forked from rpms/openssl
Use certified FIPS module instead of freshly built one in Red Hat distribution
Resolves: RHEL-23474
This commit is contained in:
parent
50997010d1
commit
b9f699b8a8
14
openssl.spec
14
openssl.spec
@ -230,6 +230,9 @@ BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy),
|
||||
BuildRequires: git-core
|
||||
Requires: coreutils
|
||||
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
%if ( %{defined rhel} && (! %{defined centos}) )
|
||||
Requires: openssl-fips-provider
|
||||
%endif
|
||||
|
||||
%description
|
||||
The OpenSSL toolkit provides support for secure communications between
|
||||
@ -393,6 +396,14 @@ make test HARNESS_JOBS=8
|
||||
# Add generation of HMAC checksum of the final stripped library
|
||||
# We manually copy standard definition of __spec_install_post
|
||||
# and add hmac calculation/embedding to fips.so
|
||||
%if ( %{defined rhel} && (! %{defined centos}) )
|
||||
%define __spec_install_post \
|
||||
rm -rf $RPM_BUILD_ROOT/%{_libdir}/ossl-modules/fips.so \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
%{__os_install_post} \
|
||||
%{nil}
|
||||
%else
|
||||
%define __spec_install_post \
|
||||
%{?__debug_package:%{__debug_install_post}} \
|
||||
%{__arch_install_post} \
|
||||
@ -402,6 +413,7 @@ make test HARNESS_JOBS=8
|
||||
mv $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.mac $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so \
|
||||
rm $RPM_BUILD_ROOT%{_libdir}/ossl-modules/fips.so.hmac \
|
||||
%{nil}
|
||||
%endif
|
||||
|
||||
%define __provides_exclude_from %{_libdir}/openssl
|
||||
|
||||
@ -558,6 +570,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
||||
Resolves: RHEL-20249
|
||||
- Denial of service via null dereference in PKCS#12
|
||||
Resolves: RHEL-22486
|
||||
- Use certified FIPS module instead of freshly built one in Red Hat distribution
|
||||
Resolves: RHEL-23474
|
||||
|
||||
* Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
|
||||
- Provide relevant diagnostics when FIPS checksum is corrupted
|
||||
|
Loading…
Reference in New Issue
Block a user