MDEV-7697 Client reports ERROR 2006 (MySQL server has gone away) or ERROR 2013 (Lost connection to MySQL server during query) while executing AES* functions under SSL

Clear OpenSSL error queue after an error in AES_ENCRYPT/AES_DECRYPT. Otherwise it might affect current ssl-encrypted connection.
author: Sergei Golubchik <serg@mariadb.org> 2015-05-01 17:56:47 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2015-05-03 11:21:57 +0200
commit: cc12a35cde453a4384a2e99282c3281308c427a9 (patch)
tree: ac82643ae301f1fec172424c9cf5fe0671d4ba33 /mysys_ssl
parent: f875c9f2a090f98ba9d9e881165b4cf71cd6a8a2 (diff)
download: mariadb-git-cc12a35cde453a4384a2e99282c3281308c427a9.tar.gz
1 files changed, 13 insertions, 6 deletions
diff --git a/mysys_ssl/my_aes.cc b/mysys_ssl/my_aes.cc
index 9327bc32a3b..05dbfdb4f0b 100644
--- a/mysys_ssl/my_aes.cc
+++ b/mysys_ssl/my_aes.cc
@@ -24,6 +24,7 @@
 #elif defined(HAVE_OPENSSL)
 #include <openssl/aes.h>
 #include <openssl/evp.h>
+#include <openssl/err.h>
 
 // Wrap C struct, to ensure resources are released.
 struct MyCipherCtx
@@ -165,14 +166,17 @@ int my_aes_encrypt(const char* source, int source_length, char* dest,
 #elif defined(HAVE_OPENSSL)
   if (! EVP_EncryptInit(&ctx.ctx, EVP_aes_128_ecb(),
                         (const unsigned char *) rkey, NULL))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
   if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
                           (unsigned const char *) source, source_length))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
   if (! EVP_EncryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
 
   return u_len + f_len;
+err:
+  ERR_remove_state(0);
+  return AES_BAD_DATA;
 #endif
 }
 
@@ -248,13 +252,16 @@ int my_aes_decrypt(const char *source, int source_length, char *dest,
 #elif defined(HAVE_OPENSSL)
   if (! EVP_DecryptInit(&ctx.ctx, EVP_aes_128_ecb(),
                         (const unsigned char *) rkey, NULL))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
   if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
                           (unsigned const char *) source, source_length))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
   if (! EVP_DecryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
-    return AES_BAD_DATA;                        /* Error */
+    goto err;
   return u_len + f_len;
+err:
+  ERR_remove_state(0);
+  return AES_BAD_DATA;
 #endif
 }
author	Sergei Golubchik <serg@mariadb.org>	2015-05-01 17:56:47 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2015-05-03 11:21:57 +0200
commit	cc12a35cde453a4384a2e99282c3281308c427a9 (patch)
tree	ac82643ae301f1fec172424c9cf5fe0671d4ba33 /mysys_ssl
parent	f875c9f2a090f98ba9d9e881165b4cf71cd6a8a2 (diff)
download	mariadb-git-cc12a35cde453a4384a2e99282c3281308c427a9.tar.gz