Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.2(EOL)
-
Fedora 27
package 'dracut-fips' installed
-
10.2.13
Description
Hello,
On Fedora 27, if you install 'dracut-fips' package, MariaDB server won't start with folowing explanation:
mysql-prepare-db-dir[17281]: 2017-12-04 8:24:26 140228227141056 [ERROR] Incompatible OpenSSL version. Cannot continue... |
it calls CRYPTO_set_mem_functions() from libcrypto.so, which returns 0 here:
┌──crypto/mem.c──────────────────────
|
│39 if (!allow_customize) |
│40 return 0; |
And that's the issue.
Package 'dracut-fips' will cause, that in libcrypto constructor FIPS self-tests must be called. FIPS self-test calls allocations and that's why the allocation function cannot be altered.
—
The same state should be achieved in FIPS mode, although so far I talked about installed 'dracut-fips' package, but still disabled FIPS mode.