Commit - rpms/krb5 - ec957f57110521e222ea30d3916fd521b2ded7ce

rpms / krb5

Overview Files Commits Branches Forks Releases

Monitoring status:

Bugzilla Assignee:

Fedora:: jrische
EPEL:: abbra

`ec957f5` Do not block KRB5KDF and MD4/5 in FIPS mode

Authored and Committed by jrische a year ago

raw patch tree parent

2 files changed. 171 lines added. 1 lines removed.

0016-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch

    Do not block KRB5KDF and MD4/5 in FIPS mode
    
    Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at
    least one of AES SHA-1 HMAC encryption types are used.
    
    Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from
    legacy provider if RADIUS is being used or RC4 encryption type is
    enabled, without affecting global context.
    
    Such exceptions should not be allowed by the default FIPS crypto
    policy.
    
    Signed-off-by: Julien Rische <jrische@redhat.com>

Fedora CI - scratch build
success

Package tests for ec957f57: passed
a year ago
Fedora CI - /plans/tests
success

Package tests for ec957f57: passed
a year ago
Build completed
success

Built as krb5-1.20.1-8.fc38
a year ago
Build completed
success

Built as krb5-1.20.1-8.eln125
a year ago

0016-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch

file added

+165

krb5.spec

file modified

+6 -1

rpms / krb5

Source Code

ec957f5 Do not block KRB5KDF and MD4/5 in FIPS mode

Authored and Committed by jrische a year ago

`ec957f5` Do not block KRB5KDF and MD4/5 in FIPS mode