6a32704ac7
Related: #1449689
51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
Added to address RHBZ#1449689
|
|
|
|
Original patch notes from <hhorak@redhat.com> follows:
|
|
|
|
...
|
|
|
|
In FIPS mode there is no md5 by default, unless declared it is specifically
|
|
allowed. MD5 is used for non-crypto related things in MySQL (digests related
|
|
to performance schema and table list), so it is ok to use MD5 there.
|
|
|
|
However, there is also MD5() SQL function, that should still keep working,
|
|
but users should know they should avoid using it in FIPS mode.
|
|
|
|
RHBZ: #1351791
|
|
|
|
Upstream bug reports:
|
|
http://bugs.mysql.com/bug.php?id=83696
|
|
https://jira.mariadb.org/browse/MDEV-7788
|
|
|
|
|
|
diff -Naurp mysql-5.7.18_original/mysys_ssl/my_md5.cc mysql-5.7.18_patched/mysys_ssl/my_md5.cc
|
|
--- mysql-5.7.18_original/mysys_ssl/my_md5.cc 2017-03-18 08:45:14.000000000 +0100
|
|
+++ mysql-5.7.18_patched/mysys_ssl/my_md5.cc 2017-05-12 12:19:38.584814619 +0200
|
|
@@ -38,13 +38,22 @@ static void my_md5_hash(char *digest, co
|
|
|
|
#elif defined(HAVE_OPENSSL)
|
|
#include <openssl/md5.h>
|
|
+#include <openssl/evp.h>
|
|
|
|
static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)
|
|
{
|
|
- MD5_CTX ctx;
|
|
- MD5_Init (&ctx);
|
|
- MD5_Update (&ctx, buf, len);
|
|
- MD5_Final (digest, &ctx);
|
|
+ EVP_MD_CTX *ctx;
|
|
+ ctx = EVP_MD_CTX_create();
|
|
+
|
|
+ #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
|
|
+ /* we will be using MD5, which is not allowed under FIPS */
|
|
+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
|
+ #endif
|
|
+
|
|
+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
|
|
+ EVP_DigestUpdate(ctx, buf, len);
|
|
+ EVP_DigestFinal_ex(ctx, digest, NULL);
|
|
+ EVP_MD_CTX_destroy(ctx);
|
|
}
|
|
|
|
#endif /* HAVE_YASSL */
|