The Kerberos network authentication system
Go to file
Julien Rische ec957f5711 Do not block KRB5KDF and MD4/5 in FIPS mode
Bypass OpenSSL's restrictions to use KRB5KDF in FIPS mode in case at
least one of AES SHA-1 HMAC encryption types are used.

Use OpenSSL 3.0 library context to access MD4 and MD5 lazily from
legacy provider if RADIUS is being used or RC4 encryption type is
enabled, without affecting global context.

Such exceptions should not be allowed by the default FIPS crypto
policy.

Signed-off-by: Julien Rische <jrische@redhat.com>
2023-01-30 12:52:50 +01:00
.fmf Use TMT for gating tests 2022-12-01 15:16:23 +01:00
plans Make tests compatible with sssd_krb5_locator_plugin.so 2023-01-09 13:28:16 +01:00
tests Use TMT for gating tests 2022-12-01 15:16:23 +01:00
.gitignore New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0001-downstream-ksu-pam-integration.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0002-downstream-SELinux-integration.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0003-downstream-fix-debuginfo-with-y.tab.c.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0004-downstream-Remove-3des-support.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0005-downstream-FIPS-with-PRNG-and-RADIUS-and-MD4.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0006-downstream-Allow-krad-UDP-TCP-localhost-connection-w.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0007-Add-configure-variable-for-default-PKCS-11-module.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0008-Set-reasonable-supportedCMSTypes-in-PKINIT.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0009-Simplify-plugin-loading-code.patch New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00
0010-Update-error-checking-for-OpenSSL-CMS_verify.patch Update error checking for OpenSSL CMS_verify 2022-11-24 11:35:26 +01:00
0011-downstream-Catch-SHA-1-digest-disallowed-error-for-P.patch Update error checking for OpenSSL CMS_verify 2022-11-24 11:35:26 +01:00
0012-Add-and-use-ts_interval-helper.patch Remove invalid password expiry warning 2022-11-24 11:35:42 +01:00
0013-downstream-Make-tests-compatible-with-sssd_krb5_loca.patch Make tests compatible with sssd_krb5_locator_plugin.so 2023-01-09 13:28:16 +01:00
0014-downstream-Include-missing-OpenSSL-FIPS-header.patch Include missing OpenSSL FIPS header 2023-01-09 13:28:16 +01:00
0015-downstream-Do-not-set-root-as-ksu-file-owner.patch Strip debugging data from ksu executable file 2023-01-18 16:08:41 +01:00
0016-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch Do not block KRB5KDF and MD4/5 in FIPS mode 2023-01-30 12:52:50 +01:00
ci.fmf Enable TMT integration with Fedora CI 2022-12-06 14:48:31 +01:00
gating.yaml Use TMT for gating tests 2022-12-01 15:16:23 +01:00
kadm5.acl auto-import changelog data from krb5-1.2.1-8.src.rpm 2004-09-09 07:05:48 +00:00
kadmin.service Migrate /var/run to /run, an exercise in pointlessness 2020-11-17 12:27:42 -05:00
kadmin.sysconfig - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
kadmind.logrotate Use systemctl reload to HUP the KDC during logrotate 2020-09-10 14:22:32 +00:00
kdc.conf Add AES SHA-2 HMAC family as default KDC etypes 2023-01-18 16:08:42 +01:00
kprop.service Fix network service dependencies 2017-12-12 21:45:17 +00:00
kprop.sysconfig Add kprop service env config file 2017-04-28 20:14:01 +00:00
krb5-krb5kdc.conf Migrate /var/run to /run, an exercise in pointlessness 2020-11-17 12:27:42 -05:00
krb5-tests Use TMT for gating tests 2022-12-01 15:16:23 +01:00
krb5.conf Set qualify_shortname empty in default configuration 2020-07-08 16:10:07 -04:00
krb5.rpmlintrc Update for new rpmlint shenanigans 2020-03-09 15:26:46 -04:00
krb5.spec Do not block KRB5KDF and MD4/5 in FIPS mode 2023-01-30 12:52:50 +01:00
krb5kdc.logrotate Use systemctl reload to HUP the KDC during logrotate 2020-09-10 14:22:32 +00:00
krb5kdc.service Migrate /var/run to /run, an exercise in pointlessness 2020-11-17 12:27:42 -05:00
krb5kdc.sysconfig - kadmin.service: fix #723723 again 2011-10-07 15:10:35 -04:00
ksu.pamd - add an auth stack to ksu's PAM configuration so that pam_setcred() calls 2009-05-19 23:21:48 +00:00
rpminspect.yaml Add rpminspect configuration 2021-05-03 17:50:44 -04:00
sources New upstream version (1.20.1) 2022-11-24 11:35:10 +01:00