[jira] [Commented] (LUCENENET-175) Add FIPS compliance to lucene.net

[Drew Mace (JIRA)]

    [ 
https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13468853#comment-13468853
 ] 

Drew Mace commented on LUCENENET-175:
-------------------------------------

Digy,
We currently have an app using v2.9.4.1 and have run into the FIPSCompliant 
issue as described above.  I got the latest stable source (2.9.4.4) and saw the 
Cryptography class in the SupportClass.cs file.  Just to be sure, to run a 
FIPSCompliant version of Lucene.Net, we will have to recompile the source, 
changing the FIPSCompliant variable in the class to default to true?  Is there 
an API alternative that is being considered to tackle this?

Thanks in advance for you input.

Drew
                
> Add FIPS compliance to lucene.net
> ---------------------------------
>
>                 Key: LUCENENET-175
>                 URL: https://issues.apache.org/jira/browse/LUCENENET-175
>             Project: Lucene.Net
>          Issue Type: Improvement
>         Environment: CLR 2.0; DOT.NET
>            Reporter: Torsten Rendelmann
>         Attachments: FIPS_COMLIANCE.patch, LUCENENET-175.rar, 
> LUCENENET-175.rar
>
>   Original Estimate: 0.25h
>  Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS 
> compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET 
> port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch 
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
>                                       // use a FIPS compliant algorithm (see 
> also 
> http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html
>  )
>                                       DIGESTER = 
> System.Security.Cryptography.SHA1.Create();
> #else
>                                       // use the java compatible hash 
> algorithm:
>                                       DIGESTER = 
> System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira