rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity
The Kerberos network authentication system
29 Commits 9 Branches 50 Tags 8.1 MiB
Diff 100%
d5c38cc27b
Go to file
Julien Rische d5c38cc27b Do not block KRB5KDF and MD4/5 in FIPS mode 
Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at
least one of AES SHA-1 HMAC encryption types are used.

Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from
legacy provider if RADIUS is being used or RC4 encryption type is
enabled, without affecting global context.

Remove EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag since does not have any
effect anymore.

Such exceptions should not be allowed by the default FIPS crypto
policy.

Resolves: rhbz#2039684
Resolves: rhbz#2053135

Signed-off-by: Julien Rische <jrische@redhat.com>
2022-02-28 14:19:37 +01:00
tests RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
.gitignore Merged update from upstream sources 2021-02-18 22:21:10 +00:00
Add-APIs-for-marshalling-credentials.patch Port to OpenSSL 3 (alpha 15) 2021-05-19 19:58:33 -04:00
Add-buildsystem-detection-of-the-OpenSSL-3-KDF-inter.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
Add-hostname-canonicalization-helper-to-k5test.py.patch Port to OpenSSL 3 (alpha 15) 2021-05-19 19:58:33 -04:00
Add-KCM_OP_GET_CRED_LIST-for-faster-iteration.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Allow-kinit-with-keytab-to-defer-canonicalization.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch Do not block KRB5KDF and MD4/5 in FIPS mode 2022-02-28 14:19:37 +01:00
downstream-fix-debuginfo-with-y.tab.c.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-ksu-pam-integration.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-netlib-and-dns.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-Remove-3des-support.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
downstream-SELinux-integration.patch Merged update from upstream sources 2021-02-18 22:21:10 +00:00
Fix-k5tls-module-for-OpenSSL-3.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
Fix-kadmin-k-with-fallback-or-referral-realm.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Fix-KCM-flag-transmission-for-remove_cred.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Fix-KCM-retrieval-support-for-sssd.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Fix-KDC-null-deref-on-bad-encrypted-challenge.patch Fix KDC null deref on bad encrypted challenge (CVE-2021-36222) 2021-07-20 14:51:15 -04:00
Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch Fix KDC null deref on TGS inner body null server (CVE-2021-37750) 2021-10-20 17:08:04 +02:00
Fix-softpkcs11-build-issues-with-openssl-3.0.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
Fix-some-principal-realm-canonicalization-cases.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
gating.yaml Add gating definition for RHEL 9 2021-06-11 13:08:52 +00:00
Handle-OpenSSL-3-s-providers.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
kadm5.acl RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kadmin.service RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
kadmin.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kadmind.logrotate RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kdc.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kprop.service RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
kprop.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5-krb5kdc.conf RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
krb5.conf RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5.rpmlintrc RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5.spec Do not block KRB5KDF and MD4/5 in FIPS mode 2022-02-28 14:19:37 +01:00
krb5kdc.logrotate RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
krb5kdc.service RHEL 9.0.0 Alpha bootstrap 2020-11-18 09:51:25 -08:00
krb5kdc.sysconfig RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
ksu.pamd RHEL 9.0.0 Alpha bootstrap 2020-10-15 15:05:18 +02:00
Make-KCM-iteration-fallback-work-with-sssd-kcm.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Move-some-dejagnu-kadmin-tests-to-Python-tests.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Remove-deprecated-OpenSSL-calls-from-softpkcs11.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00
rpminspect.yaml Add rpminspect and clean up mass rebuild mess 2021-06-17 18:55:14 -04:00
sources Merged update from upstream sources 2021-02-18 22:21:10 +00:00
Support-host-based-GSS-initiator-names.patch Port to OpenSSL 3 (alpha 15) 2021-05-19 19:58:33 -04:00
Use-KCM_OP_RETRIEVE-in-KCM-client.patch Update OpenSSL 3 provider handling to clean up properly 2021-07-14 16:32:30 -04:00
Use-OpenSSL-s-KBKDF-and-KRB5KDF-for-deriving-long-te.patch Do not block KRB5KDF and MD4/5 in FIPS mode 2022-02-28 14:19:37 +01:00
Use-OpenSSL-s-SSKDF-in-PKINIT-when-available.patch Sync openssl3 patches with upstream 2021-06-21 13:24:29 -04:00