MDEV-7788 my_md5 crashes with openssl in fips mode

Tell OpenSSL to use MD5 even if FIPS prohibits it. This is fine as long as we do not use MD5 for cryptographical purposes (md5 is used internally for P_S message digests and for view checksums)

MDEV-7788 my_md5 crashes with openssl in fips mode
Tell OpenSSL to use MD5 even if FIPS prohibits it. This is fine as long as we do not use MD5 for cryptographical purposes (md5 is used internally for P_S message digests and for view checksums)
93c563d3 · Sergei Golubchik · cc12a35c · 93c563d3
Commit 93c563d3 authored May 01, 2015 by Sergei Golubchik
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 6 deletions

mysys_ssl/my_md5.cc mysys_ssl/my_md5.cc +12 -6

No files found.
--- a/mysys_ssl/my_md5.cc
+++ b/mysys_ssl/my_md5.cc
@@ -37,14 +37,20 @@ static void my_md5_hash(char *digest, const char *buf, int len)
 }
 #elif defined(HAVE_OPENSSL)
-#include <openssl/md5.h>
+#include <openssl/evp.h>
-static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)
+static void my_md5_hash(uchar* digest, const uchar *buf, uint len)
 {
-  MD5_CTX ctx;
+  EVP_MD_CTX ctx;
-  MD5_Init (&ctx);
+  EVP_MD_CTX_init(&ctx);
-  MD5_Update (&ctx, buf, len);
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
-  MD5_Final (digest, &ctx);
+  /* Ok to ignore FIPS: MD5 is not used for crypto here */
+  EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+#endif
+  EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+  EVP_DigestUpdate(&ctx, buf, len);
+  EVP_DigestFinal(&ctx, digest, &len);
+  EVP_MD_CTX_cleanup(&ctx);
 }
 #endif /* HAVE_YASSL */