[Impala-ASF-CR] WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/16630 ) Change subject: WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode .. Patch Set 2: Build Failed https://jenkins.impala.io/job/gerrit-code-review-checks/7534/ : Initial code review checks failed. See linked job for details on the failure. -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 2 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Thu, 22 Oct 2020 21:52:08 + Gerrit-HasComments: No
[Impala-ASF-CR] WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/16630 ) Change subject: WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode .. Patch Set 3: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/7535/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 3 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou Gerrit-Comment-Date: Thu, 22 Oct 2020 21:52:33 + Gerrit-HasComments: No
[Impala-ASF-CR] WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
Wenzhe Zhou has uploaded a new patch set (#3). ( http://gerrit.cloudera.org:8080/16630 ) Change subject: WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode .. WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode To compliant with FIPS requirement, we should use OpenSSL libraries for cryptographic hash functions, instead of own hash functions. This patch replace MD5 and SHA1 functions in Squeasel Web server with OpenSSL APIs. It also turn off HTTP Digest Authorization in FIPS mode since Digest Authorization use MD5 hash. Testing: - Passed core tests. - TODO: Verify HTTP Digest Authorization could not be enabled on FIPS enabled cluster. Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f --- M be/src/thirdparty/squeasel/squeasel.c M be/src/util/webserver.cc 2 files changed, 38 insertions(+), 11 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/30/16630/3 -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 3 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou
[Impala-ASF-CR] WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
Wenzhe Zhou has uploaded a new patch set (#2). ( http://gerrit.cloudera.org:8080/16630 ) Change subject: WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode .. WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode To compliant with FIPS requirement, we should use OpenSSL libraries for cryptographic hash functions, instead of own hash functions. This patch replace MD5 and SHA1 functions in Squeasel Web server with OpenSSL APIs. It also turn off HTTP Digest Authorization in FIPS mode since Digest Authorization use MD5 hash. Testing: - Passed core tests. - TODO: Verify HTTP Digest Authorization could not be enabled on FIPS enabled cluster. Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f --- A Impala.cbp A be/ASSEMBLER.cbp M be/src/thirdparty/squeasel/squeasel.c M be/src/util/webserver.cc 4 files changed, 41,306 insertions(+), 11 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/30/16630/2 -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 2 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Impala Public Jenkins Gerrit-Reviewer: Wenzhe Zhou
[Impala-ASF-CR] WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/16630 ) Change subject: WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode .. Patch Set 1: Build Successful https://jenkins.impala.io/job/gerrit-code-review-checks/7532/ : Initial code review checks passed. Use gerrit-verify-dryrun-external or gerrit-verify-dryrun to run full precommit tests. -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 1 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Impala Public Jenkins Gerrit-Comment-Date: Thu, 22 Oct 2020 21:10:11 + Gerrit-HasComments: No
[Impala-ASF-CR] WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
Impala Public Jenkins has posted comments on this change. ( http://gerrit.cloudera.org:8080/16630 ) Change subject: WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode .. Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/16630/1/be/src/util/webserver.cc File be/src/util/webserver.cc: http://gerrit.cloudera.org:8080/#/c/16630/1/be/src/util/webserver.cc@400 PS1, Line 400: ss << "Webserver: Password file does not exist: " << FLAGS_webserver_password_file; line too long (91 > 90) -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 1 Gerrit-Owner: Wenzhe Zhou Gerrit-Reviewer: Impala Public Jenkins Gerrit-Comment-Date: Thu, 22 Oct 2020 20:55:42 + Gerrit-HasComments: Yes
[Impala-ASF-CR] WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
Wenzhe Zhou has uploaded this change for review. ( http://gerrit.cloudera.org:8080/16630 Change subject: WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode .. WIP IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode To compliant with FIPS requirement, we should use OpenSSL libraries for cryptographic hash functions, instead of own hash functions. This patch replace MD5 and SHA1 functions in Squeasel Web server with OpenSSL APIs. It also turn off HTTP Digest Authorization in FIPS mode since Digest Authorization use MD5 hash. Testing: - Passed core tests. - TODO: Verify HTTP Digest Authorization could not be enabled on FIPS enabled cluster. Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f --- M be/src/thirdparty/squeasel/squeasel.c M be/src/util/webserver.cc 2 files changed, 37 insertions(+), 11 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/30/16630/1 -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 1 Gerrit-Owner: Wenzhe Zhou