SUNRPC: Add gk5e definitions for RFC 8009 encryption types - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Chuck Lever <chuck.lever@oracle.com>	2023-01-15 20:22:43 +0300
committer	Chuck Lever <chuck.lever@oracle.com>	2023-02-20 17:20:43 +0300
commit	a40cf7530d3104793f9361e69e84ada7960724f2 (patch)
tree	10596e99e15f34ed07be0407d1cae635a4083e2e /lib
parent	dfb632432a9b2548b5a4429598bb19edf58122f0 (diff)
download	linux-a40cf7530d3104793f9361e69e84ada7960724f2.tar.xz

SUNRPC: Add gk5e definitions for RFC 8009 encryption types

Fill in entries in the supported_gss_krb5_enctypes array for the encryption types defined in RFC 8009. These new enctypes use the SHA-256 and SHA-384 message digest algorithms (as defined in FIPS-180) instead of the deprecated SHA-1 algorithm, and are thus more secure. Note that NIST has scheduled SHA-1 for deprecation: https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm Thus these new encryption types are placed under a separate CONFIG option to enable distributors to separately introduce support for the AES-SHA2 enctypes and deprecate support for the current set of AES-SHA1 encryption types as their user space allows. As this implementation is still a "beta", the default is to not build it automatically. Tested-by: Scott Mayhew <smayhew@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>

Diffstat (limited to 'lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: