freeipa

Clone
Source Code
GIT

ca561f7 Vault: add additional fallback to RSA-OAEP wrapping algo

1 file Authored by rcritten 4 months ago, Committed by frenaud 4 months ago,
raw patch tree parent
1 file changed. 6 lines added. 2 lines removed.
ipaclient/plugins/vault.py
file modified
+6 -2 
    Vault: add additional fallback to RSA-OAEP wrapping algo
    
    There is a fallback when creating the wrapping key but one was missing
    when trying to use the cached transport_cert.
    
    This allows, along with forcing keyWrap.useOAEP=true, vault creation
    on an nCipher HSM.
    
    This can be seen in HSMs where the device doesn't support the
    PKCS#1 v1.5 mechanism. It will error out with either "invalid
    algorithm" or CKR_FUNCTION_FAILED.
    
    Related: https://pagure.io/freeipa/issue/9191
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
file modified
+6 -2
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.