mirror of
https://github.com/MariaDB/server.git
synced 2025-06-03 07:02:23 +03:00
f6d4f624eb
This will change the InnoDB encrypted redo log format only. Unencrypted redo log will keep using the MariaDB 10.3 format. In the new encrypted redo log format, 4 additional bytes will be reserved in the redo log block trailer for storing the encryption key version. For performance reasons, the encryption key rotation (checking if the latest encryption key version is being used) is only done at log_checkpoint(). LOG_HEADER_FORMAT_CURRENT: Remove. LOG_HEADER_FORMAT_ENC_10_4: The encrypted 10.4 format. LOG_BLOCK_KEY: The encryption key version field. LOG_BLOCK_TRL_SIZE: Remove. log_t: Add accessors framing_size(), payload_size(), trailer_offset(), to be used instead of referring to LOG_BLOCK_TRL_SIZE. log_crypt_t: An operation passed to log_crypt(). log_crypt(): Perform decryption, encryption, or encryption with key rotation. Return an error if key rotation at decryption fails. On encryption, keep using the previous key if the rotation fails. At startup, old-format encrypted redo log may be written before the redo log is upgraded (rebuilt) to the latest format. log_write_up_to(): Add the parameter rotate_key=false. log_checkpoint(): Invoke log_write_up_to() with rotate_key=true.
43 lines
1.5 KiB
Plaintext
43 lines
1.5 KiB
Plaintext
-- source include/have_innodb.inc
|
|
-- source include/have_debug.inc
|
|
-- source include/not_embedded.inc
|
|
|
|
if (`select count(*) = 0 from information_schema.plugins
|
|
where plugin_name = 'debug_key_management' and plugin_status='active'`)
|
|
{
|
|
--skip Needs debug_key_management
|
|
}
|
|
|
|
create table t1(a serial) engine=innoDB;
|
|
|
|
set global innodb_encrypt_tables=ON;
|
|
show variables like 'innodb_encrypt%';
|
|
|
|
--let $tables_count= `select count(*) + 1 from information_schema.tables where engine = 'InnoDB'`
|
|
let $wait_condition= select count(*) = $tables_count from information_schema.innodb_tablespaces_encryption where current_key_version=1;
|
|
--source include/wait_condition.inc
|
|
|
|
select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 1;
|
|
set global debug_key_management_version=10;
|
|
|
|
let $wait_condition= select count(*) = $tables_count from information_schema.innodb_tablespaces_encryption where current_key_version=10;
|
|
--source include/wait_condition.inc
|
|
select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 10;
|
|
|
|
# Test redo log key rotation and crash recovery.
|
|
SET GLOBAL debug_dbug = '+d,ib_log';
|
|
SET GLOBAL innodb_log_checkpoint_now = 1;
|
|
SET GLOBAL innodb_flush_log_at_trx_commit = 1;
|
|
INSERT INTO t1 VALUES(NULL);
|
|
let $shutdown_timeout = 0;
|
|
-- source include/restart_mysqld.inc
|
|
|
|
# Note that we expect that key_version is increasing so disable encryption before reset
|
|
|
|
set global innodb_encrypt_tables=OFF;
|
|
set global debug_key_management_version=1;
|
|
|
|
select * from t1;
|
|
|
|
drop table t1;
|