[MDEV-7788] my_md5 crashes with openssl in fips mode Created: 2015-03-16 Updated: 2015-05-03 Resolved: 2015-05-03 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | SSL |
| Affects Version/s: | 10.0 |
| Fix Version/s: | 10.0.18 |
| Type: | Bug | Priority: | Major |
| Reporter: | Sergei Golubchik | Assignee: | Sergei Golubchik |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | fips, ssl | ||
| Attachments: |
EVP_MD_CTX_FLAG_NON_FIPS_ALLOW.patch
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Description |
|
When FIPS is enabled (/proc/sys/crypto/fips_enabled is 1), OpenSSL disabled MD5, so my_md5() — that uses OpenSSL — doesn't work. It causes numerous failures and crashes as md5 is used internally for various purposes (e.g. checksums of views, MD5() SQL function, etc). The fix is to tell OpenSSL that MariaDB needs MD5 even if FIPS disables it. This is fine as long as it's not used for cryptographic purposes. |