diff options
| -rw-r--r-- | mysql-test/std_data/keys2.txt | 6 | ||||
| -rw-r--r-- | mysql-test/std_data/keys3.txt | 7 | ||||
| -rw-r--r-- | mysql-test/suite/encryption/r/innodb-page_encryption.result | 8 | ||||
| -rw-r--r-- | mysql-test/suite/encryption/r/innodb_page_encryption_key_change.result | 143 | ||||
| -rw-r--r-- | mysql-test/suite/encryption/t/innodb-page_encryption.test | 5 | ||||
| -rw-r--r-- | mysql-test/suite/encryption/t/innodb_page_encryption_key_change.test | 91 | ||||
| -rw-r--r-- | storage/innobase/buf/buf0buf.cc | 3 | ||||
| -rw-r--r-- | storage/innobase/fil/fil0crypt.cc | 28 | ||||
| -rw-r--r-- | storage/innobase/include/fil0crypt.h | 8 | ||||
| -rw-r--r-- | storage/xtradb/buf/buf0buf.cc | 3 | ||||
| -rw-r--r-- | storage/xtradb/fil/fil0crypt.cc | 28 | ||||
| -rw-r--r-- | storage/xtradb/include/fil0crypt.h | 8 |
12 files changed, 259 insertions, 79 deletions
diff --git a/mysql-test/std_data/keys2.txt b/mysql-test/std_data/keys2.txt new file mode 100644 index 00000000000..aa1600b894d --- /dev/null +++ b/mysql-test/std_data/keys2.txt @@ -0,0 +1,6 @@ +1;593E580927F47AB530D3B1237CDEF6D6 +2;352E42F1B9DB5CB915C3262FE745520A +3;CFE065600F5EB57481075C65180C3F8A +4;205379930183490D3BECA139BDF4DB5B +5;E2D944D5D837A1DCB22FF7FD397892EE +6;BAFE99B0BB87F2CD33A6AF26A11F6BD1 diff --git a/mysql-test/std_data/keys3.txt b/mysql-test/std_data/keys3.txt new file mode 100644 index 00000000000..4f6c618d2ad --- /dev/null +++ b/mysql-test/std_data/keys3.txt @@ -0,0 +1,7 @@ +1;593E580927F47AB530D3B1237CDEF6D6 +2;E4B00A45BF775B4E07D634EC5CA5912B +3;6E35ACB162B29D1FB9E178021DAF16ED +4;971A664A88EE0022D408E40BFAB17E79 +5;C4FF86FD89879380DA97EAC0BA3057B7 +6;BAFE99B0BB87F2CD33A6AF26A11F6BD1 + diff --git a/mysql-test/suite/encryption/r/innodb-page_encryption.result b/mysql-test/suite/encryption/r/innodb-page_encryption.result index 2a52d1a07b3..e8035a537be 100644 --- a/mysql-test/suite/encryption/r/innodb-page_encryption.result +++ b/mysql-test/suite/encryption/r/innodb-page_encryption.result @@ -247,11 +247,11 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; count(*) 2000 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; -variable_value = 0 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +variable_value >= 0 1 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; -variable_value = 0 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +variable_value >= 0 1 drop procedure innodb_insert_proc; drop table innodb_normal; diff --git a/mysql-test/suite/encryption/r/innodb_page_encryption_key_change.result b/mysql-test/suite/encryption/r/innodb_page_encryption_key_change.result new file mode 100644 index 00000000000..7bc8f13dcc8 --- /dev/null +++ b/mysql-test/suite/encryption/r/innodb_page_encryption_key_change.result @@ -0,0 +1,143 @@ +# Restart mysqld --loose-file-key-management-filename=/home/jan/mysql/10.1-bugs/mysql-test/std_data/keys2.txt +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=2; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encrypted=yes encryption_key_id=3; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=4; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=5; +insert into innodb_normal values (1,'test1'),(2,'foo'),(3,'bar'),(4,'mariadb'); +insert into innodb_compact select * from innodb_normal; +insert into innodb_compressed select * from innodb_normal; +insert into innodb_dynamic select * from innodb_normal; +insert into innodb_redundant select * from innodb_normal; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +variable_value >= 0 +1 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +variable_value >= 0 +1 +alter table innodb_compact engine=innodb encryption_key_id = 6; +alter table innodb_compressed engine=innodb encryption_key_id = 6; +alter table innodb_dynamic engine=innodb encryption_key_id = 6; +alter table innodb_redundant engine=innodb encryption_key_id = 6; +select * from innodb_normal; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_compact; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_compressed; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_dynamic; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_redundant; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +variable_value >= 0 +1 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +variable_value >= 0 +1 +# Restart mysqld --loose-file-key-management-filename=/home/jan/mysql/10.1-bugs/mysql-test/std_data/keys3.txt +select * from innodb_normal; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_compact; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_compressed; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_dynamic; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_redundant; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +variable_value >= 0 +1 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +variable_value >= 0 +1 +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +alter table innodb_compact engine=innodb encryption_key_id = 2; +alter table innodb_compressed engine=innodb encryption_key_id = 3; +alter table innodb_dynamic engine=innodb encryption_key_id = 4; +alter