mirror of
https://github.com/MariaDB/server.git
synced 2025-08-23 03:54:27 +03:00
2af28a363c
Write only one encryption key to the checkpoint page. Use 4 bytes of nonce. Encrypt more of each redo log block, only skipping the 4-byte field LOG_BLOCK_HDR_NO which the initialization vector is derived from. Issue notes, not warning messages for rewriting the redo log files. recv_recovery_from_checkpoint_finish(): Do not generate any redo log, because we must avoid that before rewriting the redo log files, or otherwise a crash during a redo log rewrite (removing or adding encryption) may end up making the database unrecoverable. Instead, do these tasks in innobase_start_or_create_for_mysql(). Issue a firm "Missing MLOG_CHECKPOINT" error message. Remove some unreachable code and duplicated error messages for log corruption. LOG_HEADER_FORMAT_ENCRYPTED: A flag for identifying an encrypted redo log format. log_group_t::is_encrypted(), log_t::is_encrypted(): Determine if the redo log is in encrypted format. recv_find_max_checkpoint(): Interpret LOG_HEADER_FORMAT_ENCRYPTED. srv_prepare_to_delete_redo_log_files(): Display NOTE messages about adding or removing encryption. Do not issue warnings for redo log resizing any more. innobase_start_or_create_for_mysql(): Rebuild the redo logs also when the encryption changes. innodb_log_checksums_func_update(): Always use the CRC-32C checksum if innodb_encrypt_log. If needed, issue a warning that innodb_encrypt_log implies innodb_log_checksums. log_group_write_buf(): Compute the checksum on the encrypted block contents, so that transmission errors or incomplete blocks can be detected without decrypting. Rewrite most of the redo log encryption code. Only remember one encryption key at a time (but remember up to 5 when upgrading from the MariaDB 10.1 format.)
98 lines
3.2 KiB
Plaintext
98 lines
3.2 KiB
Plaintext
-- source include/have_innodb.inc
|
|
-- source include/not_embedded.inc
|
|
-- source filekeys_plugin.inc
|
|
|
|
#
|
|
# MDEV-9011: Redo log encryption does not work
|
|
#
|
|
|
|
SET GLOBAL innodb_file_format = `Barracuda`;
|
|
SET GLOBAL innodb_file_per_table = ON;
|
|
|
|
create table t1(c1 bigint not null, b char(200), c varchar(200)) engine=innodb encrypted=yes encryption_key_id=1;
|
|
show warnings;
|
|
|
|
delimiter //;
|
|
create procedure innodb_insert_proc (repeat_count int)
|
|
begin
|
|
declare current_num int;
|
|
set current_num = 0;
|
|
while current_num < repeat_count do
|
|
insert into t1 values(current_num, substring(MD5(RAND()), -64), REPEAT('privatejanprivate',10));
|
|
set current_num = current_num + 1;
|
|
end while;
|
|
end//
|
|
delimiter ;//
|
|
commit;
|
|
|
|
begin;
|
|
call innodb_insert_proc(2000);
|
|
commit;
|
|
|
|
update t1 set c1 = c1 +1;
|
|
select count(*) from t1;
|
|
|
|
--let $MYSQLD_DATADIR=`select @@datadir`
|
|
--let ib1_IBD = $MYSQLD_DATADIR/ibdata1
|
|
--let t1_IBD = $MYSQLD_DATADIR/test/t1.ibd
|
|
--let log0 = $MYSQLD_DATADIR/ib_logfile0
|
|
--let log1 = $MYSQLD_DATADIR/ib_logfile1
|
|
--let SEARCH_RANGE = 10000000
|
|
--let SEARCH_PATTERN=privatejanprivate
|
|
|
|
-- source include/kill_mysqld.inc
|
|
|
|
--echo # ibdata1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$ib1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # log0 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$log0
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # log1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$log1
|
|
-- source include/search_pattern_in_file.inc
|
|
|
|
--echo # Restart mysqld --innodb_encrypt_log=0
|
|
-- let $restart_parameters=--innodb_encrypt_log=0
|
|
-- source include/start_mysqld.inc
|
|
|
|
insert into t1 values(5000, substring(MD5(RAND()), -64), REPEAT('publicmessage',10));
|
|
insert into t1 values(5001, substring(MD5(RAND()), -64), REPEAT('publicmessage',10));
|
|
insert into t1 values(5002, substring(MD5(RAND()), -64), REPEAT('publicmessage',10));
|
|
insert into t1 values(5003, substring(MD5(RAND()), -64), REPEAT('publicmessage',10));
|
|
insert into t1 values(5004, substring(MD5(RAND()), -64), REPEAT('publicmessage',10));
|
|
|
|
--let SEARCH_PATTERN=privatejanprivate
|
|
--echo # ibdata1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$ib1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # log0 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$log0
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # log1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$log1
|
|
-- source include/search_pattern_in_file.inc
|
|
|
|
--let SEARCH_PATTERN=publicmessage
|
|
--echo # ibdata1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$ib1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # log0 no on expecting FOUND/NOTFOUND depending where insert goes
|
|
-- let SEARCH_FILE=$log0
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # log1 no on expecting FOUND/NOTFOUND depending where insert goes
|
|
-- let SEARCH_FILE=$log1
|
|
-- source include/search_pattern_in_file.inc
|
|
|
|
drop procedure innodb_insert_proc;
|
|
drop table t1;
|