Skip to content

Backport random util fips fixes to 8.x#367

Open
jpartlow wants to merge 6 commits into
OpenVoxProject:8.xfrom
jpartlow:backport-random-util-fips-fixes-to-8.x
Open

Backport random util fips fixes to 8.x#367
jpartlow wants to merge 6 commits into
OpenVoxProject:8.xfrom
jpartlow:backport-random-util-fips-fixes-to-8.x

Conversation

@jpartlow

Copy link
Copy Markdown
Contributor

Pull Request (PR) description

Backports from main of a set of changes around random number generation for FIPS.

This Pull Request (PR) fixes the following issues

corporate-gadfly and others added 6 commits June 30, 2026 14:00
- CI: add fail fast check for FIPS in daily
- java.security.fips was introduced in 13a869a,
  but later moved in cac43ba

Signed-off-by: Corporate Gadfly <haroon.rafique@gmail.com>
Chunk large RandomStringUtils calls to stay under the BC FIPS DRBG
per-request limit (262144 bits / 32768 bytes), which was causing
generate tests to fail under the FIPS profile.

- add random-ascii-string helper in cli/generate.clj and use it in add-blob
- add alphabetic-string helper in random.clj and route random-string/
  random-string-alpha through it
- use StringBuilder-based chunk assembly to reduce intermediate allocations
- add local type hints on interop targets to avoid reflection noise

Co-authored-by: GitHub Copilot <copilot@users.noreply.github.com>
Signed-off-by: Corporate Gadfly <haroon.rafique@gmail.com>
So that it is contained with the rest of the random functions there.

Signed-off-by: Josh Partlow <jpartlow@glatisant.org>
Formerly the 0-arity case wasn't lowercasing.

Also update random-string to use alphabetic-string for it's 0-arity case
to keep it inline with the 1-arity case.

Signed-off-by: Josh Partlow <jpartlow@glatisant.org>
...from near identical alphabetic-string and random-ascii-string.

Also adds a bit of test coverage for these functions and some of their
adjacents.

Signed-off-by: Josh Partlow <jpartlow@glatisant.org>
Fixes another area where FIPS DRBG per-request-limits could crop up in
benchmark.clj. RandomStringUtils is only referenced in random.clj now.

Signed-off-by: Josh Partlow <jpartlow@glatisant.org>
@jpartlow

Copy link
Copy Markdown
Contributor Author

@corporate-gadfly These were the set I noticed from main that look related, but there might be other earlier commits that need to come over?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants