Commit cc12a35c authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013...

MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL

Clear OpenSSL error queue after an error in AES_ENCRYPT/AES_DECRYPT.
Otherwise it might affect current ssl-encrypted connection.
parent f875c9f2
...@@ -2166,3 +2166,9 @@ drop table t1; ...@@ -2166,3 +2166,9 @@ drop table t1;
SHOW STATUS LIKE 'Ssl_cipher'; SHOW STATUS LIKE 'Ssl_cipher';
Variable_name Value Variable_name Value
Ssl_cipher DHE-RSA-AES256-SHA Ssl_cipher DHE-RSA-AES256-SHA
select aes_decrypt('MySQL','adf');
aes_decrypt('MySQL','adf')
NULL
select 'still connected?';
still connected?
still connected?
...@@ -25,11 +25,14 @@ SHOW STATUS LIKE 'Ssl_server_not_after'; ...@@ -25,11 +25,14 @@ SHOW STATUS LIKE 'Ssl_server_not_after';
--replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA --replace_result DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA
SHOW STATUS LIKE 'Ssl_cipher'; SHOW STATUS LIKE 'Ssl_cipher';
#
# MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL
#
select aes_decrypt('MySQL','adf');
select 'still connected?';
connection default; connection default;
disconnect ssl_con; disconnect ssl_con;
# Wait till all disconnects are completed # Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc --source include/wait_until_count_sessions.inc
## This test file is for testing encrypted communication only, not other
## encryption routines that the SSL library happens to provide!
...@@ -24,6 +24,7 @@ ...@@ -24,6 +24,7 @@
#elif defined(HAVE_OPENSSL) #elif defined(HAVE_OPENSSL)
#include <openssl/aes.h> #include <openssl/aes.h>
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h>
// Wrap C struct, to ensure resources are released. // Wrap C struct, to ensure resources are released.
struct MyCipherCtx struct MyCipherCtx
...@@ -165,14 +166,17 @@ int my_aes_encrypt(const char* source, int source_length, char* dest, ...@@ -165,14 +166,17 @@ int my_aes_encrypt(const char* source, int source_length, char* dest,
#elif defined(HAVE_OPENSSL) #elif defined(HAVE_OPENSSL)
if (! EVP_EncryptInit(&ctx.ctx, EVP_aes_128_ecb(), if (! EVP_EncryptInit(&ctx.ctx, EVP_aes_128_ecb(),
(const unsigned char *) rkey, NULL)) (const unsigned char *) rkey, NULL))
return AES_BAD_DATA; /* Error */ goto err;
if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
(unsigned const char *) source, source_length)) (unsigned const char *) source, source_length))
return AES_BAD_DATA; /* Error */ goto err;
if (! EVP_EncryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) if (! EVP_EncryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
return AES_BAD_DATA; /* Error */ goto err;
return u_len + f_len; return u_len + f_len;
err:
ERR_remove_state(0);
return AES_BAD_DATA;
#endif #endif
} }
...@@ -248,13 +252,16 @@ int my_aes_decrypt(const char *source, int source_length, char *dest, ...@@ -248,13 +252,16 @@ int my_aes_decrypt(const char *source, int source_length, char *dest,
#elif defined(HAVE_OPENSSL) #elif defined(HAVE_OPENSSL)
if (! EVP_DecryptInit(&ctx.ctx, EVP_aes_128_ecb(), if (! EVP_DecryptInit(&ctx.ctx, EVP_aes_128_ecb(),
(const unsigned char *) rkey, NULL)) (const unsigned char *) rkey, NULL))
return AES_BAD_DATA; /* Error */ goto err;
if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len, if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
(unsigned const char *) source, source_length)) (unsigned const char *) source, source_length))
return AES_BAD_DATA; /* Error */ goto err;
if (! EVP_DecryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len)) if (! EVP_DecryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
return AES_BAD_DATA; /* Error */ goto err;
return u_len + f_len; return u_len + f_len;
err:
ERR_remove_state(0);
return AES_BAD_DATA;
#endif #endif
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment