure and class to keep keys for encryption/decryption. + +Created 09/15/2014 +***********************************************************************/ + +#include +#include +#include + +struct keyentry { + unsigned int id; + unsigned char key[MY_AES_MAX_KEY_LENGTH]; + unsigned int length; +}; + +class Parser +{ + const char *filename; + const char *filekey; + unsigned int line_number; + + unsigned int from_hex(char c) + { return c <= '9' ? c - '0' : tolower(c) - 'a' + 10; } + + void bytes_to_key(const unsigned char *salt, const char *secret, + unsigned char *key, unsigned char *iv); + bool read_filekey(const char *filekey, char *secret); + bool parse_file(Dynamic_array *keys, const char *secret); + void report_error(const char *reason, unsigned int position); + int parse_line(char **line_ptr, keyentry *key); + char* read_and_decrypt_file(const char *secret); + +public: + Parser(const char* fn, const char *fk) : + filename(fn), filekey(fk), line_number(0) { } + bool parse(Dynamic_array *keys); +}; From c91e3260e2678078c0bb29d8daa90fb52cefaab7 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Mon, 30 Mar 2015 18:00:50 +0200 Subject: [PATCH 31/65] tests for file_key_management plugin key file parser --- mysql-test/std_data/keys.txt | 12 +- .../innodb/r/innodb-page_encryption.result | 4 +- ...nodb-page_encryption_log_encryption.result | 4 +- .../innodb/t/innodb-page_encryption.test | 2 + ...innodb-page_encryption_log_encryption.test | 2 +- .../suite/plugins/r/filekeys_encfile.result | 38 ++++++ .../plugins/r/filekeys_encfile_bad.result | 8 ++ .../plugins/r/filekeys_encfile_badfile.result | 8 ++ .../plugins/r/filekeys_encfile_file.result | 38 ++++++ .../plugins/r/filekeys_encfile_no.result | 8 ++ .../suite/plugins/r/filekeys_nofile.result | 8 ++ .../suite/plugins/r/filekeys_syntax.result | 116 ++++++++++++++++++ .../suite/plugins/r/filekeys_unencfile.result | 8 ++ mysql-test/suite/plugins/t/filekeys-data.enc | Bin 0 -> 416 bytes mysql-test/suite/plugins/t/filekeys-data.key | 1 + .../suite/plugins/t/filekeys_badtest.inc | 18 +++ .../suite/plugins/t/filekeys_encfile.opt | 2 + .../suite/plugins/t/filekeys_encfile.test | 1 + .../suite/plugins/t/filekeys_encfile_bad.opt | 2 + .../suite/plugins/t/filekeys_encfile_bad.test | 2 + .../plugins/t/filekeys_encfile_badfile.opt | 2 + .../plugins/t/filekeys_encfile_badfile.test | 2 + .../suite/plugins/t/filekeys_encfile_file.opt | 2 + .../plugins/t/filekeys_encfile_file.test | 1 + .../suite/plugins/t/filekeys_encfile_no.opt | 1 + .../suite/plugins/t/filekeys_encfile_no.test | 2 + .../suite/plugins/t/filekeys_goodtest.inc | 20 +++ .../suite/plugins/t/filekeys_nofile.test | 2 + .../suite/plugins/t/filekeys_plugin.inc | 4 + .../suite/plugins/t/filekeys_plugin.opt | 2 + .../suite/plugins/t/filekeys_syntax.opt | 1 + .../suite/plugins/t/filekeys_syntax.test | 96 +++++++++++++++ .../suite/plugins/t/filekeys_unencfile.opt | 2 + .../suite/plugins/t/filekeys_unencfile.test | 2 + 34 files changed, 414 insertions(+), 7 deletions(-) create mode 100644 mysql-test/suite/plugins/r/filekeys_encfile.result create mode 100644 mysql-test/suite/plugins/r/filekeys_encfile_bad.result create mode 100644 mysql-test/suite/plugins/r/filekeys_encfile_badfile.result create mode 100644 mysql-test/suite/plugins/r/filekeys_encfile_file.result create mode 100644 mysql-test/suite/plugins/r/filekeys_encfile_no.result create mode 100644 mysql-test/suite/plugins/r/filekeys_nofile.result create mode 100644 mysql-test/suite/plugins/r/filekeys_syntax.result create mode 100644 mysql-test/suite/plugins/r/filekeys_unencfile.result create mode 100644 mysql-test/suite/plugins/t/filekeys-data.enc create mode 100644 mysql-test/suite/plugins/t/filekeys-data.key create mode 100644 mysql-test/suite/plugins/t/filekeys_badtest.inc create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile.test create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_bad.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_bad.test create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_badfile.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_badfile.test create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_file.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_file.test create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_no.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_encfile_no.test create mode 100644 mysql-test/suite/plugins/t/filekeys_goodtest.inc create mode 100644 mysql-test/suite/plugins/t/filekeys_nofile.test create mode 100644 mysql-test/suite/plugins/t/filekeys_plugin.inc create mode 100644 mysql-test/suite/plugins/t/filekeys_plugin.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_syntax.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_syntax.test create mode 100644 mysql-test/suite/plugins/t/filekeys_unencfile.opt create mode 100644 mysql-test/suite/plugins/t/filekeys_unencfile.test diff --git a/mysql-test/std_data/keys.txt b/mysql-test/std_data/keys.txt index 389f261fc53..e511521d7ab 100644 --- a/mysql-test/std_data/keys.txt +++ b/mysql-test/std_data/keys.txt @@ -1,6 +1,12 @@ +# +# this is a comment +# 1;770A8A65DA156D24EE2A093277530142 2;4D92199549E0F2EF009B4160F3582E5528A11A45017F3EF8 -3;B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF -4;18420B5CBA31CCDFFE9716E91EB61374D05914F3ADE23E03 + # another comment +33;B374A26A71490437AA024E4FADD5B497FDFF1A8EA6FF12F6FB65AF2720B59CCF +4;18420B5CBA31CCDFFE9716E91EB61374D05914F3ADE23E03 --> ignored + 5;966050D7777350B6FD5CCB3E5F648DA45C63BEFB6DEDDFA13443F156B7D35C84 -6;B5EA210C8C09EF20DB95EC584714A89F +6;B5EA210C8C09EF20DB95EC584714A89F # and yet another + diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption.result index dfc93508b90..b66c4f79106 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption.result @@ -4,6 +4,8 @@ create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; +ERROR HY000: Can't create table `test`.`innodb_dynamic` (errno: 140 "Wrong create options") +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=33; create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; SET GLOBAL innodb_default_page_encryption_key = 5; create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb page_encryption=1; @@ -30,7 +32,7 @@ Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `page_encryption`=1 `page_encryption_key`=3 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `page_encryption`=1 `page_encryption_key`=33 show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result index 3830bfee22b..56222861a7a 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result @@ -6,7 +6,7 @@ SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=33; create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; show create table innodb_compact; Table Create Table @@ -25,7 +25,7 @@ Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `page_encryption`=1 `page_encryption_key`=3 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `page_encryption`=1 `page_encryption_key`=33 show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption.test b/mysql-test/suite/innodb/t/innodb-page_encryption.test index 66927d1905f..93c071f3b95 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption.test @@ -13,7 +13,9 @@ SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; +--error ER_CANT_CREATE_TABLE create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=33; create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; SET GLOBAL innodb_default_page_encryption_key = 5; diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test b/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test index abff5d93083..6076b82f596 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test @@ -16,7 +16,7 @@ SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact page_encryption=1 page_encryption_key=1; create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=33; create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4; show create table innodb_compact; diff --git a/mysql-test/suite/plugins/r/filekeys_encfile.result b/mysql-test/suite/plugins/r/filekeys_encfile.result new file mode 100644 index 00000000000..456c8a00279 --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_encfile.result @@ -0,0 +1,38 @@ +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=1 +insert t1 values (12345, repeat('1234567890', 20)); +alter table t1 page_encryption_key=2; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=2 +alter table t1 page_encryption_key=3; +ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options") +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=2 +alter table t1 page_encryption_key=33; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=33 +alter table t1 page_encryption_key=4; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=4 +drop table t1; diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_bad.result b/mysql-test/suite/plugins/r/filekeys_encfile_bad.result new file mode 100644 index 00000000000..233c7da432e --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_encfile_bad.result @@ -0,0 +1,8 @@ +call mtr.add_suppression("Cannot decrypt .*filekeys-data.enc. Wrong key"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result b/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result new file mode 100644 index 00000000000..68973fc8ee3 --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result @@ -0,0 +1,8 @@ +call mtr.add_suppression("File 'bad' not found"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_file.result b/mysql-test/suite/plugins/r/filekeys_encfile_file.result new file mode 100644 index 00000000000..456c8a00279 --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_encfile_file.result @@ -0,0 +1,38 @@ +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=1 +insert t1 values (12345, repeat('1234567890', 20)); +alter table t1 page_encryption_key=2; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=2 +alter table t1 page_encryption_key=3; +ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options") +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=2 +alter table t1 page_encryption_key=33; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=33 +alter table t1 page_encryption_key=4; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1 `page_encryption_key`=4 +drop table t1; diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_no.result b/mysql-test/suite/plugins/r/filekeys_encfile_no.result new file mode 100644 index 00000000000..233c7da432e --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_encfile_no.result @@ -0,0 +1,8 @@ +call mtr.add_suppression("Cannot decrypt .*filekeys-data.enc. Wrong key"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status diff --git a/mysql-test/suite/plugins/r/filekeys_nofile.result b/mysql-test/suite/plugins/r/filekeys_nofile.result new file mode 100644 index 00000000000..43997ee384b --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_nofile.result @@ -0,0 +1,8 @@ +call mtr.add_suppression("File '' not found"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status diff --git a/mysql-test/suite/plugins/r/filekeys_syntax.result b/mysql-test/suite/plugins/r/filekeys_syntax.result new file mode 100644 index 00000000000..4340fb6bdb9 --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_syntax.result @@ -0,0 +1,116 @@ +call mtr.add_suppression("File '.*keys.txt' not found"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +install soname 'file_key_management'; +ERROR HY000: Invalid key id at MYSQL_TMP_DIR/keys.txt line 2, column 2 +call mtr.add_suppression("File '.*keys.txt' not found"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +call mtr.add_suppression("Invalid key id"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +install soname 'file_key_management'; +ERROR HY000: Invalid key id at MYSQL_TMP_DIR/keys.txt line 2, column 11 +call mtr.add_suppression("Invalid key id"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +call mtr.add_suppression("Invalid key id"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +install soname 'file_key_management'; +ERROR HY000: Invalid key at MYSQL_TMP_DIR/keys.txt line 2, column 47 +call mtr.add_suppression("Invalid key id"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +call mtr.add_suppression("Invalid key"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +install soname 'file_key_management'; +ERROR HY000: Invalid key at MYSQL_TMP_DIR/keys.txt line 2, column 33 +call mtr.add_suppression("Invalid key"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +call mtr.add_suppression("Invalid key"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +install soname 'file_key_management'; +ERROR HY000: Syntax error at MYSQL_TMP_DIR/keys.txt line 2, column 2 +call mtr.add_suppression("Invalid key"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +call mtr.add_suppression("Syntax error"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +install soname 'file_key_management'; +ERROR HY000: Syntax error at MYSQL_TMP_DIR/keys.txt line 2, column 1 +call mtr.add_suppression("Syntax error"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +call mtr.add_suppression("Syntax error"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status diff --git a/mysql-test/suite/plugins/r/filekeys_unencfile.result b/mysql-test/suite/plugins/r/filekeys_unencfile.result new file mode 100644 index 00000000000..f292aa582a7 --- /dev/null +++ b/mysql-test/suite/plugins/r/filekeys_unencfile.result @@ -0,0 +1,8 @@ +call mtr.add_suppression("Cannot decrypt .*keys.txt. Not encrypted"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +create table t1(c1 bigint not null, b char(200)) engine=innodb page_encryption=1 page_encryption_key=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status diff --git a/mysql-test/suite/plugins/t/filekeys-data.enc b/mysql-test/suite/plugins/t/filekeys-data.enc new file mode 100644 index 0000000000000000000000000000000000000000..a8adb2f939c72baf5eb9d94f8f272e898095c5e2 GIT binary patch literal 416 zcmV;R0bl-8VQh3|WM5y;+RZcbTB{aaj+zq$1rn3EX$|^vch87eL%!a%{lGF59BZbb z?ktd2=)WMn(+gx0Xx=EMYqjoD^5jSV<6E*Qn*tW#XkR;+ejj;Ur$6B>8pHpV%Wr!l zLheWidQGBh7t@q?^=fSC;q1qbHPuKrhmnqT28KR}uZ(B*&te4na9?$ipP~X(Xxx4| z9+Y;!%%S)vprk2P{Yffmz{Y52c1TsIzcZBEE+kD-bkyIkZkb89dzjF6NC@Wv2L)D) zJnk$~DR}9p!M9zTg3t@(N_wRcjKdJrg(z^c!Y5Qs7{2i2Crs4nJ0tiDRl{!Pyq&em zb11D04Kt;JS&KbI>e(+o*&hZqden7;m7>9#{`r;|vW?t`*J`U*Pa5P5sYrVzqvWuY z`JBjW)}MlrLEA*^mKwjq`MW1NNeYiOc{TdG!51{9BfV|SZr`{)EyJ{OZkl)1v7$E2 zxrhL(Pp!$cRC!NDplPKv=)_6LB*d!tIu225T6YVUVsdJC=q*neWUffzCs>-e>EG Date: Tue, 31 Mar 2015 19:00:51 +0200 Subject: [PATCH 32/65] optimize encryption api only one encryption key lookup in most cases instead of three (has_key, get_key_size, get_key). --- include/mysql/plugin_audit.h.pp | 6 ++-- include/mysql/plugin_auth.h.pp | 6 ++-- .../mysql/plugin_encryption_key_management.h | 31 ++++++++++------ .../plugin_encryption_key_management.h.pp | 11 +++--- include/mysql/plugin_ftparser.h.pp | 6 ++-- include/mysql/plugin_password_validation.h.pp | 6 ++-- include/mysql/service_encryption_keys.h | 7 ++-- include/service_versions.h | 2 +- .../debug_key_management_plugin.cc | 29 +++++++-------- .../example_key_management_plugin.cc | 35 ++++++------------- .../file_key_management_plugin.cc | 35 ++++++------------- sql/encryption_keys.cc | 17 ++++----- sql/sql_plugin_services.h | 1 - storage/innobase/fil/fil0crypt.cc | 17 +++------ storage/innobase/log/log0crypt.cc | 4 ++- storage/xtradb/fil/fil0crypt.cc | 19 +++------- storage/xtradb/log/log0crypt.cc | 3 +- 17 files changed, 90 insertions(+), 145 deletions(-) diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index 22bd8d52a30..c4661e2b383 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -201,13 +201,11 @@ int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_size_func)(unsigned int); - int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key_size(unsigned int version); -int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index e14d5359c19..09986993139 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -201,13 +201,11 @@ int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_size_func)(unsigned int); - int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key_size(unsigned int version); -int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_encryption_key_management.h b/include/mysql/plugin_encryption_key_management.h index b989fa14db1..a7fc379962b 100644 --- a/include/mysql/plugin_encryption_key_management.h +++ b/include/mysql/plugin_encryption_key_management.h @@ -27,9 +27,10 @@ #include -#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION 0x0100 +#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION 0x0200 -#define BAD_ENCRYPTION_KEY_VERSION (UINT_MAX32) +#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0) +#define KEY_BUFFER_TOO_SMALL (100) /** Encryption key management plugin descriptor @@ -45,20 +46,28 @@ struct st_mariadb_encryption_key_management */ unsigned int (*get_latest_key_version)(); - /** function returning if a key of the given version exists */ - unsigned int (*has_key_version)(unsigned int version); - - /** function returning the key size in bytes */ - unsigned int (*get_key_size)(unsigned int version); - /** function returning a key for a key version - the key is put in 'key' buffer, that has size of 'keybufsize' bytes. + @param version the requested key version + @param key the key will be stored there. Can be NULL - + in which case no key will be returned + @param key_length in: key buffer size + out: the actual length of the key - @return 0 on success, non-zero on failure + This method can be used to query the key length - the required + buffer size - by passing key==NULL. + + If the buffer size is less than the key length the content of the + key buffer is undefined (the plugin is free to partially fill it with + the key data or leave it untouched). + + @return 0 on success, or + BAD_ENCRYPTION_KEY_VERSION, KEY_BUFFER_TOO_SMALL, + or any other non-zero number for errors */ - int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize); + unsigned int (*get_key)(unsigned int version, unsigned char *key, + unsigned int *key_length); }; #endif diff --git a/include/mysql/plugin_encryption_key_management.h.pp b/include/mysql/plugin_encryption_key_management.h.pp index 9012fe9252b..fb39b807d1c 100644 --- a/include/mysql/plugin_encryption_key_management.h.pp +++ b/include/mysql/plugin_encryption_key_management.h.pp @@ -201,13 +201,11 @@ int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_size_func)(unsigned int); - int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key_size(unsigned int version); -int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); struct st_mysql_xid { long formatID; long gtrid_length; @@ -368,7 +366,6 @@ struct st_mariadb_encryption_key_management { int interface_version; unsigned int (*get_latest_key_version)(); - unsigned int (*has_key_version)(unsigned int version); - unsigned int (*get_key_size)(unsigned int version); - int (*get_key)(unsigned int version, unsigned char* key, unsigned int keybufsize); + unsigned int (*get_key)(unsigned int version, unsigned char *key, + unsigned int *key_length); }; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index bd9ec23c811..e9315f4fe83 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -201,13 +201,11 @@ int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_size_func)(unsigned int); - int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key_size(unsigned int version); -int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index b417dbb5e6d..a82d5fd9150 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -201,13 +201,11 @@ int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_size_func)(unsigned int); - int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key_size(unsigned int version); -int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h index 063f3444f5f..69304899405 100644 --- a/include/mysql/service_encryption_keys.h +++ b/include/mysql/service_encryption_keys.h @@ -28,23 +28,20 @@ extern "C" { extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_size_func)(unsigned int); - int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int); + unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); } *encryption_keys_service; #ifdef MYSQL_DYNAMIC_PLUGIN #define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func() #define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) -#define get_encryption_key_size(V) encryption_keys_service->get_encryption_key_size_func(V) #define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) #else unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key_size(unsigned int version); -int get_encryption_key(unsigned int version, unsigned char* key, unsigned int keybufsize); +unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); #endif diff --git a/include/service_versions.h b/include/service_versions.h index 3d85be92519..d25d9507dff 100644 --- a/include/service_versions.h +++ b/include/service_versions.h @@ -35,5 +35,5 @@ #define VERSION_thd_autoinc 0x0100 #define VERSION_thd_error_context 0x0100 #define VERSION_thd_specifics 0x0100 -#define VERSION_encryption_keys 0x0100 +#define VERSION_encryption_keys 0x0200 diff --git a/plugin/debug_key_management/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc index 1d332e62381..7ade1b8fde7 100644 --- a/plugin/debug_key_management/debug_key_management_plugin.cc +++ b/plugin/debug_key_management/debug_key_management_plugin.cc @@ -28,6 +28,8 @@ #include #include +#define KEY_SIZE 16 + static uint key_version; static MYSQL_SYSVAR_UINT(version, key_version, PLUGIN_VAR_RQCMDARG, @@ -43,30 +45,25 @@ static unsigned int get_latest_key_version() return key_version; } -static int get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen) +static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) { - if (buflen < 4) - return 1; - memset(dstbuf, 0, buflen); + if (*buflen < KEY_SIZE) + { + *buflen= KEY_SIZE; + return KEY_BUFFER_TOO_SMALL; + } + *buflen= KEY_SIZE; + if (!dstbuf) + return 0; + + memset(dstbuf, 0, KEY_SIZE); mi_int4store(dstbuf, version); return 0; } -static unsigned int has_key(unsigned int ver) -{ - return 1; -} - -static unsigned int get_key_size(unsigned int ver) -{ - return 16; -} - struct st_mariadb_encryption_key_management debug_key_management_plugin= { MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, get_latest_key_version, - has_key, - get_key_size, get_key }; diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc index 6548baef20c..28cae3c311e 100644 --- a/plugin/example_key_management/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -58,34 +58,23 @@ get_latest_key_version() return key_version; } -static int -get_key(unsigned int version, unsigned char* dstbuf, unsigned buflen) +static unsigned int +get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) { - unsigned char *dst = dstbuf; - unsigned len = 0; - for (; len + MD5_HASH_SIZE <= buflen; len += MD5_HASH_SIZE) + if (*buflen < MD5_HASH_SIZE) { - compute_md5_hash(dst, (const char*)&version, sizeof(version)); - dst += MD5_HASH_SIZE; - version++; - } - if (len < buflen) - { - memset(dst, 0, buflen - len); + *buflen= MD5_HASH_SIZE; + return KEY_BUFFER_TOO_SMALL; } + *buflen= MD5_HASH_SIZE; + if (!dstbuf) + return 0; + + my_md5(dstbuf, (const char*)&version, sizeof(version)); + return 0; } -static unsigned int has_key_func(unsigned int keyID) -{ - return true; -} - -static unsigned int get_key_size(unsigned int keyID) -{ - return 16; -} - static int example_key_management_plugin_init(void *p) { /* init */ @@ -115,8 +104,6 @@ static int example_key_management_plugin_deinit(void *p) struct st_mariadb_encryption_key_management example_key_management_plugin= { MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, get_latest_key_version, - has_key_func, - get_key_size, get_key }; diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index 125f5b6e91d..60007e4487d 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -67,36 +67,25 @@ static unsigned int get_highest_key_used_in_key_file() return 0; } -static unsigned int has_key_from_key_file(unsigned int key_id) +static unsigned int get_key_from_key_file(unsigned int key_id, + unsigned char* dstbuf, unsigned *buflen) { keyentry* entry = get_key(key_id); - return entry != NULL; -} + if (entry == NULL) + return BAD_ENCRYPTION_KEY_VERSION; -static unsigned int get_key_size_from_key_file(unsigned int key_id) -{ - keyentry* entry = get_key(key_id); - - return entry ? entry->length : CRYPT_KEY_UNKNOWN; -} - -static int get_key_from_key_file(unsigned int key_id, unsigned char* dstbuf, - unsigned buflen) -{ - keyentry* entry = get_key(key_id); - - if (entry != NULL) + if (*buflen < entry->length) { - if (buflen < entry->length) - return CRYPT_BUFFER_TO_SMALL; + *buflen= entry->length; + return KEY_BUFFER_TOO_SMALL; + } + *buflen= entry->length; + if (dstbuf) memcpy(dstbuf, entry->key, entry->length); - return CRYPT_KEY_OK; - } - else - return CRYPT_KEY_UNKNOWN; + return 0; } static int file_key_management_plugin_init(void *p) @@ -108,8 +97,6 @@ static int file_key_management_plugin_init(void *p) struct st_mariadb_encryption_key_management file_key_management_plugin= { MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, get_highest_key_used_in_key_file, - has_key_from_key_file, - get_key_size_from_key_file, get_key_from_key_file }; diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index f3e8fe6a9d2..7a07581722b 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -18,25 +18,20 @@ unsigned int get_latest_encryption_key_version() unsigned int has_encryption_key(uint version) { if (encryption_key_manager) - return handle->has_key_version(version); + { + uint unused; + return handle->get_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION; + } return 0; } -unsigned int get_encryption_key_size(uint version) -{ - if (encryption_key_manager) - return handle->get_key_size(version); - - return 0; -} - -int get_encryption_key(uint version, uchar* key, uint size) +uint get_encryption_key(uint version, uchar* key, uint *size) { if (encryption_key_manager) return handle->get_key(version, key, size); - return 1; + return BAD_ENCRYPTION_KEY_VERSION; } int initialize_encryption_key_management_plugin(st_plugin_int *plugin) diff --git a/sql/sql_plugin_services.h b/sql/sql_plugin_services.h index 8da2af801cf..4511d8bca59 100644 --- a/sql/sql_plugin_services.h +++ b/sql/sql_plugin_services.h @@ -143,7 +143,6 @@ static struct encryption_keys_service_st encryption_keys_handler= { get_latest_encryption_key_version, has_encryption_key, - get_encryption_key_size, get_encryption_key }; diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index f4602fa7fdc..eba17d9842b 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -212,12 +212,12 @@ fil_crypt_get_key(byte *dst, uint* key_length, mutex_enter(&crypt_data->mutex); if (!page_encrypted) { - *key_length = get_encryption_key_size(version); // Check if we already have key for (uint i = 0; i < crypt_data->key_count; i++) { if (crypt_data->keys[i].key_version == version) { memcpy(dst, crypt_data->keys[i].key, sizeof(crypt_data->keys[i].key)); + *key_length= MY_AES_BLOCK_SIZE; mutex_exit(&crypt_data->mutex); return; } @@ -231,23 +231,14 @@ fil_crypt_get_key(byte *dst, uint* key_length, } } - if (has_encryption_key(version)) { - int rc; - *key_length = get_encryption_key_size(version); + *key_length= MY_AES_MAX_KEY_LENGTH; + int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length); + if (rc) { - rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length); - - if (rc != CRYPT_KEY_OK) { ib_logf(IB_LOG_LEVEL_FATAL, "Key %d can not be found. Reason=%d", version, rc); ut_error; } - } else { - ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d not found", version); - ut_error; - } - // do ctr key initialization if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index 6f487e36b56..2aaa0aa4550 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -27,6 +27,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "log0crypt.h" #include #include + #include "log0log.h" #include "srv0start.h" // for srv_start_lsn #include "log0recv.h" // for recv_sys @@ -116,7 +117,8 @@ log_init_crypt_key( } byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; - if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE)) + uint keylen= sizeof(mysqld_key); + if (get_encryption_key(crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index f4602fa7fdc..f17fee926ca 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -212,12 +212,12 @@ fil_crypt_get_key(byte *dst, uint* key_length, mutex_enter(&crypt_data->mutex); if (!page_encrypted) { - *key_length = get_encryption_key_size(version); // Check if we already have key for (uint i = 0; i < crypt_data->key_count; i++) { if (crypt_data->keys[i].key_version == version) { memcpy(dst, crypt_data->keys[i].key, sizeof(crypt_data->keys[i].key)); + *key_length= MY_AES_BLOCK_SIZE; mutex_exit(&crypt_data->mutex); return; } @@ -231,24 +231,15 @@ fil_crypt_get_key(byte *dst, uint* key_length, } } - if (has_encryption_key(version)) { - int rc; - *key_length = get_encryption_key_size(version); + *key_length= MY_AES_MAX_KEY_LENGTH; + int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length); + if (rc) { - rc = get_encryption_key(version, (unsigned char*)keybuf, *key_length); - - if (rc != CRYPT_KEY_OK) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d can not be found. Reason=%d", version, rc); - ut_error; - } - } else { ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d not found", version); + "Key %d can not be found. Reason=%d", version, rc); ut_error; } - // do ctr key initialization if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index abebdd8c61a..2aaa0aa4550 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -117,7 +117,8 @@ log_init_crypt_key( } byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; - if (get_encryption_key(crypt_ver, mysqld_key, MY_AES_BLOCK_SIZE)) + uint keylen= sizeof(mysqld_key); + if (get_encryption_key(crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " From 6a3932fdd0709deed103327511be618104178593 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 31 Mar 2015 19:53:57 +0200 Subject: [PATCH 33/65] use key derivation procedure for all encryption algorithms --- storage/innobase/fil/fil0crypt.cc | 103 +++++++++++------------------- storage/xtradb/fil/fil0crypt.cc | 103 +++++++++++------------------- 2 files changed, 78 insertions(+), 128 deletions(-) diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index eba17d9842b..5020d2345b9 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -240,50 +240,39 @@ fil_crypt_get_key(byte *dst, uint* key_length, ut_error; } - // do ctr key initialization - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) - { - /* Now compute L by encrypting IV using this key. Note - that we use random IV from crypt data. */ - const unsigned char* src = crypt_data->iv; - const int srclen = crypt_data->iv_length; - unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key; - uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key); + /* Now compute L by encrypting IV using this key. Note + that we use random IV from crypt data. */ + const unsigned char* src = crypt_data->iv; + const int srclen = crypt_data->iv_length; + unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key; + uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key); - // call ecb explicit - my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc = (*func)(src, srclen, - buf, &buflen, - (unsigned char*)keybuf, *key_length, - NULL, 0, - 1); + // call ecb explicit + rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen, + (unsigned char*)keybuf, *key_length, NULL, 0, 1); - if (rc != AES_OK) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Unable to encrypt key-block " - " src: %p srclen: %d buf: %p buflen: %d." - " return-code: %d. Can't continue!\n", - src, srclen, buf, buflen, rc); - ut_error; - } - - if (!page_encrypted) { - crypt_data->keys[0].key_version = version; - crypt_data->key_count++; - - if (crypt_data->key_count > array_elements(crypt_data->keys)) { - crypt_data->key_count = array_elements(crypt_data->keys); - } - } - - // set the key size to the aes block size because this encrypted data is the key - *key_length = MY_AES_BLOCK_SIZE; - memcpy(dst, buf, buflen); - } else { - // otherwise keybuf contains the right key - memcpy(dst, keybuf, *key_length); + if (rc != AES_OK) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to encrypt key-block " + " src: %p srclen: %d buf: %p buflen: %d." + " return-code: %d. Can't continue!\n", + src, srclen, buf, buflen, rc); + ut_error; } + if (!page_encrypted) { + crypt_data->keys[0].key_version = version; + crypt_data->key_count++; + + if (crypt_data->key_count > array_elements(crypt_data->keys)) { + crypt_data->key_count = array_elements(crypt_data->keys); + } + } + + // set the key size to the aes block size because this encrypted data is the key + *key_length = MY_AES_BLOCK_SIZE; + memcpy(dst, buf, buflen); + mutex_exit(&crypt_data->mutex); } @@ -664,19 +653,12 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, /* Load the iv or counter (depending to the encryption algorithm used) */ unsigned char iv[MY_AES_BLOCK_SIZE]; - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { - // create counter block (C) - mach_write_to_4(iv + 0, space); - ulint space_offset = mach_read_from_4( - src_frame + FIL_PAGE_OFFSET); - mach_write_to_4(iv + 4, space_offset); - mach_write_to_8(iv + 8, lsn); - } else { - // Get random IV from crypt_data - mutex_enter(&crypt_data->mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } + // create counter block (C) + mach_write_to_4(iv + 0, space); + ulint space_offset = mach_read_from_4( + src_frame + FIL_PAGE_OFFSET); + mach_write_to_4(iv + 4, space_offset); + mach_write_to_8(iv + 8, lsn); ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED); ibool page_encrypted = fil_space_is_page_encrypted(space); @@ -858,18 +840,11 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, // get the iv unsigned char iv[MY_AES_BLOCK_SIZE]; - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { - // create counter block + // create counter block - mach_write_to_4(iv + 0, space); - mach_write_to_4(iv + 4, offset); - mach_write_to_8(iv + 8, lsn); - } else { - // Get random IV from crypt_data - mutex_enter(&crypt_data->mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } + mach_write_to_4(iv + 0, space); + mach_write_to_4(iv + 4, offset); + mach_write_to_8(iv + 8, lsn); const byte* src = src_frame + FIL_PAGE_DATA; byte* dst = dst_frame + FIL_PAGE_DATA; diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index f17fee926ca..24592e6a11d 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -240,50 +240,39 @@ fil_crypt_get_key(byte *dst, uint* key_length, ut_error; } - // do ctr key initialization - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) - { - /* Now compute L by encrypting IV using this key. Note - that we use random IV from crypt data. */ - const unsigned char* src = crypt_data->iv; - const int srclen = crypt_data->iv_length; - unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key; - uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key); + /* Now compute L by encrypting IV using this key. Note + that we use random IV from crypt data. */ + const unsigned char* src = crypt_data->iv; + const int srclen = crypt_data->iv_length; + unsigned char* buf = page_encrypted ? keybuf : crypt_data->keys[0].key; + uint32 buflen = page_encrypted ? *key_length : sizeof(crypt_data->keys[0].key); - // call ecb explicit - my_aes_encrypt_dynamic_type func = get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc = (*func)(src, srclen, - buf, &buflen, - (unsigned char*)keybuf, *key_length, - NULL, 0, - 1); + // call ecb explicit + rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen, + (unsigned char*)keybuf, *key_length, NULL, 0, 1); - if (rc != AES_OK) { - ib_logf(IB_LOG_LEVEL_FATAL, - "Unable to encrypt key-block " - " src: %p srclen: %d buf: %p buflen: %d." - " return-code: %d. Can't continue!\n", - src, srclen, buf, buflen, rc); - ut_error; - } - - if (!page_encrypted) { - crypt_data->keys[0].key_version = version; - crypt_data->key_count++; - - if (crypt_data->key_count > array_elements(crypt_data->keys)) { - crypt_data->key_count = array_elements(crypt_data->keys); - } - } - - // set the key size to the aes block size because this encrypted data is the key - *key_length = MY_AES_BLOCK_SIZE; - memcpy(dst, buf, buflen); - } else { - // otherwise keybuf contains the right key - memcpy(dst, keybuf, *key_length); + if (rc != AES_OK) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unable to encrypt key-block " + " src: %p srclen: %d buf: %p buflen: %d." + " return-code: %d. Can't continue!\n", + src, srclen, buf, buflen, rc); + ut_error; } + if (!page_encrypted) { + crypt_data->keys[0].key_version = version; + crypt_data->key_count++; + + if (crypt_data->key_count > array_elements(crypt_data->keys)) { + crypt_data->key_count = array_elements(crypt_data->keys); + } + } + + // set the key size to the aes block size because this encrypted data is the key + *key_length = MY_AES_BLOCK_SIZE; + memcpy(dst, buf, buflen); + mutex_exit(&crypt_data->mutex); } @@ -664,19 +653,12 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, /* Load the iv or counter (depending to the encryption algorithm used) */ unsigned char iv[MY_AES_BLOCK_SIZE]; - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { - // create counter block (C) - mach_write_to_4(iv + 0, space); - ulint space_offset = mach_read_from_4( - src_frame + FIL_PAGE_OFFSET); - mach_write_to_4(iv + 4, space_offset); - mach_write_to_8(iv + 8, lsn); - } else { - // Get random IV from crypt_data - mutex_enter(&crypt_data->mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } + // create counter block (C) + mach_write_to_4(iv + 0, space); + ulint space_offset = mach_read_from_4( + src_frame + FIL_PAGE_OFFSET); + mach_write_to_4(iv + 4, space_offset); + mach_write_to_8(iv + 8, lsn); ibool page_compressed = (mach_read_from_2(src_frame+FIL_PAGE_TYPE) == FIL_PAGE_PAGE_COMPRESSED); ibool page_encrypted = fil_space_is_page_encrypted(space); @@ -858,18 +840,11 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, // get the iv unsigned char iv[MY_AES_BLOCK_SIZE]; - if (current_aes_dynamic_method == MY_AES_ALGORITHM_CTR) { - // create counter block + // create counter block - mach_write_to_4(iv + 0, space); - mach_write_to_4(iv + 4, offset); - mach_write_to_8(iv + 8, lsn); - } else { - // Get random IV from crypt_data - mutex_enter(&crypt_data->mutex); - memcpy(iv, crypt_data->iv, crypt_data->iv_length); - mutex_exit(&crypt_data->mutex); - } + mach_write_to_4(iv + 0, space); + mach_write_to_4(iv + 4, offset); + mach_write_to_8(iv + 8, lsn); const byte* src = src_frame + FIL_PAGE_DATA; byte* dst = dst_frame + FIL_PAGE_DATA; From 6d3dace7d95bfa9627e524787d076124afc7e773 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 8 Apr 2015 10:57:32 +0200 Subject: [PATCH 34/65] mtr: don't disable tests in suite.pm unnecessary only those tests should be disabled in suite.pm that cannot be disabled from mysqltest files (e.g. when the server is started with a special command-line option - unknown option will abort the server before mysqltest will start its checks). --- mysql-test/suite.pm | 6 ------ 1 file changed, 6 deletions(-) diff --git a/mysql-test/suite.pm b/mysql-test/suite.pm index 220c15eb172..5eafd4e2ffd 100644 --- a/mysql-test/suite.pm +++ b/mysql-test/suite.pm @@ -70,12 +70,6 @@ sub skip_combinations { unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/ and $1 ge "1.0.1"; - $skip{'include/have_example_key_management_plugin.inc'} = 'no example_key_management_plugin' - unless $ENV{EXAMPLE_KEY_MANAGEMENT_PLUGIN_SO}; - - $skip{'include/have_file_key_management_plugin.inc'} = 'no file_key_management_plugin' - unless $ENV{FILE_KEY_MANAGEMENT_PLUGIN_SO}; - %skip; } From 9ccafffc29526ea30151eb3e62901bfdb77aaf84 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 27 Mar 2015 09:45:22 +0100 Subject: [PATCH 35/65] rename "encryption key management plugin" to "encryption plugin" because it's going to do more than just key management --- cmake/abi_check.cmake | 2 +- include/mysql/plugin.h | 2 +- ...on_key_management.h => plugin_encryption.h} | 12 ++++++------ ..._management.h.pp => plugin_encryption.h.pp} | 2 +- include/mysql/service_encryption_keys.h | 2 +- .../suite/plugins/r/show_all_plugins.result | 2 +- .../debug_key_management_plugin.cc | 8 ++++---- .../example_key_management_plugin.cc | 8 ++++---- .../file_key_management_plugin.cc | 8 ++++---- sql/encryption_keys.cc | 12 ++++++------ sql/sql_plugin.cc | 18 +++++++++--------- storage/innobase/log/log0crypt.cc | 2 +- storage/xtradb/log/log0crypt.cc | 2 +- 13 files changed, 40 insertions(+), 40 deletions(-) rename include/mysql/{plugin_encryption_key_management.h => plugin_encryption.h} (87%) rename include/mysql/{plugin_encryption_key_management.h.pp => plugin_encryption.h.pp} (99%) diff --git a/cmake/abi_check.cmake b/cmake/abi_check.cmake index aff6c437c3b..8a7e14b6f2d 100644 --- a/cmake/abi_check.cmake +++ b/cmake/abi_check.cmake @@ -44,7 +44,7 @@ IF(CMAKE_COMPILER_IS_GNUCC AND RUN_ABI_CHECK) ${CMAKE_SOURCE_DIR}/include/mysql/client_plugin.h ${CMAKE_SOURCE_DIR}/include/mysql/plugin_auth.h ${CMAKE_SOURCE_DIR}/include/mysql/plugin_password_validation.h - ${CMAKE_SOURCE_DIR}/include/mysql/plugin_encryption_key_management.h + ${CMAKE_SOURCE_DIR}/include/mysql/plugin_encryption.h ) ADD_CUSTOM_TARGET(abi_check ALL diff --git a/include/mysql/plugin.h b/include/mysql/plugin.h index 6a4e5448fa9..09026514a88 100644 --- a/include/mysql/plugin.h +++ b/include/mysql/plugin.h @@ -92,7 +92,7 @@ typedef struct st_mysql_xid MYSQL_XID; /* MariaDB plugin types */ #define MariaDB_PASSWORD_VALIDATION_PLUGIN 8 -#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN 9 +#define MariaDB_ENCRYPTION_PLUGIN 9 /* We use the following strings to define licenses for plugins */ #define PLUGIN_LICENSE_PROPRIETARY 0 diff --git a/include/mysql/plugin_encryption_key_management.h b/include/mysql/plugin_encryption.h similarity index 87% rename from include/mysql/plugin_encryption_key_management.h rename to include/mysql/plugin_encryption.h index a7fc379962b..43697096f04 100644 --- a/include/mysql/plugin_encryption_key_management.h +++ b/include/mysql/plugin_encryption.h @@ -1,4 +1,4 @@ -#ifndef MYSQL_PLUGIN_ENCRYPTION_KEY_MANAGEMENT_INCLUDED +#ifndef MYSQL_PLUGIN_ENCRYPTION_INCLUDED /* Copyright (C) 2014 Sergei Golubchik and MariaDB This program is free software; you can redistribute it and/or modify @@ -17,25 +17,25 @@ /** @file - Encryption key Management Plugin API. + Encryption Plugin API. This file defines the API for server plugins that manage encryption keys for MariaDB on-disk data encryption. */ -#define MYSQL_PLUGIN_ENCRYPTION_KEY_MANAGEMENT_INCLUDED +#define MYSQL_PLUGIN_ENCRYPTION_INCLUDED #include -#define MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION 0x0200 +#define MariaDB_ENCRYPTION_INTERFACE_VERSION 0x0200 #define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0) #define KEY_BUFFER_TOO_SMALL (100) /** - Encryption key management plugin descriptor + Encryption plugin descriptor */ -struct st_mariadb_encryption_key_management +struct st_mariadb_encryption { int interface_version; /**< version plugin uses */ diff --git a/include/mysql/plugin_encryption_key_management.h.pp b/include/mysql/plugin_encryption.h.pp similarity index 99% rename from include/mysql/plugin_encryption_key_management.h.pp rename to include/mysql/plugin_encryption.h.pp index fb39b807d1c..a09e0e0543b 100644 --- a/include/mysql/plugin_encryption_key_management.h.pp +++ b/include/mysql/plugin_encryption.h.pp @@ -362,7 +362,7 @@ void *thd_get_ha_data(const void* thd, const struct handlerton *hton); void thd_set_ha_data(void* thd, const struct handlerton *hton, const void *ha_data); void thd_wakeup_subsequent_commits(void* thd, int wakeup_error); -struct st_mariadb_encryption_key_management +struct st_mariadb_encryption { int interface_version; unsigned int (*get_latest_key_version)(); diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h index 69304899405..f162bba3cff 100644 --- a/include/mysql/service_encryption_keys.h +++ b/include/mysql/service_encryption_keys.h @@ -18,7 +18,7 @@ @file encryption keys service - Functions to get encryption keys and IV from the encryption key management plugin + Functions to get encryption keys from the encryption plugin */ #ifdef __cplusplus diff --git a/mysql-test/suite/plugins/r/show_all_plugins.result b/mysql-test/suite/plugins/r/show_all_plugins.result index f656811674e..f07bafe3536 100644 --- a/mysql-test/suite/plugins/r/show_all_plugins.result +++ b/mysql-test/suite/plugins/r/show_all_plugins.result @@ -21,7 +21,7 @@ Name Status Type Library License EXAMPLE NOT INSTALLED STORAGE ENGINE ha_example.so GPL UNUSABLE NOT INSTALLED DAEMON ha_example.so GPL daemon_example NOT INSTALLED DAEMON libdaemon_example.so GPL -example_key_management NOT INSTALLED ENCRYPTION KEY MANAGEMENT example_key_management.so GPL +example_key_management NOT INSTALLED ENCRYPTION example_key_management.so GPL three_attempts NOT INSTALLED AUTHENTICATION dialog_examples.so GPL two_questions NOT INSTALLED AUTHENTICATION dialog_examples.so GPL show status like '%libraries%'; diff --git a/plugin/debug_key_management/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc index 7ade1b8fde7..9843c08d8bf 100644 --- a/plugin/debug_key_management/debug_key_management_plugin.cc +++ b/plugin/debug_key_management/debug_key_management_plugin.cc @@ -24,7 +24,7 @@ */ #include -#include +#include #include #include @@ -61,8 +61,8 @@ static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigne return 0; } -struct st_mariadb_encryption_key_management debug_key_management_plugin= { - MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, +struct st_mariadb_encryption debug_key_management_plugin= { + MariaDB_ENCRYPTION_INTERFACE_VERSION, get_latest_key_version, get_key }; @@ -72,7 +72,7 @@ struct st_mariadb_encryption_key_management debug_key_management_plugin= { */ maria_declare_plugin(debug_key_management) { - MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, + MariaDB_ENCRYPTION_PLUGIN, &debug_key_management_plugin, "debug_key_management", "Sergei Golubchik", diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc index 28cae3c311e..5ced65a7088 100644 --- a/plugin/example_key_management/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -28,7 +28,7 @@ #include #include #include -#include +#include #include #include #include "sql_class.h" @@ -101,8 +101,8 @@ static int example_key_management_plugin_deinit(void *p) return 0; } -struct st_mariadb_encryption_key_management example_key_management_plugin= { - MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, +struct st_mariadb_encryption example_key_management_plugin= { + MariaDB_ENCRYPTION_INTERFACE_VERSION, get_latest_key_version, get_key }; @@ -112,7 +112,7 @@ struct st_mariadb_encryption_key_management example_key_management_plugin= { */ maria_declare_plugin(example_key_management) { - MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, + MariaDB_ENCRYPTION_PLUGIN, &example_key_management_plugin, "example_key_management", "Jonas Oreland", diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index 60007e4487d..be623706051 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -16,7 +16,7 @@ #include "parser.h" #include -#include +#include #include static char* filename; @@ -94,8 +94,8 @@ static int file_key_management_plugin_init(void *p) return parser.parse(&keys); } -struct st_mariadb_encryption_key_management file_key_management_plugin= { - MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION, +struct st_mariadb_encryption file_key_management_plugin= { + MariaDB_ENCRYPTION_INTERFACE_VERSION, get_highest_key_used_in_key_file, get_key_from_key_file }; @@ -105,7 +105,7 @@ struct st_mariadb_encryption_key_management file_key_management_plugin= { */ maria_declare_plugin(file_key_management) { - MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, + MariaDB_ENCRYPTION_PLUGIN, &file_key_management_plugin, "file_key_management", "Denis Endro eperi GmbH", diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index 7a07581722b..b31ec270a8f 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -1,11 +1,11 @@ #include -#include +#include #include "log.h" #include "sql_plugin.h" -/* there can be only one encryption key management plugin enabled */ +/* there can be only one encryption plugin enabled */ static plugin_ref encryption_key_manager= 0; -static struct st_mariadb_encryption_key_management *handle; +static struct st_mariadb_encryption *handle; unsigned int get_latest_encryption_key_version() { @@ -34,7 +34,7 @@ uint get_encryption_key(uint version, uchar* key, uint *size) return BAD_ENCRYPTION_KEY_VERSION; } -int initialize_encryption_key_management_plugin(st_plugin_int *plugin) +int initialize_encryption_plugin(st_plugin_int *plugin) { if (encryption_key_manager) return 1; @@ -47,12 +47,12 @@ int initialize_encryption_key_management_plugin(st_plugin_int *plugin) } encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); - handle= (struct st_mariadb_encryption_key_management*) + handle= (struct st_mariadb_encryption*) plugin->plugin->info; return 0; } -int finalize_encryption_key_management_plugin(st_plugin_int *plugin) +int finalize_encryption_plugin(st_plugin_int *plugin) { if (plugin->plugin->deinit && plugin->plugin->deinit(NULL)) { diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index 5c4a7b5af97..0c9ac6b6cb8 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -37,7 +37,7 @@ #include "lock.h" // MYSQL_LOCK_IGNORE_TIMEOUT #include #include -#include +#include #include "sql_plugin_compat.h" #define REPORT_TO_LOG 1 @@ -91,7 +91,7 @@ const LEX_STRING plugin_type_names[MYSQL_MAX_PLUGIN_TYPE_NUM]= { C_STRING_WITH_LEN("REPLICATION") }, { C_STRING_WITH_LEN("AUTHENTICATION") }, { C_STRING_WITH_LEN("PASSWORD VALIDATION") }, - { C_STRING_WITH_LEN("ENCRYPTION KEY MANAGEMENT") } + { C_STRING_WITH_LEN("ENCRYPTION") } }; extern int initialize_schema_table(st_plugin_int *plugin); @@ -100,8 +100,8 @@ extern int finalize_schema_table(st_plugin_int *plugin); extern int initialize_audit_plugin(st_plugin_int *plugin); extern int finalize_audit_plugin(st_plugin_int *plugin); -extern int initialize_encryption_key_management_plugin(st_plugin_int *plugin); -extern int finalize_encryption_key_management_plugin(st_plugin_int *plugin); +extern int initialize_encryption_plugin(st_plugin_int *plugin); +extern int finalize_encryption_plugin(st_plugin_int *plugin); /* The number of elements in both plugin_type_initialize and @@ -111,13 +111,13 @@ extern int finalize_encryption_key_management_plugin(st_plugin_int *plugin); plugin_type_init plugin_type_initialize[MYSQL_MAX_PLUGIN_TYPE_NUM]= { 0, ha_initialize_handlerton, 0, 0,initialize_schema_table, - initialize_audit_plugin, 0, 0, 0, initialize_encryption_key_management_plugin + initialize_audit_plugin, 0, 0, 0, initialize_encryption_plugin }; plugin_type_init plugin_type_deinitialize[MYSQL_MAX_PLUGIN_TYPE_NUM]= { 0, ha_finalize_handlerton, 0, 0, finalize_schema_table, - finalize_audit_plugin, 0, 0, 0, finalize_encryption_key_management_plugin + finalize_audit_plugin, 0, 0, 0, finalize_encryption_plugin }; /* @@ -128,7 +128,7 @@ plugin_type_init plugin_type_deinitialize[MYSQL_MAX_PLUGIN_TYPE_NUM]= static int plugin_type_initialization_order[MYSQL_MAX_PLUGIN_TYPE_NUM]= { MYSQL_DAEMON_PLUGIN, - MariaDB_ENCRYPTION_KEY_MANAGEMENT_PLUGIN, + MariaDB_ENCRYPTION_PLUGIN, MYSQL_STORAGE_ENGINE_PLUGIN, MYSQL_INFORMATION_SCHEMA_PLUGIN, MYSQL_FTPARSER_PLUGIN, @@ -170,7 +170,7 @@ static int min_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]= MYSQL_REPLICATION_INTERFACE_VERSION, MIN_AUTHENTICATION_INTERFACE_VERSION, MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION, - MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION + MariaDB_ENCRYPTION_INTERFACE_VERSION }; static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]= { @@ -183,7 +183,7 @@ static int cur_plugin_info_interface_version[MYSQL_MAX_PLUGIN_TYPE_NUM]= MYSQL_REPLICATION_INTERFACE_VERSION, MYSQL_AUTHENTICATION_INTERFACE_VERSION, MariaDB_PASSWORD_VALIDATION_INTERFACE_VERSION, - MariaDB_ENCRYPTION_KEY_MANAGEMENT_INTERFACE_VERSION + MariaDB_ENCRYPTION_INTERFACE_VERSION }; static struct diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index 2aaa0aa4550..4a7474761a3 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -32,7 +32,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "srv0start.h" // for srv_start_lsn #include "log0recv.h" // for recv_sys -#include "mysql/plugin_encryption_key_management.h" // for BAD_ENCRYPTION_KEY_VERSION +#include "mysql/plugin_encryption.h" // for BAD_ENCRYPTION_KEY_VERSION #include "ha_prototypes.h" // IB_LOG_ /* If true, enable redo log encryption. */ diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index 2aaa0aa4550..4a7474761a3 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -32,7 +32,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "srv0start.h" // for srv_start_lsn #include "log0recv.h" // for recv_sys -#include "mysql/plugin_encryption_key_management.h" // for BAD_ENCRYPTION_KEY_VERSION +#include "mysql/plugin_encryption.h" // for BAD_ENCRYPTION_KEY_VERSION #include "ha_prototypes.h" // IB_LOG_ /* If true, enable redo log encryption. */ From bb1b61b312088ba9f5f2cb606594b6f33c284402 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 31 Mar 2015 19:32:35 +0200 Subject: [PATCH 36/65] encryption plugin controls the encryption * no --encryption-algorithm option anymore * encrypt/decrypt methods in the encryption plugin * ecnrypt/decrypt methods in the encryption_km service * file_km plugin has --file-key-management-encryption-algorithm * debug_km always uses aes_cbc * example_km changes between aes_cbc and aes_ecb for different key versions --- include/my_aes.h | 80 --------- include/my_crypt.h | 62 +++---- include/mysql/plugin_audit.h.pp | 17 ++ include/mysql/plugin_auth.h.pp | 17 ++ include/mysql/plugin_encryption.h | 8 +- include/mysql/plugin_encryption.h.pp | 19 +++ include/mysql/plugin_ftparser.h.pp | 17 ++ include/mysql/plugin_password_validation.h.pp | 17 ++ include/mysql/service_encryption_keys.h | 25 ++- .../encryption_algorithms.combinations | 7 +- .../have_example_key_management_plugin.inc | 2 - .../have_file_key_management_plugin.inc | 2 +- mysql-test/r/mysqld--help.result | 5 - .../suite/plugins/t/filekeys_plugin.opt | 1 - .../r/encryption_algorithm_basic.result | 7 - .../sys_vars/r/sysvars_server_embedded.result | 14 -- .../r/sysvars_server_notembedded.result | 14 -- .../t/encryption_algorithm_basic.test | 13 -- mysys_ssl/my_aes.cc | 154 ------------------ mysys_ssl/my_crypt.cc | 78 ++++----- .../debug_key_management_plugin.cc | 3 +- .../example_key_management_plugin.cc | 48 ++++-- .../file_key_management_plugin.cc | 57 ++++++- sql/encryption_keys.cc | 51 ++++++ sql/item_strfunc.h | 4 +- sql/mysqld.cc | 8 - sql/sql_plugin_services.h | 4 +- sql/sys_vars.cc | 8 - storage/innobase/fil/fil0crypt.cc | 16 +- storage/innobase/include/log0crypt.h | 2 + storage/innobase/log/log0crypt.cc | 20 +-- storage/maria/ma_check_standalone.h | 35 ++++ storage/maria/ma_crypt.c | 21 +-- storage/xtradb/fil/fil0crypt.cc | 16 +- storage/xtradb/include/log0crypt.h | 2 + storage/xtradb/log/log0crypt.cc | 20 +-- 36 files changed, 401 insertions(+), 473 deletions(-) delete mode 100644 mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result delete mode 100644 mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test diff --git a/include/my_aes.h