mirror of
				https://github.com/MariaDB/server.git
				synced 2025-10-25 18:38:00 +03:00 
			
		
		
		
	The statement
SET GLOBAL innodb_encryption_rotate_key_age=0;
would have the unwanted side effect that ENCRYPTION=DEFAULT tablespaces
would no longer be encrypted or decrypted according to the setting of
innodb_encrypt_tables.
We implement a trigger, so that whenever one of the following is executed:
SET GLOBAL innodb_encrypt_tables=OFF;
SET GLOBAL innodb_encrypt_tables=ON;
SET GLOBAL innodb_encrypt_tables=FORCE;
all wrong-state ENCRYPTION=DEFAULT tablespaces will be added to
fil_system_t::rotation_list, so that the encryption will be added
or removed.
Note: This will *NOT* happen automatically after a server restart.
Before reading the first page of a data file, InnoDB cannot know
the encryption status of the data file. The statement
SET GLOBAL innodb_encrypt_tables will have the side effect that
all not-yet-read InnoDB data files will be accessed in order to
determine the encryption status.
innodb_encrypt_tables_validate(): Stop disallowing
SET GLOBAL innodb_encrypt_tables when innodb_encryption_rotate_key_age=0.
This reverts part of commit 50eb40a2a8
that addressed MDEV-11738 and MDEV-11581.
fil_system_t::read_page0(): Trigger a call to fil_node_t::read_page0().
Refactored from fil_space_get_space().
fil_crypt_rotation_list_fill(): If innodb_encryption_rotate_key_age=0,
initialize fil_system->rotation_list. This is invoked both on
SET GLOBAL innodb_encrypt_tables and
on SET GLOBAL innodb_encryption_rotate_key_age=0.
fil_space_set_crypt_data(): Remove.
fil_parse_write_crypt_data(): Simplify the logic.
This is joint work with Marko Mäkelä.
		
	
		
			
				
	
	
		
			59 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			59 lines
		
	
	
		
			2.7 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
 | |
| NAME
 | |
| SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
 | |
| NAME
 | |
| create database enctests;
 | |
| use enctests;
 | |
| create table t1(a int not null primary key, b char(200)) engine=innodb;
 | |
| create table t2(a int not null primary key, b char(200)) engine=innodb row_format=compressed;
 | |
| create table t3(a int not null primary key, b char(200)) engine=innodb page_compressed=yes;
 | |
| create table t4(a int not null primary key, b char(200)) engine=innodb encrypted=yes;
 | |
| create table t5(a int not null primary key, b char(200)) engine=innodb encrypted=yes row_format=compressed;
 | |
| create table t6(a int not null primary key, b char(200)) engine=innodb encrypted=yes page_compressed=yes;
 | |
| create table t7(a int not null primary key, b char(200)) engine=innodb encrypted=no;
 | |
| create table t8(a int not null primary key, b char(200)) engine=innodb encrypted=no row_format=compressed;
 | |
| create table t9(a int not null primary key, b char(200)) engine=innodb encrypted=no page_compressed=yes;
 | |
| insert into t1 values (1, 'secredmessage');
 | |
| insert into t2 values (1, 'secredmessage');
 | |
| insert into t3 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc');
 | |
| insert into t4 values (1, 'secredmessage');
 | |
| insert into t5 values (1, 'secredmessage');
 | |
| insert into t6 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc');
 | |
| insert into t7 values (1, 'publicmessage');
 | |
| insert into t8 values (1, 'publicmessage');
 | |
| insert into t9 values (1, 'pugliccompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc');
 | |
| # should list tables t1-t6
 | |
| SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'enctests%';
 | |
| NAME	ENCRYPTION_SCHEME	CURRENT_KEY_ID
 | |
| enctests/t1	1	1
 | |
| enctests/t2	1	1
 | |
| enctests/t3	1	1
 | |
| enctests/t4	1	1
 | |
| enctests/t5	1	1
 | |
| enctests/t6	1	1
 | |
| # should list tables t7-t9
 | |
| SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 and NAME LIKE 'enctests%';
 | |
| NAME	ENCRYPTION_SCHEME	CURRENT_KEY_ID
 | |
| enctests/t7	0	1
 | |
| enctests/t8	0	1
 | |
| enctests/t9	0	1
 | |
| # t1 default on expecting NOT FOUND
 | |
| NOT FOUND /secred/ in t1.ibd
 | |
| # t2 default on expecting NOT FOUND
 | |
| NOT FOUND /secred/ in t2.ibd
 | |
| # t3 default on expecting NOT FOUND
 | |
| NOT FOUND /secred/ in t3.ibd
 | |
| # t4 on expecting NOT FOUND
 | |
| NOT FOUND /secred/ in t4.ibd
 | |
| # t5 on expecting NOT FOUND
 | |
| NOT FOUND /secred/ in t5.ibd
 | |
| # t6 on expecting NOT FOUND
 | |
| NOT FOUND /secred/ in t6.ibd
 | |
| # t7 off expecting FOUND
 | |
| FOUND 1 /public/ in t7.ibd
 | |
| # t8 row compressed expecting NOT FOUND
 | |
| FOUND 1 /public/ in t8.ibd
 | |
| # t9 page compressed expecting NOT FOUND
 | |
| NOT FOUND /public/ in t9.ibd
 | |
| drop database enctests;
 |