You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2018/03/05 23:12:05 UTC

[GitHub] nickva commented on issue #1171: couchdb unable to run on FIPS enabled CentOS

nickva commented on issue #1171: couchdb unable to run on FIPS enabled CentOS
URL: https://github.com/apache/couchdb/issues/1171#issuecomment-370601327
 
 
   Like @rnewson mentioned it is about the FIPS check.
   
   `erlang:md5` seems to be there in every supported Erlang version R16B03 -> 20.0.
   
   `crypto:info_fips()` is a newer function and only present since 20.0 http://erlang.org/doc/man/crypto.html#info_fips-0
   
   At first thought it would seem why not just switch all uses of md5 to `erlang:md5` but it turns out it can be quite a bit slower for large values. For 4MB binaries for example:
   
   ```
   3> f(Bin), Bin = crypto:strong_rand_bytes(1 bsl 22).
   <<93,...>>
   
   4> timer:tc(fun() -> crypto:hash(md5, Bin) end ).
   {6929, <<75,...>>}
   
   5> timer:tc(fun() -> crypto:hash(md5, Bin) end ).
   {7064, <<75,...>>}
   
   6> timer:tc(fun() -> erlang:md5(Bin) end ).
   {40849, <<75,...>>}
   
   7> timer:tc(fun() -> erlang:md5(Bin) end ).
   {85613, <<75,...>>}
   ```
   
   (The result of `timer:tc/1` is `{Microseconds, FunResult}`)
   
   Maybe you'd want to move the md5 calculation to `couch_util` and provide a macro can be used at compile to to pick between the implementations. If FIPS_MODE enabled you'd pick erlang:md5 otherwise use the other one.
   
   We recently did a similar macro thing for some of random functions:
   
   https://github.com/apache/couchdb/blob/75984da4b22003d0e46a9fe1001978d999387636/src/couch/src/couch_rand.erl
   
   https://github.com/apache/couchdb/blob/a99cc6fda04e35e2266953a73a182c724ed928de/src/couch/rebar.config.script#L138

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services