MDEV-7593: Default encryption key does not work correctly for page

encrypted tables

Introduced a new innodb_default_page_encryption_key configuration
variable to allow user to set the default key identifier.
This commit is contained in:
Jan Lindström 2015-02-18 08:29:38 +02:00
parent 11536f99f1
commit 4040bf18cf
13 changed files with 249 additions and 21 deletions

View file

@ -5,6 +5,14 @@ create table innodb_compact(c1 bigint not null, b char(200)) engine=innodb row_f
create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb row_format=compressed page_encryption=1 page_encryption_key=2;
create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3;
create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4;
SET GLOBAL innodb_default_page_encryption_key = 5;
create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb page_encryption=1;
show create table innodb_defkey;
Table Create Table
innodb_defkey CREATE TABLE `innodb_defkey` (
`c1` bigint(20) NOT NULL,
`b` char(200) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1
show create table innodb_compact;
Table Create Table
innodb_compact CREATE TABLE `innodb_compact` (
@ -47,11 +55,13 @@ insert into innodb_compact select * from innodb_normal;
insert into innodb_compressed select * from innodb_normal;
insert into innodb_dynamic select * from innodb_normal;
insert into innodb_redundant select * from innodb_normal;
insert into innodb_defkey select * from innodb_normal;
update innodb_normal set c1 = c1 +1;
update innodb_compact set c1 = c1 + 1;
update innodb_compressed set c1 = c1 + 1;
update innodb_dynamic set c1 = c1 + 1;
update innodb_redundant set c1 = c1 + 1;
update innodb_defkey set c1 = c1 + 1;
select count(*) from innodb_compact where c1 < 1500000;
count(*)
2000
@ -64,6 +74,9 @@ count(*)
select count(*) from innodb_redundant where c1 < 1500000;
count(*)
2000
select count(*) from innodb_defkey where c1 < 1500000;
count(*)
2000
select count(*) from innodb_compact t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
count(*)
@ -80,6 +93,10 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
count(*)
2000
select count(*) from innodb_defkey t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
count(*)
2000
SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted';
variable_value >= 0
1
@ -96,6 +113,7 @@ update innodb_compact set c1 = c1 + 1;
update innodb_compressed set c1 = c1 + 1;
update innodb_dynamic set c1 = c1 + 1;
update innodb_redundant set c1 = c1 + 1;
update innodb_defkey set c1 = c1 + 1;
select count(*) from innodb_compact where c1 < 1500000;
count(*)
2000
@ -108,6 +126,9 @@ count(*)
select count(*) from innodb_redundant where c1 < 1500000;
count(*)
2000
select count(*) from innodb_defkey where c1 < 1500000;
count(*)
2000
select count(*) from innodb_compact t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
count(*)
@ -124,6 +145,10 @@ select count(*) from innodb_redundant t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
count(*)
2000
select count(*) from innodb_defkey t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
count(*)
2000
SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted';
variable_value >= 0
1
@ -187,6 +212,12 @@ innodb_redundant CREATE TABLE `innodb_redundant` (
`c1` bigint(20) NOT NULL,
`b` char(200) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 ROW_FORMAT=REDUNDANT
show create table innodb_defkey;
Table Create Table
innodb_defkey CREATE TABLE `innodb_defkey` (
`c1` bigint(20) NOT NULL,
`b` char(200) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `page_encryption`=1
update innodb_normal set c1 = c1 +1;
update innodb_compact set c1 = c1 + 1;
update innodb_compressed set c1 = c1 + 1;
@ -235,3 +266,4 @@ drop table innodb_compact;
drop table innodb_compressed;
drop table innodb_dynamic;
drop table innodb_redundant;
drop table innodb_defkey;

