This is an automated email from the ASF dual-hosted git repository. szaszm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
commit e55676e9bcd2a57f62f5e593bc6e0dcbd9070f2a Author: Gabor Gyimesi <[email protected]> AuthorDate: Fri Mar 28 15:43:12 2025 +0100 MINIFICPP-2546 Allow use of MD5 algorithm in HashContent processor in FIPS mode Closes #1949 Signed-off-by: Marton Szasz <[email protected]> --- docker/test/integration/features/hashcontent.feature | 12 ++++++++++++ extensions/standard-processors/processors/HashContent.h | 9 +++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/docker/test/integration/features/hashcontent.feature b/docker/test/integration/features/hashcontent.feature index 5ca52419a..54cc607f7 100644 --- a/docker/test/integration/features/hashcontent.feature +++ b/docker/test/integration/features/hashcontent.feature @@ -51,3 +51,15 @@ Feature: Hash value is added to Flowfiles by HashContent processor And the "failure" relationship of the HashContent processor is connected to the PutFile When the MiNiFi instance starts up Then at least one empty flowfile is placed in the monitored directory in less than 10 seconds + + Scenario Outline: HashContent can use MD5 in FIPS mode + Given OpenSSL FIPS mode is enabled in MiNiFi + And a GetFile processor with the "Input Directory" property set to "/tmp/input" + And a file with the content apple is present in "/tmp/input" + And a HashContent processor with the "Hash Attribute" property set to "hash" + And the "Hash Algorithm" property of the HashContent processor is set to "MD5" + And a LogAttribute processor + And the "success" relationship of the GetFile processor is connected to the HashContent + And the "success" relationship of the HashContent processor is connected to the LogAttribute + When the MiNiFi instance starts up + Then the Minifi logs contain the following message: "key:hash value:1F3870BE274F6C49B3E31A0C6728957F" in less than 60 seconds diff --git a/extensions/standard-processors/processors/HashContent.h b/extensions/standard-processors/processors/HashContent.h index 865f84e0f..975e702bd 100644 --- a/extensions/standard-processors/processors/HashContent.h +++ b/extensions/standard-processors/processors/HashContent.h @@ -51,10 +51,15 @@ namespace { // NOLINT ret_val.second = 0; std::array<std::byte, HASH_BUFFER_SIZE> buffer{}; EVP_MD_CTX *context = EVP_MD_CTX_new(); - const auto guard = gsl::finally([&context]() { + EVP_MD *md5 = EVP_MD_fetch(nullptr, "MD5", "-fips"); + const auto guard = gsl::finally([&context, &md5]() { + EVP_MD_free(md5); EVP_MD_CTX_free(context); }); - EVP_DigestInit_ex(context, EVP_md5(), nullptr); + if (!md5) { + return ret_val; + } + EVP_DigestInit_ex(context, md5, nullptr); size_t ret = 0; do {
