• Jan Lindström's avatar
    MDEV-11759: Encryption code in MariaDB 10.1/10.2 causes · ddf2fac7
    Jan Lindström authored
    compatibility problems
    
    Pages that are encrypted contain post encryption checksum on
    different location that normal checksum fields. Therefore,
    we should before decryption check this checksum to avoid
    unencrypting corrupted pages. After decryption we can use
    traditional checksum check to detect if page is corrupted
    or unencryption was done using incorrect key.
    
    Pages that are page compressed do not contain any checksum,
    here we need to fist unencrypt, decompress and finally
    use tradional checksum check to detect page corruption
    or that we used incorrect key in unencryption.
    
    buf0buf.cc: buf_page_is_corrupted() mofified so that
    compressed pages are skipped.
    
    buf0buf.h, buf_block_init(), buf_page_init_low():
    removed unnecessary page_encrypted, page_compressed,
    stored_checksum, valculated_checksum fields from
    buf_page_t
    
    buf_page_get_gen(): use new buf_page_check_corrupt() function
    to detect corrupted pages.
    
    buf_page_check_corrupt(): If page was not yet decrypted
    check if post encryption checksum still matches.
    If page is not anymore encrypted, use buf_page_is_corrupted()
    traditional checksum method.
    
    If page is detected as corrupted and it is not encrypted
    we print corruption message to error log.
    If page is still encrypted or it was encrypted and now
    corrupted, we will print message that page is
    encrypted to error log.
    
    buf_page_io_complete(): use new buf_page_check_corrupt()
    function to detect corrupted pages.
    
    buf_page_decrypt_after_read(): Verify post encryption
    checksum before tring to decrypt.
    
    fil0crypt.cc: fil_encrypt_buf() verify post encryption
    checksum and ind fil_space_decrypt() return true
    if we really decrypted the page.
    
    fil_space_verify_crypt_checksum(): rewrite to use
    the method used when calculating post encryption
    checksum. We also check if post encryption checksum
    matches that traditional checksum check does not
    match.
    
    fil0fil.ic: Add missed page type encrypted and page
    compressed to fil_get_page_type_name()
    
    Note that this change does not yet fix innochecksum tool,
    that will be done in separate MDEV.
    
    Fix test failures caused by buf page corruption injection.
    ddf2fac7
fil0crypt.cc 74.8 KB