b/include/my_aes.h index 824fa5540ef..b5df86fb5ab 100644 --- a/include/my_aes.h +++ b/include/my_aes.h @@ -24,8 +24,6 @@ #include -typedef int Crypt_result; - #define AES_OK 0 #define AES_BAD_DATA -1 #define AES_BAD_IV -2 @@ -49,84 +47,6 @@ typedef int Crypt_result; C_MODE_START -/** - Crypt buffer with AES dynamic (defined at startup) encryption algorithm. - - SYNOPSIS - my_aes_encrypt_dynamic() - @param source [in] Pointer to data for encryption - @param source_length [in] Size of encryption data - @param dest [out] Buffer to place encrypted data (must be large enough) - @param dest_length [out] Pointer to size of encrypted data - @param key [in] Key to be used for encryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] if set, algorithm specific padding behaviour is used - - Method used defined by calling my_aes_init_dynamic_encrypt() at startup. - - @return - != 0 error - 0 no error -*/ - -typedef int (*my_aes_encrypt_dynamic_type)(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint noPadding); - -extern MYSQL_PLUGIN_IMPORT my_aes_encrypt_dynamic_type my_aes_encrypt_dynamic; - -/** - AES decryption AES dynamic (defined at startup) encryption algorithm. - - SYNOPSIS - my_aes_decrypt_dynamic() - @param source [in] Pointer to data to decrypt - @param source_length [in] Size of data - @param dest [out] Buffer to place decrypted data (must be large enough) - @param dest_length [out] Pointer to size of decrypted data - @param key [in] Key to be used for decryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] if set, algorithm specific padding behaviour is used - - @return - != 0 error - 0 no error - - Method used defined by calling my_aes_init_dynamic_encrypt() at startup. -*/ - -typedef int (*my_aes_decrypt_dynamic_type)(const uchar *source, - uint32 source_length, - uchar *dest, uint32 *dest_length, - const uchar *key, uint8 key_length, - const uchar *iv, uint8 iv_length, - uint noPadding); -extern MYSQL_PLUGIN_IMPORT my_aes_decrypt_dynamic_type my_aes_decrypt_dynamic; - -/** - Initialize dynamic crypt functions -*/ - -enum enum_my_aes_encryption_algorithm -{ - MY_AES_ALGORITHM_NONE, MY_AES_ALGORITHM_ECB, MY_AES_ALGORITHM_CBC, - MY_AES_ALGORITHM_CTR -}; - -my_aes_decrypt_dynamic_type get_aes_decrypt_func(enum enum_my_aes_encryption_algorithm method); -my_aes_encrypt_dynamic_type get_aes_encrypt_func(enum enum_my_aes_encryption_algorithm method); - - -my_bool my_aes_init_dynamic_encrypt(enum enum_my_aes_encryption_algorithm method); - -extern MYSQL_PLUGIN_IMPORT enum enum_my_aes_encryption_algorithm current_aes_dynamic_method; - int my_aes_get_size(int source_length); C_MODE_END diff --git a/include/my_crypt.h b/include/my_crypt.h index 83665659178..c6cddbd99e3 100644 --- a/include/my_crypt.h +++ b/include/my_crypt.h @@ -26,45 +26,45 @@ C_MODE_START #ifdef HAVE_EncryptAes128Ctr -Crypt_result my_aes_encrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint no_padding); +int my_aes_encrypt_ctr(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const unsigned char* key, uint key_length, + const unsigned char* iv, uint iv_length, + int no_padding); -Crypt_result my_aes_decrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint no_padding); +int my_aes_decrypt_ctr(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const unsigned char* key, uint key_length, + const unsigned char* iv, uint iv_length, + int no_padding); #endif -Crypt_result my_aes_encrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint no_padding); +int my_aes_encrypt_cbc(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const unsigned char* key, uint key_length, + const unsigned char* iv, uint iv_length, + int no_padding); -Crypt_result my_aes_decrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint no_padding); +int my_aes_decrypt_cbc(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const unsigned char* key, uint key_length, + const unsigned char* iv, uint iv_length, + int no_padding); -Crypt_result my_aes_encrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint no_padding); +int my_aes_encrypt_ecb(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const unsigned char* key, uint key_length, + const unsigned char* iv, uint iv_length, + int no_padding); -Crypt_result my_aes_decrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint no_padding); +int my_aes_decrypt_ecb(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const unsigned char* key, uint key_length, + const unsigned char* iv, uint iv_length, + int no_padding); -Crypt_result my_random_bytes(uchar* buf, int num); +int my_random_bytes(uchar* buf, int num); C_MODE_END diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index c4661e2b383..30647a7c331 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); #include +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encrypt_data_func; + encrypt_decrypt_func decrypt_data_func; } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); +int encrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); +int decrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index 09986993139..e821a7d1bfb 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); #include +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encrypt_data_func; + encrypt_decrypt_func decrypt_data_func; } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); +int encrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); +int decrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_encryption.h b/include/mysql/plugin_encryption.h index 43697096f04..a91a53c8ad5 100644 --- a/include/mysql/plugin_encryption.h +++ b/include/mysql/plugin_encryption.h @@ -1,5 +1,5 @@ #ifndef MYSQL_PLUGIN_ENCRYPTION_INCLUDED -/* Copyright (C) 2014 Sergei Golubchik and MariaDB +/* Copyright (C) 2014, 2015 Sergei Golubchik and MariaDB This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,9 +29,6 @@ #define MariaDB_ENCRYPTION_INTERFACE_VERSION 0x0200 -#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0) -#define KEY_BUFFER_TOO_SMALL (100) - /** Encryption plugin descriptor */ @@ -68,6 +65,9 @@ struct st_mariadb_encryption */ unsigned int (*get_key)(unsigned int version, unsigned char *key, unsigned int *key_length); + + encrypt_decrypt_func encrypt; + encrypt_decrypt_func decrypt; }; #endif diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp index a09e0e0543b..100928f0b19 100644 --- a/include/mysql/plugin_encryption.h.pp +++ b/include/mysql/plugin_encryption.h.pp @@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); #include +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encrypt_data_func; + encrypt_decrypt_func decrypt_data_func; } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); +int encrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); +int decrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); struct st_mysql_xid { long formatID; long gtrid_length; @@ -368,4 +385,6 @@ struct st_mariadb_encryption unsigned int (*get_latest_key_version)(); unsigned int (*get_key)(unsigned int version, unsigned char *key, unsigned int *key_length); + encrypt_decrypt_func encrypt; + encrypt_decrypt_func decrypt; }; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index e9315f4fe83..0c58e6912ca 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); #include +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encrypt_data_func; + encrypt_decrypt_func decrypt_data_func; } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); +int encrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); +int decrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index a82d5fd9150..8ab0f680815 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -198,14 +198,31 @@ void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); #include +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encrypt_data_func; + encrypt_decrypt_func decrypt_data_func; } *encryption_keys_service; unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); +int encrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); +int decrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h index f162bba3cff..105146d00a5 100644 --- a/include/mysql/service_encryption_keys.h +++ b/include/mysql/service_encryption_keys.h @@ -25,10 +25,21 @@ extern "C" { #endif +#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0) +#define KEY_BUFFER_TOO_SMALL (100) + +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); + extern struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encrypt_data_func; + encrypt_decrypt_func decrypt_data_func; } *encryption_keys_service; #ifdef MYSQL_DYNAMIC_PLUGIN @@ -36,13 +47,23 @@ extern struct encryption_keys_service_st { #define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func() #define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) #define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) - +#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) #else unsigned int get_latest_encryption_key_version(); unsigned int has_encryption_key(unsigned int version); unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); - +int encrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); +int decrypt_data(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); #endif #ifdef __cplusplus diff --git a/mysql-test/include/encryption_algorithms.combinations b/mysql-test/include/encryption_algorithms.combinations index 09c1e91e1cd..f8598401e5f 100644 --- a/mysql-test/include/encryption_algorithms.combinations +++ b/mysql-test/include/encryption_algorithms.combinations @@ -1,8 +1,5 @@ [cbc] -encryption-algorithm=aes_cbc - -[ecb] -encryption-algorithm=aes_ecb +file-key-management-encryption-algorithm=aes_cbc [ctr] -encryption-algorithm=aes_ctr +file-key-management-encryption-algorithm=aes_ctr diff --git a/mysql-test/include/have_example_key_management_plugin.inc b/mysql-test/include/have_example_key_management_plugin.inc index d04aad2532f..a87d3256ee0 100644 --- a/mysql-test/include/have_example_key_management_plugin.inc +++ b/mysql-test/include/have_example_key_management_plugin.inc @@ -1,5 +1,3 @@ --- source encryption_algorithms.inc - if (!$EXAMPLE_KEY_MANAGEMENT_SO) { --skip Needs example_key_management diff --git a/mysql-test/include/have_file_key_management_plugin.inc b/mysql-test/include/have_file_key_management_plugin.inc index f85214332f7..baada3a7d47 100644 --- a/mysql-test/include/have_file_key_management_plugin.inc +++ b/mysql-test/include/have_file_key_management_plugin.inc @@ -1,4 +1,4 @@ --- source encryption_algorithms.inc +--source encryption_algorithms.inc if (!$FILE_KEY_MANAGEMENT_SO) { diff --git a/mysql-test/r/mysqld--help.result b/mysql-test/r/mysqld--help.result index 7d59ecd1dc2..3bd5e296ec9 100644 --- a/mysql-test/r/mysqld--help.result +++ b/mysql-test/r/mysqld--help.result @@ -165,10 +165,6 @@ The following options may be given as the first argument: --encrypt-tmp-disk-tables Encrypt tmp disk tables (created as part of query execution) - --encryption-algorithm=name - Which encryption algorithm to use for table encryption. - aes_cbc is the recommended one.. One of: none, aes_ecb, - aes_cbc, aes_ctr --enforce-storage-engine=name Force the use of a storage engine for new tables --event-scheduler[=name] @@ -1151,7 +1147,6 @@ delayed-insert-timeout 300 delayed-queue-size 1000 div-precision-increment 4 encrypt-tmp-disk-tables FALSE -encryption-algorithm none enforce-storage-engine (No default value) event-scheduler OFF expensive-subquery-limit 100 diff --git a/mysql-test/suite/plugins/t/filekeys_plugin.opt b/mysql-test/suite/plugins/t/filekeys_plugin.opt index 43d00186d59..b42e6266e66 100644 --- a/mysql-test/suite/plugins/t/filekeys_plugin.opt +++ b/mysql-test/suite/plugins/t/filekeys_plugin.opt @@ -1,2 +1 @@ --plugin-load-add=$FILE_KEY_MANAGEMENT_SO ---encryption-algorithm=aes_cbc diff --git a/mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result b/mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result deleted file mode 100644 index a9101b0f950..00000000000 --- a/mysql-test/suite/sys_vars/r/encryption_algorithm_basic.result +++ /dev/null @@ -1,7 +0,0 @@ -select @@global.encryption_algorithm; -@@global.encryption_algorithm -none -select @@session.encryption_algorithm; -ERROR HY000: Variable 'encryption_algorithm' is a GLOBAL variable -set global encryption_algorithm="none"; -ERROR HY000: Variable 'encryption_algorithm' is a read only variable diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result b/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result index e72678c5243..21d4ea85dd9 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result +++ b/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result @@ -681,20 +681,6 @@ NUMERIC_BLOCK_SIZE 1 ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED -VARIABLE_NAME ENCRYPTION_ALGORITHM -SESSION_VALUE NULL -GLOBAL_VALUE none -GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE none -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE ENUM -VARIABLE_COMMENT Which encryption algorithm to use for table encryption. aes_cbc is the recommended one. -NUMERIC_MIN_VALUE NULL -NUMERIC_MAX_VALUE NULL -NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST none,aes_ecb,aes_cbc,aes_ctr -READ_ONLY YES -COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME ENCRYPT_TMP_DISK_TABLES SESSION_VALUE NULL GLOBAL_VALUE OFF diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result index 7908300bf8f..ea4019e65cc 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result +++ b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result @@ -695,20 +695,6 @@ NUMERIC_BLOCK_SIZE 1 ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED -VARIABLE_NAME ENCRYPTION_ALGORITHM -SESSION_VALUE NULL -GLOBAL_VALUE none -GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE none -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE ENUM -VARIABLE_COMMENT Which encryption algorithm to use for table encryption. aes_cbc is the recommended one. -NUMERIC_MIN_VALUE NULL -NUMERIC_MAX_VALUE NULL -NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST none,aes_ecb,aes_cbc,aes_ctr -READ_ONLY YES -COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME ENCRYPT_TMP_DISK_TABLES SESSION_VALUE NULL GLOBAL_VALUE OFF diff --git a/mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test b/mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test deleted file mode 100644 index 065453eba34..00000000000 --- a/mysql-test/suite/sys_vars/t/encryption_algorithm_basic.test +++ /dev/null @@ -1,13 +0,0 @@ -# bool global - -# exists as global only -# -select @@global.encryption_algorithm; ---error ER_INCORRECT_GLOBAL_LOCAL_VAR -select @@session.encryption_algorithm; - -# -# show that it's not writable -# ---error 1238 -set global encryption_algorithm="none"; diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc index 97af3c39381..069d8d74ab2 100644 --- a/mysys_ssl/my_aes.cc +++ b/mysys_ssl/my_aes.cc @@ -18,164 +18,10 @@ #include #include -/** - Encryption interface that doesn't do anything (for testing) - - SYNOPSIS - my_aes_encrypt_none() - @param source [in] Pointer to data for encryption - @param source_length [in] Size of encryption data - @param dest [out] Buffer to place encrypted data (must be large enough) - @param dest_length [out] Pointer to size of encrypted data - @param key [in] Key to be used for encryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] unused - @return - != 0 error - 0 no error -*/ - -static int my_aes_encrypt_none(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) -{ - memcpy(dest, source, source_length); - *dest_length= source_length; - return 0; -} - - -/** - Decryption interface that doesn't do anything (for testing) - - SYNOPSIS - my_aes_decrypt_none() - @param source [in] Pointer to data to decrypt - @param source_length [in] Size of data - @param dest [out] Buffer to place decrypted data (must be large enough) - @param dest_length [out] Pointer to size of decrypted data - @param key [in] Key to be used for decryption - @param key_length [in] Length of the key. 16, 24 or 32 - @param iv [in] Iv to be used for encryption - @param iv_length [in] Length of the iv. should be 16. - @param noPadding [in] unused - - @return - != 0 error - 0 no error -*/ - -int my_aes_decrypt_none(const uchar* source, uint32 source_length, - uchar* dest, uint32 *dest_length, - const unsigned char* key, uint8 key_length, - const unsigned char* iv, uint8 iv_length, - uint noPadding) -{ - memcpy(dest, source, source_length); - *dest_length= source_length; - return 0; -} - /** Initialize encryption methods */ -my_aes_decrypt_dynamic_type my_aes_decrypt_dynamic= my_aes_decrypt_none; -my_aes_encrypt_dynamic_type my_aes_encrypt_dynamic= my_aes_encrypt_none; -enum_my_aes_encryption_algorithm current_aes_dynamic_method= MY_AES_ALGORITHM_NONE; - -my_bool my_aes_init_dynamic_encrypt(enum_my_aes_encryption_algorithm method) -{ - switch (method) - { - /* used for encrypting tables */ - case MY_AES_ALGORITHM_ECB: - my_aes_encrypt_dynamic= my_aes_encrypt_ecb; - my_aes_decrypt_dynamic= my_aes_decrypt_ecb; - break; - case MY_AES_ALGORITHM_CBC: - my_aes_encrypt_dynamic= my_aes_encrypt_cbc; - my_aes_decrypt_dynamic= my_aes_decrypt_cbc; - break; -#ifdef HAVE_EncryptAes128Ctr - /* encrypt everything, with a set of keys */ - case MY_AES_ALGORITHM_CTR: - my_aes_encrypt_dynamic= my_aes_encrypt_ctr; - my_aes_decrypt_dynamic= my_aes_decrypt_ctr; - break; -#endif - /* Simulate encrypting interface */ - case MY_AES_ALGORITHM_NONE: - my_aes_encrypt_dynamic= my_aes_encrypt_none; - my_aes_decrypt_dynamic= my_aes_decrypt_none; - break; - default: - return 1; - } - current_aes_dynamic_method= method; - return 0; -} - -my_aes_decrypt_dynamic_type -get_aes_decrypt_func(enum_my_aes_encryption_algorithm method) -{ - switch (method) - { - /* used for encrypting tables */ - case MY_AES_ALGORITHM_ECB: - return my_aes_decrypt_ecb; - break; - case MY_AES_ALGORITHM_CBC: - return my_aes_decrypt_cbc; - break; -#ifdef HAVE_EncryptAes128Ctr - /* encrypt everything, with a set of keys */ - case MY_AES_ALGORITHM_CTR: - return my_aes_decrypt_ctr; - break; -#endif - /* Simulate encrypting interface */ - case MY_AES_ALGORITHM_NONE: - return my_aes_decrypt_none; - break; - default: - return NULL; - } - return NULL; -} - -my_aes_encrypt_dynamic_type -get_aes_encrypt_func(enum_my_aes_encryption_algorithm method) -{ - switch (method) - { - /* used for encrypting tables */ - case MY_AES_ALGORITHM_ECB: - return my_aes_encrypt_ecb; - break; - case MY_AES_ALGORITHM_CBC: - return my_aes_encrypt_cbc; - break; -#ifdef HAVE_EncryptAes128Ctr - /* encrypt everything, with a set of keys */ - case MY_AES_ALGORITHM_CTR: - return my_aes_encrypt_ctr; - break; -#endif - /* Simulate encrypting interface */ - case MY_AES_ALGORITHM_NONE: - return my_aes_encrypt_none; - break; - default: - return NULL; - } - return NULL; -} - /** Get size of buffer which will be large enough for encrypted data diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 60072a5bbaf..1709ae5e5eb 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -26,8 +26,8 @@ static const Dir CRYPT_ENCRYPT = TaoCrypt::ENCRYPTION; static const Dir CRYPT_DECRYPT = TaoCrypt::DECRYPTION; typedef TaoCrypt::Mode CipherMode; -static inline CipherMode aes_ecb(uint8) { return TaoCrypt::ECB; } -static inline CipherMode aes_cbc(uint8) { return TaoCrypt::CBC; } +static inline CipherMode aes_ecb(uint) { return TaoCrypt::ECB; } +static inline CipherMode aes_cbc(uint) { return TaoCrypt::CBC; } typedef TaoCrypt::byte KeyByte; @@ -42,7 +42,7 @@ static const Dir CRYPT_DECRYPT = 0; typedef const EVP_CIPHER *CipherMode; #define make_aes_dispatcher(mode) \ - static inline CipherMode aes_ ## mode(uint8 key_length) \ + static inline CipherMode aes_ ## mode(uint key_length) \ { \ switch (key_length) { \ case 16: return EVP_aes_128_ ## mode(); \ @@ -67,10 +67,10 @@ struct MyCTX : EVP_CIPHER_CTX { #endif static int do_crypt(CipherMode cipher, Dir dir, - const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const KeyByte *key, uint8 key_length, - const KeyByte *iv, uint8 iv_length, int no_padding) + const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const KeyByte *key, uint key_length, + const KeyByte *iv, uint iv_length, int no_padding) { int tail= source_length % MY_AES_BLOCK_SIZE; @@ -123,8 +123,8 @@ static int do_crypt(CipherMode cipher, Dir dir, EVP_CIPHER_CTX_set_padding(&ctx, !no_padding); - DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == key_length); - DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == iv_length); + DBUG_ASSERT(EVP_CIPHER_CTX_key_length(&ctx) == (int)key_length); + DBUG_ASSERT(EVP_CIPHER_CTX_iv_length(&ctx) == (int)iv_length); DBUG_ASSERT(EVP_CIPHER_CTX_block_size(&ctx) == MY_AES_BLOCK_SIZE || !no_padding); /* use built-in OpenSSL padding, if possible */ @@ -164,11 +164,11 @@ C_MODE_START #ifdef HAVE_EncryptAes128Ctr -int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_encrypt_ctr(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { /* CTR is a stream cipher mode, it needs no special padding code */ return do_crypt(aes_ctr(key_length), CRYPT_ENCRYPT, source, source_length, @@ -176,11 +176,11 @@ int my_aes_encrypt_ctr(const uchar* source, uint32 source_length, } -int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_decrypt_ctr(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_ctr(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, 0); @@ -188,41 +188,41 @@ int my_aes_decrypt_ctr(const uchar* source, uint32 source_length, #endif /* HAVE_EncryptAes128Ctr */ -int my_aes_encrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_encrypt_ecb(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_ecb(key_length), CRYPT_ENCRYPT, source, source_length, dest, dest_length, key, key_length, 0, 0, no_padding); } -int my_aes_decrypt_ecb(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_decrypt_ecb(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_ecb(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, 0, 0, no_padding); } -int my_aes_encrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_encrypt_cbc(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_cbc(key_length), CRYPT_ENCRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, no_padding); } -int my_aes_decrypt_cbc(const uchar* source, uint32 source_length, - uchar* dest, uint32* dest_length, - const uchar* key, uint8 key_length, - const uchar* iv, uint8 iv_length, - uint no_padding) +int my_aes_decrypt_cbc(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding) { return do_crypt(aes_cbc(key_length), CRYPT_DECRYPT, source, source_length, dest, dest_length, key, key_length, iv, iv_length, no_padding); diff --git a/plugin/debug_key_management/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc index 9843c08d8bf..5b42c70c772 100644 --- a/plugin/debug_key_management/debug_key_management_plugin.cc +++ b/plugin/debug_key_management/debug_key_management_plugin.cc @@ -64,7 +64,8 @@ static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigne struct st_mariadb_encryption debug_key_management_plugin= { MariaDB_ENCRYPTION_INTERFACE_VERSION, get_latest_key_version, - get_key + get_key, + 0, 0 // use default encrypt/decrypt functions }; /* diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc index 5ced65a7088..dd8416504a0 100644 --- a/plugin/example_key_management/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -27,11 +27,9 @@ #include #include -#include #include -#include #include -#include "sql_class.h" +#include /* rotate key randomly between 45 and 90 seconds */ #define KEY_ROTATION_MIN 45 @@ -61,12 +59,12 @@ get_latest_key_version() static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) { - if (*buflen < MD5_HASH_SIZE) + if (*buflen < MY_MD5_HASH_SIZE) { - *buflen= MD5_HASH_SIZE; + *buflen= MY_MD5_HASH_SIZE; return KEY_BUFFER_TOO_SMALL; } - *buflen= MD5_HASH_SIZE; + *buflen= MY_MD5_HASH_SIZE; if (!dstbuf) return 0; @@ -75,21 +73,35 @@ get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) return 0; } +/* + for the sake of an example, let's use different encryption algorithms/modes + for different keys. +*/ +int encrypt(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version) +{ + return ((key_version & 1) ? my_aes_encrypt_cbc : my_aes_encrypt_ecb) + (src, slen, dst, dlen, key, klen, iv, ivlen, no_padding); +} + +int decrypt(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version) +{ + return ((key_version & 1) ? my_aes_decrypt_cbc : my_aes_decrypt_ecb) + (src, slen, dst, dlen, key, klen, iv, ivlen, no_padding); +} + static int example_key_management_plugin_init(void *p) { /* init */ my_rnd_init(&seed, time(0), 0); get_latest_key_version(); - - if (current_aes_dynamic_method == MY_AES_ALGORITHM_NONE) - { - sql_print_error("No encryption method choosen with --encryption-algorithm. " - "example_key_management_plugin disabled"); - return 1; - } - - my_aes_init_dynamic_encrypt(current_aes_dynamic_method); - pthread_mutex_init(&mutex, NULL); return 0; @@ -104,7 +116,9 @@ static int example_key_management_plugin_deinit(void *p) struct st_mariadb_encryption example_key_management_plugin= { MariaDB_ENCRYPTION_INTERFACE_VERSION, get_latest_key_version, - get_key + get_key, + encrypt, + decrypt }; /* diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index be623706051..d7edeb73665 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -15,12 +15,28 @@ #include "parser.h" -#include #include #include static char* filename; static char* filekey; +static unsigned long encryption_algorithm; + +static const char *encryption_algorithm_names[]= +{ + "aes_cbc", +#ifdef HAVE_EncryptAes128Ctr + "aes_ctr", +#endif + 0 +}; + +static TYPELIB encryption_algorithm_typelib= +{ + array_elements(encryption_algorithm_names)-1,"", + encryption_algorithm_names, NULL +}; + static MYSQL_SYSVAR_STR(filename, filename, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, @@ -32,9 +48,15 @@ static MYSQL_SYSVAR_STR(filekey, filekey, "Key to encrypt / decrypt the keyfile.", NULL, NULL, ""); +static MYSQL_SYSVAR_ENUM(encryption_algorithm, encryption_algorithm, + PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, + "Encryption algorithm to use.", + NULL, NULL, 0, &encryption_algorithm_typelib); + static struct st_mysql_sys_var* settings[] = { MYSQL_SYSVAR(filename), MYSQL_SYSVAR(filekey), + MYSQL_SYSVAR(encryption_algorithm), NULL }; @@ -88,18 +110,37 @@ static unsigned int get_key_from_key_file(unsigned int key_id, return 0; } -static int file_key_management_plugin_init(void *p) -{ - Parser parser(filename, filekey); - return parser.parse(&keys); -} - struct st_mariadb_encryption file_key_management_plugin= { MariaDB_ENCRYPTION_INTERFACE_VERSION, get_highest_key_used_in_key_file, - get_key_from_key_file + get_key_from_key_file, + 0,0 }; +static int file_key_management_plugin_init(void *p) +{ + Parser parser(filename, filekey); + switch (encryption_algorithm) { + case 0: // AES_CBC + file_key_management_plugin.encrypt= + (encrypt_decrypt_func)my_aes_encrypt_cbc; + file_key_management_plugin.decrypt= + (encrypt_decrypt_func)my_aes_decrypt_cbc; + break; +#ifdef HAVE_EncryptAes128Ctr + case 1: // AES_CTR + file_key_management_plugin.encrypt= + (encrypt_decrypt_func)my_aes_encrypt_ctr; + file_key_management_plugin.decrypt= + (encrypt_decrypt_func)my_aes_decrypt_ctr; + break; +#endif + default: + return 1; // cannot happen + } + return parser.parse(&keys); +} + /* Plugin library descriptor */ diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index b31ec270a8f..8a9a17a5452 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -1,7 +1,23 @@ +/* Copyright (C) 2015 MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + #include #include #include "log.h" #include "sql_plugin.h" +#include /* there can be only one encryption plugin enabled */ static plugin_ref encryption_key_manager= 0; @@ -34,6 +50,34 @@ uint get_encryption_key(uint version, uchar* key, uint *size) return BAD_ENCRYPTION_KEY_VERSION; } +int encrypt_data(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding, uint key_version) +{ + if (encryption_key_manager) + return handle->encrypt(source, source_length, + dest, dest_length, key, key_length, + iv, iv_length, no_padding, key_version); + return 1; +} + + +int decrypt_data(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding, uint key_version) +{ + if (encryption_key_manager) + return handle->decrypt(source, source_length, + dest, dest_length, key, key_length, + iv, iv_length, no_padding, key_version); + return 1; +} + + int initialize_encryption_plugin(st_plugin_int *plugin) { if (encryption_key_manager) @@ -49,6 +93,13 @@ int initialize_encryption_plugin(st_plugin_int *plugin) encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); handle= (struct st_mariadb_encryption*) plugin->plugin->info; + + /* default encryption algorithm */ + if (!handle->encrypt) + handle->encrypt= (encrypt_decrypt_func)my_aes_encrypt_cbc; + if (!handle->decrypt) + handle->decrypt= (encrypt_decrypt_func)my_aes_decrypt_cbc; + return 0; } diff --git a/sql/item_strfunc.h b/sql/item_strfunc.h index e11d2c41bc6..ca699b28245 100644 --- a/sql/item_strfunc.h +++ b/sql/item_strfunc.h @@ -142,7 +142,9 @@ class Item_aes_crypt :public Item_str_func void create_key(String *user_key, uchar* key); protected: - my_aes_encrypt_dynamic_type crypt; + int (*crypt)(const uchar* src, uint slen, uchar* dst, uint* dlen, + const uchar* key, uint klen, const uchar* iv, uint ivlen, + int no_padding); public: Item_aes_crypt(Item *a, Item *b) :Item_str_func(a,b) {} diff --git a/sql/mysqld.cc b/sql/mysqld.cc index da432063c0a..c002a9d7d46 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -630,7 +630,6 @@ char *mysqld_unix_port, *opt_mysql_tmpdir; ulong thread_handling; my_bool encrypt_tmp_disk_tables; -ulong encryption_algorithm; /** name of reference on left expression in rewritten IN subquery */ const char *in_left_expr_name= ""; @@ -4804,13 +4803,6 @@ static int init_server_components() my_rnd_init(&sql_rand,(ulong) server_start_time,(ulong) server_start_time/2); setup_fpu(); init_thr_lock(); - if (my_aes_init_dynamic_encrypt((enum_my_aes_encryption_algorithm) - encryption_algorithm)) - { - fprintf(stderr, "Can't initialize encryption algorithm to \"%s\".\nCheck that the program is linked with the right library (openssl?)\n", - encryption_algorithm_names[encryption_algorithm]); - unireg_abort(1); - } #ifndef EMBEDDED_LIBRARY if (init_thr_timer(thread_scheduler->max_threads + extra_max_connections)) diff --git a/sql/sql_plugin_services.h b/sql/sql_plugin_services.h index 4511d8bca59..8deac855a53 100644 --- a/sql/sql_plugin_services.h +++ b/sql/sql_plugin_services.h @@ -143,7 +143,9 @@ static struct encryption_keys_service_st encryption_keys_handler= { get_latest_encryption_key_version, has_encryption_key, - get_encryption_key + get_encryption_key, + encrypt_data, + decrypt_data }; static struct thd_specifics_service_st thd_specifics_handler= diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 9cba8739eee..32935f3404e 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -5168,14 +5168,6 @@ static Sys_var_mybool Sys_encrypt_tmp_disk_tables( GLOBAL_VAR(encrypt_tmp_disk_tables), CMD_LINE(OPT_ARG), DEFAULT(FALSE)); -const char *encryption_algorithm_names[]= -{ "none", "aes_ecb", "aes_cbc", "aes_ctr", 0 }; -static Sys_var_enum Sys_encryption_algorithm( - "encryption_algorithm", - "Which encryption algorithm to use for table encryption. aes_cbc is the recommended one.", - READ_ONLY GLOBAL_VAR(encryption_algorithm),CMD_LINE(REQUIRED_ARG), - encryption_algorithm_names, DEFAULT(0)); - static bool check_pseudo_slave_mode(sys_var *self, THD *thd, set_var *var) { longlong previous_val= thd->variables.pseudo_slave_mode; diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 5020d2345b9..57029c684d4 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -693,11 +693,9 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, srclen = page_size - FIL_PAGE_DATA; } - int rc = (* my_aes_encrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); + int rc = encrypt_data(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -867,11 +865,9 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; } - int rc = (* my_aes_decrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); + int rc = decrypt_data(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index 9c7c0229ba4..8d5f8c61dd1 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -17,6 +17,8 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_OFFSET 0 #define UNENCRYPTED_KEY_VER 0 +typedef int Crypt_result; + /* If true, enable redo log encryption. */ extern my_bool srv_encrypt_log; /* Plain text used by AES_ECB to generate redo log crypt key. */ diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index 4a7474761a3..f2609b9502a 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -32,7 +32,6 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "srv0start.h" // for srv_start_lsn #include "log0recv.h" // for recv_sys -#include "mysql/plugin_encryption.h" // for BAD_ENCRYPTION_KEY_VERSION #include "ha_prototypes.h" // IB_LOG_ /* If true, enable redo log encryption. */ @@ -127,12 +126,10 @@ log_init_crypt_key( } uint32 dst_len; - my_aes_encrypt_dynamic_type func= get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc= (*func)(crypt_msg, MY_AES_BLOCK_SIZE, //src, srclen + int rc= my_aes_encrypt_ecb(crypt_msg, MY_AES_BLOCK_SIZE, //src, srclen key, &dst_len, //dst, &dstlen (unsigned char*)&mysqld_key, sizeof(mysqld_key), - NULL, 0, - 1); + NULL, 0, 1); if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) { @@ -207,11 +204,11 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = (* my_aes_encrypt_dynamic)(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, - 1); + int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)key, 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + recv_sys->recv_log_crypt_ver); ut_a(rc == AES_OK); ut_a(dst_len == src_len); @@ -266,8 +263,7 @@ log_crypt_set_ver_and_key( encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || - vkey == BAD_ENCRYPTION_KEY_VERSION || - vkey == (unsigned int)CRYPT_KEY_UNKNOWN) { + vkey == BAD_ENCRYPTION_KEY_VERSION) { encrypted = false; ib_logf(IB_LOG_LEVEL_WARN, diff --git a/storage/maria/ma_check_standalone.h b/storage/maria/ma_check_standalone.h index 241bc7c2739..056d4660a72 100644 --- a/storage/maria/ma_check_standalone.h +++ b/storage/maria/ma_check_standalone.h @@ -23,6 +23,40 @@ void _mi_report_crashed(void *file __attribute__((unused)), { } +unsigned int get_latest_encryption_key_version() +{ + return BAD_ENCRYPTION_KEY_VERSION; +} + +int encrypt_data(const uchar* source __attribute__((unused)), + uint source_length __attribute__((unused)), + uchar* dest __attribute__((unused)), + uint* dest_length __attribute__((unused)), + const uchar* key __attribute__((unused)), + uint key_length __attribute__((unused)), + const uchar* iv __attribute__((unused)), + uint iv_length __attribute__((unused)), + int no_padding __attribute__((unused)), + uint key_version __attribute__((unused))) +{ + return 1; +} + + +int decrypt_data(const uchar* source __attribute__((unused)), + uint source_length __attribute__((unused)), + uchar* dest __attribute__((unused)), + uint* dest_length __attribute__((unused)), + const uchar* key __attribute__((unused)), + uint key_length __attribute__((unused)), + const uchar* iv __attribute__((unused)), + uint iv_length __attribute__((unused)), + int no_padding __attribute__((unused)), + uint key_version __attribute__((unused))) +{ + return 1; +} + /* only those that included myisamchk.h may need and can use the below */ #ifdef _myisamchk_h /* @@ -121,5 +155,6 @@ void _ma_check_print_error(HA_CHECK *param, const char *fmt,...) va_end(args); DBUG_VOID_RETURN; } + #endif diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index c471a246bbf..fabfbe9d584 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -16,7 +16,6 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include -#include "ma_crypt.h" #include "maria_def.h" #include "ma_blockrec.h" #include @@ -291,7 +290,7 @@ void ma_crypt_set_data_pagecache_callbacks(PAGECACHE_FILE *file, __attribute__((unused))) { /* Only use encryption if we have defined it */ - if (likely(current_aes_dynamic_method != MY_AES_ALGORITHM_NONE)) + if (get_latest_encryption_key_version() != BAD_ENCRYPTION_KEY_VERSION) { file->pre_read_hook= ma_crypt_pre_read_hook; file->post_read_hook= ma_crypt_data_post_read_hook; @@ -411,17 +410,16 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, int rc; uint32 dstlen; uchar counter[COUNTER_LEN]; + *key_version= 1; // create counter block memcpy(counter + 0, crypt_data->iv + CRYPT_SCHEME_1_IV_LEN, 4); int4store(counter + 4, pageno); int8store(counter + 8, lsn); - rc = my_aes_encrypt_dynamic(src, size, - dst, &dstlen, - crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), - 1); + rc = encrypt_data(src, size, dst, &dstlen, + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, + counter, sizeof(counter), 1, *key_version); DBUG_ASSERT(rc == AES_OK); DBUG_ASSERT(dstlen == size); @@ -434,7 +432,6 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, return 1; } - *key_version= 1; return 0; } @@ -452,11 +449,9 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, int4store(counter + 4, pageno); int8store(counter + 8, lsn); - rc = my_aes_decrypt_dynamic(src, size, - dst, &dstlen, - crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), - 1); + rc =decrypt_data(src, size, dst, &dstlen, + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, + counter, sizeof(counter), 1, key_version); DBUG_ASSERT(rc == AES_OK); DBUG_ASSERT(dstlen == size); diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 24592e6a11d..660cfb9417d 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -693,11 +693,9 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, srclen = page_size - FIL_PAGE_DATA; } - int rc = (* my_aes_encrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); + int rc = encrypt_data(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -867,11 +865,9 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; } - int rc = (* my_aes_decrypt_dynamic)(src, srclen, - dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), - 1); + int rc = decrypt_data(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, diff --git a/storage/xtradb/include/log0crypt.h b/storage/xtradb/include/log0crypt.h index 9c7c0229ba4..8d5f8c61dd1 100644 --- a/storage/xtradb/include/log0crypt.h +++ b/storage/xtradb/include/log0crypt.h @@ -17,6 +17,8 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_OFFSET 0 #define UNENCRYPTED_KEY_VER 0 +typedef int Crypt_result; + /* If true, enable redo log encryption. */ extern my_bool srv_encrypt_log; /* Plain text used by AES_ECB to generate redo log crypt key. */ diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index 4a7474761a3..643e3a08ec4 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -32,7 +32,6 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "srv0start.h" // for srv_start_lsn #include "log0recv.h" // for recv_sys -#include "mysql/plugin_encryption.h" // for BAD_ENCRYPTION_KEY_VERSION #include "ha_prototypes.h" // IB_LOG_ /* If true, enable redo log encryption. */ @@ -127,12 +126,10 @@ log_init_crypt_key( } uint32 dst_len; - my_aes_encrypt_dynamic_type func= get_aes_encrypt_func(MY_AES_ALGORITHM_ECB); - int rc= (*func)(crypt_msg, MY_AES_BLOCK_SIZE, //src, srclen + int rc= my_aes_encrypt_ecb(crypt_msg, MY_AES_BLOCK_SIZE, //src, srclen key, &dst_len, //dst, &dstlen (unsigned char*)&mysqld_key, sizeof(mysqld_key), - NULL, 0, - 1); + NULL, 0, 1); if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) { @@ -207,11 +204,11 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = (* my_aes_encrypt_dynamic)(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, - 1); + int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)key, 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + log_sys->redo_log_crypt_ver); ut_a(rc == AES_OK); ut_a(dst_len == src_len); @@ -266,8 +263,7 @@ log_crypt_set_ver_and_key( encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || - vkey == BAD_ENCRYPTION_KEY_VERSION || - vkey == (unsigned int)CRYPT_KEY_UNKNOWN) { + vkey == BAD_ENCRYPTION_KEY_VERSION) { encrypted = false; ib_logf(IB_LOG_LEVEL_WARN, From c0878f64c5c39b9cc21f66a401040a708f4f0792 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 1 Apr 2015 18:26:19 +0200 Subject: [PATCH 37/65] remove wrappers in encryption_keys.cc invoke plugin methods directly --- include/mysql/plugin_audit.h.pp | 18 +--- include/mysql/plugin_auth.h.pp | 18 +--- include/mysql/plugin_encryption.h.pp | 18 +--- include/mysql/plugin_ftparser.h.pp | 18 +--- include/mysql/plugin_password_validation.h.pp | 18 +--- include/mysql/service_encryption_keys.h | 26 +++--- sql/encryption_keys.cc | 91 ++++++++----------- sql/sql_plugin.cc | 3 + sql/sql_plugin_services.h | 9 -- storage/maria/ma_check_standalone.h | 32 +------ 10 files changed, 70 insertions(+), 181 deletions(-) diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index 30647a7c331..0819b053ee3 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -extern struct encryption_keys_service_st { +struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func decrypt_data_func; -} *encryption_keys_service; -unsigned int get_latest_encryption_key_version(); -unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); -int encrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); -int decrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); +}; +extern struct encryption_keys_service_st encryption_keys_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index e821a7d1bfb..c612eda97d1 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -extern struct encryption_keys_service_st { +struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func decrypt_data_func; -} *encryption_keys_service; -unsigned int get_latest_encryption_key_version(); -unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); -int encrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); -int decrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); +}; +extern struct encryption_keys_service_st encryption_keys_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp index 100928f0b19..00eaa7e3095 100644 --- a/include/mysql/plugin_encryption.h.pp +++ b/include/mysql/plugin_encryption.h.pp @@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -extern struct encryption_keys_service_st { +struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func decrypt_data_func; -} *encryption_keys_service; -unsigned int get_latest_encryption_key_version(); -unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); -int encrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); -int decrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); +}; +extern struct encryption_keys_service_st encryption_keys_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index 0c58e6912ca..26a2e17c53a 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -extern struct encryption_keys_service_st { +struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func decrypt_data_func; -} *encryption_keys_service; -unsigned int get_latest_encryption_key_version(); -unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); -int encrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); -int decrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); +}; +extern struct encryption_keys_service_st encryption_keys_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index 8ab0f680815..9d9e2e8f25d 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -203,26 +203,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -extern struct encryption_keys_service_st { +struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func decrypt_data_func; -} *encryption_keys_service; -unsigned int get_latest_encryption_key_version(); -unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); -int encrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); -int decrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); +}; +extern struct encryption_keys_service_st encryption_keys_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h index 105146d00a5..93e96650758 100644 --- a/include/mysql/service_encryption_keys.h +++ b/include/mysql/service_encryption_keys.h @@ -34,16 +34,18 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -extern struct encryption_keys_service_st { +struct encryption_keys_service_st { unsigned int (*get_latest_encryption_key_version_func)(); unsigned int (*has_encryption_key_func)(unsigned int); unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encrypt_data_func; encrypt_decrypt_func decrypt_data_func; -} *encryption_keys_service; +}; #ifdef MYSQL_DYNAMIC_PLUGIN +extern struct encryption_keys_service_st *encryption_keys_service; + #define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func() #define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) #define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) @@ -51,19 +53,13 @@ extern struct encryption_keys_service_st { #define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) #else -unsigned int get_latest_encryption_key_version(); -unsigned int has_encryption_key(unsigned int version); -unsigned int get_encryption_key(unsigned int version, unsigned char* key, unsigned int *keybufsize); -int encrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); -int decrypt_data(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); +extern struct encryption_keys_service_st encryption_keys_handler; + +#define get_latest_encryption_key_version() encryption_keys_handler.get_latest_encryption_key_version_func() +#define has_encryption_key(V) encryption_keys_handler.has_encryption_key_func(V) +#define get_encryption_key(V,K,S) encryption_keys_handler.get_encryption_key_func((V), (K), (S)) +#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) #endif #ifdef __cplusplus diff --git a/sql/encryption_keys.cc b/sql/encryption_keys.cc index 8a9a17a5452..b7afedaa27b 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption_keys.cc @@ -19,61 +19,29 @@ #include "sql_plugin.h" #include +#warning TODO rename to follow single consistent style + /* there can be only one encryption plugin enabled */ static plugin_ref encryption_key_manager= 0; -static struct st_mariadb_encryption *handle; +struct encryption_keys_service_st encryption_keys_handler; -unsigned int get_latest_encryption_key_version() +unsigned int has_key(uint version) { - if (encryption_key_manager) - return handle->get_latest_key_version(); + uint unused; + return get_encryption_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION; +} +uint no_key() +{ return BAD_ENCRYPTION_KEY_VERSION; } -unsigned int has_encryption_key(uint version) +static int no_crypt(const uchar* source, uint source_length, + uchar* dest, uint* dest_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, + int no_padding, uint key_version) { - if (encryption_key_manager) - { - uint unused; - return handle->get_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION; - } - - return 0; -} - -uint get_encryption_key(uint version, uchar* key, uint *size) -{ - if (encryption_key_manager) - return handle->get_key(version, key, size); - - return BAD_ENCRYPTION_KEY_VERSION; -} - -int encrypt_data(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length, - int no_padding, uint key_version) -{ - if (encryption_key_manager) - return handle->encrypt(source, source_length, - dest, dest_length, key, key_length, - iv, iv_length, no_padding, key_version); - return 1; -} - - -int decrypt_data(const uchar* source, uint source_length, - uchar* dest, uint* dest_length, - const uchar* key, uint key_length, - const uchar* iv, uint iv_length, - int no_padding, uint key_version) -{ - if (encryption_key_manager) - return handle->decrypt(source, source_length, - dest, dest_length, key, key_length, - iv, iv_length, no_padding, key_version); return 1; } @@ -91,21 +59,36 @@ int initialize_encryption_plugin(st_plugin_int *plugin) } encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); - handle= (struct st_mariadb_encryption*) - plugin->plugin->info; + st_mariadb_encryption *handle= + (struct st_mariadb_encryption*) plugin->plugin->info; - /* default encryption algorithm */ - if (!handle->encrypt) - handle->encrypt= (encrypt_decrypt_func)my_aes_encrypt_cbc; - if (!handle->decrypt) - handle->decrypt= (encrypt_decrypt_func)my_aes_decrypt_cbc; + encryption_keys_handler.encrypt_data_func= + handle->encrypt ? handle->encrypt + : (encrypt_decrypt_func)my_aes_encrypt_cbc; + + encryption_keys_handler.decrypt_data_func= + handle->decrypt ? handle->decrypt + : (encrypt_decrypt_func)my_aes_decrypt_cbc; + + encryption_keys_handler.get_encryption_key_func= + handle->get_key; + + encryption_keys_handler.get_latest_encryption_key_version_func= + handle->get_latest_key_version; // must be the last return 0; } int finalize_encryption_plugin(st_plugin_int *plugin) { - if (plugin->plugin->deinit && plugin->plugin->deinit(NULL)) + encryption_keys_handler.encrypt_data_func= no_crypt; + encryption_keys_handler.decrypt_data_func= no_crypt; + encryption_keys_handler.has_encryption_key_func= has_key; + encryption_keys_handler.get_encryption_key_func= + (uint (*)(uint, uchar*, uint*))no_key; + encryption_keys_handler.get_latest_encryption_key_version_func= no_key; + + if (plugin && plugin->plugin->deinit && plugin->plugin->deinit(NULL)) { DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.", plugin->name.str)); diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index 0c9ac6b6cb8..ee6650e14e2 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -1562,6 +1562,9 @@ int plugin_init(int *argc, char **argv, int flags) DBUG_ASSERT(strcmp(list_of_services[4].name, "debug_sync_service") == 0); list_of_services[4].service= *(void**)&debug_sync_C_callback_ptr; + /* prepare encryption_keys service */ + finalize_encryption_plugin(0); + mysql_mutex_lock(&LOCK_plugin); initialized= 1; diff --git a/sql/sql_plugin_services.h b/sql/sql_plugin_services.h index 8deac855a53..768797a4381 100644 --- a/sql/sql_plugin_services.h +++ b/sql/sql_plugin_services.h @@ -139,15 +139,6 @@ static struct wsrep_service_st wsrep_handler = { wsrep_unlock_rollback }; -static struct encryption_keys_service_st encryption_keys_handler= -{ - get_latest_encryption_key_version, - has_encryption_key, - get_encryption_key, - encrypt_data, - decrypt_data -}; - static struct thd_specifics_service_st thd_specifics_handler= { thd_key_create, diff --git a/storage/maria/ma_check_standalone.h b/storage/maria/ma_check_standalone.h index 056d4660a72..2b4e8a3560f 100644 --- a/storage/maria/ma_check_standalone.h +++ b/storage/maria/ma_check_standalone.h @@ -23,39 +23,15 @@ void _mi_report_crashed(void *file __attribute__((unused)), { } -unsigned int get_latest_encryption_key_version() +static unsigned int no_key() { return BAD_ENCRYPTION_KEY_VERSION; } -int encrypt_data(const uchar* source __attribute__((unused)), - uint source_length __attribute__((unused)), - uchar* dest __attribute__((unused)), - uint* dest_length __attribute__((unused)), - const uchar* key __attribute__((unused)), - uint key_length __attribute__((unused)), - const uchar* iv __attribute__((unused)), - uint iv_length __attribute__((unused)), - int no_padding __attribute__((unused)), - uint key_version __attribute__((unused))) +struct encryption_keys_service_st encryption_keys_handler= { - return 1; -} - - -int decrypt_data(const uchar* source __attribute__((unused)), - uint source_length __attribute__((unused)), - uchar* dest __attribute__((unused)), - uint* dest_length __attribute__((unused)), - const uchar* key __attribute__((unused)), - uint key_length __attribute__((unused)), - const uchar* iv __attribute__((unused)), - uint iv_length __attribute__((unused)), - int no_padding __attribute__((unused)), - uint key_version __attribute__((unused))) -{ - return 1; -} + no_key, 0, 0, 0, 0 +}; /* only those that included myisamchk.h may need and can use the below */ #ifdef _myisamchk_h From 65e782607031721b22397010bd7be57bbd5f6439 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 1 Apr 2015 21:25:02 +0200 Subject: [PATCH 38/65] renames to follow single consistent naming style with namespace prefixes --- include/mysql/plugin_audit.h.pp | 16 ++-- include/mysql/plugin_auth.h.pp | 16 ++-- include/mysql/plugin_encryption.h.pp | 16 ++-- include/mysql/plugin_ftparser.h.pp | 16 ++-- include/mysql/plugin_password_validation.h.pp | 16 ++-- include/mysql/service_encryption.h | 78 +++++++++++++++++++ include/mysql/service_encryption_keys.h | 71 ----------------- include/mysql/services.h | 2 +- include/service_versions.h | 2 +- libmysqld/CMakeLists.txt | 2 +- libservices/CMakeLists.txt | 2 +- ...on_keys_service.c => encryption_service.c} | 2 +- .../debug_key_management_plugin.cc | 2 +- .../example_key_management_plugin.cc | 2 +- .../file_key_management_plugin.cc | 4 +- sql/CMakeLists.txt | 2 +- sql/{encryption_keys.cc => encryption.cc} | 38 +++++---- sql/sql_plugin_services.h | 2 +- storage/innobase/fil/fil0crypt.cc | 14 ++-- storage/innobase/fil/fil0fil.cc | 2 +- storage/innobase/handler/ha_innodb.cc | 2 +- .../innobase/include/fsp0pageencryption.ic | 6 +- storage/innobase/include/log0crypt.h | 2 +- storage/innobase/log/log0crypt.cc | 8 +- storage/maria/ma_check_standalone.h | 4 +- storage/maria/ma_crypt.c | 14 ++-- storage/xtradb/fil/fil0crypt.cc | 22 +++--- storage/xtradb/fil/fil0fil.cc | 2 +- storage/xtradb/handler/ha_innodb.cc | 2 +- storage/xtradb/include/fsp0pageencryption.ic | 6 +- storage/xtradb/include/log0crypt.h | 2 +- storage/xtradb/log/log0crypt.cc | 16 ++-- 32 files changed, 198 insertions(+), 193 deletions(-) create mode 100644 include/mysql/service_encryption.h delete mode 100644 include/mysql/service_encryption_keys.h rename libservices/{encryption_keys_service.c => encryption_service.c} (90%) rename sql/{encryption_keys.cc => encryption.cc} (69%) diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index 0819b053ee3..c874484288d 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include +#include typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index c612eda97d1..d12e4eb062b 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include +#include typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp index 00eaa7e3095..e1c034271ce 100644 --- a/include/mysql/plugin_encryption.h.pp +++ b/include/mysql/plugin_encryption.