diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2015-05-14 10:35:30 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2015-05-15 18:12:02 +0200 |
| commit | 8827eb83259015ad5965e9b7456200129daad175 (patch) | |
| tree | 84563b0ade6d55479c80815e3739af70982d0e3b /mysys_ssl/my_crypt.cc | |
| parent | 8258a34800832b1713711d12f6a836c2fc5af19e (diff) | |
| download | mariadb-git-8827eb83259015ad5965e9b7456200129daad175.tar.gz | |
MDEV-8162 func_str crashes on SELECT AES_DECRYPT(AES_ENCRYPT(...)) on line 107
encrypting 0 byte string *is* possible
Diffstat (limited to 'mysys_ssl/my_crypt.cc')
| -rw-r--r-- | mysys_ssl/my_crypt.cc | 47 |
1 files changed, 24 insertions, 23 deletions
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index 0c977eb94bf..b95879a3012 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -71,8 +71,6 @@ static int block_crypt(CipherMode cipher, Dir dir, { int tail= source_length % MY_AES_BLOCK_SIZE; - DBUG_ASSERT(source_length); - if (likely(source_length >= MY_AES_BLOCK_SIZE || !no_padding)) { #ifdef HAVE_YASSL @@ -139,28 +137,31 @@ static int block_crypt(CipherMode cipher, Dir dir, #endif } - if (no_padding && tail) + if (no_padding) { - /* - Not much we can do, block ciphers cannot encrypt data that aren't - a multiple of the block length. At least not without padding. - Let's do something CTR-like for the last partial block. - */ - - uchar mask[MY_AES_BLOCK_SIZE]; - uint mlen; - - DBUG_ASSERT(iv_length >= sizeof(mask)); - my_aes_encrypt_ecb(iv, sizeof(mask), mask, &mlen, - key, key_length, 0, 0, 1); - DBUG_ASSERT(mlen == sizeof(mask)); - - const uchar *s= source + source_length - tail; - const uchar *e= source + source_length; - uchar *d= dest + source_length - tail; - const uchar *m= mask; - while (s < e) - *d++ = *s++ ^ *m++; + if (tail) + { + /* + Not much we can do, block ciphers cannot encrypt data that aren't + a multiple of the block length. At least not without padding. + Let's do something CTR-like for the last partial block. + */ + + uchar mask[MY_AES_BLOCK_SIZE]; + uint mlen; + + DBUG_ASSERT(iv_length >= sizeof(mask)); + my_aes_encrypt_ecb(iv, sizeof(mask), mask, &mlen, + key, key_length, 0, 0, 1); + DBUG_ASSERT(mlen == sizeof(mask)); + + const uchar *s= source + source_length - tail; + const uchar *e= source + source_length; + uchar *d= dest + source_length - tail; + const uchar *m= mask; + while (s < e) + *d++ = *s++ ^ *m++; + } *dest_length= source_length; } |