View file

@ -4,6 +4,7 @@
--disable_query_log
let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
let $default_page_encryption_key = `SELECT @@innodb_default_page_encryption_key`;
--enable_query_log
SET GLOBAL innodb_file_format = `Barracuda`;
@ -15,6 +16,10 @@ create table innodb_compressed(c1 bigint not null, b char(200)) engine=innodb ro
create table innodb_dynamic(c1 bigint not null, b char(200)) engine=innodb row_format=dynamic page_encryption=1 page_encryption_key=3;
create table innodb_redundant(c1 bigint not null, b char(200)) engine=innodb row_format=redundant page_encryption=1 page_encryption_key=4;
SET GLOBAL innodb_default_page_encryption_key = 5;
create table innodb_defkey(c1 bigint not null, b char(200)) engine=innodb page_encryption=1;
show create table innodb_defkey;
show create table innodb_compact;
show create table innodb_compressed;
show create table innodb_dynamic;
@ -42,16 +47,20 @@ insert into innodb_compact select * from innodb_normal;
insert into innodb_compressed select * from innodb_normal;
insert into innodb_dynamic select * from innodb_normal;
insert into innodb_redundant select * from innodb_normal;
insert into innodb_defkey select * from innodb_normal;
update innodb_normal set c1 = c1 +1;
update innodb_compact set c1 = c1 + 1;
update innodb_compressed set c1 = c1 + 1;
update innodb_dynamic set c1 = c1 + 1;
update innodb_redundant set c1 = c1 + 1;
update innodb_defkey set c1 = c1 + 1;
select count(*) from innodb_compact where c1 < 1500000;
select count(*) from innodb_compressed where c1 < 1500000;
select count(*) from innodb_dynamic where c1 < 1500000;
select count(*) from innodb_redundant where c1 < 1500000;
select count(*) from innodb_defkey where c1 < 1500000;
select count(*) from innodb_compact t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
select count(*) from innodb_dynamic t1, innodb_normal t2 where
@ -60,6 +69,8 @@ select count(*) from innodb_compressed t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
select count(*) from innodb_redundant t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
select count(*) from innodb_defkey t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
# Note there that these variables are updated only when real I/O is done, thus they are not reliable
SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted';
@ -76,10 +87,12 @@ update innodb_compact set c1 = c1 + 1;
update innodb_compressed set c1 = c1 + 1;
update innodb_dynamic set c1 = c1 + 1;
update innodb_redundant set c1 = c1 + 1;
update innodb_defkey set c1 = c1 + 1;
select count(*) from innodb_compact where c1 < 1500000;
select count(*) from innodb_compressed where c1 < 1500000;
select count(*) from innodb_dynamic where c1 < 1500000;
select count(*) from innodb_redundant where c1 < 1500000;
select count(*) from innodb_defkey where c1 < 1500000;
select count(*) from innodb_compact t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
select count(*) from innodb_dynamic t1, innodb_normal t2 where
@ -88,6 +101,8 @@ select count(*) from innodb_compressed t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
select count(*) from innodb_redundant t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
select count(*) from innodb_defkey t1, innodb_normal t2 where
t1.c1 = t2.c1 and t1.b = t2.b;
SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_encrypted';
SELECT variable_value >= 0 FROM information_schema.global_status WHERE LOWER(variable_name) = 'innodb_num_pages_page_decrypted';
@ -111,6 +126,7 @@ show create table innodb_compact;
show create table innodb_compressed;
show create table innodb_dynamic;
show create table innodb_redundant;
show create table innodb_defkey;
update innodb_normal set c1 = c1 +1;
update innodb_compact set c1 = c1 + 1;
@ -141,9 +157,11 @@ drop table innodb_compact;
drop table innodb_compressed;
drop table innodb_dynamic;
drop table innodb_redundant;
drop table innodb_defkey;
# reset system
--disable_query_log
EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig;
EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig;
EVAL SET GLOBAL innodb_default_page_encryption_key = $default_page_encryption_key;
--enable_query_log

View file

@ -0,0 +1,71 @@
SET @start_global_value = @@global.innodb_default_page_encryption_key;
SELECT @start_global_value;
@start_global_value
1
Valid value 0-9
select @@global.innodb_default_page_encryption_key <= 9;
@@global.innodb_default_page_encryption_key <= 9
1
select @@global.innodb_default_page_encryption_key;
@@global.innodb_default_page_encryption_key
1
select @@session.innodb_default_page_encryption_key;
ERROR HY000: Variable 'innodb_default_page_encryption_key' is a GLOBAL variable
show global variables like 'innodb_default_page_encryption_key';
Variable_name Value
innodb_default_page_encryption_key 1
show session variables like 'innodb_default_page_encryption_key';
Variable_name Value
innodb_default_page_encryption_key 1
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
VARIABLE_NAME VARIABLE_VALUE
INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 1
select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key';
VARIABLE_NAME VARIABLE_VALUE
INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 1
set global innodb_default_page_encryption_key=2;
select @@global.innodb_default_page_encryption_key;
@@global.innodb_default_page_encryption_key
2
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
VARIABLE_NAME VARIABLE_VALUE
INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 2
select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key';
VARIABLE_NAME VARIABLE_VALUE
INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 2
set session innodb_default_page_encryption_key=4;
ERROR HY000: Variable 'innodb_default_page_encryption_key' is a GLOBAL variable and should be set with SET GLOBAL
set global innodb_default_page_encryption_key=1.1;
ERROR 42000: Incorrect argument type to variable 'innodb_default_page_encryption_key'
set global innodb_default_page_encryption_key=1e1;
ERROR 42000: Incorrect argument type to variable 'innodb_default_page_encryption_key'
set global innodb_default_page_encryption_key="foo";
ERROR 42000: Incorrect argument type to variable 'innodb_default_page_encryption_key'
set global innodb_default_page_encryption_key=10;
select @@global.innodb_default_page_encryption_key;
@@global.innodb_default_page_encryption_key
10
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
VARIABLE_NAME VARIABLE_VALUE
INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 10
set global innodb_default_page_encryption_key=-7;
Warnings:
Warning 1292 Truncated incorrect innodb_default_page_encryption_k value: '-7'
select @@global.innodb_default_page_encryption_key;
@@global.innodb_default_page_encryption_key
1
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
VARIABLE_NAME VARIABLE_VALUE
INNODB_DEFAULT_PAGE_ENCRYPTION_KEY 1
set global innodb_default_page_encryption_key=1;
select @@global.innodb_default_page_encryption_key;
@@global.innodb_default_page_encryption_key
1
set global innodb_default_page_encryption_key=255;
select @@global.innodb_default_page_encryption_key;
@@global.innodb_default_page_encryption_key
255
SET @@global.innodb_default_page_encryption_key = @start_global_value;
SELECT @@global.innodb_default_page_encryption_key;
@@global.innodb_default_page_encryption_key
1

View file

@ -565,6 +565,20 @@ NUMERIC_BLOCK_SIZE NULL
ENUM_VALUE_LIST NULL
READ_ONLY YES
COMMAND_LINE_ARGUMENT REQUIRED
VARIABLE_NAME INNODB_DEFAULT_PAGE_ENCRYPTION_KEY
SESSION_VALUE NULL
GLOBAL_VALUE 1
GLOBAL_VALUE_ORIGIN COMPILE-TIME
DEFAULT_VALUE 1
VARIABLE_SCOPE GLOBAL
VARIABLE_TYPE INT UNSIGNED
VARIABLE_COMMENT Encryption key used for page encryption.
NUMERIC_MIN_VALUE 1
NUMERIC_MAX_VALUE 255
NUMERIC_BLOCK_SIZE 0
ENUM_VALUE_LIST NULL
READ_ONLY NO
COMMAND_LINE_ARGUMENT REQUIRED
VARIABLE_NAME INNODB_DEFRAGMENT
SESSION_VALUE NULL
GLOBAL_VALUE OFF

View file

@ -0,0 +1,60 @@
--source include/have_innodb.inc
SET @start_global_value = @@global.innodb_default_page_encryption_key;
SELECT @start_global_value;
#
# exists as global only
#
--echo Valid value 0-9
select @@global.innodb_default_page_encryption_key <= 9;
select @@global.innodb_default_page_encryption_key;
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
select @@session.innodb_default_page_encryption_key;
show global variables like 'innodb_default_page_encryption_key';
show session variables like 'innodb_default_page_encryption_key';
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key';
#
# show that it's writable
#
set global innodb_default_page_encryption_key=2;
select @@global.innodb_default_page_encryption_key;
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
select * from information_schema.session_variables where variable_name='innodb_default_page_encryption_key';
--error ER_GLOBAL_VARIABLE
set session innodb_default_page_encryption_key=4;
#
# incorrect types
#
--error ER_WRONG_TYPE_FOR_VAR
set global innodb_default_page_encryption_key=1.1;
--error ER_WRONG_TYPE_FOR_VAR
set global innodb_default_page_encryption_key=1e1;
--error ER_WRONG_TYPE_FOR_VAR
set global innodb_default_page_encryption_key="foo";
set global innodb_default_page_encryption_key=10;
select @@global.innodb_default_page_encryption_key;
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
set global innodb_default_page_encryption_key=-7;
select @@global.innodb_default_page_encryption_key;
select * from information_schema.global_variables where variable_name='innodb_default_page_encryption_key';
#
# min/max values
#
set global innodb_default_page_encryption_key=1;
select @@global.innodb_default_page_encryption_key;
set global innodb_default_page_encryption_key=255;
select @@global.innodb_default_page_encryption_key;
#
# cleanup
#
SET @@global.innodb_default_page_encryption_key = @start_global_value;
SELECT @@global.innodb_default_page_encryption_key;

View file

@ -4,7 +4,7 @@ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, 2009 Google Inc.
Copyright (c) 2009, Percona Inc.
Copyright (c) 2012, Facebook Inc.
Copyright (c) 2013, 2014, SkySQL Ab.
Copyright (c) 2013, 2015, MariaDB Corporation.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -103,6 +103,7 @@ this program; if not, write to the Free Software Foundation, Inc.,
#include "fts0priv.h"
#include "page0zip.h"
#include "fil0pagecompress.h"
#include "fil0pageencryption.h"
#define thd_get_trx_isolation(X) ((enum_tx_isolation)thd_tx_isolation(X))
@ -567,9 +568,8 @@ ha_create_table_option innodb_table_option_list[]=
HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0),
/* With this option the user can enable page encryption for the table */
HA_TOPTION_BOOL("PAGE_ENCRYPTION", page_encryption, 0),
/* With this option the user defines the key identifier using for the encryption */
HA_TOPTION_NUMBER("PAGE_ENCRYPTION_KEY", page_encryption_key, ULINT_UNDEFINED, 1, 255, 1),
HA_TOPTION_NUMBER("PAGE_ENCRYPTION_KEY", page_encryption_key, 0, 1, 255, 1),
HA_TOPTION_END
};
@ -11021,7 +11021,7 @@ innobase_table_flags(
modified by another thread while the table is being created. */
const ulint default_compression_level = page_zip_level;
const ulint default_encryption_key = 1;
const ulint default_encryption_key = srv_default_page_encryption_key;
*flags = 0;
*flags2 = 0;
@ -11222,12 +11222,12 @@ index_bad:
zip_ssize,
use_data_dir,
options->page_compressed,
(ulint)options->page_compression_level == 0 ?
options->page_compression_level == 0 ?
default_compression_level : options->page_compression_level,
options->atomic_writes,
options->page_encryption,
(ulint)options->page_encryption_key == ULINT_UNDEFINED ?
default_encryption_key : options->page_encryption_key);
options->page_encryption_key == 0 ?
default_encryption_key : options->page_encryption_key);
if (create_info->options & HA_LEX_CREATE_TMP_TABLE) {
*flags2 |= DICT_TF2_TEMPORARY;
@ -11363,7 +11363,7 @@ ha_innobase::check_table_options(
}
}
if ((ulint)options->page_encryption_key != ULINT_UNDEFINED) {
if (options->page_encryption_key != 0) {
if (options->page_encryption == false) {
/* ignore this to allow alter table without changing page_encryption_key ...*/
}
@ -11386,7 +11386,6 @@ ha_innobase::check_table_options(
options->page_encryption_key
);
return "PAGE_ENCRYPTION_KEY";
}
}
@ -19128,6 +19127,13 @@ static MYSQL_SYSVAR_UINT(encryption_rotation_iops, srv_n_fil_crypt_iops,
innodb_encryption_rotation_iops_update,
srv_n_fil_crypt_iops, 0, UINT_MAX32, 0);
static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryption_key,
PLUGIN_VAR_RQCMDARG,
"Encryption key used for page encryption.",
NULL,
NULL,
DEFAULT_ENCRYPTION_KEY, 1, 255, 0);
static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log,
PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY,
"Enable redo log scrubbing",
@ -19389,6 +19395,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= {
MYSQL_SYSVAR(scrub_log),
MYSQL_SYSVAR(scrub_log_interval),
MYSQL_SYSVAR(encrypt_log),
MYSQL_SYSVAR(default_page_encryption_key),
/* Scrubing feature */
MYSQL_SYSVAR(immediate_scrub_data_uncompressed),

View file

@ -26,6 +26,9 @@ this program; if not, write to the Free Software Foundation, Inc.,
#define PAGE_ENCRYPTION_OK 0
#define PAGE_ENCRYPTION_WILL_NOT_ENCRYPT 5
/* This key will be used if nothing else is given */
#define DEFAULT_ENCRYPTION_KEY 1
#include "fsp0fsp.h"
#include "fsp0pageencryption.h"

View file

@ -3,7 +3,7 @@
Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
Copyright (c) 2008, 2009, Google Inc.
Copyright (c) 2009, Percona Inc.
Copyright (c) 2013, 2014, SkySQL Ab. All Rights Reserved.
Copyright (c) 2013, 2015, MariaDB Corporation. All Rights Reserved.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -562,6 +562,9 @@ that semaphore times out in InnoDB */
#define DEFAULT_SRV_FATAL_SEMAPHORE_TIMEOUT 600
extern ulong srv_fatal_semaphore_wait_threshold;
/** Default encryption key used for page encryption */
extern uint srv_default_page_encryption_key;
# ifdef UNIV_PFS_THREAD
/* Keys to register InnoDB threads with performance schema */
extern mysql_pfs_key_t buf_page_cleaner_thread_key;

View file

@ -3,7 +3,7 @@
Copyright (c) 1995, 2013, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, 2009 Google Inc.
Copyright (c) 2009, Percona Inc.
Copyright (c) 2013, 2014, SkySQL Ab. All Rights Reserved.
Copyright (c) 2013, 2015, MariaDB Corporation. All Rights Reserved.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -522,6 +522,9 @@ thread ensures that we flush the log files at least once per
second. */
static time_t srv_last_log_flush_time;
/** Default encryption key used for page encryption */
UNIV_INTERN uint srv_default_page_encryption_key;
/* Interval in seconds at which various tasks are performed by the
master thread when server is active. In order to balance the workload,
we should try to keep intervals such that they are not multiple of

