PS-8428 postfix: ALTER TABLE t ADD FULLTEXT crashes the server when --innodb_encrypt_online_alter_logs=ON (percona#4917)

percona-ysorokin · web-flow · commit 57b94de5bd2c · 2022-10-28T10:15:11.000+02:00
https://jira.percona.com/browse/PS-8428 Original assumption that legacy Percona-specific encryption functions use only 256-bit primitives turned out to be wrong. Restored 'key_length' parameter in the - 'my_legacy_aes_256_cbc_nopad_encrypt()' - 'my_legacy_aes_256_cbc_nopad_decrypt()' - 'my_legacy_aes_256_cbc_nopad_crypt()' Functions themselves renamed to - 'my_legacy_aes_cbc_nopad_encrypt()' - 'my_legacy_aes_cbc_nopad_decrypt()' - 'my_legacy_aes_cbc_nopad_crypt()' 'percona_rpl_encryption_master_binlog_ps_encrypted' and 'rpl.percona_rpl_encryption_slave_binlog_ps_encrypted' MTR test cases now pass as expected.
diff --git a/include/my_aes.h b/include/my_aes.h
@@ -138,39 +138,39 @@ longlong my_aes_get_size(uint32 source_length, enum my_aes_opmode opmode);
 bool my_aes_needs_iv(my_aes_opmode opmode);
 
 /**
-  Encrypt a buffer using AES 256-bit CBC with no padding
+  Encrypt a buffer using AES CBC with no padding
 
   @param [in] source         Pointer to data for encryption
   @param [in] source_length  Size of original data
   @param [out] dest          Buffer to place encrypted data (must be large
   enough)
-  @param [in] key            32-bytes key to be used for encryption
+  @param [in] key            Key to be used for encryption
+  @param [in] key_length     Size of the key
   @param [in] iv             16-bytes initialization vector.
   @return size of encrypted data, or MY_AES_BAD_DATA in case of an error
 */
 
-int my_legacy_aes_256_cbc_nopad_encrypt(const unsigned char *source,
-                                        uint32 source_length,
-                                        unsigned char *dest,
-                                        const unsigned char *key,
-                                        const unsigned char *iv);
+int my_legacy_aes_cbc_nopad_encrypt(const unsigned char *source,
+                                    uint32 source_length, unsigned char *dest,
+                                    const unsigned char *key, uint32 key_length,
+                                    const unsigned char *iv);
 
 /**
-  Decrypt a buffer encrypted with AES 256-bit CBC with no padding
+  Decrypt a buffer encrypted with AES CBC with no padding
 
   @param [in] source         Pointer to data for decryption
   @param [in] source_length  size of encrypted data
   @param [out] dest          buffer to place decrypted data (must be large
   enough)
-  @param [in] key            32-bytes key to be used for decryption
+  @param [in] key            Key to be used for decryption
+  @param [in] key_length     Size of the key
   @param [in] iv             16-bytes initialization vector
   @return size of original data, or MY_AES_BAD_DATA in case of an error
 */
 
-int my_legacy_aes_256_cbc_nopad_decrypt(const unsigned char *source,
-                                        uint32 source_length,
-                                        unsigned char *dest,
-                                        const unsigned char *key,
-                                        const unsigned char *iv);
+int my_legacy_aes_cbc_nopad_decrypt(const unsigned char *source,
+                                    uint32 source_length, unsigned char *dest,
+                                    const unsigned char *key, uint32 key_length,
+                                    const unsigned char *iv);
 
 #endif /* MY_AES_INCLUDED */
diff --git a/mysys/my_aes_openssl.cc b/mysys/my_aes_openssl.cc
@@ -263,12 +263,17 @@ bool my_aes_needs_iv(my_aes_opmode opmode) {
   assert(iv_length == 0 || iv_length == MY_AES_IV_SIZE);
   return iv_length != 0 ? true : false;
 }
-static int my_legacy_aes_256_cbc_nopad_crypt(
+
+static int my_legacy_aes_cbc_nopad_crypt(
     bool encrypt, const unsigned char *source, uint32 source_length,
-    unsigned char *dest, const unsigned char *key, const unsigned char *iv) {
+    unsigned char *dest, const unsigned char *key, uint32 key_length,
+    const unsigned char *iv) {
+  assert(key_length == 32 || key_length == 16);
+
   if (key == nullptr || iv == nullptr) return MY_AES_BAD_DATA;
 
-  auto cipher = aes_evp_type(my_aes_256_cbc);
+  auto cipher =
+      aes_evp_type(key_length == 32 ? my_aes_256_cbc : my_aes_128_cbc);
   assert(cipher != nullptr);
 
   auto evp_cipher_deleter = [](EVP_CIPHER_CTX *ctx) {
@@ -319,8 +324,9 @@ static int my_legacy_aes_256_cbc_nopad_crypt(
     */
     unsigned char mask[MY_AES_BLOCK_SIZE];
 
