Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-19086

Make InnoDB background encryption threads read encryption key ID from FRM

Details

    Description

      It was pointed out in MDEV-17230 and MDEV-18601 that the InnoDB background encryption threads can't read a table's encryption key ID from the table's .frm file if the table is created with ENCRYPTED=DEFAULT set while innodb_encrypt_tables=OFF is set. If innodb_encrypt_tables=ON is set later on, then the table may be encrypted with the wrong key.

      marko said we might not be able to fix this in 10.1, but we might be able to fix this in 10.2 and later.

      This problem is documented here:

      https://mariadb.com/kb/en/library/innodb-encryption-troubleshooting/#setting-encryption-key-id-for-an-unencrypted-table

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-17230 encryption_key_id from alter is ignored by encryption threads

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-18601 Can't create table with ENCRYPTED=DEFAULT when innodb_default_encryption_key_id!=1

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            GeoffMontee Geoff Montee (Inactive) created issue -
            GeoffMontee Geoff Montee (Inactive) made changes -
            Field Original Value New Value
            GeoffMontee Geoff Montee (Inactive) made changes -
            GeoffMontee Geoff Montee (Inactive) made changes -
            Description It was pointed out in MDEV-17230 and MDEV-18601 that the InnoDB background encryption threads can't read a table's encryption key ID from the table's .frm file if the table is created with ENCRYPTED=DEFAULT set while innodb_encrypt_tables=OFF is set. If innodb_encrypt_tables=ON is set later on, then the table may be encrypted with the wrong key.

            [~marko] said we might not be able to fix this in 10.1, but we might be able to fix this in 10.2 and later.             		It was pointed out in MDEV-17230 and MDEV-18601 that the InnoDB background encryption threads can't read a table's encryption key ID from the table's .frm file if the table is created with ENCRYPTED=DEFAULT set while innodb_encrypt_tables=OFF is set. If innodb_encrypt_tables=ON is set later on, then the table may be encrypted with the wrong key.

            [~marko] said we might not be able to fix this in 10.1, but we might be able to fix this in 10.2 and later.

            This problem is documented here:

            https://mariadb.com/kb/en/library/innodb-encryption-troubleshooting/#setting-encryption-key-id-for-an-unencrypted-table
            serg Sergei Golubchik made changes -
            Assignee Jan Lindström [ jplindst ] Thirunarayanan Balathandayuthapani [ thiru ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 94095 ] MariaDB v4 [ 141222 ]
            ralf.gebhardt Ralf Gebhardt made changes -
            Fix Version/s 10.2 [ 14601 ]
            julien.fritsch Julien Fritsch made changes -
            Fix Version/s 10.3 [ 22126 ]

            People

              thiru Thirunarayanan Balathandayuthapani
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.