mirror of
https://github.com/MariaDB/server.git
synced 2025-08-30 11:22:14 +03:00
ddf2fac733
compatibility problems Pages that are encrypted contain post encryption checksum on different location that normal checksum fields. Therefore, we should before decryption check this checksum to avoid unencrypting corrupted pages. After decryption we can use traditional checksum check to detect if page is corrupted or unencryption was done using incorrect key. Pages that are page compressed do not contain any checksum, here we need to fist unencrypt, decompress and finally use tradional checksum check to detect page corruption or that we used incorrect key in unencryption. buf0buf.cc: buf_page_is_corrupted() mofified so that compressed pages are skipped. buf0buf.h, buf_block_init(), buf_page_init_low(): removed unnecessary page_encrypted, page_compressed, stored_checksum, valculated_checksum fields from buf_page_t buf_page_get_gen(): use new buf_page_check_corrupt() function to detect corrupted pages. buf_page_check_corrupt(): If page was not yet decrypted check if post encryption checksum still matches. If page is not anymore encrypted, use buf_page_is_corrupted() traditional checksum method. If page is detected as corrupted and it is not encrypted we print corruption message to error log. If page is still encrypted or it was encrypted and now corrupted, we will print message that page is encrypted to error log. buf_page_io_complete(): use new buf_page_check_corrupt() function to detect corrupted pages. buf_page_decrypt_after_read(): Verify post encryption checksum before tring to decrypt. fil0crypt.cc: fil_encrypt_buf() verify post encryption checksum and ind fil_space_decrypt() return true if we really decrypted the page. fil_space_verify_crypt_checksum(): rewrite to use the method used when calculating post encryption checksum. We also check if post encryption checksum matches that traditional checksum check does not match. fil0fil.ic: Add missed page type encrypted and page compressed to fil_get_page_type_name() Note that this change does not yet fix innochecksum tool, that will be done in separate MDEV. Fix test failures caused by buf page corruption injection.
140 lines
5.0 KiB
Plaintext
140 lines
5.0 KiB
Plaintext
-- source include/have_innodb.inc
|
|
-- source include/have_file_key_management_plugin.inc
|
|
# embedded does not support restart
|
|
-- source include/not_embedded.inc
|
|
-- source include/not_valgrind.inc
|
|
# Avoid CrashReporter popup on Mac
|
|
-- source include/not_crashrep.inc
|
|
-- source include/not_windows.inc
|
|
|
|
#
|
|
# MDEV-8588: Assertion failure in file ha_innodb.cc line 21140 if at least one encrypted
|
|
# table exists and encryption service is not available.
|
|
#
|
|
|
|
call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
|
|
call mtr.add_suppression("InnoDB: Database page corruption on disk or a failed.*");
|
|
call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
|
|
call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted");
|
|
call mtr.add_suppression("InnoDB: However key management plugin or used key_version .* is not found or used encryption algorithm or method does not match.");
|
|
call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file.");
|
|
call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem.");
|
|
call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*");
|
|
call mtr.add_suppression("mysqld: File .*");
|
|
call mtr.add_suppression("InnoDB: Tablespace id .* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace.");
|
|
--echo
|
|
--echo # Start server with keys2.txt
|
|
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys2.txt
|
|
-- source include/restart_mysqld.inc
|
|
|
|
--disable_query_log
|
|
let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
|
|
let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
|
|
--enable_query_log
|
|
|
|
SET GLOBAL innodb_file_format = `Barracuda`;
|
|
SET GLOBAL innodb_file_per_table = ON;
|
|
|
|
CREATE TABLE t1 (c VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=2;
|
|
INSERT INTO t1 VALUES ('foobar');
|
|
ALTER TABLE t1 ADD COLUMN c2 INT;
|
|
INSERT INTO t1 VALUES ('foobar',2);
|
|
SELECT * FROM t1;
|
|
TRUNCATE TABLE t1;
|
|
SELECT * FROM t1;
|
|
INSERT INTO t1 VALUES ('foobar',1);
|
|
INSERT INTO t1 VALUES ('foobar',2);
|
|
FLUSH TABLE WITH READ LOCK;
|
|
SELECT * FROM t1;
|
|
|
|
--echo
|
|
--echo # Restart server with keysbad3.txt
|
|
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keysbad3.txt
|
|
-- source include/restart_mysqld.inc
|
|
|
|
--error ER_GET_ERRMSG
|
|
SELECT * FROM t1;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
|
|
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keysbad3.txt
|
|
-- source include/restart_mysqld.inc
|
|
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
DROP TABLE t1;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
|
|
#
|
|
# MDEV-8591: Database page corruption on disk or a failed space, Assertion failure in file buf0buf.cc
|
|
# line 2856 on querying a table using wrong default encryption key
|
|
#
|
|
|
|
--echo # Start server with keys.txt
|
|
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys.txt
|
|
-- source include/restart_mysqld.inc
|
|
|
|
CREATE TABLE t2 (c VARCHAR(8), id int not null primary key, b int, key(b)) ENGINE=InnoDB ENCRYPTED=YES;
|
|
INSERT INTO t2 VALUES ('foobar',1,2);
|
|
|
|
--echo
|
|
--echo # Restart server with keys2.txt
|
|
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys2.txt
|
|
-- source include/restart_mysqld.inc
|
|
|
|
--error ER_GET_ERRMSG
|
|
SELECT * FROM t2;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
SELECT * FROM t2 where id = 1;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
SELECT * FROM t2 where b = 1;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
INSERT INTO t2 VALUES ('tmp',3,3);
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
DELETE FROM t2 where b = 3;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
DELETE FROM t2 where id = 3;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
UPDATE t2 set b = b +1;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
OPTIMIZE TABLE t2;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
ALTER TABLE t2 ADD COLUMN c INT;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
ANALYZE TABLE t2;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
TRUNCATE TABLE t2;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
--error ER_GET_ERRMSG
|
|
DROP TABLE t2;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|
|
|
|
--echo
|
|
--echo # Restart server with keys.txt
|
|
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys.txt
|
|
-- source include/restart_mysqld.inc
|
|
|
|
DROP TABLE t2;
|
|
--replace_regex /tablespace [0-9]*/tablespace /
|
|
SHOW WARNINGS;
|