MDEV-8832: Encryption meta data should not be stored when ENCRYPTED=DEFAULT and innodb-encrypt-tables=OFF

2025-08-08 11:22:35 +03:00 · 2015-09-23 12:32:47 +03:00
parent 212698b152
commit 5c62dd21e8
5 changed files with 228 additions and 4 deletions
--- a/mysql-test/suite/encryption/r/innodb_encryption_filekeys.result
+++ b/mysql-test/suite/encryption/r/innodb_encryption_filekeys.result
@@ -0,0 +1,66 @@
+SET GLOBAL innodb_file_format = `Barracuda`;
+SET GLOBAL innodb_file_per_table = ON;
+SET GLOBAL innodb_encrypt_tables = OFF;
+SET GLOBAL innodb_encryption_threads = 4;
+CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
+SHOW CREATE TABLE t1;
+Table	Create Table
+t1	CREATE TABLE `t1` (
+  `pk` int(11) NOT NULL AUTO_INCREMENT,
+  `c` varchar(256) DEFAULT NULL,
+  PRIMARY KEY (`pk`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1
+CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES;
+CREATE TABLE t3 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO;
+CREATE TABLE t4 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES ENCRYPTION_KEY_ID=4;
+INSERT INTO t2 select * from t1;
+INSERT INTO t3 select * from t1;
+INSERT INTO t4 select * from t1;
+SET GLOBAL innodb_encrypt_tables = on;
+# Wait max 10 min for key encryption threads to encrypt required all spaces
+# Success!
+SELECT COUNT(1) FROM t1;
+COUNT(1)
+400
+SELECT COUNT(1) FROM t2;
+COUNT(1)
+400
+SELECT COUNT(1) FROM t3;
+COUNT(1)
+400
+SELECT COUNT(1) FROM t4;
+COUNT(1)
+400
+SET GLOBAL innodb_encrypt_tables = off;
+# Wait max 10 min for key encryption threads to decrypt all required spaces
+# Success!
+SET GLOBAL innodb_encrypt_tables = ON;
+set GLOBAL innodb_default_encryption_key_id=4;
+CREATE TABLE t5 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
+SHOW CREATE TABLE t5;
+Table	Create Table
+t5	CREATE TABLE `t5` (
+  `pk` int(11) NOT NULL AUTO_INCREMENT,
+  `c` varchar(256) DEFAULT NULL,
+  PRIMARY KEY (`pk`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1
+INSERT INTO t5 select * from t1;
+# Wait max 10 min for key encryption threads to encrypt required all spaces
+# Success!
+SELECT COUNT(1) FROM t1;
+COUNT(1)
+400
+SELECT COUNT(1) FROM t2;
+COUNT(1)
+400
+SELECT COUNT(1) FROM t3;
+COUNT(1)
+400
+SELECT COUNT(1) FROM t4;
+COUNT(1)
+400
+SELECT COUNT(1) FROM t5;
+COUNT(1)
+400
+drop table t1,t2,t3,t4, t5;
+set GLOBAL innodb_default_encryption_key_id=1;
--- a/mysql-test/suite/encryption/t/innodb_encryption_filekeys.opt
+++ b/mysql-test/suite/encryption/t/innodb_encryption_filekeys.opt
@@ -0,0 +1 @@
+--innodb-tablespaces-encryption
--- a/mysql-test/suite/encryption/t/innodb_encryption_filekeys.test
+++ b/mysql-test/suite/encryption/t/innodb_encryption_filekeys.test
@@ -0,0 +1,141 @@
+-- source include/have_innodb.inc
+-- source include/have_file_key_management_plugin.inc
+# embedded does not support restart
+-- source include/not_embedded.inc
+
+--disable_query_log
+let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
+let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
+let $encrypt_tables = `SELECT @@innodb_encrypt_tables`;
+let $threads = `SELECT @@innodb_encryption_threads`;
+--enable_query_log
+
+SET GLOBAL innodb_file_format = `Barracuda`;
+SET GLOBAL innodb_file_per_table = ON;
+SET GLOBAL innodb_encrypt_tables = OFF;
+SET GLOBAL innodb_encryption_threads = 4;
+
+CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
+SHOW CREATE TABLE t1;
+CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES;
+CREATE TABLE t3 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO;
+CREATE TABLE t4 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=YES ENCRYPTION_KEY_ID=4;
+
+--disable_warnings
+--disable_query_log
+set autocommit=0;
+let $i = 400;
+while ($i)
+{
+INSERT INTO t1 values(NULL, substring(MD5(RAND()), -128));
+dec $i;
+}
+commit;
+set autocommit=1;
+--enable_warnings
+--enable_query_log
+
+INSERT INTO t2 select * from t1;
+INSERT INTO t3 select * from t1;
+INSERT INTO t4 select * from t1;
+
+SET GLOBAL innodb_encrypt_tables = on;
+
+--echo # Wait max 10 min for key encryption threads to encrypt required all spaces
+let $cnt=600;
+while ($cnt)
+{
+    let $success=`SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
+    if ($success)
+    {
+        let $cnt=0;
+    }
+    if (!$success)
+    {
+        real_sleep 1;
+        dec $cnt;
+    }
+}
+if (!$success)
+{
+    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
+    SHOW STATUS LIKE 'innodb_encryption%';
+    -- die Timeout waiting for encryption threads
+}
+--echo # Success!
+
+SELECT COUNT(1) FROM t1;
+SELECT COUNT(1) FROM t2;
+SELECT COUNT(1) FROM t3;
+SELECT COUNT(1) FROM t4;
+
+SET GLOBAL innodb_encrypt_tables = off;
+
+--echo # Wait max 10 min for key encryption threads to decrypt all required spaces
+let $cnt=600;
+while ($cnt)
+{
+    let $success=`SELECT COUNT(*) = 2 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0`;
+    if ($success)
+    {
+        let $cnt=0;
+    }
+    if (!$success)
+    {
+        real_sleep 1;
+        dec $cnt;
+    }
+}
+if (!$success)
+{
+    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
+    SHOW STATUS LIKE 'innodb_encryption%';
+    -- die Timeout waiting for encryption threads
+}
+--echo # Success!
+
+SET GLOBAL innodb_encrypt_tables = ON;
+set GLOBAL innodb_default_encryption_key_id=4;
+CREATE TABLE t5 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
+SHOW CREATE TABLE t5;
+INSERT INTO t5 select * from t1;
+
+--echo # Wait max 10 min for key encryption threads to encrypt required all spaces
+let $cnt=600;
+while ($cnt)
+{
+    let $success=`SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0`;
+    if ($success)
+    {
+        let $cnt=0;
+    }
+    if (!$success)
+    {
+        real_sleep 1;
+        dec $cnt;
+    }
+}
+if (!$success)
+{
+    SELECT * FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION;
+    SHOW STATUS LIKE 'innodb_encryption%';
+    -- die Timeout waiting for encryption threads
+}
+--echo # Success!
+
+SELECT COUNT(1) FROM t1;
+SELECT COUNT(1) FROM t2;
+SELECT COUNT(1) FROM t3;
+SELECT COUNT(1) FROM t4;
+SELECT COUNT(1) FROM t5;
+
+drop table t1,t2,t3,t4, t5;
+set GLOBAL innodb_default_encryption_key_id=1;
+
+# reset system
+--disable_query_log
+EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig;
+EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig;
+EVAL SET GLOBAL innodb_encrypt_tables = $encrypt_tables;
+EVAL SET GLOBAL innodb_encryption_threads = $threads;
+--enable_query_log
--- a/storage/innobase/fil/fil0fil.cc
+++ b/storage/innobase/fil/fil0fil.cc
@@ -3353,6 +3353,7 @@ fil_create_new_single_table_tablespace(
 	bool		is_temp = !!(flags2 & DICT_TF2_TEMPORARY);
 	bool		has_data_dir = FSP_FLAGS_HAS_DATA_DIR(flags);
 	ulint		atomic_writes = FSP_FLAGS_GET_ATOMIC_WRITES(flags);
+	fil_space_crypt_t *crypt_data = NULL;

