diff options
author | Sergei Golubchik <serg@mariadb.org> | 2018-01-29 15:10:31 +0100 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2018-01-30 21:28:16 +0100 |
commit | ad0013c8e2b01acf2128580599aa6d54bf234b2d (patch) | |
tree | 1469d2542e5a37b55c82c1ff235e91aeca85d805 /mysys_ssl/my_crypt.cc | |
parent | fb24eb87a85d646048ccd719ee1d9527332400b1 (diff) | |
download | mariadb-git-ad0013c8e2b01acf2128580599aa6d54bf234b2d.tar.gz |
MDEV-14343 Server crash on FIPS with openssl-1.0.2k
don't use internal undocumented OpenSSL functionality
Diffstat (limited to 'mysys_ssl/my_crypt.cc')
-rw-r--r-- | mysys_ssl/my_crypt.cc | 23 |
1 files changed, 2 insertions, 21 deletions
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc index a0937a83e17..439339423cd 100644 --- a/mysys_ssl/my_crypt.cc +++ b/mysys_ssl/my_crypt.cc @@ -26,6 +26,7 @@ #include <openssl/evp.h> #include <openssl/aes.h> #include <openssl/err.h> +#include <openssl/rand.h> #ifdef HAVE_ERR_remove_thread_state #define ERR_remove_state(X) ERR_remove_thread_state(NULL) @@ -292,31 +293,11 @@ unsigned int my_aes_ctx_size(enum my_aes_mode) return MY_AES_CTX_SIZE; } -#ifdef HAVE_YASSL -#include <random.hpp> -int my_random_bytes(uchar* buf, int num) -{ - TaoCrypt::RandomNumberGenerator rand; - rand.GenerateBlock((TaoCrypt::byte*) buf, num); - return MY_AES_OK; -} -#else -#include <openssl/rand.h> - int my_random_bytes(uchar *buf, int num) { - /* - Unfortunately RAND_bytes manual page does not provide any guarantees - in relation to blocking behavior. Here we explicitly use SSLeay random - instead of whatever random engine is currently set in OpenSSL. That way - we are guaranteed to have a non-blocking random. - */ - RAND_METHOD *rand = RAND_SSLeay(); - if (rand == NULL || rand->bytes(buf, num) != 1) + if (RAND_bytes(buf, num) != 1) return MY_AES_OPENSSL_ERROR; return MY_AES_OK; } -#endif } - |