List:Commits« Previous MessageNext Message »
From:Tor Didriksen Date:November 23 2012 4:04pm
Subject:bzr push into mysql-5.6 branch (tor.didriksen:4656 to 4657) Bug#15909183
View as plain text  
 4657 Tor Didriksen	2012-11-23
      Bug#15909183 MEMORY LEAKS WITH AES_ENCRYPT AND AES_DECRYPT AND OPENSSL
      
      Ensure that we always call EVP_CIPHER_CTX_cleanup(&ctx);

    modified:
      mysys_ssl/my_aes.cc
 4656 horst.hunger@stripped	2012-11-23
      Bug 14150368: Increased again the waiting time. This time by doubling the sleep time.

    modified:
      mysql-test/include/wait_time_until_connected_again.inc
=== modified file 'mysys_ssl/my_aes.cc'
--- a/mysys_ssl/my_aes.cc	2012-05-31 15:33:21 +0000
+++ b/mysys_ssl/my_aes.cc	2012-11-23 08:46:39 +0000
@@ -24,6 +24,15 @@
 #elif defined(HAVE_OPENSSL)
 #include <openssl/aes.h>
 #include <openssl/evp.h>
+
+// Wrap C struct, to ensure resources are released.
+struct MyCipherCtx
+{
+  MyCipherCtx() { memset(&ctx, 0, sizeof(ctx)); }
+  ~MyCipherCtx() { EVP_CIPHER_CTX_cleanup(&ctx); }
+
+  EVP_CIPHER_CTX ctx;
+};
 #endif
 
 enum encrypt_dir { MY_AES_ENCRYPT, MY_AES_DECRYPT };
@@ -119,7 +128,7 @@ int my_aes_encrypt(const char* source, i
   int num_blocks;                               /* number of complete blocks */
   int i;
 #elif defined(HAVE_OPENSSL)
-  EVP_CIPHER_CTX ctx;
+  MyCipherCtx ctx;
   int u_len, f_len;
 #endif
 
@@ -154,13 +163,13 @@ int my_aes_encrypt(const char* source, i
 
   return MY_AES_BLOCK_SIZE * (num_blocks + 1);
 #elif defined(HAVE_OPENSSL)
-  if (! EVP_EncryptInit(&ctx, EVP_aes_128_ecb(), (const unsigned char *) rkey,
-                       NULL))
+  if (! EVP_EncryptInit(&ctx.ctx, EVP_aes_128_ecb(),
+                        (const unsigned char *) rkey, NULL))
     return AES_BAD_DATA;                        /* Error */
-  if (! EVP_EncryptUpdate(&ctx, (unsigned char *) dest, &u_len,
+  if (! EVP_EncryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
                           (unsigned const char *) source, source_length))
     return AES_BAD_DATA;                        /* Error */
-  if (! EVP_EncryptFinal(&ctx, (unsigned char *) dest + u_len, &f_len))
+  if (! EVP_EncryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
     return AES_BAD_DATA;                        /* Error */
 
   return u_len + f_len;
@@ -195,7 +204,7 @@ int my_aes_decrypt(const char *source, i
   int num_blocks;                               /* Number of complete blocks */
   int i;
 #elif defined(HAVE_OPENSSL)
-  EVP_CIPHER_CTX ctx;
+  MyCipherCtx ctx;
   int u_len, f_len;
 #endif
 
@@ -237,15 +246,14 @@ int my_aes_decrypt(const char *source, i
   memcpy(dest, block, MY_AES_BLOCK_SIZE - pad_len);
   return MY_AES_BLOCK_SIZE * num_blocks - pad_len;
 #elif defined(HAVE_OPENSSL)
-  if (! EVP_DecryptInit(&ctx, EVP_aes_128_ecb(), (const unsigned char *) rkey,
-                        NULL))
+  if (! EVP_DecryptInit(&ctx.ctx, EVP_aes_128_ecb(),
+                        (const unsigned char *) rkey, NULL))
     return AES_BAD_DATA;                        /* Error */
-  if (! EVP_DecryptUpdate(&ctx, (unsigned char *) dest, &u_len,
+  if (! EVP_DecryptUpdate(&ctx.ctx, (unsigned char *) dest, &u_len,
                           (unsigned const char *) source, source_length))
     return AES_BAD_DATA;                        /* Error */
-  if (! EVP_DecryptFinal(&ctx, (unsigned char *) dest + u_len, &f_len))
+  if (! EVP_DecryptFinal(&ctx.ctx, (unsigned char *) dest + u_len, &f_len))
     return AES_BAD_DATA;                        /* Error */
-
   return u_len + f_len;
 #endif
 }

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-5.6 branch (tor.didriksen:4656 to 4657) Bug#15909183Tor Didriksen26 Nov