summaryrefslogtreecommitdiff
path: root/mysys_ssl
diff options
context:
space:
mode:
authorSergei Golubchik <serg@mariadb.org>2018-01-29 15:10:31 +0100
committerSergei Golubchik <serg@mariadb.org>2018-01-30 21:28:16 +0100
commitad0013c8e2b01acf2128580599aa6d54bf234b2d (patch)
tree1469d2542e5a37b55c82c1ff235e91aeca85d805 /mysys_ssl
parentfb24eb87a85d646048ccd719ee1d9527332400b1 (diff)
downloadmariadb-git-ad0013c8e2b01acf2128580599aa6d54bf234b2d.tar.gz
MDEV-14343 Server crash on FIPS with openssl-1.0.2k
don't use internal undocumented OpenSSL functionality
Diffstat (limited to 'mysys_ssl')
-rw-r--r--mysys_ssl/my_crypt.cc23
-rw-r--r--mysys_ssl/yassl.cc1
2 files changed, 3 insertions, 21 deletions
diff --git a/mysys_ssl/my_crypt.cc b/mysys_ssl/my_crypt.cc
index a0937a83e17..439339423cd 100644
--- a/mysys_ssl/my_crypt.cc
+++ b/mysys_ssl/my_crypt.cc
@@ -26,6 +26,7 @@
#include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/err.h>
+#include <openssl/rand.h>
#ifdef HAVE_ERR_remove_thread_state
#define ERR_remove_state(X) ERR_remove_thread_state(NULL)
@@ -292,31 +293,11 @@ unsigned int my_aes_ctx_size(enum my_aes_mode)
return MY_AES_CTX_SIZE;
}
-#ifdef HAVE_YASSL
-#include <random.hpp>
-int my_random_bytes(uchar* buf, int num)
-{
- TaoCrypt::RandomNumberGenerator rand;
- rand.GenerateBlock((TaoCrypt::byte*) buf, num);
- return MY_AES_OK;
-}
-#else
-#include <openssl/rand.h>
-
int my_random_bytes(uchar *buf, int num)
{
- /*
- Unfortunately RAND_bytes manual page does not provide any guarantees
- in relation to blocking behavior. Here we explicitly use SSLeay random
- instead of whatever random engine is currently set in OpenSSL. That way
- we are guaranteed to have a non-blocking random.
- */
- RAND_METHOD *rand = RAND_SSLeay();
- if (rand == NULL || rand->bytes(buf, num) != 1)
+ if (RAND_bytes(buf, num) != 1)
return MY_AES_OPENSSL_ERROR;
return MY_AES_OK;
}
-#endif
}
-
diff --git a/mysys_ssl/yassl.cc b/mysys_ssl/yassl.cc
index 9717870fe26..e9f8e650347 100644
--- a/mysys_ssl/yassl.cc
+++ b/mysys_ssl/yassl.cc
@@ -26,6 +26,7 @@
#include "aes.hpp"
using yaSSL::yaERR_remove_state;
+using yaSSL::yaRAND_bytes;
#define EVP_CIPH_ECB_MODE 0x1
#define EVP_CIPH_CBC_MODE 0x2
View Lorry Controller Status