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include +#include typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index 26a2e17c53a..f163a58f793 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include +#include typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index 9d9e2e8f25d..94d48543103 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -197,20 +197,20 @@ int thd_key_create(MYSQL_THD_KEY_T *key); void thd_key_delete(MYSQL_THD_KEY_T *key); void* thd_getspecific(void* thd, MYSQL_THD_KEY_T key); int thd_setspecific(void* thd, MYSQL_THD_KEY_T key, void *value); -#include +#include typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, int no_padding, unsigned int key_version); -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; }; -extern struct encryption_keys_service_st encryption_keys_handler; +extern struct encryption_service_st encryption_handler; struct st_mysql_xid { long formatID; long gtrid_length; diff --git a/include/mysql/service_encryption.h b/include/mysql/service_encryption.h new file mode 100644 index 00000000000..ed012bdb7d6 --- /dev/null +++ b/include/mysql/service_encryption.h @@ -0,0 +1,78 @@ +#ifndef MYSQL_SERVICE_ENCRYPTION_INCLUDED +/* Copyright (c) 2015, MariaDB + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ + +/** + @file + encryption service + + Functions to support data encryption and encryption key management. + They are normally implemented in an encryption plugin, so this service + connects encryption *consumers* (storage engines) to the encryption + *provider* (encryption plugin). +*/ + +#ifdef __cplusplus +extern "C" { +#endif + +/* returned from encryption_key_get_latest_version() */ +#define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0) +#define ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED (0) + +/* returned from encryption_key_get() */ +#define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100) + +typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, + unsigned char* dst, unsigned int* dlen, + const unsigned char* key, unsigned int klen, + const unsigned char* iv, unsigned int ivlen, + int no_padding, unsigned int key_version); + +struct encryption_service_st { + unsigned int (*encryption_key_get_latest_version_func)(); + unsigned int (*encryption_key_exists_func)(unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + encrypt_decrypt_func encryption_encrypt_func; + encrypt_decrypt_func encryption_decrypt_func; +}; + +#ifdef MYSQL_DYNAMIC_PLUGIN + +extern struct encryption_service_st *encryption_service; + +#define encryption_key_get_latest_version() encryption_service->encryption_key_get_latest_version_func() +#define encryption_key_exists(V) encryption_service->encryption_key_exists_func(V) +#define encryption_key_get(V,K,S) encryption_service->encryption_key_get_func((V), (K), (S)) +#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#else + +extern struct encryption_service_st encryption_handler; + +#define encryption_key_get_latest_version() encryption_handler.encryption_key_get_latest_version_func() +#define encryption_key_exists(V) encryption_handler.encryption_key_exists_func(V) +#define encryption_key_get(V,K,S) encryption_handler.encryption_key_get_func((V), (K), (S)) +#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#endif + +#ifdef __cplusplus +} +#endif + +#define MYSQL_SERVICE_ENCRYPTION_INCLUDED +#endif + diff --git a/include/mysql/service_encryption_keys.h b/include/mysql/service_encryption_keys.h deleted file mode 100644 index 93e96650758..00000000000 --- a/include/mysql/service_encryption_keys.h +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED -/* Copyright (c) 2015, MariaDB - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -/** - @file - encryption keys service - - Functions to get encryption keys from the encryption plugin -*/ - -#ifdef __cplusplus -extern "C" { -#endif - -#define BAD_ENCRYPTION_KEY_VERSION (~(unsigned int)0) -#define KEY_BUFFER_TOO_SMALL (100) - -typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, - unsigned char* dst, unsigned int* dlen, - const unsigned char* key, unsigned int klen, - const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); - -struct encryption_keys_service_st { - unsigned int (*get_latest_encryption_key_version_func)(); - unsigned int (*has_encryption_key_func)(unsigned int); - unsigned int (*get_encryption_key_func)(unsigned int, unsigned char*, unsigned int*); - encrypt_decrypt_func encrypt_data_func; - encrypt_decrypt_func decrypt_data_func; -}; - -#ifdef MYSQL_DYNAMIC_PLUGIN - -extern struct encryption_keys_service_st *encryption_keys_service; - -#define get_latest_encryption_key_version() encryption_keys_service->get_latest_encryption_key_version_func() -#define has_encryption_key(V) encryption_keys_service->has_encryption_key_func(V) -#define get_encryption_key(V,K,S) encryption_keys_service->get_encryption_key_func((V), (K), (S)) -#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_service->decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#else - -extern struct encryption_keys_service_st encryption_keys_handler; - -#define get_latest_encryption_key_version() encryption_keys_handler.get_latest_encryption_key_version_func() -#define has_encryption_key(V) encryption_keys_handler.has_encryption_key_func(V) -#define get_encryption_key(V,K,S) encryption_keys_handler.get_encryption_key_func((V), (K), (S)) -#define encrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.encrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#define decrypt_data(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_keys_handler.decrypt_data_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#endif - -#ifdef __cplusplus -} -#endif - -#define MYSQL_SERVICE_ENCRYPTION_KEYS_INCLUDED -#endif - diff --git a/include/mysql/services.h b/include/mysql/services.h index 764e05b4dd1..f8f41b19bd9 100644 --- a/include/mysql/services.h +++ b/include/mysql/services.h @@ -32,7 +32,7 @@ extern "C" { #include #include #include -#include +#include /*#include */ #ifdef __cplusplus diff --git a/include/service_versions.h b/include/service_versions.h index d25d9507dff..0f3d8af5723 100644 --- a/include/service_versions.h +++ b/include/service_versions.h @@ -35,5 +35,5 @@ #define VERSION_thd_autoinc 0x0100 #define VERSION_thd_error_context 0x0100 #define VERSION_thd_specifics 0x0100 -#define VERSION_encryption_keys 0x0200 +#define VERSION_encryption 0x0200 diff --git a/libmysqld/CMakeLists.txt b/libmysqld/CMakeLists.txt index 7168c67e57e..33037d1b32c 100644 --- a/libmysqld/CMakeLists.txt +++ b/libmysqld/CMakeLists.txt @@ -105,7 +105,7 @@ SET(SQL_EMBEDDED_SOURCES emb_qcache.cc libmysqld.c lib_sql.cc ../sql/compat56.cc ../sql/table_cache.cc ../sql/item_inetfunc.cc - ../sql/wsrep_dummy.cc ../sql/encryption_keys.cc + ../sql/wsrep_dummy.cc ../sql/encryption.cc ${GEN_SOURCES} ${MYSYS_LIBWRAP_SOURCE} ) diff --git a/libservices/CMakeLists.txt b/libservices/CMakeLists.txt index 74055ee5b11..1dc472612e6 100644 --- a/libservices/CMakeLists.txt +++ b/libservices/CMakeLists.txt @@ -28,7 +28,7 @@ SET(MYSQLSERVICES_SOURCES my_sha1_service.c my_md5_service.c wsrep_service.c - encryption_keys_service.c + encryption_service.c kill_statement_service.c logger_service.c) diff --git a/libservices/encryption_keys_service.c b/libservices/encryption_service.c similarity index 90% rename from libservices/encryption_keys_service.c rename to libservices/encryption_service.c index 81fc7def201..f57575ae3e8 100644 --- a/libservices/encryption_keys_service.c +++ b/libservices/encryption_service.c @@ -14,4 +14,4 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ #include -SERVICE_VERSION encryption_keys_service= (void*)VERSION_encryption_keys; +SERVICE_VERSION encryption_service= (void*)VERSION_encryption; diff --git a/plugin/debug_key_management/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc index 5b42c70c772..a389a8ab04b 100644 --- a/plugin/debug_key_management/debug_key_management_plugin.cc +++ b/plugin/debug_key_management/debug_key_management_plugin.cc @@ -50,7 +50,7 @@ static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigne if (*buflen < KEY_SIZE) { *buflen= KEY_SIZE; - return KEY_BUFFER_TOO_SMALL; + return ENCRYPTION_KEY_BUFFER_TOO_SMALL; } *buflen= KEY_SIZE; if (!dstbuf) diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc index dd8416504a0..b26e42d598a 100644 --- a/plugin/example_key_management/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -62,7 +62,7 @@ get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) if (*buflen < MY_MD5_HASH_SIZE) { *buflen= MY_MD5_HASH_SIZE; - return KEY_BUFFER_TOO_SMALL; + return ENCRYPTION_KEY_BUFFER_TOO_SMALL; } *buflen= MY_MD5_HASH_SIZE; if (!dstbuf) diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index d7edeb73665..bf193c252b3 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -95,12 +95,12 @@ static unsigned int get_key_from_key_file(unsigned int key_id, keyentry* entry = get_key(key_id); if (entry == NULL) - return BAD_ENCRYPTION_KEY_VERSION; + return ENCRYPTION_KEY_VERSION_INVALID; if (*buflen < entry->length) { *buflen= entry->length; - return KEY_BUFFER_TOO_SMALL; + return ENCRYPTION_KEY_BUFFER_TOO_SMALL; } *buflen= entry->length; diff --git a/sql/CMakeLists.txt b/sql/CMakeLists.txt index 8c426d010f8..f44c2f6bad0 100644 --- a/sql/CMakeLists.txt +++ b/sql/CMakeLists.txt @@ -117,7 +117,7 @@ SET (SQL_SOURCE my_json_writer.cc my_json_writer.h rpl_gtid.cc rpl_parallel.cc ${WSREP_SOURCES} - table_cache.cc encryption_keys.cc + table_cache.cc encryption.cc ${CMAKE_CURRENT_BINARY_DIR}/sql_builtin.cc ${GEN_SOURCES} ${MYSYS_LIBWRAP_SOURCE} diff --git a/sql/encryption_keys.cc b/sql/encryption.cc similarity index 69% rename from sql/encryption_keys.cc rename to sql/encryption.cc index b7afedaa27b..81f6d1820cd 100644 --- a/sql/encryption_keys.cc +++ b/sql/encryption.cc @@ -19,21 +19,19 @@ #include "sql_plugin.h" #include -#warning TODO rename to follow single consistent style - /* there can be only one encryption plugin enabled */ -static plugin_ref encryption_key_manager= 0; -struct encryption_keys_service_st encryption_keys_handler; +static plugin_ref encryption_manager= 0; +struct encryption_service_st encryption_handler; unsigned int has_key(uint version) { uint unused; - return get_encryption_key(version, NULL, &unused) != BAD_ENCRYPTION_KEY_VERSION; + return encryption_key_get(version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID; } uint no_key() { - return BAD_ENCRYPTION_KEY_VERSION; + return ENCRYPTION_KEY_VERSION_INVALID; } static int no_crypt(const uchar* source, uint source_length, @@ -48,7 +46,7 @@ static int no_crypt(const uchar* source, uint source_length, int initialize_encryption_plugin(st_plugin_int *plugin) { - if (encryption_key_manager) + if (encryption_manager) return 1; if (plugin->plugin->init && plugin->plugin->init(plugin)) @@ -58,22 +56,22 @@ int initialize_encryption_plugin(st_plugin_int *plugin) return 1; } - encryption_key_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); + encryption_manager= plugin_lock(NULL, plugin_int_to_ref(plugin)); st_mariadb_encryption *handle= (struct st_mariadb_encryption*) plugin->plugin->info; - encryption_keys_handler.encrypt_data_func= + encryption_handler.encryption_encrypt_func= handle->encrypt ? handle->encrypt : (encrypt_decrypt_func)my_aes_encrypt_cbc; - encryption_keys_handler.decrypt_data_func= + encryption_handler.encryption_decrypt_func= handle->decrypt ? handle->decrypt : (encrypt_decrypt_func)my_aes_decrypt_cbc; - encryption_keys_handler.get_encryption_key_func= + encryption_handler.encryption_key_get_func= handle->get_key; - encryption_keys_handler.get_latest_encryption_key_version_func= + encryption_handler.encryption_key_get_latest_version_func= handle->get_latest_key_version; // must be the last return 0; @@ -81,21 +79,21 @@ int initialize_encryption_plugin(st_plugin_int *plugin) int finalize_encryption_plugin(st_plugin_int *plugin) { - encryption_keys_handler.encrypt_data_func= no_crypt; - encryption_keys_handler.decrypt_data_func= no_crypt; - encryption_keys_handler.has_encryption_key_func= has_key; - encryption_keys_handler.get_encryption_key_func= + encryption_handler.encryption_encrypt_func= no_crypt; + encryption_handler.encryption_decrypt_func= no_crypt; + encryption_handler.encryption_key_exists_func= has_key; + encryption_handler.encryption_key_get_func= (uint (*)(uint, uchar*, uint*))no_key; - encryption_keys_handler.get_latest_encryption_key_version_func= no_key; + encryption_handler.encryption_key_get_latest_version_func= no_key; if (plugin && plugin->plugin->deinit && plugin->plugin->deinit(NULL)) { DBUG_PRINT("warning", ("Plugin '%s' deinit function returned error.", plugin->name.str)); } - if (encryption_key_manager) - plugin_unlock(NULL, encryption_key_manager); - encryption_key_manager= 0; + if (encryption_manager) + plugin_unlock(NULL, encryption_manager); + encryption_manager= 0; return 0; } diff --git a/sql/sql_plugin_services.h b/sql/sql_plugin_services.h index 768797a4381..b848dfb8f6b 100644 --- a/sql/sql_plugin_services.h +++ b/sql/sql_plugin_services.h @@ -161,7 +161,7 @@ static struct st_service_ref list_of_services[]= { "logger_service", VERSION_logger, &logger_service_handler }, { "thd_autoinc_service", VERSION_thd_autoinc, &thd_autoinc_handler }, { "wsrep_service", VERSION_wsrep, &wsrep_handler }, - { "encryption_keys_service", VERSION_encryption_keys, &encryption_keys_handler }, + { "encryption_service", VERSION_encryption, &encryption_handler }, { "thd_specifics_service", VERSION_thd_specifics, &thd_specifics_handler }, { "thd_error_context_service", VERSION_thd_error_context, &thd_error_conext_handler }, }; diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 57029c684d4..345f8f572b8 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -232,7 +232,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, } *key_length= MY_AES_MAX_KEY_LENGTH; - int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length); + int rc = encryption_key_get(version, (unsigned char*)keybuf, key_length); if (rc) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -285,7 +285,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length, { if (srv_encrypt_tables) { // used for key rotation - get the next key id from the key provider - int rc = get_latest_encryption_key_version(); + int rc = encryption_key_get_latest_version(); // if no new key was created use the last one if (rc >= 0) { @@ -313,7 +313,7 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = get_latest_encryption_key_version(); + crypt_data->min_key_version = encryption_key_get_latest_version(); } mutex_create(fil_crypt_data_mutex_key, @@ -693,7 +693,7 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, srclen = page_size - FIL_PAGE_DATA; } - int rc = encrypt_data(src, srclen, dst, &dstlen, + int rc = encryption_encrypt(src, srclen, dst, &dstlen, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); @@ -865,7 +865,7 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; } - int rc = decrypt_data(src, srclen, dst, &dstlen, + int rc = encryption_decrypt(src, srclen, dst, &dstlen, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); @@ -1007,7 +1007,7 @@ fil_crypt_get_key_state( key_state_t *new_state) { if (srv_encrypt_tables == TRUE) { - new_state->key_version = get_latest_encryption_key_version(); + new_state->key_version = encryption_key_get_latest_version(); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; ut_a(new_state->key_version > 0); } else { @@ -2381,7 +2381,7 @@ fil_space_crypt_get_status( } if (srv_encrypt_tables == TRUE) { - status->current_key_version = get_latest_encryption_key_version(); + status->current_key_version = encryption_key_get_latest_version(); } else { status->current_key_version = 0; } diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 8b0a788b7b9..399b8a63d5a 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -1157,7 +1157,7 @@ fil_space_create( ut_a(fil_system); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* by returning here it should be avoided that * the server crashes, if someone tries to access an * encrypted table and the encryption key is not available. diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 3a5f961a9bb..081f0cf9adc 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -11404,7 +11404,7 @@ ha_innobase::check_table_options( return "PAGE_ENCRYPTION_KEY"; } - if (!has_encryption_key(options->page_encryption_key)) { + if (!encryption_key_exists(options->page_encryption_key)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, diff --git a/storage/innobase/include/fsp0pageencryption.ic b/storage/innobase/include/fsp0pageencryption.ic index b5c3f5ab666..1c341c47006 100644 --- a/storage/innobase/include/fsp0pageencryption.ic +++ b/storage/innobase/include/fsp0pageencryption.ic @@ -146,9 +146,9 @@ fil_page_encryption_status( if (page_type == FIL_PAGE_TYPE_FSP_HDR) { ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* accessing table would surely fail, because no key or no key provider available */ - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; @@ -158,7 +158,7 @@ fil_page_encryption_status( if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!has_encryption_key(key)) { + if (!encryption_key_exists(key)) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index 8d5f8c61dd1..02cbf994e8d 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 -#define UNENCRYPTED_KEY_VER 0 +#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED typedef int Crypt_result; diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index f2609b9502a..596f07b95dc 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -117,7 +117,7 @@ log_init_crypt_key( byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; uint keylen= sizeof(mysqld_key); - if (get_encryption_key(crypt_ver, mysqld_key, &keylen)) + if (encryption_key_get(crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " @@ -204,7 +204,7 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len, + int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, (unsigned char*)key, 16, aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, @@ -259,11 +259,11 @@ log_crypt_set_ver_and_key( if (srv_encrypt_log) { unsigned int vkey; - vkey = get_latest_encryption_key_version(); + vkey = encryption_key_get_latest_version(); encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || - vkey == BAD_ENCRYPTION_KEY_VERSION) { + vkey == ENCRYPTION_KEY_VERSION_INVALID) { encrypted = false; ib_logf(IB_LOG_LEVEL_WARN, diff --git a/storage/maria/ma_check_standalone.h b/storage/maria/ma_check_standalone.h index 2b4e8a3560f..5dc2c601ffd 100644 --- a/storage/maria/ma_check_standalone.h +++ b/storage/maria/ma_check_standalone.h @@ -25,10 +25,10 @@ void _mi_report_crashed(void *file __attribute__((unused)), static unsigned int no_key() { - return BAD_ENCRYPTION_KEY_VERSION; + return ENCRYPTION_KEY_VERSION_INVALID; } -struct encryption_keys_service_st encryption_keys_handler= +struct encryption_service_st encryption_handler= { no_key, 0, 0, 0, 0 }; diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index fabfbe9d584..96f4d54e54a 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -290,7 +290,7 @@ void ma_crypt_set_data_pagecache_callbacks(PAGECACHE_FILE *file, __attribute__((unused))) { /* Only use encryption if we have defined it */ - if (get_latest_encryption_key_version() != BAD_ENCRYPTION_KEY_VERSION) + if (encryption_key_get_latest_version() != ENCRYPTION_KEY_VERSION_INVALID) { file->pre_read_hook= ma_crypt_pre_read_hook; file->post_read_hook= ma_crypt_data_post_read_hook; @@ -417,9 +417,9 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, int4store(counter + 4, pageno); int8store(counter + 8, lsn); - rc = encrypt_data(src, size, dst, &dstlen, - crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), 1, *key_version); + rc = encryption_encrypt(src, size, dst, &dstlen, + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, + counter, sizeof(counter), 1, *key_version); DBUG_ASSERT(rc == AES_OK); DBUG_ASSERT(dstlen == size); @@ -449,9 +449,9 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, int4store(counter + 4, pageno); int8store(counter + 8, lsn); - rc =decrypt_data(src, size, dst, &dstlen, - crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), 1, key_version); + rc =encryption_decrypt(src, size, dst, &dstlen, + crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, + counter, sizeof(counter), 1, key_version); DBUG_ASSERT(rc == AES_OK); DBUG_ASSERT(dstlen == size); diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 660cfb9417d..9f94ba8145f 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -232,7 +232,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, } *key_length= MY_AES_MAX_KEY_LENGTH; - int rc = get_encryption_key(version, (unsigned char*)keybuf, key_length); + int rc = encryption_key_get(version, (unsigned char*)keybuf, key_length); if (rc) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -285,7 +285,7 @@ fil_crypt_get_latest_key(byte *dst, uint* key_length, { if (srv_encrypt_tables) { // used for key rotation - get the next key id from the key provider - int rc = get_latest_encryption_key_version(); + int rc = encryption_key_get_latest_version(); // if no new key was created use the last one if (rc >= 0) { @@ -313,7 +313,7 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = get_latest_encryption_key_version(); + crypt_data->min_key_version = encryption_key_get_latest_version(); } mutex_create(fil_crypt_data_mutex_key, @@ -693,9 +693,9 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, srclen = page_size - FIL_PAGE_DATA; } - int rc = encrypt_data(src, srclen, dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), 1, key_version); + int rc = encryption_encrypt(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -865,9 +865,9 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, srclen = pow((double)2, (double)((int)compressed_len)) - FIL_PAGE_DATA; } - int rc = decrypt_data(src, srclen, dst, &dstlen, - (unsigned char*)key, key_length, - (unsigned char*)iv, sizeof(iv), 1, key_version); + int rc = encryption_decrypt(src, srclen, dst, &dstlen, + (unsigned char*)key, key_length, + (unsigned char*)iv, sizeof(iv), 1, key_version); if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -1007,7 +1007,7 @@ fil_crypt_get_key_state( key_state_t *new_state) { if (srv_encrypt_tables == TRUE) { - new_state->key_version = get_latest_encryption_key_version(); + new_state->key_version = encryption_key_get_latest_version(); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; ut_a(new_state->key_version > 0); } else { @@ -2381,7 +2381,7 @@ fil_space_crypt_get_status( } if (srv_encrypt_tables == TRUE) { - status->current_key_version = get_latest_encryption_key_version(); + status->current_key_version = encryption_key_get_latest_version(); } else { status->current_key_version = 0; } diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 14878f59f7d..3aaab69746f 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -1192,7 +1192,7 @@ fil_space_create( ut_a(fil_system); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* by returning here it should be avoided that * the server crashes, if someone tries to access an * encrypted table and the encryption key is not available. diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 5cc232a3b35..84b8b6dc431 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -11911,7 +11911,7 @@ ha_innobase::check_table_options( return "PAGE_ENCRYPTION_KEY"; } - if (!has_encryption_key(options->page_encryption_key)) { + if (!encryption_key_exists(options->page_encryption_key)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, diff --git a/storage/xtradb/include/fsp0pageencryption.ic b/storage/xtradb/include/fsp0pageencryption.ic index d3137001fc5..6274d6ee737 100644 --- a/storage/xtradb/include/fsp0pageencryption.ic +++ b/storage/xtradb/include/fsp0pageencryption.ic @@ -147,9 +147,9 @@ fil_page_encryption_status( if (page_type == FIL_PAGE_TYPE_FSP_HDR) { ulint flags = mach_read_from_4(FSP_HEADER_OFFSET + FSP_SPACE_FLAGS + buf); if (fsp_flags_is_page_encrypted(flags)) { - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { /* accessing table would surely fail, because no key or no key provider available */ - if (!has_encryption_key(fsp_flags_get_page_encryption_key(flags))) { + if (!encryption_key_exists(fsp_flags_get_page_encryption_key(flags))) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; @@ -159,7 +159,7 @@ fil_page_encryption_status( if(page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!has_encryption_key(key)) { + if (!encryption_key_exists(key)) { return PAGE_ENCRYPTION_KEY_MISSING; } return PAGE_ENCRYPTION_ERROR; diff --git a/storage/xtradb/include/log0crypt.h b/storage/xtradb/include/log0crypt.h index 8d5f8c61dd1..02cbf994e8d 100644 --- a/storage/xtradb/include/log0crypt.h +++ b/storage/xtradb/include/log0crypt.h @@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 -#define UNENCRYPTED_KEY_VER 0 +#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED typedef int Crypt_result; diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index 643e3a08ec4..804bad34392 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -117,7 +117,7 @@ log_init_crypt_key( byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; uint keylen= sizeof(mysqld_key); - if (get_encryption_key(crypt_ver, mysqld_key, &keylen)) + if (encryption_key_get(crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " @@ -204,11 +204,11 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = encrypt_data(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, - log_sys->redo_log_crypt_ver); + int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)key, 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + log_sys->redo_log_crypt_ver); ut_a(rc == AES_OK); ut_a(dst_len == src_len); @@ -259,11 +259,11 @@ log_crypt_set_ver_and_key( if (srv_encrypt_log) { unsigned int vkey; - vkey = get_latest_encryption_key_version(); + vkey = encryption_key_get_latest_version(); encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || - vkey == BAD_ENCRYPTION_KEY_VERSION) { + vkey == ENCRYPTION_KEY_VERSION_INVALID) { encrypted = false; ib_logf(IB_LOG_LEVEL_WARN, From 4d40a7d133b1e5a3241ec673721687158e235be0 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 1 Apr 2015 22:15:11 +0200 Subject: [PATCH 39/65] remove now-empty my_aes.{h,cc} move remaning defines to my_crypt, add MY_ namespace prefix --- include/my_aes.h | 54 ---------------------------- include/my_crypt.h | 50 +++++++++++++++++--------- mysys_ssl/CMakeLists.txt | 1 - mysys_ssl/my_aes.cc | 40 --------------------- mysys_ssl/my_crypt.cc | 39 ++++++++++++++------ sql/item_strfunc.cc | 7 ++-- sql/mysqld.cc | 1 - storage/innobase/fil/fil0crypt.cc | 8 ++--- storage/innobase/include/log0crypt.h | 2 +- storage/innobase/log/log0crypt.cc | 12 +++---- storage/innobase/log/log0log.cc | 10 +++--- storage/maria/ma_crypt.c | 8 ++--- storage/xtradb/fil/fil0crypt.cc | 8 ++--- storage/xtradb/include/log0crypt.h | 2 +- storage/xtradb/log/log0crypt.cc | 12 +++---- storage/xtradb/log/log0log.cc | 10 +++--- 16 files changed, 100 insertions(+), 164 deletions(-) delete mode 100644 include/my_aes.h delete mode 100644 mysys_ssl/my_aes.cc diff --git a/include/my_aes.h b/include/my_aes.h deleted file mode 100644 index b5df86fb5ab..00000000000 --- a/include/my_aes.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright (c) 2002, 2006 MySQL AB, 2009 Sun Microsystems, Inc. - Copyright (c) 2014, 2015 MariaDB Corporation - Use is subject to license terms. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - - -/* Header file for my_aes.c */ -/* Wrapper to give simple interface for MySQL to AES standard encryption */ - -#ifndef MY_AES_INCLUDED -#define MY_AES_INCLUDED - -#include - -#define AES_OK 0 -#define AES_BAD_DATA -1 -#define AES_BAD_IV -2 -#define AES_INVALID -3 -#define AES_OPENSSL_ERROR -4 -#define AES_BAD_KEYSIZE -5 -#define AES_KEY_CREATION_FAILED -10 - -#define CRYPT_KEY_OK 0 -#define CRYPT_BUFFER_TO_SMALL -11 -#define CRYPT_KEY_UNKNOWN -48 - -/* The block size for all supported algorithms */ -#define MY_AES_BLOCK_SIZE 16 - -/* The max key length of all supported algorithms */ -#define MY_AES_MAX_KEY_LENGTH 32 - - -#include "rijndael.h" - -C_MODE_START - -int my_aes_get_size(int source_length); - -C_MODE_END - -#endif /* MY_AES_INCLUDED */ diff --git a/include/my_crypt.h b/include/my_crypt.h index c6cddbd99e3..b760af75bfa 100644 --- a/include/my_crypt.h +++ b/include/my_crypt.h @@ -15,57 +15,73 @@ along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -// TODO: Add Windows support - #ifndef MY_CRYPT_INCLUDED #define MY_CRYPT_INCLUDED -#include +#include -C_MODE_START +#ifdef __cplusplus +extern "C" { +#endif + +/* return values from my_aes_encrypt/my_aes_decrypt functions */ +#define MY_AES_OK 0 +#define MY_AES_BAD_DATA -1 +#define MY_AES_OPENSSL_ERROR -2 +#define MY_AES_BAD_KEYSIZE -3 + +/* The block size for all supported algorithms */ +#define MY_AES_BLOCK_SIZE 16 + +/* The max key length of all supported algorithms */ +#define MY_AES_MAX_KEY_LENGTH 32 #ifdef HAVE_EncryptAes128Ctr int my_aes_encrypt_ctr(const uchar* source, uint source_length, uchar* dest, uint* dest_length, - const unsigned char* key, uint key_length, - const unsigned char* iv, uint iv_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, int no_padding); int my_aes_decrypt_ctr(const uchar* source, uint source_length, uchar* dest, uint* dest_length, - const unsigned char* key, uint key_length, - const unsigned char* iv, uint iv_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, int no_padding); #endif int my_aes_encrypt_cbc(const uchar* source, uint source_length, uchar* dest, uint* dest_length, - const unsigned char* key, uint key_length, - const unsigned char* iv, uint iv_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, int no_padding); int my_aes_decrypt_cbc(const uchar* source, uint source_length, uchar* dest, uint* dest_length, - const unsigned char* key, uint key_length, - const unsigned char* iv, uint iv_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, int no_padding); int my_aes_encrypt_ecb(const uchar* source, uint source_length, uchar* dest, uint* dest_length, - const unsigned char* key, uint key_length, - const unsigned char* iv, uint iv_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, int no_padding); int my_aes_decrypt_ecb(const uchar* source, uint source_length, uchar* dest, uint* dest_length, - const unsigned char* key, uint key_length, - const unsigned char* iv, uint iv_length, + const uchar* key, uint key_length, + const uchar* iv, uint iv_length, int no_padding); int my_random_bytes(uchar* buf, int num); -C_MODE_END +int my_aes_get_size(int source_length); + +#ifdef __cplusplus +} +#endif #endif /* MY_CRYPT_INCLUDED */ diff --git a/mysys_ssl/CMakeLists.txt b/mysys_ssl/CMakeLists.txt index 5eead8d6aaf..8a8f81d70ae 100644 --- a/mysys_ssl/CMakeLists.txt +++ b/mysys_ssl/CMakeLists.txt @@ -33,7 +33,6 @@ IF(WITH_SSL STREQUAL "bundled" AND HAVE_VISIBILITY_HIDDEN) ENDIF() SET(MYSYS_SSL_SOURCES - my_aes.cc my_sha1.cc my_sha2.cc my_md5.cc diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc deleted file mode 100644 index 069d8d74ab2..00000000000 --- a/mysys_ssl/my_aes.cc +++ /dev/null @@ -1,40 +0,0 @@ -/* Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - -#include -#include -#include -#include - -/** - Initialize encryption methods -*/ - -/** - Get size of buffer which will be large enough for encrypted data - - SYNOPSIS - my_aes_get_size() - @param source_length [in] Length of data to be encrypted - - @return - Size of buffer required to store encrypted data -*/ - -int my_aes_get_size(int source_length) -{ - return MY_AES_BLOCK_SIZE * (source_length / MY_AES_BLOCK_SIZE) - + MY_AES_BLOCK_SIZE; -} diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 1709ae5e5eb..3bb8f860c37 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -78,7 +78,7 @@ static int do_crypt(CipherMode cipher, Dir dir, TaoCrypt::AES ctx(dir, cipher); if (unlikely(key_length != 16 && key_length != 24 && key_length != 32)) - return AES_BAD_KEYSIZE; + return MY_AES_BAD_KEYSIZE; ctx.SetKey(key, key_length); if (iv) @@ -106,7 +106,7 @@ static int do_crypt(CipherMode cipher, Dir dir, { int n= dest[source_length - 1]; if (tail || n == 0 || n > MY_AES_BLOCK_SIZE) - return AES_OPENSSL_ERROR; + return MY_AES_BAD_DATA; *dest_length-= n; } } @@ -116,10 +116,10 @@ static int do_crypt(CipherMode cipher, Dir dir, struct MyCTX ctx; if (unlikely(!cipher)) - return AES_BAD_KEYSIZE; + return MY_AES_BAD_KEYSIZE; if (!EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, dir)) - return AES_OPENSSL_ERROR; + return MY_AES_OPENSSL_ERROR; EVP_CIPHER_CTX_set_padding(&ctx, !no_padding); @@ -130,9 +130,9 @@ static int do_crypt(CipherMode cipher, Dir dir, /* use built-in OpenSSL padding, if possible */ if (!EVP_CipherUpdate(&ctx, dest, (int*)dest_length, source, source_length - (no_padding ? tail : 0))) - return AES_OPENSSL_ERROR; + return MY_AES_OPENSSL_ERROR; if (!EVP_CipherFinal_ex(&ctx, dest + *dest_length, &fin)) - return AES_OPENSSL_ERROR; + return MY_AES_BAD_DATA; *dest_length += fin; #endif @@ -146,7 +146,7 @@ static int do_crypt(CipherMode cipher, Dir dir, */ if (unlikely(source_length < MY_AES_BLOCK_SIZE)) - return AES_OPENSSL_ERROR; + return MY_AES_BAD_DATA; const uchar *s= source + source_length - tail; const uchar *e= source + source_length; @@ -157,7 +157,7 @@ static int do_crypt(CipherMode cipher, Dir dir, *dest_length= source_length; } - return AES_OK; + return MY_AES_OK; } C_MODE_START @@ -240,7 +240,7 @@ int my_random_bytes(uchar* buf, int num) { TaoCrypt::RandomNumberGenerator rand; rand.GenerateBlock((TaoCrypt::byte*) buf, num); - return AES_OK; + return MY_AES_OK; } C_MODE_END @@ -261,9 +261,26 @@ int my_random_bytes(uchar* buf, int num) */ RAND_METHOD* rand = RAND_SSLeay(); if (rand == NULL || rand->bytes(buf, num) != 1) - return AES_OPENSSL_ERROR; - return AES_OK; + return MY_AES_OPENSSL_ERROR; + return MY_AES_OK; } C_MODE_END #endif /* HAVE_YASSL */ + +/** + Get size of buffer which will be large enough for encrypted data + + SYNOPSIS + my_aes_get_size() + @param source_length [in] Length of data to be encrypted + + @return + Size of buffer required to store encrypted data +*/ + +int my_aes_get_size(int source_length) +{ + return MY_AES_BLOCK_SIZE * (source_length / MY_AES_BLOCK_SIZE) + + MY_AES_BLOCK_SIZE; +} diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 544284b2c0b..4bf8dd5ae1b 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -54,7 +54,6 @@ #include #include #include "sha1.h" -#include "my_aes.h" #include C_MODE_START #include "../mysys/my_static.h" // For soundex_map @@ -402,9 +401,9 @@ String *Item_aes_crypt::val_str(String *str) uchar rkey[AES_KEY_LENGTH / 8]; create_key(user_key, rkey); - if (crypt((uchar*)sptr->ptr(), sptr->length(), - (uchar*)str_value.ptr(), &aes_length, - rkey, AES_KEY_LENGTH / 8, 0, 0, 0) == AES_OK) + if (!crypt((uchar*)sptr->ptr(), sptr->length(), + (uchar*)str_value.ptr(), &aes_length, + rkey, AES_KEY_LENGTH / 8, 0, 0, 0)) { str_value.length((uint) aes_length); return &str_value; diff --git a/sql/mysqld.cc b/sql/mysqld.cc index c002a9d7d46..941ba505c20 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -105,7 +105,6 @@ #include "sp_rcontext.h" #include "sp_cache.h" #include "sql_reload.h" // reload_acl_and_cache -#include #ifdef HAVE_POLL_H #include diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 345f8f572b8..15252d70987 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -40,7 +40,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include -#include +#include #include @@ -251,7 +251,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen, (unsigned char*)keybuf, *key_length, NULL, 0, 1); - if (rc != AES_OK) { + if (rc != MY_AES_OK) { ib_logf(IB_LOG_LEVEL_FATAL, "Unable to encrypt key-block " " src: %p srclen: %d buf: %p buflen: %d." @@ -697,7 +697,7 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); - if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { + if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, "Unable to encrypt data-block " " src: %p srclen: %ld buf: %p buflen: %d." @@ -869,7 +869,7 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); - if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { + if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, "Unable to decrypt data-block " " src: %p srclen: %ld buf: %p buflen: %d." diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index 02cbf994e8d..433b0b50395 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -11,7 +11,7 @@ Created 11/25/2013 Minli Zhu #include "ut0byte.h" #include "ut0lst.h" #include "ut0rnd.h" -#include "my_aes.h" +#include "my_crypt.h" #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index 596f07b95dc..273701fe60d 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -26,7 +26,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "m_string.h" #include "log0crypt.h" #include -#include +#include #include "log0log.h" #include "srv0start.h" // for srv_start_lsn @@ -69,7 +69,7 @@ log_init_crypt_msg_and_nonce(void) /*==============================*/ { mach_write_to_1(redo_log_crypt_msg, redo_log_purpose_byte); - if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != AES_OK) + if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != MY_AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " @@ -78,7 +78,7 @@ log_init_crypt_msg_and_nonce(void) abort(); } - if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != AES_OK) + if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != MY_AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " @@ -131,7 +131,7 @@ log_init_crypt_key( (unsigned char*)&mysqld_key, sizeof(mysqld_key), NULL, 0, 1); - if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) + if (rc != MY_AES_OK || dst_len != MY_AES_BLOCK_SIZE) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting redo log crypto key " @@ -168,7 +168,7 @@ log_blocks_crypt( const bool is_encrypt) /*!< in: encrypt or decrypt*/ { byte *log_block = (byte*)block; - Crypt_result rc = AES_OK; + Crypt_result rc = MY_AES_OK; uint32 src_len, dst_len; byte aes_ctr_counter[MY_AES_BLOCK_SIZE]; ulint log_block_no, log_block_start_lsn; @@ -210,7 +210,7 @@ log_blocks_crypt( aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, recv_sys->recv_log_crypt_ver); - ut_a(rc == AES_OK); + ut_a(rc == MY_AES_OK); ut_a(dst_len == src_len); log_block += OS_FILE_LOG_BLOCK_SIZE; dst_block += OS_FILE_LOG_BLOCK_SIZE; diff --git a/storage/innobase/log/log0log.cc b/storage/innobase/log/log0log.cc index 12c05e16b6b..de4d4724161 100644 --- a/storage/innobase/log/log0log.cc +++ b/storage/innobase/log/log0log.cc @@ -1307,7 +1307,7 @@ log_group_encrypt_before_write( const ulint size) /*!< in: size of log blocks */ { - Crypt_result result = AES_OK; + Crypt_result result = MY_AES_OK; ut_ad(size % OS_FILE_LOG_BLOCK_SIZE == 0); byte* dst_frame = (byte*)malloc(size); @@ -1315,14 +1315,14 @@ log_group_encrypt_before_write( //encrypt log blocks content result = log_blocks_encrypt(block, size, dst_frame); - if (result == AES_OK) + if (result == MY_AES_OK) { ut_ad(block[0] == dst_frame[0]); memcpy(block, dst_frame, size); } free(dst_frame); - return (result == AES_OK); + return (result == MY_AES_OK); } /******************************************************//** @@ -2357,13 +2357,13 @@ log_group_decrypt_after_read( // decrypt log blocks content result = log_blocks_decrypt(frame, size, dst_frame); - if (result == AES_OK) + if (result == MY_AES_OK) { memcpy(frame, dst_frame, size); } free(dst_frame); - return (result == AES_OK); + return (result == MY_AES_OK); } /******************************************************//** diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index 96f4d54e54a..df19973c7de 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -421,9 +421,9 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, counter, sizeof(counter), 1, *key_version); - DBUG_ASSERT(rc == AES_OK); + DBUG_ASSERT(rc == MY_AES_OK); DBUG_ASSERT(dstlen == size); - if (! (rc == AES_OK && dstlen == size)) + if (! (rc == MY_AES_OK && dstlen == size)) { my_printf_error(HA_ERR_GENERIC, "failed to encrypt! rc: %d, dstlen: %u size: %u\n", @@ -453,9 +453,9 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, counter, sizeof(counter), 1, key_version); - DBUG_ASSERT(rc == AES_OK); + DBUG_ASSERT(rc == MY_AES_OK); DBUG_ASSERT(dstlen == size); - if (! (rc == AES_OK && dstlen == size)) + if (! (rc == MY_AES_OK && dstlen == size)) { my_printf_error(HA_ERR_GENERIC, "failed to encrypt! rc: %d, dstlen: %u size: %u\n", diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 9f94ba8145f..29e5b3823a4 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -40,7 +40,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include -#include +#include #include @@ -251,7 +251,7 @@ fil_crypt_get_key(byte *dst, uint* key_length, rc = my_aes_encrypt_ecb(src, srclen, buf, &buflen, (unsigned char*)keybuf, *key_length, NULL, 0, 1); - if (rc != AES_OK) { + if (rc != MY_AES_OK) { ib_logf(IB_LOG_LEVEL_FATAL, "Unable to encrypt key-block " " src: %p srclen: %d buf: %p buflen: %d." @@ -697,7 +697,7 @@ fil_space_encrypt(ulint space, ulint offset, lsn_t lsn, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); - if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { + if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, "Unable to encrypt data-block " " src: %p srclen: %ld buf: %p buflen: %d." @@ -869,7 +869,7 @@ fil_space_decrypt(fil_space_crypt_t* crypt_data, (unsigned char*)key, key_length, (unsigned char*)iv, sizeof(iv), 1, key_version); - if (! ((rc == AES_OK) && ((ulint) dstlen == srclen))) { + if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, "Unable to decrypt data-block " " src: %p srclen: %ld buf: %p buflen: %d." diff --git a/storage/xtradb/include/log0crypt.h b/storage/xtradb/include/log0crypt.h index 02cbf994e8d..433b0b50395 100644 --- a/storage/xtradb/include/log0crypt.h +++ b/storage/xtradb/include/log0crypt.h @@ -11,7 +11,7 @@ Created 11/25/2013 Minli Zhu #include "ut0byte.h" #include "ut0lst.h" #include "ut0rnd.h" -#include "my_aes.h" +#include "my_crypt.h" #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index 804bad34392..8325c291a06 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -26,7 +26,7 @@ Modified Jan Lindström jan.lindstrom@mariadb.com #include "m_string.h" #include "log0crypt.h" #include -#include +#include #include "log0log.h" #include "srv0start.h" // for srv_start_lsn @@ -69,7 +69,7 @@ log_init_crypt_msg_and_nonce(void) /*==============================*/ { mach_write_to_1(redo_log_crypt_msg, redo_log_purpose_byte); - if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != AES_OK) + if (my_random_bytes(redo_log_crypt_msg + 1, PURPOSE_BYTE_LEN) != MY_AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " @@ -78,7 +78,7 @@ log_init_crypt_msg_and_nonce(void) abort(); } - if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != AES_OK) + if (my_random_bytes(aes_ctr_nonce, MY_AES_BLOCK_SIZE) != MY_AES_OK) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: generate " @@ -131,7 +131,7 @@ log_init_crypt_key( (unsigned char*)&mysqld_key, sizeof(mysqld_key), NULL, 0, 1); - if (rc != AES_OK || dst_len != MY_AES_BLOCK_SIZE) + if (rc != MY_AES_OK || dst_len != MY_AES_BLOCK_SIZE) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting redo log crypto key " @@ -168,7 +168,7 @@ log_blocks_crypt( const bool is_encrypt) /*!< in: encrypt or decrypt*/ { byte *log_block = (byte*)block; - Crypt_result rc = AES_OK; + Crypt_result rc = MY_AES_OK; uint32 src_len, dst_len; byte aes_ctr_counter[MY_AES_BLOCK_SIZE]; ulint log_block_no, log_block_start_lsn; @@ -210,7 +210,7 @@ log_blocks_crypt( aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, log_sys->redo_log_crypt_ver); - ut_a(rc == AES_OK); + ut_a(rc == MY_AES_OK); ut_a(dst_len == src_len); log_block += OS_FILE_LOG_BLOCK_SIZE; dst_block += OS_FILE_LOG_BLOCK_SIZE; diff --git a/storage/xtradb/log/log0log.cc b/storage/xtradb/log/log0log.cc index 37cf18c1a0d..da2161a4d15 100644 --- a/storage/xtradb/log/log0log.cc +++ b/storage/xtradb/log/log0log.cc @@ -1415,7 +1415,7 @@ log_group_encrypt_before_write( const ulint size) /*!< in: size of log blocks */ { - Crypt_result result = AES_OK; + Crypt_result result = MY_AES_OK; ut_ad(size % OS_FILE_LOG_BLOCK_SIZE == 0); byte* dst_frame = (byte*)malloc(size); @@ -1423,14 +1423,14 @@ log_group_encrypt_before_write( //encrypt log blocks content result = log_blocks_encrypt(block, size, dst_frame); - if (result == AES_OK) + if (result == MY_AES_OK) { ut_ad(block[0] == dst_frame[0]); memcpy(block, dst_frame, size); } free(dst_frame); - return (result == AES_OK); + return (result == MY_AES_OK); } /******************************************************//** @@ -2572,13 +2572,13 @@ log_group_decrypt_after_read( // decrypt log blocks content result = log_blocks_decrypt(frame, size, dst_frame); - if (result == AES_OK) + if (result == MY_AES_OK) { memcpy(frame, dst_frame, size); } free(dst_frame); - return (result == AES_OK); + return (result == MY_AES_OK); } /******************************************************//** From 72c8b3fcb27adc91a013f8850d9a2af5dccf179b Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sun, 5 Apr 2015 13:16:59 +0200 Subject: [PATCH 40/65] small cleanups as per review --- storage/innobase/buf/buf0buf.cc | 9 ++++----- storage/innobase/buf/buf0dblwr.cc | 4 ---- storage/innobase/include/fts0fts.h | 28 ---------------------------- storage/innobase/include/srv0srv.h | 3 +-- storage/xtradb/buf/buf0buf.cc | 10 +++++----- storage/xtradb/buf/buf0dblwr.cc | 4 ---- storage/xtradb/include/fts0fts.h | 28 ---------------------------- storage/xtradb/include/srv0srv.h | 3 +-- 8 files changed, 11 insertions(+), 78 deletions(-) diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index 59cbe633dec..58e818ec72a 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -5744,11 +5744,6 @@ buf_page_decrypt_after_read( buf_page_t* bpage) /*!< in/out: buffer page read from disk */ { ut_ad(bpage->key_version == 0); - ulint zip_size = buf_page_get_zip_size(bpage); - ulint size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; - - byte* dst_frame = (zip_size) ? bpage->zip.data : - ((buf_block_t*) bpage)->frame; if (bpage->offset == 0) { /* File header pages are not encrypted */ @@ -5756,7 +5751,11 @@ buf_page_decrypt_after_read( return (TRUE); } + ulint zip_size = buf_page_get_zip_size(bpage); + ulint size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; + byte* dst_frame = (zip_size) ? bpage->zip.data : + ((buf_block_t*) bpage)->frame; const byte* src_frame = bpage->crypt_buf != NULL ? bpage->crypt_buf : dst_frame; diff --git a/storage/innobase/buf/buf0dblwr.cc b/storage/innobase/buf/buf0dblwr.cc index 477bcfe0ee3..ccc39e499ca 100644 --- a/storage/innobase/buf/buf0dblwr.cc +++ b/storage/innobase/buf/buf0dblwr.cc @@ -631,10 +631,6 @@ buf_dblwr_process() fil_flush_file_spaces(FIL_TABLESPACE); { - fprintf(stderr, - "Clear dblwr buffer after completing " - "processing of it...\n"); - size_t bytes = TRX_SYS_DOUBLEWRITE_BLOCK_SIZE * UNIV_PAGE_SIZE; byte *unaligned_buf = static_cast( ut_malloc(bytes + UNIV_PAGE_SIZE - 1)); diff --git a/storage/innobase/include/fts0fts.h b/storage/innobase/include/fts0fts.h index f00d754ac66..a2996ecacc8 100644 --- a/storage/innobase/include/fts0fts.h +++ b/storage/innobase/include/fts0fts.h @@ -715,34 +715,6 @@ fts_drop_index_tables( dict_index_t* index) /*!< in: Index to drop */ __attribute__((nonnull, warn_unused_result)); -/****************************************************************** -Wait for background threads to stop using FTS index -*/ -UNIV_INTERN -void -fts_wait_bg_to_stop_using_index( -/*======================*/ - trx_t* trx, /*!< in: transaction */ - dict_index_t* index, /*!< in: FTS Index */ - bool drop_table); /*!< in: in addition to stop - using index, also prevent - threads from start using it, - used by drop table */ - -/****************************************************************** -Wait for background threads to stop using any FTS index of the table -*/ -UNIV_INTERN -void -fts_wait_bg_to_stop_using_table( -/*======================*/ - trx_t* trx, /*!< in: transaction */ - dict_table_t* table, /*!< in: table to stop threads */ - bool drop_table); /*!< in: in addition to stop - using table, also prevent - threads from start using it, - used by drop table */ - /******************************************************************//** Remove the table from the OPTIMIZER's list. We do wait for acknowledgement from the consumer of the message. */ diff --git a/storage/innobase/include/srv0srv.h b/storage/innobase/include/srv0srv.h index 31db78ae5ee..0c26ab7fab3 100644 --- a/storage/innobase/include/srv0srv.h +++ b/storage/innobase/include/srv0srv.h @@ -1028,8 +1028,7 @@ struct export_var_t{ encryption errors */ ulint innodb_sec_rec_cluster_reads; /*!< srv_sec_rec_cluster_reads */ - ulint innodb_sec_rec_cluster_reads_avoided; - /*!< srv_sec_rec_cluster_reads_avoided */ + ulint innodb_sec_rec_cluster_reads_avoided; /*!< srv_sec_rec_cluster_reads_avoided */ ulint innodb_encryption_rotation_pages_read_from_cache; ulint innodb_encryption_rotation_pages_read_from_disk; diff --git a/storage/xtradb/buf/buf0buf.cc b/storage/xtradb/buf/buf0buf.cc index 0ef97fd3e21..9f11ef38488 100644 --- a/storage/xtradb/buf/buf0buf.cc +++ b/storage/xtradb/buf/buf0buf.cc @@ -5921,11 +5921,6 @@ buf_page_decrypt_after_read( buf_page_t* bpage) /*!< in/out: buffer page read from disk */ { ut_ad(bpage->key_version == 0); - ulint zip_size = buf_page_get_zip_size(bpage); - ulint size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; - - byte* dst_frame = (zip_size) ? bpage->zip.data : - ((buf_block_t*) bpage)->frame; if (bpage->offset == 0) { /* File header pages are not encrypted */ @@ -5933,6 +5928,11 @@ buf_page_decrypt_after_read( return (TRUE); } + ulint zip_size = buf_page_get_zip_size(bpage); + ulint size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; + + byte* dst_frame = (zip_size) ? bpage->zip.data : + ((buf_block_t*) bpage)->frame; const byte* src_frame = bpage->crypt_buf != NULL ? bpage->crypt_buf : dst_frame; diff --git a/storage/xtradb/buf/buf0dblwr.cc b/storage/xtradb/buf/buf0dblwr.cc index 871f723549b..53e9d5cc6c6 100644 --- a/storage/xtradb/buf/buf0dblwr.cc +++ b/storage/xtradb/buf/buf0dblwr.cc @@ -630,10 +630,6 @@ buf_dblwr_process() fil_flush_file_spaces(FIL_TABLESPACE); { - fprintf(stderr, - "Clear dblwr buffer after completing " - "processing of it...\n"); - size_t bytes = TRX_SYS_DOUBLEWRITE_BLOCK_SIZE * UNIV_PAGE_SIZE; byte *unaligned_buf = static_cast( ut_malloc(bytes + UNIV_PAGE_SIZE - 1)); diff --git a/storage/xtradb/include/fts0fts.h b/storage/xtradb/include/fts0fts.h index f00d754ac66..a2996ecacc8 100644 --- a/storage/xtradb/include/fts0fts.h +++ b/storage/xtradb/include/fts0fts.h @@ -715,34 +715,6 @@ fts_drop_index_tables( dict_index_t* index) /*!< in: Index to drop */ __attribute__((nonnull, warn_unused_result)); -/****************************************************************** -Wait for background threads to stop using FTS index -*/ -UNIV_INTERN -void -fts_wait_bg_to_stop_using_index( -/*======================*/ - trx_t* trx, /*!< in: transaction */ - dict_index_t* index, /*!< in: FTS Index */ - bool drop_table); /*!< in: in addition to stop - using index, also prevent - threads from start using it, - used by drop table */ - -/****************************************************************** -Wait for background threads to stop using any FTS index of the table -*/ -UNIV_INTERN -void -fts_wait_bg_to_stop_using_table( -/*======================*/ - trx_t* trx, /*!< in: transaction */ - dict_table_t* table, /*!< in: table to stop threads */ - bool drop_table); /*!< in: in addition to stop - using table, also prevent - threads from start using it, - used by drop table */ - /******************************************************************//** Remove the table from the OPTIMIZER's list. We do wait for acknowledgement from the consumer of the message. */ diff --git a/storage/xtradb/include/srv0srv.h b/storage/xtradb/include/srv0srv.h index de33f767021..43072a3d85c 100644 --- a/storage/xtradb/include/srv0srv.h +++ b/storage/xtradb/include/srv0srv.h @@ -1246,8 +1246,7 @@ struct export_var_t{ encryption errors */ ulint innodb_sec_rec_cluster_reads; /*!< srv_sec_rec_cluster_reads */ - ulint innodb_sec_rec_cluster_reads_avoided; - /*!< srv_sec_rec_cluster_reads_avoided */ + ulint innodb_sec_rec_cluster_reads_avoided; /*!< srv_sec_rec_cluster_reads_avoided */ ulint innodb_encryption_rotation_pages_read_from_cache; ulint innodb_encryption_rotation_pages_read_from_disk; From 19e76814b76dc0d3af600dc0ffbae116dbf116ca Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sun, 5 Apr 2015 17:29:43 +0200 Subject: [PATCH 41/65] clarify/simplify new innodb sysvars: innodb-scrub-log-interval rename to innodb-scrub-log-speed --- .../r/innodb_scrub_log_interval_basic.result | 53 ------------------- .../r/innodb_scrub_log_speed_basic.result | 53 +++++++++++++++++++ .../suite/sys_vars/r/sysvars_innodb.result | 12 ++--- ...test => innodb_scrub_log_speed_basic.test} | 32 +++++------ storage/innobase/handler/ha_innodb.cc | 20 +++---- storage/innobase/include/log0log.h | 4 +- storage/innobase/log/log0log.cc | 9 ++-- storage/xtradb/handler/ha_innodb.cc | 20 +++---- storage/xtradb/include/log0log.h | 4 +- storage/xtradb/log/log0log.cc | 9 ++-- 10 files changed, 103 insertions(+), 113 deletions(-) delete mode 100644 mysql-test/suite/sys_vars/r/innodb_scrub_log_interval_basic.result create mode 100644 mysql-test/suite/sys_vars/r/innodb_scrub_log_speed_basic.result rename mysql-test/suite/sys_vars/t/{innodb_scrub_log_interval_basic.test => innodb_scrub_log_speed_basic.test} (51%) diff --git a/mysql-test/suite/sys_vars/r/innodb_scrub_log_interval_basic.result b/mysql-test/suite/sys_vars/r/innodb_scrub_log_interval_basic.result deleted file mode 100644 index 0d7bc7e61c6..00000000000 --- a/mysql-test/suite/sys_vars/r/innodb_scrub_log_interval_basic.result +++ /dev/null @@ -1,53 +0,0 @@ -SELECT @@GLOBAL.innodb_scrub_log_interval; -@@GLOBAL.innodb_scrub_log_interval -2000 -200 Expected -SET @@GLOBAL.innodb_scrub_log_interval=100; -1 Expected -SELECT @@GLOBAL.innodb_scrub_log_interval; -@@GLOBAL.innodb_scrub_log_interval -100 -100 Expected -SET @@GLOBAL.innodb_scrub_log_interval=DEFAULT; -1 Expected -SELECT @@GLOBAL.innodb_scrub_log_interval; -@@GLOBAL.innodb_scrub_log_interval -2000 -200 Expected -SELECT @@GLOBAL.innodb_scrub_log_interval = VARIABLE_VALUE -FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES -WHERE VARIABLE_NAME='innodb_scrub_log_interval'; -@@GLOBAL.innodb_scrub_log_interval = VARIABLE_VALUE -1 -1 Expected -SELECT @@GLOBAL.innodb_scrub_log_interval; -@@GLOBAL.innodb_scrub_log_interval -2000 -200 Expected -SELECT VARIABLE_VALUE -FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES -WHERE VARIABLE_NAME='innodb_scrub_log_interval'; -VARIABLE_VALUE -2000 -200 Expected -SELECT @@innodb_scrub_log_interval = @@GLOBAL.innodb_scrub_log_interval; -@@innodb_scrub_log_interval = @@GLOBAL.innodb_scrub_log_interval -1 -1 Expected -SELECT @@innodb_scrub_log_interval; -@@innodb_scrub_log_interval -2000 -200 Expected -SELECT @@local.innodb_scrub_log_interval; -ERROR HY000: Variable 'innodb_scrub_log_interval' is a GLOBAL variable -Expected error 'Variable is a GLOBAL variable' -SELECT @@SESSION.innodb_scrub_log_interval; -ERROR HY000: Variable 'innodb_scrub_log_interval' is a GLOBAL variable -Expected error 'Variable is a GLOBAL variable' -SELECT @@GLOBAL.innodb_scrub_log_interval; -@@GLOBAL.innodb_scrub_log_interval -2000 -200 Expected -SELECT innodb_scrub_log_interval; -ERROR 42S22: Unknown column 'innodb_scrub_log_interval' in 'field list' -Expected error 'Unknow column in field list' diff --git a/mysql-test/suite/sys_vars/r/innodb_scrub_log_speed_basic.result b/mysql-test/suite/sys_vars/r/innodb_scrub_log_speed_basic.result new file mode 100644 index 00000000000..e51dab0718a --- /dev/null +++ b/mysql-test/suite/sys_vars/r/innodb_scrub_log_speed_basic.result @@ -0,0 +1,53 @@ +SELECT @@GLOBAL.innodb_scrub_log_speed; +@@GLOBAL.innodb_scrub_log_speed +256 +200 Expected +SET @@GLOBAL.innodb_scrub_log_speed=100; +1 Expected +SELECT @@GLOBAL.innodb_scrub_log_speed; +@@GLOBAL.innodb_scrub_log_speed +100 +100 Expected +SET @@GLOBAL.innodb_scrub_log_speed=DEFAULT; +1 Expected +SELECT @@GLOBAL.innodb_scrub_log_speed; +@@GLOBAL.innodb_scrub_log_speed +256 +200 Expected +SELECT @@GLOBAL.innodb_scrub_log_speed = VARIABLE_VALUE +FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES +WHERE VARIABLE_NAME='innodb_scrub_log_speed'; +@@GLOBAL.innodb_scrub_log_speed = VARIABLE_VALUE +1 +1 Expected +SELECT @@GLOBAL.innodb_scrub_log_speed; +@@GLOBAL.innodb_scrub_log_speed +256 +200 Expected +SELECT VARIABLE_VALUE +FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES +WHERE VARIABLE_NAME='innodb_scrub_log_speed'; +VARIABLE_VALUE +256 +200 Expected +SELECT @@innodb_scrub_log_speed = @@GLOBAL.innodb_scrub_log_speed; +@@innodb_scrub_log_speed = @@GLOBAL.innodb_scrub_log_speed +1 +1 Expected +SELECT @@innodb_scrub_log_speed; +@@innodb_scrub_log_speed +256 +200 Expected +SELECT @@local.innodb_scrub_log_speed; +ERROR HY000: Variable 'innodb_scrub_log_speed' is a GLOBAL variable +Expected error 'Variable is a GLOBAL variable' +SELECT @@SESSION.innodb_scrub_log_speed; +ERROR HY000: Variable 'innodb_scrub_log_speed' is a GLOBAL variable +Expected error 'Variable is a GLOBAL variable' +SELECT @@GLOBAL.innodb_scrub_log_speed; +@@GLOBAL.innodb_scrub_log_speed +256 +200 Expected +SELECT innodb_scrub_log_speed; +ERROR 42S22: Unknown column 'innodb_scrub_log_speed' in 'field list' +Expected error 'Unknow column in field list' diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result index 867fe02d454..4872f11fcec 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result @@ -1867,16 +1867,16 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY YES COMMAND_LINE_ARGUMENT OPTIONAL -VARIABLE_NAME INNODB_SCRUB_LOG_INTERVAL +VARIABLE_NAME INNODB_SCRUB_LOG_SPEED SESSION_VALUE NULL -GLOBAL_VALUE 2000 +GLOBAL_VALUE 256 GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE 2000 +DEFAULT_VALUE 256 VARIABLE_SCOPE GLOBAL VARIABLE_TYPE BIGINT UNSIGNED -VARIABLE_COMMENT Innodb redo log scrubbing interval in ms -NUMERIC_MIN_VALUE 10 -NUMERIC_MAX_VALUE 18446744073709551615 +VARIABLE_COMMENT Background redo log scrubbing speed in bytes/sec +NUMERIC_MIN_VALUE 1 +NUMERIC_MAX_VALUE 50000 NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO diff --git a/mysql-test/suite/sys_vars/t/innodb_scrub_log_interval_basic.test b/mysql-test/suite/sys_vars/t/innodb_scrub_log_speed_basic.test similarity index 51% rename from mysql-test/suite/sys_vars/t/innodb_scrub_log_interval_basic.test rename to mysql-test/suite/sys_vars/t/innodb_scrub_log_speed_basic.test index e8d4f1bc737..5e750eebd65 100644 --- a/mysql-test/suite/sys_vars/t/innodb_scrub_log_interval_basic.test +++ b/mysql-test/suite/sys_vars/t/innodb_scrub_log_speed_basic.test @@ -1,55 +1,55 @@ --source include/have_innodb.inc # Display default value -SELECT @@GLOBAL.innodb_scrub_log_interval; +SELECT @@GLOBAL.innodb_scrub_log_speed; --echo 200 Expected # Check if value can be set -SET @@GLOBAL.innodb_scrub_log_interval=100; +SET @@GLOBAL.innodb_scrub_log_speed=100; --echo 1 Expected -SELECT @@GLOBAL.innodb_scrub_log_interval; +SELECT @@GLOBAL.innodb_scrub_log_speed; --echo 100 Expected -SET @@GLOBAL.innodb_scrub_log_interval=DEFAULT; +SET @@GLOBAL.innodb_scrub_log_speed=DEFAULT; --echo 1 Expected -SELECT @@GLOBAL.innodb_scrub_log_interval; +SELECT @@GLOBAL.innodb_scrub_log_speed; --echo 200 Expected # Check if the value in GLOBAL TABLE matches value in variable -SELECT @@GLOBAL.innodb_scrub_log_interval = VARIABLE_VALUE +SELECT @@GLOBAL.innodb_scrub_log_speed = VARIABLE_VALUE FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES -WHERE VARIABLE_NAME='innodb_scrub_log_interval'; +WHERE VARIABLE_NAME='innodb_scrub_log_speed'; --echo 1 Expected -SELECT @@GLOBAL.innodb_scrub_log_interval; +SELECT @@GLOBAL.innodb_scrub_log_speed; --echo 200 Expected SELECT VARIABLE_VALUE FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES -WHERE VARIABLE_NAME='innodb_scrub_log_interval'; +WHERE VARIABLE_NAME='innodb_scrub_log_speed'; --echo 200 Expected # Check if accessing variable with and without GLOBAL point to same variable -SELECT @@innodb_scrub_log_interval = @@GLOBAL.innodb_scrub_log_interval; +SELECT @@innodb_scrub_log_speed = @@GLOBAL.innodb_scrub_log_speed; --echo 1 Expected -# Check if innodb_scrub_log_interval can be accessed with and without @@ sign -SELECT @@innodb_scrub_log_interval; +# Check if innodb_scrub_log_speed can be accessed with and without @@ sign +SELECT @@innodb_scrub_log_speed; --echo 200 Expected --Error ER_INCORRECT_GLOBAL_LOCAL_VAR -SELECT @@local.innodb_scrub_log_interval; +SELECT @@local.innodb_scrub_log_speed; --echo Expected error 'Variable is a GLOBAL variable' --Error ER_INCORRECT_GLOBAL_LOCAL_VAR -SELECT @@SESSION.innodb_scrub_log_interval; +SELECT @@SESSION.innodb_scrub_log_speed; --echo Expected error 'Variable is a GLOBAL variable' -SELECT @@GLOBAL.innodb_scrub_log_interval; +SELECT @@GLOBAL.innodb_scrub_log_speed; --echo 200 Expected --Error ER_BAD_FIELD_ERROR -SELECT innodb_scrub_log_interval; +SELECT innodb_scrub_log_speed; --echo Expected error 'Unknow column in field list' diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 081f0cf9adc..c45e113ef1a 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -19163,21 +19163,13 @@ static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, "Enable redo log scrubbing", 0, 0, 0); -/* - If innodb_scrub_log is on, logs will be scrubbed in less than - (((innodb_log_file_size * innodb_log_files_in_group) / 512 ) / - ((1000 * 86400) / innodb_scrub_log_interval)) - days. - In above formula, the first line calculates the number of log blocks to scrub, - and the second line calculates the number of log blocks scrubbed in one day. -*/ -static MYSQL_SYSVAR_ULONGLONG(scrub_log_interval, innodb_scrub_log_interval, +static MYSQL_SYSVAR_ULONGLONG(scrub_log_speed, innodb_scrub_log_speed, PLUGIN_VAR_OPCMDARG, - "Innodb redo log scrubbing interval in ms", + "Background redo log scrubbing speed in bytes/sec", NULL, NULL, - 2000, /* default */ - 10, /* min */ - ULONGLONG_MAX, 0);/* max */ + 256, /* 256 bytes/sec, corresponds to 2000 ms scrub_log_interval */ + 1, /* min */ + 50000, 0); /* 50Kbyte/sec, corresponds to 10 ms scrub_log_interval */ static MYSQL_SYSVAR_BOOL(encrypt_log, srv_encrypt_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, @@ -19423,7 +19415,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(encryption_rotate_key_age), MYSQL_SYSVAR(encryption_rotation_iops), MYSQL_SYSVAR(scrub_log), - MYSQL_SYSVAR(scrub_log_interval), + MYSQL_SYSVAR(scrub_log_speed), MYSQL_SYSVAR(encrypt_log), MYSQL_SYSVAR(default_page_encryption_key), diff --git a/storage/innobase/include/log0log.h b/storage/innobase/include/log0log.h index 79667097724..eb2a09c8d29 100644 --- a/storage/innobase/include/log0log.h +++ b/storage/innobase/include/log0log.h @@ -1022,8 +1022,8 @@ struct log_t{ #endif /* UNIV_LOG_ARCHIVE */ extern os_event_t log_scrub_event; -/* log scrubbing interval in ms */ -extern ulonglong innodb_scrub_log_interval; +/* log scrubbing speed, in bytes/sec */ +extern ulonglong innodb_scrub_log_speed; /*****************************************************************//** This is the main thread for log scrub. It waits for an event and diff --git a/storage/innobase/log/log0log.cc b/storage/innobase/log/log0log.cc index de4d4724161..62fa73c0684 100644 --- a/storage/innobase/log/log0log.cc +++ b/storage/innobase/log/log0log.cc @@ -3857,8 +3857,8 @@ log_scrub() next_lbn_to_pad = log_block_convert_lsn_to_no(log_sys->lsn); } -/* log scrubbing interval in ms. */ -UNIV_INTERN ulonglong innodb_scrub_log_interval; +/* log scrubbing speed, in bytes/sec */ +UNIV_INTERN ulonglong innodb_scrub_log_speed; /*****************************************************************//** This is the main thread for log scrub. It waits for an event and @@ -3878,7 +3878,10 @@ DECLARE_THREAD(log_scrub_thread)( while(srv_shutdown_state == SRV_SHUTDOWN_NONE) { - os_event_wait_time(log_scrub_event, innodb_scrub_log_interval * 1000); + /* log scrubbing interval in µs. */ + ulonglong interval = 1000*1000*512/innodb_scrub_log_speed; + + os_event_wait_time(log_scrub_event, interval); log_scrub(); diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 84b8b6dc431..8359c5b3f0d 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -20346,21 +20346,13 @@ static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, "Enable redo log scrubbing", 0, 0, 0); -/* - If innodb_scrub_log is on, logs will be scrubbed in less than - (((innodb_log_file_size * innodb_log_files_in_group) / 512 ) / - ((1000 * 86400) / innodb_scrub_log_interval)) - days. - In above formula, the first line calculates the number of log blocks to scrub, - and the second line calculates the number of log blocks scrubbed in one day. -*/ -static MYSQL_SYSVAR_ULONGLONG(scrub_log_interval, innodb_scrub_log_interval, +static MYSQL_SYSVAR_ULONGLONG(scrub_log_speed, innodb_scrub_log_speed, PLUGIN_VAR_OPCMDARG, - "Innodb redo log scrubbing interval in ms", + "Background redo log scrubbing speed in bytes/sec", NULL, NULL, - 2000, /* default */ - 10, /* min */ - ULONGLONG_MAX, 0);/* max */ + 256, /* 256 bytes/sec, corresponds to 2000 ms scrub_log_interval */ + 1, /* min */ + 50000, 0); /* 50Kbyte/sec, corresponds to 10 ms scrub_log_interval */ static MYSQL_SYSVAR_BOOL(encrypt_log, srv_encrypt_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, @@ -20644,7 +20636,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(encryption_rotate_key_age), MYSQL_SYSVAR(encryption_rotation_iops), MYSQL_SYSVAR(scrub_log), - MYSQL_SYSVAR(scrub_log_interval), + MYSQL_SYSVAR(scrub_log_speed), MYSQL_SYSVAR(encrypt_log), MYSQL_SYSVAR(default_page_encryption_key), /* Scrubing feature */ diff --git a/storage/xtradb/include/log0log.h b/storage/xtradb/include/log0log.h index cda4a692aec..3b5654b0ddf 100644 --- a/storage/xtradb/include/log0log.h +++ b/storage/xtradb/include/log0log.h @@ -1101,8 +1101,8 @@ struct log_t{ #endif /* UNIV_LOG_ARCHIVE */ extern os_event_t log_scrub_event; -/* log scrubbing interval in ms */ -extern ulonglong innodb_scrub_log_interval; +/* log scrubbing speed, in bytes/sec */ +extern ulonglong innodb_scrub_log_speed; /*****************************************************************//** This is the main thread for log scrub. It waits for an event and diff --git a/storage/xtradb/log/log0log.cc b/storage/xtradb/log/log0log.cc index da2161a4d15..20865da3039 100644 --- a/storage/xtradb/log/log0log.cc +++ b/storage/xtradb/log/log0log.cc @@ -4187,8 +4187,8 @@ log_scrub() next_lbn_to_pad = log_block_convert_lsn_to_no(log_sys->lsn); } -/* log scrubbing interval in ms. */ -UNIV_INTERN ulonglong innodb_scrub_log_interval; +/* log scrubbing speed, in bytes/sec */ +UNIV_INTERN ulonglong innodb_scrub_log_speed; /*****************************************************************//** This is the main thread for log scrub. It waits for an event and @@ -4208,7 +4208,10 @@ DECLARE_THREAD(log_scrub_thread)( while(srv_shutdown_state == SRV_SHUTDOWN_NONE) { - os_event_wait_time(log_scrub_event, innodb_scrub_log_interval * 1000); + /* log scrubbing interval in µs. */ + ulonglong interval = 1000*1000*512/innodb_scrub_log_speed; + + os_event_wait_time(log_scrub_event, interval); log_scrub(); From 87cf86519ebf5e4fc07e5bbf615e39c465d5cd52 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sun, 5 Apr 2015 17:33:32 +0200 Subject: [PATCH 42/65] clarify/simplify new innodb sysvars: innodb-scrub-force-testing rename to innodb-debug-force-scrubbing --- .../innodb_debug_force_scrubbing_basic.result | 50 +++++++++++++++++++ .../r/innodb_scrub_force_testing_basic.result | 50 ------------------- .../sys_vars/r/sysvars_innodb,xtradb.rdiff | 24 ++++----- .../suite/sys_vars/r/sysvars_innodb.result | 28 +++++------ .../t/innodb_debug_force_scrubbing_basic.test | 42 ++++++++++++++++ .../t/innodb_scrub_force_testing_basic.test | 42 ---------------- storage/innobase/handler/ha_innodb.cc | 4 +- storage/xtradb/handler/ha_innodb.cc | 4 +- 8 files changed, 122 insertions(+), 122 deletions(-) create mode 100644 mysql-test/suite/sys_vars/r/innodb_debug_force_scrubbing_basic.result delete mode 100644 mysql-test/suite/sys_vars/r/innodb_scrub_force_testing_basic.result create mode 100644 mysql-test/suite/sys_vars/t/innodb_debug_force_scrubbing_basic.test delete mode 100644 mysql-test/suite/sys_vars/t/innodb_scrub_force_testing_basic.test diff --git a/mysql-test/suite/sys_vars/r/innodb_debug_force_scrubbing_basic.result b/mysql-test/suite/sys_vars/r/innodb_debug_force_scrubbing_basic.result new file mode 100644 index 00000000000..eced486ad70 --- /dev/null +++ b/mysql-test/suite/sys_vars/r/innodb_debug_force_scrubbing_basic.result @@ -0,0 +1,50 @@ +SET @start_global_value = @@global.innodb_debug_force_scrubbing; +# +# exists as global only +# +select @@global.innodb_debug_force_scrubbing; +@@global.innodb_debug_force_scrubbing +0 +select @@session.innodb_debug_force_scrubbing; +ERROR HY000: Variable 'innodb_debug_force_scrubbing' is a GLOBAL variable +show global variables like 'innodb_debug_force_scrubbing'; +Variable_name Value +innodb_debug_force_scrubbing OFF +show session variables like 'innodb_debug_force_scrubbing'; +Variable_name Value +innodb_debug_force_scrubbing OFF +select * from information_schema.global_variables +where variable_name='innodb_debug_force_scrubbing'; +VARIABLE_NAME VARIABLE_VALUE +INNODB_DEBUG_FORCE_SCRUBBING OFF +select * from information_schema.session_variables +where variable_name='innodb_debug_force_scrubbing'; +VARIABLE_NAME VARIABLE_VALUE +INNODB_DEBUG_FORCE_SCRUBBING OFF +# +# show that it's writable +# +set global innodb_debug_force_scrubbing=ON; +select @@global.innodb_debug_force_scrubbing; +@@global.innodb_debug_force_scrubbing +1 +set global innodb_debug_force_scrubbing=OFF; +select @@global.innodb_debug_force_scrubbing; +@@global.innodb_debug_force_scrubbing +0 +set global innodb_debug_force_scrubbing=1; +select @@global.innodb_debug_force_scrubbing; +@@global.innodb_debug_force_scrubbing +1 +set session innodb_debug_force_scrubbing=1; +ERROR HY000: Variable 'innodb_debug_force_scrubbing' is a GLOBAL variable and should be set with SET GLOBAL +# +# incorrect types +# +set global innodb_debug_force_scrubbing=1.1; +ERROR 42000: Incorrect argument type to variable 'innodb_debug_force_scrubbing' +set global innodb_debug_force_scrubbing=1e1; +ERROR 42000: Incorrect argument type to variable 'innodb_debug_force_scrubbing' +set global innodb_debug_force_scrubbing="foo"; +ERROR 42000: Variable 'innodb_debug_force_scrubbing' can't be set to the value of 'foo' +SET @@global.innodb_debug_force_scrubbing = @start_global_value; diff --git a/mysql-test/suite/sys_vars/r/innodb_scrub_force_testing_basic.result b/mysql-test/suite/sys_vars/r/innodb_scrub_force_testing_basic.result deleted file mode 100644 index 24287efaffc..00000000000 --- a/mysql-test/suite/sys_vars/r/innodb_scrub_force_testing_basic.result +++ /dev/null @@ -1,50 +0,0 @@ -SET @start_global_value = @@global.innodb_scrub_force_testing; -# -# exists as global only -# -select @@global.innodb_scrub_force_testing; -@@global.innodb_scrub_force_testing -0 -select @@session.innodb_scrub_force_testing; -ERROR HY000: Variable 'innodb_scrub_force_testing' is a GLOBAL variable -show global variables like 'innodb_scrub_force_testing'; -Variable_name Value -innodb_scrub_force_testing OFF -show session variables like 'innodb_scrub_force_testing'; -Variable_name Value -innodb_scrub_force_testing OFF -select * from information_schema.global_variables -where variable_name='innodb_scrub_force_testing'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_SCRUB_FORCE_TESTING OFF -select * from information_schema.session_variables -where variable_name='innodb_scrub_force_testing'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_SCRUB_FORCE_TESTING OFF -# -# show that it's writable -# -set global innodb_scrub_force_testing=ON; -select @@global.innodb_scrub_force_testing; -@@global.innodb_scrub_force_testing -1 -set global innodb_scrub_force_testing=OFF; -select @@global.innodb_scrub_force_testing; -@@global.innodb_scrub_force_testing -0 -set global innodb_scrub_force_testing=1; -select @@global.innodb_scrub_force_testing; -@@global.innodb_scrub_force_testing -1 -set session innodb_scrub_force_testing=1; -ERROR HY000: Variable 'innodb_scrub_force_testing' is a GLOBAL variable and should be set with SET GLOBAL -# -# incorrect types -# -set global innodb_scrub_force_testing=1.1; -ERROR 42000: Incorrect argument type to variable 'innodb_scrub_force_testing' -set global innodb_scrub_force_testing=1e1; -ERROR 42000: Incorrect argument type to variable 'innodb_scrub_force_testing' -set global innodb_scrub_force_testing="foo"; -ERROR 42000: Variable 'innodb_scrub_force_testing' can't be set to the value of 'foo' -SET @@global.innodb_scrub_force_testing = @start_global_value; diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff b/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff index 2ce01384d0f..d44f2bb7842 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff @@ -177,7 +177,7 @@ VARIABLE_NAME INNODB_DATA_FILE_PATH SESSION_VALUE NULL GLOBAL_VALUE ibdata1:12M:autoextend -@@ -719,6 +859,20 @@ +@@ -733,6 +873,20 @@ ENUM_VALUE_LIST NULL READ_ONLY YES COMMAND_LINE_ARGUMENT OPTIONAL @@ -198,7 +198,7 @@ VARIABLE_NAME INNODB_ENCRYPTION_ROTATE_KEY_AGE SESSION_VALUE NULL GLOBAL_VALUE 1 -@@ -789,6 +943,20 @@ +@@ -803,6 +957,20 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED @@ -219,7 +219,7 @@ VARIABLE_NAME INNODB_FAST_SHUTDOWN SESSION_VALUE NULL GLOBAL_VALUE 1 -@@ -916,11 +1084,11 @@ +@@ -930,11 +1098,11 @@ READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL VARIABLE_NAME INNODB_FLUSH_LOG_AT_TRX_COMMIT @@ -233,7 +233,7 @@ VARIABLE_TYPE BIGINT UNSIGNED VARIABLE_COMMENT Controls the durability/speed trade-off for commits. Set to 0 (write and flush redo log to disk only once per second), 1 (flush to disk at each commit), 2 (write to log at commit but flush to disk only once per second) or 3 (flush to disk at prepare and at commit, slower and usually redundant). 1 and 3 guarantees that after a crash, committed transactions will not be lost and will be consistent with the binlog and other transactional engines. 2 can get inconsistent and lose transactions if there is a power failure or kernel crash but not if mysqld crashes. 0 has no guarantees in case of crash. 0 and 2 can be faster than 1 or 3. NUMERIC_MIN_VALUE 0 -@@ -1013,6 +1181,20 @@ +@@ -1027,6 +1195,20 @@ ENUM_VALUE_LIST NULL READ_ONLY YES COMMAND_LINE_ARGUMENT REQUIRED @@ -254,7 +254,7 @@ VARIABLE_NAME INNODB_FT_AUX_TABLE SESSION_VALUE NULL GLOBAL_VALUE -@@ -1251,6 +1433,20 @@ +@@ -1265,6 +1447,20 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED @@ -275,7 +275,7 @@ VARIABLE_NAME INNODB_LARGE_PREFIX SESSION_VALUE NULL GLOBAL_VALUE OFF -@@ -1279,6 +1475,20 @@ +@@ -1293,6 +1489,20 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED @@ -296,7 +296,7 @@ VARIABLE_NAME INNODB_LOCKS_UNSAFE_FOR_BINLOG SESSION_VALUE NULL GLOBAL_VALUE OFF -@@ -1307,6 +1517,62 @@ +@@ -1321,6 +1531,62 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED @@ -359,7 +359,7 @@ VARIABLE_NAME INNODB_LOG_BUFFER_SIZE SESSION_VALUE NULL GLOBAL_VALUE 1048576 -@@ -1335,6 +1601,20 @@ +@@ -1349,6 +1615,20 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL @@ -380,7 +380,7 @@ VARIABLE_NAME INNODB_LOG_COMPRESSED_PAGES SESSION_VALUE NULL GLOBAL_VALUE OFF -@@ -1405,6 +1685,34 @@ +@@ -1419,6 +1699,34 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED @@ -415,7 +415,7 @@ VARIABLE_NAME INNODB_MAX_DIRTY_PAGES_PCT SESSION_VALUE NULL GLOBAL_VALUE 75.000000 -@@ -1671,6 +1979,62 @@ +@@ -1685,6 +1993,62 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL @@ -478,7 +478,7 @@ VARIABLE_NAME INNODB_PURGE_BATCH_SIZE SESSION_VALUE NULL GLOBAL_VALUE 300 -@@ -1839,6 +2203,48 @@ +@@ -1853,6 +2217,48 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL @@ -524,7 +524,7 @@ +ENUM_VALUE_LIST NULL +READ_ONLY NO +COMMAND_LINE_ARGUMENT REQUIRED - VARIABLE_NAME INNODB_SCRUB_FORCE_TESTING + VARIABLE_NAME INNODB_SCRUB_LOG SESSION_VALUE NULL GLOBAL_VALUE OFF @@ -1881,6 +2287,34 @@ diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result index 4872f11fcec..858360ce738 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result @@ -565,6 +565,20 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY YES COMMAND_LINE_ARGUMENT REQUIRED +VARIABLE_NAME INNODB_DEBUG_FORCE_SCRUBBING +SESSION_VALUE NULL +GLOBAL_VALUE OFF +GLOBAL_VALUE_ORIGIN COMPILE-TIME +DEFAULT_VALUE OFF +VARIABLE_SCOPE GLOBAL +VARIABLE_TYPE BOOLEAN +VARIABLE_COMMENT Perform extra scrubbing to increase test exposure +NUMERIC_MIN_VALUE NULL +NUMERIC_MAX_VALUE NULL +NUMERIC_BLOCK_SIZE NULL +ENUM_VALUE_LIST NULL +READ_ONLY NO +COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME INNODB_DEFAULT_PAGE_ENCRYPTION_KEY SESSION_VALUE NULL GLOBAL_VALUE 1 @@ -1839,20 +1853,6 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT OPTIONAL -VARIABLE_NAME INNODB_SCRUB_FORCE_TESTING -SESSION_VALUE NULL -GLOBAL_VALUE OFF -GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE OFF -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Perform extra scrubbing to increase test exposure -NUMERIC_MIN_VALUE NULL -NUMERIC_MAX_VALUE NULL -NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST NULL -READ_ONLY NO -COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME INNODB_SCRUB_LOG SESSION_VALUE NULL GLOBAL_VALUE OFF diff --git a/mysql-test/suite/sys_vars/t/innodb_debug_force_scrubbing_basic.test b/mysql-test/suite/sys_vars/t/innodb_debug_force_scrubbing_basic.test new file mode 100644 index 00000000000..cc00f0f6f3d --- /dev/null +++ b/mysql-test/suite/sys_vars/t/innodb_debug_force_scrubbing_basic.test @@ -0,0 +1,42 @@ +# bool global +--source include/have_innodb.inc +--source include/have_debug.inc + +SET @start_global_value = @@global.innodb_debug_force_scrubbing; + +--echo # +--echo # exists as global only +--echo # +select @@global.innodb_debug_force_scrubbing; +--error ER_INCORRECT_GLOBAL_LOCAL_VAR +select @@session.innodb_debug_force_scrubbing; +show global variables like 'innodb_debug_force_scrubbing'; +show session variables like 'innodb_debug_force_scrubbing'; +select * from information_schema.global_variables +where variable_name='innodb_debug_force_scrubbing'; +select * from information_schema.session_variables +where variable_name='innodb_debug_force_scrubbing'; + +--echo # +--echo # show that it's writable +--echo # +set global innodb_debug_force_scrubbing=ON; +select @@global.innodb_debug_force_scrubbing; +set global innodb_debug_force_scrubbing=OFF; +select @@global.innodb_debug_force_scrubbing; +set global innodb_debug_force_scrubbing=1; +select @@global.innodb_debug_force_scrubbing; +--error ER_GLOBAL_VARIABLE +set session innodb_debug_force_scrubbing=1; + +--echo # +--echo # incorrect types +--echo # +--error ER_WRONG_TYPE_FOR_VAR +set global innodb_debug_force_scrubbing=1.1; +--error ER_WRONG_TYPE_FOR_VAR +set global innodb_debug_force_scrubbing=1e1; +--error ER_WRONG_VALUE_FOR_VAR +set global innodb_debug_force_scrubbing="foo"; + +SET @@global.innodb_debug_force_scrubbing = @start_global_value; diff --git a/mysql-test/suite/sys_vars/t/innodb_scrub_force_testing_basic.test b/mysql-test/suite/sys_vars/t/innodb_scrub_force_testing_basic.test deleted file mode 100644 index e2df0de4e28..00000000000 --- a/mysql-test/suite/sys_vars/t/innodb_scrub_force_testing_basic.test +++ /dev/null @@ -1,42 +0,0 @@ -# bool global ---source include/have_innodb.inc ---source include/have_debug.inc - -SET @start_global_value = @@global.innodb_scrub_force_testing; - ---echo # ---echo # exists as global only ---echo # -select @@global.innodb_scrub_force_testing; ---error ER_INCORRECT_GLOBAL_LOCAL_VAR -select @@session.innodb_scrub_force_testing; -show global variables like 'innodb_scrub_force_testing'; -show session variables like 'innodb_scrub_force_testing'; -select * from information_schema.global_variables -where variable_name='innodb_scrub_force_testing'; -select * from information_schema.session_variables -where variable_name='innodb_scrub_force_testing'; - ---echo # ---echo # show that it's writable ---echo # -set global innodb_scrub_force_testing=ON; -select @@global.innodb_scrub_force_testing; -set global innodb_scrub_force_testing=OFF; -select @@global.innodb_scrub_force_testing; -set global innodb_scrub_force_testing=1; -select @@global.innodb_scrub_force_testing; ---error ER_GLOBAL_VARIABLE -set session innodb_scrub_force_testing=1; - ---echo # ---echo # incorrect types ---echo # ---error ER_WRONG_TYPE_FOR_VAR -set global innodb_scrub_force_testing=1.1; ---error ER_WRONG_TYPE_FOR_VAR -set global innodb_scrub_force_testing=1e1; ---error ER_WRONG_VALUE_FOR_VAR -set global innodb_scrub_force_testing="foo"; - -SET @@global.innodb_scrub_force_testing = @start_global_value; diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index c45e113ef1a..c976f33b26f 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -19218,7 +19218,7 @@ static MYSQL_SYSVAR_UINT(background_scrub_data_interval, UINT_MAX32, 0); #ifdef UNIV_DEBUG -static MYSQL_SYSVAR_BOOL(scrub_force_testing, +static MYSQL_SYSVAR_BOOL(debug_force_scrubbing, srv_scrub_force_testing, 0, "Perform extra scrubbing to increase test exposure", @@ -19426,7 +19426,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(background_scrub_data_interval), MYSQL_SYSVAR(background_scrub_data_check_interval), #ifdef UNIV_DEBUG - MYSQL_SYSVAR(scrub_force_testing), + MYSQL_SYSVAR(debug_force_scrubbing), #endif MYSQL_SYSVAR(instrument_semaphores), NULL diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 8359c5b3f0d..63727a09d8e 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -20401,7 +20401,7 @@ static MYSQL_SYSVAR_UINT(background_scrub_data_interval, UINT_MAX32, 0); #ifdef UNIV_DEBUG -static MYSQL_SYSVAR_BOOL(scrub_force_testing, +static MYSQL_SYSVAR_BOOL(debug_force_scrubbing, srv_scrub_force_testing, 0, "Perform extra scrubbing to increase test exposure", @@ -20646,7 +20646,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(background_scrub_data_interval), MYSQL_SYSVAR(background_scrub_data_check_interval), #ifdef UNIV_DEBUG - MYSQL_SYSVAR(scrub_force_testing), + MYSQL_SYSVAR(debug_force_scrubbing), #endif MYSQL_SYSVAR(instrument_semaphores), NULL From f130da7b0014d539d9f05127dbc08826e30cd497 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sun, 5 Apr 2015 17:37:06 +0200 Subject: [PATCH 43/65] clarify/simplify new innodb sysvars: help texts --- mysql-test/suite/sys_vars/r/sysvars_innodb.result | 8 ++++---- storage/innobase/handler/ha_innodb.cc | 10 ++++++---- storage/xtradb/handler/ha_innodb.cc | 10 ++++++---- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result index 858360ce738..23a3bcde7c1 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result @@ -740,7 +740,7 @@ GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE 1 VARIABLE_SCOPE GLOBAL VARIABLE_TYPE INT UNSIGNED -VARIABLE_COMMENT Rotate any page having a key older than this +VARIABLE_COMMENT Key rotation - re-encrypt in background all pages that were encrypted with a key that many (or more) versions behind NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 4294967295 NUMERIC_BLOCK_SIZE 0 @@ -768,7 +768,7 @@ GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL VARIABLE_TYPE INT UNSIGNED -VARIABLE_COMMENT No of threads performing background key rotation and scrubbing +VARIABLE_COMMENT Number of threads performing background key rotation and scrubbing NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 4294967295 NUMERIC_BLOCK_SIZE 0 @@ -796,7 +796,7 @@ GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE OFF VARIABLE_SCOPE GLOBAL VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Encrypt all tables in the storage engine +VARIABLE_COMMENT Enable InnoDB on-disk data encryption NUMERIC_MIN_VALUE NULL NUMERIC_MAX_VALUE NULL NUMERIC_BLOCK_SIZE NULL @@ -1860,7 +1860,7 @@ GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE OFF VARIABLE_SCOPE GLOBAL VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Enable redo log scrubbing +VARIABLE_COMMENT Enable background redo log (ib_logfile0, ib_logfile1...) scrubbing NUMERIC_MIN_VALUE NULL NUMERIC_MAX_VALUE NULL NUMERIC_BLOCK_SIZE NULL diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index c976f33b26f..1bb915e55e3 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -19125,12 +19125,12 @@ static MYSQL_SYSVAR_ULONG(fatal_semaphore_wait_threshold, srv_fatal_semaphore_wa 0); static MYSQL_SYSVAR_BOOL(encrypt_tables, srv_encrypt_tables, 0, - "Encrypt all tables in the storage engine", + "Enable InnoDB on-disk data encryption", 0, 0, 0); static MYSQL_SYSVAR_UINT(encryption_threads, srv_n_fil_crypt_threads, PLUGIN_VAR_RQCMDARG, - "No of threads performing background key rotation and " + "Number of threads performing background key rotation and " "scrubbing", NULL, innodb_encryption_threads_update, @@ -19139,7 +19139,9 @@ static MYSQL_SYSVAR_UINT(encryption_threads, srv_n_fil_crypt_threads, static MYSQL_SYSVAR_UINT(encryption_rotate_key_age, srv_fil_crypt_rotate_key_age, PLUGIN_VAR_RQCMDARG, - "Rotate any page having a key older than this", + "Key rotation - re-encrypt in background " + "all pages that were encrypted with a key that " + "many (or more) versions behind", NULL, innodb_encryption_rotate_key_age_update, srv_fil_crypt_rotate_key_age, 0, UINT_MAX32, 0); @@ -19160,7 +19162,7 @@ static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryptio static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, - "Enable redo log scrubbing", + "Enable background redo log (ib_logfile0, ib_logfile1...) scrubbing", 0, 0, 0); static MYSQL_SYSVAR_ULONGLONG(scrub_log_speed, innodb_scrub_log_speed, diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 63727a09d8e..ee6091b7acb 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -20308,12 +20308,12 @@ static MYSQL_SYSVAR_ULONG(fatal_semaphore_wait_threshold, srv_fatal_semaphore_wa 0); static MYSQL_SYSVAR_BOOL(encrypt_tables, srv_encrypt_tables, 0, - "Encrypt all tables in the storage engine", + "Enable InnoDB on-disk data encryption", 0, 0, 0); static MYSQL_SYSVAR_UINT(encryption_threads, srv_n_fil_crypt_threads, PLUGIN_VAR_RQCMDARG, - "No of threads performing background key rotation and " + "Number of threads performing background key rotation and " "scrubbing", NULL, innodb_encryption_threads_update, @@ -20322,7 +20322,9 @@ static MYSQL_SYSVAR_UINT(encryption_threads, srv_n_fil_crypt_threads, static MYSQL_SYSVAR_UINT(encryption_rotate_key_age, srv_fil_crypt_rotate_key_age, PLUGIN_VAR_RQCMDARG, - "Rotate any page having a key older than this", + "Key rotation - re-encrypt in background " + "all pages that were encrypted with a key that " + "many (or more) versions behind", NULL, innodb_encryption_rotate_key_age_update, srv_fil_crypt_rotate_key_age, 0, UINT_MAX32, 0); @@ -20343,7 +20345,7 @@ static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryptio static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, - "Enable redo log scrubbing", + "Enable background redo log (ib_logfile0, ib_logfile1...) scrubbing", 0, 0, 0); static MYSQL_SYSVAR_ULONGLONG(scrub_log_speed, innodb_scrub_log_speed, From 3a2ec3fca61b1f99c307a82bc650c65b0c721d91 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 8 Apr 2015 22:07:37 +0200 Subject: [PATCH 44/65] make innodb_encryption_debug test more robust --- .../innodb/r/innodb_encryption_debug.result | 20 +++++++++---------- .../innodb/t/innodb_encryption_debug.test | 12 +++++++++-- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/mysql-test/suite/innodb/r/innodb_encryption_debug.result b/mysql-test/suite/innodb/r/innodb_encryption_debug.result index 781796bb69a..503c56e32fd 100644 --- a/mysql-test/suite/innodb/r/innodb_encryption_debug.result +++ b/mysql-test/suite/innodb/r/innodb_encryption_debug.result @@ -5,15 +5,15 @@ innodb_encrypt_tables ON innodb_encryption_rotate_key_age 2 innodb_encryption_rotation_iops 100 innodb_encryption_threads 4 -select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; -space name min_key_version current_key_version -1 mysql/innodb_table_stats 0 1 -2 mysql/innodb_index_stats 0 1 -0 NULL 0 1 +select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; +space name current_key_version +0 NULL 1 +1 mysql/innodb_table_stats 1 +2 mysql/innodb_index_stats 1 set global debug_key_management_version=10; -select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; -space name min_key_version current_key_version -1 mysql/innodb_table_stats 0 10 -2 mysql/innodb_index_stats 0 10 -0 NULL 0 10 +select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; +space name current_key_version +0 NULL 10 +1 mysql/innodb_table_stats 10 +2 mysql/innodb_index_stats 10 set global debug_key_management_version=1; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.test b/mysql-test/suite/innodb/t/innodb_encryption_debug.test index 13c2a786d6a..f733d6ec91c 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption_debug.test +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.test @@ -6,8 +6,16 @@ if (`select count(*) = 0 from information_schema.plugins } show variables like 'innodb_encrypt%'; -select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; + +let $wait_condition= select count(*) = 3 from information_schema.innodb_tablespaces_encryption where current_key_version=1; +--source include/wait_condition.inc + +select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; set global debug_key_management_version=10; -select space,name,min_key_version,current_key_version from information_schema.innodb_tablespaces_encryption; + +let $wait_condition= select count(*) = 3 from information_schema.innodb_tablespaces_encryption where current_key_version=10; +--source include/wait_condition.inc + +select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; set global debug_key_management_version=1; From d6b912c64dab5f070347546ddf1f34deadbf4ecf Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 00:26:37 +0200 Subject: [PATCH 45/65] update XtraDB/InnoDB plugin maturity to match the server because of encryption changes - make it beta and let it mature together with the server --- storage/innobase/handler/ha_innodb.cc | 2 +- storage/innobase/handler/i_s.cc | 64 +++++++++++++------------- storage/xtradb/handler/ha_innodb.cc | 2 +- storage/xtradb/handler/i_s.cc | 66 +++++++++++++-------------- storage/xtradb/handler/xtradb_i_s.cc | 6 +-- 5 files changed, 70 insertions(+), 70 deletions(-) diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 1bb915e55e3..20f67a2d732 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -19448,7 +19448,7 @@ maria_declare_plugin(innobase) innodb_status_variables_export,/* status variables */ innobase_system_variables, /* system variables */ INNODB_VERSION_STR, /* string version */ - MariaDB_PLUGIN_MATURITY_STABLE /* maturity */ + MariaDB_PLUGIN_MATURITY_BETA /* maturity */ }, i_s_innodb_trx, i_s_innodb_locks, diff --git a/storage/innobase/handler/i_s.cc b/storage/innobase/handler/i_s.cc index 65fcb7051ef..97af986f31f 100644 --- a/storage/innobase/handler/i_s.cc +++ b/storage/innobase/handler/i_s.cc @@ -781,7 +781,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_trx = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_locks */ @@ -1041,7 +1041,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_locks = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_lock_waits */ @@ -1224,7 +1224,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_lock_waits = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /*******************************************************************//** @@ -1560,7 +1560,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp_reset = @@ -1610,7 +1610,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp_reset = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic tables @@ -1910,7 +1910,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp_per_index = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp_per_index_reset = @@ -1960,7 +1960,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp_per_index_reset = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table information_schema.innodb_cmpmem. */ @@ -2203,7 +2203,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmpmem = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; UNIV_INTERN struct st_maria_plugin i_s_innodb_cmpmem_reset = @@ -2253,7 +2253,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmpmem_reset = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_metrics */ @@ -2777,7 +2777,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_metrics = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_ft_default_stopword */ static ST_FIELD_INFO i_s_stopword_fields_info[] = @@ -2890,7 +2890,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_ft_default_stopword = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.INNODB_FT_DELETED @@ -3058,7 +3058,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_ft_deleted = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /*******************************************************************//** @@ -3141,7 +3141,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_ft_being_deleted = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.INNODB_FT_INDEX_CACHED and @@ -3431,7 +3431,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_ft_index_cache = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /*******************************************************************//** @@ -3866,7 +3866,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_ft_index_table = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.INNODB_FT_CONFIG */ @@ -4060,7 +4060,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_ft_config = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INNODB_BUFFER_POOL_STATS. */ @@ -4609,7 +4609,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_buffer_stats = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INNODB_BUFFER_POOL_PAGE. */ @@ -5321,7 +5321,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_buffer_page = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; static ST_FIELD_INFO i_s_innodb_buf_page_lru_fields_info[] = @@ -5868,7 +5868,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_buffer_page_lru = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /*******************************************************************//** @@ -6162,7 +6162,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_tables = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_TABLESTATS ***********************************************/ @@ -6452,7 +6452,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_tablestats = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_INDEXES **************************************************/ @@ -6704,7 +6704,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_indexes = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_COLUMNS **************************************************/ @@ -6941,7 +6941,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_columns = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_FIELDS ***************************************************/ @@ -7151,7 +7151,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_fields = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_FOREIGN ********************************************/ @@ -7376,7 +7376,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_foreign = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_FOREIGN_COLS ********************************************/ @@ -7593,7 +7593,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_foreign_cols = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_TABLESPACES ********************************************/ @@ -7861,7 +7861,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_tablespaces = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_DATAFILES ************************************************/ @@ -8050,7 +8050,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_datafiles = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** TABLESPACES_ENCRYPTION ********************************************/ @@ -8332,7 +8332,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_tablespaces_encryption = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE) + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA) }; /** TABLESPACES_SCRUBBING ********************************************/ @@ -8630,7 +8630,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_tablespaces_scrubbing = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE) + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA) }; /** INNODB_MUTEXES *********************************************/ @@ -8844,7 +8844,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_mutexes = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_SEMAPHORE_WAITS ************************************************/ @@ -9121,5 +9121,5 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_semaphore_waits = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index ee6091b7acb..b8bea467099 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -20668,7 +20668,7 @@ maria_declare_plugin(xtradb) innodb_status_variables_export,/* status variables */ innobase_system_variables, /* system variables */ INNODB_VERSION_STR, /* string version */ - MariaDB_PLUGIN_MATURITY_STABLE /* maturity */ + MariaDB_PLUGIN_MATURITY_BETA /* maturity */ }, i_s_xtradb_read_view, i_s_xtradb_internal_hash_tables, diff --git a/storage/xtradb/handler/i_s.cc b/storage/xtradb/handler/i_s.cc index 20bc4331bc8..0cbaf39a851 100644 --- a/storage/xtradb/handler/i_s.cc +++ b/storage/xtradb/handler/i_s.cc @@ -790,7 +790,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_trx = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_locks */ @@ -1048,7 +1048,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_locks = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_lock_waits */ @@ -1229,7 +1229,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_lock_waits = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /*******************************************************************//** @@ -1563,7 +1563,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp_reset = @@ -1611,7 +1611,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmp_reset = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /* Fields of the dynamic tables @@ -1910,7 +1910,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_cmp_per_index = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; UNIV_INTERN struct st_mysql_plugin i_s_innodb_cmp_per_index_reset = @@ -1959,7 +1959,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_cmp_per_index_reset = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table information_schema.innodb_cmpmem. */ @@ -2201,7 +2201,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmpmem = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; UNIV_INTERN struct st_maria_plugin i_s_innodb_cmpmem_reset = @@ -2249,7 +2249,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_cmpmem_reset = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_metrics */ @@ -2772,7 +2772,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_metrics = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.innodb_ft_default_stopword */ static ST_FIELD_INFO i_s_stopword_fields_info[] = @@ -2884,7 +2884,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_ft_default_stopword = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.INNODB_FT_DELETED @@ -3051,7 +3051,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_ft_deleted = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /*******************************************************************//** @@ -3133,7 +3133,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_ft_being_deleted = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.INNODB_FT_INDEX_CACHED and @@ -3422,7 +3422,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_ft_index_cache = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /*******************************************************************//** @@ -3856,7 +3856,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_ft_index_table = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INFORMATION_SCHEMA.INNODB_FT_CONFIG */ @@ -4049,7 +4049,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_ft_config = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /* Fields of the dynamic table INNODB_BUFFER_POOL_STATS. */ @@ -4596,7 +4596,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_buffer_stats = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /* Fields of the dynamic table INNODB_BUFFER_POOL_PAGE. */ @@ -5305,7 +5305,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_buffer_page = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; static ST_FIELD_INFO i_s_innodb_buf_page_lru_fields_info[] = @@ -5850,7 +5850,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_buffer_page_lru = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /*******************************************************************//** @@ -6142,7 +6142,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_tables = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** SYS_TABLESTATS ***********************************************/ @@ -6430,7 +6430,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_tablestats = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** SYS_INDEXES **************************************************/ @@ -6680,7 +6680,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_indexes = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** SYS_COLUMNS **************************************************/ @@ -6915,7 +6915,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_columns = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** SYS_FIELDS ***************************************************/ @@ -7123,7 +7123,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_fields = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** SYS_FOREIGN ********************************************/ @@ -7346,7 +7346,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_foreign = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** SYS_FOREIGN_COLS ********************************************/ @@ -7561,7 +7561,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_sys_foreign_cols = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** SYS_TABLESPACES ********************************************/ @@ -7828,7 +7828,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_sys_tablespaces = STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_DATAFILES ************************************************/ @@ -8015,7 +8015,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_sys_datafiles = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; static ST_FIELD_INFO i_s_innodb_changed_pages_info[] = @@ -8384,7 +8384,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_changed_pages = STRUCT_FLD(version, 0x0100 /* 1.0 */), STRUCT_FLD(status_vars, NULL), STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** TABLESPACES_ENCRYPTION ********************************************/ @@ -8664,7 +8664,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_tablespaces_encryption = /* struct st_mysql_sys_var** */ STRUCT_FLD(system_vars, NULL), - INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_STABLE + INNODB_VERSION_STR, MariaDB_PLUGIN_MATURITY_BETA }; /** TABLESPACES_SCRUBBING ********************************************/ @@ -8962,7 +8962,7 @@ UNIV_INTERN struct st_maria_plugin i_s_innodb_tablespaces_scrubbing = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE) + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA) }; /** INNODB_MUTEXES *********************************************/ @@ -9176,7 +9176,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_mutexes = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; /** SYS_SEMAPHORE_WAITS ************************************************/ @@ -9453,5 +9453,5 @@ UNIV_INTERN struct st_mysql_plugin i_s_innodb_sys_semaphore_waits = /* Maria extension */ STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; diff --git a/storage/xtradb/handler/xtradb_i_s.cc b/storage/xtradb/handler/xtradb_i_s.cc index 96e31b94470..207682e3154 100644 --- a/storage/xtradb/handler/xtradb_i_s.cc +++ b/storage/xtradb/handler/xtradb_i_s.cc @@ -176,7 +176,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_xtradb_read_view = STRUCT_FLD(status_vars, NULL), STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; static ST_FIELD_INFO xtradb_internal_hash_tables_fields_info[] = @@ -381,7 +381,7 @@ UNIV_INTERN struct st_mysql_plugin i_s_xtradb_internal_hash_tables = STRUCT_FLD(status_vars, NULL), STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; @@ -514,5 +514,5 @@ UNIV_INTERN struct st_mysql_plugin i_s_xtradb_rseg = STRUCT_FLD(status_vars, NULL), STRUCT_FLD(system_vars, NULL), STRUCT_FLD(version_info, INNODB_VERSION_STR), - STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_STABLE), + STRUCT_FLD(maturity, MariaDB_PLUGIN_MATURITY_BETA), }; From 129e960179443be84757dfb57ed0959f4146340f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 19:06:11 +0200 Subject: [PATCH 46/65] fix log_blocks_crypt() to actually decrypt the encrypted log It used to double-encrypt it, relying on the fact that second encrypt() call was (like XOR) negating the effect of the first one. --- storage/innobase/log/log0crypt.cc | 36 ++++++++++++++++--------------- storage/xtradb/log/log0crypt.cc | 36 ++++++++++++++++--------------- 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index 273701fe60d..8e3adc26769 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -172,19 +172,8 @@ log_blocks_crypt( uint32 src_len, dst_len; byte aes_ctr_counter[MY_AES_BLOCK_SIZE]; ulint log_block_no, log_block_start_lsn; - byte *key; - ulint lsn; - if (is_encrypt) - { - ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER); - key = (byte *)(log_sys->redo_log_crypt_key); - lsn = log_sys->lsn; + ulint lsn = is_encrypt ? log_sys->lsn : srv_start_lsn; - } else { - ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER); - key = (byte *)(recv_sys->recv_log_crypt_key); - lsn = srv_start_lsn; - } ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0); src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE; for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) @@ -204,11 +193,24 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, - recv_sys->recv_log_crypt_ver); + int rc; + if (is_encrypt) { + ut_a(log_sys); + ut_a(log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER); + rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)(log_sys->redo_log_crypt_key), 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + log_sys->redo_log_crypt_ver); + } else { + ut_a(recv_sys); + ut_a(recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER); + rc = encryption_decrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)(recv_sys->recv_log_crypt_key), 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + recv_sys->recv_log_crypt_ver); + } ut_a(rc == MY_AES_OK); ut_a(dst_len == src_len); diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index 8325c291a06..8e3adc26769 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -172,19 +172,8 @@ log_blocks_crypt( uint32 src_len, dst_len; byte aes_ctr_counter[MY_AES_BLOCK_SIZE]; ulint log_block_no, log_block_start_lsn; - byte *key; - ulint lsn; - if (is_encrypt) - { - ut_a(log_sys && log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER); - key = (byte *)(log_sys->redo_log_crypt_key); - lsn = log_sys->lsn; + ulint lsn = is_encrypt ? log_sys->lsn : srv_start_lsn; - } else { - ut_a(recv_sys && recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER); - key = (byte *)(recv_sys->recv_log_crypt_key); - lsn = srv_start_lsn; - } ut_a(size % OS_FILE_LOG_BLOCK_SIZE == 0); src_len = OS_FILE_LOG_BLOCK_SIZE - LOG_BLOCK_HDR_SIZE; for (ulint i = 0; i < size ; i += OS_FILE_LOG_BLOCK_SIZE) @@ -204,11 +193,24 @@ log_blocks_crypt( mach_write_to_4(aes_ctr_counter + 11, log_block_no); bzero(aes_ctr_counter + 15, 1); - int rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, - dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, - (unsigned char*)key, 16, - aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, - log_sys->redo_log_crypt_ver); + int rc; + if (is_encrypt) { + ut_a(log_sys); + ut_a(log_sys->redo_log_crypt_ver != UNENCRYPTED_KEY_VER); + rc = encryption_encrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)(log_sys->redo_log_crypt_key), 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + log_sys->redo_log_crypt_ver); + } else { + ut_a(recv_sys); + ut_a(recv_sys->recv_log_crypt_ver != UNENCRYPTED_KEY_VER); + rc = encryption_decrypt(log_block + LOG_BLOCK_HDR_SIZE, src_len, + dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, + (unsigned char*)(recv_sys->recv_log_crypt_key), 16, + aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + recv_sys->recv_log_crypt_ver); + } ut_a(rc == MY_AES_OK); ut_a(dst_len == src_len); From 97d5de4ccfa75af899e764dbd1c3f4b7ea370311 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 00:37:47 +0200 Subject: [PATCH 47/65] Add encryption key id to the API as a distinct concept which is separate from the encryption key version --- include/mysql/plugin_audit.h.pp | 10 ++-- include/mysql/plugin_auth.h.pp | 10 ++-- include/mysql/plugin_encryption.h | 12 ++--- include/mysql/plugin_encryption.h.pp | 16 ++++--- include/mysql/plugin_ftparser.h.pp | 10 ++-- include/mysql/plugin_password_validation.h.pp | 10 ++-- include/mysql/service_encryption.h | 34 +++++++------ .../debug_key_management_plugin.cc | 13 ++++- .../example_key_management_plugin.cc | 13 +++-- .../file_key_management_plugin.cc | 18 ++++--- sql/encryption.cc | 20 +++++--- storage/innobase/fil/fil0crypt.cc | 48 +++++++++++-------- storage/innobase/fil/fil0fil.cc | 2 +- storage/innobase/handler/ha_innodb.cc | 6 +-- storage/innobase/include/fil0crypt.h | 6 +-- storage/innobase/include/fil0crypt.ic | 7 ++- storage/innobase/include/log0crypt.h | 2 +- storage/innobase/log/log0crypt.cc | 8 +++- storage/maria/ma_check_standalone.h | 2 +- storage/maria/ma_crypt.c | 17 +++++-- storage/xtradb/fil/fil0crypt.cc | 48 +++++++++++-------- storage/xtradb/fil/fil0fil.cc | 2 +- storage/xtradb/handler/ha_innodb.cc | 4 +- storage/xtradb/include/fil0crypt.h | 6 +-- storage/xtradb/include/fil0crypt.ic | 7 ++- storage/xtradb/include/log0crypt.h | 2 +- storage/xtradb/log/log0crypt.cc | 8 +++- 27 files changed, 197 insertions(+), 144 deletions(-) diff --git a/include/mysql/plugin_audit.h.pp b/include/mysql/plugin_audit.h.pp index c874484288d..7346c4f29b0 100644 --- a/include/mysql/plugin_audit.h.pp +++ b/include/mysql/plugin_audit.h.pp @@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); + int no_padding, unsigned int key_id, + unsigned int key_version); struct encryption_service_st { - unsigned int (*encryption_key_get_latest_version_func)(); - unsigned int (*encryption_key_exists_func)(unsigned int); - unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + unsigned int (*encryption_key_get_latest_version_func)(unsigned int); + unsigned int (*encryption_key_id_exists_func)(unsigned int); + unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encryption_encrypt_func; encrypt_decrypt_func encryption_decrypt_func; }; diff --git a/include/mysql/plugin_auth.h.pp b/include/mysql/plugin_auth.h.pp index d12e4eb062b..1df73b0a41e 100644 --- a/include/mysql/plugin_auth.h.pp +++ b/include/mysql/plugin_auth.h.pp @@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); + int no_padding, unsigned int key_id, + unsigned int key_version); struct encryption_service_st { - unsigned int (*encryption_key_get_latest_version_func)(); - unsigned int (*encryption_key_exists_func)(unsigned int); - unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + unsigned int (*encryption_key_get_latest_version_func)(unsigned int); + unsigned int (*encryption_key_id_exists_func)(unsigned int); + unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encryption_encrypt_func; encrypt_decrypt_func encryption_decrypt_func; }; diff --git a/include/mysql/plugin_encryption.h b/include/mysql/plugin_encryption.h index a91a53c8ad5..90979017101 100644 --- a/include/mysql/plugin_encryption.h +++ b/include/mysql/plugin_encryption.h @@ -37,11 +37,11 @@ struct st_mariadb_encryption int interface_version; /**< version plugin uses */ /** - function returning latest key version. + function returning latest key version for a given key id - @return