Skip to content

br backup encryption doesn't check crypter.key length #29794

New issue
New issue
Closed
#29991
Closed
br backup encryption doesn't check crypter.key length#29794
#29991
Assignees
joccau
Labels
component/brThis issue is related to BR of TiDB.severity/moderatetype/bugThe issue is confirmed as a bug.
@fubinzh

Description

@fubinzh
fubinzh
opened on Nov 15, 2021

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

  1. Run br backup and specify --crypter.method aes128-ctr --crypter.key 0123456789abcdef0123456789abcd

2. What did you expect to see? (Required)

aes128-ctr requires key length of 16, error should be prompted during parameter check when key length not correct.

3. What did you see instead (Required)

It seems no parameter validation, error prompt in the progress of br backup, which is too late.

[root@centos76_vm v5.3.0]# ./br backup db --pd "172.16.6.217:2379" --db IFRS9 --storage "s3://nfs/fubin/br_tmp?access-key=minioadmin&secret-access-key=minioadmin&endpoint=http%3a%2f%2fminio.pingcap.net%3a9000&force-path-style=true" --send-credentials-to-tikv=true --crypter.method aes128-ctr --crypter.key 0123456789abcdef0123456789abcd
Detail BR log in /tmp/br.log.2021-11-15T14.58.04+0800
Database backup <-------\...................................................................................................................................................> 4.76%[2021/11/15 14:58:07.077 +08:00] [INFO] [collector.go:65] ["Database backup failed summary"] [total-ranges=2] [ranges-succeed=0] [ranges-failed=2] [backup-total-ranges=2] [backup-total-regions=42] [unit-name="range start:7480000000000001905f69800000000000000100 end:7480000000000001905f698000000000000001fb"] [error="error happen in store 1 at 172.16.6.217:20160: Other(\"[components/backup/src/writer.rs:90]: new encrypterReader error: Other(\\\"[components/encryption/src/crypter.rs:204]: unexpected key length, expected 16 vs actual 15\\\")\"): [BR:KV:ErrKVStorage]tikv storage occur I/O error"] [errorVerbose="[BR:KV:ErrKVStorage]tikv storage occur I/O error\nerror happen in store 1 at 172.16.6.217:20160: Other(\"[components/backup/src/writer.rs:90]: new encrypterReader error: Other(\\\"[components/encryption/src/crypter.rs:204]: unexpected key length, expected 16 vs actual 15\\\")\")\ngithub.com/pingcap/tidb/br/pkg/backup.(*pushDown).pushBackup\n\t/home/jenkins/agent/workspace/optimization-build-tidb-linux-amd/go/src/github.com/pingcap/br/br/pkg/backup/push.go:176\ngithub.com/pingcap/tidb/br/pkg/backup.(*Client).BackupRange\n\t/home/jenkins/agent/workspace/optimization-build-tidb-linux-amd/go/src/github.com/pingcap/br/br/pkg/backup/client.go:499\ngithub.com/pingcap/tidb/br/pkg/backup.(*Client).BackupRanges.func1\n\t/home/jenkins/agent/workspace/optimization-build-tidb-linux-amd/go/src/github.com/pingcap/br/br/pkg/backup/client.go:453\ngithub.com/pingcap/tidb/br/pkg/utils.(*WorkerPool).ApplyOnErrorGroup.func1\n\t/home/jenkins/agent/workspace/optimization-build-tidb-linux-amd/go/src/github.com/pingcap/br/br/pkg/utils/worker.go:73\ngolang.org/x/sync/errgroup.(*Group).Go.func1\n\t/nfs/cache/mod/golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c/errgroup/errgroup.go:57\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1371"] [unit-name="range start:7480000000000001905f720000000000000000 end:7480000000000001905f72ffffffffffffffff00"] [error="can not find leader: [BR:Backup:ErrBackupNoLeader]backup no leader"] [errorVerbose="[BR:Backup:ErrBackupNoLeader]backup no leader\ncan not find leader\ngithub.com/pingcap/tidb/br/pkg/backup.(*Client).findRegionLeader\n\t/home/jenkins/agent/workspace/optimization-build-tidb-linux-amd/go/src/github.com/pingcap/br/br/pkg/backup/client.go:575\ngithub.com/pingcap/tidb/br/pkg/backup.(*Client).handleFineGrained\n\t/home/jenkins/agent/workspace/optimization-build-tidb-linux-amd/go/src/github.com/pingcap/br/br/pkg/backup/client.go:784\ngithub.com/pingcap/tidb/br/pkg/backup.(*Client).fineGrainedBackup.func2\n\t/home/jenkins/agent/workspace/optimization-build-tidb-linux-amd/go/src/github.com/pingcap/br/br/pkg/backup/client.go:636\nruntime.goexit\n\t/usr/local/go/src/runtime/asm_amd64.s:1371"]
Database backup <-------|...................................................................................................................................................> 4.76%
Error: error happen in store 1 at 172.16.6.217:20160: Other("[components/backup/src/writer.rs:90]: new encrypterReader error: Other(\"[components/encryption/src/crypter.rs:204]: unexpected key length, expected 16 vs actual 15\")"): [BR:KV:ErrKVStorage]tikv storage occur I/O error

4. What is your TiDB version? (Required)

[root@centos76_vm v5.3.0]# ./br -V
Release Version: v5.3.0
Git Commit Hash: 3b79300
Git Branch: heads/refs/tags/v5.3.0
Go Version: go1.16.4
UTC Build Time: 2021-11-13 10:03:57
Race Enabled: false

Metadata

Metadata

Assignees

Labels

component/brThis issue is related to BR of TiDB.severity/moderatetype/bugThe issue is confirmed as a bug.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions