[Impala-ASF-CR] IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode

Tue, 27 Oct 2020 13:29:24 -0700 

Thomas Tauber-Marshall has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/16630 )

Change subject: IMPALA-10206: Avoid MD5 Digest Authorization in FIPS mode
......................................................................


Patch Set 4:

(3 comments)

http://gerrit.cloudera.org:8080/#/c/16630/4/be/src/thirdparty/squeasel/squeasel.c
File be/src/thirdparty/squeasel/squeasel.c:

http://gerrit.cloudera.org:8080/#/c/16630/4/be/src/thirdparty/squeasel/squeasel.c@1527
PS4, Line 1527: #ifndef USE_SQ_OWN_HASH_FUNCTIONS
Does FIPS have a requirement that non-openssl crypto functions have to be 
compiled out, or is it good enough that they don't get used? Seems like given 
your change in webserver.cc that prevents us from using passwords files in FIPS 
that these functions won't ever actually get used.


http://gerrit.cloudera.org:8080/#/c/16630/4/be/src/thirdparty/squeasel/squeasel.c@3247
PS4, Line 3247: #ifndef USE_SQ_OWN_HASH_FUNCTIONS
Like above, seems like these functions aren't actually getting used. And in 
fact, I think these are already getting compiled out due to the USE_WEBSOCKET 
above, which I don't think we set.

If we really do still want to make this change, I might suggest just completely 
deleting the squeasel functions and leave openssl as the only option.


http://gerrit.cloudera.org:8080/#/c/16630/4/be/src/util/webserver.cc
File be/src/util/webserver.cc:

http://gerrit.cloudera.org:8080/#/c/16630/4/be/src/util/webserver.cc@401
PS4, Line 401: Don't support HTTP Digest Authorization in FIPS mode.
nit: this is worded kind of strangely. Maybe
"HTTP digest authorization is not supported in FIPS mode"



--
To view, visit http://gerrit.cloudera.org:8080/16630
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f
Gerrit-Change-Number: 16630
Gerrit-PatchSet: 4
Gerrit-Owner: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Thomas Tauber-Marshall <tmarsh...@cloudera.com>
Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>
Gerrit-Comment-Date: Tue, 27 Oct 2020 20:28:25 +0000
Gerrit-HasComments: Yes

Reply via email to