database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

MDEV-25343 Error log message not helpful when filekey is too long

Browse Source 
Add a test related to the Encrypted Key File by following instructions in kb example
https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file

Reviewed by Daniel Black (with minor formatting and re-org of duplicate
close(f) calls).
This commit is contained in:
kurt
2022-09-21 11:29:07 +08:00
committed by Daniel Black
parent 9de37e07de
commit e11661a4a2
10 changed files with 71 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result Normal file
View File

@ -0,0 +1,17 @@
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`c1` bigint(20) NOT NULL,
`b` char(200) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=1
insert t1 values (12345, repeat('1234567890', 20));
alter table t1 encryption_key_id=2;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`c1` bigint(20) NOT NULL,
`b` char(200) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=2
drop table t1;
# Test checks if opening an too large secret does not crash the server.

10
mysql-test/suite/encryption/r/filekeys_secret_too_long.result Normal file
View File

@ -0,0 +1,10 @@
call mtr.add_suppression("the filekey is too long");
call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
FOUND 1 /the filekey is too long/ in mysqld.1.err
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
select plugin_status from information_schema.plugins
where plugin_name = 'file_key_management';
plugin_status
# Test checks if opening an too large secret does not crash the server.

4
mysql-test/suite/encryption/t/filekeys-data-too-long.key Normal file
View File

@ -0,0 +1,4 @@
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret

4
mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc Normal file
View File

@ -0,0 +1,4 @@
Salted__<EFBFBD><EFBFBD>4<EFBFBD><18>0-6<>L<0F><02><> <09>sK?p\<5C>a<0F>m8<6D><38>N?q <11>n<1C><<3C><>*g<1F><>( <0C><>|F<><46><EFBFBD><EFBFBD>/<2F><12><19><>!
<EFBFBD><EFBFBD> kok6<6B><36><EFBFBD><02>y7t67<36>D#<23><>g洄<67>ʗ<EFBFBD><15>ԣ<EFBFBD><D4A3>iyu<1F>*i<>#<23>ƈ82#6<> <20><>.C<>8۝<7F>;7<><19><16><>
0<EFBFBD> /
<0F><>w<EFBFBD><77>0w"xԱQu04<30><34>x<EFBFBD>kj<6B>{<7B><><EFBFBD><57><CEA2><EFBFBD>3C<33><35> <0B><><EFBFBD><E194AA><EFBFBD><EFBFBD><EFBFBD>P<EFBFBD>$=<3D>Ҳ

1
mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key Normal file
View File

@ -0,0 +1 @@
c9518399cbec2b5edf773e06d1b934b90ec0f46ae455b8f1e001b5629ef31a513b83e676bf654c08ba98659461410e5e040e46237a7d50b40bd9bb90576f841275506e61523e5e9a0beb7641127ed2d946395b6fee7ff5263a9019cbe71bd907bf1ac6365940fa391086830a4e6c1d2972b99505467ef31cfb46d0cb7ab8f4f1

3
mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt Normal file
View File

@ -0,0 +1,3 @@
--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.key
--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.enc

13
mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test Normal file
View File

@ -0,0 +1,13 @@
-- source include/have_innodb.inc
-- source filekeys_plugin.inc
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
show create table t1;
insert t1 values (12345, repeat('1234567890', 20));
alter table t1 encryption_key_id=2;
show create table t1;
drop table t1;
--echo # Test checks if opening an too large secret does not crash the server.

3
mysql-test/suite/encryption/t/filekeys_secret_too_long.opt Normal file
View File

@ -0,0 +1,3 @@
--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key
--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc

4
mysql-test/suite/encryption/t/filekeys_secret_too_long.test Normal file
View File

@ -0,0 +1,4 @@
let SEARCH_PATTERN=the filekey is too long;
source filekeys_badtest.inc;
--echo # Test checks if opening an too large secret does not crash the server.

15
plugin/file_key_management/parser.cc
View File

@ -170,19 +170,28 @@ bool Parser::read_filekey(const char *filekey, char *secret)
int f= open(filekey, O_RDONLY|O_BINARY); int f= open(filekey, O_RDONLY|O_BINARY);
if (f == -1) if (f == -1)
{ {
my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno); my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filekey, errno);
return 1; return 1;
} }
int len= read(f, secret, MAX_SECRET_SIZE); int len= read(f, secret, MAX_SECRET_SIZE + 1);
if (len <= 0) if (len <= 0)
{ {
my_error(EE_READ,ME_ERROR_LOG, filekey, errno); my_error(EE_READ, ME_ERROR_LOG, filekey, errno);
close(f); close(f);
return 1; return 1;
} }
close(f); close(f);
while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--; while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
if (len > MAX_SECRET_SIZE)
{
my_printf_error(EE_READ,
"Cannot read %s, the filekey is too long, "
"max secret size is %dB ",
ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
return 1;
}
secret[len]= '\0'; secret[len]= '\0';
return 0; return 0;
} }