[kudu-CR] Add option to enforce FIPS approved mode

Wed, 28 Oct 2020 12:43:19 -0700 

Alexey Serbin has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/16657 )

Change subject: Add option to enforce FIPS approved mode
......................................................................


Patch Set 6:

(2 comments)

http://gerrit.cloudera.org:8080/#/c/16657/6/src/kudu/security/openssl_util.cc
File src/kudu/security/openssl_util.cc:

http://gerrit.cloudera.org:8080/#/c/16657/6/src/kudu/security/openssl_util.cc@196
PS6, Line 196:   auto require_fips_mode = getenv("KUDU_REQUIRE_FIPS_MODE");
             :   if (require_fips_mode && strcmp("1", require_fips_mode) == 0) {
We have GetBooleanEnvironmentVariable() in test_util.cc to handle this.


http://gerrit.cloudera.org:8080/#/c/16657/6/src/kudu/security/openssl_util.cc@198
PS6, Line 198:     CHECK(fips_mode) << "FIPS mode required by environment 
variable "
             :                         "KUDU_REQUIRE_FIPS_MODE, but it is not 
enabled.";
> Not sure. Are you suggesting to wrap the FIPS_mode() in another function ca
I don't think we need to mock anything here when running against 
non-FIPS-enabled OpenSSL library.  The idea is to set the 
KUDU_REQUIRE_FIPS_MODE environment variable in a test code and then try to 
start mini-cluster.  It allowed not to crash only if FIPS_mode() returns 1.  If 
there are some issues with running internal mini-cluster's components, I guess 
it might be possible to get cleaner results with external mini-cluster.



--
To view, visit http://gerrit.cloudera.org:8080/16657
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I98a6a8b3330ea0b372b188690fadd4d312d8bf93
Gerrit-Change-Number: 16657
Gerrit-PatchSet: 6
Gerrit-Owner: Attila Bukor <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Andrew Wong <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Grant Henke <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Tidy Bot (241)
Gerrit-Reviewer: Wenzhe Zhou <[email protected]>
Gerrit-Comment-Date: Wed, 28 Oct 2020 19:43:07 +0000
Gerrit-HasComments: Yes

Reply via email to