MDEV-9011: Redo log encryption does not work

Redo log encryption used too short buffer when getting
encryption keys.

mysql-test/std_data/logkey.txt

+1;36D6CB74CA7D4586CCC7261E174079CC5639E5F681D500ADFA887C165AD49301
+2;F51F5108CF6048B4C9C88BA6CE1C13F9F1CBEE82080F7FA0F979DEF5D4B94509

mysql-test/suite/encryption/r/innodb-log-encrypt.result

+SET GLOBAL innodb_file_format = `Barracuda`;
+SET GLOBAL innodb_file_per_table = ON;
+create table t1(c1 bigint not null, b char(200), c varchar(200)) engine=innodb encrypted=yes encryption_key_id=1;
+show warnings;
+Level	Code	Message
+create procedure innodb_insert_proc (repeat_count int)
+begin
+declare current_num int;
+set current_num = 0;
+while current_num < repeat_count do
+insert into t1 values(current_num, substring(MD5(RAND()), -64), REPEAT('secredsecredsecred',10));
+set current_num = current_num + 1;
+end while;
+end//
+commit;
+set autocommit=0;
+call innodb_insert_proc(2000);
+commit;
+set autocommit=1;
+update t1 set c1 = c1 +1;
+select count(*) from t1;
+count(*)
+2000
+# ibdata1 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in ibdata1
+# t1 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in t1.ibd
+# log0 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in ib_logfile0
+# log1 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in ib_logfile1
+# Restart mysqld --innodb_encrypt_log=0
+insert into t1 values(5000, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5001, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5002, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5003, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5004, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+# ibdata1 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in ibdata1
+# t1 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in t1.ibd
+# log0 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in ib_logfile0
+# log1 yes on expecting NOT FOUND
+NOT FOUND /secredsecred/ in ib_logfile1
+# ibdata1 yes on expecting NOT FOUND
+NOT FOUND /notsecred/ in ibdata1
+# t1 yes on expecting NOT FOUND
+NOT FOUND /notsecred/ in t1.ibd
+# log0 no on expecting FOUND/NOTFOUND depending where insert goes
+FOUND /notsecred/ in ib_logfile0
+# log1 no on expecting FOUND/NOTFOUND depending where insert goes
+NOT FOUND /notsecred/ in ib_logfile1
+drop procedure innodb_insert_proc;
+drop table t1;

mysql-test/suite/encryption/t/innodb-log-encrypt.opt

+--innodb-encrypt-log=ON
+--innodb-encrypt-tables=FORCE
+--plugin-load-add=$FILE_KEY_MANAGEMENT_SO
+--loose-file-key-management
+--loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/logkey.txt
+--file-key-management-encryption-algorithm=aes_ctr

mysql-test/suite/encryption/t/innodb-log-encrypt.test

+-- source include/have_innodb.inc
+-- source include/not_embedded.inc
+-- source filekeys_plugin.inc
+
+#
+# MDEV-9011: Redo log encryption does not work
+#
+
+--disable_query_log
+let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
+let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
+--enable_query_log
+
+--disable_query_log
+let $innodb_file_format_orig = `SELECT @@innodb_file_format`;
+let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`;
+--enable_query_log
+
+SET GLOBAL innodb_file_format = `Barracuda`;
+SET GLOBAL innodb_file_per_table = ON;
+
+create table t1(c1 bigint not null, b char(200), c varchar(200)) engine=innodb encrypted=yes encryption_key_id=1;
+show warnings;
+
+delimiter //;
+create procedure innodb_insert_proc (repeat_count int)
+begin
+  declare current_num int;
+  set current_num = 0;
+  while current_num < repeat_count do
+    insert into t1 values(current_num, substring(MD5(RAND()), -64), REPEAT('secredsecredsecred',10));
+    set current_num = current_num + 1;
+  end while;
+end//
+delimiter ;//
+commit;
+
+set autocommit=0;
+call innodb_insert_proc(2000);
+commit;
+set autocommit=1;
+
+update t1 set c1 = c1 +1;
+select count(*) from t1;
+
+--let $MYSQLD_DATADIR=`select @@datadir`
+--let ib1_IBD = $MYSQLD_DATADIR/ibdata1
+--let t1_IBD = $MYSQLD_DATADIR/test/t1.ibd
+--let log0 = $MYSQLD_DATADIR/ib_logfile0
+--let log1 = $MYSQLD_DATADIR/ib_logfile1
+--let SEARCH_RANGE = 10000000
+--let SEARCH_PATTERN=secredsecred
+
+--echo # ibdata1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$ib1_IBD
+-- source include/search_pattern_in_file.inc
+--echo # t1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$t1_IBD
+-- source include/search_pattern_in_file.inc
+--echo # log0 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$log0
+-- source include/search_pattern_in_file.inc
+--echo # log1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$log1
+-- source include/search_pattern_in_file.inc
+
+--echo # Restart mysqld --innodb_encrypt_log=0
+-- let $restart_parameters=--innodb_encrypt_log=0
+-- source include/restart_mysqld.inc
+
+insert into t1 values(5000, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5001, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5002, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5003, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+insert into t1 values(5004, substring(MD5(RAND()), -64), REPEAT('notsecred',10));
+
+--let SEARCH_PATTERN=secredsecred
+--echo # ibdata1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$ib1_IBD
+-- source include/search_pattern_in_file.inc
+--echo # t1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$t1_IBD
+-- source include/search_pattern_in_file.inc
+--echo # log0 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$log0
+-- source include/search_pattern_in_file.inc
+--echo # log1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$log1
+-- source include/search_pattern_in_file.inc
+
+--let SEARCH_PATTERN=notsecred
+--echo # ibdata1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$ib1_IBD
+-- source include/search_pattern_in_file.inc
+--echo # t1 yes on expecting NOT FOUND
+-- let SEARCH_FILE=$t1_IBD
+-- source include/search_pattern_in_file.inc
+--echo # log0 no on expecting FOUND/NOTFOUND depending where insert goes
+-- let SEARCH_FILE=$log0
+-- source include/search_pattern_in_file.inc
+--echo # log1 no on expecting FOUND/NOTFOUND depending where insert goes
+-- let SEARCH_FILE=$log1
+-- source include/search_pattern_in_file.inc
+
+drop procedure innodb_insert_proc;
+drop table t1;
+
+# reset system
+--disable_query_log
+EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig;
+EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig;
+--enable_query_log

