Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19086

Make InnoDB background encryption threads read encryption key ID from FRM

    XMLWordPrintable

Details

    Description

      It was pointed out in MDEV-17230 and MDEV-18601 that the InnoDB background encryption threads can't read a table's encryption key ID from the table's .frm file if the table is created with ENCRYPTED=DEFAULT set while innodb_encrypt_tables=OFF is set. If innodb_encrypt_tables=ON is set later on, then the table may be encrypted with the wrong key.

      marko said we might not be able to fix this in 10.1, but we might be able to fix this in 10.2 and later.

      This problem is documented here:

      https://mariadb.com/kb/en/library/innodb-encryption-troubleshooting/#setting-encryption-key-id-for-an-unencrypted-table

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-17230 encryption_key_id from alter is ignored by encryption threads

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-18601 Can't create table with ENCRYPTED=DEFAULT when innodb_default_encryption_key_id!=1

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              thiru Thirunarayanan Balathandayuthapani
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.