diff options
author | Honza Horak <hhorak@redhat.com> | 2022-02-08 16:39:10 +0100 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2022-07-04 12:49:11 +0200 |
commit | ef655669816d73a1d92fbf459b768abcc7cac296 (patch) | |
tree | 11cb032b4d9f0008376f7090855cd47fd22bc0ef /mysys_ssl | |
parent | 1dc09ce0fdcf556dfc57de3f012a455c6d54a951 (diff) | |
download | mariadb-git-ef655669816d73a1d92fbf459b768abcc7cac296.tar.gz |
MDEV-27778 md5 in FIPS crashes with OpenSSL 3.0.0
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
in 3.0.0+ it is a different EVP_MD provider.
Fixes #2010
part of MDEV-29000
Diffstat (limited to 'mysys_ssl')
-rw-r--r-- | mysys_ssl/my_md5.cc | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/mysys_ssl/my_md5.cc b/mysys_ssl/my_md5.cc index 407dee3bc69..75995bccf90 100644 --- a/mysys_ssl/my_md5.cc +++ b/mysys_ssl/my_md5.cc @@ -52,12 +52,23 @@ static void md5_result(EVP_MD_CTX *context, uchar digest[MD5_HASH_SIZE]) static void md5_init(EVP_MD_CTX *context) { +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + EVP_MD *md5; + EVP_MD_CTX_init(context); + /* Ok to ignore FIPS: MD5 is not used for crypto here */ + /* In OpenSSL 3.0.0+ it is a different EVP_MD provider */ + md5 = EVP_MD_fetch(NULL, "MD5", "fips=no"); + EVP_DigestInit_ex(context, md5, NULL); + EVP_MD_free(md5); +#else EVP_MD_CTX_init(context); #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW /* Ok to ignore FIPS: MD5 is not used for crypto here */ + /* In OpenSSL 1.1.1 the non FIPS allowed flag is context specific */ EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); #endif EVP_DigestInit_ex(context, EVP_md5(), NULL); +#endif } static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len) |