Commit a9adfc0f authored by Marko Mäkelä's avatar Marko Mäkelä

MDEV-9948 Failing assertion: new_state->key_version !=...

MDEV-9948 Failing assertion: new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID in fil0crypt.cc

The test encryption.innodb-redo-nokeys did not actually test
recovery without valid keys, because due to the setting
innodb_encrypt_tables, InnoDB refused to start up at all,
without even attempting any crash recovery.

fil_ibd_load(): If the encryption key is not available,
refuse to load the file.
parent 4abb023b
call mtr.add_suppression("(mysqld|mariadbd).*: File .*"); call mtr.add_suppression("mariadbd.*: File .*");
call mtr.add_suppression("Plugin 'file_key_management' .*"); call mtr.add_suppression("Plugin 'file_key_management' .*");
call mtr.add_suppression("InnoDB: cannot enable encryption, encryption plugin is not available"); call mtr.add_suppression("InnoDB: We do not continue the crash recovery");
call mtr.add_suppression("InnoDB: Plugin initialization aborted");
call mtr.add_suppression("Plugin 'InnoDB' init function returned error\\."); call mtr.add_suppression("Plugin 'InnoDB' init function returned error\\.");
call mtr.add_suppression("Plugin 'InnoDB' registration as a STORAGE ENGINE failed."); call mtr.add_suppression("Plugin 'InnoDB' registration as a STORAGE ENGINE failed.");
call mtr.add_suppression("InnoDB: The page \\[page id: space=[0-9]+, page number=[0-9]+\\] in file '.*test.t[1-4]\\.ibd' cannot be decrypted\\."); call mtr.add_suppression("InnoDB: The page \\[page id: space=[0-9]+, page number=[0-9]+\\] in file '.*test.t[1-4]\\.ibd' cannot be decrypted\\.");
...@@ -8,14 +9,15 @@ call mtr.add_suppression("failed to read or decrypt \\[page id: space=[1-9][0-9] ...@@ -8,14 +9,15 @@ call mtr.add_suppression("failed to read or decrypt \\[page id: space=[1-9][0-9]
# restart: --file-key-management-filename=MYSQL_TEST_DIR/std_data/keys2.txt # restart: --file-key-management-filename=MYSQL_TEST_DIR/std_data/keys2.txt
SET GLOBAL innodb_file_per_table = ON; SET GLOBAL innodb_file_per_table = ON;
create table t1(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes encryption_key_id=20; create table t1(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes encryption_key_id=20;
create table t2(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed; create table t2(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes;
create table t3(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb encrypted=yes encryption_key_id=20; create table t3(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb encrypted=yes encryption_key_id=20;
create table t4(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb; create table t4(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb encrypted=yes;
begin; begin;
insert into t2 select * from t1; insert into t2 select * from t1;
insert into t3 select * from t1; insert into t3 select * from t1;
insert into t4 select * from t1; insert into t4 select * from t1;
commit; commit;
CREATE TABLE t5 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES;
SET GLOBAL innodb_flush_log_at_trx_commit=1; SET GLOBAL innodb_flush_log_at_trx_commit=1;
begin; begin;
update t1 set c = repeat('secret3', 20); update t1 set c = repeat('secret3', 20);
...@@ -26,8 +28,13 @@ insert into t1 (c,b) values (repeat('secret5',20), repeat('secret6',6000)); ...@@ -26,8 +28,13 @@ insert into t1 (c,b) values (repeat('secret5',20), repeat('secret6',6000));
insert into t2 (c,b) values (repeat('secret7',20), repeat('secret8',6000)); insert into t2 (c,b) values (repeat('secret7',20), repeat('secret8',6000));
insert into t3 (c,b) values (repeat('secret9',20), repeat('secre10',6000)); insert into t3 (c,b) values (repeat('secret9',20), repeat('secre10',6000));
insert into t4 (c,b) values (repeat('secre11',20), repeat('secre12',6000)); insert into t4 (c,b) values (repeat('secre11',20), repeat('secre12',6000));
INSERT INTO t5 VALUES ('foo'),('bar');
COMMIT; COMMIT;
# Kill the server # Kill the server
# restart: --file-key-management-filename=MYSQL_TEST_DIR/std_data/keys-not-found.txt
SELECT * FROM INFORMATION_SCHEMA.ENGINES
WHERE engine = 'innodb'
AND support IN ('YES', 'DEFAULT', 'ENABLED');
ENGINE SUPPORT COMMENT TRANSACTIONS XA SAVEPOINTS
# restart: --file-key-management-filename=MYSQL_TEST_DIR/std_data/keys2.txt # restart: --file-key-management-filename=MYSQL_TEST_DIR/std_data/keys2.txt
# restart: --file-key-management-filename=MYSQL_TEST_DIR/std_data/keys2.txt drop table t1,t2,t3,t4,t5;
drop table t1, t2,t3,t4;
--innodb-change-buffering=none --innodb-change-buffering=none
--innodb-encrypt-tables=on
--innodb-default-encryption-key-id=20 --innodb-default-encryption-key-id=20
...@@ -3,9 +3,10 @@ ...@@ -3,9 +3,10 @@
# embedded does not support restart # embedded does not support restart
-- source include/not_embedded.inc -- source include/not_embedded.inc
call mtr.add_suppression("(mysqld|mariadbd).*: File .*"); call mtr.add_suppression("mariadbd.*: File .*");
