You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucenenet.apache.org by "Torsten Rendelmann (JIRA)" <ji...@apache.org> on 2009/03/08 11:36:56 UTC
[jira] Created: (LUCENENET-175) Add FIPS comliance to lucene.net
Add FIPS comliance to lucene.net
--------------------------------
Key: LUCENENET-175
URL: https://issues.apache.org/jira/browse/LUCENENET-175
Project: Lucene.Net
Issue Type: Improvement
Environment: CLR 2.0; DOT.NET
Reporter: Torsten Rendelmann
The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
file name is "safe" (mean: java-compat.) - the only case where I can see the
may have to use the same algorithm is if a java-lucene impl. access the
index with a writer at the same time as lucene.net - that would be rarely
the case: writing to the same index is only allowed by one writer.
First change required was to switch
private static System.Security.Cryptography.MD5 DIGESTER; to
private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
Last change is this:
#if FIPS_COMLIANT
// use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
DIGESTER = System.Security.Cryptography.SHA1.Create();
#else
// use the java compatible hash algorithm:
DIGESTER = System.Security.Cryptography.MD5.Create();
#endif
I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "George Aroush (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12700544#action_12700544 ]
George Aroush commented on LUCENENET-175:
-----------------------------------------
I like the API approach. However, this patch, as is, a Lucene.Net user has no way to pick between MD5 or SHA1 without a code change and compilation to pass in 'true' vs. 'false'.
How about this. In the SupportClass, rather then passing 'false' in the call: GetHashAlgorithm(false), why not pass true / false base on an attribute in AssemblyInfo.cs? If the attribute is missing, or its value isn't valid, then default to MD5.
If you agree, I suggest:
1) [assembly: AssemblyUseSHA1("false")]
2) If 'AssemblyUseSHA1' is missing or its value isn't 'true' (match case), then default to MD5.
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch, LUCENENET-175.rar
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680631#action_12680631 ]
Digy commented on LUCENENET-175:
--------------------------------
I want to retard appling this patch to avoid a conflict with LUCENENET-164.
DIGY
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680566#action_12680566 ]
Digy commented on LUCENENET-175:
--------------------------------
If there are no objections, I'll commit the patch
DIGY
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "George Aroush (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12683278#action_12683278 ]
George Aroush commented on LUCENENET-175:
-----------------------------------------
A solution using an API, with the default being Java compliant is much better then conational compilation. The API must be in the SupportClass namespace (and in the file SupportClass.cs) to make it clear this is Lucene.Net specific support. The API must clearly document that setting it will break backward compatibility with Java Lucene index. This is currently missing (as a form of comment) from the patch.
Also, I'm thinking we need a new README-Lucene.Net.txt file (or some other file name) in \trunk\C#\ to highlight Lucene.Net specific stuff like this one as well as #ziplib.
-- George
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "George Aroush (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12696062#action_12696062 ]
George Aroush commented on LUCENENET-175:
-----------------------------------------
Hi DIGY,
I might be missing something obvious. If the algorithm is changed, will the lock file still be compatible with Java Lucene? That is, with this change, will I still be able to have a Java Lucene and a Lucene.Net application concurrently accessing (read and write) a Lucene index? If the answer is "yes", then this change is acceptable so apply the patch, otherwise we need to be extra careful, at least use conditional compilation or use my ealier suggestion.
Regards,
-- George
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Torsten Rendelmann (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Torsten Rendelmann updated LUCENENET-175:
-----------------------------------------
Summary: Add FIPS compliance to lucene.net (was: Add FIPS comliance to lucene.net)
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Digy updated LUCENENET-175:
---------------------------
Attachment: LUCENENET-175.rar
New Patch + deprecated LOCK_DIR (which is not used in Lucene anymore) removed.
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch, LUCENENET-175.rar, LUCENENET-175.rar
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Torsten Rendelmann (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680597#action_12680597 ]
Torsten Rendelmann commented on LUCENENET-175:
----------------------------------------------
Sure: "COMPLIANT" is the correct name.
