Fix FIPS-safe random string generation in dataset generator#343
Conversation
corporate-gadfly
force-pushed
the
fix-fips-generate-tests
branch
from
a0254ad to
18a61a3
Compare
Chunk large RandomStringUtils calls to stay under the BC FIPS DRBG per-request limit (262144 bits / 32768 bytes), which was causing generate tests to fail under the FIPS profile. - add random-ascii-string helper in cli/generate.clj and use it in add-blob - add alphabetic-string helper in random.clj and route random-string/ random-string-alpha through it - use StringBuilder-based chunk assembly to reduce intermediate allocations - add local type hints on interop targets to avoid reflection noise Co-authored-by: GitHub Copilot <copilot@users.noreply.github.com> Signed-off-by: Corporate Gadfly <haroon.rafique@gmail.com>
corporate-gadfly
force-pushed
the
fix-fips-generate-tests
branch
from
18a61a3 to
85c759e
Compare
|
@corporate-gadfly thanks for working on this. What's here looks workable, but there are three changes I suggest:
Oops, looks like I missed the merge deadline :) Depending on what you think about point 3 above, these might still be worth doing. I'm not really up to speed on what the FIPS goals, requirements are here. Do you want me to take a stab at it? |
TY for the feedback @jpartlow. Feel free to engage. My main goal is to have a green daily workflow. |
Ah, ok, I see where this bubbled up from now. I'll take a stab at it. |
3 participants
Chunk large RandomStringUtils calls to stay under the BC FIPS DRBG per-request limit (262144 bits / 32768 bytes), which was causing generate tests to fail under the FIPS profile.