mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
MDEV-18601 Can't create table with ENCRYPTED=DEFAULT when innodb_default_encryption_key_id!=1
The problem with the InnoDB table attribute encryption_key_id is that it is not being persisted anywhere in InnoDB except if the table attribute encryption is specified and is something else than encryption=default. MDEV-17320 made it a hard error if encryption_key_id is specified to be anything else than 1 in that case. Ideally, we would always persist encryption_key_id in InnoDB. But, then we would have to be prepared for the case that when encryption is being enabled for a table whose encryption_key_id attribute refers to a non-existing key. In MariaDB Server 10.1, our best option remains to not store anything inside InnoDB. But, instead of returning the error that MDEV-17320 introduced, we should merely issue a warning that the specified encryption_key_id is going to be ignored if encryption=default. To improve the situation a little more, we will issue a warning if SET [GLOBAL|SESSION] innodb_default_encryption_key_id is being set to something that does not refer to an available encryption key. Starting with MariaDB Server 10.2, thanks to MDEV-5800, we could open the table definition from InnoDB side when the encryption is being enabled, and actually fix the root cause of what was reported in MDEV-17320.
This commit is contained in:
Marko Mäkelä
@ -1,5 +1,5 @@
|
||||
--- suite/encryption/r/innodb-checksum-algorithm.result
|
||||
+++ suite/encryption/r/innodb-checksum-algorithm,32k.reject
|
||||
+++ suite/encryption/r/innodb-checksum-algorithm.result
|
||||
@@ -13,9 +13,9 @@
|
||||
SET GLOBAL innodb_default_encryption_key_id=4;
|
||||
SET GLOBAL innodb_checksum_algorithm=crc32;
|
||||
@ -9,10 +9,10 @@
|
||||
create table tc_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
-ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
+ROW_FORMAT=DYNAMIC encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
@@ -222,9 +222,9 @@
|
||||
@@ -153,9 +153,9 @@
|
||||
t_crc32, tpe_crc32, tp_crc32;
|
||||
SET GLOBAL innodb_checksum_algorithm=innodb;
|
||||
create table tce_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
@ -21,10 +21,10 @@
|
||||
create table tc_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
-ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
+ROW_FORMAT=DYNAMIC encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
@@ -431,9 +431,9 @@
|
||||
@@ -293,9 +293,9 @@
|
||||
t_innodb, tpe_innodb, tp_innodb;
|
||||
SET GLOBAL innodb_checksum_algorithm=none;
|
||||
create table tce_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
@ -33,6 +33,6 @@
|
||||
create table tc_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
-ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
+ROW_FORMAT=DYNAMIC encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
--- suite/encryption/r/innodb-checksum-algorithm.result
|
||||
+++ suite/encryption/r/innodb-checksum-algorithm,64k.reject
|
||||
+++ suite/encryption/r/innodb-checksum-algorithm.result
|
||||
@@ -13,9 +13,9 @@
|
||||
SET GLOBAL innodb_default_encryption_key_id=4;
|
||||
SET GLOBAL innodb_checksum_algorithm=crc32;
|
||||
@ -9,10 +9,10 @@
|
||||
create table tc_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
-ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
+ROW_FORMAT=DYNAMIC encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
@@ -222,9 +222,9 @@
|
||||
@@ -153,9 +153,9 @@
|
||||
t_crc32, tpe_crc32, tp_crc32;
|
||||
SET GLOBAL innodb_checksum_algorithm=innodb;
|
||||
create table tce_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
@ -21,10 +21,10 @@
|
||||
create table tc_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
-ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
+ROW_FORMAT=DYNAMIC encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
@@ -431,9 +431,9 @@
|
||||
@@ -293,9 +293,9 @@
|
||||
t_innodb, tpe_innodb, tp_innodb;
|
||||
SET GLOBAL innodb_checksum_algorithm=none;
|
||||
create table tce_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
@ -33,6 +33,6 @@
|
||||
create table tc_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
-ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
+ROW_FORMAT=DYNAMIC encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
|
||||
@ -16,14 +16,20 @@ create table tce_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
ROW_FORMAT=COMPRESSED encrypted=yes;
|
||||
create table tc_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table tpe_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
page_compressed=yes encrypted=yes;
|
||||
create table tp_crc32(a serial, b blob, index(b(10))) engine=innodb
|
||||
page_compressed=yes encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
begin;
|
||||
insert into tce_crc32(b) values (repeat('secret',20));
|
||||
insert into tc_crc32(b) values (repeat('secret',20));
|
||||
@ -150,14 +156,20 @@ create table tce_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
