From cee7175b79a22c29a82ef328aba208f90afcea86 Mon Sep 17 00:00:00 2001
From: kurt <dingweiqings@163.com>
Date: Wed, 21 Sep 2022 11:29:07 +0800
Subject: MDEV-25343 add read secret size in file key plugin

---
 mysql-test/suite/encryption/r/filekeys_secret_too_long.result | 10 ++++++++++
 mysql-test/suite/encryption/t/filekeys-data-too-long.key      |  4 ++++
 mysql-test/suite/encryption/t/filekeys_secret_too_long.opt    |  3 +++
 mysql-test/suite/encryption/t/filekeys_secret_too_long.test   |  4 ++++
 4 files changed, 21 insertions(+)
 create mode 100644 mysql-test/suite/encryption/r/filekeys_secret_too_long.result
 create mode 100644 mysql-test/suite/encryption/t/filekeys-data-too-long.key
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_too_long.test

(limited to 'mysql-test/suite/encryption')

diff --git a/mysql-test/suite/encryption/r/filekeys_secret_too_long.result b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
new file mode 100644
index 00000000000..32e18513454
--- /dev/null
+++ b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
@@ -0,0 +1,10 @@
+call mtr.add_suppression("the secret file has incorrect length");
+call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
+call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
+FOUND 1 /the secret file has incorrect length/ in mysqld.1.err
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
+select plugin_status from information_schema.plugins
+where plugin_name = 'file_key_management';
+plugin_status
+# Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/t/filekeys-data-too-long.key b/mysql-test/suite/encryption/t/filekeys-data-too-long.key
new file mode 100644
index 00000000000..ba1624fb324
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys-data-too-long.key
@@ -0,0 +1,4 @@
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
new file mode 100644
index 00000000000..c3f95019f2a
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
@@ -0,0 +1,3 @@
+--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key
+--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.test b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
new file mode 100644
index 00000000000..b675f892895
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
@@ -0,0 +1,4 @@
+let SEARCH_PATTERN=the secret file has incorrect length;
+source filekeys_badtest.inc;
+
+--echo # Test checks if opening an too large secret does not crash the server.
-- 
cgit v1.2.1


From 3a62ff7e8980239a39e85393c6a797bb7acf97ed Mon Sep 17 00:00:00 2001
From: Daniel Black <daniel@mariadb.org>
Date: Wed, 19 Oct 2022 19:25:48 +1100
Subject: Revert "MDEV-25343 add read secret size in file key plugin"

This reverts commit cee7175b79a22c29a82ef328aba208f90afcea86.
---
 mysql-test/suite/encryption/r/filekeys_secret_too_long.result | 10 ----------
 mysql-test/suite/encryption/t/filekeys-data-too-long.key      |  4 ----
 mysql-test/suite/encryption/t/filekeys_secret_too_long.opt    |  3 ---
 mysql-test/suite/encryption/t/filekeys_secret_too_long.test   |  4 ----
 4 files changed, 21 deletions(-)
 delete mode 100644 mysql-test/suite/encryption/r/filekeys_secret_too_long.result
 delete mode 100644 mysql-test/suite/encryption/t/filekeys-data-too-long.key
 delete mode 100644 mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
 delete mode 100644 mysql-test/suite/encryption/t/filekeys_secret_too_long.test

(limited to 'mysql-test/suite/encryption')

diff --git a/mysql-test/suite/encryption/r/filekeys_secret_too_long.result b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
deleted file mode 100644
index 32e18513454..00000000000
--- a/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
+++ /dev/null
@@ -1,10 +0,0 @@
-call mtr.add_suppression("the secret file has incorrect length");
-call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
-call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
-FOUND 1 /the secret file has incorrect length/ in mysqld.1.err
-create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
-ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
-select plugin_status from information_schema.plugins
-where plugin_name = 'file_key_management';
-plugin_status
-# Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/t/filekeys-data-too-long.key b/mysql-test/suite/encryption/t/filekeys-data-too-long.key
deleted file mode 100644
index ba1624fb324..00000000000
--- a/mysql-test/suite/encryption/t/filekeys-data-too-long.key
+++ /dev/null
@@ -1,4 +0,0 @@
-secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
-secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
-secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
-
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
deleted file mode 100644
index c3f95019f2a..00000000000
--- a/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
+++ /dev/null
@@ -1,3 +0,0 @@
---loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key
---loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc
-
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.test b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
deleted file mode 100644
index b675f892895..00000000000
--- a/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
+++ /dev/null
@@ -1,4 +0,0 @@
-let SEARCH_PATTERN=the secret file has incorrect length;
-source filekeys_badtest.inc;
-
---echo # Test checks if opening an too large secret does not crash the server.
-- 
cgit v1.2.1


From e11661a4a2c0d50d78b86dac71a0e3d226f0ddcf Mon Sep 17 00:00:00 2001
From: kurt <dingweiqings@163.com>
Date: Wed, 21 Sep 2022 11:29:07 +0800
Subject: MDEV-25343 Error log message not helpful when filekey is too long