View file

@ -4,7 +4,7 @@ Copyright (c) 2000, 2014, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, 2009 Google Inc.
Copyright (c) 2009, Percona Inc.
Copyright (c) 2012, Facebook Inc.
Copyright (c) 2013, 2014, SkySQL Ab.
Copyright (c) 2013, 2015, MariaDB Corporation.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -106,6 +106,7 @@ this program; if not, write to the Free Software Foundation, Inc.,
#include "fts0priv.h"
#include "page0zip.h"
#include "fil0pagecompress.h"
#include "fil0pageencryption.h"
#define thd_get_trx_isolation(X) ((enum_tx_isolation)thd_tx_isolation(X))
@ -633,9 +634,8 @@ ha_create_table_option innodb_table_option_list[]=
HA_TOPTION_ENUM("ATOMIC_WRITES", atomic_writes, "DEFAULT,ON,OFF", 0),
/* With this option the user can enable page encryption for the table */
HA_TOPTION_BOOL("PAGE_ENCRYPTION", page_encryption, 0),
/* With this option the user defines the key identifier using for the encryption */
HA_TOPTION_NUMBER("PAGE_ENCRYPTION_KEY", page_encryption_key, ULINT_UNDEFINED, 1, 255, 1),
HA_TOPTION_NUMBER("PAGE_ENCRYPTION_KEY", page_encryption_key, 0, 1, 255, 1),
HA_TOPTION_END
};
@ -11541,7 +11541,7 @@ innobase_table_flags(
modified by another thread while the table is being created. */
const ulint default_compression_level = page_zip_level;
const ulint default_encryption_key = 1;
const ulint default_encryption_key = srv_default_page_encryption_key;
*flags = 0;
*flags2 = 0;
@ -11739,12 +11739,12 @@ index_bad:
zip_ssize,
use_data_dir,
options->page_compressed,
(ulint)options->page_compression_level == 0 ?
options->page_compression_level == 0 ?
default_compression_level : options->page_compression_level,
options->atomic_writes,
options->page_encryption,
(ulint)options->page_encryption_key == ULINT_UNDEFINED ?
default_encryption_key : options->page_encryption_key);
options->page_encryption_key == 0 ?
default_encryption_key : options->page_encryption_key);
if (create_info->options & HA_LEX_CREATE_TMP_TABLE) {
*flags2 |= DICT_TF2_TEMPORARY;
@ -11880,7 +11880,7 @@ ha_innobase::check_table_options(
}
}
if ((ulint)options->page_encryption_key != ULINT_UNDEFINED) {
if (options->page_encryption_key != 0) {
if (options->page_encryption == false) {
/* ignore this to allow alter table without changing page_encryption_key ...*/
}
@ -20318,6 +20318,13 @@ static MYSQL_SYSVAR_UINT(encryption_rotation_iops, srv_n_fil_crypt_iops,
innodb_encryption_rotation_iops_update,
srv_n_fil_crypt_iops, 0, UINT_MAX32, 0);
static MYSQL_SYSVAR_UINT(default_page_encryption_key, srv_default_page_encryption_key,
PLUGIN_VAR_RQCMDARG,
"Encryption key used for page encryption.",
NULL,
NULL,
DEFAULT_ENCRYPTION_KEY, 1, 255, 0);
static MYSQL_SYSVAR_BOOL(scrub_log, srv_scrub_log,
PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY,
"Enable redo log scrubbing",
@ -20617,6 +20624,7 @@ static struct st_mysql_sys_var* innobase_system_variables[]= {
MYSQL_SYSVAR(scrub_log),
MYSQL_SYSVAR(scrub_log_interval),
MYSQL_SYSVAR(encrypt_log),
MYSQL_SYSVAR(default_page_encryption_key),
/* Scrubing feature */
MYSQL_SYSVAR(immediate_scrub_data_uncompressed),
MYSQL_SYSVAR(background_scrub_data_uncompressed),

View file

@ -26,6 +26,9 @@ this program; if not, write to the Free Software Foundation, Inc.,
#define PAGE_ENCRYPTION_OK 0
#define PAGE_ENCRYPTION_WILL_NOT_ENCRYPT 5
/* This key will be used if nothing else is given */
#define DEFAULT_ENCRYPTION_KEY 1
#include "fsp0fsp.h"
#include "fsp0pageencryption.h"

View file

@ -3,7 +3,7 @@
Copyright (c) 1995, 2013, Oracle and/or its affiliates.
Copyright (c) 2008, 2009, Google Inc.
Copyright (c) 2009, Percona Inc.
Copyright (c) 2013, 2014, SkySQL Ab.
Copyright (c) 2013, 2015, MariaDB Corporation.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -705,6 +705,9 @@ that semaphore times out in InnoDB */
#define DEFAULT_SRV_FATAL_SEMAPHORE_TIMEOUT 600
extern ulong srv_fatal_semaphore_wait_threshold;
/** Default encryption key used for page encryption */
extern uint srv_default_page_encryption_key;
# ifdef UNIV_PFS_THREAD
/* Keys to register InnoDB threads with performance schema */
extern mysql_pfs_key_t buf_page_cleaner_thread_key;

View file

@ -3,7 +3,7 @@
Copyright (c) 1995, 2013, Oracle and/or its affiliates. All Rights Reserved.
Copyright (c) 2008, 2009 Google Inc.
Copyright (c) 2009, Percona Inc.
Copyright (c) 2013, 2014, SkySQL Ab.
Copyright (c) 2013, 2015, MariaDB Corporation.
Portions of this file contain modifications contributed and copyrighted by
Google, Inc. Those modifications are gratefully acknowledged and are described
@ -669,6 +669,9 @@ thread ensures that we flush the log files at least once per
second. */
static time_t srv_last_log_flush_time;
/** Default encryption key used for page encryption */
UNIV_INTERN uint srv_default_page_encryption_key;
/* Interval in seconds at which various tasks are performed by the
master thread when server is active. In order to balance the workload,
we should try to keep intervals such that they are not multiple of