Wenzhe Zhou has uploaded a new patch set (#6). ( http://gerrit.cloudera.org:8080/16630 )
Change subject: IMPALA-10206: Avoid MD5 Digest Authorization in FIPS approved mode ...................................................................... IMPALA-10206: Avoid MD5 Digest Authorization in FIPS approved mode To compliant with FIPS requirement, we should use OpenSSL libraries for cryptographic hash functions, instead of own hash functions. This patch replace MD5 and SHA1 functions in Squeasel Web server with OpenSSL APIs. It also force to turn off Digest Authorization for Web server in FIPS approved mode since Digest Authorization use MD5 hash and it doesn't comply with FIPS 140-2. Testing: - Passed exhaustive tests. - Manually verified HTTP Digest Authorization could not be enabled by setting webserver_password_file on a FIPS enabled cluster. Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f --- M be/src/thirdparty/squeasel/squeasel.c M be/src/util/webserver-test.cc M be/src/util/webserver.cc 3 files changed, 31 insertions(+), 333 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/30/16630/6 -- To view, visit http://gerrit.cloudera.org:8080/16630 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newpatchset Gerrit-Change-Id: Ie075389b3ab65c612d64ba58e16a10b19bdf4d6f Gerrit-Change-Number: 16630 Gerrit-PatchSet: 6 Gerrit-Owner: Wenzhe Zhou <wz...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Thomas Tauber-Marshall <tmarsh...@cloudera.com> Gerrit-Reviewer: Wenzhe Zhou <wz...@cloudera.com>