57 lines
1.6 KiB
Diff
57 lines
1.6 KiB
Diff
From 4e54b3526ae140a419fc50eae3a2e30e25373529 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Tue, 21 May 2019 09:31:02 +0200
|
|
Subject: [PATCH 204/208] lib:crypto: Allow py_crypto to use RC4 in FIPS mode
|
|
|
|
This is a public functions, so it can be consumed by others. E.g.
|
|
FreeIPA is using it to establish trusts. Not sure if this is
|
|
a problem with FIPS.
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
---
|
|
lib/crypto/py_crypto.c | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/lib/crypto/py_crypto.c b/lib/crypto/py_crypto.c
|
|
index c85cd2c13d2..f4b5b745daf 100644
|
|
--- a/lib/crypto/py_crypto.c
|
|
+++ b/lib/crypto/py_crypto.c
|
|
@@ -22,7 +22,7 @@
|
|
#include "includes.h"
|
|
#include "python/py3compat.h"
|
|
|
|
-#include <gnutls/gnutls.h>
|
|
+#include "gnutls_helpers.h"
|
|
#include <gnutls/crypto.h>
|
|
|
|
static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args)
|
|
@@ -61,11 +61,15 @@ static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args)
|
|
.size = PyBytes_Size(py_key),
|
|
};
|
|
|
|
+ GNUTLS_FIPS140_SET_LAX_MODE();
|
|
+
|
|
rc = gnutls_cipher_init(&cipher_hnd,
|
|
GNUTLS_CIPHER_ARCFOUR_128,
|
|
&key,
|
|
NULL);
|
|
if (rc < 0) {
|
|
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
+
|
|
talloc_free(ctx);
|
|
PyErr_Format(PyExc_OSError, "encryption failed");
|
|
return NULL;
|
|
@@ -74,6 +78,9 @@ static PyObject *py_crypto_arcfour_crypt_blob(PyObject *module, PyObject *args)
|
|
data.data,
|
|
data.length);
|
|
gnutls_cipher_deinit(cipher_hnd);
|
|
+
|
|
+ GNUTLS_FIPS140_SET_STRICT_MODE();
|
|
+
|
|
if (rc < 0) {
|
|
talloc_free(ctx);
|
|
PyErr_Format(PyExc_OSError, "encryption failed");
|
|
--
|
|
2.23.0
|
|
|