[MDEV-7796] encryption_algorithm configuration variable is static and can't be changed Created: 2015-03-18  Updated: 2015-07-02  Resolved: 2015-07-02

Status: Closed
Project: MariaDB Server
Component/s: Encryption, Storage Engine - InnoDB, Storage Engine - XtraDB
Affects Version/s: 10.1.3
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Jan Lindström (Inactive) Assignee: Jan Lindström (Inactive)
Resolution: Won't Fix Votes: 0
Labels: None

Sprint: 10.1.6-1

 Description   

encryption_algorithm is currently global configuration variable and can't be changed. Furtheremore misconfiguration will lead to assertion failures.

Presumably if it makes sense to have it changeable, it also makes sense to set different algorithms for different objects.

At a minimum, store the encryption_algorithm selection with each encrypted object so that data can be migrated in the future. Then, implement sufficient support in the various necessary places so that it can be safely changed. Currently as far as I can tell it is globally set once, and impossible to change in the future. This could be done via stealing some bits from either the stored encryption scheme (1 byte) or key version (4 bytes) or adding a new encryption algorithm field which is stored alongside those everywhere (needs thinking).

Alternatively as an absolute (and even lower) minimum: ensure that changing it once the database is initialized produces a loud and very clear error message to the user.

 Comments   
Comment by Jan Lindström (Inactive) [ 2015-07-02 ]

This configuration variable does not exists anymore.

Generated at Thu Feb 08 07:22:20 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.