Project

General

Profile

Feature #6943

pstore in FIPS mode

Added by vo.x (Vit Ondruch) over 5 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
openssl
Target version:
-
[ruby-core:47341]

Description

Is there any chance to make PStore compatible with FIPS mode? PStore is using MD5 for data checksum, but MD5 is unsupported algorithm in FIPS mode unfortunately. It would be easy to use different hash algorithm, but I am afraid that backward compatibility would be lost. Thank you.


Related issues

Related to Ruby trunk - Feature #6946: FIPS support?Open

Associated revisions

Revision 56284
Added by nobu (Nobuyoshi Nakada) about 1 year ago

PStore: select checksum algorithm

  • lib/pstore.rb (PStore::CHECKSUM_ALGO): find available hashing algorithm for checksum. MD5 is not available in FIPS mode. [Feature #6943]

Revision 56284
Added by nobu (Nobuyoshi Nakada) about 1 year ago

PStore: select checksum algorithm

  • lib/pstore.rb (PStore::CHECKSUM_ALGO): find available hashing algorithm for checksum. MD5 is not available in FIPS mode. [Feature #6943]

History

#1 [ruby-core:49753] Updated by mame (Yusuke Endoh) about 5 years ago

  • Target version set to next minor

#2 [ruby-core:50997] Updated by MartinBosslet (Martin Bosslet) almost 5 years ago

  • Status changed from Open to Assigned
  • Assignee set to MartinBosslet (Martin Bosslet)

#3 Updated by zzak (Zachary Scott) over 2 years ago

  • Assignee changed from MartinBosslet (Martin Bosslet) to openssl

#4 [ruby-core:75873] Updated by vo.x (Vit Ondruch) over 1 year ago

Ping? Any chance to change the hashing algorithm?

#5 [ruby-core:75942] Updated by naruse (Yui NARUSE) over 1 year ago

lib/pstore.rb uses digest/md5, and it uses own implementation (ext/digest/md5/md5.c) if there's no openssl
or it doesn't support MD5, it extconf.rb works correctly.

#6 [ruby-core:76174] Updated by vo.x (Vit Ondruch) over 1 year ago

Using internal implementation is just hiding the issue. I don't think this would be acceptable solution for FIPS certification, what would be the point then? It is quite easy to generate colliding hashes these days. It might not be that critical for PStore though ...

#7 [ruby-core:76178] Updated by nobu (Nobuyoshi Nakada) over 1 year ago

Seems nothing to block, since md5 seems used just to see if the data is modified.

https://github.com/ruby/ruby/compare/trunk...nobu:feature/6943-pstore-checksum_algorithm

#8 Updated by nobu (Nobuyoshi Nakada) about 1 year ago

  • Status changed from Assigned to Closed

Applied in changeset r56284.


PStore: select checksum algorithm

  • lib/pstore.rb (PStore::CHECKSUM_ALGO): find available hashing algorithm for checksum. MD5 is not available in FIPS mode. [Feature #6943]

Also available in: Atom PDF