Skip to content
Permalink
Browse files
MDEV-25343 Error log message not helpful when filekey is too long 
Add a test related to the Encrypted Key File by following instructions in kb example
https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file

Reviewed by Daniel Black (with minor formatting and re-org of duplicate
close(f) calls).
  • Loading branch information
@dingweiqings @grooverdan
dingweiqings authored and grooverdan committed Oct 21, 2022
1 parent 9de37e0 commit e11661a
Show file tree
Hide file tree
Showing 10 changed files with 71 additions and 3 deletions.
17 mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result
View file
@@ -0,0 +1,17 @@
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`c1` bigint(20) NOT NULL,
`b` char(200) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=1
insert t1 values (12345, repeat('1234567890', 20));
alter table t1 encryption_key_id=2;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`c1` bigint(20) NOT NULL,
`b` char(200) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=2
drop table t1;
# Test checks if opening an too large secret does not crash the server.
10 mysql-test/suite/encryption/r/filekeys_secret_too_long.result
View file
@@ -0,0 +1,10 @@
call mtr.add_suppression("the filekey is too long");
call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
FOUND 1 /the filekey is too long/ in mysqld.1.err
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
select plugin_status from information_schema.plugins
where plugin_name = 'file_key_management';
plugin_status
# Test checks if opening an too large secret does not crash the server.
4 mysql-test/suite/encryption/t/filekeys-data-too-long.key
View file
@@ -0,0 +1,4 @@
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret

4 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc
View file
@@ -0,0 +1,4 @@
Salted__��4��0-6�L��� �sK?p\�a�m8��N?q �n�<�*g��( ��|F����/����!
� kok6���y7t67�D#��g洄�ʗ��ԣ��iyu�*i�#�ƈ82#6� ��.C�8۝�;7�Bԣ���
0� /
��w��0w"xԱQu04��x�kj�{���W΢���3C�5՜� ��ᔪ���P�$=�Ҳ
1 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key
View file
@@ -0,0 +1 @@
c9518399cbec2b5edf773e06d1b934b90ec0f46ae455b8f1e001b5629ef31a513b83e676bf654c08ba98659461410e5e040e46237a7d50b40bd9bb90576f841275506e61523e5e9a0beb7641127ed2d946395b6fee7ff5263a9019cbe71bd907bf1ac6365940fa391086830a4e6c1d2972b99505467ef31cfb46d0cb7ab8f4f1
3 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt
View file
@@ -0,0 +1,3 @@
--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.key
--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.enc

13 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test
View file
@@ -0,0 +1,13 @@
-- source include/have_innodb.inc
-- source filekeys_plugin.inc

create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
show create table t1;
insert t1 values (12345, repeat('1234567890', 20));

alter table t1 encryption_key_id=2;
show create table t1;

drop table t1;

--echo # Test checks if opening an too large secret does not crash the server.
3 mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
View file
@@ -0,0 +1,3 @@
--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key
--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc

4 mysql-test/suite/encryption/t/filekeys_secret_too_long.test
View file
@@ -0,0 +1,4 @@
let SEARCH_PATTERN=the filekey is too long;
source filekeys_badtest.inc;

--echo # Test checks if opening an too large secret does not crash the server.
15 plugin/file_key_management/parser.cc
View file
@@ -170,19 +170,28 @@ bool Parser::read_filekey(const char *filekey, char *secret)
int f= open(filekey, O_RDONLY|O_BINARY);
if (f == -1)
{
my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno);
my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filekey, errno);
return 1;
}

int len= read(f, secret, MAX_SECRET_SIZE);
int len= read(f, secret, MAX_SECRET_SIZE + 1);
if (len <= 0)
{
my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
my_error(EE_READ, ME_ERROR_LOG, filekey, errno);
close(f);
return 1;
}
close(f);

while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
if (len > MAX_SECRET_SIZE)
{
my_printf_error(EE_READ,
"Cannot read %s, the filekey is too long, "
"max secret size is %dB ",
ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
return 1;
}
secret[len]= '\0';
return 0;
}

0 comments on commit e11661a

Please sign in to comment.