diff options
| author | Thirunarayanan Balathandayuthapani <thiru@mariadb.com> | 2018-08-06 16:20:15 +0530 |
|---|---|---|
| committer | Thirunarayanan Balathandayuthapani <thiru@mariadb.com> | 2018-08-06 16:20:15 +0530 |
| commit | 776bf8b032ff948f0fce039ae4626e11d29f5880 (patch) | |
| tree | 2a9c10ad14dcb893b806f63f825caa9c6defb100 | |
| parent | ed68e6f42519d6da02447f6736bf7d1ac74dac84 (diff) | |
| download | mariadb-git-bb-10.1-MDEV-14398.tar.gz | |
MDEV-14398 When innodb_encryption_rotate_key_age=0 is set,bb-10.1-MDEV-14398
server won't encrypt tablespaces
- If innodb_encryption_rotate_key_age is zero then innodb doesn't do
re-encryption of encrypted tablespace.
| -rw-r--r-- | storage/innobase/fil/fil0crypt.cc | 7 | ||||
| -rw-r--r-- | storage/xtradb/fil/fil0crypt.cc | 6 |
2 files changed, 13 insertions, 0 deletions
diff --git a/storage/innobase/fil/fil0crypt.cc b/storage/innobase/fil/fil0crypt.cc index 757c034d684..7c475e62ba0 100644 --- a/storage/innobase/fil/fil0crypt.cc +++ b/storage/innobase/fil/fil0crypt.cc @@ -982,6 +982,12 @@ fil_crypt_needs_rotation( return true; } + /** If the rotate_key_age is zero then innodb doesn't + re-encrypt the encrypted tablespace. */ + if (rotate_key_age == 0) { + return false; + } + /* this is rotation encrypted => encrypted, * only reencrypt if key is sufficiently old */ if (key_version + rotate_key_age < latest_key_version) { @@ -1267,6 +1273,7 @@ fil_crypt_space_needs_rotation( fil_crypt_get_key_state(key_state, crypt_data); } + bool need_key_rotation = fil_crypt_needs_rotation( crypt_data, crypt_data->min_key_version, diff --git a/storage/xtradb/fil/fil0crypt.cc b/storage/xtradb/fil/fil0crypt.cc index 3daa461445d..588f01b52f9 100644 --- a/storage/xtradb/fil/fil0crypt.cc +++ b/storage/xtradb/fil/fil0crypt.cc @@ -982,6 +982,12 @@ fil_crypt_needs_rotation( return true; } + /* If rotate_key_age is zero then don't re-encrypt + the encrypted tablespace. */ + if (rotate_key_age ==0) { + return false; + } + /* this is rotation encrypted => encrypted, * only reencrypt if key is sufficiently old */ if (key_version + rotate_key_age < latest_key_version) { |