If FIPS is enabled in group policy ( Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing ), when building with Votive an error is produced in the build results:
X 1 This implementation is not part of the Windows Platform FIPS validated cyptographic algorithms. candle.exe
3.0.5006 still has an error message stating that FIPS seems to be enabled. It mentions to use the FIPS command line argument but it doesn't tell you that it's literally "/FIPS". Candle /? also gives the error message. I had to guess that it was /FIPS and then I had to guess that I could put this into votive as a compiler additional parameter.
This seems suboptimal to me. Is it really that dangerous to just use the FIPS by default? If a developer using a machine without this setting checked a project into source control and another developer ( or build machine ) pulled it down and tried to compile, they would get an error.
No, we can't change the algorithm we use to generate hashes since it breaks patching. I clarified the error message.
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 21 days (the time period specified by
the administrator of this Tracker).