Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14567

MariaDB won't work in FIPS mode

    XMLWordPrintable

Details

    • 10.2.13

    Description

      Hello,

      On Fedora 27, if you install 'dracut-fips' package, MariaDB server won't start with folowing explanation:

      mysql-prepare-db-dir[17281]: 2017-12-04  8:24:26 140228227141056 [ERROR] Incompatible OpenSSL version. Cannot continue...
      

      it calls CRYPTO_set_mem_functions() from libcrypto.so, which returns 0 here:

      ┌──crypto/mem.c──────────────────────
      │39          if (!allow_customize)
      │40              return 0;         
      

      And that's the issue.
      Package 'dracut-fips' will cause, that in libcrypto constructor FIPS self-tests must be called. FIPS self-test calls allocations and that's why the allocation function cannot be altered.

      The same state should be achieved in FIPS mode, although so far I talked about installed 'dracut-fips' package, but still disabled FIPS mode.

      Attachments

        Activity

          People

            serg Sergei Golubchik
            mschorm Michal Schorm
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.