MDEV-17230: encryption_key_id from alter is ignored by encryption threads
Background: Used encryption key_id is stored to encryption metadata i.e. crypt_data that is stored on page 0 of the tablespace of the table. crypt_data is created only if implicit encryption/not encryption is requested i.e. ENCRYPTED=[YES|NO] table option is used fil_create_new_single_table_tablespace on fil0fil.cc. Later if encryption is enabled all tables that use default encryption mode (i.e. no encryption table option is set) are encrypted with default encryption key_id that is 1. See fil_crypt_start_encrypting_space on fil0crypt.cc. ha_innobase::check_table_options() If default encryption is used and encryption is disabled, you may not use nondefault encryption_key_id as it is not stored anywhere.
This commit is contained in:
parent
bae21bfb5d
commit
ef40018535
@ -50,3 +50,40 @@ Warning 140 InnoDB: ENCRYPTION_KEY_ID 99 not available
|
||||
Error 1478 Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
set innodb_default_encryption_key_id = 1;
|
||||
drop table t1,t2;
|
||||
SET GLOBAL innodb_encrypt_tables=OFF;
|
||||
CREATE TABLE t1 (a int not null primary key) engine=innodb;
|
||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=4;
|
||||
ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1478 Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW CREATE TABLE t1;
|
||||
Table Create Table
|
||||
t1 CREATE TABLE `t1` (
|
||||
`a` int(11) NOT NULL,
|
||||
PRIMARY KEY (`a`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t2 (a int not null primary key) engine=innodb;
|
||||
ALTER TABLE t2 ENCRYPTION_KEY_ID=4, ALGORITHM=COPY;
|
||||
ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1005 Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||
SHOW CREATE TABLE t2;
|
||||
Table Create Table
|
||||
t2 CREATE TABLE `t2` (
|
||||
`a` int(11) NOT NULL,
|
||||
PRIMARY KEY (`a`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1
|
||||
DROP TABLE t2;
|
||||
CREATE TABLE t3 (a int not null primary key) engine=innodb ENCRYPTION_KEY_ID=4;
|
||||
ERROR HY000: Can't create table `test`.`t3` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1005 Can't create table `test`.`t3` (errno: 140 "Wrong create options")
|
||||
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||
|
@ -87,6 +87,30 @@ connection default;
|
||||
|
||||
drop table t1,t2;
|
||||
|
||||
#
|
||||
# MDEV-17230: encryption_key_id from alter is ignored by encryption threads
|
||||
#
|
||||
SET GLOBAL innodb_encrypt_tables=OFF;
|
||||
CREATE TABLE t1 (a int not null primary key) engine=innodb;
|
||||
--error ER_ILLEGAL_HA_CREATE_OPTION
|
||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=4;
|
||||
SHOW WARNINGS;
|
||||
SHOW CREATE TABLE t1;
|
||||
DROP TABLE t1;
|
||||
|
||||
CREATE TABLE t2 (a int not null primary key) engine=innodb;
|
||||
--replace_regex /#sql-[0-9a-f_]*`/#sql-temporary`/
|
||||
--error ER_CANT_CREATE_TABLE
|
||||
ALTER TABLE t2 ENCRYPTION_KEY_ID=4, ALGORITHM=COPY;
|
||||
--replace_regex /#sql-[0-9a-f_]*`/#sql-temporary`/
|
||||
SHOW WARNINGS;
|
||||
SHOW CREATE TABLE t2;
|
||||
DROP TABLE t2;
|
||||
|
||||
--error ER_CANT_CREATE_TABLE
|
||||
CREATE TABLE t3 (a int not null primary key) engine=innodb ENCRYPTION_KEY_ID=4;
|
||||
SHOW WARNINGS;
|
||||
|
||||
# reset system
|
||||
--disable_query_log
|
||||
EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig;
|
||||
|
@ -11958,21 +11958,18 @@ ha_innobase::check_table_options(
|
||||
options->encryption_key_id = FIL_DEFAULT_ENCRYPTION_KEY;
|
||||
}
|
||||
|
||||
/* If default encryption is used make sure that used kay is found
|
||||
from key file. */
|
||||
if (encrypt == FIL_ENCRYPTION_DEFAULT &&
|
||||
!srv_encrypt_tables &&
|
||||
options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
||||
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
||||
push_warning_printf(
|
||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||
HA_WRONG_CREATE_OPTION,
|
||||
"InnoDB: ENCRYPTION_KEY_ID %u not available",
|
||||
(uint)options->encryption_key_id
|
||||
/* If default encryption is used and encryption is disabled, you may
|
||||
not use nondefault encryption_key_id as it is not stored anywhere. */
|
||||
if (encrypt == FIL_ENCRYPTION_DEFAULT
|
||||
&& !srv_encrypt_tables
|
||||
&& options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
||||
compile_time_assert(FIL_DEFAULT_ENCRYPTION_KEY == 1);
|
||||
push_warning_printf(
|
||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||
HA_WRONG_CREATE_OPTION,
|
||||
"InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1"
|
||||
);
|
||||
return "ENCRYPTION_KEY_ID";
|
||||
|
||||
}
|
||||
return "ENCRYPTION_KEY_ID";
|
||||
}
|
||||
|
||||
/* Check atomic writes requirements */
|
||||
|
@ -12525,21 +12525,18 @@ ha_innobase::check_table_options(
|
||||
options->encryption_key_id = FIL_DEFAULT_ENCRYPTION_KEY;
|
||||
}
|
||||
|
||||
/* If default encryption is used make sure that used kay is found
|
||||
from key file. */
|
||||
if (encrypt == FIL_ENCRYPTION_DEFAULT &&
|
||||
!srv_encrypt_tables &&
|
||||
options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
||||
if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) {
|
||||
push_warning_printf(
|
||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||
HA_WRONG_CREATE_OPTION,
|
||||
"InnoDB: ENCRYPTION_KEY_ID %u not available",
|
||||
(uint)options->encryption_key_id
|
||||
/* If default encryption is used and encryption is disabled, you may
|
||||
not use nondefault encryption_key_id as it is not stored anywhere. */
|
||||
if (encrypt == FIL_ENCRYPTION_DEFAULT
|
||||
&& !srv_encrypt_tables
|
||||
&& options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) {
|
||||
compile_time_assert(FIL_DEFAULT_ENCRYPTION_KEY == 1);
|
||||
push_warning_printf(
|
||||
thd, Sql_condition::WARN_LEVEL_WARN,
|
||||
HA_WRONG_CREATE_OPTION,
|
||||
"InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1"
|
||||
);
|
||||
return "ENCRYPTION_KEY_ID";
|
||||
|
||||
}
|
||||
return "ENCRYPTION_KEY_ID";
|
||||
}
|
||||
|
||||
/* Check atomic writes requirements */
|
||||
|
Loading…
x
Reference in New Issue
Block a user