Yes, "#if FIPS_COMPLIANT" seems to be a good solution but its java incompatibility should be commented somewhere.
Can you open a JIRA issue for that? DIGY From: Torsten Rendelmann [mailto:[email protected]] Sent: Saturday, March 07, 2009 10:36 PM To: [email protected] Subject: RE: FIPS compliance? As far as I can see in lucene code the FSDirectory is the only place it exist. I think, changing to use a FIPS compliant algorithm to calc the lock file name is "safe" (mean: java-compat.) - the only case where I can see the may have to use the same algorithm is if a java-lucene impl. access the index with a writer at the same time as lucene.net - that would be rarely the case: writing to the same index is only allowed by one writer But if you don't like it to change, maybe I can provide a patch with a "#if FIPS_COMPLIANT" switch construct that is off by default (to be java compatible if you like) ? Torsten From: DIGY [mailto:[email protected]] Sent: Saturday, March 07, 2009 8:27 PM To: [email protected] Subject: RE: FIPS compliance? Lucene.Java also uses MD5 and Lucene.Net is supposed to be compatible with it at API and index level. Therefore, unless java version changes the hash algorithm, I don't think that a code change can be done in Lucene.Net. DIGY From: Torsten Rendelmann [mailto:[email protected]] Sent: Saturday, March 07, 2009 8:00 PM To: [email protected] Cc: [email protected] Subject: FIPS compliance? Importance: High Hi, I just got back user complaints about this: System.TypeInitializationException: The type initializer for 'Lucene.Net.Store.FSDirectory' threw an exception. ---> System.SystemException: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: This implementation is not part of the Windows Platform FIPS validated cryptographic algorithms. at System.Security.Cryptography.MD5CryptoServiceProvider..ctor() --- End of inner exception stack trace --- We use an older version (2.0.x) of lucense.net in our public release, but as I see in FSDirectory type initializer there is still the MD5-non-FIPS compliant hash provider in use. What is the best way to get a FIPS compliant lucene.net assembly? I can change the code manually here, but then I have to apply that every time we adopt a newer version L Useful link: http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic- algorithms.html Any hints? Torsten Torsten Rendelmann Bergstr. 26 88138 Weissensberg Germany near Lindau (Lake of Constance) <mailto:[email protected]> [email protected] <http://www.rendelmann.info/blog/> http://www.rendelmann.info/blog/ tel: <http://www.plaxo.com/click_to_call?src=jj_signature&To=%2B49+8389+984490&Em [email protected]> +49 8389 984490 <https://www.plaxo.com/add_me?u=30065227899&v0=910826&k0=614476248&v1=910827 &k1=620516059> Add me to your address book... <http://www.plaxo.com/signature> Want a signature like this? __________ Information from ESET NOD32 Antivirus, version of virus signature database 3917 (20090307) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
