RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see: https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ATTRS
This commit is contained in:
parent
100440c51e
commit
2d53004059
@ -344,7 +344,7 @@
|
|||||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||||
# eg jdk8u60-b27 -> b27
|
# eg jdk8u60-b27 -> b27
|
||||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||||
%global rpmrelease 1
|
%global rpmrelease 2
|
||||||
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
@ -2781,6 +2781,9 @@ cjc.mainProgram(args)
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:1.8.0.332.b09-2
|
||||||
|
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
|
||||||
|
|
||||||
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.332.b09-1
|
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.332.b09-1
|
||||||
- Update to shenandoah-jdk8u332-b09 (GA)
|
- Update to shenandoah-jdk8u332-b09 (GA)
|
||||||
- Update release notes for 8u332-b09.
|
- Update release notes for 8u332-b09.
|
||||||
|
@ -4,3 +4,5 @@ nssSecmodDirectory = sql:/etc/pki/nssdb
|
|||||||
nssDbMode = readOnly
|
nssDbMode = readOnly
|
||||||
nssModule = fips
|
nssModule = fips
|
||||||
|
|
||||||
|
attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user