mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 03:52:35 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDEV-7788 my_md5 crashes with openssl in fips mode

Browse source 
Tell OpenSSL to use MD5 even if FIPS prohibits it.
This is fine as long as we do not use MD5 for cryptographical
purposes (md5 is used internally for P_S message digests and for view
checksums)
This commit is contained in:
Sergei Golubchik 2015-05-01 18:52:29 +02:00
parent cc12a35cde
commit 93c563d37b
1 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
mysys_ssl/my_md5.cc
View file

@ -37,14 +37,20 @@ static void my_md5_hash(char *digest, const char *buf, int len)
}
#elif defined(HAVE_OPENSSL)
#include <openssl/md5.h>
#include <openssl/evp.h>
static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)
static void my_md5_hash(uchar* digest, const uchar *buf, uint len)
{
MD5_CTX ctx;
MD5_Init (&ctx);
MD5_Update (&ctx, buf, len);
MD5_Final (digest, &ctx);
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* Ok to ignore FIPS: MD5 is not used for crypto here */
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
EVP_DigestUpdate(&ctx, buf, len);
EVP_DigestFinal(&ctx, digest, &len);
EVP_MD_CTX_cleanup(&ctx);
}
#endif /* HAVE_YASSL */