[#MDEV-19086] Make InnoDB background encryption threads read encryption key ID from FRM

[MDEV-19086] Make InnoDB background encryption threads read encryption key ID from FRM Created: 2019-03-29 Updated: 2023-04-27
Status:	Open
Project:	MariaDB Server
Component/s:	Encryption, Storage Engine - InnoDB
Affects Version/s:	10.4.3, 10.1.38, 10.2.23, 10.3.13
Fix Version/s:	10.4

Type:

Bug

Priority:

Major

Reporter:

Geoff Montee (Inactive)

Assignee:

Thirunarayanan Balathandayuthapani

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MDEV-17230~~	encryption_key_id from alter is ignor...	Closed
relates to	~~MDEV-18601~~	Can't create table with ENCRYPTED=DEF...	Closed

Description

It was pointed out in ~~MDEV-17230~~ and ~~MDEV-18601~~ that the InnoDB background encryption threads can't read a table's encryption key ID from the table's .frm file if the table is created with ENCRYPTED=DEFAULT set while innodb_encrypt_tables=OFF is set. If innodb_encrypt_tables=ON is set later on, then the table may be encrypted with the wrong key.

marko said we might not be able to fix this in 10.1, but we might be able to fix this in 10.2 and later.

This problem is documented here:

https://mariadb.com/kb/en/library/innodb-encryption-troubleshooting/#setting-encryption-key-id-for-an-unencrypted-table

Generated at Thu Feb 08 08:48:57 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-19086] Make InnoDB background encryption threads read encryption key ID from FRM Created: 2019-03-29 Updated: 2023-04-27