 	ut_a(space_id > 0);
 	ut_ad(!srv_read_only_mode);
@@ -3506,8 +3507,15 @@ fil_create_new_single_table_tablespace(
 		}
 	}

+	/* Create crypt data if the tablespace is either encrypted or user has
+	requested it to remain unencrypted. */
+	if (mode == FIL_SPACE_ENCRYPTION_ON || mode == FIL_SPACE_ENCRYPTION_OFF ||
+		srv_encrypt_tables) {
+		crypt_data = fil_space_create_crypt_data(mode, key_id);
+	}
+
 	success = fil_space_create(tablename, space_id, flags, FIL_TABLESPACE,
-			fil_space_create_crypt_data(mode, key_id));
+				   crypt_data);

 	if (!success || !fil_node_create(path, size, space_id, FALSE)) {
 		err = DB_ERROR;
@@ -6501,7 +6509,7 @@ fil_iterate(

 			if (page_compressed) {
 				ulint len = 0;
-				byte* res = fil_compress_page(space_id,
+				fil_compress_page(space_id,
 					src,
 					NULL,
 					size,
--- a/storage/xtradb/fil/fil0fil.cc
+++ b/storage/xtradb/fil/fil0fil.cc
@@ -3387,6 +3387,7 @@ fil_create_new_single_table_tablespace(
 	bool		is_temp = !!(flags2 & DICT_TF2_TEMPORARY);
 	bool		has_data_dir = FSP_FLAGS_HAS_DATA_DIR(flags);
 	ulint		atomic_writes = FSP_FLAGS_GET_ATOMIC_WRITES(flags);
+	fil_space_crypt_t *crypt_data = NULL;

 	ut_a(space_id > 0);
 	ut_ad(!srv_read_only_mode);
@@ -3540,8 +3541,15 @@ fil_create_new_single_table_tablespace(
 		}
 	}

+	/* Create crypt data if the tablespace is either encrypted or user has
+	requested it to remain unencrypted. */
+	if (mode == FIL_SPACE_ENCRYPTION_ON || mode == FIL_SPACE_ENCRYPTION_OFF ||
+		srv_encrypt_tables) {
+		crypt_data = fil_space_create_crypt_data(mode, key_id);
+	}
+
 	success = fil_space_create(tablename, space_id, flags, FIL_TABLESPACE,
-			fil_space_create_crypt_data(mode, key_id));
+				   crypt_data);

 	if (!success || !fil_node_create(path, size, space_id, FALSE)) {
 		err = DB_ERROR;
@@ -6558,7 +6566,7 @@ fil_iterate(

 			if (page_compressed) {
 				ulint len = 0;
-				byte* res = fil_compress_page(space_id,
+				fil_compress_page(space_id,
 					src,
 					NULL,
 					size,