table innodb_redundant engine=innodb encryption_key_id = 5; +select * from innodb_normal; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_compact; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_compressed; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_dynamic; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +select * from innodb_redundant; +c1 b +1 test1 +2 foo +3 bar +4 mariadb +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +variable_value >= 0 +1 +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +variable_value >= 0 +1 +drop table innodb_normal; +drop table innodb_compact; +drop table innodb_compressed; +drop table innodb_dynamic; +drop table innodb_redundant; diff --git a/mysql-test/suite/encryption/t/innodb-page_encryption.test b/mysql-test/suite/encryption/t/innodb-page_encryption.test index 2f9192a5dec..26fd4e7e9c1 100644 --- a/mysql-test/suite/encryption/t/innodb-page_encryption.test +++ b/mysql-test/suite/encryption/t/innodb-page_encryption.test @@ -145,9 +145,8 @@ t1.c1 = t2.c1 and t1.b = t2.b; select count(*) from innodb_redundant t1, innodb_normal t2 where t1.c1 = t2.c1 and t1.b = t2.b; -# After alter+restart these should be 0 -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; -SELECT variable_value = 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; drop procedure innodb_insert_proc; drop table innodb_normal; diff --git a/mysql-test/suite/encryption/t/innodb_page_encryption_key_change.test b/mysql-test/suite/encryption/t/innodb_page_encryption_key_change.test new file mode 100644 index 00000000000..8283cf38a6c --- /dev/null +++ b/mysql-test/suite/encryption/t/innodb_page_encryption_key_change.test @@ -0,0 +1,91 @@ +-- source include/have_innodb.inc +-- source include/have_file_key_management_plugin.inc +# embedded does not support restart +-- source include/not_embedded.inc + +--echo # Restart mysqld --loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys2.txt +-- let $restart_parameters=--loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys2.txt +-- source include/restart_mysqld.inc + +--disable_query_log +let $innodb_file_format_orig = `SELECT @@innodb_file_format`; +let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`; +--enable_query_log + +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; + +create table innodb_normal(c1 bigint not null, b char(200)) engine=innodb; +create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_format=compact encrypted=yes encryption_key_id=2; +create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed encrypted=yes encryption_key_id=3; +create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic encrypted=yes encryption_key_id=4; +create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant encrypted=yes encryption_key_id=5; + +insert into innodb_normal values (1,'test1'),(2,'foo'),(3,'bar'),(4,'mariadb'); +insert into innodb_compact select * from innodb_normal; +insert into innodb_compressed select * from innodb_normal; +insert into innodb_dynamic select * from innodb_normal; +insert into innodb_redundant select * from innodb_normal; + +# Note there that these variables are updated only when real I/O is done, thus they are not reliable +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; + +alter table innodb_compact engine=innodb encryption_key_id = 6; +alter table innodb_compressed engine=innodb encryption_key_id = 6; +alter table innodb_dynamic engine=innodb encryption_key_id = 6; +alter table innodb_redundant engine=innodb encryption_key_id = 6; + +select * from innodb_normal; +select * from innodb_compact; +select * from innodb_compressed; +select * from innodb_dynamic; +select * from innodb_redundant; + +# Note there that these variables are updated only when real I/O is done, thus they are not reliable +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; + +--echo # Restart mysqld --loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys3.txt +-- let $restart_parameters=--loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys3.txt +-- source include/restart_mysqld.inc + +select * from innodb_normal; +select * from innodb_compact; +select * from innodb_compressed; +select * from innodb_dynamic; +select * from innodb_redundant; + +# Note there that these variables are updated only when real I/O is done, thus they are not reliable +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; + +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; + +alter table innodb_compact engine=innodb encryption_key_id = 2; +alter table innodb_compressed engine=innodb encryption_key_id = 3; +alter table innodb_dynamic engine=innodb encryption_key_id = 4; +alter table innodb_redundant engine=innodb encryption_key_id = 5; + +select * from innodb_normal; +select * from innodb_compact; +select * from innodb_compressed; +select * from innodb_dynamic; +select * from innodb_redundant; + +# Note there that these variables are updated only when real I/O is done, thus they are not reliable +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_encrypted'; +SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_decrypted'; + +drop