Bug #100061 AES Encryption not working after upgrading mysql from 8.0.18 to 8.0.20
Submitted: 1 Jul 2020 9:48 Modified: 2 Jul 2020 12:25
Reporter: Kailasam Nagaraju Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Security: Encryption Severity:S2 (Serious)
Version:8.0.20 OS:Red Hat (7)
Assigned to: CPU Architecture:Any
Tags: AES_Decryption, AES_Encryption

[1 Jul 2020 9:48] Kailasam Nagaraju 
Description:
Upgrade of mysql from version 8.0.18 to 8.0.20 was done on a RHEL (Linux) server. 

Post upgrade it was observed that the AES_Encryption and decryption functions do not work. We are trying decrypt the encrypted value but we are not getting the expected value. Instead, we are getting an alpha numeric string post decryption. 

Earlier, upgrades were done from versions 5.7 to 8.0.15 and then again from 8.0.15 to 8.0.18. The AES_Encryption and decryption worked fine after both these upgrades. 

Now after upgrading from 8.0.18 to 8.0.20, we see that the aes encryption and decryption do not work. Is this a known issue or a regression bug in 8.0.20? Or are there any changes in 8.0.20 in aes encryption decryption in 8.0.20 ?  

How to repeat:
Upgrade from 8.0.18 to 8.0.20 and try to decrypt the encrypted value.
[1 Jul 2020 12:50] MySQL Verification Team 
Hello Mr. Nagaraju,

Thank you for your bug report.

First of all, downgraded from newer release to older is not recommended.

Second, we do not see exactly what you were trying to do. Hence, we need a fully repeatable test case.

We have found some bugs fixed in encryption in 8.0.20, but we do not know whether they cover your case or not.

We are waiting on your feedback.
[1 Jul 2020 13:06] MySQL Verification Team 
Hi ,

We have found a possible cause for this problem.

On client side, --binary-as-hex is set to TRUE by default. Can you check if that's what is causing this behavior?

It is described here:

https://dev.mysql.com/doc/refman/8.0/en/mysql-command-options.html#option_mysql_binary-as-...

This could be the only problem that you are facing .....
[2 Jul 2020 4:31] Kailasam Nagaraju 
Thank You team for the response. It helped. 

What we did was we set binary-as-hex to false in the my.cnf file in /etc as below.

[client]
binary-as-hex = false

[mysql]
binary-as-hex = false

Is there a way to set it to false during the upgradation itself ? We are using the below command to upgrade.

sudo yum localinstall <downloaded-mysql-file-names>

Regards.
[2 Jul 2020 12:14] MySQL Verification Team 
Hi,

I am not Red Hat expert, but I do not think that there is such an option.

Not a bug.
[2 Jul 2020 12:25] Kailasam Nagaraju 
Thank you very much for the inputs :)
[2 Jul 2020 12:28] MySQL Verification Team 
You are welcome.