MDEV-7788 my_md5 crashes with openssl in fips mode

Tell OpenSSL to use MD5 even if FIPS prohibits it. This is fine as long as we do not use MD5 for cryptographical purposes (md5 is used internally for P_S message digests and for view checksums)
author: Sergei Golubchik <serg@mariadb.org> 2015-05-01 18:52:29 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2015-05-03 11:22:02 +0200
commit: 93c563d37b9d1c2673fdb10b970b4f3e8b41ee2d (patch)
tree: d7bd86f0da24fa3c60a4d48600024ed51bdc48c0 /mysys_ssl
parent: cc12a35cde453a4384a2e99282c3281308c427a9 (diff)
download: mariadb-git-93c563d37b9d1c2673fdb10b970b4f3e8b41ee2d.tar.gz
1 files changed, 12 insertions, 6 deletions
diff --git a/mysys_ssl/my_md5.cc b/mysys_ssl/my_md5.cc
index 4c14366a4e3..4e362e647a1 100644
--- a/mysys_ssl/my_md5.cc
+++ b/mysys_ssl/my_md5.cc
@@ -37,14 +37,20 @@ static void my_md5_hash(char *digest, const char *buf, int len)
 }
 
 #elif defined(HAVE_OPENSSL)
-#include <openssl/md5.h>
+#include <openssl/evp.h>
 
-static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)
+static void my_md5_hash(uchar* digest, const uchar *buf, uint len)
 {
-  MD5_CTX ctx;
-  MD5_Init (&ctx);
-  MD5_Update (&ctx, buf, len);
-  MD5_Final (digest, &ctx);
+  EVP_MD_CTX ctx;
+  EVP_MD_CTX_init(&ctx);
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+  /* Ok to ignore FIPS: MD5 is not used for crypto here */
+  EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
+  EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+  EVP_DigestUpdate(&ctx, buf, len);
+  EVP_DigestFinal(&ctx, digest, &len);
+  EVP_MD_CTX_cleanup(&ctx);
 }
 
 #endif /* HAVE_YASSL */
author	Sergei Golubchik <serg@mariadb.org>	2015-05-01 18:52:29 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2015-05-03 11:22:02 +0200
commit	93c563d37b9d1c2673fdb10b970b4f3e8b41ee2d (patch)
tree	d7bd86f0da24fa3c60a4d48600024ed51bdc48c0 /mysys_ssl
parent	cc12a35cde453a4384a2e99282c3281308c427a9 (diff)
download	mariadb-git-93c563d37b9d1c2673fdb10b970b4f3e8b41ee2d.tar.gz