call mtr.add_suppression("Plugin 'file_key_management' .*"); call mtr.add_suppression("Plugin 'file_key_management' .*");
call mtr.add_suppression("InnoDB: cannot enable encryption, encryption plugin is not available"); call mtr.add_suppression("InnoDB: We do not continue the crash recovery");
call mtr.add_suppression("InnoDB: Plugin initialization aborted");
call mtr.add_suppression("Plugin 'InnoDB' init function returned error\\."); call mtr.add_suppression("Plugin 'InnoDB' init function returned error\\.");
call mtr.add_suppression("Plugin 'InnoDB' registration as a STORAGE ENGINE failed."); call mtr.add_suppression("Plugin 'InnoDB' registration as a STORAGE ENGINE failed.");
call mtr.add_suppression("InnoDB: The page \\[page id: space=[0-9]+, page number=[0-9]+\\] in file '.*test.t[1-4]\\.ibd' cannot be decrypted\\."); call mtr.add_suppression("InnoDB: The page \\[page id: space=[0-9]+, page number=[0-9]+\\] in file '.*test.t[1-4]\\.ibd' cannot be decrypted\\.");
...@@ -17,9 +18,9 @@ call mtr.add_suppression("failed to read or decrypt \\[page id: space=[1-9][0-9] ...@@ -17,9 +18,9 @@ call mtr.add_suppression("failed to read or decrypt \\[page id: space=[1-9][0-9]
SET GLOBAL innodb_file_per_table = ON; SET GLOBAL innodb_file_per_table = ON;
create table t1(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes encryption_key_id=20; create table t1(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes encryption_key_id=20;
create table t2(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed; create table t2(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes;
create table t3(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb encrypted=yes encryption_key_id=20; create table t3(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb encrypted=yes encryption_key_id=20;
create table t4(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb; create table t4(a int not null primary key auto_increment, c char(200), b blob, index(b(10))) engine=innodb encrypted=yes;
begin; begin;
--disable_query_log --disable_query_log
...@@ -45,6 +46,7 @@ commit; ...@@ -45,6 +46,7 @@ commit;
# happens, InnoDB refuses to start as used # happens, InnoDB refuses to start as used
# encryption key is not found. # encryption key is not found.
# #
CREATE TABLE t5 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES;
SET GLOBAL innodb_flush_log_at_trx_commit=1; SET GLOBAL innodb_flush_log_at_trx_commit=1;
begin; begin;
update t1 set c = repeat('secret3', 20); update t1 set c = repeat('secret3', 20);
...@@ -55,12 +57,19 @@ insert into t1 (c,b) values (repeat('secret5',20), repeat('secret6',6000)); ...@@ -55,12 +57,19 @@ insert into t1 (c,b) values (repeat('secret5',20), repeat('secret6',6000));
insert into t2 (c,b) values (repeat('secret7',20), repeat('secret8',6000)); insert into t2 (c,b) values (repeat('secret7',20), repeat('secret8',6000));
insert into t3 (c,b) values (repeat('secret9',20), repeat('secre10',6000)); insert into t3 (c,b) values (repeat('secret9',20), repeat('secre10',6000));
insert into t4 (c,b) values (repeat('secre11',20), repeat('secre12',6000)); insert into t4 (c,b) values (repeat('secre11',20), repeat('secre12',6000));
INSERT INTO t5 VALUES ('foo'),('bar');
COMMIT; COMMIT;
let $cleanup= drop table t1,t2,t3,t4;
let $cleanup= drop table t1,t2,t3,t4,t5;
--let CLEANUP_IF_CHECKPOINT= $cleanup; --let CLEANUP_IF_CHECKPOINT= $cleanup;
--source ../../suite/innodb/include/no_checkpoint_end.inc --source ../../suite/innodb/include/no_checkpoint_end.inc
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys-not-found.txt
-- source include/start_mysqld.inc -- source include/start_mysqld.inc
SELECT * FROM INFORMATION_SCHEMA.ENGINES
WHERE engine = 'innodb'
AND support IN ('YES', 'DEFAULT', 'ENABLED');
# #
# In above server does start but InnoDB refuses to start # In above server does start but InnoDB refuses to start
# thus we need to restart server with correct key file # thus we need to restart server with correct key file
...@@ -68,4 +77,4 @@ let $cleanup= drop table t1,t2,t3,t4; ...@@ -68,4 +77,4 @@ let $cleanup= drop table t1,t2,t3,t4;
-- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys2.txt -- let $restart_parameters=--file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys2.txt
-- source include/restart_mysqld.inc -- source include/restart_mysqld.inc
drop table t1, t2,t3,t4; drop table t1,t2,t3,t4,t5;
...@@ -3118,6 +3118,13 @@ fil_ibd_load( ...@@ -3118,6 +3118,13 @@ fil_ibd_load(
? fil_space_read_crypt_data(fil_space_t::zip_size(flags), ? fil_space_read_crypt_data(fil_space_t::zip_size(flags),
first_page) first_page)
: NULL; : NULL;
if (crypt_data && !crypt_data->is_key_found()) {
crypt_data->~fil_space_crypt_t();
ut_free(crypt_data);
return FIL_LOAD_INVALID;
}
space = fil_space_t::create( space = fil_space_t::create(
file.name(), space_id, flags, FIL_TYPE_TABLESPACE, crypt_data); file.name(), space_id, flags, FIL_TYPE_TABLESPACE, crypt_data);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment