diff options
Diffstat (limited to 'storage/innobase/fil/fil0crypt.cc')
-rw-r--r-- | storage/innobase/fil/fil0crypt.cc | 99 |
1 files changed, 40 insertions, 59 deletions
diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index c1889d43b02..780ed60adac 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -379,7 +379,7 @@ void fil_space_crypt_t::write_page0(buf_block_t* block, mtr_t* mtr) { const ulint offset = FSP_HEADER_OFFSET + fsp_header_get_encryption_offset(block->zip_size()); - byte* b = block->frame + offset; + byte* b = block->page.frame + offset; mtr->memcpy<mtr_t::MAYBE_NOP>(*block, b, CRYPT_MAGIC, MAGIC_SZ); @@ -628,24 +628,19 @@ byte* fil_space_encrypt( @param[in] crypt_data crypt_data @param[in] tmp_frame Temporary buffer @param[in,out] src_frame Page to decrypt -@param[out] err DB_SUCCESS or DB_DECRYPTION_FAILED -@return true if page decrypted, false if not.*/ -static bool fil_space_decrypt_full_crc32( +@return DB_SUCCESS or error */ +static dberr_t fil_space_decrypt_full_crc32( ulint space, fil_space_crypt_t* crypt_data, byte* tmp_frame, - byte* src_frame, - dberr_t* err) + byte* src_frame) { uint key_version = mach_read_from_4( src_frame + FIL_PAGE_FCRC32_KEY_VERSION); lsn_t lsn = mach_read_from_8(src_frame + FIL_PAGE_LSN); uint offset = mach_read_from_4(src_frame + FIL_PAGE_OFFSET); - *err = DB_SUCCESS; - if (key_version == ENCRYPTION_KEY_NOT_ENCRYPTED) { - return false; - } + ut_a(key_version != ENCRYPTION_KEY_NOT_ENCRYPTED); ut_ad(crypt_data); ut_ad(crypt_data->is_encrypted()); @@ -659,9 +654,7 @@ static bool fil_space_decrypt_full_crc32( bool corrupted = false; uint size = buf_page_full_crc32_size(src_frame, NULL, &corrupted); if (UNIV_UNLIKELY(corrupted)) { -fail: - *err = DB_DECRYPTION_FAILED; - return false; + return DB_DECRYPTION_FAILED; } uint srclen = size - (FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION @@ -673,7 +666,7 @@ fail: if (rc != MY_AES_OK || dstlen != srclen) { if (rc == -1) { - goto fail; + return DB_DECRYPTION_FAILED; } ib::fatal() << "Unable to decrypt data-block " @@ -690,7 +683,7 @@ fail: srv_stats.pages_decrypted.inc(); - return true; /* page was decrypted */ + return DB_SUCCESS; /* page was decrypted */ } /** Decrypt a page for non full checksum format. @@ -698,14 +691,12 @@ fail: @param[in] tmp_frame Temporary buffer @param[in] physical_size page size @param[in,out] src_frame Page to decrypt -@param[out] err DB_SUCCESS or DB_DECRYPTION_FAILED -@return true if page decrypted, false if not.*/ -static bool fil_space_decrypt_for_non_full_checksum( +@return DB_SUCCESS or error */ +static dberr_t fil_space_decrypt_for_non_full_checksum( fil_space_crypt_t* crypt_data, byte* tmp_frame, ulint physical_size, - byte* src_frame, - dberr_t* err) + byte* src_frame) { uint key_version = mach_read_from_4( src_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); @@ -716,12 +707,7 @@ static bool fil_space_decrypt_for_non_full_checksum( src_frame + FIL_PAGE_ARCH_LOG_NO_OR_SPACE_ID); ib_uint64_t lsn = mach_read_from_8(src_frame + FIL_PAGE_LSN); - *err = DB_SUCCESS; - - if (key_version == ENCRYPTION_KEY_NOT_ENCRYPTED) { - return false; - } - + ut_a(key_version != ENCRYPTION_KEY_NOT_ENCRYPTED); ut_a(crypt_data != NULL && crypt_data->is_encrypted()); /* read space & lsn */ @@ -751,8 +737,7 @@ static bool fil_space_decrypt_for_non_full_checksum( if (! ((rc == MY_AES_OK) && ((ulint) dstlen == srclen))) { if (rc == -1) { - *err = DB_DECRYPTION_FAILED; - return false; + return DB_DECRYPTION_FAILED; } ib::fatal() << "Unable to decrypt data-block " @@ -777,7 +762,7 @@ static bool fil_space_decrypt_for_non_full_checksum( srv_stats.pages_decrypted.inc(); - return true; /* page was decrypted */ + return DB_SUCCESS; /* page was decrypted */ } /** Decrypt a page. @@ -788,25 +773,24 @@ static bool fil_space_decrypt_for_non_full_checksum( @param[in] physical_size page size @param[in,out] src_frame Page to decrypt @param[out] err DB_SUCCESS or DB_DECRYPTION_FAILED -@return true if page decrypted, false if not.