MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013...

MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL Clear OpenSSL error queue after an error in AES_ENCRYPT/AES_DECRYPT. Otherwise it might affect current ssl-encrypted connection.

MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013...
MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL Clear OpenSSL error queue after an error in AES_ENCRYPT/AES_DECRYPT. Otherwise it might affect current ssl-encrypted connection.
cc12a35c · Sergei Golubchik · f875c9f2 · cc12a35c · cc12a35c · cc12a35c
Commit cc12a35c authored May 01, 2015 by Sergei Golubchik
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 9 deletions

mysql-test/r/ssl.result mysql-test/r/ssl.result +6 -0

mysql-test/t/ssl.test mysql-test/t/ssl.test +6 -3

mysys_ssl/my_aes.cc mysys_ssl/my_aes.cc +13 -6

No files found.
--- a/mysql-test/r/ssl.result
+++ b/mysql-test/r/ssl.result
@@ -2166,3 +2166,9 @@ drop table t1;
 SHOW STATUS LIKE 'Ssl_cipher';
 Variable_name	Value
 Ssl_cipher	DHE-RSA-AES256-SHA
+select aes_decrypt('MySQL','adf');
+aes_decrypt('MySQL','adf')
+NULL
+select 'still connected?';
+still connected?
+still connected?
--- a/mysql-test/t/ssl.test
+++ b/mysql-test/t/ssl.test
@@ -25,11 +25,14 @@ SHOW STATUS LIKE 'Ssl_server_not_after';
 --replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA
 SHOW STATUS LIKE 'Ssl_cipher';

+#
+# MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL
+#
+select aes_decrypt('MySQL','adf');
+select 'still connected?';
+
 connection default;
 disconnect ssl_con;

 # Wait till all disconnects are completed
 --source include/wait_until_count_sessions.inc
-
-##  This test file is for testing encrypted communication only, not other
-##  encryption routines that the SSL library happens to provide!
--- a/mysys_ssl/my_aes.cc
+++ b/mysys_ssl/my_aes.cc
@@ -24,6 +24,7 @@
 #elif defined(HAVE_OPENSSL)
 #include <openssl/aes.h>
 #include <openssl/evp.h>
+#include <openssl/err.h>

 // Wrap C struct, to ensure resources are released.
 struct MyCipherCtx
@@ -165,14 +166,17 @@ int my_aes_encrypt(const char* source, int source_length, char* dest,
 #elif defined(HAVE_OPENSSL)
  if (! EVP_EncryptInit(&ctx.ctx, EVP_aes_128_ecb(),
                        (const unsigned char *) rkey, NULL))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
  if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
                          (unsigned const char *) source, source_length))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
  if (! EVP_EncryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;

  return u_len + f_len;
+err:
+  ERR_remove_state(0);
+  return AES_BAD_DATA;
 #endif
 }

@@ -248,13 +252,16 @@ int my_aes_decrypt(const char *source, int source_length, char *dest,
 #elif defined(HAVE_OPENSSL)
  if (! EVP_DecryptInit(&ctx.ctx, EVP_aes_128_ecb(),
                        (const unsigned char *) rkey, NULL))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
  if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
                          (unsigned const char *) source, source_length))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
  if (! EVP_DecryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
  return u_len + f_len;
+err:
+  ERR_remove_state(0);
+  return AES_BAD_DATA;
 #endif
 }