diff --git a/mysql-test/include/have_des.inc b/mysql-test/include/have_des.inc new file mode 100644 index 00000000000..5abdaf6e2aa --- /dev/null +++ b/mysql-test/include/have_des.inc @@ -0,0 +1,6 @@ +# in the FIPS mode, OpenSSL disables DES and other weak algorithms +source include/have_ssl_crypto_functs.inc; + +if (`select des_encrypt("a", "b") IS NULL`) { + skip DES is disabled (fips mode?); +} diff --git a/mysql-test/t/func_des_encrypt.test b/mysql-test/t/func_des_encrypt.test index e121aedab06..c9661b81cc0 100644 --- a/mysql-test/t/func_des_encrypt.test +++ b/mysql-test/t/func_des_encrypt.test @@ -1,4 +1,4 @@ --- source include/have_ssl_crypto_functs.inc +-- source include/have_des.inc # This test can't be in func_encrypt.test, because it requires # --des-key-file to not be set. diff --git a/mysql-test/t/func_encrypt.test b/mysql-test/t/func_encrypt.test index 18fb072966b..e24cb80f995 100644 --- a/mysql-test/t/func_encrypt.test +++ b/mysql-test/t/func_encrypt.test @@ -1,4 +1,4 @@ --- source include/have_ssl_crypto_functs.inc +-- source include/have_des.inc --disable_warnings drop table if exists t1; diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 3b8bc1580bb..4ea3075e69c 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -828,9 +828,10 @@ String *Item_func_des_encrypt::val_str(String *str) /* We make good 24-byte (168 bit) key from given plaintext key with MD5 */ bzero((char*) &ivec,sizeof(ivec)); - EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, + if (!EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, (uchar*) keystr->ptr(), (int) keystr->length(), - 1, (uchar*) &keyblock,ivec); + 1, (uchar*) &keyblock,ivec)) + goto error; DES_set_key_unchecked(&keyblock.key1,&keyschedule.ks1); DES_set_key_unchecked(&keyblock.key2,&keyschedule.ks2); DES_set_key_unchecked(&keyblock.key3,&keyschedule.ks3); @@ -921,9 +922,10 @@ String *Item_func_des_decrypt::val_str(String *str) goto error; bzero((char*) &ivec,sizeof(ivec)); - EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, + if (!EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, (uchar*) keystr->ptr(),(int) keystr->length(), - 1,(uchar*) &keyblock,ivec); + 1,(uchar*) &keyblock,ivec)) + goto error; // Here we set all 64-bit keys (56 effective) one by one DES_set_key_unchecked(&keyblock.key1,&keyschedule.ks1); DES_set_key_unchecked(&keyblock.key2,&keyschedule.ks2);