]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e4c9d25) | patch
Replace MD5 use in rcache with SHA-256
authorTomas Kuthan <tkuthan@gmail.com>
Wed, 30 Dec 2015 13:10:32 +0000 (14:10 +0100)
committerGreg Hudson <ghudson@mit.edu>
Tue, 26 Jan 2016 15:53:13 +0000 (10:53 -0500)
commitc546a30c7c9299a419f757768a3349bde09c9cd4
treec82e98935a885853d1fa2e57188cbec089d0c918tree | snapshot
parente4c9d25796119725eeec8998a158bc78f3e0e3f1commit | diff
Replace MD5 use in rcache with SHA-256

The rcache implementation uses an unkeyed MD5 hash of the
authenticator to distinguish between different requests with equal
client principal, server principal, and microsecond time.  When the
OpenSSL crypto provider is used and the underlying OpenSSL library is
run in FIPS mode, the MD5 algorithm is disabled and
gss_accept_sec_context() results in an abort in rcache processing.

This change effectively implements a different rcache extension.
The new extension identifier is 'SHA256:' (instead of 'HASH:')
and the new has algorithm is SHA-256.

ticket: 8353 (new)
src/lib/krb5/rcache/rc_conv.c diff | blob | blame | history
src/lib/krb5/rcache/rc_dfl.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git