Details
-
Task
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.3.3-1
Description
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
AES_ENCRYPT(text, key, [IV [, algorithm]])
|
and @@block_encryption_mode variable as in 5.7
NOTE:
- change in behavior: AES_ENCRYPT(str, key) can no longer be used in persistent virtual columns (and alike)
- New system variable block_encryption_mode
Attachments
Issue Links
- blocks
-
-
- Open
-
- causes
-
MDEV-31633 Assertion `!item->null_value' failed in Type_handler::Item_send_str
-
- Closed
-
- is blocked by
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- is part of
-
-
- Open
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
- links to
(2 relates to, 1 links to)
Activity
| Field | Original Value | New Value |
|---|---|---|
| Fix Version/s | 10.2 [ 14601 ] |
| Description |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like {noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@ block_encryption_mode}} variable as in 5.7 |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like {noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
| Assignee | Georg Richter [ georg ] |
| Assignee | Georg Richter [ georg ] | Sergei Golubchik [ serg ] |
| Status | Open [ 1 ] | In Review [ 10002 ] |
| Assignee | Sergei Golubchik [ serg ] | Georg Richter [ georg ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Fix Version/s | 10.2.4 [ 22116 ] | |
| Fix Version/s | 10.2 [ 14601 ] |
| Link |
This issue is blocked by |
| Description |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like {noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
{noformat} AES_ENCRYPT(text, key, [IV [, AAD [ USING algorithm]]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
| Fix Version/s | 10.2 [ 14601 ] | |
| Fix Version/s | 10.2.4 [ 22116 ] |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.2 [ 14601 ] |
| Sprint | 10.3.3-1 [ 200 ] |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.3 [ 22126 ] |
| Assignee | Georg Richter [ georg ] | Sergei Golubchik [ serg ] |
| Link | This issue blocks MDEV-11476 [ MDEV-11476 ] |
| Epic Link | PT-73 [ 68549 ] |
| Labels | upstream-fixed | beginner-friendly upstream-fixed |
| Fix Version/s | 10.5 [ 23123 ] | |
| Fix Version/s | 10.4 [ 22408 ] |
| Epic Link | PT-73 [ 68549 ] |
| Fix Version/s | 10.5 [ 23123 ] |
Is it this feature going to be implemented some day?
IV is mostly a common practice in the industry for encryption with AES-256-CBC cipher.
It makes also hard to migrate from MySQL to MariaDB due the lack of this function.
Is there already a new time schedule or version? We are also eagerly waiting for this.
| Workflow | MariaDB v3 [ 72420 ] | MariaDB v4 [ 131654 ] |
| Labels | beginner-friendly upstream-fixed | beginner-friendly compat80 upstream-fixed |
| Link | This issue is part of MDEV-28906 [ MDEV-28906 ] |
| Link |
This issue is duplicated by |
| Fix Version/s | 10.11 [ 27614 ] |
| Priority | Major [ 3 ] | Critical [ 2 ] |
| Description |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
{noformat} AES_ENCRYPT(text, key, [IV [, AAD [ USING algorithm]]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like {noformat} AES_ENCRYPT(text, key, [IV [, AAD [ USING algorithm]]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
| Fix Version/s | 10.12 [ 28320 ] | |
| Fix Version/s | 10.11 [ 27614 ] |
| Comment | [ A comment with security level 'Developers' was removed. ] |
| Remote Link | This issue links to "CVE-2022-21592 (Web Link)" [ 34537 ] |
MySQL implements
AES_ENCRYPT(str, key_str [,init_vector [,kdf_name [,salt [,info | iterations]]]])
|
with 6 positional arguments this is, I think, way out of comfort usage zone. And it does not allow to specify the mode, it has to be specified via block_encryption_mode variable. I would rather suggest
AES_ENCRYPT(str, key [,iv] [USING mode])
|
2- and 3-argument syntax is compatible with MySQL. Encryption mode is specified via a keyword, so it won't cause ambiguities if we'll later want to add full MySQL compatibility syntax.
But I think it'd be more user-friendly to add a separate function, say,
KDF(key_str [, kdf_name [, salt [, info | iterations]]])
|
which is not part of this task
| Fix Version/s | 11.1 [ 28549 ] | |
| Fix Version/s | 11.0 [ 28320 ] |
| Fix Version/s | 11.2 [ 28603 ] | |
| Fix Version/s | 11.1 [ 28549 ] |
On the other hand, the syntax without a keyword will make it a normal function with no special rules in the parser. And the server will still be able avoid ambiguities because kdf values differ from mode values.
| Status | Stalled [ 10000 ] | In Progress [ 3 ] |
| Status | In Progress [ 3 ] | In Testing [ 10301 ] |
| Link |
This issue relates to |
| Status | In Testing [ 10301 ] | Stalled [ 10000 ] |
| Assignee | Sergei Golubchik [ serg ] | Oleksandr Byelkin [ sanja ] |
| Status | Stalled [ 10000 ] | In Review [ 10002 ] |
| Status | In Review [ 10002 ] | In Testing [ 10301 ] |
| Assignee | Oleksandr Byelkin [ sanja ] | Ramesh Sivaraman [ JIRAUSER48189 ] |
| Description |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like {noformat} AES_ENCRYPT(text, key, [IV [, AAD [ USING algorithm]]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
{noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
| Assignee | Ramesh Sivaraman [ JIRAUSER48189 ] | Lena Startseva [ JIRAUSER50478 ] |
| Labels | beginner-friendly compat80 upstream-fixed | Preview_11.2 beginner-friendly compat80 upstream-fixed |
| Link |
This issue causes |
| Assignee | Lena Startseva [ JIRAUSER50478 ] | Sergei Golubchik [ serg ] |
| Status | In Testing [ 10301 ] | Stalled [ 10000 ] |
| Component/s | Encryption [ 11200 ] | |
| Fix Version/s | 11.2.1 [ 29034 ] | |
| Fix Version/s | 11.2 [ 28603 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Description |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
{noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
{noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 NOTE: * change in behavior: AES_ENCRYPT(str, key) can no longer be used in persistent virtual columns (and alike) |
| Description |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
{noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 NOTE: * change in behavior: AES_ENCRYPT(str, key) can no longer be used in persistent virtual columns (and alike) |
extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm. Something like
{noformat} AES_ENCRYPT(text, key, [IV [, algorithm]]) {noformat} and {{@@block_encryption_mode}} variable as in 5.7 NOTE: * change in behavior: AES_ENCRYPT(str, key) can no longer be used in persistent virtual columns (and alike) * New system variable _block_encryption_mode_ |
| Link |
This issue relates to |
| Zendesk Related Tickets | 140721 170960 |
Current GCM implementation seems to be buggy - rfc test vectors for GCM partially fail - it will need some more investigation.