database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-29 05:21:33 +03:00
Code Activity

MDEV-18601 Can't create table with ENCRYPTED=DEFAULT when innodb_default_encryption_key_id!=1

Browse Source 
The problem with the InnoDB table attribute encryption_key_id is that it is
not being persisted anywhere in InnoDB except if the table attribute
encryption is specified and is something else than encryption=default.
MDEV-17320 made it a hard error if encryption_key_id is specified to be
anything else than 1 in that case.

Ideally, we would always persist encryption_key_id in InnoDB. But, then we
would have to be prepared for the case that when encryption is being enabled
for a table whose encryption_key_id attribute refers to a non-existing key.

In MariaDB Server 10.1, our best option remains to not store anything
inside InnoDB. But, instead of returning the error that MDEV-17320
introduced, we should merely issue a warning that the specified
encryption_key_id is going to be ignored if encryption=default.

To improve the situation a little more, we will issue a warning if
SET [GLOBAL|SESSION] innodb_default_encryption_key_id is being set
to something that does not refer to an available encryption key.

Starting with MariaDB Server 10.2, thanks to MDEV-5800, we could open the
table definition from InnoDB side when the encryption is being enabled,
and actually fix the root cause of what was reported in MDEV-17320.
This commit is contained in:
Marko Mäkelä
2019-02-28 23:11:15 +02:00
parent 622e9e8a7a
commit e39d6e0c53
8 changed files with 182 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
mysql-test/suite/encryption/r/innodb-checksum-algorithm,64k.rdiff
View File

@ -1,5 +1,5 @@
--- suite/encryption/r/innodb-checksum-algorithm.result
+++ suite/encryption/r/innodb-checksum-algorithm,64k.reject
+++ suite/encryption/r/innodb-checksum-algorithm.result
@@ -13,9 +13,9 @@
SET GLOBAL innodb_default_encryption_key_id=4;
SET GLOBAL innodb_checksum_algorithm=crc32;
@ -9,10 +9,10 @@
create table tc_crc32(a serial, b blob, index(b(10))) engine=innodb
-ROW_FORMAT=COMPRESSED encrypted=no;
+ROW_FORMAT=DYNAMIC encrypted=no;
Warnings:
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
create table te_crc32(a serial, b blob, index(b(10))) engine=innodb
encrypted=yes;
create table t_crc32(a serial, b blob, index(b(10))) engine=innodb
@@ -222,9 +222,9 @@
@@ -153,9 +153,9 @@
t_crc32, tpe_crc32, tp_crc32;
SET GLOBAL innodb_checksum_algorithm=innodb;
create table tce_innodb(a serial, b blob, index(b(10))) engine=innodb
@ -21,10 +21,10 @@
create table tc_innodb(a serial, b blob, index(b(10))) engine=innodb
-ROW_FORMAT=COMPRESSED encrypted=no;
+ROW_FORMAT=DYNAMIC encrypted=no;
Warnings:
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
create table te_innodb(a serial, b blob, index(b(10))) engine=innodb
encrypted=yes;
create table t_innodb(a serial, b blob, index(b(10))) engine=innodb
@@ -431,9 +431,9 @@
@@ -293,9 +293,9 @@
t_innodb, tpe_innodb, tp_innodb;
SET GLOBAL innodb_checksum_algorithm=none;
create table tce_none(a serial, b blob, index(b(10))) engine=innodb
@ -33,6 +33,6 @@
create table tc_none(a serial, b blob, index(b(10))) engine=innodb
-ROW_FORMAT=COMPRESSED encrypted=no;
+ROW_FORMAT=DYNAMIC encrypted=no;
Warnings:
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
create table te_none(a serial, b blob, index(b(10))) engine=innodb
encrypted=yes;
create table t_none(a serial, b blob, index(b(10))) engine=innodb