OpenAPI.NET.OData is not FIPS compliant #39
Assignees
Labels
priority:p2
Medium. Generally has a work-around and a smaller sub-set of customers is affected. SLA <=30 days
type:enhancement
Enhancement request targeting an existing experience.
Milestone
Comments
darrelmiller
added
the
type:enhancement
|
Here's a hash using SHA256 https://github.com/microsoft/kiota/blob/main/src/kiota.core/OpenApiUriSpaceNode.cs#L61 However, we should reinvestigate why exactly we need the hash. |
darrelmiller
added
the
priority:p2
|
After a review of our codebase, we exclusively use the If you have any evidence or concerns indicating non-compliance or using a different hashing algorithm, please feel free to reopen this issue, and we will promptly address it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Short summary (3-5 sentences) describing the issue.
Converter uses MD5 hash, which is not FIPS compliant. Full functionality failure in any environment with FIPS compliance enabled.
Assemblies affected
Reader.
Which assemblies and versions are known to be affected?
All.
Steps to reproduce
Enable FIPS compliance on the environment where the converter is executing.
The simplest set of steps to reproduce the issue. If possible, reference a commit that demonstrates the issue.
Expected result
Converter does not crash
What would happen if there wasn't a bug.
Actual result
Converter crashes with FIPS compliance runtime error.
What is actually happening.
Additional detail
Oracle listing FIPS non-compliant algorithms:https://docs.oracle.com/cd/E36784_01/html/E54953/fips-notok-1.html
NIST draft of 2019 FIPS compliant algorithms: https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf
*Optional, details of the root cause if known.
The text was updated successfully, but these errors were encountered: