• Marko Mäkelä's avatar
    Follow-up to MDEV-12112: corruption in encrypted table may be overlooked · 8c43f963
    Marko Mäkelä authored
    The initial fix only covered a part of Mariabackup.
    This fix hardens InnoDB and XtraDB in a similar way, in order
    to reduce the probability of mistaking a corrupted encrypted page
    for a valid unencrypted one.
    
    This is based on work by Thirunarayanan Balathandayuthapani.
    
    fil_space_verify_crypt_checksum(): Assert that key_version!=0.
    Let the callers guarantee that. Now that we have this assertion,
    we also know that buf_page_is_zeroes() cannot hold.
    Also, remove all diagnostic output and related parameters,
    and let the relevant callers emit such messages.
    Last but not least, validate the post-encryption checksum
    according to the innodb_checksum_algorithm (only accepting
    one checksum for the strict variants), and no longer
    try to validate the page as if it was unencrypted.
    
    buf_page_is_zeroes(): Move to the compilation unit of the only callers,
    and declare static.
    
    xb_fil_cur_read(), buf_page_check_corrupt(): Add a condition before
    calling fil_space_verify_crypt_checksum(). This is a non-functional
    change.
    
    buf_dblwr_process(): Validate the page only as encrypted or unencrypted,
    but not both.
    8c43f963
fil0crypt.h 14.5 KB