a version or BAD_ENCRYPTION_KEY_VERSION to indicate an error. + @return a version or ENCRYPTION_KEY_VERSION_INVALID to indicate an error. */ - unsigned int (*get_latest_key_version)(); + unsigned int (*get_latest_key_version)(unsigned int key_id); /** function returning a key for a key version @@ -60,11 +60,11 @@ struct st_mariadb_encryption the key data or leave it untouched). @return 0 on success, or - BAD_ENCRYPTION_KEY_VERSION, KEY_BUFFER_TOO_SMALL, + ENCRYPTION_KEY_VERSION_INVALID, ENCRYPTION_KEY_BUFFER_TOO_SMALL or any other non-zero number for errors */ - unsigned int (*get_key)(unsigned int version, unsigned char *key, - unsigned int *key_length); + unsigned int (*get_key)(unsigned int key_id, unsigned int version, + unsigned char *key, unsigned int *key_length); encrypt_decrypt_func encrypt; encrypt_decrypt_func decrypt; diff --git a/include/mysql/plugin_encryption.h.pp b/include/mysql/plugin_encryption.h.pp index e1c034271ce..2cf344864e4 100644 --- a/include/mysql/plugin_encryption.h.pp +++ b/include/mysql/plugin_encryption.h.pp @@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); + int no_padding, unsigned int key_id, + unsigned int key_version); struct encryption_service_st { - unsigned int (*encryption_key_get_latest_version_func)(); - unsigned int (*encryption_key_exists_func)(unsigned int); - unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + unsigned int (*encryption_key_get_latest_version_func)(unsigned int); + unsigned int (*encryption_key_id_exists_func)(unsigned int); + unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encryption_encrypt_func; encrypt_decrypt_func encryption_decrypt_func; }; @@ -370,9 +372,9 @@ void thd_wakeup_subsequent_commits(void* thd, int wakeup_error); struct st_mariadb_encryption { int interface_version; - unsigned int (*get_latest_key_version)(); - unsigned int (*get_key)(unsigned int version, unsigned char *key, - unsigned int *key_length); + unsigned int (*get_latest_key_version)(unsigned int key_id); + unsigned int (*get_key)(unsigned int key_id, unsigned int version, + unsigned char *key, unsigned int *key_length); encrypt_decrypt_func encrypt; encrypt_decrypt_func decrypt; }; diff --git a/include/mysql/plugin_ftparser.h.pp b/include/mysql/plugin_ftparser.h.pp index f163a58f793..ee8ebc4299c 100644 --- a/include/mysql/plugin_ftparser.h.pp +++ b/include/mysql/plugin_ftparser.h.pp @@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); + int no_padding, unsigned int key_id, + unsigned int key_version); struct encryption_service_st { - unsigned int (*encryption_key_get_latest_version_func)(); - unsigned int (*encryption_key_exists_func)(unsigned int); - unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + unsigned int (*encryption_key_get_latest_version_func)(unsigned int); + unsigned int (*encryption_key_id_exists_func)(unsigned int); + unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encryption_encrypt_func; encrypt_decrypt_func encryption_decrypt_func; }; diff --git a/include/mysql/plugin_password_validation.h.pp b/include/mysql/plugin_password_validation.h.pp index 94d48543103..e7dcc44f07a 100644 --- a/include/mysql/plugin_password_validation.h.pp +++ b/include/mysql/plugin_password_validation.h.pp @@ -202,11 +202,13 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); + int no_padding, unsigned int key_id, + unsigned int key_version); struct encryption_service_st { - unsigned int (*encryption_key_get_latest_version_func)(); - unsigned int (*encryption_key_exists_func)(unsigned int); - unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + unsigned int (*encryption_key_get_latest_version_func)(unsigned int); + unsigned int (*encryption_key_id_exists_func)(unsigned int); + unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encryption_encrypt_func; encrypt_decrypt_func encryption_decrypt_func; }; diff --git a/include/mysql/service_encryption.h b/include/mysql/service_encryption.h index ed012bdb7d6..2ed29d594a6 100644 --- a/include/mysql/service_encryption.h +++ b/include/mysql/service_encryption.h @@ -30,7 +30,7 @@ extern "C" { /* returned from encryption_key_get_latest_version() */ #define ENCRYPTION_KEY_VERSION_INVALID (~(unsigned int)0) -#define ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED (0) +#define ENCRYPTION_KEY_NOT_ENCRYPTED (0) /* returned from encryption_key_get() */ #define ENCRYPTION_KEY_BUFFER_TOO_SMALL (100) @@ -39,12 +39,14 @@ typedef int (*encrypt_decrypt_func)(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version); + int no_padding, unsigned int key_id, + unsigned int key_version); struct encryption_service_st { - unsigned int (*encryption_key_get_latest_version_func)(); - unsigned int (*encryption_key_exists_func)(unsigned int); - unsigned int (*encryption_key_get_func)(unsigned int, unsigned char*, unsigned int*); + unsigned int (*encryption_key_get_latest_version_func)(unsigned int); + unsigned int (*encryption_key_id_exists_func)(unsigned int); + unsigned int (*encryption_key_version_exists_func)(unsigned int, unsigned int); + unsigned int (*encryption_key_get_func)(unsigned int, unsigned int, unsigned char*, unsigned int*); encrypt_decrypt_func encryption_encrypt_func; encrypt_decrypt_func encryption_decrypt_func; }; @@ -53,20 +55,22 @@ struct encryption_service_st { extern struct encryption_service_st *encryption_service; -#define encryption_key_get_latest_version() encryption_service->encryption_key_get_latest_version_func() -#define encryption_key_exists(V) encryption_service->encryption_key_exists_func(V) -#define encryption_key_get(V,K,S) encryption_service->encryption_key_get_func((V), (K), (S)) -#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_service->encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define encryption_key_get_latest_version(KI) encryption_service->encryption_key_get_latest_version_func(KI) +#define encryption_key_id_exists(KI) encryption_service->encryption_key_id_exists_func((KI)) +#define encryption_key_version_exists(KI,KV) encryption_service->encryption_key_version_exists_func((KI),(KV)) +#define encryption_key_get(KI,KV,K,S) encryption_service->encryption_key_get_func((KI),(KV),(K),(S)) +#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) +#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_service->encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) #else extern struct encryption_service_st encryption_handler; -#define encryption_key_get_latest_version() encryption_handler.encryption_key_get_latest_version_func() -#define encryption_key_exists(V) encryption_handler.encryption_key_exists_func(V) -#define encryption_key_get(V,K,S) encryption_handler.encryption_key_get_func((V), (K), (S)) -#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_encrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) -#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KV) encryption_handler.encryption_decrypt_func(S,SL,D,DL,K,KL,I,IL,NP,KV) +#define encryption_key_get_latest_version(KI) encryption_handler.encryption_key_get_latest_version_func(KI) +#define encryption_key_id_exists(KI) encryption_handler.encryption_key_id_exists_func((KI)) +#define encryption_key_version_exists(KI,KV) encryption_handler.encryption_key_version_exists_func((KI),(KV)) +#define encryption_key_get(KI,KV,K,S) encryption_handler.encryption_key_get_func((KI),(KV),(K),(S)) +#define encryption_encrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_encrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) +#define encryption_decrypt(S,SL,D,DL,K,KL,I,IL,NP,KI,KV) encryption_handler.encryption_decrypt_func((S),(SL),(D),(DL),(K),(KL),(I),(IL),(NP),(KI),(KV)) #endif #ifdef __cplusplus diff --git a/plugin/debug_key_management/debug_key_management_plugin.cc b/plugin/debug_key_management/debug_key_management_plugin.cc index a389a8ab04b..33e0c6ab318 100644 --- a/plugin/debug_key_management/debug_key_management_plugin.cc +++ b/plugin/debug_key_management/debug_key_management_plugin.cc @@ -19,6 +19,8 @@ It's used to debug the encryption code with a fixed keys that change only on user request. + It does not support different key ids, the only valid key id is 1. + THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET! DO NOT USE THIS PLUGIN IN PRODUCTION! EVER! */ @@ -40,13 +42,20 @@ static struct st_mysql_sys_var* sysvars[] = { NULL }; -static unsigned int get_latest_key_version() +static unsigned int get_latest_key_version(unsigned int keyid) { + if (keyid != 1) + return ENCRYPTION_KEY_VERSION_INVALID; + return key_version; } -static unsigned int get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) +static unsigned int get_key(unsigned int keyid, unsigned int version, + unsigned char* dstbuf, unsigned *buflen) { + if (keyid != 1) + return ENCRYPTION_KEY_VERSION_INVALID; + if (*buflen < KEY_SIZE) { *buflen= KEY_SIZE; diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc index b26e42d598a..d3502b27d75 100644 --- a/plugin/example_key_management/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -21,6 +21,8 @@ different pages in the same tablespace encrypted with different keys and what the background re-encryption thread does. + It does not support different key ids, for all ids the key will be the same. + THIS IS AN EXAMPLE ONLY! ENCRYPTION KEYS ARE HARD-CODED AND *NOT* SECRET! DO NOT USE THIS PLUGIN IN PRODUCTION! EVER! */ @@ -41,7 +43,7 @@ static unsigned int next_key_version = 0; static pthread_mutex_t mutex; static unsigned int -get_latest_key_version() +get_latest_key_version(unsigned int key_id) { uint now = time(0); pthread_mutex_lock(&mutex); @@ -57,7 +59,8 @@ get_latest_key_version() } static unsigned int -get_key(unsigned int version, unsigned char* dstbuf, unsigned *buflen) +get_key(unsigned int key_id, unsigned int version, + unsigned char* dstbuf, unsigned *buflen) { if (*buflen < MY_MD5_HASH_SIZE) { @@ -81,7 +84,7 @@ int encrypt(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version) + int no_padding, unsigned int keyid, unsigned int key_version) { return ((key_version & 1) ? my_aes_encrypt_cbc : my_aes_encrypt_ecb) (src, slen, dst, dlen, key, klen, iv, ivlen, no_padding); @@ -91,7 +94,7 @@ int decrypt(const unsigned char* src, unsigned int slen, unsigned char* dst, unsigned int* dlen, const unsigned char* key, unsigned int klen, const unsigned char* iv, unsigned int ivlen, - int no_padding, unsigned int key_version) + int no_padding, unsigned int keyid, unsigned int key_version) { return ((key_version & 1) ? my_aes_decrypt_cbc : my_aes_decrypt_ecb) (src, slen, dst, dlen, key, klen, iv, ivlen, no_padding); @@ -101,7 +104,7 @@ static int example_key_management_plugin_init(void *p) { /* init */ my_rnd_init(&seed, time(0), 0); - get_latest_key_version(); + get_latest_key_version(1); pthread_mutex_init(&mutex, NULL); return 0; diff --git a/plugin/file_key_management/file_key_management_plugin.cc b/plugin/file_key_management/file_key_management_plugin.cc index bf193c252b3..08c0c9b74c8 100644 --- a/plugin/file_key_management/file_key_management_plugin.cc +++ b/plugin/file_key_management/file_key_management_plugin.cc @@ -78,20 +78,18 @@ static keyentry *get_key(unsigned int key_id) return a->id == key_id ? a : 0; } -/** - This method is using with the id 0 if exists. - This method is used by innobase/xtradb for the key - rotation feature of encrypting log files. -*/ - -static unsigned int get_highest_key_used_in_key_file() +/* the version is always the same, no automatic key rotation */ +static unsigned int get_latest_version(uint key_id) { - return 0; + return get_key(key_id) ? 1 : ENCRYPTION_KEY_VERSION_INVALID; } static unsigned int get_key_from_key_file(unsigned int key_id, - unsigned char* dstbuf, unsigned *buflen) + unsigned int key_version, unsigned char* dstbuf, unsigned *buflen) { + if (key_version != 1) + return ENCRYPTION_KEY_VERSION_INVALID; + keyentry* entry = get_key(key_id); if (entry == NULL) @@ -112,7 +110,7 @@ static unsigned int get_key_from_key_file(unsigned int key_id, struct st_mariadb_encryption file_key_management_plugin= { MariaDB_ENCRYPTION_INTERFACE_VERSION, - get_highest_key_used_in_key_file, + get_latest_version, get_key_from_key_file, 0,0 }; diff --git a/sql/encryption.cc b/sql/encryption.cc index 81f6d1820cd..44208baf8b3 100644 --- a/sql/encryption.cc +++ b/sql/encryption.cc @@ -23,13 +23,18 @@ static plugin_ref encryption_manager= 0; struct encryption_service_st encryption_handler; -unsigned int has_key(uint version) +unsigned int has_key_id(uint id) { - uint unused; - return encryption_key_get(version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID; + return encryption_key_get_latest_version(id) != ENCRYPTION_KEY_VERSION_INVALID; } -uint no_key() +unsigned int has_key_version(uint id, uint version) +{ + uint unused; + return encryption_key_get(id, version, NULL, &unused) != ENCRYPTION_KEY_VERSION_INVALID; +} + +uint no_key(uint) { return ENCRYPTION_KEY_VERSION_INVALID; } @@ -38,7 +43,7 @@ static int no_crypt(const uchar* source, uint source_length, uchar* dest, uint* dest_length, const uchar* key, uint key_length, const uchar* iv, uint iv_length, - int no_padding, uint key_version) + int no_padding, uint key_id, uint key_version) { return 1; } @@ -81,9 +86,10 @@ int finalize_encryption_plugin(st_plugin_int *plugin) { encryption_handler.encryption_encrypt_func= no_crypt; encryption_handler.encryption_decrypt_func= no_crypt; - encryption_handler.encryption_key_exists_func= has_key; + encryption_handler.encryption_key_id_exists_func= has_key_id; + encryption_handler.encryption_key_version_exists_func= has_key_version; encryption_handler.encryption_key_get_func= - (uint (*)(uint, uchar*, uint*))no_key; + (uint (*)(uint, uint, uchar*, uint*))no_key; encryption_handler.encryption_key_get_latest_version_func= no_key; if (plugin && plugin->plugin->deinit && plugin->plugin->deinit(NULL)) diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 03e580a7e0e..488d3c3fdcc 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -177,10 +177,11 @@ fil_crypt_get_key( } *key_length = sizeof(keybuf); - int rc = encryption_key_get(version, keybuf, key_length); + uint rc = encryption_key_get(crypt_data->key_id, version, keybuf, key_length); if (rc) { ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d can not be found. Reason=%d", version, rc); + "Key id %u version %u can not be found. Reason=%u", + crypt_data->key_id, version, rc); ut_error; } @@ -229,11 +230,13 @@ fil_crypt_get_latest_key( uint* version) /*!< in: Key version */ { // used for key rotation - get the next key id from the key provider - uint rc = encryption_key_get_latest_version(); + uint rc = *version = encryption_key_get_latest_version(crypt_data->key_id); - // if no new key was created use the last one - if (rc != ENCRYPTION_KEY_VERSION_INVALID) { - *version = rc; + if (rc == ENCRYPTION_KEY_VERSION_INVALID) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unknown key id %u. Can't continue!\n", + crypt_data->key_id); + ut_error; } return fil_crypt_get_key(dst, key_length, crypt_data, *version); @@ -259,7 +262,7 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = encryption_key_get_latest_version(); + crypt_data->min_key_version = encryption_key_get_latest_version(crypt_data->key_id); } mutex_create(fil_crypt_data_mutex_key, @@ -612,11 +615,11 @@ fil_space_encrypt( row_format compressed */ byte* dst_frame) /*!< in: outbut buffer */ { - fil_space_crypt_t* crypt_data=NULL; + fil_space_crypt_t* crypt_data = NULL; ulint page_size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; uint key_version; unsigned char key[MY_AES_MAX_KEY_LENGTH]; - uint key_length=MY_AES_MAX_KEY_LENGTH; + uint key_length = MY_AES_MAX_KEY_LENGTH; unsigned char iv[MY_AES_BLOCK_SIZE]; ulint orig_page_type = mach_read_from_2(src_frame+FIL_PAGE_TYPE); @@ -632,7 +635,6 @@ fil_space_encrypt( /* Get crypt data from file space */ crypt_data = fil_space_get_crypt_data(space); - key_version = crypt_data->keys[0].key_id; if (crypt_data == NULL) { //TODO: Is this really needed ? @@ -674,8 +676,8 @@ fil_space_encrypt( } int rc = encryption_encrypt(src, srclen, dst, &dstlen, - key, key_length, - iv, sizeof(iv), 1, key_version); + key, key_length, iv, sizeof(iv), 1, + crypt_data->key_id, key_version); if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -775,7 +777,7 @@ fil_space_decrypt( uint key_version = mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); bool page_compressed = (page_type == FIL_PAGE_PAGE_COMPRESSED); - if (key_version == ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED) { + if (key_version == ENCRYPTION_KEY_NOT_ENCRYPTED) { //TODO: is this really needed ? memcpy(dst_frame, src_frame, page_size); return false; /* page not decrypted */ @@ -820,7 +822,8 @@ fil_space_decrypt( } int rc = encryption_decrypt(src, srclen, dst, &dstlen, key, key_length, - iv, sizeof(iv), 1, key_version); + iv, sizeof(iv), 1, + crypt_data->key_id, key_version); if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -968,10 +971,11 @@ fil_crypt_get_key_state( key_state_t *new_state) /*!< out: key state */ { if (srv_encrypt_tables == TRUE) { - new_state->key_version = encryption_key_get_latest_version(); + new_state->key_version = + encryption_key_get_latest_version(FIL_DEFAULT_ENCRYPTION_KEY); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; ut_a(new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID); - ut_a(new_state->key_version != ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED); + ut_a(new_state->key_version != ENCRYPTION_KEY_NOT_ENCRYPTED); } else { new_state->key_version = 0; new_state->rotate_key_age = 0; @@ -2422,15 +2426,17 @@ fil_space_crypt_get_status( status->rotating = false; } mutex_exit(&crypt_data->mutex); + + if (srv_encrypt_tables == TRUE) { + status->current_key_version = + encryption_key_get_latest_version(crypt_data->key_id); + } else { + status->current_key_version = 0; + } } else { memset(status, 0, sizeof(*status)); } - if (srv_encrypt_tables == TRUE) { - status->current_key_version = encryption_key_get_latest_version(); - } else { - status->current_key_version = 0; - } return crypt_data == NULL ? 1 : 0; } diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 9bc1de79dbf..7e13ddfbaaf 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -1994,7 +1994,7 @@ fil_read_first_page( if ((cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_ON) || ( srv_encrypt_tables && cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { - uint rc = encryption_key_get_latest_version(); + uint rc = encryption_key_get_latest_version(cdata->key_id); if (rc == ENCRYPTION_KEY_VERSION_INVALID) { ib_logf(IB_LOG_LEVEL_FATAL, diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 7c3f11b17f8..0579b889b11 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -11380,11 +11380,11 @@ ha_innobase::check_table_options( /* ignore this to allow alter table without changing page_encryption_key ...*/ } - if (!encryption_key_exists(options->encryption_key_id)) { + if (!encryption_key_id_exists(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION_KEY_ID key %lu not available", + "InnoDB: ENCRYPTION_KEY_ID %lu not available", options->encryption_key_id ); return "ENCRYPTION_KEY_ID"; @@ -11715,7 +11715,7 @@ ha_innobase::create( crypt_data = fil_space_create_crypt_data(); crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); - crypt_data->keys[0].key_id = key_id; + crypt_data->key_id = key_id; crypt_data->encryption = encrypt; /* If there is old crypt data, copy IV */ diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h index 83607ee7629..da7e53361ac 100644 --- a/storage/innobase/include/fil0crypt.h +++ b/storage/innobase/include/fil0crypt.h @@ -58,10 +58,7 @@ typedef enum { /* Cached L or key for given key_version */ struct key_struct { - uint key_version; /*!< Key version used as - identifier */ - uint key_id; /*1< Key id used as - identifier */ + uint key_version; /*!< Version of the key */ uint key_length; /*!< Key length */ unsigned char key[MY_AES_MAX_KEY_LENGTH]; /*!< Cached key (that is L in CRYPT_SCHEME_1) */ @@ -88,6 +85,7 @@ struct fil_space_crypt_struct ulint type; // CRYPT_SCHEME uint keyserver_requests; // no of key requests to key server uint key_count; // No of initalized key-structs + uint key_id; // Key id for this space key_struct keys[3]; // cached L = AES_ECB(KEY, IV) uint min_key_version; // min key version for this space ulint page0_offset; // byte offset on page 0 for crypt data diff --git a/storage/innobase/include/fil0crypt.ic b/storage/innobase/include/fil0crypt.ic index 80912009e5b..5fafa6cd3f0 100644 --- a/storage/innobase/include/fil0crypt.ic +++ b/storage/innobase/include/fil0crypt.ic @@ -48,20 +48,19 @@ fil_page_encryption_status( const byte *buf, /*!< in: page */ ulint space_id) /*!< in: space_id */ { + fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space_id); ulint page_type = mach_read_from_2(buf+FIL_PAGE_TYPE); if (page_type == FIL_PAGE_TYPE_FSP_HDR) { - fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space_id); - if (crypt_data != NULL) { - if (!encryption_key_exists(crypt_data->keys[0].key_version)) { + if (!encryption_key_id_exists(crypt_data->key_id)) { /* accessing table would surely fail, because no key or no key provider available */ return 1; } } } else { ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!encryption_key_exists(key)) { + if (!encryption_key_version_exists(crypt_data->key_id, key)) { return 1; } } diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index 433b0b50395..c3cfd973e8d 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 -#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED +#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_NOT_ENCRYPTED typedef int Crypt_result; diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index 8e3adc26769..c3c943a808f 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -47,6 +47,8 @@ byte redo_log_crypt_msg[MY_AES_BLOCK_SIZE] = {0}; * encryption/decryption. */ byte aes_ctr_nonce[MY_AES_BLOCK_SIZE] = {0}; +#define LOG_DEFAULT_ENCRYPTION_KEY 1 + /*********************************************************************//** Generate a 128-bit value used to generate crypt key for redo log. It is generated via the concatenation of 1 purpose byte (0x02) and 15-byte @@ -117,7 +119,7 @@ log_init_crypt_key( byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; uint keylen= sizeof(mysqld_key); - if (encryption_key_get(crypt_ver, mysqld_key, &keylen)) + if (encryption_key_get(LOG_DEFAULT_ENCRYPTION_KEY, crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " @@ -201,6 +203,7 @@ log_blocks_crypt( dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, (unsigned char*)(log_sys->redo_log_crypt_key), 16, aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + LOG_DEFAULT_ENCRYPTION_KEY, log_sys->redo_log_crypt_ver); } else { ut_a(recv_sys); @@ -209,6 +212,7 @@ log_blocks_crypt( dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, (unsigned char*)(recv_sys->recv_log_crypt_key), 16, aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + LOG_DEFAULT_ENCRYPTION_KEY, recv_sys->recv_log_crypt_ver); } @@ -261,7 +265,7 @@ log_crypt_set_ver_and_key( if (srv_encrypt_log) { unsigned int vkey; - vkey = encryption_key_get_latest_version(); + vkey = encryption_key_get_latest_version(LOG_DEFAULT_ENCRYPTION_KEY); encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || diff --git a/storage/maria/ma_check_standalone.h b/storage/maria/ma_check_standalone.h index 5dc2c601ffd..693de8a8a56 100644 --- a/storage/maria/ma_check_standalone.h +++ b/storage/maria/ma_check_standalone.h @@ -30,7 +30,7 @@ static unsigned int no_key() struct encryption_service_st encryption_handler= { - no_key, 0, 0, 0, 0 + no_key, 0, 0, 0, 0, 0 }; /* only those that included myisamchk.h may need and can use the below */ diff --git a/storage/maria/ma_crypt.c b/storage/maria/ma_crypt.c index df19973c7de..5a187382c42 100644 --- a/storage/maria/ma_crypt.c +++ b/storage/maria/ma_crypt.c @@ -20,6 +20,9 @@ #include "ma_blockrec.h" #include +#define HARD_CODED_ENCRYPTION_KEY_VERSION 1 +#define HARD_CODED_ENCRYPTION_KEY_ID 1 + #define CRYPT_SCHEME_1 1 #define CRYPT_SCHEME_1_ID_LEN 4 /* 4 bytes for counter-block */ #define CRYPT_SCHEME_1_IV_LEN 16 @@ -28,6 +31,7 @@ struct st_maria_crypt_data { uchar type; + uint keyid; uchar iv_length; uchar iv[1]; // var size }; @@ -68,6 +72,7 @@ ma_crypt_create(MARIA_SHARE* share) MARIA_CRYPT_DATA *crypt_data= (MARIA_CRYPT_DATA*)my_malloc(sz, MYF(0)); bzero(crypt_data, sz); crypt_data->type= CRYPT_SCHEME_1; + crypt_data->keyid= HARD_CODED_ENCRYPTION_KEY_ID; crypt_data->iv_length= iv_length; my_random_bytes(crypt_data->iv, iv_length); share->crypt_data= crypt_data; @@ -118,6 +123,7 @@ ma_crypt_read(MARIA_SHARE* share, uchar *buff) MARIA_CRYPT_DATA *crypt_data= (MARIA_CRYPT_DATA*)my_malloc(sz, MYF(0)); crypt_data->type= type; + crypt_data->keyid= HARD_CODED_ENCRYPTION_KEY_ID; crypt_data->iv_length= iv_length; memcpy(crypt_data->iv, buff + 2, iv_length); share->crypt_data= crypt_data; @@ -290,7 +296,8 @@ void ma_crypt_set_data_pagecache_callbacks(PAGECACHE_FILE *file, __attribute__((unused))) { /* Only use encryption if we have defined it */ - if (encryption_key_get_latest_version() != ENCRYPTION_KEY_VERSION_INVALID) + if (encryption_key_get_latest_version(HARD_CODED_ENCRYPTION_KEY_ID) != + ENCRYPTION_KEY_VERSION_INVALID) { file->pre_read_hook= ma_crypt_pre_read_hook; file->post_read_hook= ma_crypt_data_post_read_hook; @@ -410,7 +417,7 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, int rc; uint32 dstlen; uchar counter[COUNTER_LEN]; - *key_version= 1; + *key_version= HARD_CODED_ENCRYPTION_KEY_VERSION; // create counter block memcpy(counter + 0, crypt_data->iv + CRYPT_SCHEME_1_IV_LEN, 4); @@ -419,7 +426,8 @@ static int ma_encrypt(MARIA_CRYPT_DATA *crypt_data, rc = encryption_encrypt(src, size, dst, &dstlen, crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), 1, *key_version); + counter, sizeof(counter), 1, + crypt_data->keyid, *key_version); DBUG_ASSERT(rc == MY_AES_OK); DBUG_ASSERT(dstlen == size); @@ -451,7 +459,8 @@ static int ma_decrypt(MARIA_CRYPT_DATA *crypt_data, rc =encryption_decrypt(src, size, dst, &dstlen, crypt_data->iv, CRYPT_SCHEME_1_IV_LEN, - counter, sizeof(counter), 1, key_version); + counter, sizeof(counter), 1, crypt_data->keyid, + key_version); DBUG_ASSERT(rc == MY_AES_OK); DBUG_ASSERT(dstlen == size); diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 136b64f9c87..4a4cc6c7502 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -177,10 +177,11 @@ fil_crypt_get_key( } *key_length = sizeof(keybuf); - int rc = encryption_key_get(version, keybuf, key_length); + uint rc = encryption_key_get(crypt_data->key_id, version, keybuf, key_length); if (rc) { ib_logf(IB_LOG_LEVEL_FATAL, - "Key %d can not be found. Reason=%d", version, rc); + "Key id %u version %u can not be found. Reason=%u", + crypt_data->key_id, version, rc); ut_error; } @@ -229,11 +230,13 @@ fil_crypt_get_latest_key( uint* version) /*!< in: Key version */ { // used for key rotation - get the next key id from the key provider - uint rc = encryption_key_get_latest_version(); + uint rc = *version = encryption_key_get_latest_version(crypt_data->key_id); - // if no new key was created use the last one - if (rc != ENCRYPTION_KEY_VERSION_INVALID) { - *version = rc; + if (rc == ENCRYPTION_KEY_VERSION_INVALID) { + ib_logf(IB_LOG_LEVEL_FATAL, + "Unknown key id %u. Can't continue!\n", + crypt_data->key_id); + ut_error; } return fil_crypt_get_key(dst, key_length, crypt_data, *version); @@ -259,7 +262,7 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = encryption_key_get_latest_version(); + crypt_data->min_key_version = encryption_key_get_latest_version(crypt_data->key_id); } mutex_create(fil_crypt_data_mutex_key, @@ -612,11 +615,11 @@ fil_space_encrypt( row_format compressed */ byte* dst_frame) /*!< in: outbut buffer */ { - fil_space_crypt_t* crypt_data=NULL; + fil_space_crypt_t* crypt_data = NULL; ulint page_size = (zip_size) ? zip_size : UNIV_PAGE_SIZE; uint key_version; unsigned char key[MY_AES_MAX_KEY_LENGTH]; - uint key_length=MY_AES_MAX_KEY_LENGTH; + uint key_length = MY_AES_MAX_KEY_LENGTH; unsigned char iv[MY_AES_BLOCK_SIZE]; ulint orig_page_type = mach_read_from_2(src_frame+FIL_PAGE_TYPE); @@ -632,7 +635,6 @@ fil_space_encrypt( /* Get crypt data from file space */ crypt_data = fil_space_get_crypt_data(space); - key_version = crypt_data->keys[0].key_id; if (crypt_data == NULL) { //TODO: Is this really needed ? @@ -674,8 +676,8 @@ fil_space_encrypt( } int rc = encryption_encrypt(src, srclen, dst, &dstlen, - key, key_length, - iv, sizeof(iv), 1, key_version); + key, key_length, iv, sizeof(iv), 1, + crypt_data->key_id, key_version); if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -775,7 +777,7 @@ fil_space_decrypt( uint key_version = mach_read_from_4(src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); bool page_compressed = (page_type == FIL_PAGE_PAGE_COMPRESSED); - if (key_version == ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED) { + if (key_version == ENCRYPTION_KEY_NOT_ENCRYPTED) { //TODO: is this really needed ? memcpy(dst_frame, src_frame, page_size); return false; /* page not decrypted */ @@ -820,7 +822,8 @@ fil_space_decrypt( } int rc = encryption_decrypt(src, srclen, dst, &dstlen, key, key_length, - iv, sizeof(iv), 1, key_version); + iv, sizeof(iv), 1, + crypt_data->key_id, key_version); if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { ib_logf(IB_LOG_LEVEL_FATAL, @@ -968,10 +971,11 @@ fil_crypt_get_key_state( key_state_t *new_state) /*!< out: key state */ { if (srv_encrypt_tables == TRUE) { - new_state->key_version = encryption_key_get_latest_version(); + new_state->key_version = + encryption_key_get_latest_version(FIL_DEFAULT_ENCRYPTION_KEY); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; ut_a(new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID); - ut_a(new_state->key_version != ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED); + ut_a(new_state->key_version != ENCRYPTION_KEY_NOT_ENCRYPTED); } else { new_state->key_version = 0; new_state->rotate_key_age = 0; @@ -2422,15 +2426,17 @@ fil_space_crypt_get_status( status->rotating = false; } mutex_exit(&crypt_data->mutex); + + if (srv_encrypt_tables == TRUE) { + status->current_key_version = + encryption_key_get_latest_version(crypt_data->key_id); + } else { + status->current_key_version = 0; + } } else { memset(status, 0, sizeof(*status)); } - if (srv_encrypt_tables == TRUE) { - status->current_key_version = encryption_key_get_latest_version(); - } else { - status->current_key_version = 0; - } return crypt_data == NULL ? 1 : 0; } diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 716366e4923..2df63ee675b 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -2032,7 +2032,7 @@ fil_read_first_page( if ((cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_ON) || ( srv_encrypt_tables && cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { - uint rc = encryption_key_get_latest_version(); + uint rc = encryption_key_get_latest_version(cdata->key_id); if (rc == ENCRYPTION_KEY_VERSION_INVALID) { ib_logf(IB_LOG_LEVEL_FATAL, diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 98635aa2b1c..5aa36e2cfda 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -11887,7 +11887,7 @@ ha_innobase::check_table_options( /* ignore this to allow alter table without changing page_encryption_key ...*/ } - if (!encryption_key_exists(options->encryption_key_id)) { + if (!encryption_key_id_exists(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, HA_WRONG_CREATE_OPTION, @@ -12229,7 +12229,7 @@ ha_innobase::create( crypt_data = fil_space_create_crypt_data(); crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); - crypt_data->keys[0].key_id = key_id; + crypt_data->key_id = key_id; crypt_data->encryption = encrypt; /* If there is old crypt data, copy IV */ diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h index 83607ee7629..da7e53361ac 100644 --- a/storage/xtradb/include/fil0crypt.h +++ b/storage/xtradb/include/fil0crypt.h @@ -58,10 +58,7 @@ typedef enum { /* Cached L or key for given key_version */ struct key_struct { - uint key_version; /*!< Key version used as - identifier */ - uint key_id; /*1< Key id used as - identifier */ + uint key_version; /*!< Version of the key */ uint key_length; /*!< Key length */ unsigned char key[MY_AES_MAX_KEY_LENGTH]; /*!< Cached key (that is L in CRYPT_SCHEME_1) */ @@ -88,6 +85,7 @@ struct fil_space_crypt_struct ulint type; // CRYPT_SCHEME uint keyserver_requests; // no of key requests to key server uint key_count; // No of initalized key-structs + uint key_id; // Key id for this space key_struct keys[3]; // cached L = AES_ECB(KEY, IV) uint min_key_version; // min key version for this space ulint page0_offset; // byte offset on page 0 for crypt data diff --git a/storage/xtradb/include/fil0crypt.ic b/storage/xtradb/include/fil0crypt.ic index fea7105c999..0a1a60dfab8 100644 --- a/storage/xtradb/include/fil0crypt.ic +++ b/storage/xtradb/include/fil0crypt.ic @@ -48,20 +48,19 @@ fil_page_encryption_status( const byte *buf, /*!< in: page */ ulint space_id) /*!< in: space_id */ { + fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space_id); ulint page_type = mach_read_from_2(buf+FIL_PAGE_TYPE); if (page_type == FIL_PAGE_TYPE_FSP_HDR) { - fil_space_crypt_t *crypt_data = fil_space_get_crypt_data(space_id); - if (crypt_data != NULL) { - if (!encryption_key_exists(crypt_data->keys[0].key_version)) { + if (!encryption_key_id_exists(crypt_data->key_id)) { /* accessing table would surely fail, because no key or no key provider available */ return 1; } } } else { ulint key = mach_read_from_4(buf + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); - if (!encryption_key_exists(key)) { + if (!encryption_key_version_exists(crypt_data->key_id, key)) { return 1; } } diff --git a/storage/xtradb/include/log0crypt.h b/storage/xtradb/include/log0crypt.h index 433b0b50395..c3cfd973e8d 100644 --- a/storage/xtradb/include/log0crypt.h +++ b/storage/xtradb/include/log0crypt.h @@ -15,7 +15,7 @@ Created 11/25/2013 Minli Zhu #define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1 #define PURPOSE_BYTE_OFFSET 0 -#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_VERSION_NOT_ENCRYPTED +#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_NOT_ENCRYPTED typedef int Crypt_result; diff --git a/storage/xtradb/log/log0crypt.cc b/storage/xtradb/log/log0crypt.cc index 8e3adc26769..c3c943a808f 100644 --- a/storage/xtradb/log/log0crypt.cc +++ b/storage/xtradb/log/log0crypt.cc @@ -47,6 +47,8 @@ byte redo_log_crypt_msg[MY_AES_BLOCK_SIZE] = {0}; * encryption/decryption. */ byte aes_ctr_nonce[MY_AES_BLOCK_SIZE] = {0}; +#define LOG_DEFAULT_ENCRYPTION_KEY 1 + /*********************************************************************//** Generate a 128-bit value used to generate crypt key for redo log. It is generated via the concatenation of 1 purpose byte (0x02) and 15-byte @@ -117,7 +119,7 @@ log_init_crypt_key( byte mysqld_key[MY_AES_BLOCK_SIZE] = {0}; uint keylen= sizeof(mysqld_key); - if (encryption_key_get(crypt_ver, mysqld_key, &keylen)) + if (encryption_key_get(LOG_DEFAULT_ENCRYPTION_KEY, crypt_ver, mysqld_key, &keylen)) { ib_logf(IB_LOG_LEVEL_ERROR, "Redo log crypto: getting mysqld crypto key " @@ -201,6 +203,7 @@ log_blocks_crypt( dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, (unsigned char*)(log_sys->redo_log_crypt_key), 16, aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + LOG_DEFAULT_ENCRYPTION_KEY, log_sys->redo_log_crypt_ver); } else { ut_a(recv_sys); @@ -209,6 +212,7 @@ log_blocks_crypt( dst_block + LOG_BLOCK_HDR_SIZE, &dst_len, (unsigned char*)(recv_sys->recv_log_crypt_key), 16, aes_ctr_counter, MY_AES_BLOCK_SIZE, 1, + LOG_DEFAULT_ENCRYPTION_KEY, recv_sys->recv_log_crypt_ver); } @@ -261,7 +265,7 @@ log_crypt_set_ver_and_key( if (srv_encrypt_log) { unsigned int vkey; - vkey = encryption_key_get_latest_version(); + vkey = encryption_key_get_latest_version(LOG_DEFAULT_ENCRYPTION_KEY); encrypted = true; if (vkey == UNENCRYPTED_KEY_VER || From 0a9052f591a04e617ad58ee1b19dfc3ed7084147 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 00:37:54 +0200 Subject: [PATCH 48/65] Store the key id in the tablespace and read it back --- storage/innobase/fil/fil0crypt.cc | 33 ++++++++++++++++++--------- storage/innobase/fil/fil0fil.cc | 2 +- storage/innobase/handler/ha_innodb.cc | 3 +-- storage/innobase/include/fil0crypt.h | 2 +- storage/innobase/srv/srv0start.cc | 2 +- storage/xtradb/fil/fil0crypt.cc | 33 ++++++++++++++++++--------- storage/xtradb/fil/fil0fil.cc | 2 +- storage/xtradb/handler/ha_innodb.cc | 3 +-- storage/xtradb/include/fil0crypt.h | 2 +- storage/xtradb/srv/srv0start.cc | 2 +- 10 files changed, 52 insertions(+), 32 deletions(-) diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 488d3c3fdcc..68c5017c3b0 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -247,7 +247,7 @@ Create a fil_space_crypt_t object @return crypt object */ UNIV_INTERN fil_space_crypt_t* -fil_space_create_crypt_data() +fil_space_create_crypt_data(uint key_id) /*=========================*/ { const uint iv_length = CRYPT_SCHEME_1_IV_LEN; @@ -262,7 +262,8 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = encryption_key_get_latest_version(crypt_data->key_id); + crypt_data->key_id = key_id; + crypt_data->min_key_version = encryption_key_get_latest_version(key_id); } mutex_create(fil_crypt_data_mutex_key, @@ -369,8 +370,11 @@ fil_space_read_crypt_data( uint min_key_version = mach_read_from_4 (page + offset + MAGIC_SZ + 2 + iv_length); + uint key_id = mach_read_from_4 + (page + offset + MAGIC_SZ + 2 + iv_length + 4); + fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1( - page + offset + MAGIC_SZ + 2 + iv_length + 4); + page + offset + MAGIC_SZ + 2 + iv_length + 8); const uint sz = sizeof(fil_space_crypt_t) + iv_length; fil_space_crypt_t* crypt_data = static_cast( @@ -379,6 +383,7 @@ fil_space_read_crypt_data( crypt_data->type = type; crypt_data->min_key_version = min_key_version; + crypt_data->key_id = key_id; crypt_data->page0_offset = offset; crypt_data->encryption = encryption; mutex_create(fil_crypt_data_mutex_key, @@ -422,9 +427,10 @@ fil_space_write_crypt_data_low( page + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); const uint len = crypt_data->iv_length; const uint min_key_version = crypt_data->min_key_version; + const uint key_id = crypt_data->key_id; const fil_encryption_t encryption = crypt_data->encryption; crypt_data->page0_offset = offset; - ut_a(2 + len + 4 + 1 + MAGIC_SZ < maxsize); + ut_a(2 + len + 4 + 1 + 4 + MAGIC_SZ < maxsize); /* redo log this as bytewise updates to page 0 @@ -438,10 +444,12 @@ fil_space_write_crypt_data_low( mtr); mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, min_key_version, MLOG_4BYTES, mtr); - mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len + 4, encryption, + mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, key_id, + MLOG_4BYTES, mtr); + mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len + 8, encryption, MLOG_1BYTE, mtr); - byte* log_ptr = mlog_open(mtr, 11 + 12 + len); + byte* log_ptr = mlog_open(mtr, 11 + 17 + len); if (log_ptr != NULL) { log_ptr = mlog_write_initial_log_record_fast( @@ -458,6 +466,8 @@ fil_space_write_crypt_data_low( log_ptr += 1; mach_write_to_4(log_ptr, min_key_version); log_ptr += 4; + mach_write_to_4(log_ptr, key_id); + log_ptr += 4; mach_write_to_1(log_ptr, encryption); log_ptr += 1; mlog_close(mtr, log_ptr); @@ -509,6 +519,7 @@ fil_parse_write_crypt_data( 1 + // size of type 1 + // size of iv-len 4 + // size of min_key_version + 4 + // size of key_id 1; // fil_encryption_t if (end_ptr - ptr < entry_size){ @@ -531,9 +542,8 @@ fil_parse_write_crypt_data( uint min_key_version = mach_read_from_4(ptr); ptr += 4; - if (end_ptr - ptr < len) { - return NULL; - } + uint key_id = mach_read_from_4(ptr); + ptr += 4; fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1(ptr); ptr +=1; @@ -542,7 +552,7 @@ fil_parse_write_crypt_data( return NULL; } - fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); + fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(key_id); crypt_data->page0_offset = offset; crypt_data->min_key_version = min_key_version; crypt_data->encryption = encryption; @@ -572,6 +582,7 @@ fil_space_clear_crypt_data( 1 + // len len + // iv 4 + // min key version + 4 + // key id 1; // fil_encryption_t memset(page + offset, 0, size); } @@ -1073,7 +1084,7 @@ fil_crypt_start_encrypting_space( * crypt data in page 0 */ /* 1 - create crypt data */ - crypt_data = fil_space_create_crypt_data(); + crypt_data = fil_space_create_crypt_data(FIL_DEFAULT_ENCRYPTION_KEY); if (crypt_data == NULL) { mutex_exit(&fil_crypt_threads_mutex); return pending_op; diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 7e13ddfbaaf..36d5a2946dd 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -3475,7 +3475,7 @@ fil_create_new_single_table_tablespace( } success = fil_space_create(tablename, space_id, flags, FIL_TABLESPACE, - fil_space_create_crypt_data()); + fil_space_create_crypt_data(FIL_DEFAULT_ENCRYPTION_KEY)); if (!success || !fil_node_create(path, size, space_id, FALSE)) { err = DB_ERROR; diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 0579b889b11..8974bd52748 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -11713,9 +11713,8 @@ ha_innobase::create( fil_space_crypt_t* old_crypt_data = fil_space_get_crypt_data(innobase_table->space); fil_space_crypt_t* crypt_data; - crypt_data = fil_space_create_crypt_data(); + crypt_data = fil_space_create_crypt_data(key_id); crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); - crypt_data->key_id = key_id; crypt_data->encryption = encrypt; /* If there is old crypt data, copy IV */ diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h index da7e53361ac..65c51c75d41 100644 --- a/storage/innobase/include/fil0crypt.h +++ b/storage/innobase/include/fil0crypt.h @@ -118,7 +118,7 @@ fil_space_crypt_cleanup(); Create crypt data, i.e data that is used for a single tablespace */ UNIV_INTERN fil_space_crypt_t * -fil_space_create_crypt_data(); +fil_space_create_crypt_data(uint key_id); /********************************************************************* Destroy crypt data */ diff --git a/storage/innobase/srv/srv0start.cc b/storage/innobase/srv/srv0start.cc index 3cc66778de9..c349dd7402b 100644 --- a/storage/innobase/srv/srv0start.cc +++ b/storage/innobase/srv/srv0start.cc @@ -1120,7 +1120,7 @@ check_first_page: *sum_of_new_sizes += srv_data_file_sizes[i]; - crypt_data = fil_space_create_crypt_data(); + crypt_data = fil_space_create_crypt_data(FIL_DEFAULT_ENCRYPTION_KEY); } ret = os_file_close(files[i]); diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 4a4cc6c7502..aec9ceb4712 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -247,7 +247,7 @@ Create a fil_space_crypt_t object @return crypt object */ UNIV_INTERN fil_space_crypt_t* -fil_space_create_crypt_data() +fil_space_create_crypt_data(uint key_id) /*=========================*/ { const uint iv_length = CRYPT_SCHEME_1_IV_LEN; @@ -262,7 +262,8 @@ fil_space_create_crypt_data() crypt_data->min_key_version = 0; } else { crypt_data->type = CRYPT_SCHEME_1; - crypt_data->min_key_version = encryption_key_get_latest_version(crypt_data->key_id); + crypt_data->key_id = key_id; + crypt_data->min_key_version = encryption_key_get_latest_version(key_id); } mutex_create(fil_crypt_data_mutex_key, @@ -369,8 +370,11 @@ fil_space_read_crypt_data( uint min_key_version = mach_read_from_4 (page + offset + MAGIC_SZ + 2 + iv_length); + uint key_id = mach_read_from_4 + (page + offset + MAGIC_SZ + 2 + iv_length + 4); + fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1( - page + offset + MAGIC_SZ + 2 + iv_length + 4); + page + offset + MAGIC_SZ + 2 + iv_length + 8); const uint sz = sizeof(fil_space_crypt_t) + iv_length; fil_space_crypt_t* crypt_data = static_cast( @@ -379,6 +383,7 @@ fil_space_read_crypt_data( crypt_data->type = type; crypt_data->min_key_version = min_key_version; + crypt_data->key_id = key_id; crypt_data->page0_offset = offset; crypt_data->encryption = encryption; mutex_create(fil_crypt_data_mutex_key, @@ -422,9 +427,10 @@ fil_space_write_crypt_data_low( page + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); const uint len = crypt_data->iv_length; const uint min_key_version = crypt_data->min_key_version; + const uint key_id = crypt_data->key_id; const fil_encryption_t encryption = crypt_data->encryption; crypt_data->page0_offset = offset; - ut_a(2 + len + 4 + 1 + MAGIC_SZ < maxsize); + ut_a(2 + len + 4 + 1 + 4 + MAGIC_SZ < maxsize); /* redo log this as bytewise updates to page 0 @@ -438,10 +444,12 @@ fil_space_write_crypt_data_low( mtr); mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, min_key_version, MLOG_4BYTES, mtr); - mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len + 4, encryption, + mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len, key_id, + MLOG_4BYTES, mtr); + mlog_write_ulint(page + offset + MAGIC_SZ + 2 + len + 8, encryption, MLOG_1BYTE, mtr); - byte* log_ptr = mlog_open(mtr, 11 + 12 + len); + byte* log_ptr = mlog_open(mtr, 11 + 17 + len); if (log_ptr != NULL) { log_ptr = mlog_write_initial_log_record_fast( @@ -458,6 +466,8 @@ fil_space_write_crypt_data_low( log_ptr += 1; mach_write_to_4(log_ptr, min_key_version); log_ptr += 4; + mach_write_to_4(log_ptr, key_id); + log_ptr += 4; mach_write_to_1(log_ptr, encryption); log_ptr += 1; mlog_close(mtr, log_ptr); @@ -509,6 +519,7 @@ fil_parse_write_crypt_data( 1 + // size of type 1 + // size of iv-len 4 + // size of min_key_version + 4 + // size of key_id 1; // fil_encryption_t if (end_ptr - ptr < entry_size){ @@ -531,9 +542,8 @@ fil_parse_write_crypt_data( uint min_key_version = mach_read_from_4(ptr); ptr += 4; - if (end_ptr - ptr < len) { - return NULL; - } + uint key_id = mach_read_from_4(ptr); + ptr += 4; fil_encryption_t encryption = (fil_encryption_t)mach_read_from_1(ptr); ptr +=1; @@ -542,7 +552,7 @@ fil_parse_write_crypt_data( return NULL; } - fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(); + fil_space_crypt_t* crypt_data = fil_space_create_crypt_data(key_id); crypt_data->page0_offset = offset; crypt_data->min_key_version = min_key_version; crypt_data->encryption = encryption; @@ -572,6 +582,7 @@ fil_space_clear_crypt_data( 1 + // len len + // iv 4 + // min key version + 4 + // key id 1; // fil_encryption_t memset(page + offset, 0, size); } @@ -1073,7 +1084,7 @@ fil_crypt_start_encrypting_space( * crypt data in page 0 */ /* 1 - create crypt data */ - crypt_data = fil_space_create_crypt_data(); + crypt_data = fil_space_create_crypt_data(FIL_DEFAULT_ENCRYPTION_KEY); if (crypt_data == NULL) { mutex_exit(&fil_crypt_threads_mutex); return pending_op; diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index 2df63ee675b..bc0c92beaa0 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -3509,7 +3509,7 @@ fil_create_new_single_table_tablespace( } success = fil_space_create(tablename, space_id, flags, FIL_TABLESPACE, - fil_space_create_crypt_data()); + fil_space_create_crypt_data(FIL_DEFAULT_ENCRYPTION_KEY)); if (!success || !fil_node_create(path, size, space_id, FALSE)) { err = DB_ERROR; diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 5aa36e2cfda..7ec1ed787a9 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -12227,9 +12227,8 @@ ha_innobase::create( fil_space_crypt_t* old_crypt_data = fil_space_get_crypt_data(innobase_table->space); fil_space_crypt_t* crypt_data; - crypt_data = fil_space_create_crypt_data(); + crypt_data = fil_space_create_crypt_data(key_id); crypt_data->page0_offset = fsp_header_get_crypt_offset(zip_size, &maxsize); - crypt_data->key_id = key_id; crypt_data->encryption = encrypt; /* If there is old crypt data, copy IV */ diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h index da7e53361ac..65c51c75d41 100644 --- a/storage/xtradb/include/fil0crypt.h +++ b/storage/xtradb/include/fil0crypt.h @@ -118,7 +118,7 @@ fil_space_crypt_cleanup(); Create crypt data, i.e data that is used for a single tablespace */ UNIV_INTERN fil_space_crypt_t * -fil_space_create_crypt_data(); +fil_space_create_crypt_data(uint key_id); /********************************************************************* Destroy crypt data */ diff --git a/storage/xtradb/srv/srv0start.cc b/storage/xtradb/srv/srv0start.cc index 4d2aee6f08c..e775646cb38 100644 --- a/storage/xtradb/srv/srv0start.cc +++ b/storage/xtradb/srv/srv0start.cc @@ -1154,7 +1154,7 @@ check_first_page: *sum_of_new_sizes += srv_data_file_sizes[i]; - crypt_data = fil_space_create_crypt_data(); + crypt_data = fil_space_create_crypt_data(FIL_DEFAULT_ENCRYPTION_KEY); } ret = os_file_close(files[i]); From eb29a63e4508359a44a29c192fae347196d5a6d3 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 11:14:57 +0200 Subject: [PATCH 49/65] SET STATEMENT timestamp=xxx .... fix sys_var->is_default() method (that was using default_val property in a global sys_var object to track per-session state): * move timestamp to a dedicated Sys_var_timestamp class (in fact, rename Sys_var_session_special_double to Sys_var_timestamp) * make session_is_default a virtual method with a special implementation for timestamps * other variables don't have a special behavior for default values and can have session_is_default() to be always false. --- sql/set_var.cc | 3 +-- sql/set_var.h | 12 +++++++++--- sql/sql_parse.cc | 2 +- sql/sys_vars.cc | 21 ++------------------- sql/sys_vars.h | 45 ++++++++++++++++++++++++++++----------------- 5 files changed, 41 insertions(+), 42 deletions(-) diff --git a/sql/set_var.cc b/sql/set_var.cc index 278a05213a6..c65ca3d59b7 100644 --- a/sql/set_var.cc +++ b/sql/set_var.cc @@ -147,7 +147,7 @@ sys_var::sys_var(sys_var_chain *chain, const char *name_arg, flags(flags_arg), show_val_type(show_val_type_arg), guard(lock), offset(off), on_check(on_check_func), on_update(on_update_func), deprecation_substitute(substitute), - is_os_charset(FALSE), default_val(FALSE) + is_os_charset(FALSE) { /* There is a limitation in handle_options() related to short options: @@ -790,7 +790,6 @@ int set_var::light_check(THD *thd) */ int set_var::update(THD *thd) { - var->set_is_default(value == 0); return value ? var->update(thd, this) : var->set_default(thd, this); } diff --git a/sql/set_var.h b/sql/set_var.h index 15c89f1e2b4..0215a452c07 100644 --- a/sql/set_var.h +++ b/sql/set_var.h @@ -88,7 +88,6 @@ protected: on_update_function on_update; const char *const deprecation_substitute; bool is_os_charset; ///< true if the value is in character_set_filesystem - bool default_val; public: sys_var(sys_var_chain *chain, const char *name_arg, const char *comment, @@ -194,8 +193,15 @@ public: return insert_dynamic(array, (uchar*)&option); } void do_deprecated_warning(THD *thd); - bool is_default() { return default_val; } - void set_is_default(bool def) { default_val= def; } + /** + whether session value of a sysvar is a default one. + + in this simple implementation we don't distinguish between default + and non-default values. for most variables it's ok, they don't treat + default values specially. this method is overwritten in descendant + classes as necessary. + */ + virtual bool session_is_default(THD *thd) { return false; } virtual uchar *default_value_ptr(THD *thd) { return (uchar*)&option.def_value; } diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 3109b2ffe86..5eca972def3 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -2663,7 +2663,7 @@ mysql_execute_command(THD *thd) lex->free_arena_for_set_stmt(); goto error; } - if (v->var->is_default()) + if (v->var->session_is_default(thd)) o= new set_var(v->type, v->var, &v->base, NULL); else { diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 32935f3404e..cc29762c144 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -3708,28 +3708,11 @@ static Sys_var_harows Sys_select_limit( SESSION_VAR(select_limit), NO_CMD_LINE, VALID_RANGE(0, HA_POS_ERROR), DEFAULT(HA_POS_ERROR), BLOCK_SIZE(1)); -static bool update_timestamp(THD *thd, set_var *var) -{ - if (var->value) - { - my_hrtime_t hrtime = { hrtime_from_time(var->save_result.double_value) }; - thd->set_time(hrtime); - } - else // SET timestamp=DEFAULT - thd->user_time.val= 0; - return false; -} -static double read_timestamp(THD *thd) -{ - return thd->start_time + - thd->start_time_sec_part/(double)TIME_SECOND_PART_FACTOR; -} -static Sys_var_session_special_double Sys_timestamp( +static Sys_var_timestamp Sys_timestamp( "timestamp", "Set the time for this client", sys_var::ONLY_SESSION, NO_CMD_LINE, VALID_RANGE(0, TIMESTAMP_MAX_VALUE), - NO_MUTEX_GUARD, IN_BINLOG, ON_CHECK(0), - ON_UPDATE(update_timestamp), ON_READ(read_timestamp)); + NO_MUTEX_GUARD, IN_BINLOG); static bool update_last_insert_id(THD *thd, set_var *var) { diff --git a/sql/sys_vars.h b/sql/sys_vars.h index 2b83e9747b7..7c0359a7427 100644 --- a/sql/sys_vars.h +++ b/sql/sys_vars.h @@ -1657,46 +1657,57 @@ public: }; -class Sys_var_session_special_double: public Sys_var_double -{ - typedef bool (*session_special_update_function)(THD *thd, set_var *var); - typedef double (*session_special_read_function)(THD *thd); +/* + Dedicated class because of a weird behavior of a default value. + Assigning timestamp to itself - session_special_read_function read_func; - session_special_update_function update_func; + SET @@timestamp = @@timestamp + + make it non-default and stops the time flow. +*/ +class Sys_var_timestamp: public Sys_var_double +{ public: - Sys_var_session_special_double(const char *name_arg, + Sys_var_timestamp(const char *name_arg, const char *comment, int flag_args, CMD_LINE getopt, double min_val, double max_val, - PolyLock *lock, enum binlog_status_enum binlog_status_arg, - on_check_function on_check_func, - session_special_update_function update_func_arg, - session_special_read_function read_func_arg, - const char *substitute=0) + PolyLock *lock, enum binlog_status_enum binlog_status_arg) : Sys_var_double(name_arg, comment, flag_args, 0, sizeof(double), getopt, min_val, - max_val, 0, lock, binlog_status_arg, on_check_func, 0, - substitute), - read_func(read_func_arg), update_func(update_func_arg) + max_val, 0, lock, binlog_status_arg) { SYSVAR_ASSERT(scope() == ONLY_SESSION); SYSVAR_ASSERT(getopt.id < 0); // NO_CMD_LINE, because the offset is fake } bool session_update(THD *thd, set_var *var) - { return update_func(thd, var); } + { + if (var->value) + { + my_hrtime_t hrtime = { hrtime_from_time(var->save_result.double_value) }; + thd->set_time(hrtime); + } + else // SET timestamp=DEFAULT + thd->user_time.val= 0; + return false; + } bool global_update(THD *thd, set_var *var) { DBUG_ASSERT(FALSE); return true; } + bool session_is_default(THD *thd) + { + return thd->user_time.val == 0; + } void session_save_default(THD *thd, set_var *var) { var->value= 0; } void global_save_default(THD *thd, set_var *var) { DBUG_ASSERT(FALSE); } uchar *session_value_ptr(THD *thd, const LEX_STRING *base) { - thd->sys_var_tmp.double_value= read_func(thd); + thd->sys_var_tmp.double_value= thd->start_time + + thd->start_time_sec_part/(double)TIME_SECOND_PART_FACTOR; return (uchar*) &thd->sys_var_tmp.double_value; } uchar *global_value_ptr(THD *thd, const LEX_STRING *base) From dd8f931957e0c6fb538fffff76f40239e624096c Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Apr 2015 02:36:54 +0200 Subject: [PATCH 50/65] be less annoying about sysvar-based table attributes do not *always* add them to the create table definition, but only when a sysvar value is different from a default. also, when adding them - don't quote numbers --- mysql-test/r/partition_example.result | 4 +- mysql-test/r/plugin.result | 20 +++---- mysql-test/r/table_options-5867.result | 4 +- .../suite/rpl/r/rpl_table_options.result | 2 +- sql/create_options.cc | 60 ++++++++++++------- sql/sql_plugin.cc | 34 +++++++++++ 6 files changed, 88 insertions(+), 36 deletions(-) diff --git a/mysql-test/r/partition_example.result b/mysql-test/r/partition_example.result index 7b6e9aa5213..2129eea0818 100644 --- a/mysql-test/r/partition_example.result +++ b/mysql-test/r/partition_example.result @@ -7,7 +7,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) NOT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 /*!50100 PARTITION BY LIST (a) (PARTITION p0 VALUES IN (1) ENGINE = EXAMPLE, PARTITION p1 VALUES IN (2) ENGINE = EXAMPLE) */ @@ -20,7 +20,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) NOT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=12340 `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=12340 /*!50100 PARTITION BY LIST (a) (PARTITION p0 VALUES IN (1) ENGINE = EXAMPLE, PARTITION p1 VALUES IN (2) ENGINE = EXAMPLE) */ diff --git a/mysql-test/r/plugin.result b/mysql-test/r/plugin.result index d9838175349..9f4aff6bae9 100644 --- a/mysql-test/r/plugin.result +++ b/mysql-test/r/plugin.result @@ -127,7 +127,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL `complex`='c,f,f,f' -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ULL`=10000 `STR`='dskj' `one_or_two`='one' `YESNO`=0 `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ULL`=10000 `STR`='dskj' `one_or_two`='one' `YESNO`=0 drop table t1; SET @OLD_SQL_MODE=@@SQL_MODE; SET SQL_MODE='IGNORE_BAD_TABLE_OPTIONS'; @@ -142,7 +142,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ULL`=10000000000000000000 `one_or_two`='ttt' `YESNO`=SSS `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ULL`=10000000000000000000 `one_or_two`='ttt' `YESNO`=SSS #alter table alter table t1 ULL=10000000; Warnings: @@ -152,7 +152,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `one_or_two`='ttt' `YESNO`=SSS `VAROPT`='5' `ULL`=10000000 +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `one_or_two`='ttt' `YESNO`=SSS `ULL`=10000000 alter table t1 change a a int complex='c,c,c'; Warnings: Note 1105 EXAMPLE DEBUG: Field `a` COMPLEX '(null)' -> 'c,c,c' @@ -161,14 +161,14 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL `complex`='c,c,c', `b` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `one_or_two`='ttt' `YESNO`=SSS `VAROPT`='5' `ULL`=10000000 +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `one_or_two`='ttt' `YESNO`=SSS `ULL`=10000000 alter table t1 one_or_two=two; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL `complex`='c,c,c', `b` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `YESNO`=SSS `VAROPT`='5' `ULL`=10000000 `one_or_two`=two +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `YESNO`=SSS `ULL`=10000000 `one_or_two`=two drop table t1; #illegal value error SET SQL_MODE=''; @@ -183,11 +183,11 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ULL`=4660 `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ULL`=4660 SET example_varopt_default=33; select create_options from information_schema.tables where table_schema='test' and table_name='t1'; create_options -`ULL`=4660 `VAROPT`='5' +`ULL`=4660 ALTER TABLE t1 ULL=DEFAULT; Warnings: Note 1105 EXAMPLE DEBUG: ULL 4660 -> 4294967295 @@ -195,14 +195,14 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 DROP TABLE t1; create table t1 (a int) engine=example; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `VAROPT`='33' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `VAROPT`=33 drop table t1; create table t1 (a int) engine=example varopt=15; show create table t1; @@ -215,7 +215,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `VAROPT`='33' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `VAROPT`=33 drop table t1; SET @@SQL_MODE=@OLD_SQL_MODE; select 1; diff --git a/mysql-test/r/table_options-5867.result b/mysql-test/r/table_options-5867.result index 21041c7c5c3..f915c2740ae 100644 --- a/mysql-test/r/table_options-5867.result +++ b/mysql-test/r/table_options-5867.result @@ -14,7 +14,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL `complex`='c,f,f,f' `invalid`=3 -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=10000 `str`='dskj' `one_or_two`='one' `yesno`=0 `foobar`=barfoo `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=10000 `str`='dskj' `one_or_two`='one' `yesno`=0 `foobar`=barfoo show create table t2; Table Create Table t2 CREATE TABLE `t2` ( @@ -26,7 +26,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT NULL `complex`='c,f,f,f' /* `invalid`=3 */ -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=10000 `str`='dskj' `one_or_two`='one' `yesno`=0 /* `foobar`=barfoo */ `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=10000 `str`='dskj' `one_or_two`='one' `yesno`=0 /* `foobar`=barfoo */ show create table t2; Table Create Table t2 CREATE TABLE `t2` ( diff --git a/mysql-test/suite/rpl/r/rpl_table_options.result b/mysql-test/suite/rpl/r/rpl_table_options.result index a94d6e9bc2f..a417aaf720d 100644 --- a/mysql-test/suite/rpl/r/rpl_table_options.result +++ b/mysql-test/suite/rpl/r/rpl_table_options.result @@ -7,7 +7,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) NOT NULL -) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=12340 `VAROPT`='5' +) ENGINE=EXAMPLE DEFAULT CHARSET=latin1 `ull`=12340 show create table t1; Table Create Table t1 CREATE TABLE `t1` ( diff --git a/sql/create_options.cc b/sql/create_options.cc index 86fb805315a..c3796710f78 100644 --- a/sql/create_options.cc +++ b/sql/create_options.cc @@ -297,8 +297,7 @@ bool parse_option_list(THD* thd, handlerton *hton, void *option_struct_arg, (uchar*)val->name.str, val->name.length)) continue; - seen=true; - + /* skip duplicates (see engine_option_value constructor above) */ if (val->parsed && !val->value.str) continue; @@ -306,39 +305,58 @@ bool parse_option_list(THD* thd, handlerton *hton, void *option_struct_arg, *option_struct, suppress_warning || val->parsed, root)) DBUG_RETURN(TRUE); val->parsed= true; + seen=true; break; } - if (!seen) + if (!seen || (opt->var && !last->value.str)) { LEX_STRING default_val= null_lex_str; /* - If it's CREATE/ALTER TABLE parsing mode (options are created in the - transient thd->mem_root, not in the long living TABLE_SHARE::mem_root), - and variable-backed option was not explicitly set. + Okay, here's the logic for sysvar options: + 1. When we parse CREATE TABLE and sysvar option was not explicitly + mentioned we add it to the list as if it was specified with the + *current* value of the underlying sysvar. + 2. But only if the underlying sysvar value is different from the + sysvar's default. + 3. If it's ALTER TABLE and the sysvar option was not explicitly + mentioned - do nothing, do not add it to the list. + 4. But if it was ALTER TABLE with sysvar option = DEFAULT, we + add it to the list (under the same condition #2). + 5. If we're here parsing the option list from the .frm file + for a normal open_table() and the sysvar option was not there - + do not add it to the list (makes no sense anyway) and + use the *default* value of the underlying sysvar. Because + sysvar value can change, but it should not affect existing tables. - If it's not create, but opening of the existing frm (that was, - probably, created with the older version of the storage engine and - does not have this option stored), we take the *default* value of the - sysvar, not the *current* value. Because we don't want to have - different option values for the same table if it's opened many times. + This is how it's implemented: the current sysvar value is added + to the list if suppress_warning is FALSE (meaning a table is created, + that is CREATE TABLE or ALTER TABLE) and it's actually a CREATE TABLE + command or it's an ALTER TABLE and the option was seen (=DEFAULT). + + Note that if the option was set explicitly (not =DEFAULT) it wouldn't + have passes the if() condition above. */ - if (root == thd->mem_root && opt->var) + if (!suppress_warning && opt->var && + (thd->lex->sql_command == SQLCOM_CREATE_TABLE || seen)) { // take a value from the variable and add it to the list sys_var *sysvar= find_hton_sysvar(hton, opt->var); DBUG_ASSERT(sysvar); - char buf[256]; - String sbuf(buf, sizeof(buf), system_charset_info), *str; - if ((str= sysvar->val_str(&sbuf, thd, OPT_SESSION, &null_lex_str))) + if (!sysvar->session_is_default(thd)) { - LEX_STRING name= { const_cast(opt->name), opt->name_length }; - default_val.str= strmake_root(root, str->ptr(), str->length()); - default_val.length= str->length(); - val= new (root) engine_option_value(name, default_val, true, - option_list, &last); - val->parsed= true; + char buf[256]; + String sbuf(buf, sizeof(buf), system_charset_info), *str; + if ((str= sysvar->val_str(&sbuf, thd, OPT_SESSION, &null_lex_str))) + { + LEX_STRING name= { const_cast(opt->name), opt->name_length }; + default_val.str= strmake_root(root, str->ptr(), str->length()); + default_val.length= str->length(); + val= new (root) engine_option_value(name, default_val, + opt->type != HA_OPTION_TYPE_ULL, option_list, &last); + val->parsed= true; + } } } set_one_value(opt, thd, &default_val, *option_struct, diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index ee6650e14e2..91b25ed417d 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -307,6 +307,7 @@ public: virtual void global_save_default(THD *thd, set_var *var) {} bool session_update(THD *thd, set_var *var); bool global_update(THD *thd, set_var *var); + bool session_is_default(THD *thd); }; @@ -3340,6 +3341,39 @@ uchar* sys_var_pluginvar::real_value_ptr(THD *thd, enum_var_type type) } +bool sys_var_pluginvar::session_is_default(THD *thd) +{ + uchar *value= plugin_var->flags & PLUGIN_VAR_THDLOCAL + ? intern_sys_var_ptr(thd, *(int*) (plugin_var+1), true) + : *(uchar**) (plugin_var+1); + + real_value_ptr(thd, OPT_SESSION); + + switch (plugin_var->flags & PLUGIN_VAR_TYPEMASK) { + case PLUGIN_VAR_BOOL: + return option.def_value == *(my_bool*)value; + case PLUGIN_VAR_INT: + return option.def_value == *(int*)value; + case PLUGIN_VAR_LONG: + case PLUGIN_VAR_ENUM: + return option.def_value == *(long*)value; + case PLUGIN_VAR_LONGLONG: + case PLUGIN_VAR_SET: + return option.def_value == *(longlong*)value; + case PLUGIN_VAR_STR: + { + const char *a=(char*)option.def_value; + const char *b=(char*)value; + return (!a && !b) || (a && b && strcmp(a,b)); + } + case PLUGIN_VAR_DOUBLE: + return getopt_ulonglong2double(option.def_value) == *(double*)value; + default: + DBUG_ASSERT(0); + } +} + + TYPELIB* sys_var_pluginvar::plugin_var_typelib(void) { switch (plugin_var->flags & (PLUGIN_VAR_TYPEMASK | PLUGIN_VAR_THDLOCAL)) { From 92ff5236193e257d2366d4de6bc160a44bf3d97a Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Apr 2015 02:39:36 +0200 Subject: [PATCH 51/65] change ENCRYPTION_KEY_ID to be HA_TOPTION_SYSVAR instead of manually implenting "default from a sysvar" in the code --- .../innodb/r/innodb-page_encryption.result | 4 +-- storage/innobase/handler/ha_innodb.cc | 26 ++++++++----------- storage/xtradb/handler/ha_innodb.cc | 26 ++++++++----------- 3 files changed, 24 insertions(+), 32 deletions(-) diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption.result index b5ec3b238c1..c94150e5153 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption.result @@ -14,7 +14,7 @@ Table Create Table innodb_defkey CREATE TABLE `innodb_defkey` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' `ENCRYPTION_KEY_ID`=5 show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( @@ -213,7 +213,7 @@ Table Create Table innodb_defkey CREATE TABLE `innodb_defkey` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' `ENCRYPTION_KEY_ID`=5 update innodb_normal set c1 = c1 +1; update innodb_compact set c1 = c1 + 1; update innodb_compressed set c1 = c1 + 1; diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 8974bd52748..7b5b6ef609b 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -548,6 +548,13 @@ ib_cb_t innodb_api_cb[] = { (ib_cb_t) ib_cursor_stmt_begin }; +static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, + PLUGIN_VAR_RQCMDARG, + "Default encryption key id used for table encryption.", + NULL, + NULL, + FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); + /** Structure for CREATE TABLE options (table options). It needs to be called ha_table_option_struct. @@ -569,7 +576,7 @@ ha_create_table_option innodb_table_option_list[]= /* With this option the user can enable encryption for the table */ HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_NUMBER("ENCRYPTION_KEY_ID", encryption_key_id, 0, 1, UINT_MAX32, 1), + HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key), HA_TOPTION_END }; @@ -11375,11 +11382,8 @@ ha_innobase::check_table_options( } } - if (options->encryption_key_id != 0) { - if (options->encryption == FIL_SPACE_ENCRYPTION_OFF) { - /* ignore this to allow alter table without changing page_encryption_key ...*/ - } - + if (options->encryption == FIL_SPACE_ENCRYPTION_ON || + (options->encryption == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) { if (!encryption_key_id_exists(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, @@ -11451,8 +11455,7 @@ ha_innobase::create( /* Cache table options */ ha_table_option_struct *options= form->s->option_struct; fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - ulint key_id = (options->encryption_key_id == 0) ? srv_default_encryption_key : - options->encryption_key_id; + ulint key_id = options->encryption_key_id; DBUG_ENTER("ha_innobase::create"); @@ -19155,13 +19158,6 @@ static MYSQL_SYSVAR_UINT(encryption_rotation_iops, srv_n_fil_crypt_iops, innodb_encryption_rotation_iops_update, srv_n_fil_crypt_iops, 0, UINT_MAX32, 0); -static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, - PLUGIN_VAR_RQCMDARG, - "Default encryption key id used for table encryption.", - NULL, - NULL, - FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); - static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, "Enable background redo log (ib_logfile0, ib_logfile1...) scrubbing", diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 7ec1ed787a9..26d2dca5699 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -613,6 +613,13 @@ ib_cb_t innodb_api_cb[] = { (ib_cb_t) ib_cursor_stmt_begin }; +static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, + PLUGIN_VAR_RQCMDARG, + "Default encryption key id used for table encryption.", + NULL, + NULL, + FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); + /** Structure for CREATE TABLE options (table options). It needs to be called ha_table_option_struct. @@ -634,7 +641,7 @@ ha_create_table_option innodb_table_option_list[]= /* With this option the user can enable encryption for the table */ HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_NUMBER("ENCRYPTION_KEY_ID", encryption_key_id, 0, 1, UINT_MAX32, 1), + HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key), HA_TOPTION_END }; @@ -11882,11 +11889,8 @@ ha_innobase::check_table_options( } } - if (options->encryption_key_id != 0) { - if (options->encryption == FIL_SPACE_ENCRYPTION_OFF) { - /* ignore this to allow alter table without changing page_encryption_key ...*/ - } - + if (options->encryption == FIL_SPACE_ENCRYPTION_ON || + (options->encryption == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) { if (!encryption_key_id_exists(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, @@ -11959,8 +11963,7 @@ ha_innobase::create( /* Cache table options */ ha_table_option_struct *options= form->s->option_struct; fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - ulint key_id = (options->encryption_key_id == 0) ? srv_default_encryption_key : - options->encryption_key_id; + ulint key_id = options->encryption_key_id; DBUG_ENTER("ha_innobase::create"); @@ -20338,13 +20341,6 @@ static MYSQL_SYSVAR_UINT(encryption_rotation_iops, srv_n_fil_crypt_iops, innodb_encryption_rotation_iops_update, srv_n_fil_crypt_iops, 0, UINT_MAX32, 0); -static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, - PLUGIN_VAR_RQCMDARG, - "Default encryption key id used for table encryption.", - NULL, - NULL, - FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); - static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, "Enable background redo log (ib_logfile0, ib_logfile1...) scrubbing", From ea764f5f520b83f4327d6f9955004a2ee8d41267 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 14:09:06 +0200 Subject: [PATCH 52/65] s/innodb_default_encryption_key/innodb_default_encryption_key_id/ and make it a session variable, not global, as any decent default sysvar for a table attribute should be --- .../innodb/r/innodb-page_encryption.result | 2 +- .../innodb/t/innodb-page_encryption.test | 4 +- mysql-test/suite/sys_vars/r/all_vars.result | 2 +- ...b_default_page_encryption_key_basic.result | 71 ------------------- .../suite/sys_vars/r/sysvars_innodb.result | 6 +- ...odb_default_page_encryption_key_basic.test | 60 ---------------- storage/innobase/handler/ha_innodb.cc | 11 ++- storage/innobase/include/srv0srv.h | 3 - storage/innobase/srv/srv0srv.cc | 3 - storage/xtradb/handler/ha_innodb.cc | 10 ++- storage/xtradb/include/srv0srv.h | 3 - storage/xtradb/srv/srv0srv.cc | 3 - 12 files changed, 14 insertions(+), 164 deletions(-) delete mode 100644 mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result delete mode 100644 mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption.result index c94150e5153..458fcc6c9d0 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption.result @@ -7,7 +7,7 @@ create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_f ERROR HY000: Can't create table `test`.`innodb_dynamic` (errno: 140 "Wrong create options") create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=33; create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; -SET GLOBAL innodb_default_encryption_key = 5; +set innodb_default_encryption_key_id = 5; create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encryption='ON'; show create table innodb_defkey; Table Create Table diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption.test b/mysql-test/suite/innodb/t/innodb-page_encryption.test index 6832b2922d0..d2fa14e3761 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption.test @@ -4,7 +4,6 @@ --disable_query_log let $innodb_file_format_orig = `SELECT @@innodb_file_format`; let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`; -let $default_encryption_key = `SELECT @@innodb_default_encryption_key`; --enable_query_log SET GLOBAL innodb_file_format = `Barracuda`; @@ -18,7 +17,7 @@ create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_f create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=33; create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; -SET GLOBAL innodb_default_encryption_key = 5; +set innodb_default_encryption_key_id = 5; create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encryption='ON'; show create table innodb_defkey; @@ -162,5 +161,4 @@ drop table innodb_defkey; --disable_query_log EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig; EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig; -EVAL SET GLOBAL innodb_default_encryption_key = $default_encryption_key; --enable_query_log diff --git a/mysql-test/suite/sys_vars/r/all_vars.result b/mysql-test/suite/sys_vars/r/all_vars.result index 8a8d8741236..5bd55dc8133 100644 --- a/mysql-test/suite/sys_vars/r/all_vars.result +++ b/mysql-test/suite/sys_vars/r/all_vars.result @@ -10,7 +10,7 @@ there should be *no* long test name listed below: select distinct variable_name as `there should be *no* variables listed below:` from t2 left join t1 on variable_name=test_name where test_name is null; there should be *no* variables listed below: -innodb_default_encryption_key +innodb_default_encryption_key_id strict_password_validation drop table t1; drop table t2; diff --git a/mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result b/mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result deleted file mode 100644 index b18a9301483..00000000000 --- a/mysql-test/suite/sys_vars/r/innodb_default_page_encryption_key_basic.result +++ /dev/null @@ -1,71 +0,0 @@ -SET @start_global_value = @@global.innodb_default_encryption_key; -SELECT @start_global_value; -@start_global_value -1 -Valid value 0-9 -select @@global.innodb_default_encryption_key <= 9; -@@global.innodb_default_encryption_key <= 9 -1 -select @@global.innodb_default_encryption_key; -@@global.innodb_default_encryption_key -1 -select @@session.innodb_default_encryption_key; -ERROR HY000: Variable 'innodb_default_encryption_key' is a GLOBAL variable -show global variables like 'innodb_default_encryption_key'; -Variable_name Value -innodb_default_encryption_key 1 -show session variables like 'innodb_default_encryption_key'; -Variable_name Value -innodb_default_encryption_key 1 -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_ENCRYPTION_KEY 1 -select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_ENCRYPTION_KEY 1 -set global innodb_default_encryption_key=2; -select @@global.innodb_default_encryption_key; -@@global.innodb_default_encryption_key -2 -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_ENCRYPTION_KEY 2 -select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_ENCRYPTION_KEY 2 -set session innodb_default_encryption_key=4; -ERROR HY000: Variable 'innodb_default_encryption_key' is a GLOBAL variable and should be set with SET GLOBAL -set global innodb_default_encryption_key=1.1; -ERROR 42000: Incorrect argument type to variable 'innodb_default_encryption_key' -set global innodb_default_encryption_key=1e1; -ERROR 42000: Incorrect argument type to variable 'innodb_default_encryption_key' -set global innodb_default_encryption_key="foo"; -ERROR 42000: Incorrect argument type to variable 'innodb_default_encryption_key' -set global innodb_default_encryption_key=10; -select @@global.innodb_default_encryption_key; -@@global.innodb_default_encryption_key -10 -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_ENCRYPTION_KEY 10 -set global innodb_default_encryption_key=-7; -Warnings: -Warning 1292 Truncated incorrect innodb_default_encryption_key value: '-7' -select @@global.innodb_default_encryption_key; -@@global.innodb_default_encryption_key -1 -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; -VARIABLE_NAME VARIABLE_VALUE -INNODB_DEFAULT_ENCRYPTION_KEY 1 -set global innodb_default_encryption_key=1; -select @@global.innodb_default_encryption_key; -@@global.innodb_default_encryption_key -1 -set global innodb_default_encryption_key=255; -select @@global.innodb_default_encryption_key; -@@global.innodb_default_encryption_key -255 -SET @@global.innodb_default_encryption_key = @start_global_value; -SELECT @@global.innodb_default_encryption_key; -@@global.innodb_default_encryption_key -1 diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result index 250fcca0800..a3506b342b7 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result @@ -579,12 +579,12 @@ NUMERIC_BLOCK_SIZE NULL ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED -VARIABLE_NAME INNODB_DEFAULT_ENCRYPTION_KEY -SESSION_VALUE NULL +VARIABLE_NAME INNODB_DEFAULT_ENCRYPTION_KEY_ID +SESSION_VALUE 1 GLOBAL_VALUE 1 GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE 1 -VARIABLE_SCOPE GLOBAL +VARIABLE_SCOPE SESSION VARIABLE_TYPE INT UNSIGNED VARIABLE_COMMENT Default encryption key id used for table encryption. NUMERIC_MIN_VALUE 1 diff --git a/mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test b/mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test deleted file mode 100644 index b93ca26ba01..00000000000 --- a/mysql-test/suite/sys_vars/t/innodb_default_page_encryption_key_basic.test +++ /dev/null @@ -1,60 +0,0 @@ - ---source include/have_innodb.inc - -SET @start_global_value = @@global.innodb_default_encryption_key; -SELECT @start_global_value; - -# -# exists as global only -# ---echo Valid value 0-9 -select @@global.innodb_default_encryption_key <= 9; -select @@global.innodb_default_encryption_key; ---error ER_INCORRECT_GLOBAL_LOCAL_VAR -select @@session.innodb_default_encryption_key; -show global variables like 'innodb_default_encryption_key'; -show session variables like 'innodb_default_encryption_key'; -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; -select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; - -# -# show that it's writable -# -set global innodb_default_encryption_key=2; -select @@global.innodb_default_encryption_key; -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; -select * from information_schema.session_variables where variable_name='innodb_default_encryption_key'; ---error ER_GLOBAL_VARIABLE -set session innodb_default_encryption_key=4; - -# -# incorrect types -# ---error ER_WRONG_TYPE_FOR_VAR -set global innodb_default_encryption_key=1.1; ---error ER_WRONG_TYPE_FOR_VAR -set global innodb_default_encryption_key=1e1; ---error ER_WRONG_TYPE_FOR_VAR -set global innodb_default_encryption_key="foo"; - -set global innodb_default_encryption_key=10; -select @@global.innodb_default_encryption_key; -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; -set global innodb_default_encryption_key=-7; -select @@global.innodb_default_encryption_key; -select * from information_schema.global_variables where variable_name='innodb_default_encryption_key'; - -# -# min/max values -# -set global innodb_default_encryption_key=1; -select @@global.innodb_default_encryption_key; -set global innodb_default_encryption_key=255; -select @@global.innodb_default_encryption_key; - -# -# cleanup -# - -SET @@global.innodb_default_encryption_key = @start_global_value; -SELECT @@global.innodb_default_encryption_key; diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 7b5b6ef609b..65ee7b1c65a 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -548,11 +548,9 @@ ib_cb_t innodb_api_cb[] = { (ib_cb_t) ib_cursor_stmt_begin }; -static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, - PLUGIN_VAR_RQCMDARG, +static MYSQL_THDVAR_UINT(default_encryption_key_id, PLUGIN_VAR_RQCMDARG, "Default encryption key id used for table encryption.", - NULL, - NULL, + NULL, NULL, FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); /** @@ -576,7 +574,7 @@ ha_create_table_option innodb_table_option_list[]= /* With this option the user can enable encryption for the table */ HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key), + HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key_id), HA_TOPTION_END }; @@ -19417,8 +19415,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(scrub_log), MYSQL_SYSVAR(scrub_log_speed), MYSQL_SYSVAR(encrypt_log), - MYSQL_SYSVAR(default_encryption_key), - + MYSQL_SYSVAR(default_encryption_key_id), /* Scrubing feature */ MYSQL_SYSVAR(immediate_scrub_data_uncompressed), MYSQL_SYSVAR(background_scrub_data_uncompressed), diff --git a/storage/innobase/include/srv0srv.h b/storage/innobase/include/srv0srv.h index 11e648efc85..7039349ad68 100644 --- a/storage/innobase/include/srv0srv.h +++ b/storage/innobase/include/srv0srv.h @@ -560,9 +560,6 @@ that semaphore times out in InnoDB */ #define DEFAULT_SRV_FATAL_SEMAPHORE_TIMEOUT 600 extern ulong srv_fatal_semaphore_wait_threshold; -/** Default encryption key used for tablespace encryption */ -extern uint srv_default_encryption_key; - /** Enable semaphore request instrumentation */ extern my_bool srv_instrument_semaphores; diff --git a/storage/innobase/srv/srv0srv.cc b/storage/innobase/srv/srv0srv.cc index c19da5dfd91..17470855fc4 100644 --- a/storage/innobase/srv/srv0srv.cc +++ b/storage/innobase/srv/srv0srv.cc @@ -523,9 +523,6 @@ thread ensures that we flush the log files at least once per second. */ static time_t srv_last_log_flush_time; -/** Default encryption key used for tablespace encryption */ -UNIV_INTERN uint srv_default_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; - /** Enable semaphore request instrumentation */ UNIV_INTERN my_bool srv_instrument_semaphores = FALSE; diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 26d2dca5699..fa9d8bc073f 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -613,11 +613,9 @@ ib_cb_t innodb_api_cb[] = { (ib_cb_t) ib_cursor_stmt_begin }; -static MYSQL_SYSVAR_UINT(default_encryption_key, srv_default_encryption_key, - PLUGIN_VAR_RQCMDARG, +static MYSQL_THDVAR_UINT(default_encryption_key_id, PLUGIN_VAR_RQCMDARG, "Default encryption key id used for table encryption.", - NULL, - NULL, + NULL, NULL, FIL_DEFAULT_ENCRYPTION_KEY, 1, UINT_MAX32, 0); /** @@ -641,7 +639,7 @@ ha_create_table_option innodb_table_option_list[]= /* With this option the user can enable encryption for the table */ HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), /* With this option the user defines the key identifier using for the encryption */ - HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key), + HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key_id), HA_TOPTION_END }; @@ -20638,7 +20636,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(scrub_log), MYSQL_SYSVAR(scrub_log_speed), MYSQL_SYSVAR(encrypt_log), - MYSQL_SYSVAR(default_encryption_key), + MYSQL_SYSVAR(default_encryption_key_id), /* Scrubing feature */ MYSQL_SYSVAR(immediate_scrub_data_uncompressed), MYSQL_SYSVAR(background_scrub_data_uncompressed), diff --git a/storage/xtradb/include/srv0srv.h b/storage/xtradb/include/srv0srv.h index 1ff9a823819..10d0cc961f7 100644 --- a/storage/xtradb/include/srv0srv.h +++ b/storage/xtradb/include/srv0srv.h @@ -703,9 +703,6 @@ that semaphore times out in InnoDB */ #define DEFAULT_SRV_FATAL_SEMAPHORE_TIMEOUT 600 extern ulong srv_fatal_semaphore_wait_threshold; -/** Default encryption key used for tablespace encryption */ -extern uint srv_default_encryption_key; - /** Enable semaphore request instrumentation */ extern my_bool srv_instrument_semaphores; diff --git a/storage/xtradb/srv/srv0srv.cc b/storage/xtradb/srv/srv0srv.cc index 0391cd9eecb..ab05605114b 100644 --- a/storage/xtradb/srv/srv0srv.cc +++ b/storage/xtradb/srv/srv0srv.cc @@ -670,9 +670,6 @@ thread ensures that we flush the log files at least once per second. */ static time_t srv_last_log_flush_time; -/** Default encryption key used for tablespace encryption */ -UNIV_INTERN uint srv_default_encryption_key = FIL_DEFAULT_ENCRYPTION_KEY; - /** Enable semaphore request instrumentation */ UNIV_INTERN my_bool srv_instrument_semaphores = FALSE; From bc9f118e29a96454cfa55cb80cc347804601ddd7 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 17:59:34 +0200 Subject: [PATCH 53/65] rename table attribute ENCRYPTION=ON/OFF to ENCRYPTED=YES/NO --- .../r/innodb-page_encryption-32k.result | 18 +++++------ .../innodb/r/innodb-page_encryption.result | 32 +++++++++---------- .../innodb-page_encryption_compression.result | 12 +++---- ...nodb-page_encryption_log_encryption.result | 24 +++++++------- .../innodb/t/innodb-page_encryption-32k.test | 12 +++---- .../innodb/t/innodb-page_encryption.test | 20 ++++++------ .../t/innodb-page_encryption_compression.test | 8 ++--- ...innodb-page_encryption_log_encryption.test | 16 +++++----- .../suite/plugins/r/filekeys_encfile.result | 12 +++---- .../plugins/r/filekeys_encfile_bad.result | 2 +- .../plugins/r/filekeys_encfile_badfile.result | 2 +- .../plugins/r/filekeys_encfile_file.result | 12 +++---- .../plugins/r/filekeys_encfile_no.result | 2 +- .../suite/plugins/r/filekeys_nofile.result | 2 +- .../suite/plugins/r/filekeys_syntax.result | 26 +++++++-------- .../suite/plugins/r/filekeys_unencfile.result | 2 +- .../suite/plugins/t/filekeys_badtest.inc | 2 +- .../suite/plugins/t/filekeys_goodtest.inc | 2 +- storage/innobase/handler/ha_innodb.cc | 2 +- storage/xtradb/handler/ha_innodb.cc | 2 +- 20 files changed, 105 insertions(+), 105 deletions(-) diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption-32k.result b/mysql-test/suite/innodb/r/innodb-page_encryption-32k.result index f46cf798110..6aa98a2fc68 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption-32k.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption-32k.result @@ -2,27 +2,27 @@ call mtr.add_suppression("InnoDB: Warning: innodb_page_size has been changed fro SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=4; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encrypted`=yes `encryption_key_id`=1 show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=3 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encrypted`=yes `encryption_key_id`=3 show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encryption`='ON' `encryption_key_id`=4 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encrypted`=yes `encryption_key_id`=4 create procedure innodb_insert_proc (repeat_count int) begin declare current_num int; @@ -64,14 +64,14 @@ count(*) select count(*) from innodb_redundant where c1 < 1500000; count(*) 5000 -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; Warnings: Warning 1478 InnoDB: ROW_FORMAT=DYNAMIC requires innodb_file_format > Antelope. Warning 1478 InnoDB: assuming ROW_FORMAT=COMPACT. @@ -81,7 +81,7 @@ innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC -alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_redundant engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption.result index 458fcc6c9d0..2a52d1a07b3 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption.result @@ -1,44 +1,44 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encrypted=yes encryption_key_id=2; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=3; ERROR HY000: Can't create table `test`.`innodb_dynamic` (errno: 140 "Wrong create options") -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=33; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=33; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=4; set innodb_default_encryption_key_id = 5; -create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encryption='ON'; +create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encrypted=yes; show create table innodb_defkey; Table Create Table innodb_defkey CREATE TABLE `innodb_defkey` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' `ENCRYPTION_KEY_ID`=5 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `ENCRYPTION_KEY_ID`=5 show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encrypted`=yes `encryption_key_id`=1 show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `encryption`='ON' `encryption_key_id`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `encrypted`=yes `encryption_key_id`=2 show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=33 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encrypted`=yes `encryption_key_id`=33 show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encryption`='ON' `encryption_key_id`=4 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encrypted`=yes `encryption_key_id`=4 create procedure innodb_insert_proc (repeat_count int) begin declare current_num int; @@ -154,28 +154,28 @@ variable_value >= 0 SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT -alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compressed engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC -alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_redundant engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( @@ -213,7 +213,7 @@ Table Create Table innodb_defkey CREATE TABLE `innodb_defkey` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='ON' `ENCRYPTION_KEY_ID`=5 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `ENCRYPTION_KEY_ID`=5 update innodb_normal set c1 = c1 +1; update innodb_compact set c1 = c1 + 1; update innodb_compressed set c1 = c1 + 1; diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result b/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result index 20e91e62b2f..02a13b3c13c 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption_compression.result @@ -2,8 +2,8 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; set global innodb_compression_algorithm = 1; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb page_compressed=1; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1 page_compressed=1; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=2 page_compressed=1; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1 page_compressed=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=2 page_compressed=1; show warnings; Level Code Message show create table innodb_normal; @@ -17,13 +17,13 @@ Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 `page_compressed`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encrypted`=yes `encryption_key_id`=1 `page_compressed`=1 show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=2 `page_compressed`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encrypted`=yes `encryption_key_id`=2 `page_compressed`=1 create procedure innodb_insert_proc (repeat_count int) begin declare current_num int; @@ -110,14 +110,14 @@ innodb_normal CREATE TABLE `innodb_normal` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( diff --git a/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result b/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result index 73d65543ae8..5a3a46e3620 100644 --- a/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result +++ b/mysql-test/suite/innodb/r/innodb-page_encryption_log_encryption.result @@ -4,34 +4,34 @@ call mtr.add_suppression("InnoDB: Redo log crypto: Can't initialize to key versi SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=33; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encrypted=yes encryption_key_id=2; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=33; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=4; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encryption`='ON' `encryption_key_id`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT `encrypted`=yes `encryption_key_id`=1 show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `encryption`='ON' `encryption_key_id`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED `encrypted`=yes `encryption_key_id`=2 show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encryption`='ON' `encryption_key_id`=33 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC `encrypted`=yes `encryption_key_id`=33 show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encryption`='ON' `encryption_key_id`=4 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT `encrypted`=yes `encryption_key_id`=4 create procedure innodb_insert_proc (repeat_count int) begin declare current_num int; @@ -130,28 +130,28 @@ variable_value >= 0 SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; variable_value >= 0 1 -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; Table Create Table innodb_compact CREATE TABLE `innodb_compact` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPACT -alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compressed engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; Table Create Table innodb_compressed CREATE TABLE `innodb_compressed` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=COMPRESSED -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; Table Create Table innodb_dynamic CREATE TABLE `innodb_dynamic` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=DYNAMIC -alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_redundant engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; Table Create Table innodb_redundant CREATE TABLE `innodb_redundant` ( diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test b/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test index 765ba7cb354..325f0a86521 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption-32k.test @@ -17,9 +17,9 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=3; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=4; show create table innodb_compact; show create table innodb_dynamic; @@ -63,11 +63,11 @@ select count(*) from innodb_compact where c1 < 1500000; select count(*) from innodb_dynamic where c1 < 1500000; select count(*) from innodb_redundant where c1 < 1500000; -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; -alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_redundant engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; --source include/restart_mysqld.inc diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption.test b/mysql-test/suite/innodb/t/innodb-page_encryption.test index d2fa14e3761..2f9192a5dec 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption.test @@ -10,15 +10,15 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encrypted=yes encryption_key_id=2; --error ER_CANT_CREATE_TABLE -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=3; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=33; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=3; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=33; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=4; set innodb_default_encryption_key_id = 5; -create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encryption='ON'; +create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb encrypted=yes; show create table innodb_defkey; show create table innodb_compact; @@ -107,13 +107,13 @@ t1.c1 = t2.c1 and t1.b = t2.b; SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; -alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compressed engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; -alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_redundant engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; --source include/restart_mysqld.inc diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test b/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test index 6123745d5c6..00304e5268a 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption_compression.test @@ -14,8 +14,8 @@ SET GLOBAL innodb_file_per_table = ON; set global innodb_compression_algorithm = 1; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb page_compressed=1; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1 page_compressed=1; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=2 page_compressed=1; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1 page_compressed=1; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=2 page_compressed=1; show warnings; show create table innodb_normal; @@ -84,9 +84,9 @@ SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(var alter table innodb_normal engine=innodb page_compressed=DEFAULT; show create table innodb_normal; -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_compact; -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT page_compressed=DEFAULT; show create table innodb_dynamic; --source include/restart_mysqld.inc diff --git a/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test b/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test index cf65094aeb8..fec5f062a71 100644 --- a/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test +++ b/mysql-test/suite/innodb/t/innodb-page_encryption_log_encryption.test @@ -15,10 +15,10 @@ SET GLOBAL innodb_file_format = `Barracuda`; SET GLOBAL innodb_file_per_table = ON; create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; -create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encryption='ON' encryption_key_id=1; -create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encryption='ON' encryption_key_id=2; -create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encryption='ON' encryption_key_id=33; -create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encryption='ON' encryption_key_id=4; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=1; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encrypted=yes encryption_key_id=2; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=33; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=4; show create table innodb_compact; show create table innodb_compressed; @@ -96,13 +96,13 @@ t1.c1 = t2.c1 and t1.b = t2.b; SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; -alter table innodb_compact engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compact engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compact; -alter table innodb_compressed engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_compressed engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_compressed; -alter table innodb_dynamic engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_dynamic engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_dynamic; -alter table innodb_redundant engine=innodb encryption=DEFAULT encryption_key_id=DEFAULT; +alter table innodb_redundant engine=innodb encrypted=DEFAULT encryption_key_id=DEFAULT; show create table innodb_redundant; --source include/restart_mysqld.inc diff --git a/mysql-test/suite/plugins/r/filekeys_encfile.result b/mysql-test/suite/plugins/r/filekeys_encfile.result index 5755325661d..add6f312fda 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile.result @@ -1,10 +1,10 @@ -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=1 insert t1 values (12345, repeat('1234567890', 20)); alter table t1 encryption_key_id=2; show create table t1; @@ -12,7 +12,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=2 alter table t1 encryption_key_id=3; ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options") show create table t1; @@ -20,19 +20,19 @@ Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=2 alter table t1 encryption_key_id=33; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=33 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=33 alter table t1 encryption_key_id=4; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=4 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=4 drop table t1; diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_bad.result b/mysql-test/suite/plugins/r/filekeys_encfile_bad.result index 0608a4b331e..5345abf50fd 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile_bad.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile_bad.result @@ -1,7 +1,7 @@ call mtr.add_suppression("Cannot decrypt .*filekeys-data.enc. Wrong key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result b/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result index 9bc6dc4fe9d..dfeeb24a024 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result @@ -1,7 +1,7 @@ call mtr.add_suppression("File 'bad' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_file.result b/mysql-test/suite/plugins/r/filekeys_encfile_file.result index 5755325661d..add6f312fda 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile_file.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile_file.result @@ -1,10 +1,10 @@ -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=1 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=1 insert t1 values (12345, repeat('1234567890', 20)); alter table t1 encryption_key_id=2; show create table t1; @@ -12,7 +12,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=2 alter table t1 encryption_key_id=3; ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options") show create table t1; @@ -20,19 +20,19 @@ Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=2 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=2 alter table t1 encryption_key_id=33; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=33 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=33 alter table t1 encryption_key_id=4; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(20) NOT NULL, `b` char(200) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encryption`='on' `encryption_key_id`=4 +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes `encryption_key_id`=4 drop table t1; diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_no.result b/mysql-test/suite/plugins/r/filekeys_encfile_no.result index 0608a4b331e..5345abf50fd 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile_no.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile_no.result @@ -1,7 +1,7 @@ call mtr.add_suppression("Cannot decrypt .*filekeys-data.enc. Wrong key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; diff --git a/mysql-test/suite/plugins/r/filekeys_nofile.result b/mysql-test/suite/plugins/r/filekeys_nofile.result index efe19df0c9f..b77c663e848 100644 --- a/mysql-test/suite/plugins/r/filekeys_nofile.result +++ b/mysql-test/suite/plugins/r/filekeys_nofile.result @@ -1,7 +1,7 @@ call mtr.add_suppression("File '' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; diff --git a/mysql-test/suite/plugins/r/filekeys_syntax.result b/mysql-test/suite/plugins/r/filekeys_syntax.result index 13404917dc6..245dab5aca7 100644 --- a/mysql-test/suite/plugins/r/filekeys_syntax.result +++ b/mysql-test/suite/plugins/r/filekeys_syntax.result @@ -1,7 +1,7 @@ call mtr.add_suppression("File '.*keys.txt' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -11,7 +11,7 @@ ERROR HY000: Invalid key id at MYSQL_TMP_DIR/keys.txt line 2, column 2 call mtr.add_suppression("File '.*keys.txt' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -19,7 +19,7 @@ plugin_status call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -29,7 +29,7 @@ ERROR HY000: Invalid key id at MYSQL_TMP_DIR/keys.txt line 2, column 11 call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -37,7 +37,7 @@ plugin_status call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -47,7 +47,7 @@ ERROR HY000: Invalid key at MYSQL_TMP_DIR/keys.txt line 2, column 47 call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -55,7 +55,7 @@ plugin_status call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -65,7 +65,7 @@ ERROR HY000: Invalid key at MYSQL_TMP_DIR/keys.txt line 2, column 33 call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -73,7 +73,7 @@ plugin_status call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -83,7 +83,7 @@ ERROR HY000: Syntax error at MYSQL_TMP_DIR/keys.txt line 2, column 2 call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -91,7 +91,7 @@ plugin_status call mtr.add_suppression("Syntax error"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -101,7 +101,7 @@ ERROR HY000: Syntax error at MYSQL_TMP_DIR/keys.txt line 2, column 1 call mtr.add_suppression("Syntax error"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; @@ -109,7 +109,7 @@ plugin_status call mtr.add_suppression("Syntax error"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; diff --git a/mysql-test/suite/plugins/r/filekeys_unencfile.result b/mysql-test/suite/plugins/r/filekeys_unencfile.result index a962e5898b3..39547b01f14 100644 --- a/mysql-test/suite/plugins/r/filekeys_unencfile.result +++ b/mysql-test/suite/plugins/r/filekeys_unencfile.result @@ -1,7 +1,7 @@ call mtr.add_suppression("Cannot decrypt .