MySQL Bugs: #82495: UPPER not working properly with AES Encryption

Bug #82495	UPPER not working properly with AES Encryption
Submitted:	8 Aug 2016 18:51	Modified:	18 Nov 2016 7:51
Reporter:	Bernardo Perez	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: DML	Severity:	S3 (Non-critical)
Version:	5.6/5.7	OS:	Linux
Assigned to:		CPU Architecture:	Any

Description:
from 5.6.27 when using UPPER inside of AES_ENCRYPT if you try to retrieve the result decrypted it will show as a black:

mysql> SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
|                         |
+-------------------------+
1 row in set (0.00 sec)

Same command works perfectly on 5.6.23

How to repeat:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1700
Server version: 5.6.23-log MySQL Community Server (GPL)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases
    -> ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| TestMysql          |
| innodb             |
| mysql              |
| performance_schema |
| tmp                |
+--------------------+
6 rows in set (0.00 sec)

mysql> create database test;
Query OK, 1 row affected (0.02 sec)

mysql> use test
Database changed
mysql> CREATE TABLE temp2(val VARCHAR(100));
Query OK, 0 rows affected (0.03 sec)

mysql> INSERT INTO temp2(val) VALUES(AES_ENCRYPT(UPPER('test'),'test'));
Query OK, 1 row affected (0.00 sec)

mysql> SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
| TEST                    |
+-------------------------+
1 row in set (0.00 sec)

======================================================

Your MySQL connection id is 20
Server version: 5.6.27-log MySQL Community Server (GPL)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> 
mysql> 
mysql> CREATE TABLE temp2(val VARCHAR(100));
ERROR 1046 (3D000): No database selected
mysql> show databases
    -> ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| innodb             |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

mysql> create database test;
Query OK, 1 row affected (0.01 sec)

mysql> use test;
Database changed
mysql> CREATE TABLE temp2(val VARCHAR(100));
Query OK, 0 rows affected (0.03 sec)

mysql> INSERT INTO temp2(val) VALUES(AES_ENCRYPT(UPPER('test'),'test'));
Query OK, 1 row affected (0.01 sec)

mysql> SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
|                         |
+-------------------------+
1 row in set (0.00 sec)

Your MySQL connection id is 20
Server version: 5.6.29-log MySQL Community Server (GPL)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> uses test
    -> ;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'uses test' at line 1
mysql> show databases
    -> ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| innodb             |
| mysql              |
| performance_schema |
| sys                |
| test               |
+--------------------+
6 rows in set (0.00 sec)

mysql> use test;
Database changed
mysql> CREATE TABLE temp2(val VARCHAR(100));
Query OK, 0 rows affected (0.02 sec)

mysql> INSERT INTO temp2(val) VALUES(AES_ENCRYPT(UPPER('test'),'test'));
Query OK, 1 row affected (0.01 sec)

mysql> SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
|                         |
+-------------------------+
1 row in set (0.00 sec)

Server version: 5.7.10-log MySQL Community Server (GPL)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database test;
Query OK, 1 row affected (0.00 sec)

mysql> use test;
Database changed
mysql> CREATE TABLE temp2(val VARCHAR(100));
Query OK, 0 rows affected (0.02 sec)

mysql> INSERT INTO temp2(val) VALUES(AES_ENCRYPT(UPPER('test'),'test'));
Query OK, 1 row affected (0.01 sec)

mysql> SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
|                         |
+-------------------------+
1 row in set (0.00 sec)

mysql> INSERT INTO temp2(val) VALUES(AES_ENCRYPT(('test'),'test'));
Query OK, 1 row affected (0.01 sec)

mysql> INSERT INTO temp2(val) VALUES(AES_ENCRYPT(('TEST'),'test'));
Query OK, 1 row affected (0.01 sec)

mysql> SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
|                         |
| test                    |
| TEST                    |
+-------------------------+
3 rows in set (0.00 sec)

mysql> select * from temp2;
+-------------------------------+
| val                           |
+-------------------------------+
|  ÛWq6;³5v‹>`_TÂ              |
| ‡½8…”;äŠNh«c°ìj              |
| Å‚H=?hÏvl¬ò‘#·°              |
+-------------------------------+
3 rows in set (0.00 sec)

The encryption is done completly different and seems related to the function itself.

Thank you for the bug report.

C:\dbs>c:\dbs\5.5\bin\mysql -uroot --port=3550 --prompt="mysql 5.5 > "
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.52 Source distribution 2016-JUL-09

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql 5.5 > use test
Database changed
mysql 5.5 >  CREATE TABLE temp2(val VARCHAR(100));
Query OK, 0 rows affected (0.14 sec)

mysql 5.5 > INSERT INTO temp2(val) VALUES(AES_ENCRYPT(UPPER('test'),'test'));
Query OK, 1 row affected (0.14 sec)

mysql 5.5 >  SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
| TEST                    |
+-------------------------+
1 row in set (0.00 sec)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

C:\dbs>c:\dbs\5.6\bin\mysql -uroot --port=3560 -p --prompt="mysql 5.6 > "
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.33 Source distribution 2016-JUL-09

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql 5.6 > use test
Database changed
mysql 5.6 >  CREATE TABLE temp2(val VARCHAR(100));
Query OK, 0 rows affected (0.40 sec)

mysql 5.6 > INSERT INTO temp2(val) VALUES(AES_ENCRYPT(UPPER('test'),'test'));
Query OK, 1 row affected (0.08 sec)

mysql 5.6 >  SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
|                         |
+-------------------------+
1 row in set (0.00 sec)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.15 Source distribution 2016-JUL-09

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql 5.7 > use test
Database changed
mysql 5.7 >  CREATE TABLE temp2(val VARCHAR(100));
Query OK, 0 rows affected (0.49 sec)

mysql 5.7 > INSERT INTO temp2(val) VALUES(AES_ENCRYPT(UPPER('test'),'test'));
Query OK, 1 row affected (0.13 sec)

mysql 5.7 >  SELECT AES_DECRYPT(val,'test') FROM temp2;
+-------------------------+
| AES_DECRYPT(val,'test') |
+-------------------------+
|                         |
+-------------------------+
1 row in set (0.04 sec)

Posted by developer:
 
Fixed in trunk, by the patch for:
    Bug#22900560 CAST .. AS BINARY.. HEAP-USE-AFTER-FREE FROM ASAN
    
    Problem: conflicting usage of Item::str_value.
    Add Item_func_aes_encrypt::tmp_value and use it in val_str()

Fixed in 8.0.0 under the heading of

Bug#22900560 CAST .. AS BINARY.. HEAP-USE-AFTER-FREE FROM ASAN