ROW_FORMAT=COMPRESSED encrypted=yes;
|
||||
create table tc_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table tpe_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
page_compressed=yes encrypted=yes;
|
||||
create table tp_innodb(a serial, b blob, index(b(10))) engine=innodb
|
||||
page_compressed=yes encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
begin;
|
||||
insert into tce_innodb(b) values (repeat('secret',20));
|
||||
insert into tc_innodb(b) values (repeat('secret',20));
|
||||
@ -284,14 +296,20 @@ create table tce_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
ROW_FORMAT=COMPRESSED encrypted=yes;
|
||||
create table tc_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
ROW_FORMAT=COMPRESSED encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table te_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=yes;
|
||||
create table t_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
create table tpe_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
page_compressed=yes encrypted=yes;
|
||||
create table tp_none(a serial, b blob, index(b(10))) engine=innodb
|
||||
page_compressed=yes encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
begin;
|
||||
insert into tce_none(b) values (repeat('secret',20));
|
||||
insert into tc_none(b) values (repeat('secret',20));
|
||||
|
||||
@ -7,6 +7,8 @@ set GLOBAL innodb_default_encryption_key_id=4;
|
||||
create table t1(a int not null primary key, b blob, index(b(10))) engine=innodb row_format=compressed;
|
||||
create table t2(a int not null primary key, b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes;
|
||||
create table t3(a int not null primary key, b blob, index(b(10))) engine=innodb row_format=compressed encrypted=no;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
insert into t1 values (1, repeat('secret',6000));
|
||||
insert into t2 values (1, repeat('secret',6000));
|
||||
insert into t3 values (1, repeat('secret',6000));
|
||||
|
||||
@ -4,9 +4,16 @@ SET GLOBAL innodb_encrypt_tables = ON;
|
||||
SET GLOBAL innodb_encryption_threads = 4;
|
||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=4;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: Ignored ENCRYPTION_KEY_ID 4 when encryption is disabled
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
DROP TABLE t1;
|
||||
set @save_global = @@GLOBAL.innodb_default_encryption_key_id;
|
||||
set innodb_default_encryption_key_id = 99;
|
||||
Warnings:
|
||||
Warning 1210 innodb_default_encryption_key=99 is not available
|
||||
set global innodb_default_encryption_key_id = 99;
|
||||
Warnings:
|
||||
Warning 1210 innodb_default_encryption_key=99 is not available
|
||||
set global innodb_default_encryption_key_id = @save_global;
|
||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
|
||||
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
@ -40,8 +47,6 @@ t1 CREATE TABLE `t1` (
|
||||
PRIMARY KEY (`pk`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTION_KEY_ID`=4
|
||||
CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=1;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: Ignored ENCRYPTION_KEY_ID 1 when encryption is disabled
|
||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=99;
|
||||
ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW WARNINGS;
|
||||
@ -53,37 +58,29 @@ drop table t1,t2;
|
||||
SET GLOBAL innodb_encrypt_tables=OFF;
|
||||
CREATE TABLE t1 (a int not null primary key) engine=innodb;
|
||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=4;
|
||||
ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1478 Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW CREATE TABLE t1;
|
||||
Table Create Table
|
||||
t1 CREATE TABLE `t1` (
|
||||
`a` int(11) NOT NULL,
|
||||
PRIMARY KEY (`a`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTION_KEY_ID`=4
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t2 (a int not null primary key) engine=innodb;
|
||||
ALTER TABLE t2 ENCRYPTION_KEY_ID=4, ALGORITHM=COPY;
|
||||
ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1005 Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||
SHOW CREATE TABLE t2;
|
||||
Table Create Table
|
||||
t2 CREATE TABLE `t2` (
|
||||
`a` int(11) NOT NULL,
|
||||
PRIMARY KEY (`a`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTION_KEY_ID`=4
|
||||
DROP TABLE t2;
|
||||
CREATE TABLE t3 (a int not null primary key) engine=innodb ENCRYPTION_KEY_ID=4;
|
||||
ERROR HY000: Can't create table `test`.`t3` (errno: 140 "Wrong create options")
|
||||
DROP TABLE t3;
|
||||
SET GLOBAL innodb_encrypt_tables='FORCE';
|
||||
CREATE TABLE t1 (a int primary key) engine=innodb encrypted=no;
|
||||
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1005 Can't create table `test`.`t3` (errno: 140 "Wrong create options")
|
||||
Warning 140 InnoDB: ENCRYPTED=NO cannot be used with innodb_encrypt_tables=FORCE
|
||||
Error 1005 Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||
|
||||
Reference in New Issue
Block a user