*keys.txt. Not encrypted"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; diff --git a/mysql-test/suite/plugins/t/filekeys_badtest.inc b/mysql-test/suite/plugins/t/filekeys_badtest.inc index 81ec1ec0060..7c0858af20a 100644 --- a/mysql-test/suite/plugins/t/filekeys_badtest.inc +++ b/mysql-test/suite/plugins/t/filekeys_badtest.inc @@ -11,7 +11,7 @@ call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); --source include/search_pattern_in_file.inc --error ER_CANT_CREATE_TABLE -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; select plugin_status from information_schema.plugins where plugin_name = 'file_key_management'; diff --git a/mysql-test/suite/plugins/t/filekeys_goodtest.inc b/mysql-test/suite/plugins/t/filekeys_goodtest.inc index 6bbedd191f2..146a570412c 100644 --- a/mysql-test/suite/plugins/t/filekeys_goodtest.inc +++ b/mysql-test/suite/plugins/t/filekeys_goodtest.inc @@ -1,7 +1,7 @@ -- source include/have_xtradb.inc -- source filekeys_plugin.inc -create table t1(c1 bigint not null, b char(200)) engine=innodb encryption='on' encryption_key_id=1; +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; show create table t1; insert t1 values (12345, repeat('1234567890', 20)); diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 65ee7b1c65a..0414ec7c0dc 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -572,7 +572,7 @@ ha_create_table_option innodb_table_option_list[]= /* With this option user can enable atomic writes feature for this table */ HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0), /* With this option the user can enable encryption for the table */ - HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), + HA_TOPTION_ENUM("ENCRYPTED", encryption, "DEFAULT,YES,NO", 0), /* With this option the user defines the key identifier using for the encryption */ HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key_id), diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index fa9d8bc073f..8962426eb28 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -637,7 +637,7 @@ ha_create_table_option innodb_table_option_list[]= /* With this option user can enable atomic writes feature for this table */ HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0), /* With this option the user can enable encryption for the table */ - HA_TOPTION_ENUM("ENCRYPTION", encryption, "DEFAULT,ON,OFF", 0), + HA_TOPTION_ENUM("ENCRYPTED", encryption, "DEFAULT,YES,NO", 0), /* With this option the user defines the key identifier using for the encryption */ HA_TOPTION_SYSVAR("ENCRYPTION_KEY_ID", encryption_key_id, default_encryption_key_id), From dab6c8374442513d0aae3b09627e2995739f770c Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 18:30:05 +0200 Subject: [PATCH 54/65] allow srv_encrypt_tables and ENCRYPTED=YES to be used together --- storage/innobase/handler/ha_innodb.cc | 30 +++++++++------------------ storage/xtradb/handler/ha_innodb.cc | 29 ++++++++------------------ 2 files changed, 19 insertions(+), 40 deletions(-) diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 0414ec7c0dc..47609494ab8 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -11290,23 +11290,13 @@ ha_innobase::check_table_options( atomic_writes_t awrites = (atomic_writes_t)options->atomic_writes; fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - if (encrypt == FIL_SPACE_ENCRYPTION_ON) { - if (srv_encrypt_tables) { - push_warning( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION not available if innodb_encrypt_tables=ON"); - return "INNODB_ENCRYPT_TABLES"; - } - if (!use_tablespace) { - push_warning( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION requires" - " innodb_file_per_table."); - return "PAGE_ENCRYPTION"; - } - } + if (encrypt != FIL_SPACE_ENCRYPTION_DEFAULT && !use_tablespace) { + push_warning( + thd, Sql_condition::WARN_LEVEL_WARN, + HA_WRONG_CREATE_OPTION, + "InnoDB: ENCRYPTED requires innodb_file_per_table"); + return "ENCRYPTED"; + } /* Check page compression requirements */ if (options->page_compressed) { @@ -11380,8 +11370,8 @@ ha_innobase::check_table_options( } } - if (options->encryption == FIL_SPACE_ENCRYPTION_ON || - (options->encryption == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) { + if (encrypt == FIL_SPACE_ENCRYPTION_ON || + (encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) { if (!encryption_key_id_exists(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, @@ -11708,7 +11698,7 @@ ha_innobase::create( /* If user has requested that table should be encrypted or table should remain as unencrypted store crypt data */ - if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { + if (encrypt != FIL_SPACE_ENCRYPTION_DEFAULT) { ulint maxsize; ulint zip_size = fil_space_get_zip_size(innobase_table->space); fil_space_crypt_t* old_crypt_data = fil_space_get_crypt_data(innobase_table->space); diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index 8962426eb28..d5bbfe9fbd7 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -11796,23 +11796,12 @@ ha_innobase::check_table_options( atomic_writes_t awrites = (atomic_writes_t)options->atomic_writes; fil_encryption_t encrypt = (fil_encryption_t)options->encryption; - if (encrypt == FIL_SPACE_ENCRYPTION_ON) { - if (srv_encrypt_tables) { - push_warning( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION not available if innodb_encrypt_tables=ON"); - return "INNODB_ENCRYPT_TABLES"; - } - - if (!use_tablespace) { - push_warning( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION requires" - " innodb_file_per_table."); - return "PAGE_ENCRYPTION"; - } + if (encrypt != FIL_SPACE_ENCRYPTION_DEFAULT && !use_tablespace) { + push_warning( + thd, Sql_condition::WARN_LEVEL_WARN, + HA_WRONG_CREATE_OPTION, + "InnoDB: ENCRYPTED requires innodb_file_per_table"); + return "ENCRYPTED"; } /* Check page compression requirements */ @@ -11887,8 +11876,8 @@ ha_innobase::check_table_options( } } - if (options->encryption == FIL_SPACE_ENCRYPTION_ON || - (options->encryption == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) { + if (encrypt == FIL_SPACE_ENCRYPTION_ON || + (encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) { if (!encryption_key_id_exists(options->encryption_key_id)) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_WARN, @@ -12222,7 +12211,7 @@ ha_innobase::create( /* If user has requested that table should be encrypted or table should remain as unencrypted store crypt data */ - if (encrypt == FIL_SPACE_ENCRYPTION_ON || encrypt == FIL_SPACE_ENCRYPTION_OFF) { + if (encrypt != FIL_SPACE_ENCRYPTION_DEFAULT) { ulint maxsize; ulint zip_size = fil_space_get_zip_size(innobase_table->space); fil_space_crypt_t* old_crypt_data = fil_space_get_crypt_data(innobase_table->space); From da06baa11f8b632bff22c90201334394aa0e4f4f Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 20:44:56 +0200 Subject: [PATCH 55/65] mtr: *.opt files, always enable innodb-encrypt-log because one is supposed always to use it with innodb-encrypt-tables --- mysql-test/suite/innodb/r/innodb_encryption.result | 4 ++-- mysql-test/suite/innodb/r/innodb_encryption_debug.result | 2 +- .../suite/innodb/t/innodb_encryption-page-compression.opt | 1 + mysql-test/suite/innodb/t/innodb_encryption.opt | 1 + mysql-test/suite/innodb/t/innodb_encryption_debug.opt | 1 + mysql-test/suite/innodb/t/innodb_encryption_tables.opt | 1 + mysql-test/suite/innodb/t/innodb_scrub.opt | 5 ++--- mysql-test/suite/innodb/t/innodb_scrub_background.opt | 5 ++--- mysql-test/suite/innodb/t/innodb_scrub_compressed.opt | 6 ++---- 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/mysql-test/suite/innodb/r/innodb_encryption.result b/mysql-test/suite/innodb/r/innodb_encryption.result index 040cbd294f9..283c78e33d3 100644 --- a/mysql-test/suite/innodb/r/innodb_encryption.result +++ b/mysql-test/suite/innodb/r/innodb_encryption.result @@ -1,7 +1,7 @@ SET @start_global_value = @@global.innodb_encryption_threads; SHOW VARIABLES LIKE 'innodb_encrypt%'; Variable_name Value -innodb_encrypt_log OFF +innodb_encrypt_log ON innodb_encrypt_tables ON innodb_encryption_rotate_key_age 15 innodb_encryption_rotation_iops 100 @@ -44,7 +44,7 @@ SET GLOBAL innodb_encryption_threads=@start_global_value; # Restart mysqld --innodb_encrypt_tables=0 --innodb_encryption_threads=0 SHOW VARIABLES LIKE 'innodb_encrypt%'; Variable_name Value -innodb_encrypt_log OFF +innodb_encrypt_log ON innodb_encrypt_tables OFF innodb_encryption_rotate_key_age 15 innodb_encryption_rotation_iops 100 diff --git a/mysql-test/suite/innodb/r/innodb_encryption_debug.result b/mysql-test/suite/innodb/r/innodb_encryption_debug.result index 503c56e32fd..45d629e52e6 100644 --- a/mysql-test/suite/innodb/r/innodb_encryption_debug.result +++ b/mysql-test/suite/innodb/r/innodb_encryption_debug.result @@ -1,6 +1,6 @@ show variables like 'innodb_encrypt%'; Variable_name Value -innodb_encrypt_log OFF +innodb_encrypt_log ON innodb_encrypt_tables ON innodb_encryption_rotate_key_age 2 innodb_encryption_rotation_iops 100 diff --git a/mysql-test/suite/innodb/t/innodb_encryption-page-compression.opt b/mysql-test/suite/innodb/t/innodb_encryption-page-compression.opt index f00ecb411d8..0b7319dcef5 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption-page-compression.opt +++ b/mysql-test/suite/innodb/t/innodb_encryption-page-compression.opt @@ -1,6 +1,7 @@ --aria-encrypt-tables=ON --encrypt-tmp-disk-tables=ON --innodb-encrypt-tables=ON +--innodb-encrypt-log=ON --innodb-encryption-rotate-key-age=15 --innodb-encryption-threads=4 --innodb-tablespaces-encryption diff --git a/mysql-test/suite/innodb/t/innodb_encryption.opt b/mysql-test/suite/innodb/t/innodb_encryption.opt index f7f583d18ef..b2c709f04b2 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption.opt +++ b/mysql-test/suite/innodb/t/innodb_encryption.opt @@ -1,6 +1,7 @@ --aria-encrypt-tables=ON --encrypt-tmp-disk-tables=ON --innodb-encrypt-tables=ON +--innodb-encrypt-log=ON --innodb-encryption-rotate-key-age=15 --innodb-encryption-threads=4 --innodb-tablespaces-encryption diff --git a/mysql-test/suite/innodb/t/innodb_encryption_debug.opt b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt index 11f1e90d481..722d4676594 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption_debug.opt +++ b/mysql-test/suite/innodb/t/innodb_encryption_debug.opt @@ -1,4 +1,5 @@ --innodb-encrypt-tables=ON +--innodb-encrypt-log=ON --innodb-encryption-rotate-key-age=2 --innodb-encryption-threads=4 --innodb-tablespaces-encryption diff --git a/mysql-test/suite/innodb/t/innodb_encryption_tables.opt b/mysql-test/suite/innodb/t/innodb_encryption_tables.opt index f00ecb411d8..0b7319dcef5 100644 --- a/mysql-test/suite/innodb/t/innodb_encryption_tables.opt +++ b/mysql-test/suite/innodb/t/innodb_encryption_tables.opt @@ -1,6 +1,7 @@ --aria-encrypt-tables=ON --encrypt-tmp-disk-tables=ON --innodb-encrypt-tables=ON +--innodb-encrypt-log=ON --innodb-encryption-rotate-key-age=15 --innodb-encryption-threads=4 --innodb-tablespaces-encryption diff --git a/mysql-test/suite/innodb/t/innodb_scrub.opt b/mysql-test/suite/innodb/t/innodb_scrub.opt index fcbedad0df7..1bcc580b218 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub.opt +++ b/mysql-test/suite/innodb/t/innodb_scrub.opt @@ -2,12 +2,11 @@ --encrypt-tmp-disk-tables=ON --innodb-background-scrub-data-compressed=OFF --innodb-background-scrub-data-uncompressed=OFF ---innodb-encrypt-tables=0 --innodb-encrypt-tables=ON +--innodb-encrypt-log=ON --innodb-encryption-rotate-key-age=15 ---innodb-encryption-threads=0 --innodb-encryption-threads=4 --innodb-file-format=Barracuda --innodb-file-per-table=1 --innodb-immediate-scrub-data-uncompressed=ON ---loose-innodb-scrub-force-testing=ON +--loose-innodb-debug-force-scrubbing=ON diff --git a/mysql-test/suite/innodb/t/innodb_scrub_background.opt b/mysql-test/suite/innodb/t/innodb_scrub_background.opt index bb1f4ce4e86..fb9925cde0f 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub_background.opt +++ b/mysql-test/suite/innodb/t/innodb_scrub_background.opt @@ -1,14 +1,13 @@ --innodb-file-per-table=1 --innodb-file-format=Barracuda ---innodb-encrypt-tables=0 ---innodb-encryption-threads=0 --innodb-immediate-scrub-data-uncompressed=OFF --innodb-background-scrub-data-uncompressed=ON --innodb-background-scrub-data-compressed=ON ---loose-innodb-scrub-force-testing=ON +--loose-innodb-debug-force-scrubbing=ON --encrypt-tmp-disk-tables=ON --aria-encrypt-tables=ON --innodb-encryption-threads=4 --innodb-encryption-rotate-key-age=15 --innodb-encrypt-tables=ON +--innodb-encrypt-log=ON --innodb-tablespaces-scrubbing diff --git a/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt b/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt index ac7ef8a1675..69f0ade0278 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt +++ b/mysql-test/suite/innodb/t/innodb_scrub_compressed.opt @@ -1,15 +1,13 @@ --innodb-file-per-table=1 --innodb-file-format=Barracuda ---innodb-encrypt-tables=off --innodb-immediate-scrub-data-uncompressed=ON --innodb-background-scrub-data-uncompressed=ON --innodb-background-scrub-data-compressed=ON ---loose-innodb-scrub-force-testing=ON ---innodb-encryption-threads=0 +--loose-innodb-debug-force-scrubbing=ON --encrypt-tmp-disk-tables=ON --aria-encrypt-tables=ON --innodb-encryption-threads=4 --innodb-encryption-rotate-key-age=15 --innodb-encrypt-tables=ON +--innodb-encrypt-log=ON --innodb-tablespaces-scrubbing - From 966b236612662de5a36f86221bd54227e7f62730 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Thu, 9 Apr 2015 21:04:05 +0200 Subject: [PATCH 56/65] add support for --innodb-encrypt-tables=FORCE this will prevent user from creating tables with ENCRYPTED=OFF --- .../innodb/r/innodb_encryption_force.result | 47 +++++++++++++++++++ .../innodb/t/innodb_encryption_force.opt | 2 + .../innodb/t/innodb_encryption_force.test | 31 ++++++++++++ .../r/innodb_encrypt_tables_basic.result | 8 ++-- .../sys_vars/r/sysvars_innodb,xtradb.rdiff | 4 +- .../suite/sys_vars/r/sysvars_innodb.result | 10 ++-- storage/innobase/fil/fil0crypt.cc | 10 ++-- storage/innobase/fil/fil0fil.cc | 2 +- storage/innobase/handler/ha_innodb.cc | 24 ++++++++-- storage/innobase/include/srv0srv.h | 2 +- storage/xtradb/fil/fil0crypt.cc | 10 ++-- storage/xtradb/fil/fil0fil.cc | 2 +- storage/xtradb/handler/ha_innodb.cc | 24 ++++++++-- storage/xtradb/include/srv0srv.h | 2 +- 14 files changed, 143 insertions(+), 35 deletions(-) create mode 100644 mysql-test/suite/innodb/r/innodb_encryption_force.result create mode 100644 mysql-test/suite/innodb/t/innodb_encryption_force.opt create mode 100644 mysql-test/suite/innodb/t/innodb_encryption_force.test diff --git a/mysql-test/suite/innodb/r/innodb_encryption_force.result b/mysql-test/suite/innodb/r/innodb_encryption_force.result new file mode 100644 index 00000000000..8e129899275 --- /dev/null +++ b/mysql-test/suite/innodb/r/innodb_encryption_force.result @@ -0,0 +1,47 @@ +select @@innodb_encrypt_tables; +@@innodb_encrypt_tables +FORCE +create table t1 (a int) engine=innodb encrypted=yes; +create table t2 (a int) engine=innodb encrypted=default; +create table t3 (a int) engine=innodb encrypted=no; +ERROR HY000: Can't create table `test`.`t3` (errno: 140 "Wrong create options") +set global innodb_encrypt_tables='ON'; +create table t3 (a int) engine=innodb encrypted=no; +set global innodb_encrypt_tables='FORCE'; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `a` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes +show create table t2; +Table Create Table +t2 CREATE TABLE `t2` ( + `a` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 +show create table t3; +Table Create Table +t3 CREATE TABLE `t3` ( + `a` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=no +alter table t1 encrypted=no; +ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options") +alter table t2 encrypted=yes; +alter table t3 encrypted=default; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `a` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes +show create table t2; +Table Create Table +t2 CREATE TABLE `t2` ( + `a` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 `encrypted`=yes +show create table t3; +Table Create Table +t3 CREATE TABLE `t3` ( + `a` int(11) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 +drop table t1; +drop table t2; +drop table t3; diff --git a/mysql-test/suite/innodb/t/innodb_encryption_force.opt b/mysql-test/suite/innodb/t/innodb_encryption_force.opt new file mode 100644 index 00000000000..c9e532878e1 --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_force.opt @@ -0,0 +1,2 @@ +--innodb-encrypt-tables=FORCE +--innodb-encrypt-log=ON diff --git a/mysql-test/suite/innodb/t/innodb_encryption_force.test b/mysql-test/suite/innodb/t/innodb_encryption_force.test new file mode 100644 index 00000000000..71ca23ff3cc --- /dev/null +++ b/mysql-test/suite/innodb/t/innodb_encryption_force.test @@ -0,0 +1,31 @@ +-- source include/have_innodb.inc +-- source include/have_example_key_management_plugin.inc + +select @@innodb_encrypt_tables; + +create table t1 (a int) engine=innodb encrypted=yes; +create table t2 (a int) engine=innodb encrypted=default; +--error ER_CANT_CREATE_TABLE +create table t3 (a int) engine=innodb encrypted=no; + +set global innodb_encrypt_tables='ON'; +create table t3 (a int) engine=innodb encrypted=no; +set global innodb_encrypt_tables='FORCE'; + +show create table t1; +show create table t2; +show create table t3; + +--replace_regex /#sql-[0-9a-f_]*/#sql-temporary/ +--error ER_CANT_CREATE_TABLE +alter table t1 encrypted=no; +alter table t2 encrypted=yes; +alter table t3 encrypted=default; + +show create table t1; +show create table t2; +show create table t3; + +drop table t1; +drop table t2; +drop table t3; diff --git a/mysql-test/suite/sys_vars/r/innodb_encrypt_tables_basic.result b/mysql-test/suite/sys_vars/r/innodb_encrypt_tables_basic.result index 87212399f09..bcca96b8cd7 100644 --- a/mysql-test/suite/sys_vars/r/innodb_encrypt_tables_basic.result +++ b/mysql-test/suite/sys_vars/r/innodb_encrypt_tables_basic.result @@ -1,7 +1,7 @@ SET @start_global_value = @@global.innodb_encrypt_tables; select @@global.innodb_encrypt_tables; @@global.innodb_encrypt_tables -0 +OFF select @@session.innodb_encrypt_tables; ERROR HY000: Variable 'innodb_encrypt_tables' is a GLOBAL variable show global variables like 'innodb_encrypt_tables'; @@ -21,15 +21,15 @@ INNODB_ENCRYPT_TABLES OFF set global innodb_encrypt_tables=ON; select @@global.innodb_encrypt_tables; @@global.innodb_encrypt_tables -1 +ON set global innodb_encrypt_tables=OFF; select @@global.innodb_encrypt_tables; @@global.innodb_encrypt_tables -0 +OFF set global innodb_encrypt_tables=1; select @@global.innodb_encrypt_tables; @@global.innodb_encrypt_tables -1 +ON set session innodb_encrypt_tables=1; ERROR HY000: Variable 'innodb_encrypt_tables' is a GLOBAL variable and should be set with SET GLOBAL set global innodb_encrypt_tables=1.1; diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff b/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff index d44f2bb7842..a5b8fc1a205 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb,xtradb.rdiff @@ -199,9 +199,9 @@ SESSION_VALUE NULL GLOBAL_VALUE 1 @@ -803,6 +957,20 @@ - ENUM_VALUE_LIST NULL + ENUM_VALUE_LIST OFF,ON,FORCE READ_ONLY NO - COMMAND_LINE_ARGUMENT REQUIRED + COMMAND_LINE_ARGUMENT OPTIONAL +VARIABLE_NAME INNODB_FAKE_CHANGES +SESSION_VALUE OFF +GLOBAL_VALUE OFF diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result index a3506b342b7..15d0209e2dc 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result @@ -782,7 +782,7 @@ GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE OFF VARIABLE_SCOPE GLOBAL VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Enable redo log encryption/decryption. +VARIABLE_COMMENT Enable redo log encryption NUMERIC_MIN_VALUE NULL NUMERIC_MAX_VALUE NULL NUMERIC_BLOCK_SIZE NULL @@ -795,14 +795,14 @@ GLOBAL_VALUE OFF GLOBAL_VALUE_ORIGIN COMPILE-TIME DEFAULT_VALUE OFF VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Enable InnoDB on-disk data encryption +VARIABLE_TYPE ENUM +VARIABLE_COMMENT Enable encryption for tables. Don't forget to enable --innodb-encrypt-log too NUMERIC_MIN_VALUE NULL NUMERIC_MAX_VALUE NULL NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST NULL +ENUM_VALUE_LIST OFF,ON,FORCE READ_ONLY NO -COMMAND_LINE_ARGUMENT REQUIRED +COMMAND_LINE_ARGUMENT OPTIONAL VARIABLE_NAME INNODB_FAST_SHUTDOWN SESSION_VALUE NULL GLOBAL_VALUE 1 diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 68c5017c3b0..04dad889d65 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -48,7 +48,7 @@ UNIV_INTERN mysql_pfs_key_t fil_crypt_key_mutex_key; #endif /** Is encryption enabled/disabled */ -UNIV_INTERN my_bool srv_encrypt_tables = FALSE; +UNIV_INTERN ulong srv_encrypt_tables = 0; /** No of key rotation threads requested */ UNIV_INTERN uint srv_n_fil_crypt_threads = 0; @@ -257,7 +257,7 @@ fil_space_create_crypt_data(uint key_id) memset(crypt_data, 0, sz); - if (srv_encrypt_tables == FALSE) { + if (!srv_encrypt_tables) { crypt_data->type = CRYPT_SCHEME_UNENCRYPTED; crypt_data->min_key_version = 0; } else { @@ -596,7 +596,7 @@ fil_space_check_encryption_write( /*==============================*/ ulint space) /*!< in: tablespace id */ { - if (srv_encrypt_tables == FALSE) + if (!srv_encrypt_tables) return false; fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); @@ -981,7 +981,7 @@ fil_crypt_get_key_state( /*====================*/ key_state_t *new_state) /*!< out: key state */ { - if (srv_encrypt_tables == TRUE) { + if (srv_encrypt_tables) { new_state->key_version = encryption_key_get_latest_version(FIL_DEFAULT_ENCRYPTION_KEY); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; @@ -2438,7 +2438,7 @@ fil_space_crypt_get_status( } mutex_exit(&crypt_data->mutex); - if (srv_encrypt_tables == TRUE) { + if (srv_encrypt_tables) { status->current_key_version = encryption_key_get_latest_version(crypt_data->key_id); } else { diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 36d5a2946dd..172696df3ba 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -1992,7 +1992,7 @@ fil_read_first_page( /* If file space is encrypted we need to have at least some encryption service available where to get keys */ if ((cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_ON) || - ( srv_encrypt_tables && + (srv_encrypt_tables && cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { uint rc = encryption_key_get_latest_version(cdata->key_id); diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 47609494ab8..eee3f9920a9 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -236,7 +236,6 @@ static char* internal_innobase_data_file_path = NULL; static char* innodb_version_str = (char*) INNODB_VERSION_STR; -extern my_bool srv_encrypt_tables; extern uint srv_n_fil_crypt_threads; extern uint srv_fil_crypt_rotate_key_age; extern uint srv_n_fil_crypt_iops; @@ -11298,6 +11297,14 @@ ha_innobase::check_table_options( return "ENCRYPTED"; } + if (encrypt == FIL_SPACE_ENCRYPTION_OFF && srv_encrypt_tables == 2) { + push_warning( + thd, Sql_condition::WARN_LEVEL_WARN, + HA_WRONG_CREATE_OPTION, + "InnoDB: ENCRYPTED=OFF cannot be used when innodb_encrypt_tables=FORCE"); + return "ENCRYPTED"; + } + /* Check page compression requirements */ if (options->page_compressed) { @@ -19117,9 +19124,16 @@ static MYSQL_SYSVAR_ULONG(fatal_semaphore_wait_threshold, srv_fatal_semaphore_wa UINT_MAX32, /* Maximum setting */ 0); -static MYSQL_SYSVAR_BOOL(encrypt_tables, srv_encrypt_tables, 0, - "Enable InnoDB on-disk data encryption", - 0, 0, 0); +static const char* srv_encrypt_tables_names[] = { "OFF", "ON", "FORCE", 0 }; +static TYPELIB srv_encrypt_tables_typelib = { + array_elements(srv_encrypt_tables_names)-1, 0, srv_encrypt_tables_names, + NULL +}; +static MYSQL_SYSVAR_ENUM(encrypt_tables, srv_encrypt_tables, + PLUGIN_VAR_OPCMDARG, + "Enable encryption for tables. " + "Don't forget to enable --innodb-encrypt-log too", + NULL, NULL, 0, &srv_encrypt_tables_typelib); static MYSQL_SYSVAR_UINT(encryption_threads, srv_n_fil_crypt_threads, PLUGIN_VAR_RQCMDARG, @@ -19161,7 +19175,7 @@ static MYSQL_SYSVAR_ULONGLONG(scrub_log_speed, innodb_scrub_log_speed, static MYSQL_SYSVAR_BOOL(encrypt_log, srv_encrypt_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, - "Enable redo log encryption/decryption.", + "Enable redo log encryption", NULL, NULL, FALSE); static MYSQL_SYSVAR_BOOL(immediate_scrub_data_uncompressed, diff --git a/storage/innobase/include/srv0srv.h b/storage/innobase/include/srv0srv.h index 7039349ad68..34f8432d19f 100644 --- a/storage/innobase/include/srv0srv.h +++ b/storage/innobase/include/srv0srv.h @@ -544,7 +544,7 @@ extern my_bool srv_print_all_deadlocks; extern my_bool srv_cmp_per_index_enabled; /* is encryption enabled */ -extern my_bool srv_encrypt_tables; +extern ulong srv_encrypt_tables; /** Status variables to be passed to MySQL */ extern struct export_var_t export_vars; diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index aec9ceb4712..69f194578ae 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -48,7 +48,7 @@ UNIV_INTERN mysql_pfs_key_t fil_crypt_key_mutex_key; #endif /** Is encryption enabled/disabled */ -UNIV_INTERN my_bool srv_encrypt_tables = FALSE; +UNIV_INTERN ulong srv_encrypt_tables = 0; /** No of key rotation threads requested */ UNIV_INTERN uint srv_n_fil_crypt_threads = 0; @@ -257,7 +257,7 @@ fil_space_create_crypt_data(uint key_id) memset(crypt_data, 0, sz); - if (srv_encrypt_tables == FALSE) { + if (!srv_encrypt_tables) { crypt_data->type = CRYPT_SCHEME_UNENCRYPTED; crypt_data->min_key_version = 0; } else { @@ -596,7 +596,7 @@ fil_space_check_encryption_write( /*==============================*/ ulint space) /*!< in: tablespace id */ { - if (srv_encrypt_tables == FALSE) + if (!srv_encrypt_tables) return false; fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); @@ -981,7 +981,7 @@ fil_crypt_get_key_state( /*====================*/ key_state_t *new_state) /*!< out: key state */ { - if (srv_encrypt_tables == TRUE) { + if (srv_encrypt_tables) { new_state->key_version = encryption_key_get_latest_version(FIL_DEFAULT_ENCRYPTION_KEY); new_state->rotate_key_age = srv_fil_crypt_rotate_key_age; @@ -2438,7 +2438,7 @@ fil_space_crypt_get_status( } mutex_exit(&crypt_data->mutex); - if (srv_encrypt_tables == TRUE) { + if (srv_encrypt_tables) { status->current_key_version = encryption_key_get_latest_version(crypt_data->key_id); } else { diff --git a/storage/xtradb/fil/fil0fil.cc b/storage/xtradb/fil/fil0fil.cc index bc0c92beaa0..5cb4c071eb0 100644 --- a/storage/xtradb/fil/fil0fil.cc +++ b/storage/xtradb/fil/fil0fil.cc @@ -2030,7 +2030,7 @@ fil_read_first_page( /* If file space is encrypted we need to have at least some encryption service available where to get keys */ if ((cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_ON) || - ( srv_encrypt_tables && + (srv_encrypt_tables && cdata && cdata->encryption == FIL_SPACE_ENCRYPTION_DEFAULT)) { uint rc = encryption_key_get_latest_version(cdata->key_id); diff --git a/storage/xtradb/handler/ha_innodb.cc b/storage/xtradb/handler/ha_innodb.cc index d5bbfe9fbd7..aeb3e4fb5c1 100644 --- a/storage/xtradb/handler/ha_innodb.cc +++ b/storage/xtradb/handler/ha_innodb.cc @@ -246,7 +246,6 @@ static char* internal_innobase_data_file_path = NULL; static char* innodb_version_str = (char*) INNODB_VERSION_STR; -extern my_bool srv_encrypt_tables; extern uint srv_n_fil_crypt_threads; extern uint srv_fil_crypt_rotate_key_age; extern uint srv_n_fil_crypt_iops; @@ -11804,6 +11803,14 @@ ha_innobase::check_table_options( return "ENCRYPTED"; } + if (encrypt == FIL_SPACE_ENCRYPTION_OFF && srv_encrypt_tables == 2) { + push_warning( + thd, Sql_condition::WARN_LEVEL_WARN, + HA_WRONG_CREATE_OPTION, + "InnoDB: ENCRYPTED=OFF cannot be used when innodb_encrypt_tables=FORCE"); + return "ENCRYPTED"; + } + /* Check page compression requirements */ if (options->page_compressed) { @@ -20299,9 +20306,16 @@ static MYSQL_SYSVAR_ULONG(fatal_semaphore_wait_threshold, srv_fatal_semaphore_wa UINT_MAX32, /* Maximum setting */ 0); -static MYSQL_SYSVAR_BOOL(encrypt_tables, srv_encrypt_tables, 0, - "Enable InnoDB on-disk data encryption", - 0, 0, 0); +static const char* srv_encrypt_tables_names[] = { "OFF", "ON", "FORCE", 0 }; +static TYPELIB srv_encrypt_tables_typelib = { + array_elements(srv_encrypt_tables_names)-1, 0, srv_encrypt_tables_names, + NULL +}; +static MYSQL_SYSVAR_ENUM(encrypt_tables, srv_encrypt_tables, + PLUGIN_VAR_OPCMDARG, + "Enable encryption for tables. " + "Don't forget to enable --innodb-encrypt-log too", + NULL, NULL, 0, &srv_encrypt_tables_typelib); static MYSQL_SYSVAR_UINT(encryption_threads, srv_n_fil_crypt_threads, PLUGIN_VAR_RQCMDARG, @@ -20343,7 +20357,7 @@ static MYSQL_SYSVAR_ULONGLONG(scrub_log_speed, innodb_scrub_log_speed, static MYSQL_SYSVAR_BOOL(encrypt_log, srv_encrypt_log, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, - "Enable redo log encryption/decryption.", + "Enable redo log encryption", NULL, NULL, FALSE); static MYSQL_SYSVAR_BOOL(immediate_scrub_data_uncompressed, diff --git a/storage/xtradb/include/srv0srv.h b/storage/xtradb/include/srv0srv.h index 10d0cc961f7..b8a57098f40 100644 --- a/storage/xtradb/include/srv0srv.h +++ b/storage/xtradb/include/srv0srv.h @@ -683,7 +683,7 @@ extern my_bool srv_print_all_deadlocks; extern my_bool srv_cmp_per_index_enabled; /* is encryption enabled */ -extern my_bool srv_encrypt_tables; +extern ulong srv_encrypt_tables; /** Status variables to be passed to MySQL */ extern struct export_var_t export_vars; From 7d49e6940e8db23864eb9e3fb1df0d90edd4278a Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Apr 2015 09:46:21 +0200 Subject: [PATCH 57/65] fix "use mutex before initialization" bug in example_km plugin that for some reasons worked on linux, but crashed on windows --- plugin/example_key_management/example_key_management_plugin.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin/example_key_management/example_key_management_plugin.cc b/plugin/example_key_management/example_key_management_plugin.cc index d3502b27d75..8bd6138364f 100644 --- a/plugin/example_key_management/example_key_management_plugin.cc +++ b/plugin/example_key_management/example_key_management_plugin.cc @@ -104,8 +104,8 @@ static int example_key_management_plugin_init(void *p) { /* init */ my_rnd_init(&seed, time(0), 0); - get_latest_key_version(1); pthread_mutex_init(&mutex, NULL); + get_latest_key_version(1); return 0; } From 87b46dcdc9c7f452c896d698c2d6d6d051b165fe Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Apr 2015 13:30:12 +0200 Subject: [PATCH 58/65] disable scrubbing tests on windows unportable, use grep --- mysql-test/suite/innodb/t/innodb_scrub.test | 1 + mysql-test/suite/innodb/t/innodb_scrub_background.test | 1 + mysql-test/suite/innodb/t/innodb_scrub_compressed.test | 1 + 3 files changed, 3 insertions(+) diff --git a/mysql-test/suite/innodb/t/innodb_scrub.test b/mysql-test/suite/innodb/t/innodb_scrub.test index 4b370b3e148..32170567b4c 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub.test +++ b/mysql-test/suite/innodb/t/innodb_scrub.test @@ -1,6 +1,7 @@ -- source include/have_innodb.inc -- source include/not_embedded.inc -- source include/have_example_key_management_plugin.inc +-- source include/not_windows.inc let $MYSQLD_DATADIR=`select @@datadir`; let ib1_IBD = $MYSQLD_DATADIR/ibdata1; diff --git a/mysql-test/suite/innodb/t/innodb_scrub_background.test b/mysql-test/suite/innodb/t/innodb_scrub_background.test index 44cb16b1241..b5b7e3288d0 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub_background.test +++ b/mysql-test/suite/innodb/t/innodb_scrub_background.test @@ -1,6 +1,7 @@ -- source include/have_innodb.inc -- source include/not_embedded.inc -- source include/have_example_key_management_plugin.inc +-- source include/not_windows.inc let $MYSQLD_DATADIR=`select @@datadir`; let ib1_IBD = $MYSQLD_DATADIR/ibdata1; diff --git a/mysql-test/suite/innodb/t/innodb_scrub_compressed.test b/mysql-test/suite/innodb/t/innodb_scrub_compressed.test index c89c32a4de8..d41edac7494 100644 --- a/mysql-test/suite/innodb/t/innodb_scrub_compressed.test +++ b/mysql-test/suite/innodb/t/innodb_scrub_compressed.test @@ -1,6 +1,7 @@ -- source include/have_innodb.inc -- source include/not_embedded.inc -- source include/have_example_key_management_plugin.inc +-- source include/not_windows.inc let $MYSQLD_DATADIR=`select @@datadir`; let ib1_IBD = $MYSQLD_DATADIR/ibdata1; From 899c5c32cf87166ec945750e45209f1f0c14cca8 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Apr 2015 13:39:29 +0200 Subject: [PATCH 59/65] smarter MY_CHECK_AND_SET_COMPILER_FLAG If a flag is supported only for C or C++ - add it to the corresponding compiler option list. Old behavior was to add always to both, but only if supported in both. --- cmake/check_compiler_flag.cmake | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cmake/check_compiler_flag.cmake b/cmake/check_compiler_flag.cmake index 8eb6ed2176e..4a029659f43 100644 --- a/cmake/check_compiler_flag.cmake +++ b/cmake/check_compiler_flag.cmake @@ -37,16 +37,16 @@ FUNCTION(MY_CHECK_AND_SET_COMPILER_FLAG flag) ENDIF() MY_CHECK_C_COMPILER_FLAG(${flag} HAVE_C_${flag}) MY_CHECK_CXX_COMPILER_FLAG(${flag} HAVE_CXX_${flag}) - IF (HAVE_C_${flag} AND HAVE_CXX_${flag}) - IF(ARGN) - FOREACH(type ${ARGN}) - SET(CMAKE_C_FLAGS_${type} "${CMAKE_C_FLAGS_${type}} ${flag}" PARENT_SCOPE) - SET(CMAKE_CXX_FLAGS_${type} "${CMAKE_CXX_FLAGS_${type}} ${flag}" PARENT_SCOPE) - ENDFOREACH() - ELSE() - SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${flag}" PARENT_SCOPE) - SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${flag}" PARENT_SCOPE) + FOREACH(lang C CXX) + IF (HAVE_${lang}_${flag}) + IF(ARGN) + FOREACH(type ${ARGN}) + SET(CMAKE_${lang}_FLAGS_${type} "${CMAKE_${lang}_FLAGS_${type}} ${flag}" PARENT_SCOPE) + ENDFOREACH() + ELSE() + SET(CMAKE_${lang}_FLAGS "${CMAKE_${lang}_FLAGS} ${flag}" PARENT_SCOPE) + ENDIF() ENDIF() - ENDIF() + ENDFOREACH() ENDFUNCTION() From d2ed256ef7c1abd8ae81b455aa00a7e30703e529 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Apr 2015 14:24:58 +0200 Subject: [PATCH 60/65] move debug_ and example_key_management plugins to test component --- plugin/debug_key_management/CMakeLists.txt | 2 +- plugin/example_key_management/CMakeLists.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugin/debug_key_management/CMakeLists.txt b/plugin/debug_key_management/CMakeLists.txt index 101a790023d..eeb8a3bf4d2 100644 --- a/plugin/debug_key_management/CMakeLists.txt +++ b/plugin/debug_key_management/CMakeLists.txt @@ -1,2 +1,2 @@ MYSQL_ADD_PLUGIN(DEBUG_KEY_MANAGEMENT debug_key_management_plugin.cc - MODULE_ONLY) + MODULE_ONLY COMPONENT Test) diff --git a/plugin/example_key_management/CMakeLists.txt b/plugin/example_key_management/CMakeLists.txt index a121e6c1f7d..fe893e5368e 100644 --- a/plugin/example_key_management/CMakeLists.txt +++ b/plugin/example_key_management/CMakeLists.txt @@ -1,2 +1,2 @@ MYSQL_ADD_PLUGIN(EXAMPLE_KEY_MANAGEMENT example_key_management_plugin.cc - MODULE_ONLY) + MODULE_ONLY COMPONENT Test) From 135f203d28910621a4720b5d71a5513f5882523b Mon Sep 17 00:00:00 2001 From: Alexander Barkov Date: Fri, 10 Apr 2015 17:04:44 +0400 Subject: [PATCH 61/65] A cleanup for the contributed patch for MDEV-7816 ALTER with DROP INDEX and ADD INDEX .. COMMENT='comment2' ignores the new comment --- mysql-test/r/alter_table.result | 9 +++++++++ mysql-test/t/alter_table.test | 14 +++++++++++--- sql/sql_table.cc | 5 +++-- 3 files changed, 23 insertions(+), 5 deletions(-) diff --git a/mysql-test/r/alter_table.result b/mysql-test/r/alter_table.result index a7f8ffcc9ec..b8ca95c3b45 100644 --- a/mysql-test/r/alter_table.result +++ b/mysql-test/r/alter_table.result @@ -2007,6 +2007,12 @@ INSERT INTO t1 VALUES (1),(2),(3),(4),(5),(6),(7),(8); INSERT INTO t1 SELECT a.* FROM t1 a, t1 b, t1 c, t1 d, t1 e; ALTER TABLE t1 MODIFY i FLOAT; DROP TABLE t1; +# +# Start of 10.1 tests +# +# +# MDEV-7816 ALTER with DROP INDEX and ADD INDEX .. COMMENT='comment2' ignores the new comment +# CREATE TABLE t1(a INT); CREATE INDEX i1 ON t1(a) COMMENT 'comment1'; ALTER TABLE t1 DROP INDEX i1, ADD INDEX i1(a) COMMENT 'comment2'; @@ -2017,3 +2023,6 @@ t1 CREATE TABLE `t1` ( KEY `i1` (`a`) COMMENT 'comment2' ) ENGINE=MyISAM DEFAULT CHARSET=latin1 DROP TABLE t1; +# +# Start of 10.1 tests +# diff --git a/mysql-test/t/alter_table.test b/mysql-test/t/alter_table.test index 0c0672de3e2..8a4ad35765c 100644 --- a/mysql-test/t/alter_table.test +++ b/mysql-test/t/alter_table.test @@ -1697,11 +1697,19 @@ INSERT INTO t1 SELECT a.* FROM t1 a, t1 b, t1 c, t1 d, t1 e; ALTER TABLE t1 MODIFY i FLOAT; DROP TABLE t1; -# -# MDEV-7816 ALTER with DROP INDEX and ADD INDEX .. COMMENT='comment2' ignores the new comment -# +--echo # +--echo # Start of 10.1 tests +--echo # + +--echo # +--echo # MDEV-7816 ALTER with DROP INDEX and ADD INDEX .. COMMENT='comment2' ignores the new comment +--echo # CREATE TABLE t1(a INT); CREATE INDEX i1 ON t1(a) COMMENT 'comment1'; ALTER TABLE t1 DROP INDEX i1, ADD INDEX i1(a) COMMENT 'comment2'; SHOW CREATE TABLE t1; DROP TABLE t1; + +--echo # +--echo # Start of 10.1 tests +--echo # diff --git a/sql/sql_table.cc b/sql/sql_table.cc index 67abb91ec0a..7e84ac283f2 100644 --- a/sql/sql_table.cc +++ b/sql/sql_table.cc @@ -6387,8 +6387,9 @@ static bool fill_alter_inplace_info(THD *thd, /* Check that key comment is not changed. */ if (table_key->comment.length != new_key->comment.length || (table_key->comment.length && - strcmp(table_key->comment.str, new_key->comment.str) != 0)) - goto index_changed; + memcmp(table_key->comment.str, new_key->comment.str, + table_key->comment.length) != 0)) + goto index_changed; continue; From 24341cb6cb8614f6b282ca05cfa3b8474743b5ed Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 10 Apr 2015 18:01:53 +0200 Subject: [PATCH 62/65] add encryption plugins to deb packages --- debian/dist/Debian/mariadb-server-10.1.files.in | 1 + debian/dist/Ubuntu/mariadb-server-10.1.files.in | 1 + debian/mariadb-test-10.1.files | 2 ++ 3 files changed, 4 insertions(+) diff --git a/debian/dist/Debian/mariadb-server-10.1.files.in b/debian/dist/Debian/mariadb-server-10.1.files.in index a81549d66bf..f6ffbc3388c 100644 --- a/debian/dist/Debian/mariadb-server-10.1.files.in +++ b/debian/dist/Debian/mariadb-server-10.1.files.in @@ -1,5 +1,6 @@ usr/lib/mysql/plugin/auth_pam.so usr/lib/mysql/plugin/auth_socket.so +usr/lib/mysql/plugin/file_key_management.so usr/lib/mysql/plugin/ha_archive.so usr/lib/mysql/plugin/ha_blackhole.so usr/lib/mysql/plugin/ha_federated.so diff --git a/debian/dist/Ubuntu/mariadb-server-10.1.files.in b/debian/dist/Ubuntu/mariadb-server-10.1.files.in index 534ccf84896..0e07df3e05f 100644 --- a/debian/dist/Ubuntu/mariadb-server-10.1.files.in +++ b/debian/dist/Ubuntu/mariadb-server-10.1.files.in @@ -1,5 +1,6 @@ usr/lib/mysql/plugin/auth_pam.so usr/lib/mysql/plugin/auth_socket.so +usr/lib/mysql/plugin/file_key_management.so usr/lib/mysql/plugin/ha_archive.so usr/lib/mysql/plugin/ha_blackhole.so usr/lib/mysql/plugin/ha_federated.so diff --git a/debian/mariadb-test-10.1.files b/debian/mariadb-test-10.1.files index 767f040b45a..dbb551a9407 100644 --- a/debian/mariadb-test-10.1.files +++ b/debian/mariadb-test-10.1.files @@ -1,3 +1,5 @@ +usr/lib/mysql/plugin/debug_key_management.so +usr/lib/mysql/plugin/example_key_management.so usr/lib/mysql/plugin/dialog_examples.so usr/lib/mysql/plugin/auth_test_plugin.so usr/lib/mysql/plugin/qa_auth_interface.so From 4a7472bbf25471a3ffe6ad1b17fd9f4c27e8aaab Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sat, 11 Apr 2015 00:28:42 +0200 Subject: [PATCH 63/65] fix a crash in innodb.innodb-wl5522-zip,xtradb dereferencing of the uninitialized pointer bpade->slot (when compiled without UNIV_DEBUG) --- storage/innobase/buf/buf0buf.cc | 2 ++ storage/xtradb/buf/buf0buf.cc | 2 ++ 2 files changed, 4 insertions(+) diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index d3d7b161fa3..64f40fad1d9 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -3825,6 +3825,8 @@ err_exit: page_zip_set_size(&bpage->zip, zip_size); bpage->zip.data = (page_zip_t*) data; + bpage->slot = NULL; + mutex_enter(&buf_pool->zip_mutex); UNIV_MEM_DESC(bpage->zip.data, page_zip_get_size(&bpage->zip)); diff --git a/storage/xtradb/buf/buf0buf.cc b/storage/xtradb/buf/buf0buf.cc index 29e9ef5f938..dc2b81872ae 100644 --- a/storage/xtradb/buf/buf0buf.cc +++ b/storage/xtradb/buf/buf0buf.cc @@ -3895,6 +3895,8 @@ err_exit: page_zip_set_size(&bpage->zip, zip_size); bpage->zip.data = (page_zip_t*) data; + bpage->slot = NULL; + mutex_enter(&buf_pool->zip_mutex); UNIV_MEM_DESC(bpage->zip.data, page_zip_get_size(&bpage->zip)); From 4e15146fe66f75e4b0289dd0142c71f697ffa44c Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Sat, 11 Apr 2015 10:13:49 +0200 Subject: [PATCH 64/65] update tokudb test results after dd8f93195 that is, after commit dd8f931957e0c6fb538fffff76f40239e624096c Author: Sergei Golubchik Date: Fri Apr 10 02:36:54 2015 +0200 be less annoying about sysvar-based table attributes do not *always* add them to the create table definition, but only when a sysvar value is different from a default. also, when adding them - don't quote numbers --- .../mysql-test/tokudb/r/auto_increment.result | 2 +- .../r/change_column_char_default.result | 6 +-- .../tokudb/r/change_column_int_default.result | 40 +++++++++--------- .../tokudb/r/change_column_varbin.result | 2 +- .../r/change_column_varbin_default.result | 8 ++-- .../r/change_column_varbin_multiple.result | 8 ++-- .../tokudb/r/change_column_varchar.result | 2 +- .../r/change_column_varchar_default.result | 8 ++-- .../r/change_column_varchar_prefix_a.result | 2 +- .../r/change_column_varchar_prefix_b.result | 2 +- .../change_column_varchar_sum_cross256.result | 8 ++-- .../mysql-test/tokudb/r/cluster_2968-0.result | 8 ++-- .../mysql-test/tokudb/r/cluster_2968-1.result | 20 ++++----- .../mysql-test/tokudb/r/cluster_2968-2.result | 20 ++++----- .../mysql-test/tokudb/r/cluster_2968-3.result | 18 ++++---- .../tokudb/r/cluster_create_table.result | 6 +-- .../mysql-test/tokudb/r/ctype_collate.result | 6 +-- .../tokudb/r/ctype_cp1250_ch.result | 4 +- .../tokudb/mysql-test/tokudb/r/mvcc-10.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-11.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-12.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-13.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-14.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-15.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-16.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-17.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-18.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-21.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-22.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-23.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-25.result | 4 +- .../tokudb/mysql-test/tokudb/r/mvcc-3.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-33.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-34.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-35.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-36.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-37.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-38.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-39.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-4.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-40.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-5.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-6.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-7.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-8.result | 2 +- .../tokudb/mysql-test/tokudb/r/mvcc-9.result | 2 +- .../tokudb/r/mvcc-checksum-locks.result | 2 +- .../mysql-test/tokudb/r/type_binary.result | 2 +- .../mysql-test/tokudb/r/type_bit.result | 6 +-- .../mysql-test/tokudb/r/type_blob.result | 10 ++--- .../mysql-test/tokudb/r/type_datetime.result | 4 +- .../mysql-test/tokudb/r/type_decimal.result | 6 +-- .../mysql-test/tokudb/r/type_enum.result | 20 ++++----- .../mysql-test/tokudb/r/type_float.result | 4 +- .../mysql-test/tokudb/r/type_nchar.result | 14 +++--- .../tokudb/r/type_newdecimal.result | 18 ++++---- .../mysql-test/tokudb/r/type_set.result | 8 ++-- .../mysql-test/tokudb/r/type_timestamp.result | 18 ++++---- .../mysql-test/tokudb/r/type_varchar.result | 8 ++-- .../tokudb_alter_table/r/ai_part.result | 4 +- .../r/alter_column_default.result | 10 ++--- .../tokudb_alter_table/r/auto_inc.result | 6 +-- .../tokudb_alter_table/r/frm_discover.result | 8 ++-- .../r/hcad_and_rename_table.result | 4 +- .../tokudb_alter_table/r/hcad_part.result | 4 +- .../tokudb_alter_table/r/hcr.result | 2 +- .../tokudb_alter_table/r/hcr3.result | 6 +-- .../tokudb_alter_table/r/other_alter.result | 2 +- .../tokudb_alter_table/r/other_alter2.result | 2 +- .../r/row_format_alter.result | 4 +- .../r/test_field_same_detection.result | Bin 6579 -> 6551 bytes .../mysql-test/tokudb_bugs/r/2952.result | 6 +-- .../mysql-test/tokudb_bugs/r/5089.result | 2 +- .../tokudb_bugs/r/dict_leak_3518.result | 12 +++--- .../mysql-test/tokudb_bugs/r/frm_store.result | 8 ++-- .../tokudb_bugs/r/frm_store2.result | 4 +- .../tokudb_bugs/r/frm_store3.result | 4 +- .../tokudb_mariadb/r/229cols.result | 6 +-- .../mysql-test/tokudb_mariadb/r/alter.result | 6 +-- .../tokudb_mariadb/r/clustering.result | 2 +- 80 files changed, 225 insertions(+), 225 deletions(-) diff --git a/storage/tokudb/mysql-test/tokudb/r/auto_increment.result b/storage/tokudb/mysql-test/tokudb/r/auto_increment.result index 140c943081f..ce576c337d3 100644 --- a/storage/tokudb/mysql-test/tokudb/r/auto_increment.result +++ b/storage/tokudb/mysql-test/tokudb/r/auto_increment.result @@ -376,7 +376,7 @@ t1 CREATE TABLE `t1` ( `t1_id` int(10) unsigned NOT NULL AUTO_INCREMENT, PRIMARY KEY (`t1_id`), KEY `t1_name` (`t1_name`) -) ENGINE=TokuDB AUTO_INCREMENT=1003 DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB AUTO_INCREMENT=1003 DEFAULT CHARSET=latin1 DROP TABLE `t1`; create table t1(a int not null auto_increment primary key); create table t2(a int not null auto_increment primary key, t1a int); diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_char_default.result b/storage/tokudb/mysql-test/tokudb/r/change_column_char_default.result index f9df80c8fd6..b32ea1498c1 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_char_default.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_char_default.result @@ -7,19 +7,19 @@ Table Create Table t CREATE TABLE `t` ( `a` char(100) NOT NULL DEFAULT '', `b` binary(200) NOT NULL DEFAULT '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a CHAR(101) NOT NULL DEFAULT 'a'; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` char(101) NOT NULL DEFAULT 'a', `b` binary(200) NOT NULL DEFAULT '\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN b b BINARY(201) NOT NULL DEFAULT 'b'; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` char(101) NOT NULL DEFAULT 'a', `b` binary(201) NOT NULL DEFAULT 'b\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE t; diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_int_default.result b/storage/tokudb/mysql-test/tokudb/r/change_column_int_default.result index 2d450f4991a..558d153711c 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_int_default.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_int_default.result @@ -7,31 +7,31 @@ SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` tinyint(4) DEFAULT '100' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a SMALLINT DEFAULT 200; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` smallint(6) DEFAULT '200' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a MEDIUMINT DEFAULT 300; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` mediumint(9) DEFAULT '300' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a INT DEFAULT 400; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` int(11) DEFAULT '400' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a BIGINT DEFAULT 500; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` bigint(20) DEFAULT '500' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE t; CREATE TABLE t (a TINYINT NOT NULL DEFAULT 1); ALTER TABLE t CHANGE COLUMN a a TINYINT NOT NULL DEFAULT 100; @@ -39,31 +39,31 @@ SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` tinyint(4) NOT NULL DEFAULT '100' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a SMALLINT NOT NULL DEFAULT 200; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` smallint(6) NOT NULL DEFAULT '200' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a MEDIUMINT NOT NULL DEFAULT 300; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` mediumint(9) NOT NULL DEFAULT '300' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a INT NOT NULL DEFAULT 400; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` int(11) NOT NULL DEFAULT '400' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a BIGINT NOT NULL DEFAULT 500; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` bigint(20) NOT NULL DEFAULT '500' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE t; CREATE TABLE t (a TINYINT UNSIGNED DEFAULT 1); ALTER TABLE t CHANGE COLUMN a a TINYINT UNSIGNED DEFAULT 100; @@ -71,31 +71,31 @@ SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` tinyint(3) unsigned DEFAULT '100' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a SMALLINT UNSIGNED DEFAULT 200; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` smallint(5) unsigned DEFAULT '200' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a MEDIUMINT UNSIGNED DEFAULT 300; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` mediumint(8) unsigned DEFAULT '300' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a INT UNSIGNED DEFAULT 400; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` int(10) unsigned DEFAULT '400' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a BIGINT UNSIGNED DEFAULT 500; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` bigint(20) unsigned DEFAULT '500' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE t; CREATE TABLE t (a TINYINT UNSIGNED NOT NULL DEFAULT 1); ALTER TABLE t CHANGE COLUMN a a TINYINT UNSIGNED NOT NULL DEFAULT 100; @@ -103,29 +103,29 @@ SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` tinyint(3) unsigned NOT NULL DEFAULT '100' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a SMALLINT UNSIGNED NOT NULL DEFAULT 200; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` smallint(5) unsigned NOT NULL DEFAULT '200' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a MEDIUMINT UNSIGNED NOT NULL DEFAULT 300; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` mediumint(8) unsigned NOT NULL DEFAULT '300' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a INT UNSIGNED NOT NULL DEFAULT 400; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` int(10) unsigned NOT NULL DEFAULT '400' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a BIGINT UNSIGNED NOT NULL DEFAULT 500; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` bigint(20) unsigned NOT NULL DEFAULT '500' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE t; diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varbin.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varbin.result index d18c38721e6..635afaf0895 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varbin.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varbin.result @@ -5,7 +5,7 @@ SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varbinary(1) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARBINARY(2); ALTER TABLE t CHANGE COLUMN a a VARBINARY(2); ALTER TABLE t CHANGE COLUMN a a VARBINARY(3); diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_default.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_default.result index 344c78c53be..874233af69c 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_default.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_default.result @@ -6,21 +6,21 @@ Table Create Table t CREATE TABLE `t` ( `a` varbinary(100) NOT NULL DEFAULT '', `b` varbinary(256) NOT NULL DEFAULT '' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARBINARY(255) NOT NULL DEFAULT 'a'; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varbinary(255) NOT NULL DEFAULT 'a', `b` varbinary(256) NOT NULL DEFAULT '' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARBINARY(256) NOT NULL DEFAULT 'b'; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varbinary(256) NOT NULL DEFAULT 'b', `b` varbinary(256) NOT NULL DEFAULT '' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN b b VARBINARY(255) NOT NULL DEFAULT 'c'; ERROR 42000: Table 't' uses an extension that doesn't exist in this XYZ version ALTER TABLE t CHANGE COLUMN b b VARBINARY(1024) NOT NULL DEFAULT 'd'; @@ -29,7 +29,7 @@ Table Create Table t CREATE TABLE `t` ( `a` varbinary(256) NOT NULL DEFAULT 'b', `b` varbinary(1024) NOT NULL DEFAULT 'd' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN b b VARBINARY(256) NOT NULL DEFAULT 'e'; ERROR 42000: Table 't' uses an extension that doesn't exist in this XYZ version DROP TABLE t; diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_multiple.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_multiple.result index d1577ee0d84..3da19a3fd62 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_multiple.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varbin_multiple.result @@ -12,14 +12,14 @@ Table Create Table t CREATE TABLE `t` ( `a` varbinary(101) DEFAULT NULL, `b` varbinary(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARBINARY(200); SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varbinary(200) DEFAULT NULL, `b` varbinary(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 SELECT * FROM t; a b hi there @@ -38,7 +38,7 @@ t CREATE TABLE `t` ( `i` int(11) DEFAULT NULL, `a` varbinary(101) DEFAULT NULL, `b` varbinary(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARBINARY(200); SHOW CREATE TABLE t; Table Create Table @@ -46,7 +46,7 @@ t CREATE TABLE `t` ( `i` int(11) DEFAULT NULL, `a` varbinary(200) DEFAULT NULL, `b` varbinary(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 SELECT * FROM t; i a b 1 hi there diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar.result index 5018e2db278..2e7da5ed5ef 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar.result @@ -5,7 +5,7 @@ SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varchar(1) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 INSERT INTO t VALUES (null); ALTER TABLE t CHANGE COLUMN a a VARCHAR(2); ALTER TABLE t CHANGE COLUMN a a VARCHAR(2); diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_default.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_default.result index b04e5d7bc36..c9ea9737e5f 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_default.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_default.result @@ -6,21 +6,21 @@ Table Create Table t CREATE TABLE `t` ( `a` varchar(100) NOT NULL DEFAULT '', `b` varchar(256) NOT NULL DEFAULT '' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARCHAR(255) NOT NULL DEFAULT 'a'; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varchar(255) NOT NULL DEFAULT 'a', `b` varchar(256) NOT NULL DEFAULT '' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARCHAR(256) NOT NULL DEFAULT 'b'; SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varchar(256) NOT NULL DEFAULT 'b', `b` varchar(256) NOT NULL DEFAULT '' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN b b VARCHAR(255) NOT NULL DEFAULT 'c'; ERROR 42000: Table 't' uses an extension that doesn't exist in this XYZ version ALTER TABLE t CHANGE COLUMN b b VARCHAR(1024) NOT NULL DEFAULT 'd'; @@ -29,7 +29,7 @@ Table Create Table t CREATE TABLE `t` ( `a` varchar(256) NOT NULL DEFAULT 'b', `b` varchar(1024) NOT NULL DEFAULT 'd' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN b b VARCHAR(256) NOT NULL DEFAULT 'e'; ERROR 42000: Table 't' uses an extension that doesn't exist in this XYZ version DROP TABLE t; diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_a.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_a.result index 30bdc54acbf..d40f4abdd4a 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_a.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_a.result @@ -8,7 +8,7 @@ t CREATE TABLE `t` ( `a` varchar(32) DEFAULT NULL, `b` varchar(32) DEFAULT NULL, KEY `a` (`a`(2)) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARCHAR(100); ERROR 42000: Table 't' uses an extension that doesn't exist in this XYZ version ALTER TABLE t CHANGE COLUMN a a VARCHAR(256); diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_b.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_b.result index dfe9d12b047..6cbf0f9b5b7 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_b.