*/ -bool +@return DB_SUCCESS or error */ +dberr_t fil_space_decrypt( uint32_t space_id, uint32_t fsp_flags, fil_space_crypt_t* crypt_data, byte* tmp_frame, ulint physical_size, - byte* src_frame, - dberr_t* err) + byte* src_frame) { if (fil_space_t::full_crc32(fsp_flags)) { return fil_space_decrypt_full_crc32( - space_id, crypt_data, tmp_frame, src_frame, err); + space_id, crypt_data, tmp_frame, src_frame); } return fil_space_decrypt_for_non_full_checksum(crypt_data, tmp_frame, - physical_size, src_frame, - err); + physical_size, + src_frame); } /** @@ -822,29 +806,23 @@ fil_space_decrypt( byte* tmp_frame, byte* src_frame) { - dberr_t err = DB_SUCCESS; - byte* res = NULL; const ulint physical_size = space->physical_size(); ut_ad(space->crypt_data != NULL && space->crypt_data->is_encrypted()); ut_ad(space->referenced()); - bool encrypted = fil_space_decrypt(space->id, space->flags, - space->crypt_data, - tmp_frame, physical_size, - src_frame, &err); - - if (err == DB_SUCCESS) { - if (encrypted) { - /* Copy the decrypted page back to page buffer, not - really any other options. */ - memcpy(src_frame, tmp_frame, physical_size); - } - - res = src_frame; + if (DB_SUCCESS != fil_space_decrypt(space->id, space->flags, + space->crypt_data, + tmp_frame, physical_size, + src_frame)) { + return nullptr; } - return res; + /* Copy the decrypted page back to page buffer, not + really any other options. */ + memcpy(src_frame, tmp_frame, physical_size); + + return src_frame; } /***********************************************************************/ @@ -961,13 +939,13 @@ fil_crypt_read_crypt_data(fil_space_t* space) nullptr, BUF_GET_POSSIBLY_FREED, &mtr)) { - if (block->page.status == buf_page_t::FREED) { + if (block->page.is_freed()) { goto func_exit; } mysql_mutex_lock(&fil_system.mutex); if (!space->crypt_data && !space->is_stopping()) { space->crypt_data = fil_space_read_crypt_data( - zip_size, block->frame); + zip_size, block->page.frame); } mysql_mutex_unlock(&fil_system.mutex); } @@ -1024,7 +1002,7 @@ func_exit: page_id_t(space->id, 0), space->zip_size(), RW_X_LATCH, NULL, BUF_GET_POSSIBLY_FREED, &mtr, &err)) { - if (block->page.status == buf_page_t::FREED) { + if (block->page.is_freed()) { goto abort; } @@ -1816,7 +1794,7 @@ fil_crypt_rotate_page( const lsn_t block_lsn = mach_read_from_8(FIL_PAGE_LSN + frame); uint kv = buf_page_get_key_version(frame, space->flags); - if (block->page.status == buf_page_t::FREED) { + if (block->page.is_freed()) { /* Do not modify freed pages to avoid an assertion failure on recovery.*/ } else if (block->page.oldest_modification() > 1) { @@ -1996,7 +1974,7 @@ fil_crypt_flush_space( if (buf_block_t* block = buf_page_get_gen( page_id_t(space->id, 0), space->zip_size(), RW_X_LATCH, NULL, BUF_GET_POSSIBLY_FREED, &mtr)) { - if (block->page.status != buf_page_t::FREED) { + if (block->page.is_freed()) { mtr.set_named_space(space); crypt_data->write_page0(block, &mtr); } @@ -2438,11 +2416,14 @@ encrypted, or corrupted. @return true if page is encrypted AND OK, false otherwise */ bool fil_space_verify_crypt_checksum(const byte* page, ulint zip_size) { - ut_ad(mach_read_from_4(page + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION)); + if (ENCRYPTION_KEY_NOT_ENCRYPTED == mach_read_from_4( + page + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION)) { + return false; + } /* Compressed and encrypted pages do not have checksum. Assume not corrupted. Page verification happens after decompression in - buf_page_read_complete() using buf_page_is_corrupted(). */ + buf_page_t::read_complete() using buf_page_is_corrupted(). */ if (fil_page_get_type(page) == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED) { return true; } |