URL: https://github.com/SSSD/sssd/pull/833 Author: alexey-tikhonov Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1() Action: opened
PR body: """ Implementation of sss_hmac_sha1() was changed (again) to support broader range of OpenSSL versions.
Resolves: https://pagure.io/SSSD/sssd/issue/4026
For rationale of API choose please see comments in the ticket. """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/833/head:pr833 git checkout pr833
URL: https://github.com/SSSD/sssd/pull/833 Author: alexey-tikhonov Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1() Action: edited
Changed field: body Original value: """ Implementation of sss_hmac_sha1() was changed (again) to support broader range of OpenSSL versions.
Resolves: https://pagure.io/SSSD/sssd/issue/4026
For rationale of API choose please see comments in the ticket. """
URL: https://github.com/SSSD/sssd/pull/833 Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1()
alexey-tikhonov commented: """ @jhrozek, could you please check if this works on your F-28 based VM now? """
See the full comment at https://github.com/SSSD/sssd/pull/833#issuecomment-504100409
URL: https://github.com/SSSD/sssd/pull/833 Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1()
alexey-tikhonov commented: """ @jhrozek, could you please check if this works on your F-28 based VM now?
It was ok on internal CI F-27 with enforced OpenSSL. """
See the full comment at https://github.com/SSSD/sssd/pull/833#issuecomment-504100409
URL: https://github.com/SSSD/sssd/pull/833 Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1()
jhrozek commented: """ I guess the covscan instance must have been updated because it found several potential issues I have not seen before. We should triage them eventually, but they are all in parts of code unrelated to this patch. """
See the full comment at https://github.com/SSSD/sssd/pull/833#issuecomment-505323325
URL: https://github.com/SSSD/sssd/pull/833 Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1()
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/833 Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1()
jhrozek commented: """ * master: ee23b8e3a42f70b350f532f3599b00ca85ba191b
@alexey-tikhonov please let me know if you'd prefer to have this patch backported to sssd-1-16 as well. I can see both sides of the argument, on the one hand, we shouldn't needlessly backport patches which might potentially cause issues in the stable branch, OTOH not having these patches in a stable branch might cause backporting of any future patches even riskier. A compromise might be to not backport them now, but wait if we need to touch the crypto code in sssd-1-16 at all in the future.. """
See the full comment at https://github.com/SSSD/sssd/pull/833#issuecomment-505605735
URL: https://github.com/SSSD/sssd/pull/833 Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1()
Label: +Pushed
URL: https://github.com/SSSD/sssd/pull/833 Author: alexey-tikhonov Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1() Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/833/head:pr833 git checkout pr833
URL: https://github.com/SSSD/sssd/pull/833 Title: #833: util/crypto/libcrypto: changed sss_hmac_sha1()
alexey-tikhonov commented: """
@alexey-tikhonov please let me know if you'd prefer to have this patch backported to sssd-1-16 as well. I can see both sides of the argument, on the one hand, we shouldn't needlessly backport patches which might potentially cause issues in the stable branch, OTOH not having these patches in a stable branch might cause backporting of any future patches even riskier.
I would not backport this now. If I understand correctly, at the moment there is not intention to introduce FIPS compliance in 1-16 branch.
"""
See the full comment at https://github.com/SSSD/sssd/pull/833#issuecomment-505803985
sssd-devel@lists.fedorahosted.org