diff options
Diffstat (limited to 'storage/innobase/fil/fil0fil.cc')
-rw-r--r-- | storage/innobase/fil/fil0fil.cc | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/storage/innobase/fil/fil0fil.cc b/storage/innobase/fil/fil0fil.cc index 0cdbee09548..8c7762c82c3 100644 --- a/storage/innobase/fil/fil0fil.cc +++ b/storage/innobase/fil/fil0fil.cc @@ -6449,7 +6449,6 @@ fil_iterate( bool updated = false; os_offset_t page_off = offset; ulint n_pages_read = (ulint) n_bytes / iter.page_size; - bool decrypted = false; for (ulint i = 0; i < n_pages_read; ++i) { ulint size = iter.page_size; @@ -6457,8 +6456,10 @@ fil_iterate( byte* src = readptr + (i * size); byte* dst = io_buffer + (i * size); bool frame_changed = false; + bool decrypted = false; ulint page_type = mach_read_from_2(src+FIL_PAGE_TYPE); + uint key_version = mach_read_from_4(src+FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION); const bool page_compressed = page_type == FIL_PAGE_PAGE_COMPRESSED_ENCRYPTED @@ -6468,12 +6469,33 @@ fil_iterate( the page. Note that tablespaces are not in fil_system during import. */ if (encrypted) { - decrypted = fil_space_decrypt( + if (key_version) { + /* Verify post encryption checksum before + actual decrypt. */ + if (fil_space_verify_crypt_checksum(src, + callback.get_zip_size(), + NULL, + page_no)) { + decrypted = fil_space_decrypt( iter.crypt_data, - dst, //dst + dst, iter.page_size, - src, // src - &err); // src + src, + &err); + } else { + ib_logf(IB_LOG_LEVEL_ERROR, + "Imported page [page id: space=" ULINTPF + ", page number=" ULINTPF "]" + " is corrupted. Post encryption" + " checksum " ULINTPF + " does not match calculated " ULINTPF ".", + space_id, page_no, + mach_read_from_4(src + FIL_PAGE_FILE_FLUSH_LSN_OR_KEY_VERSION + 4), + fil_crypt_calculate_checksum(callback.get_zip_size(), src)); + + err = DB_CORRUPTION; + } + } if (err != DB_SUCCESS) { return(err); |