Another option would be to add a global (static?) configuration option to set FIPS compliance (default: false, JAVA compat.) by code. So no one have to recompile for the specific feature. But for that I did not know the code base enough to suggest how to proceed.
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Torsten Rendelmann (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Torsten Rendelmann updated LUCENENET-175:
-----------------------------------------
Attachment: FIPS_COMLIANCE.patch
The patch for FSDirectory.cs (SVN 2.3.1)
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Neal Granroth (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680587#action_12680587 ]
Neal Granroth commented on LUCENENET-175:
-----------------------------------------
The name of this patch and the proposed define is misspelled.
It should read:
#if FIPS_COMPLIANT
not
#if FIPS_COMLIANT
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12700565#action_12700565 ]
Digy commented on LUCENENET-175:
--------------------------------
Hi George,
Your solution also needs recompilation of the code.
What about a public, static field in SupportClass such as "FIPSCompliant"?
DIGY
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch, LUCENENET-175.rar
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Digy updated LUCENENET-175:
---------------------------
Attachment: LUCENENET-175.rar
A variant of previous patch.
DIGY
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch, LUCENENET-175.rar
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12696136#action_12696136 ]
Digy commented on LUCENENET-175:
--------------------------------
Hi George
Please read the answer of Michael McCandless.
http://mail-archives.apache.org/mod_mbox/lucene-java-dev/200903.mbox/%3C22008EEB-B5D6-4647-A519-4DA7415ECC92@mikemccandless.com%3E
And since the patch uses conditional compilation (default: MD5) there will be no problem.
DIGY.
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Digy closed LUCENENET-175.
--------------------------
Resolution: Fixed
Last patch applied.
DIGY
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch, LUCENENET-175.rar, LUCENENET-175.rar
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (LUCENENET-175) Add FIPS compliance to lucene.net
Posted by "Digy (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/LUCENENET-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12683560#action_12683560 ]
Digy commented on LUCENENET-175:
--------------------------------
Hi George,
{quote}
http://mail-archives.apache.org/mod_mbox/lucene-java-dev/200903.mbox/%3C22008EEB-B5D6-4647-A519-4DA7415ECC92@mikemccandless.com%3E
{quote}
So, Java incompatibility is not the case.
Applying that patch before 2.3.1 tag?
DIGY
> Add FIPS compliance to lucene.net
> ---------------------------------
>
> Key: LUCENENET-175
> URL: https://issues.apache.org/jira/browse/LUCENENET-175
> Project: Lucene.Net
> Issue Type: Improvement
> Environment: CLR 2.0; DOT.NET
> Reporter: Torsten Rendelmann
> Attachments: FIPS_COMLIANCE.patch
>
> Original Estimate: 0.25h
> Remaining Estimate: 0.25h
>
> The FSDirectory.cs is the only place it have to be modified to apply FIPS compliance.
> I think, changing to use a FIPS compliant algorithm in general for the NET port of lucene to calc the lock
> file name is "safe" (mean: java-compat.) - the only case where I can see the
> may have to use the same algorithm is if a java-lucene impl. access the
> index with a writer at the same time as lucene.net - that would be rarely
> the case: writing to the same index is only allowed by one writer.
> First change required was to switch
> private static System.Security.Cryptography.MD5 DIGESTER; to
> private static readonly System.Security.Cryptography.HashAlgorithm DIGESTER;
> Last change is this:
> #if FIPS_COMLIANT
> // use a FIPS compliant algorithm (see also http://blog.aggregatedintelligence.com/2007/10/fips-validated-cryptographic-algorithms.html )
> DIGESTER = System.Security.Cryptography.SHA1.Create();
> #else
> // use the java compatible hash algorithm:
> DIGESTER = System.Security.Cryptography.MD5.Create();
> #endif
> I will attach the .patch to.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.