Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-27778

md5 in FIPS crashes with OpenSSL 3.0.0

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • 10.8.1
    • 10.8.3
    • SSL
    • None

    Description

      Related to MDEV-25785 and MDEV-7788. With FIPS enabled, md5 does not work when compiled with OpenSSL 3.0.0.

      OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer. In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while in 3.0.0+ it is a different EVP_MD provider.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-27729 test with FIPS mode in buildbot

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32368 Docker image crashes on launch with OpenSSL 3 FIPS activated

          • Major - Major loss of function.
          • Open

          Activity

            Ascending order - Click to sort in descending order
            hhorak Honza Horak added a comment -

            Patch suggested as https://github.com/MariaDB/server/pull/2010

            hhorak Honza Horak added a comment - Patch suggested as https://github.com/MariaDB/server/pull/2010
            serg Sergei Golubchik added a comment -

            Thanks! This is very relevant to a recent effort to get FIPS working.

            There's a recently created MDEV-27729 about testing FIPS mode in buildbot. If we'd had it before, we would've noticed and fixed this md5 crash ourselves. Sorry for this.

            I'll apply your PR after the MDEV-27729 is done, which is planned to happen before the next (10.8.2) release.

            serg Sergei Golubchik added a comment - Thanks! This is very relevant to a recent effort to get FIPS working. There's a recently created MDEV-27729 about testing FIPS mode in buildbot. If we'd had it before, we would've noticed and fixed this md5 crash ourselves. Sorry for this. I'll apply your PR after the MDEV-27729 is done, which is planned to happen before the next (10.8.2) release.

            People

              serg Sergei Golubchik
              hhorak Honza Horak
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.