- 10 Apr, 2015 5 commits
-
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
and make it a session variable, not global, as any decent default sysvar for a table attribute should be
-
Sergei Golubchik authored
instead of manually implenting "default from a sysvar" in the code
-
Sergei Golubchik authored
do not *always* add them to the create table definition, but only when a sysvar value is different from a default. also, when adding them - don't quote numbers
-
- 09 Apr, 2015 17 commits
-
-
Sergei Golubchik authored
fix sys_var->is_default() method (that was using default_val property in a global sys_var object to track per-session state): * move timestamp to a dedicated Sys_var_timestamp class (in fact, rename Sys_var_session_special_double to Sys_var_timestamp) * make session_is_default a virtual method with a special implementation for timestamps * other variables don't have a special behavior for default values and can have session_is_default() to be always false.
-
Sergei Golubchik authored
-
Sergei Golubchik authored
which is separate from the encryption key version
-
Sergei Golubchik authored
With changes: * update tests to pass (new encryption/encryption_key_id syntax). * not merged the code that makes engine aware of the encryption mode (CRYPT_SCHEME_1_CBC, CRYPT_SCHEME_1_CTR, storing it on disk, etc), because now the encryption plugin is handling it. * compression+encryption did not work in either branch before the merge - and it does not work after the merge. it might be more broken after the merge though - some of that code was not merged. * page checksumming code was not moved (moving of page checksumming from fil_space_encrypt() to fil_space_decrypt was not merged). * restored deleted lines in buf_page_get_frame(), otherwise innodb_scrub test failed.
-
Sergei Golubchik authored
It used to double-encrypt it, relying on the fact that second encrypt() call was (like XOR) negating the effect of the first one.
-
Sergei Golubchik authored
because of encryption changes - make it beta and let it mature together with the server
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
rename to innodb-debug-force-scrubbing
-
Sergei Golubchik authored
rename to innodb-scrub-log-speed
-
Sergei Golubchik authored
-
Sergei Golubchik authored
move remaning defines to my_crypt, add MY_ namespace prefix
-
Sergei Golubchik authored
with namespace prefixes
-
Sergei Golubchik authored
invoke plugin methods directly
-
Sergei Golubchik authored
* no --encryption-algorithm option anymore * encrypt/decrypt methods in the encryption plugin * ecnrypt/decrypt methods in the encryption_km service * file_km plugin has --file-key-management-encryption-algorithm * debug_km always uses aes_cbc * example_km changes between aes_cbc and aes_ecb for different key versions
-
Sergei Golubchik authored
because it's going to do more than just key management
-
Sergei Golubchik authored
only those tests should be disabled in suite.pm that cannot be disabled from mysqltest files (e.g. when the server is started with a special command-line option - unknown option will abort the server before mysqltest will start its checks).
-
- 08 Apr, 2015 18 commits
-
-
Sergei Golubchik authored
-
Sergei Golubchik authored
only one encryption key lookup in most cases instead of three (has_key, get_key_size, get_key).
-
Sergei Golubchik authored
-
Sergei Golubchik authored
numerous issues fixed: * buffer overflows * error conditions aren't checked (crash if file doesn't exist) * accessing random unallocated memory * hard-coded password * arbitrary hard-coded key id limit * incomprehensible error messages (for key_id == 0 it reported "The key could not be initialized", for syntax errors the message was "Wrong match of the keyID, see the template", for a key id larger than hard-coded limit the message was "No asked key", and there was an error "Is comment" for a comment). * tons of small mallocs, many are freed few lines down in the code * malloc(N) and new char[N] are used both, even in the same function * redundant memory copies * pcre - "I can solve it with regular expressions" - with incorrect regexes * parser context stored in a singleton * keys are stored as strings and are strlen-ed and hex2bin-ed on every get_key() request * lots of useless code (e.g. sprintf instead of a pointer assignment, checking of the file length to read a part of it in a fixed buffer, multiplying by sizeof(char) in many places, etc) * this list is not exhaustive
-
Sergei Golubchik authored
not an address of some arbitrarily chosen symbol; not when plugin is successfully loaded (which means - no info when plugin->init failed);
-
Sergei Golubchik authored
-
Sergei Golubchik authored
in particular, "innodb.innodb-page_encryption,xtradb" should select these three tests: innodb.innodb-page_encryption 'cbc,xtradb' [ pass ] 35563 innodb.innodb-page_encryption 'ctr,xtradb' [ pass ] 36858 innodb.innodb-page_encryption 'ecb,xtradb' [ pass ] 36741 and deselect all innodb_plugin tests. This was not the case, because the %test_combs hash was destructively modified in the loop
-
Sergei Golubchik authored
* my_aes.h doesn't compile without my_global.h * typo in a comment * redundant condition * if encryption plugin fails, there's no encryption_key_manager at plugin deinit time * encryption plugin tests must run when plugin.so is present, not when a plugin is active (otherwise the test will be skipped when plugin fails to initialize).
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
-
Sergei Golubchik authored
for temporary Aria tables. It can use a faster BLOCK_RECORD
-
Sergei Golubchik authored
now IVs are always handled internally
-
Sergei Golubchik authored
-
Sergei Golubchik authored
and simplify Item_func_aes_encrypt/decrypt
-
Sergei Golubchik authored
-