[MDEV-11529] "Cannot decrypt" "Wrong key?" regression with non-empty file_key_management_filekey Created: 2016-12-10  Updated: 2016-12-19  Resolved: 2016-12-19

Status: Closed
Project: MariaDB Server
Component/s: Backup
Affects Version/s: 10.1.20
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Andrii Nikitin (Inactive) Assignee: Andrii Nikitin (Inactive)
Resolution: Fixed Votes: 0
Labels: None


 Description   

I can run following script successfully with binary from 6-Dec: https://github.com/AndriiNikitin/scripts/blob/master/test_backup_rest_encryption.sh

But newly compiled binary shows "Wrong key" error at any backup attempt:

Loading encryption plugin Encryption plugin parameter : '--file_key_management_encryption_algorithm=aes_cbc'
Encryption plugin parameter : '--file_key_management_filename=/sec/keys.enc'
/test/xtrabackup: Cannot decrypt /sec/keys.enc. Wrong key?

We should have mtr test for non-empty file_key_management_filekey

 Comments   
Comment by Andrii Nikitin (Inactive) [ 2016-12-10 ]

When I change value used for file_key_management_filekey in the script to empty string - backup starts properly

Comment by Vladislav Vaintroub [ 2016-12-13 ]

I added non-empty file_key_management_file_key.
The test passes OK.

I'm not sure what is wrong with your example, but this parameter definitely does not get ignored.
Can you make a test case where it does not work?

Comment by Vladislav Vaintroub [ 2016-12-19 ]

Ok, could reproduce bug behavior on Ubuntu 16.04 ( not on 16.10 anymore). There is a bug in how STL vectors are handled in encryption_plugin_backup_init()

https://github.com/mariadb/server/commit/10ec571febb24387e18bd0a722a4c2cab6198f46
has the fix

Generated at Thu Feb 08 07:50:40 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.