MDEV-25343 Error log message not helpful when filekey is too long

Add a test related to the Encrypted Key File by following instructions in kb example
https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file

Reviewed by Daniel Black (with minor formatting and re-org of duplicate
close(f) calls).

10 files changed, 71 insertions, 3 deletions

diff --git a/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result b/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result
new file mode 100644
index 00000000000..880245c7a09
--- /dev/null
+++ b/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result
@@ -0,0 +1,17 @@
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+show create table t1;
+Table	Create Table
+t1	CREATE TABLE `t1` (
+  `c1` bigint(20) NOT NULL,
+  `b` char(200) DEFAULT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=1
+insert t1 values (12345, repeat('1234567890', 20));
+alter table t1 encryption_key_id=2;
+show create table t1;
+Table	Create Table
+t1	CREATE TABLE `t1` (
+  `c1` bigint(20) NOT NULL,
+  `b` char(200) DEFAULT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=2
+drop table t1;
+# Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/r/filekeys_secret_too_long.result b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
new file mode 100644
index 00000000000..bd11e8d925e
--- /dev/null
+++ b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result
@@ -0,0 +1,10 @@
+call mtr.add_suppression("the filekey is too long");
+call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
+call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
+FOUND 1 /the filekey is too long/ in mysqld.1.err
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
+select plugin_status from information_schema.plugins
+where plugin_name = 'file_key_management';
+plugin_status
+# Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/t/filekeys-data-too-long.key b/mysql-test/suite/encryption/t/filekeys-data-too-long.key
new file mode 100644
index 00000000000..ba1624fb324
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys-data-too-long.key
@@ -0,0 +1,4 @@
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc
new file mode 100644
index 00000000000..3257ff7d6de
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc
@@ -0,0 +1,4 @@
+Salted__��4��0-6�L���	�sK?p\�a�m8��N?q	�n�<��*g��(��|F����/����!
+�� kok6���y7t67�D#��g洄�ʗ��ԣ��iyu�*i�#�ƈ82#6� ��.C�8۝�;7�Bԣ���
+0� /
+��w��0w"xԱQu04��x�kj�{���W΢���3C�5՜���ᔪ�����P�$=�Ҳ
\ No newline at end of file
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key
new file mode 100644
index 00000000000..bba639aeaac
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key
@@ -0,0 +1 @@
+c9518399cbec2b5edf773e06d1b934b90ec0f46ae455b8f1e001b5629ef31a513b83e676bf654c08ba98659461410e5e040e46237a7d50b40bd9bb90576f841275506e61523e5e9a0beb7641127ed2d946395b6fee7ff5263a9019cbe71bd907bf1ac6365940fa391086830a4e6c1d2972b99505467ef31cfb46d0cb7ab8f4f1
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt
new file mode 100644
index 00000000000..9dee47bb96f
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt
@@ -0,0 +1,3 @@
+--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.key
+--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.enc
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test
new file mode 100644
index 00000000000..60718d21a10
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test
@@ -0,0 +1,13 @@
+-- source include/have_innodb.inc
+-- source filekeys_plugin.inc
+
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+show create table t1;
+insert t1 values (12345, repeat('1234567890', 20));
+
+alter table t1 encryption_key_id=2;
+show create table t1;
+
+drop table t1;
+
+--echo # Test checks if opening an too large secret does not crash the server.
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
new file mode 100644
index 00000000000..c3f95019f2a
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt
@@ -0,0 +1,3 @@
+--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key
+--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc
+
diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.test b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
new file mode 100644
index 00000000000..0032e94de37
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test
@@ -0,0 +1,4 @@
+let SEARCH_PATTERN=the filekey is too long;
+source filekeys_badtest.inc;
+
+--echo # Test checks if opening an too large secret does not crash the server.
diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 5a9e5e55d63..ec1b528da24 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -170,19 +170,28 @@ bool Parser::read_filekey(const char *filekey, char *secret)
   int f= open(filekey, O_RDONLY|O_BINARY);
   if (f == -1)
   {
-    my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno);
+    my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filekey, errno);
     return 1;
   }
 
-  int len= read(f, secret, MAX_SECRET_SIZE);
+  int len= read(f, secret, MAX_SECRET_SIZE + 1);
   if (len <= 0)
   {
-    my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
+    my_error(EE_READ, ME_ERROR_LOG, filekey, errno);
     close(f);
     return 1;
   }
   close(f);
+
   while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
+  if (len > MAX_SECRET_SIZE)
+  {
+    my_printf_error(EE_READ,
+                    "Cannot read %s, the filekey is too long, "
+                    "max secret size is %dB ",
+                    ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
+    return 1;
+  }
   secret[len]= '\0';
   return 0;
 }