From cb06bea2537a7e9d354aeac0ddb24b3cddc4530f Mon Sep 17 00:00:00 2001 From: Zsolt Parragi Date: Fri, 14 Mar 2025 20:15:02 +0000 Subject: [PATCH] PG-1479,PG-1480: fix incorrect parameter order in default key rotation The new and old principal keys were switched for the rotate function, and as we do not have principal key validation for tdemap data, the function doesn't notice this. The problem also isn't visible until a server restart / new connection because of internal key caching, which means the SQL tests also missed to detect this. --- contrib/pg_tde/src/catalog/tde_principal_key.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/pg_tde/src/catalog/tde_principal_key.c b/contrib/pg_tde/src/catalog/tde_principal_key.c index c30caf7e276..83d3d716966 100644 --- a/contrib/pg_tde/src/catalog/tde_principal_key.c +++ b/contrib/pg_tde/src/catalog/tde_principal_key.c @@ -1026,7 +1026,7 @@ pg_tde_rotate_default_key_for_database(TDEPrincipalKey *oldKey, TDEPrincipalKey newKey->keyInfo.databaseId = oldKey->keyInfo.databaseId; /* key rotation */ - is_rotated = pg_tde_perform_rotate_key(newKey, oldKey); + is_rotated = pg_tde_perform_rotate_key(oldKey, newKey); if (is_rotated && (!TDEisInGlobalSpace(newKey->keyInfo.databaseId))) {