Skip to content

TiFlash panics with encryption enabled when reading latest-release-tikv data keys #10952

Description

@hbisheng

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

  1. Enable encryption for a TiFlash deployment using the next-gen proxy.
  2. Write data with a latest-release-tikv / latest CSE version so the encryption metadata contains data keys generated by that version.
  3. Let TiFlash read or ingest the generated data.

2. What did you expect to see? (Required)

TiFlash should read the encrypted data normally.

3. What did you see instead (Required)

TiFlash may panic while reading the data key from encryption metadata because the data key id used by the latest CSE metadata does not match the id inferred by the older TiFlash proxy code.

4. What is your TiFlash version? (Required)

current master 63cff9a6e02ff2d70655f738c69a9dc4398c354f

Metadata

Metadata

Assignees

No one assigned

    Labels

    nextgenIndicates that the Issue or PR belongs to the nextgen kernel architecture.severity/majortype/bugThe issue is confirmed as a bug.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions