mirror of
https://github.com/MariaDB/server.git
synced 2025-07-16 00:42:55 +03:00
8c7d8b716c
Problem: ======= - InnoDB iterates the fil_system space list to encrypt the tablespace in case of key rotation. But it is not necessary for any encryption plugin which doesn't do key version rotation. Solution: ========= - Introduce a new variable called srv_encrypt_rotate to indicate whether encryption plugin does key rotation fil_space_crypt_t::key_get_latest_version(): Enable the srv_encrypt_rotate only once if current key version is higher than innodb_encyrption_rotate_key_age fil_crypt_must_default_encrypt(): Default encryption tables should be added to default_encryp_tables list if innodb_encyrption_rotate_key_age is zero and encryption plugin doesn't do key version rotation fil_space_create(): Add the newly created space to default_encrypt_tables list if fil_crypt_must_default_encrypt() returns true Removed the nondeterministic select from innodb-key-rotation-disable test. By default, InnoDB adds the tablespace to the rotation list and background crypt thread does encryption of tablespace. So these select doesn't give reliable results.
20 lines
744 B
Plaintext
20 lines
744 B
Plaintext
create table t1(f1 int not null)engine=innodb;
|
|
create table t2(f1 int not null)engine=innodb;
|
|
insert into t1 select * from seq_1_to_100;
|
|
insert into t2 select * from seq_1_to_100;
|
|
# Enable encryption
|
|
set global innodb_encrypt_tables=ON;
|
|
# Create a new table and it is added to rotation list
|
|
create table t3(f1 int not null)engine=innodb;
|
|
insert into t3 select * from seq_1_to_100;
|
|
# Increase the version and it should set rotation
|
|
# variable for the encryption plugin
|
|
set global debug_key_management_version=10;
|
|
select @@debug_key_management_version;
|
|
@@debug_key_management_version
|
|
10
|
|
# Decrease the key version and Disable the encryption
|
|
set global debug_key_management_version=1;
|
|
set global innodb_encrypt_tables=off;
|
|
DROP TABLE t1, t2, t3;
|