[#MDEV-27778] md5 in FIPS crashes with OpenSSL 3.0.0

[MDEV-27778] md5 in FIPS crashes with OpenSSL 3.0.0 Created: 2022-02-08 Updated: 2023-10-06 Resolved: 2022-02-24
Status:	Closed
Project:	MariaDB Server
Component/s:	SSL
Affects Version/s:	10.8.1
Fix Version/s:	10.8.3

Type:

Bug

Priority:

Critical

Reporter:

Honza Horak

Assignee:

Sergei Golubchik

Resolution:

Fixed

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MDEV-27729~~	test with FIPS mode in buildbot	Closed
relates to	MDEV-32368	Docker image crashes on launch with O...	Open

Description

Related to ~~MDEV-25785~~ and ~~MDEV-7788~~. With FIPS enabled, md5 does not work when compiled with OpenSSL 3.0.0.

OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer. In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while in 3.0.0+ it is a different EVP_MD provider.

Comments

Comment by Honza Horak [ 2022-02-08 ]

Patch suggested as https://github.com/MariaDB/server/pull/2010

Comment by Sergei Golubchik [ 2022-02-08 ]

Thanks! This is very relevant to a recent effort to get FIPS working.

There's a recently created ~~MDEV-27729~~ about testing FIPS mode in buildbot. If we'd had it before, we would've noticed and fixed this md5 crash ourselves. Sorry for this.

I'll apply your PR after the ~~MDEV-27729~~ is done, which is planned to happen before the next (10.8.2) release.

Generated at Thu Feb 08 09:55:30 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-27778] md5 in FIPS crashes with OpenSSL 3.0.0 Created: 2022-02-08 Updated: 2023-10-06 Resolved: 2022-02-24