When FIPS provider is in use, we forbid only some padding modes - spec

Resolves: rhbz#2053289
2022-05-02 18:33:35 +02:00 · 2022-05-02 18:33:35 +02:00 · 6ba0e5efa3
commit 6ba0e5efa3
parent 067b6b249b
1 changed files with 8 additions and 1 deletions
--- a/openssl.spec
+++ b/openssl.spec
@ -15,7 +15,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 24%{?dist}
+Release: 25%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -94,6 +94,8 @@ Patch55: 0055-nonlegacy-fetch-null-deref.patch
 Patch56: 0056-strcasecmp.patch
 # https://github.com/openssl/openssl/pull/18175
 Patch57: 0057-strcasecmp-fix.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
+Patch58: 0058-FIPS-limit-rsa-encrypt.patch

 License: ASL 2.0
 URL: http://www.openssl.org/
@ -424,6 +426,11 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs

 %changelog
+* Mon May 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-25
+- FIPS provider should block RSA encryption for key transport.
+- Other RSA encryption options should still be available
+- Resolves: rhbz#2053289
+
 * Thu Apr 28 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-24
 - Fix regression in evp_pkey_name2type caused by tr_TR locale fix
  Resolves: rhbz#2071631