jaydoane commented on code in PR #4443: URL: https://github.com/apache/couchdb/pull/4443#discussion_r1117633499
########## rel/overlay/etc/vm.args: ########## @@ -99,3 +99,15 @@ #-proto_dist couch #-couch_dist no_tls '"[email protected]"' #-ssl_dist_optfile <path/to/couch_ssl_dist.conf> + +# Enable FIPS mode +# https://www.erlang.org/doc/apps/crypto/fips.html +# Ensure that: +# - Erlang is built with --enable-fips configuration option +# - Crypto library (e.g. OpenSSL) supports this mode +# +# When the mode was successfully enabled "Welcome" message should show `fips` +# in the features list. If `fips` doesn't show up in the features list, FIPS +# mode was not enabled. Review Comment: s/was/is/ ? ########## rel/overlay/etc/vm.args: ########## @@ -99,3 +99,15 @@ #-proto_dist couch #-couch_dist no_tls '"[email protected]"' #-ssl_dist_optfile <path/to/couch_ssl_dist.conf> + +# Enable FIPS mode +# https://www.erlang.org/doc/apps/crypto/fips.html +# Ensure that: +# - Erlang is built with --enable-fips configuration option +# - Crypto library (e.g. OpenSSL) supports this mode +# +# When the mode was successfully enabled "Welcome" message should show `fips` Review Comment: s/was/is/ ? ########## src/couch/src/couch_hash.erl: ########## @@ -31,15 +31,27 @@ md5_hash_update(Context, Data) -> -else. md5_hash(Data) -> - crypto:hash(md5, Data). + case config:is_enabled(fips) of + true -> erlang:md5(Data); + false -> crypto:hash(md5, Data) Review Comment: I found https://www.erlang.org/doc/apps/crypto/fips.html#avoid-md5-for-hashing which says: > For exceptional, non-cryptographic use cases one may consider switching to `erlang:md5/1` as well. Would it be worth linking to that documentation, and/or maybe documenting the difference between these two md5 algorithms? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
