[19922] in Kerberos_V5_Development

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

FIPS support for Kerberos

daemon@ATHENA.MIT.EDU (Abhidnya Joshi)
Fri May 3 01:15:25 2019

MIME-Version: 1.0
From: Abhidnya Joshi <abhidnyachirmule@gmail.com>
Date: Fri, 3 May 2019 10:44:48 +0530
Message-ID: <CALmqtCUGUm913e03hzwCppEhhcYzNk+tTF78XdPWbeQT+ekSVA@mail.gmail.com>
To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

Hi All,

Is there a FIPS compliant version of Kerberos library available?

Even if I build it with fips comliant openssl crypto, it gives problem for
low level functions calls like SHA256_init, AES_set_encrypt_key, etc.
Openssl libcrypto aborts on call to such function when FIPS mode is on.

There is also MD5 used via krb5_rc_hash_message() which aborts via openssl
libcrypto.

Any suggestion/comments on how to handle this? ANy configurable to control
these options?

Thanks
Abhidnya Joshi
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home	help	back	first	fref	pref	prev	next	nref	lref	last	post