rpms/krb5 - krb5 - AlmaLinux OS Git server

rpms

krb5

Fork 0

Commit Graph

Author	SHA1	Message	Date
Julien Rische	49e904cdde	Do not block KRB5KDF and MD4/5 in FIPS mode Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at least one of AES SHA-1 HMAC encryption types are used. Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from legacy provider if RADIUS is being used or RC4 encryption type is enabled, without affecting global context. Such exceptions should not be allowed by the default FIPS crypto policy. Resolves: rhbz#2162461 Signed-off-by: Julien Rische <jrische@redhat.com>	2023-01-19 19:39:27 +01:00

Author

SHA1

Message

Date

Julien Rische

49e904cdde

Do not block KRB5KDF and MD4/5 in FIPS mode

Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at
least one of AES SHA-1 HMAC encryption types are used.

Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from
legacy provider if RADIUS is being used or RC4 encryption type is
enabled, without affecting global context.

Such exceptions should not be allowed by the default FIPS crypto
policy.

Resolves: rhbz#2162461

Signed-off-by: Julien Rische <jrische@redhat.com>

2023-01-19 19:39:27 +01:00

1 Commits