nickva commented on issue #1171: couchdb unable to run on FIPS enabled CentOS URL: https://github.com/apache/couchdb/issues/1171#issuecomment-370601327 Like @rnewson mentioned it is about the FIPS check. `erlang:md5` seems to be there in every supported Erlang version R16B03 -> 20.0. `crypto:info_fips()` is a newer function and only present since 20.0 http://erlang.org/doc/man/crypto.html#info_fips-0 At first thought it would seem why not just switch all uses of md5 to `erlang:md5` but it turns out it can be quite a bit slower for large values. For 4MB binaries for example: ``` 3> f(Bin), Bin = crypto:strong_rand_bytes(1 bsl 22). <<93,...>> 4> timer:tc(fun() -> crypto:hash(md5, Bin) end ). {6929, <<75,...>>} 5> timer:tc(fun() -> crypto:hash(md5, Bin) end ). {7064, <<75,...>>} 6> timer:tc(fun() -> erlang:md5(Bin) end ). {40849, <<75,...>>} 7> timer:tc(fun() -> erlang:md5(Bin) end ). {85613, <<75,...>>} ``` (The result of `timer:tc/1` is `{Microseconds, FunResult}`) Maybe you'd want to move the md5 calculation to `couch_util` and provide a macro can be used at compile to to pick between the implementations. If FIPS_MODE enabled you'd pick erlang:md5 otherwise use the other one. We recently did a similar macro thing for some of random functions: https://github.com/apache/couchdb/blob/75984da4b22003d0e46a9fe1001978d999387636/src/couch/src/couch_rand.erl https://github.com/apache/couchdb/blob/a99cc6fda04e35e2266953a73a182c724ed928de/src/couch/rebar.config.script#L138
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services