MDEV-7788 my_md5 crashes with openssl in fips mode

Tell OpenSSL to use MD5 even if FIPS prohibits it. This is fine as long as we do not use MD5 for cryptographical purposes (md5 is used internally for P_S message digests and for view checksums)
MariaDB · May 3, 2015 · 93c563d · 93c563d
1 parent cc12a35
commit 93c563d
Showing 1 changed file with 12 additions and 6 deletions.
diff --git a/mysys_ssl/my_md5.cc b/mysys_ssl/my_md5.cc
@@ -37,14 +37,20 @@ static void my_md5_hash(char *digest, const char *buf, int len)
 }
 
 #elif defined(HAVE_OPENSSL)
-#include <openssl/md5.h>
+#include <openssl/evp.h>
 
-static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)
+static void my_md5_hash(uchar* digest, const uchar *buf, uint len)
 {
-  MD5_CTX ctx;
-  MD5_Init (&ctx);
-  MD5_Update (&ctx, buf, len);
-  MD5_Final (digest, &ctx);
+  EVP_MD_CTX ctx;
+  EVP_MD_CTX_init(&ctx);
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
+  /* Ok to ignore FIPS: MD5 is not used for crypto here */
+  EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
+  EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+  EVP_DigestUpdate(&ctx, buf, len);
+  EVP_DigestFinal(&ctx, digest, &len);
+  EVP_MD_CTX_cleanup(&ctx);
 }
 
 #endif /* HAVE_YASSL */