[MDEV-7788] my_md5 crashes with openssl in fips mode - JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0
Fix Version/s: 10.0.18
Component/s: SSL
Labels:
- fips
- ssl

Description

When FIPS is enabled (/proc/sys/crypto/fips_enabled is 1), OpenSSL disabled MD5, so my_md5() — that uses OpenSSL — doesn't work. It causes numerous failures and crashes as md5 is used internally for various purposes (e.g. checksums of views, MD5() SQL function, etc).

The fix is to tell OpenSSL that MariaDB needs MD5 even if FIPS disables it. This is fine as long as it's not used for cryptographic purposes.

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

EVP_MD_CTX_FLAG_NON_FIPS_ALLOW.patch
0.9 kB
2015-03-16 18:32

Issue Links

relates to

MDEV-7695 MariaDB - ssl - fips: can not connect with --ssl-cipher=DHE-RSA-AES256-SHA - handshake failure

Closed

MDEV-7794 MariaDB - mysql-test - fips: some ssl tests with cipher are failing

Closed

Activity

There are no comments yet on this issue.

People

Assignee:

Sergei Golubchik

Reporter:

Sergei Golubchik

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2015-03-16 18:30

Updated:

2015-05-03 21:10

Resolved:

2015-05-03 21:10

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

30m

Agile

View on Board