From ef40018535b71f0a4387fa6c1cc22e9991dfc0db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lindstr=C3=B6m?= Date: Wed, 10 Oct 2018 18:25:53 +0300 Subject: MDEV-17230: encryption_key_id from alter is ignored by encryption threads Background: Used encryption key_id is stored to encryption metadata i.e. crypt_data that is stored on page 0 of the tablespace of the table. crypt_data is created only if implicit encryption/not encryption is requested i.e. ENCRYPTED=[YES|NO] table option is used fil_create_new_single_table_tablespace on fil0fil.cc. Later if encryption is enabled all tables that use default encryption mode (i.e. no encryption table option is set) are encrypted with default encryption key_id that is 1. See fil_crypt_start_encrypting_space on fil0crypt.cc. ha_innobase::check_table_options() If default encryption is used and encryption is disabled, you may not use nondefault encryption_key_id as it is not stored anywhere. --- storage/innobase/handler/ha_innodb.cc | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) (limited to 'storage/innobase') diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 8baee1d30fc..b3a830e47c3 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -11958,21 +11958,18 @@ ha_innobase::check_table_options( options->encryption_key_id = FIL_DEFAULT_ENCRYPTION_KEY; } - /* If default encryption is used make sure that used kay is found - from key file. */ - if (encrypt == FIL_ENCRYPTION_DEFAULT && - !srv_encrypt_tables && - options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) { - if (!encryption_key_id_exists((unsigned int)options->encryption_key_id)) { - push_warning_printf( - thd, Sql_condition::WARN_LEVEL_WARN, - HA_WRONG_CREATE_OPTION, - "InnoDB: ENCRYPTION_KEY_ID %u not available", - (uint)options->encryption_key_id + /* If default encryption is used and encryption is disabled, you may + not use nondefault encryption_key_id as it is not stored anywhere. */ + if (encrypt == FIL_ENCRYPTION_DEFAULT + && !srv_encrypt_tables + && options->encryption_key_id != FIL_DEFAULT_ENCRYPTION_KEY) { + compile_time_assert(FIL_DEFAULT_ENCRYPTION_KEY == 1); + push_warning_printf( + thd, Sql_condition::WARN_LEVEL_WARN, + HA_WRONG_CREATE_OPTION, + "InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1" ); - return "ENCRYPTION_KEY_ID"; - - } + return "ENCRYPTION_KEY_ID"; } /* Check atomic writes requirements */ -- cgit v1.2.1 From 9c026273a923f3433ad622124d7a008ce6b5c487 Mon Sep 17 00:00:00 2001 From: Anel Husakovic Date: Tue, 6 Nov 2018 10:58:02 +0000 Subject: Add implementation in .h and delete unneccessery printing --- storage/innobase/handler/ha_innodb.cc | 11 ----------- storage/innobase/handler/ha_innodb.h | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) (limited to 'storage/innobase') diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index 2092cd113a5..85c5529a096 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -9039,17 +9039,6 @@ next_record: return(HA_ERR_END_OF_FILE); } -/************************************************************************* -*/ - -void -ha_innobase::ft_end() -{ - fprintf(stderr, "ft_end()\n"); - - rnd_end(); -} - /*********************************************************************//** Stores a reference to the current row to 'ref' field of the handle. Note that in the case where we have generated the clustered index for the diff --git a/storage/innobase/handler/ha_innodb.h b/storage/innobase/handler/ha_innodb.h index f9e98d5dfe6..e09d2d81e35 100644 --- a/storage/innobase/handler/ha_innodb.h +++ b/storage/innobase/handler/ha_innodb.h @@ -153,7 +153,7 @@ class ha_innobase: public handler int rnd_pos(uchar * buf, uchar *pos); int ft_init(); - void ft_end(); + void ft_end() { rnd_end(); } FT_INFO *ft_init_ext(uint flags, uint inx, String* key); int ft_read(uchar* buf); -- cgit v1.2.1