[krbdev.mit.edu #8353] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Jan 26 11:39:38 EST 2016
Replace MD5 use in rcache with SHA-256
The rcache implementation uses an unkeyed MD5 hash of the
authenticator to distinguish between different requests with equal
client principal, server principal, and microsecond time. When the
OpenSSL crypto provider is used and the underlying OpenSSL library is
run in FIPS mode, the MD5 algorithm is disabled and
gss_accept_sec_context() results in an abort in rcache processing.
This change effectively implements a different rcache extension.
The new extension identifier is 'SHA256:' (instead of 'HASH:')
and the new has algorithm is SHA-256.
https://github.com/krb5/krb5/commit/c546a30c7c9299a419f757768a3349bde09c9cd4
Author: Tomas Kuthan <tkuthan at gmail.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: c546a30c7c9299a419f757768a3349bde09c9cd4
Branch: master
src/lib/krb5/rcache/rc_conv.c | 22 +++++++++++-----------
src/lib/krb5/rcache/rc_dfl.c | 8 ++++----
2 files changed, 15 insertions(+), 15 deletions(-)
More information about the krb5-bugs
mailing list