mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
MDEV-8817: Failing assertion: new_state->key_version != ENCRYPTION_KEY_VERSION_INVALID
Folloup: Made encryption rules too strict (and incorrect). Allow creating table with ENCRYPTED=OFF with all values of ENCRYPTION_KEY_ID but create warning that nondefault values are ignored. Allow creating table with ENCRYPTED=DEFAULT if used key_id is found from key file (there was bug on this) and give error if key_id is not found.
This commit is contained in:
Jan Lindström
@ -3,11 +3,51 @@ SET GLOBAL innodb_file_per_table = ON;
|
|||||||
SET GLOBAL innodb_encrypt_tables = ON;
|
SET GLOBAL innodb_encrypt_tables = ON;
|
||||||
SET GLOBAL innodb_encryption_threads = 4;
|
SET GLOBAL innodb_encryption_threads = 4;
|
||||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=4;
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=4;
|
||||||
|
Warnings:
|
||||||
|
Warning 140 InnoDB: Ignored ENCRYPTION_KEY_ID 4 when encryption is disabled
|
||||||
|
DROP TABLE t1;
|
||||||
|
set innodb_default_encryption_key_id = 99;
|
||||||
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
|
||||||
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||||
|
SHOW WARNINGS;
|
||||||
|
Level Code Message
|
||||||
|
Warning 140 InnoDB: ENCRYPTION_KEY_ID 99 not available
|
||||||
|
Error 1005 Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||||
|
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||||
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES;
|
||||||
|
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||||
|
SHOW WARNINGS;
|
||||||
|
Level Code Message
|
||||||
|
Warning 140 InnoDB: ENCRYPTION_KEY_ID 99 not available
|
||||||
|
Error 1005 Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||||
|
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||||
|
set innodb_default_encryption_key_id = 4;
|
||||||
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES;
|
||||||
|
SHOW CREATE TABLE t1;
|
||||||
|
Table Create Table
|
||||||
|
t1 CREATE TABLE `t1` (
|
||||||
|
`pk` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`c` varchar(256) DEFAULT NULL,
|
||||||
|
PRIMARY KEY (`pk`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTED`=YES `ENCRYPTION_KEY_ID`=4
|
||||||
|
DROP TABLE t1;
|
||||||
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
|
||||||
|
SHOW CREATE TABLE t1;
|
||||||
|
Table Create Table
|
||||||
|
t1 CREATE TABLE `t1` (
|
||||||
|
`pk` int(11) NOT NULL AUTO_INCREMENT,
|
||||||
|
`c` varchar(256) DEFAULT NULL,
|
||||||
|
PRIMARY KEY (`pk`)
|
||||||
|
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTION_KEY_ID`=4
|
||||||
CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=1;
|
CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=1;
|
||||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES ENCRYPTION_KEY_ID=4;
|
Warnings:
|
||||||
ALTER TABLE t2 ENCRYPTION_KEY_ID=4;
|
Warning 140 InnoDB: Ignored ENCRYPTION_KEY_ID 1 when encryption is disabled
|
||||||
ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
|
||||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=99;
|
ALTER TABLE t1 ENCRYPTION_KEY_ID=99;
|
||||||
ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||||
|
SHOW WARNINGS;
|
||||||
|
Level Code Message
|
||||||
|
Warning 140 InnoDB: ENCRYPTION_KEY_ID 99 not available
|
||||||
|
Error 1005 Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||||
|
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||||
|
set innodb_default_encryption_key_id = 1;
|
||||||
drop table t1,t2;
|
drop table t1,t2;
|
||||||
|
|||||||
@ -17,16 +17,29 @@ SET GLOBAL innodb_file_per_table = ON;
|
|||||||
SET GLOBAL innodb_encrypt_tables = ON;
|
SET GLOBAL innodb_encrypt_tables = ON;
|
||||||
SET GLOBAL innodb_encryption_threads = 4;
|
SET GLOBAL innodb_encryption_threads = 4;
|
||||||
|
|
||||||
--error 1005
|
|
||||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=4;
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=4;
|
||||||
CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=1;
|
DROP TABLE t1;
|
||||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES ENCRYPTION_KEY_ID=4;
|
set innodb_default_encryption_key_id = 99;
|
||||||
--replace_regex /#sql-[0-9a-f_]*/#sql-temporary/
|
|
||||||
--error 1005
|
--error 1005
|
||||||
ALTER TABLE t2 ENCRYPTION_KEY_ID=4;
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
|
||||||
|
SHOW WARNINGS;
|
||||||
|
--error 1005
|
||||||
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES;
|
||||||
|
SHOW WARNINGS;
|
||||||
|
set innodb_default_encryption_key_id = 4;
|
||||||
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES;
|
||||||
|
SHOW CREATE TABLE t1;
|
||||||
|
DROP TABLE t1;
|
||||||
|
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
|
||||||
|
SHOW CREATE TABLE t1;
|
||||||
|
CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=1;
|
||||||
--replace_regex /#sql-[0-9a-f_]*/#sql-temporary/
|
--replace_regex /#sql-[0-9a-f_]*/#sql-temporary/
|
||||||
--error 1005
|
--error 1005
|
||||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=99;
|
ALTER TABLE t1 ENCRYPTION_KEY_ID=99;
|
||||||
|
--replace_regex /#sql-[0-9a-f_]*/#sql-temporary/
|
||||||
|
SHOW WARNINGS;
|
||||||
|
set innodb_default_encryption_key_id = 1;
|
||||||
|
|
||||||
|
|
||||||
--disable_warnings
|
--disable_warnings
|
||||||
--disable_query_log
|
--disable_query_log
|
||||||
|
|||||||
@ -11491,6 +11491,7 @@ ha_innobase::check_table_options(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If encryption is set up make sure that used key_id is found */
|
||||||
if (encrypt == FIL_SPACE_ENCRYPTION_ON ||
|
if (encrypt == FIL_SPACE_ENCRYPTION_ON ||
|
||||||
(encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) {
|
(encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) {
|
||||||
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
||||||
@ -11504,18 +11505,33 @@ ha_innobase::check_table_options(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Do not allow creating unencrypted table with nondefault
|
/* Ignore nondefault key_id if encryption is set off */
|
||||||
encryption key */
|
if (encrypt == FIL_SPACE_ENCRYPTION_OFF &&
|
||||||
if ((encrypt == FIL_SPACE_ENCRYPTION_OFF ||
|
options->encryption_key_id != THDVAR(thd, default_encryption_key_id)) {
|
||||||
(encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && !srv_encrypt_tables)) &&
|
|
||||||
options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
|
||||||
push_warning_printf(
|
push_warning_printf(
|
||||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||||
HA_WRONG_CREATE_OPTION,
|
HA_WRONG_CREATE_OPTION,
|
||||||
"InnoDB: Incorrect ENCRYPTION_KEY_ID %u when encryption is disabled",
|
"InnoDB: Ignored ENCRYPTION_KEY_ID %u when encryption is disabled",
|
||||||
|
(uint)options->encryption_key_id
|
||||||
|
);
|
||||||
|
options->encryption_key_id = FIL_DEFAULT_ENCRYPTION_KEY;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If default encryption is used make sure that used kay is found
|
||||||
|
from key file. */
|
||||||
|
if (encrypt == FIL_SPACE_ENCRYPTION_DEFAULT &&
|
||||||
|
!srv_encrypt_tables &&
|
||||||
|
options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
||||||
|
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
||||||
|
push_warning_printf(
|
||||||
|
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||||
|
HA_WRONG_CREATE_OPTION,
|
||||||
|
"InnoDB: ENCRYPTION_KEY_ID %u not available",
|
||||||
(uint)options->encryption_key_id
|
(uint)options->encryption_key_id
|
||||||
);
|
);
|
||||||
return "ENCRYPTION_KEY_ID";
|
return "ENCRYPTION_KEY_ID";
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check atomic writes requirements */
|
/* Check atomic writes requirements */
|
||||||
|
|||||||
@ -11973,6 +11973,7 @@ ha_innobase::check_table_options(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If encryption is set up make sure that used key_id is found */
|
||||||
if (encrypt == FIL_SPACE_ENCRYPTION_ON ||
|
if (encrypt == FIL_SPACE_ENCRYPTION_ON ||
|
||||||
(encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) {
|
(encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && srv_encrypt_tables)) {
|
||||||
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
||||||
@ -11987,18 +11988,33 @@ ha_innobase::check_table_options(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Do not allow creating unencrypted table with nondefault
|
/* Ignore nondefault key_id if encryption is set off */
|
||||||
encryption key */
|
if (encrypt == FIL_SPACE_ENCRYPTION_OFF &&
|
||||||
if ((encrypt == FIL_SPACE_ENCRYPTION_OFF ||
|
options->encryption_key_id != THDVAR(thd, default_encryption_key_id)) {
|
||||||
(encrypt == FIL_SPACE_ENCRYPTION_DEFAULT && !srv_encrypt_tables)) &&
|
|
||||||
options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
|
||||||
push_warning_printf(
|
push_warning_printf(
|
||||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||||
HA_WRONG_CREATE_OPTION,
|
HA_WRONG_CREATE_OPTION,
|
||||||
"InnoDB: Incorrect ENCRYPTION_KEY_ID %u when encryption is disabled",
|
"InnoDB: Ignored ENCRYPTION_KEY_ID %u when encryption is disabled",
|
||||||
|
(uint)options->encryption_key_id
|
||||||
|
);
|
||||||
|
options->encryption_key_id = FIL_DEFAULT_ENCRYPTION_KEY;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If default encryption is used make sure that used kay is found
|
||||||
|
from key file. */
|
||||||
|
if (encrypt == FIL_SPACE_ENCRYPTION_DEFAULT &&
|
||||||
|
!srv_encrypt_tables &&
|
||||||
|
options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
||||||
|
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
||||||
|
push_warning_printf(
|
||||||
|
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||||
|
HA_WRONG_CREATE_OPTION,
|
||||||
|
"InnoDB: ENCRYPTION_KEY_ID %u not available",
|
||||||
(uint)options->encryption_key_id
|
(uint)options->encryption_key_id
|
||||||
);
|
);
|
||||||
return "ENCRYPTION_KEY_ID";
|
return "ENCRYPTION_KEY_ID";
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check atomic writes requirements */
|
/* Check atomic writes requirements */
|
||||||
|
|||||||
Reference in New Issue
Block a user