mirror of
https://github.com/MariaDB/server.git
synced 2026-05-16 20:07:13 +02:00
MDEV-17228 Encrypted temporary tables are not encrypted
- Introduce a new variable called innodb_encrypt_temporary_tables which is a boolean variable. It decides whether to encrypt the temporary tablespace. - Encrypts the temporary tablespace based on full checksum format. - Introduced a new counter to track encrypted and decrypted temporary tablespace pages. - Warnings issued if temporary table creation has conflict value with innodb_encrypt_temporary_tables - Added a new test case which reads and writes the pages from/to temporary tablespace.
This commit is contained in:
Thirunarayanan Balathandayuthapani
parent
e4a0dbfb4a
commit
723a4b1d78
19 changed files with 280 additions and 72 deletions
|
|
@ -60,6 +60,9 @@ struct crypt_info_t {
|
|||
/** The crypt info */
|
||||
static crypt_info_t info;
|
||||
|
||||
/** Initialization vector used for temporary files/tablespace */
|
||||
static byte tmp_iv[MY_AES_BLOCK_SIZE];
|
||||
|
||||
/** Crypt info when upgrading from 10.1 */
|
||||
static crypt_info_t infos[5 * 2];
|
||||
/** First unused slot in infos[] */
|
||||
|
|
@ -195,9 +198,6 @@ UNIV_INTERN
|
|||
bool
|
||||
log_crypt_init()
|
||||
{
|
||||
ut_ad(log_mutex_own());
|
||||
ut_ad(log_sys->is_encrypted());
|
||||
|
||||
info.key_version = encryption_key_get_latest_version(
|
||||
LOG_DEFAULT_ENCRYPTION_KEY);
|
||||
|
||||
|
|
@ -207,7 +207,8 @@ log_crypt_init()
|
|||
return false;
|
||||
}
|
||||
|
||||
if (my_random_bytes(info.crypt_msg.bytes, sizeof info.crypt_msg)
|
||||
if (my_random_bytes(tmp_iv, MY_AES_BLOCK_SIZE) != MY_AES_OK
|
||||
|| my_random_bytes(info.crypt_msg.bytes, sizeof info.crypt_msg)
|
||||
!= MY_AES_OK
|
||||
|| my_random_bytes(info.crypt_nonce.bytes, sizeof info.crypt_nonce)
|
||||
!= MY_AES_OK) {
|
||||
|
|
@ -372,7 +373,6 @@ log_crypt_read_checkpoint_buf(const byte* buf)
|
|||
@param[in] size size of the block
|
||||
@param[out] dst destination block
|
||||
@param[in] offs offset to block
|
||||
@param[in] space_id tablespace id
|
||||
@param[in] encrypt true=encrypt; false=decrypt
|
||||
@return whether the operation succeeded */
|
||||
UNIV_INTERN
|
||||
|
|
@ -382,19 +382,17 @@ log_tmp_block_encrypt(
|
|||
ulint size,
|
||||
byte* dst,
|
||||
uint64_t offs,
|
||||
ulint space_id,
|
||||
bool encrypt)
|
||||
{
|
||||
uint dst_len;
|
||||
uint64_t aes_ctr_iv[MY_AES_BLOCK_SIZE / sizeof(uint64_t)];
|
||||
bzero(aes_ctr_iv, sizeof aes_ctr_iv);
|
||||
aes_ctr_iv[0] = space_id;
|
||||
aes_ctr_iv[1] = offs;
|
||||
uint64_t iv[MY_AES_BLOCK_SIZE / sizeof(uint64_t)];
|
||||
iv[0] = offs;
|
||||
memcpy(iv + 1, tmp_iv, sizeof iv - sizeof *iv);
|
||||
|
||||
int rc = encryption_crypt(
|
||||
src, size, dst, &dst_len,
|
||||
const_cast<byte*>(info.crypt_key.bytes), sizeof info.crypt_key,
|
||||
reinterpret_cast<byte*>(aes_ctr_iv), sizeof aes_ctr_iv,
|
||||
reinterpret_cast<byte*>(iv), sizeof iv,
|
||||
encrypt
|
||||
? ENCRYPTION_FLAG_ENCRYPT|ENCRYPTION_FLAG_NOPAD
|
||||
: ENCRYPTION_FLAG_DECRYPT|ENCRYPTION_FLAG_NOPAD,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue