Added to address RHBZ#1449689

Original patch notes from <hhorak@redhat.com> follows:

...

In FIPS mode there is no md5 by default, unless declared it is specifically

allowed. MD5 is used for non-crypto related things in MySQL (digests related

to performance schema and table list), so it is ok to use MD5 there.

However, there is also MD5() SQL function, that should still keep working,

but users should know they should avoid using it in FIPS mode.

RHBZ: #1351791

Upstream bug reports:

http://bugs.mysql.com/bug.php?id=83696

https://jira.mariadb.org/browse/MDEV-7788

diff -Naurp mysql-5.7.18_original/mysys_ssl/my_md5.cc mysql-5.7.18_patched/mysys_ssl/my_md5.cc

--- mysql-5.7.18_original/mysys_ssl/my_md5.cc	2017-03-18 08:45:14.000000000 +0100

+++ mysql-5.7.18_patched/mysys_ssl/my_md5.cc	2017-05-12 12:19:38.584814619 +0200

@@ -38,13 +38,22 @@ static void my_md5_hash(char *digest, co

 #elif defined(HAVE_OPENSSL)

 #include <openssl/md5.h>

+#include <openssl/evp.h>

 static void my_md5_hash(unsigned char* digest, unsigned const char *buf, int len)

 {

-  MD5_CTX ctx;

-  MD5_Init (&ctx;;

-  MD5_Update (&ctx, buf, len);

-  MD5_Final (digest, &ctx;;

+ EVP_MD_CTX *ctx;

+ ctx = EVP_MD_CTX_create();

+

+ #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW

+  /* we will be using MD5, which is not allowed under FIPS */

+  EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);

+ #endif

+

+ EVP_DigestInit_ex(ctx, EVP_md5(), NULL);

+ EVP_DigestUpdate(ctx, buf, len);

+ EVP_DigestFinal_ex(ctx, digest, NULL);

+ EVP_MD_CTX_destroy(ctx);

 }

 #endif /* HAVE_YASSL */