mirror of
https://github.com/MariaDB/server.git
synced 2025-06-01 19:42:01 +03:00
e39d6e0c53
The problem with the InnoDB table attribute encryption_key_id is that it is not being persisted anywhere in InnoDB except if the table attribute encryption is specified and is something else than encryption=default. MDEV-17320 made it a hard error if encryption_key_id is specified to be anything else than 1 in that case. Ideally, we would always persist encryption_key_id in InnoDB. But, then we would have to be prepared for the case that when encryption is being enabled for a table whose encryption_key_id attribute refers to a non-existing key. In MariaDB Server 10.1, our best option remains to not store anything inside InnoDB. But, instead of returning the error that MDEV-17320 introduced, we should merely issue a warning that the specified encryption_key_id is going to be ignored if encryption=default. To improve the situation a little more, we will issue a warning if SET [GLOBAL|SESSION] innodb_default_encryption_key_id is being set to something that does not refer to an available encryption key. Starting with MariaDB Server 10.2, thanks to MDEV-5800, we could open the table definition from InnoDB side when the encryption is being enabled, and actually fix the root cause of what was reported in MDEV-17320.
25 lines
1.8 KiB
Plaintext
25 lines
1.8 KiB
Plaintext
call mtr.add_suppression("InnoDB: The page \\[page id: space=[1-9][0-9]*, page number=[0-9]+\\] in file '..test.t[1-3]\\.ibd' cannot be decrypted\\.");
|
|
call mtr.add_suppression("Unable to decompress space ..test.t[1-3].ibd \\[[1-9][0-9]*:[0-9]+\\]");
|
|
# Restart mysqld --file-key-management-filename=keys2.txt
|
|
SET GLOBAL innodb_file_format = `Barracuda`;
|
|
SET GLOBAL innodb_file_per_table = ON;
|
|
set GLOBAL innodb_default_encryption_key_id=4;
|
|
create table t1(a int not null primary key, b blob, index(b(10))) engine=innodb row_format=compressed;
|
|
create table t2(a int not null primary key, b blob, index(b(10))) engine=innodb row_format=compressed encrypted=yes;
|
|
create table t3(a int not null primary key, b blob, index(b(10))) engine=innodb row_format=compressed encrypted=no;
|
|
Warnings:
|
|
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
|
insert into t1 values (1, repeat('secret',6000));
|
|
insert into t2 values (1, repeat('secret',6000));
|
|
insert into t3 values (1, repeat('secret',6000));
|
|
# Restart mysqld --file-key-management-filename=keys3.txt
|
|
select count(*) from t1 FORCE INDEX (b) where b like 'secret%';
|
|
ERROR HY000: Got error 192 'Table encrypted but decryption failed. This could be because correct encryption management plugin is not loaded, used encryption key is not available or encryption method does not match.' from InnoDB
|
|
select count(*) from t2 FORCE INDEX (b) where b like 'secret%';
|
|
ERROR HY000: Got error 192 'Table encrypted but decryption failed. This could be because correct encryption management plugin is not loaded, used encryption key is not available or encryption method does not match.' from InnoDB
|
|
select count(*) from t3 FORCE INDEX (b) where b like 'secret%';
|
|
count(*)
|
|
1
|
|
# Restart mysqld --file-key-management-filename=keys2.txt
|
|
drop table t1,t2,t3;
|