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_prefix_b.result @@ -8,7 +8,7 @@ t CREATE TABLE `t` ( `a` varchar(32) DEFAULT NULL, `b` varchar(32) DEFAULT NULL, KEY `a` (`a`(2)) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN b b VARCHAR(100); ALTER TABLE t CHANGE COLUMN b b VARCHAR(256); DROP TABLE t; diff --git a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_sum_cross256.result b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_sum_cross256.result index 2d91d590dd4..2d56f6b7319 100644 --- a/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_sum_cross256.result +++ b/storage/tokudb/mysql-test/tokudb/r/change_column_varchar_sum_cross256.result @@ -12,14 +12,14 @@ Table Create Table t CREATE TABLE `t` ( `a` varchar(101) DEFAULT NULL, `b` varchar(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARCHAR(200); SHOW CREATE TABLE t; Table Create Table t CREATE TABLE `t` ( `a` varchar(200) DEFAULT NULL, `b` varchar(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 SELECT * FROM t; a b hi there @@ -38,7 +38,7 @@ t CREATE TABLE `t` ( `i` int(11) DEFAULT NULL, `a` varchar(101) DEFAULT NULL, `b` varchar(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE t CHANGE COLUMN a a VARCHAR(200); SHOW CREATE TABLE t; Table Create Table @@ -46,7 +46,7 @@ t CREATE TABLE `t` ( `i` int(11) DEFAULT NULL, `a` varchar(200) DEFAULT NULL, `b` varchar(100) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 SELECT * FROM t; i a b 1 hi there diff --git a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-0.result b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-0.result index 4e23ce34a0c..1e0935543dc 100644 --- a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-0.result +++ b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-0.result @@ -1009,14 +1009,14 @@ s CREATE TABLE `s` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL NULL NULL NULL NULL 1000 @@ -1030,7 +1030,7 @@ s CREATE TABLE `s` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1038,7 +1038,7 @@ t CREATE TABLE `t` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s index b b 5 NULL 1000 Using where; Using index diff --git a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-1.result b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-1.result index b124834f7c8..9337718ce35 100644 --- a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-1.result +++ b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-1.result @@ -1009,14 +1009,14 @@ s CREATE TABLE `s` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL NULL NULL NULL NULL 1000 @@ -1030,7 +1030,7 @@ s CREATE TABLE `s` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1038,7 +1038,7 @@ t CREATE TABLE `t` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL b NULL NULL NULL 1000 Using where @@ -1057,7 +1057,7 @@ s CREATE TABLE `s` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_2` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1066,7 +1066,7 @@ t CREATE TABLE `t` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_2` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s index b,b_2 b_2 5 NULL 1000 Using where; Using index @@ -1080,7 +1080,7 @@ s CREATE TABLE `s` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b_2` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1088,7 +1088,7 @@ t CREATE TABLE `t` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b_2` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s index b_2 b_2 5 NULL 1000 Using where; Using index @@ -1107,7 +1107,7 @@ s CREATE TABLE `s` ( `c` int(11) DEFAULT NULL, KEY `b_2` (`b`) `clustering`=yes, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1116,7 +1116,7 @@ t CREATE TABLE `t` ( `c` int(11) DEFAULT NULL, KEY `b_2` (`b`) `clustering`=yes, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s index b_2,b b_2 5 NULL 1000 Using where; Using index diff --git a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-2.result b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-2.result index cfb4ec696ce..710509b2acf 100644 --- a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-2.result +++ b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-2.result @@ -1009,14 +1009,14 @@ s CREATE TABLE `s` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join s.a,t.a from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL NULL NULL NULL NULL 1000 @@ -1030,7 +1030,7 @@ s CREATE TABLE `s` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1038,7 +1038,7 @@ t CREATE TABLE `t` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join s.a,t.a from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL b NULL NULL NULL 1000 Using where @@ -1053,7 +1053,7 @@ s CREATE TABLE `s` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_2` (`b`,`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1062,7 +1062,7 @@ t CREATE TABLE `t` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_2` (`b`,`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join s.a,t.a from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s index b,b_2 b_2 10 NULL 1000 Using where; Using index @@ -1082,7 +1082,7 @@ s CREATE TABLE `s` ( KEY `b` (`b`), KEY `b_2` (`b`,`a`), KEY `b_3` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1092,7 +1092,7 @@ t CREATE TABLE `t` ( KEY `b` (`b`), KEY `b_2` (`b`,`a`), KEY `b_3` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join s.a,t.a from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s index b,b_2,b_3 b_2 10 NULL 1000 Using where; Using index @@ -1107,7 +1107,7 @@ s CREATE TABLE `s` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_3` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1116,7 +1116,7 @@ t CREATE TABLE `t` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_3` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join s.a,t.a from s,t where s.b = t.b; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s index b,b_3 b_3 5 NULL 1000 Using where; Using index diff --git a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-3.result b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-3.result index a36df1f251e..660d63c54c8 100644 --- a/storage/tokudb/mysql-test/tokudb/r/cluster_2968-3.result +++ b/storage/tokudb/mysql-test/tokudb/r/cluster_2968-3.result @@ -1012,21 +1012,21 @@ s CREATE TABLE `s` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table u; Table Create Table u CREATE TABLE `u` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t,u where s.b = t.b and s.c = t.c; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL NULL NULL NULL NULL 1000 @@ -1042,7 +1042,7 @@ s CREATE TABLE `s` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1050,7 +1050,7 @@ t CREATE TABLE `t` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table u; Table Create Table u CREATE TABLE `u` ( @@ -1058,7 +1058,7 @@ u CREATE TABLE `u` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, KEY `c` (`c`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t,u where s.b = t.b and s.c = u.c; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL b NULL NULL NULL 1000 Using where @@ -1081,7 +1081,7 @@ s CREATE TABLE `s` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_2` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table t; Table Create Table t CREATE TABLE `t` ( @@ -1090,7 +1090,7 @@ t CREATE TABLE `t` ( `c` int(11) DEFAULT NULL, KEY `b` (`b`), KEY `b_2` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table u; Table Create Table u CREATE TABLE `u` ( @@ -1099,7 +1099,7 @@ u CREATE TABLE `u` ( `c` int(11) DEFAULT NULL, KEY `c` (`c`), KEY `c_2` (`c`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select straight_join * from s,t,u where s.b = t.b and s.c = u.c; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE s ALL b,b_2 NULL NULL NULL 1000 Using where diff --git a/storage/tokudb/mysql-test/tokudb/r/cluster_create_table.result b/storage/tokudb/mysql-test/tokudb/r/cluster_create_table.result index 5ffa89eaf6c..914c3edc6ac 100644 --- a/storage/tokudb/mysql-test/tokudb/r/cluster_create_table.result +++ b/storage/tokudb/mysql-test/tokudb/r/cluster_create_table.result @@ -11,7 +11,7 @@ t1 CREATE TABLE `t1` ( `d` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 create index foo on t1(c,d) clustering=yes; show create table t1; Table Create Table @@ -23,7 +23,7 @@ t1 CREATE TABLE `t1` ( PRIMARY KEY (`a`), KEY `b` (`b`) `clustering`=yes, KEY `foo` (`c`,`d`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 alter table t1 drop primary key; alter table t1 add primary key (a,b,c,d); alter table t1 add key bar(d,c,b,a) clustering=yes; @@ -38,7 +38,7 @@ t1 CREATE TABLE `t1` ( KEY `b` (`b`) `clustering`=yes, KEY `foo` (`c`,`d`) `clustering`=yes, KEY `bar` (`d`,`c`,`b`,`a`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 value (1,1,1,1),(2,2,2,2),(3,3,3,3),(4,4,4,4),(32,54,12,56); explain select * from t1; id select_type table type possible_keys key key_len ref rows Extra diff --git a/storage/tokudb/mysql-test/tokudb/r/ctype_collate.result b/storage/tokudb/mysql-test/tokudb/r/ctype_collate.result index e6de51b896d..6254005d2bb 100644 --- a/storage/tokudb/mysql-test/tokudb/r/ctype_collate.result +++ b/storage/tokudb/mysql-test/tokudb/r/ctype_collate.result @@ -486,7 +486,7 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( `latin1_f` char(32) NOT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 SHOW FIELDS FROM t1; Field Type Null Key Default Extra latin1_f char(32) NO NULL @@ -496,7 +496,7 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( `latin1_f` char(32) CHARACTER SET latin1 COLLATE latin1_bin DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 SHOW FIELDS FROM t1; Field Type Null Key Default Extra latin1_f char(32) YES NULL @@ -505,7 +505,7 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( `latin1_f` char(32) COLLATE latin1_bin DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 COLLATE=latin1_bin SHOW FIELDS FROM t1; Field Type Null Key Default Extra latin1_f char(32) YES NULL diff --git a/storage/tokudb/mysql-test/tokudb/r/ctype_cp1250_ch.result b/storage/tokudb/mysql-test/tokudb/r/ctype_cp1250_ch.result index 0c450b38fda..3efeb757b61 100644 --- a/storage/tokudb/mysql-test/tokudb/r/ctype_cp1250_ch.result +++ b/storage/tokudb/mysql-test/tokudb/r/ctype_cp1250_ch.result @@ -94,7 +94,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `name` varchar(10) DEFAULT NULL, `level` smallint(5) unsigned DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=cp1250 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=cp1250 insert into t1 values ('string',1); select concat(name,space(level)), concat(name, repeat(' ',level)) from t1; concat(name,space(level)) concat(name, repeat(' ',level)) @@ -196,7 +196,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `name` varchar(10) COLLATE cp1250_czech_cs DEFAULT NULL, `level` smallint(5) unsigned DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=cp1250 COLLATE=cp1250_czech_cs `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=cp1250 COLLATE=cp1250_czech_cs insert into t1 values ('string',1); select concat(name,space(level)), concat(name, repeat(' ',level)) from t1; concat(name,space(level)) concat(name, repeat(' ',level)) diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-10.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-10.result index b0eedf1e33e..319048cfd8b 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-10.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-10.result @@ -8,7 +8,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` varchar(100) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session transaction isolation level repeatable read; begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-11.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-11.result index c7efe887e33..a89ba26a461 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-11.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-11.result @@ -6,7 +6,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1); begin; insert into foo values (2); diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-12.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-12.result index e061dd7252a..b307f487f03 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-12.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-12.result @@ -7,7 +7,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1); begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-13.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-13.result index 2073e3e26ce..2f87ddb26cc 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-13.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-13.result @@ -7,7 +7,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 begin; select * from foo; a diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-14.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-14.result index 8fb95595c85..eecb674346f 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-14.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-14.result @@ -7,7 +7,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 begin; select * from foo; a diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-15.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-15.result index 65732a84585..0b7d96dd7b5 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-15.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-15.result @@ -7,7 +7,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 begin; select * from foo; a diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-16.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-16.result index 0379dc05d5e..7ee801d88b2 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-16.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-16.result @@ -7,7 +7,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 begin; select * from foo; a diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-17.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-17.result index c0191bedb47..fe3322b9fb7 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-17.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-17.result @@ -8,7 +8,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session tokudb_load_save_space=0; set session transaction isolation level repeatable read; begin; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-18.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-18.result index c36a872fd30..1edda2650e2 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-18.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-18.result @@ -8,7 +8,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session tokudb_load_save_space=1; set session transaction isolation level repeatable read; begin; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-21.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-21.result index 88e6efd2b02..bee7c8b4549 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-21.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-21.result @@ -8,7 +8,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` varchar(100) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session transaction isolation level repeatable read; begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-22.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-22.result index 7790a3ff5ff..5d986701785 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-22.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-22.result @@ -8,7 +8,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` varchar(100) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session transaction isolation level repeatable read; begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-23.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-23.result index 1d2bcc175c7..9ea3c631d17 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-23.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-23.result @@ -8,7 +8,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` varchar(100) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session transaction isolation level repeatable read; begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-25.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-25.result index 37e19f0cff5..427d1ca5c3f 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-25.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-25.result @@ -10,14 +10,14 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` varchar(100) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table bar; Table Create Table bar CREATE TABLE `bar` ( `a` int(11) NOT NULL DEFAULT '0', `b` varchar(100) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session transaction isolation level repeatable read; begin; # should be empty diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-3.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-3.result index 878bed00102..684dd147b07 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-3.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-3.result @@ -10,7 +10,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,1); begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-33.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-33.result index 7a520ffb0e1..38acca99831 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-33.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-33.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,10,100),(2,20,200),(3,30,300),(4,40,400),(5,50,500),(6,60,600),(7,70,700),(8,80,800),(9,90,900); begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-34.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-34.result index d725bd33c95..e1795bbc832 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-34.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-34.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,10,100),(2,20,200),(3,30,300),(4,40,400),(5,50,500),(6,60,600),(7,70,700),(8,80,800),(9,90,900); begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-35.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-35.result index 4daac248bd8..86fb9670fce 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-35.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-35.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,10,100),(2,20,200),(3,30,300),(4,40,400),(5,50,500),(6,60,600),(7,70,700),(8,80,800),(9,90,900); begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-36.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-36.result index ba4a455e529..d982ff3249d 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-36.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-36.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,10,100),(2,20,200),(3,30,300),(4,40,400),(5,50,500),(6,60,600),(7,70,700),(8,80,800),(9,90,900); begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-37.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-37.result index 5209adeeac6..3e1ad76dd3d 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-37.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-37.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,10,100),(2,20,200),(3,30,300),(4,40,400),(5,50,500),(6,60,600),(7,70,700),(8,80,800),(9,90,900); begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-38.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-38.result index 936a50b1709..5ee3c72e91e 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-38.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-38.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 create table foo_isam (a int, b int, c int) engine=MyISAM; insert into foo values (1,10,100),(2,20,200),(3,30,300),(4,40,400),(5,50,500),(6,60,600),(7,70,700),(8,80,800),(9,90,900); begin; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-39.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-39.result index cd9baa23c09..905d5c2292a 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-39.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-39.result @@ -7,7 +7,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1),(2),(3); set session transaction isolation level repeatable read; begin; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-4.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-4.result index 499eca4053d..ce8aa725f5b 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-4.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-4.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 #should read (1,1) select * from foo; a b diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-40.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-40.result index da77da35ce3..1330fe41c50 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-40.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-40.result @@ -7,7 +7,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1),(2),(3); set session transaction isolation level repeatable read; begin; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-5.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-5.result index 3d58de843f0..47204dcc7e1 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-5.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-5.result @@ -9,7 +9,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,1); set session transaction isolation level repeatable read; begin; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-6.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-6.result index e388c2dc5fd..a0c8185b1ab 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-6.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-6.result @@ -10,7 +10,7 @@ foo CREATE TABLE `foo` ( `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (100,100); begin; insert into foo values (1,100); diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-7.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-7.result index 61f115b9f64..ba78f786c31 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-7.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-7.result @@ -9,7 +9,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,100); select * from foo; a b diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-8.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-8.result index 0f1584692da..4e310d2d001 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-8.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-8.result @@ -11,7 +11,7 @@ foo CREATE TABLE `foo` ( `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1,10,100),(2,20,200),(3,30,300),(4,40,400),(5,50,500); create table foo_isam (a int, b int, c int); # should use key b diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-9.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-9.result index b1de77d61b2..b3b45d731f2 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-9.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-9.result @@ -8,7 +8,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` varchar(100) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 set session transaction isolation level repeatable read; begin; select * from foo; diff --git a/storage/tokudb/mysql-test/tokudb/r/mvcc-checksum-locks.result b/storage/tokudb/mysql-test/tokudb/r/mvcc-checksum-locks.result index aa199dd04a9..c6bea70265b 100644 --- a/storage/tokudb/mysql-test/tokudb/r/mvcc-checksum-locks.result +++ b/storage/tokudb/mysql-test/tokudb/r/mvcc-checksum-locks.result @@ -6,7 +6,7 @@ show create table foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into foo values (1),(2),(3); begin; insert into foo values (4); diff --git a/storage/tokudb/mysql-test/tokudb/r/type_binary.result b/storage/tokudb/mysql-test/tokudb/r/type_binary.result index c2f1ded6d92..d3a4582404e 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_binary.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_binary.result @@ -25,7 +25,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `s1` varbinary(20) DEFAULT NULL, `s2` varbinary(20) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values (0x41,0x4100),(0x41,0x4120),(0x4100,0x4120); select hex(s1), hex(s2) from t1; hex(s1) hex(s2) diff --git a/storage/tokudb/mysql-test/tokudb/r/type_bit.result b/storage/tokudb/mysql-test/tokudb/r/type_bit.result index b9813451d94..1d5432e2dd6 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_bit.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_bit.result @@ -43,7 +43,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` bit(1) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (a bit(64)); insert into t1 values @@ -498,7 +498,7 @@ show create table t2; Table Create Table t2 CREATE TABLE `t2` ( `a` bit(7) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1, t2; create table t1 (id1 int(11), b1 bit(1)); create table t2 (id2 int(11), b2 bit(1)); @@ -701,6 +701,6 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` bit(8) DEFAULT NULL, KEY `a` (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; End of 5.1 tests diff --git a/storage/tokudb/mysql-test/tokudb/r/type_blob.result b/storage/tokudb/mysql-test/tokudb/r/type_blob.result index ed9b554e5cb..21d9f57770e 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_blob.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_blob.result @@ -26,12 +26,12 @@ Table Create Table t3 CREATE TABLE `t3` ( `a` mediumtext, `b` mediumblob -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create TABLE t4; Table Create Table t4 CREATE TABLE `t4` ( `c` mediumtext CHARACTER SET utf8 NOT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1,t2,t3,t4; CREATE TABLE t1 (a char(257) default "hello"); ERROR 42000: Column length too big for column 'a' (max = 255); use BLOB or TEXT instead @@ -365,7 +365,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` text, KEY `a` (`a`(2100)) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; CREATE TABLE t1 ( t1_id bigint(21) NOT NULL auto_increment, @@ -672,7 +672,7 @@ t1 CREATE TABLE `t1` ( `e` int(11) DEFAULT NULL, PRIMARY KEY (`a`,`b`,`c`(255),`d`), KEY `a` (`a`,`b`,`d`,`e`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; CREATE table t1 (a blob); insert into t1 values ('b'),('a\0'),('a'),('a '),('aa'),(NULL); @@ -751,7 +751,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` text -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values (default); select * from t1; a diff --git a/storage/tokudb/mysql-test/tokudb/r/type_datetime.result b/storage/tokudb/mysql-test/tokudb/r/type_datetime.result index 82f5ebe9600..77364b90f9d 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_datetime.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_datetime.result @@ -205,7 +205,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `da` date DEFAULT '1962-03-03', `dt` datetime DEFAULT '1962-03-03 00:00:00' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values (); insert into t1 values ('2007-03-23 13:49:38','2007-03-23 13:49:38'); Warnings: @@ -573,7 +573,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `da` date DEFAULT '1962-03-03', `dt` datetime DEFAULT '1962-03-03 00:00:00' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values (); insert into t1 values ('2007-03-23 13:49:38','2007-03-23 13:49:38'); Warnings: diff --git a/storage/tokudb/mysql-test/tokudb/r/type_decimal.result b/storage/tokudb/mysql-test/tokudb/r/type_decimal.result index a432927eda2..5d271bc73fa 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_decimal.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_decimal.result @@ -712,14 +712,14 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `d` decimal(5,0) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (d decimal); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `d` decimal(10,0) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (d decimal(66,0)); ERROR 42000: Too big precision 66 specified for 'd'. Maximum is 65. @@ -880,7 +880,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` decimal(10,0) DEFAULT NULL, `b` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 select round(a,b) as c from t1 order by c; c 1000 diff --git a/storage/tokudb/mysql-test/tokudb/r/type_enum.result b/storage/tokudb/mysql-test/tokudb/r/type_enum.result index cd96b7520b2..85ca32f1697 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_enum.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_enum.result @@ -1628,14 +1628,14 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` enum('','a','b') NOT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (a enum (' ','a','b ') not null default 'b '); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` enum('','a','b') NOT NULL DEFAULT 'b' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (a enum ('0','1')); insert into t1 set a='foobar'; @@ -1660,7 +1660,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` enum('ä','1','2') NOT NULL DEFAULT 'ä' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; set names latin1; CREATE TABLE t1 ( @@ -1672,7 +1672,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` int(11) DEFAULT '1', `b` enum('value','öäü_value','ÊÃÕ') NOT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show columns from t1; Field Type Null Key Default Extra a int(11) YES 1 @@ -1701,7 +1701,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` enum('ä','ö','ü') CHARACTER SET utf8 DEFAULT 'ü' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values ('ä'), ('ö'), ('ü'); select a from t1 order by a; a @@ -1719,7 +1719,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` enum('ä','ö','ü') DEFAULT 'ü' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 select a from t1 order by a; a ä @@ -1753,28 +1753,28 @@ Table Create Table t1 CREATE TABLE `t1` ( `f1` int(11) DEFAULT NULL, `f2` enum('ÿÿ') DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1(russian enum('E','F','EÿF','FÿE') NOT NULL DEFAULT'E'); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `russian` enum('E','F','EÿF','FÿE') NOT NULL DEFAULT 'E' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1(denormal enum('E','F','E,F','F,E') NOT NULL DEFAULT'E'); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `denormal` enum('E','F','E,F','F,E') NOT NULL DEFAULT 'E' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1(russian_deviant enum('E','F','EÿF','F,E') NOT NULL DEFAULT'E'); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `russian_deviant` enum('E','F','EÿF','F,E') NOT NULL DEFAULT 'E' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; CREATE TABLE t1 ( id INT AUTO_INCREMENT PRIMARY KEY, diff --git a/storage/tokudb/mysql-test/tokudb/r/type_float.result b/storage/tokudb/mysql-test/tokudb/r/type_float.result index cdb3db55f75..e9abecc1dee 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_float.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_float.result @@ -96,7 +96,7 @@ t2 CREATE TABLE `t2` ( `col2` double(22,5) DEFAULT NULL, `col3` double DEFAULT NULL, `col4` double DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1,t2; create table t1 (a float); insert into t1 values (1); @@ -239,7 +239,7 @@ show create table t3; Table Create Table t3 CREATE TABLE `t3` ( `d` double DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1, t2, t3; create table t1 select 105213674794682365.00 + 0.0 x; show warnings; diff --git a/storage/tokudb/mysql-test/tokudb/r/type_nchar.result b/storage/tokudb/mysql-test/tokudb/r/type_nchar.result index 0e261807c5c..0dc39a49a7e 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_nchar.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_nchar.result @@ -5,47 +5,47 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c` char(10) CHARACTER SET utf8 DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (c national char(10)); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c` char(10) CHARACTER SET utf8 DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (c national varchar(10)); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c` varchar(10) CHARACTER SET utf8 DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (c nvarchar(10)); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c` varchar(10) CHARACTER SET utf8 DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (c nchar varchar(10)); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c` varchar(10) CHARACTER SET utf8 DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (c national character varying(10)); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c` varchar(10) CHARACTER SET utf8 DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (c nchar varying(10)); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `c` varchar(10) CHARACTER SET utf8 DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; diff --git a/storage/tokudb/mysql-test/tokudb/r/type_newdecimal.result b/storage/tokudb/mysql-test/tokudb/r/type_newdecimal.result index 3f76f54609f..6ab94a1b10b 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_newdecimal.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_newdecimal.result @@ -60,7 +60,7 @@ t1 CREATE TABLE `t1` ( `if(0, NULL, 1.2)` decimal(2,1) DEFAULT NULL, `if(1, 0.22e1, 1.1)` double NOT NULL DEFAULT '0', `if(1E0, 1.1, 1.2)` decimal(2,1) NOT NULL DEFAULT '0.0' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 select nullif(1.1, 1.1), nullif(1.1, 1.2), nullif(1.1, 0.11e1), nullif(1.0, 1), nullif(1, 1.0), nullif(1, 1.1); select * from t1; @@ -75,7 +75,7 @@ t1 CREATE TABLE `t1` ( `nullif(1.0, 1)` decimal(2,1) DEFAULT NULL, `nullif(1, 1.0)` int(1) DEFAULT NULL, `nullif(1, 1.1)` int(1) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (a decimal(4,2)); insert into t1 value (10000), (1.1e10), ("11111"), (100000.1); @@ -179,7 +179,7 @@ t1 CREATE TABLE `t1` ( `truncate(-5678.123451,-3)` decimal(4,0) NOT NULL DEFAULT '0', `abs(-1.1)` decimal(3,1) NOT NULL DEFAULT '0.0', `-(-1.1)` decimal(2,1) NOT NULL DEFAULT '0.0' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; set session sql_mode='traditional'; select 1e10/0e0; @@ -773,7 +773,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `0.5` decimal(2,1) NOT NULL DEFAULT '0.0' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; select round(1.5),round(2.5); round(1.5) round(2.5) @@ -936,14 +936,14 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `sl` decimal(5,5) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (sl decimal(65, 30)); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `sl` decimal(65,30) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 ( f1 decimal unsigned not null default 17.49, @@ -976,7 +976,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `f0` decimal(30,30) unsigned zerofill NOT NULL DEFAULT '0.000000000000000000000000000000', `f1` decimal(10,0) unsigned zerofill NOT NULL DEFAULT '0000000000' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; drop procedure if exists wg2; create procedure wg2() @@ -1026,7 +1026,7 @@ t1 CREATE TABLE `t1` ( `my_double` double DEFAULT NULL, `my_varchar` varchar(50) DEFAULT NULL, `my_decimal` decimal(65,30) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 INSERT INTO t1 SET my_float = 1.175494345e-32, my_double = 1.175494345e-32, my_varchar = '1.175494345e-32'; @@ -1540,7 +1540,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `5.05 / 0.014` decimal(10,6) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 select * from t1; 5.05 / 0.014 360.714286 diff --git a/storage/tokudb/mysql-test/tokudb/r/type_set.result b/storage/tokudb/mysql-test/tokudb/r/type_set.result index f155cb53809..9d8574ce5ab 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_set.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_set.result @@ -5,14 +5,14 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` set('','a','b') NOT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; create table t1 (a set (' ','a','b ') not null default 'b '); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `a` set('','a','b') NOT NULL DEFAULT 'b' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; CREATE TABLE t1 ( user varchar(64) NOT NULL default '', path varchar(255) NOT NULL default '', privilege set('select','RESERVED30','RESERVED29','RESERVED28','RESERVED27','RESERVED26', 'RESERVED25','RESERVED24','data.delete','RESERVED22','RESERVED21', 'RESERVED20','data.insert.none','data.insert.approve', 'data.insert.delete','data.insert.move','data.insert.propose', 'data.insert.reject','RESERVED13','RESERVED12','RESERVED11','RESERVED10', 'RESERVED09','data.update','RESERVED07','RESERVED06','RESERVED05', 'RESERVED04','metadata.delete','metadata.put','RESERVED01','RESERVED00') NOT NULL default '', KEY user (user) ) ENGINE=MyISAM CHARSET=utf8; DROP TABLE t1; @@ -22,7 +22,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `s` set('a','A') CHARACTER SET latin1 COLLATE latin1_bin DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values ('a'),('a,A'),('A,a'),('A'); select s from t1 order by s; s @@ -84,5 +84,5 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `f1` set('1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','16','17','18','19','20','21','22','23','24','25','26','27','28','29','30','31','32','33','34','35','36','37','38','39','40','41','42','43','44','45','46','47','48','49','50','51','52','53','54','55','56','57','58','59','60','61','62','63','64','1') DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; diff --git a/storage/tokudb/mysql-test/tokudb/r/type_timestamp.result b/storage/tokudb/mysql-test/tokudb/r/type_timestamp.result index 6d0f6946ed9..9154c84d5a7 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_timestamp.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_timestamp.result @@ -195,7 +195,7 @@ t1 CREATE TABLE `t1` ( `t1` timestamp NOT NULL DEFAULT '2003-01-01 00:00:00', `t2` datetime DEFAULT NULL, `t3` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show columns from t1; Field Type Null Key Default Extra t1 timestamp NO 2003-01-01 00:00:00 @@ -219,7 +219,7 @@ t1 CREATE TABLE `t1` ( `t1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, `t2` datetime DEFAULT NULL, `t3` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show columns from t1; Field Type Null Key Default Extra t1 timestamp NO CURRENT_TIMESTAMP @@ -245,7 +245,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `t1` timestamp NOT NULL DEFAULT '2003-01-01 00:00:00' ON UPDATE CURRENT_TIMESTAMP, `t2` datetime DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show columns from t1; Field Type Null Key Default Extra t1 timestamp NO 2003-01-01 00:00:00 on update CURRENT_TIMESTAMP @@ -270,7 +270,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `t1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `t2` datetime DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show columns from t1; Field Type Null Key Default Extra t1 timestamp NO CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP @@ -296,7 +296,7 @@ t1 CREATE TABLE `t1` ( `t1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `t2` datetime DEFAULT NULL, `t3` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show columns from t1; Field Type Null Key Default Extra t1 timestamp NO CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP @@ -322,7 +322,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `t1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `t2` datetime DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show columns from t1; Field Type Null Key Default Extra t1 timestamp NO CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP @@ -377,7 +377,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` timestamp NULL DEFAULT NULL, `b` timestamp NULL DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values (NULL, NULL); SET TIMESTAMP=1000000017; insert into t1 values (); @@ -392,7 +392,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, `b` timestamp NULL DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values (NULL, NULL); SET TIMESTAMP=1000000018; insert into t1 values (); @@ -407,7 +407,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `a` timestamp NULL DEFAULT NULL, `b` timestamp NULL DEFAULT '2003-01-01 00:00:00' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 insert into t1 values (NULL, NULL); insert into t1 values (DEFAULT, DEFAULT); select * from t1; diff --git a/storage/tokudb/mysql-test/tokudb/r/type_varchar.result b/storage/tokudb/mysql-test/tokudb/r/type_varchar.result index d12fbbf99bd..ad95b9a9908 100644 --- a/storage/tokudb/mysql-test/tokudb/r/type_varchar.result +++ b/storage/tokudb/mysql-test/tokudb/r/type_varchar.result @@ -9,7 +9,7 @@ t1 CREATE TABLE `t1` ( `c` char(3) DEFAULT NULL, `e` enum('abc','def','ghi') DEFAULT NULL, `t` text -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table vchar; Table Create Table vchar CREATE TABLE `vchar` ( @@ -400,21 +400,21 @@ Table Create Table t1 CREATE TABLE `t1` ( `f1` varchar(65500) DEFAULT NULL, KEY `index1` (`f1`(10)) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 alter table t1 modify f1 varchar(255); show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `f1` varchar(255) DEFAULT NULL, KEY `index1` (`f1`(10)) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 alter table t1 modify f1 tinytext; show create table t1; Table Create Table t1 CREATE TABLE `t1` ( `f1` tinytext, KEY `index1` (`f1`(10)) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 drop table t1; DROP TABLE IF EXISTS t1; CREATE TABLE t1(f1 VARCHAR(100) DEFAULT 'test'); diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/ai_part.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/ai_part.result index d4aac756ffa..38338f7f823 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/ai_part.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/ai_part.result @@ -9,7 +9,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 /*!50100 PARTITION BY HASH (a) PARTITIONS 2 */ ALTER TABLE foo ADD KEY(b); @@ -20,7 +20,7 @@ foo CREATE TABLE `foo` ( `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`), KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 /*!50100 PARTITION BY HASH (a) PARTITIONS 2 */ DROP TABLE foo; diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/alter_column_default.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/alter_column_default.result index 0058d4c5664..2c1390ad2a4 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/alter_column_default.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/alter_column_default.result @@ -7,33 +7,33 @@ Table Create Table foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE foo ALTER COLUMN a SET DEFAULT 100; SHOW CREATE TABLE foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '100', `b` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE foo ALTER COLUMN a DROP DEFAULT; SHOW CREATE TABLE foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) NOT NULL, `b` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE foo ALTER COLUMN b SET DEFAULT 42; SHOW CREATE TABLE foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) NOT NULL, `b` int(11) DEFAULT '42' -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE foo ALTER COLUMN b DROP DEFAULT; SHOW CREATE TABLE foo; Table Create Table foo CREATE TABLE `foo` ( `a` int(11) NOT NULL, `b` int(11) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE foo; diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/auto_inc.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/auto_inc.result index e70818ed629..7f58c9ebc97 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/auto_inc.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/auto_inc.result @@ -15,7 +15,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL AUTO_INCREMENT, `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1 insert into foo (b) values (11),(21),(32); select * from foo; a b @@ -31,7 +31,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL AUTO_INCREMENT, `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB AUTO_INCREMENT=1003 DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB AUTO_INCREMENT=1003 DEFAULT CHARSET=latin1 alter table foo auto_increment=10; insert into foo (b) values (11),(21),(32); select * from foo; @@ -51,7 +51,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL AUTO_INCREMENT, `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB AUTO_INCREMENT=1006 DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB AUTO_INCREMENT=1006 DEFAULT CHARSET=latin1 alter table foo auto_increment=100000, add column c int; ERROR 42000: Table 'foo' uses an extension that doesn't exist in this XYZ version alter table foo auto_increment=100000, drop column b; diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/frm_discover.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/frm_discover.result index 85c7914edc3..41c5a6c72d4 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/frm_discover.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/frm_discover.result @@ -6,14 +6,14 @@ Table Create Table foo CREATE TABLE `foo` ( `id` int(11) NOT NULL, PRIMARY KEY (`id`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 CREATE TABLE bar LIKE foo; SHOW CREATE TABLE bar; Table Create Table bar CREATE TABLE `bar` ( `id` int(11) NOT NULL, PRIMARY KEY (`id`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE foo ADD COLUMN a INT; SHOW CREATE TABLE foo; Table Create Table @@ -21,7 +21,7 @@ foo CREATE TABLE `foo` ( `id` int(11) NOT NULL, `a` int(11) DEFAULT NULL, PRIMARY KEY (`id`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 FLUSH TABLES; SHOW CREATE TABLE foo; Table Create Table @@ -29,5 +29,5 @@ foo CREATE TABLE `foo` ( `id` int(11) NOT NULL, `a` int(11) DEFAULT NULL, PRIMARY KEY (`id`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE foo, bar; diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_and_rename_table.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_and_rename_table.result index 9f6637826ab..426834da11b 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_and_rename_table.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_and_rename_table.result @@ -5,7 +5,7 @@ SHOW CREATE TABLE s; Table Create Table s CREATE TABLE `s` ( `a` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 SET tokudb_disable_slow_alter=1; ALTER TABLE s RENAME TO t, ADD COLUMN b INT; SHOW CREATE TABLE t; @@ -13,5 +13,5 @@ Table Create Table t CREATE TABLE `t` ( `a` int(11) DEFAULT NULL, `b` int(11) DEFAULT NULL -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 DROP TABLE t; diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_part.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_part.result index 26685013aa4..075ccad6065 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_part.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcad_part.result @@ -8,7 +8,7 @@ foo CREATE TABLE `foo` ( `a` int(11) NOT NULL DEFAULT '0', `b` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 /*!50100 PARTITION BY HASH (a) PARTITIONS 2 */ ALTER TABLE foo ADD COLUMN c INT; @@ -19,7 +19,7 @@ foo CREATE TABLE `foo` ( `b` int(11) DEFAULT NULL, `c` int(11) DEFAULT NULL, PRIMARY KEY (`a`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 /*!50100 PARTITION BY HASH (a) PARTITIONS 2 */ DROP TABLE foo; diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr.result index 272d0edd61c..f4fc1b67bb6 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr.result @@ -33,7 +33,7 @@ foo CREATE TABLE `foo` ( `b` varchar(10) DEFAULT NULL, `c` blob, KEY `b` (`b`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 select * from foo; a b c 1 bb cccc diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr3.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr3.result index 8c490c0ad35..834ddfbd2d3 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr3.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/hcr3.result @@ -18,7 +18,7 @@ foo CREATE TABLE `foo` ( PRIMARY KEY (`aa`), KEY `b` (`b`), KEY `d` (`d`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 select * from foo; aa b c d e 1 10 cc dddd eeeee @@ -40,7 +40,7 @@ foo CREATE TABLE `foo` ( PRIMARY KEY (`aa`), KEY `b` (`bb`), KEY `d` (`d`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select bb from foo FORCE INDEX (b) where bb > 5; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE foo index b b 9 NULL 1 Using where; Using index @@ -59,7 +59,7 @@ foo CREATE TABLE `foo` ( PRIMARY KEY (`aa`), KEY `b` (`bb`), KEY `d` (`dd`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 explain select * from foo where dd > "d"; id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE foo index d d 13 NULL 1 Using where; Using index diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter.result index 4538fa6881a..7ec5ee47865 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter.result @@ -63,7 +63,7 @@ foo CREATE TABLE `foo` ( UNIQUE KEY `c` (`c`), KEY `d` (`d`), KEY `b` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 alter table foo change column aa aa int NOT NULL; ERROR 42000: Table 'foo' uses an extension that doesn't exist in this XYZ version alter table foo change column aa aa varchar(20); diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter2.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter2.result index dd32bd5b86f..7e552fbbfa1 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter2.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/other_alter2.result @@ -61,7 +61,7 @@ foo CREATE TABLE `foo` ( UNIQUE KEY `c` (`c`), KEY `d` (`d`), KEY `b` (`b`) `clustering`=yes -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 show create table foo_isam; Table Create Table foo_isam CREATE TABLE `foo_isam` ( diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/row_format_alter.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/row_format_alter.result index 6057137da5b..b366f097081 100644 --- a/storage/tokudb/mysql-test/tokudb_alter_table/r/row_format_alter.result +++ b/storage/tokudb/mysql-test/tokudb_alter_table/r/row_format_alter.result @@ -5,13 +5,13 @@ CREATE TABLE foo (c1 int not null primary key) engine=TokuDB; SELECT CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE (table_name LIKE 'foo'); CREATE_OPTIONS -`compression`='tokudb_zlib' + SHOW CREATE TABLE foo; Table Create Table foo CREATE TABLE `foo` ( `c1` int(11) NOT NULL, PRIMARY KEY (`c1`) -) ENGINE=TokuDB DEFAULT CHARSET=latin1 `compression`='tokudb_zlib' +) ENGINE=TokuDB DEFAULT CHARSET=latin1 ALTER TABLE foo compression=tokudb_lzma, add column c2 int not null; SELECT CREATE_OPTIONS FROM INFORMATION_SCHEMA.TABLES WHERE (table_name LIKE 'foo'); diff --git a/storage/tokudb/mysql-test/tokudb_alter_table/r/test_field_same_detection.result b/storage/tokudb/mysql-test/tokudb_alter_table/r/test_field_same_detection.result index 88dad457334827a34fcb7d4d16f7c0d23511c3b1..005ac572afd4e79e3fc4216773e8313324e7b49c 100644 GIT binary patch delta 12 TcmdmNJl%LhChO)_Ry`2_AmIc~ delta 41 wcmbPkyxDj|Caa7>LUMj?K~ZXPab|vAf~|T Date: Sat, 11 Apr 2015 10:22:26 +0200 Subject: [PATCH 65/65] mtr: make search_pattern_in_file.inc more verbose report when a pattern is found do not abort, but merely report when a pattern is not found --- mysql-test/include/search_pattern_in_file.inc | 15 +++++++++------ mysql-test/r/view.result | 1 + .../innodb/r/innodb-change-buffer-recovery.result | 1 + .../suite/plugins/r/filekeys_encfile_bad.result | 1 + .../plugins/r/filekeys_encfile_badfile.result | 1 + .../suite/plugins/r/filekeys_encfile_no.result | 1 + mysql-test/suite/plugins/r/filekeys_nofile.result | 1 + mysql-test/suite/plugins/r/filekeys_syntax.result | 13 +++++++++++++ .../suite/plugins/r/filekeys_unencfile.result | 1 + mysql-test/suite/rpl/r/rpl_checksum.result | 1 + mysql-test/suite/rpl/r/rpl_gtid_errorlog.result | 2 ++ 11 files changed, 32 insertions(+), 6 deletions(-) diff --git a/mysql-test/include/search_pattern_in_file.inc b/mysql-test/include/search_pattern_in_file.inc index 0d09cdcd36e..84237026ed0 100644 --- a/mysql-test/include/search_pattern_in_file.inc +++ b/mysql-test/include/search_pattern_in_file.inc @@ -60,12 +60,12 @@ perl; use strict; - my $search_file= $ENV{'SEARCH_FILE'} or die "SEARCH_FILE not set"; - my $search_pattern= $ENV{'SEARCH_PATTERN'} or die "SEARCH_PATTERN not set"; - my $search_range= $ENV{'SEARCH_RANGE'}; + my $search_file= $ENV{'SEARCH_FILE'} or die "SEARCH_FILE not set"; + my $search_pattern= $ENV{'SEARCH_PATTERN'} or die "SEARCH_PATTERN not set"; + my $search_range= $ENV{'SEARCH_RANGE'}; my $file_content; $search_range= 50000 unless $search_range =~ /-?[0-9]+/; - open(FILE, "$search_file") or die("Unable to open '$search_file': $!\n"); + open(FILE, '<', $search_file) or die("Unable to open '$search_file': $!\n"); if ($search_range >= 0) { read(FILE, $file_content, $search_range, 0); } else { @@ -75,7 +75,10 @@ perl; read(FILE, $file_content, -$search_range, 0); } close(FILE); - if ( not $file_content =~ m{$search_pattern} ) { - die("# ERROR: The file '$search_file' does not contain the expected pattern $search_pattern\n->$file_content<-\n"); + $search_file =~ s{^.*?([^/\\]+)$}{$1}; + if ($file_content =~ m{$search_pattern}) { + print "FOUND /$search_pattern/ in $search_file\n" + } else { + print "NOT FOUND /$search_pattern/ in $search_file\n" } EOF diff --git a/mysql-test/r/view.result b/mysql-test/r/view.result index 083ed9686d4..abb9c6240d3 100644 --- a/mysql-test/r/view.result +++ b/mysql-test/r/view.result @@ -5395,6 +5395,7 @@ DROP FUNCTION f1; DROP VIEW v1; DROP TABLE t1, t2; create view v1 as select 1; +FOUND /mariadb-version/ in v1.frm drop view v1; # # MDEV-7260: Crash in get_best_combination when executing multi-table diff --git a/mysql-test/suite/innodb/r/innodb-change-buffer-recovery.result b/mysql-test/suite/innodb/r/innodb-change-buffer-recovery.result index cc2a0373444..07e13008e27 100644 --- a/mysql-test/suite/innodb/r/innodb-change-buffer-recovery.result +++ b/mysql-test/suite/innodb/r/innodb-change-buffer-recovery.result @@ -33,6 +33,7 @@ INSERT INTO t1 VALUES(1,'X',1); SET DEBUG_DBUG='+d,crash_after_log_ibuf_upd_inplace'; SELECT b FROM t1 LIMIT 3; ERROR HY000: Lost connection to MySQL server during query +FOUND /Wrote log record for ibuf update in place operation/ in my_restart.err CHECK TABLE t1; Table Op Msg_type Msg_text test.t1 check status OK diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_bad.result b/mysql-test/suite/plugins/r/filekeys_encfile_bad.result index 5345abf50fd..6261bd459b8 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile_bad.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile_bad.result @@ -1,6 +1,7 @@ call mtr.add_suppression("Cannot decrypt .*filekeys-data.enc. Wrong key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Cannot decrypt .*filekeys-data.enc. Wrong key/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result b/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result index dfeeb24a024..98e2266f3f2 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile_badfile.result @@ -1,6 +1,7 @@ call mtr.add_suppression("File 'bad' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /File 'bad' not found/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins diff --git a/mysql-test/suite/plugins/r/filekeys_encfile_no.result b/mysql-test/suite/plugins/r/filekeys_encfile_no.result index 5345abf50fd..6261bd459b8 100644 --- a/mysql-test/suite/plugins/r/filekeys_encfile_no.result +++ b/mysql-test/suite/plugins/r/filekeys_encfile_no.result @@ -1,6 +1,7 @@ call mtr.add_suppression("Cannot decrypt .*filekeys-data.enc. Wrong key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Cannot decrypt .*filekeys-data.enc. Wrong key/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins diff --git a/mysql-test/suite/plugins/r/filekeys_nofile.result b/mysql-test/suite/plugins/r/filekeys_nofile.result index b77c663e848..558ea1ce88c 100644 --- a/mysql-test/suite/plugins/r/filekeys_nofile.result +++ b/mysql-test/suite/plugins/r/filekeys_nofile.result @@ -1,6 +1,7 @@ call mtr.add_suppression("File '' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /File '' not found/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins diff --git a/mysql-test/suite/plugins/r/filekeys_syntax.result b/mysql-test/suite/plugins/r/filekeys_syntax.result index 245dab5aca7..a5606152d80 100644 --- a/mysql-test/suite/plugins/r/filekeys_syntax.result +++ b/mysql-test/suite/plugins/r/filekeys_syntax.result @@ -1,6 +1,7 @@ call mtr.add_suppression("File '.*keys.txt' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /File '.*keys.txt' not found/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -11,6 +12,7 @@ ERROR HY000: Invalid key id at MYSQL_TMP_DIR/keys.txt line 2, column 2 call mtr.add_suppression("File '.*keys.txt' not found"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /File '.*keys.txt' not found/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -19,6 +21,7 @@ plugin_status call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key id/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -29,6 +32,7 @@ ERROR HY000: Invalid key id at MYSQL_TMP_DIR/keys.txt line 2, column 11 call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key id/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -37,6 +41,7 @@ plugin_status call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key id/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -47,6 +52,7 @@ ERROR HY000: Invalid key at MYSQL_TMP_DIR/keys.txt line 2, column 47 call mtr.add_suppression("Invalid key id"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key id/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -55,6 +61,7 @@ plugin_status call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -65,6 +72,7 @@ ERROR HY000: Invalid key at MYSQL_TMP_DIR/keys.txt line 2, column 33 call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -73,6 +81,7 @@ plugin_status call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -83,6 +92,7 @@ ERROR HY000: Syntax error at MYSQL_TMP_DIR/keys.txt line 2, column 2 call mtr.add_suppression("Invalid key"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Invalid key/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -91,6 +101,7 @@ plugin_status call mtr.add_suppression("Syntax error"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Syntax error/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -101,6 +112,7 @@ ERROR HY000: Syntax error at MYSQL_TMP_DIR/keys.txt line 2, column 1 call mtr.add_suppression("Syntax error"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Syntax error/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins @@ -109,6 +121,7 @@ plugin_status call mtr.add_suppression("Syntax error"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Syntax error/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins diff --git a/mysql-test/suite/plugins/r/filekeys_unencfile.result b/mysql-test/suite/plugins/r/filekeys_unencfile.result index 39547b01f14..1b9c092a713 100644 --- a/mysql-test/suite/plugins/r/filekeys_unencfile.result +++ b/mysql-test/suite/plugins/r/filekeys_unencfile.result @@ -1,6 +1,7 @@ call mtr.add_suppression("Cannot decrypt .*keys.txt. Not encrypted"); call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND /Cannot decrypt .*keys.txt. Not encrypted/ in mysqld.1.err create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") select plugin_status from information_schema.plugins diff --git a/mysql-test/suite/rpl/r/rpl_checksum.result b/mysql-test/suite/rpl/r/rpl_checksum.result index 231afeec4b2..3f9c780ed67 100644 --- a/mysql-test/suite/rpl/r/rpl_checksum.result +++ b/mysql-test/suite/rpl/r/rpl_checksum.result @@ -143,6 +143,7 @@ SET debug_dbug= @old_dbug; INSERT INTO t4 VALUES (2); include/wait_for_slave_sql_error.inc [errno=1590] Last_SQL_Error = 'The incident LOST_EVENTS occured on the master. Message: error writing to the binary log' +FOUND /Slave SQL: The incident LOST_EVENTS occured on the master\. Message: error writing to the binary log, Internal MariaDB error code: 1590/ in mysqld.2.err SELECT * FROM t4 ORDER BY a; a 1 diff --git a/mysql-test/suite/rpl/r/rpl_gtid_errorlog.result b/mysql-test/suite/rpl/r/rpl_gtid_errorlog.result index 204615201d9..ab615d0510a 100644 --- a/mysql-test/suite/rpl/r/rpl_gtid_errorlog.result +++ b/mysql-test/suite/rpl/r/rpl_gtid_errorlog.result @@ -38,5 +38,7 @@ a 3 4 5 +FOUND /Slave SQL: Error 'Duplicate entry .* on query\. .*Query: '.*', Gtid 0-1-100, Internal MariaDB error code:|Slave SQL: Could not execute Write_rows.*table test.t1; Duplicate entry.*, Gtid 0-1-100, Internal MariaDB error/ in mysqld.2.err +FOUND /Slave SQL: The incident LOST_EVENTS occured on the master\. Message: , Internal MariaDB error code: 1590/ in mysqld.2.err DROP TABLE t1; include/rpl_end.inc