diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2016-04-22 13:13:48 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2016-04-24 18:15:20 +0200 |
| commit | 797cadce47ecacd9dff2ee4829786e0be3009748 (patch) | |
| tree | 74b2d00cc929dd3873a152047f0fb11bed053bd8 | |
| parent | 906f97d3108df8370489f1f5a2531d8a43d8ce1a (diff) | |
| download | mariadb-git-797cadce47ecacd9dff2ee4829786e0be3009748.tar.gz | |
MDEV-8482 mysql-test - main.func_encrypt fails if FIPS=1
* check for openssl errors in DES_ENCRYPT/DES_DECRYPT
* disable the test when DES doesn't work
* also disable main.func_des_encrypt
| -rw-r--r-- | mysql-test/include/have_des.inc | 6 | ||||
| -rw-r--r-- | mysql-test/t/func_des_encrypt.test | 2 | ||||
| -rw-r--r-- | mysql-test/t/func_encrypt.test | 2 | ||||
| -rw-r--r-- | sql/item_strfunc.cc | 10 |
4 files changed, 14 insertions, 6 deletions
diff --git a/mysql-test/include/have_des.inc b/mysql-test/include/have_des.inc new file mode 100644 index 00000000000..5abdaf6e2aa --- /dev/null +++ b/mysql-test/include/have_des.inc @@ -0,0 +1,6 @@ +# in the FIPS mode, OpenSSL disables DES and other weak algorithms +source include/have_ssl_crypto_functs.inc; + +if (`select des_encrypt("a", "b") IS NULL`) { + skip DES is disabled (fips mode?); +} diff --git a/mysql-test/t/func_des_encrypt.test b/mysql-test/t/func_des_encrypt.test index e121aedab06..c9661b81cc0 100644 --- a/mysql-test/t/func_des_encrypt.test +++ b/mysql-test/t/func_des_encrypt.test @@ -1,4 +1,4 @@ --- source include/have_ssl_crypto_functs.inc +-- source include/have_des.inc # This test can't be in func_encrypt.test, because it requires # --des-key-file to not be set. diff --git a/mysql-test/t/func_encrypt.test b/mysql-test/t/func_encrypt.test index 18fb072966b..e24cb80f995 100644 --- a/mysql-test/t/func_encrypt.test +++ b/mysql-test/t/func_encrypt.test @@ -1,4 +1,4 @@ --- source include/have_ssl_crypto_functs.inc +-- source include/have_des.inc --disable_warnings drop table if exists t1; diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index 3b8bc1580bb..4ea3075e69c 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -828,9 +828,10 @@ String *Item_func_des_encrypt::val_str(String *str) /* We make good 24-byte (168 bit) key from given plaintext key with MD5 */ bzero((char*) &ivec,sizeof(ivec)); - EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, + if (!EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, (uchar*) keystr->ptr(), (int) keystr->length(), - 1, (uchar*) &keyblock,ivec); + 1, (uchar*) &keyblock,ivec)) + goto error; DES_set_key_unchecked(&keyblock.key1,&keyschedule.ks1); DES_set_key_unchecked(&keyblock.key2,&keyschedule.ks2); DES_set_key_unchecked(&keyblock.key3,&keyschedule.ks3); @@ -921,9 +922,10 @@ String *Item_func_des_decrypt::val_str(String *str) goto error; bzero((char*) &ivec,sizeof(ivec)); - EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, + if (!EVP_BytesToKey(EVP_des_ede3_cbc(),EVP_md5(),NULL, (uchar*) keystr->ptr(),(int) keystr->length(), - 1,(uchar*) &keyblock,ivec); + 1,(uchar*) &keyblock,ivec)) + goto error; // Here we set all 64-bit keys (56 effective) one by one DES_set_key_unchecked(&keyblock.key1,&keyschedule.ks1); DES_set_key_unchecked(&keyblock.key2,&keyschedule.ks2); |