[LUCENENET-175] Add FIPS compliance to lucene.net - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None
Environment:

CLR 2.0; DOT.NET

Description

The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.

I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
file name is "safe" (mean: java-compat.) - the only case where I can see the
may have to use the same algorithm is if a java-lucene impl. access the
index with a writer at the same time as lucene.net - that would be rarely
the case: writing to the same index is only allowed by one writer.

First change required was to switch
private static System.Security.Cryptography.MD5 DIGESTER; to
private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;

Last change is this:
#if FIPS_COMLIANT
// use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
DIGESTER = System.Security.Cryptography.SHA1.Create();
#else
// use the java compatible hash algorithm:
DIGESTER = System.Security.Cryptography.MD5.Create();
#endif

I will attach the .patch to.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FIPS_COMLIANCE.patch
08/Mar/09 10:39
1.0 kB
Torsten Rendelmann
LUCENENET-175.rar
06/May/09 19:38
1 kB
Digy
LUCENENET-175.rar
16/Apr/09 19:43
0.9 kB
Digy

Issue Links

is duplicated by

LUCENENET-535 Add FIPS-Compliant flag that can be set at runtime

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Torsten Rendelmann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Mar/09 10:36

Updated:: 09/Jan/14 21:23

Resolved:: 19/May/09 19:35

Time Tracking

Estimated:

0.25h

Remaining:

0.25h

Logged:

Not Specified