Add a test related to the Encrypted Key File by following instructions in kb example
https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file

Reviewed by Daniel Black (with minor formatting and re-org of duplicate
close(f) calls).
---
 .../r/filekeys_secret_openssl_rand_128bits.result       | 17 +++++++++++++++++
 .../suite/encryption/r/filekeys_secret_too_long.result  | 10 ++++++++++
 .../suite/encryption/t/filekeys-data-too-long.key       |  4 ++++
 .../t/filekeys_secret_openssl_rand_128bits.enc          |  4 ++++
 .../t/filekeys_secret_openssl_rand_128bits.key          |  1 +
 .../t/filekeys_secret_openssl_rand_128bits.opt          |  3 +++
 .../t/filekeys_secret_openssl_rand_128bits.test         | 13 +++++++++++++
 .../suite/encryption/t/filekeys_secret_too_long.opt     |  3 +++
 .../suite/encryption/t/filekeys_secret_too_long.test    |  4 ++++
 9 files changed, 59 insertions(+)
 create mode 100644 mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result
 create mode 100644 mysql-test/suite/encryption/r/filekeys_secret_too_long.result
 create mode 100644 mysql-test/suite/encryption/t/filekeys-data-too-long.key
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
 create mode 100644 mysql-test/suite/encryption/t/filekeys_secret_too_long.test

(limited to 'mysql-test/suite/encryption')

diff --git a/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result b/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result
new file mode 100644
index 00000000000..880245c7a09
--- /dev/null
+++ b/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result
@@ -0,0 +1,17 @@
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+show create table t1;
+Table	Create Table
+t1	CREATE TABLE `t1` (
+  `c1` bigint(20) NOT NULL,
+  `b` char(200) DEFAULT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=1
+insert t1 values (12345, repeat('1234567890', 20));
+alter table t1 encryption_key_id=2;
+show create table t1;
+Table	Create Table
+t1	CREATE TABLE `t1` (
+  `c1` bigint(20) NOT NULL,
+  `b` char(200) DEFAULT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=2
+drop table t1;
+# Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/r/filekeys_secret_too_long.result b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
new file mode 100644
index 00000000000..bd11e8d925e
--- /dev/null
+++ b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
@@ -0,0 +1,10 @@
+call mtr.add_suppression("the filekey is too long");
+call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
+call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
+FOUND 1 /the filekey is too long/ in mysqld.1.err
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
+select plugin_status from information_schema.plugins
+where plugin_name = 'file_key_management';
+plugin_status
+# Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/t/filekeys-data-too-long.key b/mysql-test/suite/encryption/t/filekeys-data-too-long.key
new file mode 100644
index 00000000000..ba1624fb324
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys-data-too-long.key
@@ -0,0 +1,4 @@
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc
new file mode 100644
index 00000000000..3257ff7d6de
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc
@@ -0,0 +1,4 @@
+Salted__åÒ4¶À0-6„LÊÆÀ	ìsK?p\õa’m8ž¸N?q	œnŠ<ø¹*g¯•(•Å|F‰Š±ø/õÃ‰³!
+öœ kok6ÄðŸÙy7t67ôD#¢gæ´„¤Ê—«¤Ô£ãþiyu²*iÅ#•Æˆ82#6à ¶›.C8ÛÏ;7þBÔ£¥ˆ‚
+0À /
+üÀw¤Ú0w"xÔ±Qu04ÿðxËkj®{ÅÛÃWÎ¢¹Ìå3CÀ5Õœ¦¼Âá”ª÷·¯ÑåPù$=«Ò²
\ No newline at end of file
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key
new file mode 100644
index 00000000000..bba639aeaac
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key
@@ -0,0 +1 @@
+c9518399cbec2b5edf773e06d1b934b90ec0f46ae455b8f1e001b5629ef31a513b83e676bf654c08ba98659461410e5e040e46237a7d50b40bd9bb90576f841275506e61523e5e9a0beb7641127ed2d946395b6fee7ff5263a9019cbe71bd907bf1ac6365940fa391086830a4e6c1d2972b99505467ef31cfb46d0cb7ab8f4f1
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt
new file mode 100644
index 00000000000..9dee47bb96f
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt
@@ -0,0 +1,3 @@
+--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.key
+--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.enc
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test
new file mode 100644
index 00000000000..60718d21a10
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test
@@ -0,0 +1,13 @@
+-- source include/have_innodb.inc
+-- source filekeys_plugin.inc
+
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+show create table t1;
+insert t1 values (12345, repeat('1234567890', 20));
+
+alter table t1 encryption_key_id=2;
+show create table t1;
+
+drop table t1;
+
+--echo # Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
new file mode 100644
index 00000000000..c3f95019f2a
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
@@ -0,0 +1,3 @@
+--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key
+--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.test b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
new file mode 100644
index 00000000000..0032e94de37
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
@@ -0,0 +1,4 @@
+let SEARCH_PATTERN=the filekey is too long;
+source filekeys_badtest.inc;
+
+--echo # Test checks if opening an too large secret does not crash the server.
-- 
cgit v1.2.1