[4.5] Manual rebase of OTP FIPS mode fixes #1678
Closed
Commits on Mar 13, 2018
-
Fix OTP validation in FIPS mode
NSS doesn't allow keys to be loaded directly in FIPS mode. To work around this, we encrypt the input key using an ephemeral key and then unwrap the encrypted key. https://pagure.io/freeipa/issue/7168 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
-
Increase the default token key size
The previous default token key size would fail in FIPS mode for the sha384 and sha512 algorithms. With the updated key size, the default will work in all cases. https://pagure.io/freeipa/issue/7168 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
-
Revert "Don't allow OTP or RADIUS in FIPS mode"
This reverts commit 16a952a. OTP now works in FIPS mode. RADIUS can be made to be compliant by wrapping traffic in a VPN. https://pagure.io/freeipa/issue/7168 https://pagure.io/freeipa/issue/7243 Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.