Commit 93c563d3 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-7788 my_md5 crashes with openssl in fips mode

Tell OpenSSL to use MD5 even if FIPS prohibits it.
This is fine as long as we do not use MD5 for cryptographical
purposes (md5 is used internally for P_S message digests and for view
checksums)
parent cc12a35c
......@@ -37,14 +37,20 @@ static void my_md5_hash(char *digest, const char *buf, int len)
}
#elif defined(HAVE_OPENSSL)
#include <openssl/md5.h>
#include <openssl/evp.h>
static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)
static void my_md5_hash(uchar* digest, const uchar *buf, uint len)
{
MD5_CTX ctx;
MD5_Init (&ctx);
MD5_Update (&ctx, buf, len);
MD5_Final (digest, &ctx);
EVP_MD_CTX ctx;
EVP_MD_CTX_init(&ctx);
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
/* Ok to ignore FIPS: MD5 is not used for crypto here */
EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
#endif
EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
EVP_DigestUpdate(&ctx, buf, len);
EVP_DigestFinal(&ctx, digest, &len);
EVP_MD_CTX_cleanup(&ctx);
}
#endif /* HAVE_YASSL */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment