Project

General

Profile

Feature #6943

pstore in FIPS mode

Added by Vit Ondruch almost 4 years ago. Updated 29 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
openssl
[ruby-core:47341]

Description

Is there any chance to make PStore compatible with FIPS mode? PStore is using MD5 for data checksum, but MD5 is unsupported algorithm in FIPS mode unfortunately. It would be easy to use different hash algorithm, but I am afraid that backward compatibility would be lost. Thank you.


Related issues

Related to Ruby trunk - Feature #6946: FIPS support? Assigned

History

#1 [ruby-core:49753] Updated by Yusuke Endoh over 3 years ago

  • Target version set to next minor

#2 [ruby-core:50997] Updated by Martin Bosslet over 3 years ago

  • Assignee set to Martin Bosslet
  • Status changed from Open to Assigned

#3 Updated by Zachary Scott 11 months ago

  • Assignee changed from Martin Bosslet to openssl

#4 [ruby-core:75873] Updated by Vit Ondruch about 2 months ago

Ping? Any chance to change the hashing algorithm?

#5 [ruby-core:75942] Updated by Yui NARUSE about 2 months ago

lib/pstore.rb uses digest/md5, and it uses own implementation (ext/digest/md5/md5.c) if there's no openssl
or it doesn't support MD5, it extconf.rb works correctly.

#6 [ruby-core:76174] Updated by Vit Ondruch 29 days ago

Using internal implementation is just hiding the issue. I don't think this would be acceptable solution for FIPS certification, what would be the point then? It is quite easy to generate colliding hashes these days. It might not be that critical for PStore though ...

#7 [ruby-core:76178] Updated by Nobuyoshi Nakada 29 days ago

Seems nothing to block, since md5 seems used just to see if the data is modified.

https://github.com/ruby/ruby/compare/trunk...nobu:feature/6943-pstore-checksum_algorithm

Also available in: Atom PDF