diff options
Diffstat (limited to 'storage/innobase')
| -rw-r--r-- | storage/innobase/.clang-format | 10 | ||||
| -rw-r--r-- | storage/innobase/btr/btr0cur.cc | 2 | ||||
| -rw-r--r-- | storage/innobase/buf/buf0buf.cc | 136 | ||||
| -rw-r--r-- | storage/innobase/fil/fil0crypt.cc | 3 | ||||
| -rw-r--r-- | storage/innobase/fil/fil0fil.cc | 5 | ||||
| -rw-r--r-- | storage/innobase/handler/ha_innodb.cc | 69 | ||||
| -rw-r--r-- | storage/innobase/include/log0crypt.h | 8 | ||||
| -rw-r--r-- | storage/innobase/include/srv0srv.h | 15 | ||||
| -rw-r--r-- | storage/innobase/log/log0crypt.cc | 24 | ||||
| -rw-r--r-- | storage/innobase/row/row0log.cc | 9 | ||||
| -rw-r--r-- | storage/innobase/row/row0merge.cc | 4 | ||||
| -rw-r--r-- | storage/innobase/srv/srv0srv.cc | 9 | ||||
| -rw-r--r-- | storage/innobase/srv/srv0start.cc | 6 |
13 files changed, 223 insertions, 77 deletions
diff --git a/storage/innobase/.clang-format b/storage/innobase/.clang-format deleted file mode 100644 index f7a72f3cf24..00000000000 --- a/storage/innobase/.clang-format +++ /dev/null @@ -1,10 +0,0 @@ -UseTab: Always -TabWidth: 8 -IndentWidth: 8 -BreakBeforeBinaryOperators: All -PointerAlignment: Left -AlwaysBreakAfterReturnType: TopLevel -BreakBeforeBraces: Custom -BraceWrapping: - AfterFunction: true -AccessModifierOffset: -8 diff --git a/storage/innobase/btr/btr0cur.cc b/storage/innobase/btr/btr0cur.cc index c5a50f24b83..4ec921991a7 100644 --- a/storage/innobase/btr/btr0cur.cc +++ b/storage/innobase/btr/btr0cur.cc @@ -4926,7 +4926,7 @@ btr_cur_pessimistic_update( ut_ad(dict_index_is_clust(index)); ut_ad(thr_get_trx(thr)->in_rollback); - DBUG_EXECUTE_IF("ib_blob_update_rollback", DBUG_SUICIDE();); + DEBUG_SYNC_C("blob_rollback_middle"); btr_rec_free_updated_extern_fields( index, rec, page_zip, *offsets, update, true, mtr); diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index dc83db7fc95..c270a709f2a 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -57,6 +57,7 @@ Created 11/5/1995 Heikki Tuuri #include "dict0dict.h" #include "log0recv.h" #include "srv0mon.h" +#include "log0crypt.h" #include "fil0pagecompress.h" #include "fsp0pagecompress.h" #endif /* !UNIV_INNOCHECKSUM */ @@ -472,6 +473,45 @@ buf_pool_register_chunk( chunk->blocks->frame, chunk)); } +/** Decrypt a page for temporary tablespace. +@param[in,out] tmp_frame Temporary buffer +@param[in] src_frame Page to decrypt +@return true if temporary tablespace decrypted, false if not */ +static bool buf_tmp_page_decrypt(byte* tmp_frame, byte* src_frame) +{ + if (buf_page_is_zeroes(src_frame, srv_page_size)) { + return true; + } + + /* read space & lsn */ + uint header_len = FIL_PAGE_DATA; + + /* Copy FIL page header, it is not encrypted */ + memcpy(tmp_frame, src_frame, header_len); + + /* Calculate the offset where decryption starts */ + const byte* src = src_frame + header_len; + byte* dst = tmp_frame + header_len; + uint srclen = uint(srv_page_size) + - header_len - FIL_PAGE_DATA_END; + ulint offset = mach_read_from_4(src_frame + FIL_PAGE_OFFSET); + + if (!log_tmp_block_decrypt(src, srclen, dst, + (offset * srv_page_size))) { + return false; + } + + memcpy(tmp_frame + srv_page_size - FIL_PAGE_DATA_END, + src_frame + srv_page_size - FIL_PAGE_DATA_END, + FIL_PAGE_DATA_END); + + memcpy(src_frame, tmp_frame, srv_page_size); + srv_stats.pages_decrypted.inc(); + srv_stats.n_temp_blocks_decrypted.inc(); + + return true; /* page was decrypted */ +} + /** Decrypt a page. @param[in,out] bpage Page control block @param[in,out] space tablespace @@ -492,6 +532,22 @@ static bool buf_page_decrypt_after_read(buf_page_t* bpage, fil_space_t* space) return (true); } + if (space->purpose == FIL_TYPE_TEMPORARY + && innodb_encrypt_temporary_tables) { + buf_tmp_buffer_t* slot = buf_pool_reserve_tmp_slot(buf_pool); + buf_tmp_reserve_crypt_buf(slot); + + if (!buf_tmp_page_decrypt(slot->crypt_buf, dst_frame)) { + slot->release(); + ib::error() << "Encrypted page " << bpage->id + << " in file " << space->chain.start->name; + return false; + } + + slot->release(); + return true; + } + /* Page is encrypted if encryption information is found from tablespace and page contains used key_version. This is true also for pages first compressed and then encrypted. */ @@ -1283,14 +1339,16 @@ buf_madvise_do_dump() @param[in] zip_size compressed page size, or 0 */ void buf_page_print(const byte* read_buf, ulint zip_size) { - const ulint size = zip_size ? zip_size : srv_page_size; dict_index_t* index; +#ifndef UNIV_DEBUG + const ulint size = zip_size ? zip_size : srv_page_size; ib::info() << "Page dump in ascii and hex (" << size << " bytes):"; ut_print_buf(stderr, read_buf, size); fputs("\nInnoDB: End of page dump\n", stderr); +#endif if (zip_size) { /* Print compressed page. */ @@ -7353,6 +7411,44 @@ operator<<( return(out); } +/** Encrypt a buffer of temporary tablespace +@param[in] offset Page offset +@param[in] src_frame Page to encrypt +@param[in,out] dst_frame Output buffer +@return encrypted buffer or NULL */ +static byte* buf_tmp_page_encrypt( + ulint offset, + byte* src_frame, + byte* dst_frame) +{ + uint header_len = FIL_PAGE_DATA; + /* FIL page header is not encrypted */ + memcpy(dst_frame, src_frame, header_len); + + /* Calculate the start offset in a page */ + uint unencrypted_bytes = header_len + FIL_PAGE_DATA_END; + uint srclen = srv_page_size - unencrypted_bytes; + const byte* src = src_frame + header_len; + byte* dst = dst_frame + header_len; + + if (!log_tmp_block_encrypt(src, srclen, dst, (offset * srv_page_size), + true)) { + return NULL; + } + + memcpy(dst_frame + srv_page_size - FIL_PAGE_DATA_END, + src_frame + srv_page_size - FIL_PAGE_DATA_END, + FIL_PAGE_DATA_END); + + /* Handle post encryption checksum */ + mach_write_to_4(dst_frame + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4, + buf_calc_page_crc32(dst_frame)); + + srv_stats.pages_encrypted.inc(); + srv_stats.n_temp_blocks_encrypted.inc(); + return dst_frame; +} + /** Encryption and page_compression hook that is called just before a page is written to disk. @param[in,out] space tablespace @@ -7386,13 +7482,20 @@ buf_page_encrypt( fil_space_crypt_t* crypt_data = space->crypt_data; - const bool encrypted = crypt_data - && !crypt_data->not_encrypted() - && crypt_data->type != CRYPT_SCHEME_UNENCRYPTED - && (!crypt_data->is_default_encryption() - || srv_encrypt_tables); + bool encrypted, page_compressed; - bool page_compressed = space->is_compressed(); + if (space->purpose == FIL_TYPE_TEMPORARY) { + ut_ad(!crypt_data); + encrypted = innodb_encrypt_temporary_tables; + page_compressed = false; + } else { + encrypted = crypt_data + && !crypt_data->not_encrypted() + && crypt_data->type != CRYPT_SCHEME_UNENCRYPTED + && (!crypt_data->is_default_encryption() + || srv_encrypt_tables); + page_compressed = space->is_compressed(); + } if (!encrypted && !page_compressed) { /* No need to encrypt or page compress the page. @@ -7432,18 +7535,25 @@ buf_page_encrypt( if (!page_compressed) { not_compressed: - /* Encrypt page content */ - byte* tmp = fil_space_encrypt(space, - bpage->id.page_no(), - bpage->newest_modification, - src_frame, - dst_frame); + byte* tmp; + if (space->purpose == FIL_TYPE_TEMPORARY) { + /* Encrypt temporary tablespace page content */ + tmp = buf_tmp_page_encrypt(bpage->id.page_no(), + src_frame, dst_frame); + } else { + /* Encrypt page content */ + tmp = fil_space_encrypt( + space, bpage->id.page_no(), + bpage->newest_modification, + src_frame, dst_frame); + } bpage->real_size = srv_page_size; slot->out_buf = dst_frame = tmp; ut_d(fil_page_type_validate(space, tmp)); } else { + ut_ad(space->purpose != FIL_TYPE_TEMPORARY); /* First we compress the page content */ buf_tmp_reserve_compression_buf(slot); byte* tmp = slot->comp_buf; diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 44cc9daa508..837c8d0825e 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -2621,7 +2621,8 @@ fil_space_crypt_close_tablespace( { fil_space_crypt_t* crypt_data = space->crypt_data; - if (!crypt_data || srv_n_fil_crypt_threads == 0) { + if (!crypt_data || srv_n_fil_crypt_threads == 0 + || !fil_crypt_threads_inited) { return; } diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index be422c7c467..8a44aa83418 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -4295,6 +4295,11 @@ fil_io( req_type.set_fil_node(node); + ut_ad(!req_type.is_write() + || page_id.space() == SRV_LOG_SPACE_FIRST_ID + || !fil_is_user_tablespace_id(page_id.space()) + || offset == page_id.page_no() * zip_size); + /* Queue the aio request */ dberr_t err = os_aio( req_type, diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 5913158fb3c..5443394ffdd 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -1151,6 +1151,12 @@ static SHOW_VAR innodb_status_variables[]= { {"encryption_n_rowlog_blocks_decrypted", (char*)&export_vars.innodb_n_rowlog_blocks_decrypted, SHOW_LONGLONG}, + {"encryption_n_temp_blocks_encrypted", + (char*)&export_vars.innodb_n_temp_blocks_encrypted, + SHOW_LONGLONG}, + {"encryption_n_temp_blocks_decrypted", + (char*)&export_vars.innodb_n_temp_blocks_decrypted, + SHOW_LONGLONG}, /* scrubing */ {"scrub_background_page_reorganizations", @@ -3792,7 +3798,8 @@ static int innodb_init_params() } #endif - if ((srv_encrypt_tables || srv_encrypt_log) + if ((srv_encrypt_tables || srv_encrypt_log + || innodb_encrypt_temporary_tables) && !encryption_key_id_exists(FIL_DEFAULT_ENCRYPTION_KEY)) { sql_print_error("InnoDB: cannot enable encryption, " "encryption plugin is not available"); @@ -6195,7 +6202,7 @@ no_such_table: if (!thd_tablespace_op(thd)) { set_my_errno(ENOENT); - int ret_err = HA_ERR_NO_SUCH_TABLE; + int ret_err = HA_ERR_TABLESPACE_MISSING; if (space && space->crypt_data && space->crypt_data->is_encrypted()) { @@ -9378,7 +9385,7 @@ ha_innobase::index_read( table->s->table_name.str); table->status = STATUS_NOT_FOUND; - error = HA_ERR_NO_SUCH_TABLE; + error = HA_ERR_TABLESPACE_MISSING; break; case DB_TABLESPACE_NOT_FOUND: @@ -9389,8 +9396,7 @@ ha_innobase::index_read( table->s->table_name.str); table->status = STATUS_NOT_FOUND; - //error = HA_ERR_TABLESPACE_MISSING; - error = HA_ERR_NO_SUCH_TABLE; + error = HA_ERR_TABLESPACE_MISSING; break; default: @@ -9531,15 +9537,16 @@ ha_innobase::change_active_index( /* Initialization of search_tuple is not needed for FT index since FT search returns rank only. In addition engine should be able to retrieve FTS_DOC_ID column value if necessary. */ - if ((m_prebuilt->index->type & DICT_FTS)) { -#ifdef MYSQL_STORE_FTS_DOC_ID - if (table->fts_doc_id_field - && bitmap_is_set(table->read_set, - table->fts_doc_id_field->field_index - && m_prebuilt->read_just_key)) { - m_prebuilt->fts_doc_id_in_read_set = 1; + if (m_prebuilt->index->type & DICT_FTS) { + for (uint i = 0; i < table->s->fields; i++) { + if (m_prebuilt->read_just_key + && bitmap_is_set(table->read_set, i) + && !strcmp(table->s->field[i]->field_name.str, + FTS_DOC_ID_COL_NAME)) { + m_prebuilt->fts_doc_id_in_read_set = true; + break; + } } -#endif } else { ulint n_fields = dict_index_get_n_unique_in_tree( m_prebuilt->index); @@ -9552,13 +9559,10 @@ ha_innobase::change_active_index( /* If it's FTS query and FTS_DOC_ID exists FTS_DOC_ID field is always added to read_set. */ - -#ifdef MYSQL_STORE_FTS_DOC_ID - m_prebuilt->fts_doc_id_in_read_set = - (m_prebuilt->read_just_key && table->fts_doc_id_field - && m_prebuilt->in_fts_query); -#endif - + m_prebuilt->fts_doc_id_in_read_set = m_prebuilt->in_fts_query + && m_prebuilt->read_just_key + && m_prebuilt->index->contains_col_or_prefix( + m_prebuilt->table->fts->doc_col, false); } /* MySQL changes the active index for a handle also during some @@ -9637,7 +9641,7 @@ ha_innobase::general_fetch( table->s->table_name.str); table->status = STATUS_NOT_FOUND; - error = HA_ERR_NO_SUCH_TABLE; + error = HA_ERR_TABLESPACE_MISSING; break; case DB_TABLESPACE_NOT_FOUND: @@ -9946,7 +9950,7 @@ ha_innobase::ft_init_ext( /* If tablespace is discarded, we should return here */ if (!ft_table->space) { - my_error(ER_NO_SUCH_TABLE, MYF(0), table->s->db.str, + my_error(ER_TABLESPACE_MISSING, MYF(0), table->s->db.str, table->s->table_name.str); return(NULL); } @@ -10163,7 +10167,7 @@ next_record: table->s->table_name.str); table->status = STATUS_NOT_FOUND; - error = HA_ERR_NO_SUCH_TABLE; + error = HA_ERR_TABLESPACE_MISSING; break; case DB_TABLESPACE_NOT_FOUND: @@ -11144,6 +11148,17 @@ err_col: dict_table_add_system_columns(table, heap); if (table->is_temporary()) { + if ((options->encryption == 1 + && !innodb_encrypt_temporary_tables) + || (options->encryption == 2 + && innodb_encrypt_temporary_tables)) { + push_warning_printf(m_thd, + Sql_condition::WARN_LEVEL_WARN, + ER_ILLEGAL_HA_CREATE_OPTION, + "Ignoring encryption parameter during " + "temporary table creation."); + } + m_trx->table_id = table->id = dict_sys.get_temporary_table_id(); ut_ad(dict_tf_get_rec_format(table->flags) @@ -15599,7 +15614,7 @@ ha_innobase::external_lock( ER_TABLESPACE_DISCARDED, table->s->table_name.str); - DBUG_RETURN(HA_ERR_NO_SUCH_TABLE); + DBUG_RETURN(HA_ERR_TABLESPACE_MISSING); } row_quiesce_table_start(m_prebuilt->table, trx); @@ -19949,6 +19964,11 @@ static MYSQL_SYSVAR_BOOL(debug_force_scrubbing, NULL, NULL, FALSE); #endif /* UNIV_DEBUG */ +static MYSQL_SYSVAR_BOOL(encrypt_temporary_tables, innodb_encrypt_temporary_tables, + PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, + "Enrypt the temporary table data.", + NULL, NULL, false); + static struct st_mysql_sys_var* innobase_system_variables[]= { MYSQL_SYSVAR(autoextend_increment), MYSQL_SYSVAR(buffer_pool_size), @@ -20155,6 +20175,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= { #endif MYSQL_SYSVAR(buf_dump_status_frequency), MYSQL_SYSVAR(background_thread), + MYSQL_SYSVAR(encrypt_temporary_tables), NULL }; diff --git a/storage/innobase/include/log0crypt.h b/storage/innobase/include/log0crypt.h index c54a369ff47..8d26ccb2ba3 100644 --- a/storage/innobase/include/log0crypt.h +++ b/storage/innobase/include/log0crypt.h @@ -96,7 +96,6 @@ bool log_crypt(byte* buf, lsn_t lsn, ulint size, log_crypt_t op = LOG_ENCRYPT); @param[in] size size of the block @param[out] dst destination block @param[in] offs offset to block -@param[in] space_id tablespace id @param[in] encrypt true=encrypt; false=decrypt @return whether the operation succeeded */ UNIV_INTERN @@ -106,7 +105,6 @@ log_tmp_block_encrypt( ulint size, byte* dst, uint64_t offs, - ulint space_id, bool encrypt = true) MY_ATTRIBUTE((warn_unused_result, nonnull)); @@ -115,7 +113,6 @@ log_tmp_block_encrypt( @param[in] size size of the block @param[out] dst destination block @param[in] offs offset to block -@param[in] space_id tablespace id @return whether the operation succeeded */ inline bool @@ -123,10 +120,9 @@ log_tmp_block_decrypt( const byte* src, ulint size, byte* dst, - uint64_t offs, - ulint space_id) + uint64_t offs) { - return(log_tmp_block_encrypt(src, size, dst, offs, space_id, false)); + return(log_tmp_block_encrypt(src, size, dst, offs, false)); } /** @return whether temporary files are encrypted */ diff --git a/storage/innobase/include/srv0srv.h b/storage/innobase/include/srv0srv.h index 6494365b69f..843eadacc5f 100644 --- a/storage/innobase/include/srv0srv.h +++ b/storage/innobase/include/srv0srv.h @@ -184,6 +184,12 @@ struct srv_stats_t /** Number of spaces in keyrotation list */ ulint_ctr_64_t key_rotation_list_length; + + /** Number of temporary tablespace blocks encrypted */ + ulint_ctr_64_t n_temp_blocks_encrypted; + + /** Number of temporary tablespace blocks decrypted */ + ulint_ctr_64_t n_temp_blocks_decrypted; }; extern const char* srv_main_thread_op_info; @@ -472,6 +478,9 @@ extern ulong srv_max_purge_lag; extern ulong srv_max_purge_lag_delay; extern ulong srv_replication_delay; + +extern my_bool innodb_encrypt_temporary_tables; + /*-------------------------------------------*/ /** Modes of operation */ @@ -1020,6 +1029,12 @@ struct export_var_t{ /*!< Number of row log blocks decrypted */ ib_int64_t innodb_n_rowlog_blocks_decrypted; + /* Number of temporary tablespace pages encrypted */ + ib_int64_t innodb_n_temp_blocks_encrypted; + + /* Number of temporary tablespace pages decrypted */ + ib_int64_t innodb_n_temp_blocks_decrypted; + ulint innodb_sec_rec_cluster_reads; /*!< srv_sec_rec_cluster_reads */ ulint innodb_sec_rec_cluster_reads_avoided;/*!< srv_sec_rec_cluster_reads_avoided */ diff --git a/storage/innobase/log/log0crypt.cc b/storage/innobase/log/log0crypt.cc index b088c9af09d..c2ec46158c6 100644 --- a/storage/innobase/log/log0crypt.cc +++ b/storage/innobase/log/log0crypt.cc @@ -66,6 +66,9 @@ struct crypt_info_t { /** The crypt info */ static crypt_info_t info; +/** Initialization vector used for temporary files/tablespace */ +static byte tmp_iv[MY_AES_BLOCK_SIZE]; + /** Crypt info when upgrading from 10.1 */ static crypt_info_t infos[5 * 2]; /** First unused slot in infos[] */ @@ -243,9 +246,6 @@ UNIV_INTERN bool log_crypt_init() { - ut_ad(log_mutex_own()); - ut_ad(log_sys.is_encrypted()); - info.key_version = encryption_key_get_latest_version( LOG_DEFAULT_ENCRYPTION_KEY); @@ -255,7 +255,8 @@ log_crypt_init() return false; } - if (my_random_bytes(info.crypt_msg.bytes, MY_AES_BLOCK_SIZE) + if (my_random_bytes(tmp_iv, MY_AES_BLOCK_SIZE) != MY_AES_OK + || my_random_bytes(info.crypt_msg.bytes, sizeof info.crypt_msg) != MY_AES_OK || my_random_bytes(info.crypt_nonce.bytes, sizeof info.crypt_nonce) != MY_AES_OK) { @@ -422,7 +423,6 @@ log_crypt_read_checkpoint_buf(const byte* buf) @param[in] size size of the block @param[out] dst destination block @param[in] offs offset to block -@param[in] space_id tablespace id @param[in] encrypt true=encrypt; false=decrypt @return whether the operation succeeded */ UNIV_INTERN @@ -432,19 +432,17 @@ log_tmp_block_encrypt( ulint size, byte* dst, uint64_t offs, - ulint space_id, bool encrypt) { uint dst_len; - uint64_t aes_ctr_iv[MY_AES_BLOCK_SIZE / sizeof(uint64_t)]; - bzero(aes_ctr_iv, sizeof aes_ctr_iv); - aes_ctr_iv[0] = space_id; - aes_ctr_iv[1] = offs; + uint64_t iv[MY_AES_BLOCK_SIZE / sizeof(uint64_t)]; + iv[0] = offs; + memcpy(iv + 1, tmp_iv, sizeof iv - sizeof *iv); int rc = encryption_crypt( - src, (uint)size, dst, &dst_len, - info.crypt_key.bytes, MY_AES_BLOCK_SIZE, - reinterpret_cast<byte*>(aes_ctr_iv), (uint)(sizeof aes_ctr_iv), + src, uint(size), dst, &dst_len, + const_cast<byte*>(info.crypt_key.bytes), MY_AES_BLOCK_SIZE, + reinterpret_cast<byte*>(iv), uint(sizeof iv), encrypt ? ENCRYPTION_FLAG_ENCRYPT|ENCRYPTION_FLAG_NOPAD : ENCRYPTION_FLAG_DECRYPT|ENCRYPTION_FLAG_NOPAD, diff --git a/storage/innobase/row/row0log.cc b/storage/innobase/row/row0log.cc index 02c4d1b0d82..b6e31a2b017 100644 --- a/storage/innobase/row/row0log.cc +++ b/storage/innobase/row/row0log.cc @@ -444,8 +444,7 @@ row_log_online_op( if (log_tmp_is_encrypted()) { if (!log_tmp_block_encrypt( buf, srv_sort_buf_size, - log->crypt_tail, byte_offset, - index->table->space_id)) { + log->crypt_tail, byte_offset)) { log->error = DB_DECRYPTION_FAILED; goto write_failed; } @@ -2886,8 +2885,7 @@ all_done: if (log_tmp_is_encrypted()) { if (!log_tmp_block_decrypt( buf, srv_sort_buf_size, - index->online_log->crypt_head, - ofs, index->table->space_id)) { + index->online_log->crypt_head, ofs)) { error = DB_DECRYPTION_FAILED; goto func_exit; } @@ -3792,8 +3790,7 @@ all_done: if (log_tmp_is_encrypted()) { if (!log_tmp_block_decrypt( buf, srv_sort_buf_size, - index->online_log->crypt_head, - ofs, index->table->space_id)) { + index->online_log->crypt_head, ofs)) { error = DB_DECRYPTION_FAILED; goto func_exit; } diff --git a/storage/innobase/row/row0merge.cc b/storage/innobase/row/row0merge.cc index a7129b588b9..e62a41e4275 100644 --- a/storage/innobase/row/row0merge.cc +++ b/storage/innobase/row/row0merge.cc @@ -1101,7 +1101,7 @@ row_merge_read( /* If encryption is enabled decrypt buffer */ if (success && log_tmp_is_encrypted()) { if (!log_tmp_block_decrypt(buf, srv_sort_buf_size, - crypt_buf, ofs, space)) { + crypt_buf, ofs)) { return (FALSE); } @@ -1150,7 +1150,7 @@ row_merge_write( if (!log_tmp_block_encrypt(static_cast<const byte*>(buf), buf_len, static_cast<byte*>(crypt_buf), - ofs, space)) { + ofs)) { return false; } diff --git a/storage/innobase/srv/srv0srv.cc b/storage/innobase/srv/srv0srv.cc index ace166273a6..909b208b9d8 100644 --- a/storage/innobase/srv/srv0srv.cc +++ b/storage/innobase/srv/srv0srv.cc @@ -423,6 +423,9 @@ my_bool srv_print_innodb_lock_monitor; PRIMARY KEY */ my_bool srv_force_primary_key; +/** Key version to encrypt the temporary tablespace */ +my_bool innodb_encrypt_temporary_tables; + /* Array of English strings describing the current state of an i/o handler thread */ @@ -1586,6 +1589,12 @@ srv_export_innodb_status(void) export_vars.innodb_n_rowlog_blocks_encrypted = srv_stats.n_rowlog_blocks_encrypted; export_vars.innodb_n_rowlog_blocks_decrypted = srv_stats.n_rowlog_blocks_decrypted; + export_vars.innodb_n_temp_blocks_encrypted = + srv_stats.n_temp_blocks_encrypted; + + export_vars.innodb_n_temp_blocks_decrypted = + srv_stats.n_temp_blocks_decrypted; + export_vars.innodb_defragment_compression_failures = btr_defragment_compression_failures; export_vars.innodb_defragment_failures = btr_defragment_failures; diff --git a/storage/innobase/srv/srv0start.cc b/storage/innobase/srv/srv0start.cc index 328f1d209a5..985382c69a5 100644 --- a/storage/innobase/srv/srv0start.cc +++ b/storage/innobase/srv/srv0start.cc @@ -484,7 +484,7 @@ create_log_files( /* Create a log checkpoint. */ log_mutex_enter(); if (log_sys.is_encrypted() && !log_crypt_init()) { - return(DB_ERROR); + return DB_ERROR; } ut_d(recv_no_log_write = false); log_sys.lsn = ut_uint64_align_up(lsn, OS_FILE_LOG_BLOCK_SIZE); @@ -1614,6 +1614,10 @@ dberr_t srv_start(bool create_new_db) srv_log_file_size_requested = srv_log_file_size; + if (innodb_encrypt_temporary_tables && !log_crypt_init()) { + return srv_init_abort(DB_ERROR); + } + if (create_new_db) { buf_flush_sync_all_buf_pools(); |