Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14567

MariaDB won't work in FIPS mode

    XMLWordPrintable

    Details

    • Sprint:
      10.2.13

      Description

      Hello,

      On Fedora 27, if you install 'dracut-fips' package, MariaDB server won't start with folowing explanation:

      mysql-prepare-db-dir[17281]: 2017-12-04  8:24:26 140228227141056 [ERROR] Incompatible OpenSSL version. Cannot continue...
      

      it calls CRYPTO_set_mem_functions() from libcrypto.so, which returns 0 here:

      ┌──crypto/mem.c──────────────────────
      │39          if (!allow_customize)
      │40              return 0;         
      

      And that's the issue.
      Package 'dracut-fips' will cause, that in libcrypto constructor FIPS self-tests must be called. FIPS self-test calls allocations and that's why the allocation function cannot be altered.

      The same state should be achieved in FIPS mode, although so far I talked about installed 'dracut-fips' package, but still disabled FIPS mode.

        Attachments

          Activity

            People

            Assignee:
            serg Sergei Golubchik
            Reporter:
            mschorm Michal Schorm
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: