lucenenet-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Drew Mace (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LUCENENET-175) Add FIPS compliance to lucene.net
Date Wed, 03 Oct 2012 21:31:07 GMT

    [ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13468853#comment-13468853
] 

Drew Mace commented on LUCENENET-175:
-------------------------------------

Digy,
We currently have an app using v2.9.4.1 and have run into the FIPSCompliant issue as described
above.  I got the latest stable source (2.9.4.4) and saw the Cryptography class in the SupportClass.cs
file.  Just to be sure, to run a FIPSCompliant version of Lucene.Net, we will have to recompile
the source, changing the FIPSCompliant variable in the class to default to true?  Is there
an API alternative that is being considered to tackle this?

Thanks in advance for you input.

Drew
                
> Add FIPS compliance to lucene.net
> ---------------------------------
>
>                 Key: LUCENENET-175
>                 URL: https://issues.apache.org/jira/browse/LUCENENET-175
>             Project: Lucene.Net
>          Issue Type: Improvement
>         Environment: CLR 2.0; DOT.NET
>            Reporter: Torsten Rendelmann
>         Attachments: FIPS_COMLIANCE.patch, LUCENENET-175.rar, LUCENENET-175.rar
>
>   Original Estimate: 0.25h
>  Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene
to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch 
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> 					// use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html
)
> 					DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> 					// use the java compatible hash algorithm:
>  					DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message