The Kerberos network authentication system
Go to file
Julien Rische 6ea8af6747 Fix OpenSSL 3 MD5 encryption in FIPS mode
MD4 cipher requires OpenSSL3's "legacy" provider, while MD5 fetched from
the "default" one. Both ciphers are unavailable in FIPS mode, however
MD5 is tolerated for RADIUS requests on local host.

The OpenSSL3 library context was missing the "default" provider, causing
MD5 encryption to fail in FIPS mode.

Resolves: rhbz#2068458

Signed-off-by: Julien Rische <jrische@redhat.com>
2022-05-25 11:49:51 +02:00
tests RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
.gitignore Merged update from upstream sources 2021-02-18 22:21:10 +00:00
Add-APIs-for-marshalling-credentials.patch Port to OpenSSL 3 (alpha 15) 2021-05-19 19:58:33 -04:00
Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
Add-configure-variable-for-default-PKCS-11-module.patch Use p11-kit as default PKCS11 module 2022-05-03 17:07:12 +02:00
Add-hostname-canonicalization-helper-to-k5test.py.patch Port to OpenSSL 3 (alpha 15) 2021-05-19 19:58:33 -04:00
Add-KCM_OP_GET_CRED_LIST-for-faster-iteration.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Allow-kinit-with-keytab-to-defer-canonicalization.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
downstream-Allow-krad-UDP-TCP-localhost-connection-with-FIPS.patch Fix OpenSSL 3 MD5 encryption in FIPS mode 2022-05-25 11:49:51 +02:00
downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch Fix OpenSSL 3 MD5 encryption in FIPS mode 2022-05-25 11:49:51 +02:00
downstream-fix-debuginfo-with-y.tab.c.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-ksu-pam-integration.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-netlib-and-dns.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-Remove-3des-support.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-SELinux-integration.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-Use-newly-enforced-dejagnu-path-naming-convention.patch Fix global dejagnu test suite 2022-04-11 12:03:13 +02:00
Fix-k5tls-module-for-OpenSSL-3.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
Fix-kadmin-k-with-fallback-or-referral-realm.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Fix-KCM-flag-transmission-for-remove_cred.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Fix-KCM-retrieval-support-for-sssd.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Fix-KDC-null-deref-on-bad-encrypted-challenge.patch Fix KDC null deref on bad encrypted challenge (CVE-2021-36222) 2021-07-20 14:51:15 -04:00
Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch Fix KDC null deref on TGS inner body null server (CVE-2021-37750) 2021-10-20 17:08:04 +02:00
Fix-softpkcs11-build-issues-with-openssl-3.0.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
Fix-some-principal-realm-canonicalization-cases.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
gating.yaml Add gating definition for RHEL 9 2021-06-11 13:08:52 +00:00
Handle-OpenSSL-3-s-providers.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
kadm5.acl RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kadmin.service RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
kadmin.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kadmind.logrotate RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kdc.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kprop.service RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kprop.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5-krb5kdc.conf RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
krb5.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5.rpmlintrc RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5.spec Fix OpenSSL 3 MD5 encryption in FIPS mode 2022-05-25 11:49:51 +02:00
krb5kdc.logrotate RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5kdc.service RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
krb5kdc.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
ksu.pamd RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
Make-KCM-iteration-fallback-work-with-sssd-kcm.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Move-some-dejagnu-kadmin-tests-to-Python-tests.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
rpminspect.yaml Add rpminspect and clean up mass rebuild mess 2021-06-17 18:55:14 -04:00
sources Merged update from upstream sources 2021-02-18 22:21:10 +00:00
Support-host-based-GSS-initiator-names.patch Port to OpenSSL 3 (alpha 15) 2021-05-19 19:58:33 -04:00
Try-harder-to-avoid-password-change-replay-errors.patch Try harder to avoid password change replay errors 2022-04-26 15:32:34 +02:00
Use-KCM_OP_RETRIEVE-in-KCM-client.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch Do not block KRB5KDF and MD4/5 in FIPS mode 2022-02-28 14:19:37 +01:00
Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
Use-SHA256-instead-of-SHA1-for-PKINIT-CMS-digest.patch Use SHA-256 instead of SHA-1 for PKINIT CMS digest 2022-03-16 17:49:06 +01:00