- 09 Apr, 2015 15 commits
-
-
Sergei Golubchik authored
which is separate from the encryption key version
-
Sergei Golubchik authored
With changes: * update tests to pass (new encryption/encryption_key_id syntax). * not merged the code that makes engine aware of the encryption mode (CRYPT_SCHEME_1_CBC, CRYPT_SCHEME_1_CTR, storing it on disk, etc), because now the encryption plugin is handling it. * compression+encryption did not work in either branch before the merge - and it does not work after the merge. it might be more broken after the merge though - some of that code was not merged. * page checksumming code was not moved (moving of page checksumming from fil_space_encrypt() to fil_space_decrypt was not merged). * restored deleted lines in buf_page_get_frame(), otherwise innodb_scrub test failed.
-
Sergei Golubchik authored
It used to double-encrypt it, relying on the fact that second encrypt() call was (like XOR) negating the effect of the first one.
-
Sergei Golubchik authored
because of encryption changes - make it beta and let it mature together with the server
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
rename to innodb-debug-force-scrubbing
-
Sergei Golubchik authored
rename to innodb-scrub-log-speed
-
Sergei Golubchik authored
-
Sergei Golubchik authored
move remaning defines to my_crypt, add MY_ namespace prefix
-
Sergei Golubchik authored
with namespace prefixes
-
Sergei Golubchik authored
invoke plugin methods directly
-
Sergei Golubchik authored
* no --encryption-algorithm option anymore * encrypt/decrypt methods in the encryption plugin * ecnrypt/decrypt methods in the encryption_km service * file_km plugin has --file-key-management-encryption-algorithm * debug_km always uses aes_cbc * example_km changes between aes_cbc and aes_ecb for different key versions
-
Sergei Golubchik authored
because it's going to do more than just key management
-
Sergei Golubchik authored
only those tests should be disabled in suite.pm that cannot be disabled from mysqltest files (e.g. when the server is started with a special command-line option - unknown option will abort the server before mysqltest will start its checks).
-
- 08 Apr, 2015 19 commits
-
-
Sergei Golubchik authored
-
Sergei Golubchik authored
only one encryption key lookup in most cases instead of three (has_key, get_key_size, get_key).
-
Sergei Golubchik authored
-
Sergei Golubchik authored
numerous issues fixed: * buffer overflows * error conditions aren't checked (crash if file doesn't exist) * accessing random unallocated memory * hard-coded password * arbitrary hard-coded key id limit * incomprehensible error messages (for key_id == 0 it reported "The key could not be initialized", for syntax errors the message was "Wrong match of the keyID, see the template", for a key id larger than hard-coded limit the message was "No asked key", and there was an error "Is comment" for a comment). * tons of small mallocs, many are freed few lines down in the code * malloc(N) and new char[N] are used both, even in the same function * redundant memory copies * pcre - "I can solve it with regular expressions" - with incorrect regexes * parser context stored in a singleton * keys are stored as strings and are strlen-ed and hex2bin-ed on every get_key() request * lots of useless code (e.g. sprintf instead of a pointer assignment, checking of the file length to read a part of it in a fixed buffer, multiplying by sizeof(char) in many places, etc) * this list is not exhaustive
-
Sergei Golubchik authored
not an address of some arbitrarily chosen symbol; not when plugin is successfully loaded (which means - no info when plugin->init failed);
-
Sergei Golubchik authored
-
Sergei Golubchik authored
in particular, "innodb.innodb-page_encryption,xtradb" should select these three tests: innodb.innodb-page_encryption 'cbc,xtradb' [ pass ] 35563 innodb.innodb-page_encryption 'ctr,xtradb' [ pass ] 36858 innodb.innodb-page_encryption 'ecb,xtradb' [ pass ] 36741 and deselect all innodb_plugin tests. This was not the case, because the %test_combs hash was destructively modified in the loop
-
Sergei Golubchik authored
* my_aes.h doesn't compile without my_global.h * typo in a comment * redundant condition * if encryption plugin fails, there's no encryption_key_manager at plugin deinit time * encryption plugin tests must run when plugin.so is present, not when a plugin is active (otherwise the test will be skipped when plugin fails to initialize).
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
for temporary Aria tables. It can use a faster BLOCK_RECORD
-
Sergei Golubchik authored
now IVs are always handled internally
-
Sergei Golubchik authored
-
Sergei Golubchik authored
and simplify Item_func_aes_encrypt/decrypt
-
Sergei Golubchik authored
-
Sergei Golubchik authored
to: different key lengths
-
- 07 Apr, 2015 6 commits
-
-
Jan Lindström authored
-
Jan Lindström authored
Step 5: -- Rename encryption_key -> encryption_key_id -- Remove unnecessary code -- Fix few bugs found -- Fix test cases and results files
-
Jan Lindström authored
Step 4: -- Review fixes -- Rename pages_page_* to pages_* -- Remove unnecessary code
-
Jan Lindström authored
Step 3: -- Make encrytion_algorithm changeable by SUPER -- Remove AES_ECB method from encryption_algorithms -- Support AES method change by storing used method on InnoDB/XtraDB objects -- Store used AES method to crypt_data as different crypt types -- Store used AES method to redo/undo logs and checkpoint -- Store used AES method on every encrypted page after key_version -- Add test
-
Jan Lindström authored
Step 2: -- Introduce temporal memory array to buffer pool where to allocate temporary memory for encryption/compression -- Rename PAGE_ENCRYPTION -> ENCRYPTION -- Rename PAGE_ENCRYPTION_KEY -> ENCRYPTION_KEY -- Rename innodb_default_page_encryption_key -> innodb_default_encryption_key -- Allow enable/disable encryption for tables by changing ENCRYPTION to enum having values DEFAULT, ON, OFF -- In create table store crypt_data if ENCRYPTION is ON or OFF -- Do not crypt tablespaces having ENCRYPTION=OFF -- Store encryption mode to crypt_data and redo-log
-
Jan Lindström authored
Step 1: -- Remove page encryption from dictionary (per table encryption will be handled by storing crypt_data to page 0) -- Remove encryption/compression from os0file and all functions before that (compression will be added to buf0buf.cc) -- Use same CRYPT_SCHEME_1 for all encryption methods -- Do some code cleanups to confort InnoDB coding style
-