From 5f92eba9327b8a17165686aea6855aac25eac895 Mon Sep 17 00:00:00 2001
From: Andrew Hughes <gnu.andrew@redhat.com>
Date: Wed, 21 Jan 2026 02:54:21 +0000
Subject: [PATCH] Update FIPS patch to include nss.fips.cfg that grants
 CKA_ENCRYPT

Resolves: RHEL-142865
---
 java-1.8.0-openjdk.spec | 2 ++
 nss.fips.cfg.in         | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 2fd9a42..d82b699 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -2726,11 +2726,13 @@ cjc.mainProgram(args)
 - Set bundled FreeType version to 2.13.2 following JDK-8316028
 - Bump LCMS 2 version to 2.14.0 following JDK-8297088
 - Bump libpng version to 1.6.51 following JDK-8372534
+- Update FIPS patch to include nss.fips.cfg that grants CKA_ENCRYPT
 - ** This tarball is embargoed until 2026-01-20 @ 1pm PT. **
 - Resolves: RHEL-142689
 - Resolves: RHEL-139521
 - Resolves: RHEL-131446
 - Resolves: RHEL-131459
+- Resolves: RHEL-142865
 
 * Sat Oct 18 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.472.b08-2
 - Bump rpmrelease for CentOS build
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
index 2d9ec35..cdde3e7 100644
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@@ -4,5 +4,5 @@ nssSecmodDirectory = sql:/etc/pki/nssdb
 nssDbMode = readOnly
 nssModule = fips
 
-attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
+attributes(*,CKO_SECRET_KEY,*)={ CKA_SIGN=true CKA_ENCRYPT=true }