Bug #10589 des_encrypt functionality always return NULL
Submitted: 12 May 2005 11:21 Modified: 13 Jul 2005 19:18
Reporter: Disha Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.5 + 4.1.11 OS:Windows (Windows xp)
Assigned to: Magnus Blåudd CPU Architecture:Any

[12 May 2005 11:21] Disha 
Description:
des_encrypt function always return null value.

How to repeat:
1. execute the following command.
    delimiter //
    Select des_encrypt('test','disha')//

2.Expected Result: Encrypted value of 'test'
   
3.Actual Result: 	
		+-----------------------------+
		| des_encrypt('test','disha') |
		+-----------------------------+
		| NULL                        |
		+-----------------------------+
		1 row in set (0.16 sec)
[12 May 2005 11:32] MySQL Verification Team 
This bug only happens on Windows:
c:\mysql\bin>mysql -uroot test
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.0.6-beta-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> delimiter //
mysql> Select des_encrypt('test','disha')//
+-----------------------------+
| des_encrypt('test','disha') |
+-----------------------------+
| NULL                        |
+-----------------------------+
1 row in set (0.03 sec)

On Linux with the same BK changeset:

mysql> Select des_encrypt('test','disha');  
+-----------------------------+
| des_encrypt('test','disha') |
+-----------------------------+
| ÿ/ØtÆÁ+                   |
+-----------------------------+
1 row in set (0.02 sec)
[12 May 2005 12:53] Hartmut Holzgraefe 
On my MacOS X box i can reproduce this even with 4.1.11
(4.1.11-standard-log)

On my Linux machine it works fine given two strings but
crashes if i only give one string or a string and a key number
if no key file was specified (in which case it should just return
NULL) (self compiled binaries, both 4.1.11 and 5.0 fails, 4.1.6
gives a wrong result, 4.1.5 returns NULL as expected)
[17 Jun 2005 13:11] Magnus Blåudd 
Note that this function works only if MySQL has been configured with SSL support. See Section 5.7.7, “Using Secure Connections” in the MySQL Refernce Manual.

I believe thie problem occurs because SSL support is missing. Will try to add warning or error message if these functions are used without the required functionality available.
[17 Jun 2005 16:08] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/26125
[17 Jun 2005 16:22] Magnus Blåudd 
Made a fix that will print warnings if the functions that des_encrypt or des_decrypt need from openssl is not available, wrong parameters are passed or if the function run out of resources.

To make sure the server have been compiled with openssl support, use the query:
mysql> show variables like "have_openssl";
Variable_name	Value
have_openssl	YES

There are also a number of command line options that need to be set.  See: http://dev.mysql.com/doc/mysql/en/ssl-options.html

The easiest way to test des_* functionality is to use mysql-test which will setup basic certificates for openssl to work. Please run mysql-test and make sure that the test case "func_encrypt" passes.
[27 Jun 2005 10:52] Magnus Blåudd 
Pushed to 4.1.13 and 5.0.9
[13 Jul 2005 19:18] Paul DuBois 
Noted in 4.1.13, 5.0.9 changelogs.