Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8238

Tables with encryption=yes using file_key_management plugin are not encrypted

Details

    Description

      Effect file_key_management_plugin where first tables with key_id 1-4 are created, then key_id is changed in all tables to 5. Restart server with different key file where keys 1-4 are deleted and new key_id 6-9 are introduced but naturally key 5 remains the same. Idea is to alter tables back to use changed keys for key_ids 6-9.

      Attachments

        1. innodb_page_encryption_key_change.test
          5 kB
        2. keys2.txt
          0.2 kB
        3. keys3.txt
          0.2 kB
        4. keys4.txt
          0.2 kB

        Activity

          Ascending order - Click to sort in descending order
          jplindst Jan Lindström (Inactive) created issue -
          jplindst Jan Lindström (Inactive) made changes -
          Field Original Value New Value
          Attachment innodb_page_encryption_key_change.test [ 38217 ]
          jplindst Jan Lindström (Inactive) made changes -
          Attachment keys2.txt [ 38218 ]
          Attachment keys3.txt [ 38219 ]
          Attachment keys4.txt [ 38220 ]
          jplindst Jan Lindström (Inactive) added a comment -

          Actual keys can be changed as long the key_id does not change.

          jplindst Jan Lindström (Inactive) added a comment - Actual keys can be changed as long the key_id does not change.
          jplindst Jan Lindström (Inactive) added a comment - 

          150527 12:10:56 [ERROR] InnoDB: Tablespace id 9 encrypted but encryption service not available. Can't continue opening tablespace.
          		 
           
          		 
          2015-05-27 12:10:56 7f69cdbbe780  InnoDB: Assertion failure in thread 140092399937408 in file ha_innodb.cc line 21135

          Problem is that key_id 1 can't be removed.

          jplindst Jan Lindström (Inactive) added a comment - 150527 12:10:56 [ERROR] InnoDB: Tablespace id 9 encrypted but encryption service not available. Can't continue opening tablespace.   2015-05-27 12:10:56 7f69cdbbe780 InnoDB: Assertion failure in thread 140092399937408 in file ha_innodb.cc line 21135 Problem is that key_id 1 can't be removed.
          jplindst Jan Lindström (Inactive) made changes -
          Description Effect file_key_management_plugin where first tables with key_id 1-4 are created, then key_id is changed in all tables to 5. Restart server with different key file where keys 1-4 are changed but naturally key 5 remains the same. Idea is to alter tables back to use changed keys for key_ids 1-4. Effect file_key_management_plugin where first tables with key_id 1-4 are created, then key_id is changed in all tables to 5. Restart server with different key file where keys 1-4 are deleted and new key_id 6-9 are introduced but naturally key 5 remains the same. Idea is to alter tables back to use changed keys for key_ids 6-9.
          jplindst Jan Lindström (Inactive) made changes -
          Summary nnoDB: Assertion failure in file ha_innodb.cc line 21135 when changing key_id Tables with encryption=yes using file_key_management plugin are not encrypted
          jplindst Jan Lindström (Inactive) made changes -
          Priority Critical [ 2 ] Blocker [ 1 ]
          jplindst Jan Lindström (Inactive) made changes -
          Fix Version/s 10.1.5 [ 18813 ]
          Fix Version/s 10.1 [ 16100 ]
          jplindst Jan Lindström (Inactive) added a comment -

          Key_id 1 is needed but tables are not really encrypted.

          jplindst Jan Lindström (Inactive) added a comment - Key_id 1 is needed but tables are not really encrypted.
          jplindst Jan Lindström (Inactive) made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          jplindst Jan Lindström (Inactive) added a comment -

          commit a25ccd4f83912e02091abe1cba8515266483559b
          Author: Jan Lindström <jan.lindstrom@mariadb.com>
          Date: Wed May 27 15:37:13 2015 +0300

          MDEV-8238: Tables with encryption=yes using file_key_management plugin are not encrypted

          Analysis: Problem was that encryption was skipped.

          Fixed by making sure that tables with ENCRYPTED=YES are encrypted.

          jplindst Jan Lindström (Inactive) added a comment - commit a25ccd4f83912e02091abe1cba8515266483559b Author: Jan Lindström <jan.lindstrom@mariadb.com> Date: Wed May 27 15:37:13 2015 +0300 MDEV-8238 : Tables with encryption=yes using file_key_management plugin are not encrypted Analysis: Problem was that encryption was skipped. Fixed by making sure that tables with ENCRYPTED=YES are encrypted.
          jplindst Jan Lindström (Inactive) made changes -
          Resolution Fixed [ 1 ]
          Status In Progress [ 3 ] Closed [ 6 ]
          serg Sergei Golubchik made changes -
          Workflow MariaDB v3 [ 67726 ] MariaDB v4 [ 149216 ]

          People

            jplindst Jan Lindström (Inactive)
            jplindst Jan Lindström (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.