storage/innobase/log/log0crypt.cc

@@ -209,30 +209,32 @@ init_crypt_key(
 		return true;
 	}
 
-	byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
+	byte mysqld_key[MY_AES_MAX_KEY_LENGTH] = {0};
 	uint keylen= sizeof(mysqld_key);
+	uint rc;
 
-	if (encryption_key_get(LOG_DEFAULT_ENCRYPTION_KEY, info->key_version, mysqld_key, &keylen))
-	{
+	rc = encryption_key_get(LOG_DEFAULT_ENCRYPTION_KEY, info->key_version, mysqld_key, &keylen);
+
+	if (rc) {
 		ib_logf(IB_LOG_LEVEL_ERROR,
 			"Redo log crypto: getting mysqld crypto key "
-			"from key version failed. Reason could be that requested"
+			"from key version failed err = %u. Reason could be that requested"
 			" key_version %u is not found or required encryption "
-			" key management is not found.", info->key_version);
+			" key management is not found.", rc, info->key_version);
 		return false;
 	}
 
 	uint dst_len;
-	int rc= my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_NOPAD|ENCRYPTION_FLAG_ENCRYPT,
+	int err= my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_NOPAD|ENCRYPTION_FLAG_ENCRYPT,
                              info->crypt_msg, sizeof(info->crypt_msg), //src, srclen
                              info->crypt_key, &dst_len, //dst, &dstlen
                              (unsigned char*)&mysqld_key, sizeof(mysqld_key),
                              NULL, 0);
 
-	if (rc != MY_AES_OK || dst_len != MY_AES_BLOCK_SIZE) {
+	if (err != MY_AES_OK || dst_len != MY_AES_BLOCK_SIZE) {
 		fprintf(stderr,
 			"\nInnodb redo log crypto: getting redo log crypto key "
-			"failed.\n");
+			"failed err = %d len = %u.\n", err, dst_len);
 		return false;
 	}
 

storage/xtradb/log/log0crypt.cc

@@ -209,30 +209,32 @@ init_crypt_key(
 		return true;
 	}
 
-	byte mysqld_key[MY_AES_BLOCK_SIZE] = {0};
+	byte mysqld_key[MY_AES_MAX_KEY_LENGTH] = {0};
 	uint keylen= sizeof(mysqld_key);
+	uint rc;
 
-	if (encryption_key_get(LOG_DEFAULT_ENCRYPTION_KEY, info->key_version, mysqld_key, &keylen))
-	{
+	rc = encryption_key_get(LOG_DEFAULT_ENCRYPTION_KEY, info->key_version, mysqld_key, &keylen);
+
+	if (rc) {
 		ib_logf(IB_LOG_LEVEL_ERROR,
 			"Redo log crypto: getting mysqld crypto key "
-			"from key version failed. Reason could be that requested"
+			"from key version failed err = %u. Reason could be that requested"
 			" key_version %u is not found or required encryption "
-			" key management is not found.", info->key_version);
+			" key management is not found.", rc, info->key_version);
 		return false;
 	}
 
 	uint dst_len;
-	int rc= my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_NOPAD|ENCRYPTION_FLAG_ENCRYPT,
+	int err= my_aes_crypt(MY_AES_ECB, ENCRYPTION_FLAG_NOPAD|ENCRYPTION_FLAG_ENCRYPT,
                              info->crypt_msg, sizeof(info->crypt_msg), //src, srclen
                              info->crypt_key, &dst_len, //dst, &dstlen
                              (unsigned char*)&mysqld_key, sizeof(mysqld_key),
                              NULL, 0);
 
-	if (rc != MY_AES_OK || dst_len != MY_AES_BLOCK_SIZE) {
+	if (err != MY_AES_OK || dst_len != MY_AES_BLOCK_SIZE) {
 		fprintf(stderr,
 			"\nInnodb redo log crypto: getting redo log crypto key "
-			"failed.\n");
+			"failed err = %d len = %u.\n", err, dst_len);
 		return false;
 	}