-    int mask_result = my_aes_encrypt(iv, sizeof(mask), mask, key, 32,
-                                     my_aes_256_ecb, nullptr, false);
+    int mask_result = my_aes_encrypt(
+        iv, sizeof(mask), mask, key, key_length,
+        key_length == 32 ? my_aes_256_ecb : my_aes_128_ecb, nullptr, false);
     if (mask_result != MY_AES_BLOCK_SIZE)
       return clear_error_helper(MY_AES_BAD_DATA);
 
@@ -332,20 +338,18 @@ static int my_legacy_aes_256_cbc_nopad_crypt(
   return clear_error_helper(u_len + f_len);
 }
 
-int my_legacy_aes_256_cbc_nopad_encrypt(const unsigned char *source,
-                                        uint32 source_length,
-                                        unsigned char *dest,
-                                        const unsigned char *key,
-                                        const unsigned char *iv) {
-  return my_legacy_aes_256_cbc_nopad_crypt(true, source, source_length, dest,
-                                           key, iv);
+int my_legacy_aes_cbc_nopad_encrypt(const unsigned char *source,
+                                    uint32 source_length, unsigned char *dest,
+                                    const unsigned char *key, uint32 key_length,
+                                    const unsigned char *iv) {
+  return my_legacy_aes_cbc_nopad_crypt(true, source, source_length, dest, key,
+                                       key_length, iv);
 }
 
-int my_legacy_aes_256_cbc_nopad_decrypt(const unsigned char *source,
-                                        uint32 source_length,
-                                        unsigned char *dest,
-                                        const unsigned char *key,
-                                        const unsigned char *iv) {
-  return my_legacy_aes_256_cbc_nopad_crypt(false, source, source_length, dest,
-                                           key, iv);
+int my_legacy_aes_cbc_nopad_decrypt(const unsigned char *source,
+                                    uint32 source_length, unsigned char *dest,
+                                    const unsigned char *key, uint32 key_length,
+                                    const unsigned char *iv) {
+  return my_legacy_aes_cbc_nopad_crypt(false, source, source_length, dest, key,
+                                       key_length, iv);
 }
diff --git a/sql/event_crypt.cc b/sql/event_crypt.cc
@@ -14,10 +14,9 @@ bool decrypt_event(uint32 offs, const Binlog_crypt_data &crypto, uchar *buf,
   crypto.set_iv(iv, offs);
   memcpy(buf + EVENT_LEN_OFFSET, buf, 4);
 
-  assert(crypto.get_keys_length() == 32);
-  if (my_legacy_aes_256_cbc_nopad_decrypt(buf + 4, buf_len - 4, ebuf + 4,
-                                          crypto.get_key(), iv) !=
-      static_cast<int>(buf_len - 4)) {
+  if (my_legacy_aes_cbc_nopad_decrypt(
+          buf + 4, buf_len - 4, ebuf + 4, crypto.get_key(),
+          crypto.get_keys_length(), iv) != static_cast<int>(buf_len - 4)) {
     memcpy(buf, buf + EVENT_LEN_OFFSET, 4);
     return true;
   }
diff --git a/storage/innobase/row/row0log.cc b/storage/innobase/row/row0log.cc
@@ -314,8 +314,9 @@ bool log_tmp_block_encrypt(const byte *src_block, ulint size, byte *dst_block,
   }
 
   assert(crypt_info.encryption_klen == 32);
-  int res = my_legacy_aes_256_cbc_nopad_encrypt(src_block, size, dst_block,
-                                                crypt_info.encryption_key, iv);
+  int res = my_legacy_aes_cbc_nopad_encrypt(src_block, size, dst_block,
+                                            crypt_info.encryption_key,
+                                            crypt_info.encryption_klen, iv);
 
   if (res != static_cast<int>(size)) {
     ib::error() << "Unable to encrypt data block  src: "
@@ -344,8 +345,9 @@ bool log_tmp_block_decrypt(const byte *src_block, ulint size, byte *dst_block,
   }
 
   assert(crypt_info.encryption_klen == 32);
-  int res = my_legacy_aes_256_cbc_nopad_decrypt(src_block, size, dst_block,
-                                                crypt_info.encryption_key, iv);
+  int res = my_legacy_aes_cbc_nopad_decrypt(src_block, size, dst_block,
+                                            crypt_info.encryption_key,
+                                            crypt_info.encryption_klen, iv);
 
   if (res != static_cast<int>(size)) {
     ib::error() << "Unable to decrypt data block src: "
