Commit Graph

4 Commits

Author SHA1 Message Date
Julien Rische
d5c38cc27b Do not block KRB5KDF and MD4/5 in FIPS mode
Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at
least one of AES SHA-1 HMAC encryption types are used.

Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from
legacy provider if RADIUS is being used or RC4 encryption type is
enabled, without affecting global context.

Remove EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag since does not have any
effect anymore.

Such exceptions should not be allowed by the default FIPS crypto
policy.

Resolves: rhbz#2039684
Resolves: rhbz#2053135

Signed-off-by: Julien Rische <jrische@redhat.com>
2022-02-28 14:19:37 +01:00
Robbie Harwood
e7aeea399f Sync openssl3 patches with upstream
Resolves: #1955873
2021-06-21 13:24:29 -04:00
Robbie Harwood
aec30dcfcb Fix DES3 mention in KDFs
Resolves: #1955873
2021-05-20 10:39:59 -04:00
Robbie Harwood
0018db9e38 Port to OpenSSL 3 (alpha 15)
Resolves: #1955873
2021-05-19 19:58:33 -04:00