table innodb_normal; +drop table innodb_compact; +drop table innodb_compressed; +drop table innodb_dynamic; +drop table innodb_redundant; + +# reset system +--disable_query_log +EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig; +EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig; +--enable_query_log diff --git a/storage/innobase/buf/buf0buf.cc b/storage/innobase/buf/buf0buf.cc index 7249dd7bb5b..ae73c3ce9c5 100644 --- a/storage/innobase/buf/buf0buf.cc +++ b/storage/innobase/buf/buf0buf.cc @@ -5728,7 +5728,8 @@ buf_page_encrypt_before_write( return const_cast<byte*>(src_frame); } - if (fil_space_check_encryption_write(bpage->space) == false) { + /* Is encryption needed? */ + if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { /* An unencrypted table */ bpage->key_version = 0; return const_cast<byte*>(src_frame); diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index e8fad746e02..dccbb74c496 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -220,7 +220,7 @@ fil_space_create_crypt_data( &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->locker = crypt_data_scheme_locker; my_random_bytes(crypt_data->iv, sizeof(crypt_data->iv)); - crypt_data->encryption = FIL_SPACE_ENCRYPTION_DEFAULT; + crypt_data->encryption = encrypt_mode; crypt_data->key_id = key_id; return crypt_data; } @@ -542,32 +542,6 @@ fil_space_clear_crypt_data( memset(page + offset, 0, size); } -/********************************************************************* -Check if page shall be encrypted before write -@return true if page should be encrypted, false if not */ -UNIV_INTERN -bool -fil_space_check_encryption_write( -/*=============================*/ - ulint space) /*!< in: tablespace id */ -{ - if (!srv_encrypt_tables) { - return false; - } - - fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); - - if (crypt_data == NULL) { - return false; - } - - if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { - return false; - } - - return true; -} - /****************************************************************** Encrypt a page */ UNIV_INTERN diff --git a/storage/innobase/include/fil0crypt.h b/storage/innobase/include/fil0crypt.h index b633d1100bc..f9f481111ca 100644 --- a/storage/innobase/include/fil0crypt.h +++ b/storage/innobase/include/fil0crypt.h @@ -199,14 +199,6 @@ fil_space_check_encryption_read( ulint space); /*!< in: tablespace id */ /********************************************************************* -Check if page shall be encrypted before write */ -UNIV_INTERN -bool -fil_space_check_encryption_write( -/*=============================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* Encrypt buffer page */ UNIV_INTERN void diff --git a/storage/xtradb/buf/buf0buf.cc b/storage/xtradb/buf/buf0buf.cc index d0a57472ea1..86ac8c14ac2 100644 --- a/storage/xtradb/buf/buf0buf.cc +++ b/storage/xtradb/buf/buf0buf.cc @@ -5887,7 +5887,8 @@ buf_page_encrypt_before_write( return const_cast<byte*>(src_frame); } - if (fil_space_check_encryption_write(bpage->space) == false) { + /* Is encryption needed? */ + if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { /* An unencrypted table */ bpage->key_version = 0; return const_cast<byte*>(src_frame); diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index f57b48f21cb..11deda359aa 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -220,7 +220,7 @@ fil_space_create_crypt_data( &crypt_data->mutex, SYNC_NO_ORDER_CHECK); crypt_data->locker = crypt_data_scheme_locker; my_random_bytes(crypt_data->iv, sizeof(crypt_data->iv)); - crypt_data->encryption = FIL_SPACE_ENCRYPTION_DEFAULT; + crypt_data->encryption = encrypt_mode; crypt_data->key_id = key_id; return crypt_data; } @@ -542,32 +542,6 @@ fil_space_clear_crypt_data( memset(page + offset, 0, size); } -/********************************************************************* -Check if page shall be encrypted before write -@return true if page should be encrypted, false if not */ -UNIV_INTERN -bool -fil_space_check_encryption_write( -/*=============================*/ - ulint space) /*!< in: tablespace id */ -{ - if (!srv_encrypt_tables) { - return false; - } - - fil_space_crypt_t* crypt_data = fil_space_get_crypt_data(space); - - if (crypt_data == NULL) { - return false; - } - - if (crypt_data->type == CRYPT_SCHEME_UNENCRYPTED) { - return false; - } - - return true; -} - /****************************************************************** Encrypt a page */ UNIV_INTERN diff --git a/storage/xtradb/include/fil0crypt.h b/storage/xtradb/include/fil0crypt.h index c6b3a626e8f..5183d556b99 100644 --- a/storage/xtradb/include/fil0crypt.h +++ b/storage/xtradb/include/fil0crypt.h @@ -199,14 +199,6 @@ fil_space_check_encryption_read( ulint space); /*!< in: tablespace id */ /********************************************************************* -Check if page shall be encrypted before write */ -UNIV_INTERN -bool -fil_space_check_encryption_write( -/*=============================*/ - ulint space); /*!< in: tablespace id */ - -/********************************************************************* Encrypt buffer page */ UNIV_INTERN void |