You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/02/15 18:53:53 UTC

[GitHub] Nanonid opened a new issue #1171: couchdb unable to run on FIPS enabled CentOS

Nanonid opened a new issue #1171: couchdb unable to run on FIPS enabled CentOS
URL: https://github.com/apache/couchdb/issues/1171
 
 
   <!--- Provide a general summary of the issue in the Title above -->
   When FIPS mode is enabled, MD5 is disabled in OpenSSL.
   Verify at the command prompt:
   
   > %openssl md5 [some file]
   > Error setting digest md5
   > 140656009516960:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:256:
   
   ## Expected Behavior
   <!--- If you're describing a bug, tell us what should happen -->
   <!--- If you're suggesting a change/improvement, tell us how it should work -->
   Fallback to other message digest mechanism
   
   ## Current Behavior
   <!--- If describing a bug, tell us what happens instead of the expected behavior -->
   <!--- If suggesting a change/improvement, explain the difference from current behavior -->
   Running couchdb with FIPS enabled results in the following abort
   
   > md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode!
   > [os_mon] memory supervisor port (memsup): Erlang has closed
   > [os_mon] cpu supervisor port (cpu_sup): Erlang has closed
   > Aborted
   > 
   
   ## Possible Solution
   <!--- Not obligatory, but suggest a fix/reason for the bug, -->
   <!--- or ideas how to implement the addition or change -->
   Provide alternative message digest mechanism. Remove direct calls to crypto:hash MD5, and reference couchdb hash.
   There is an impact to the CouchDB API
   ## Steps to Reproduce (for bugs)
   <!--- Provide a link to a live example, or an unambiguous set of steps to -->
   <!--- reproduce this bug. Include code to reproduce, if relevant -->
   1. Enable FIPS on CentOS 6.9 following [this procedure](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security_guide/sect-security_guide-federal_standards_and_regulations-federal_information_processing_standard)
   2. Build release couchdb
   3. Execute couchdb
   4. Couchdb aborts
   
   ## Context
   <!--- How has this issue affected you? What are you trying to accomplish? -->
   <!--- Providing context helps us come up with a solution that is most useful in the real world -->
   Unable to use CouchDB for a project. If CouchDB unable to run on FIPS compliant CentOS will have to abandon CouchDB.
   
   
   ## Your Environment
   <!--- Include as many relevant details about the environment you experienced the bug in -->
   * Version used:  Couchdb as of commit d3a5a71752f87e1f07f316c433e0cdb7fa78b804
   * Browser Name and version:
   * Operating System and version (desktop or mobile): CentOS 6.9 yum update as of 2/15/2018
   * Link to your project: Internal project
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services