Resolves: rhbz#2091905

- remove OAEP from the fips indicator list
2022-08-24 15:28:58 -07:00 · 2022-08-24 15:28:58 -07:00 · dcbd11ce7c
parent cba98b139c
commit dcbd11ce7c
2 changed files with 8 additions and 5 deletions
--- a/nss-3.79-fips.patch
+++ b/nss-3.79-fips.patch
@ -163,7 +163,7 @@ diff --git a/lib/softoken/config.mk b/lib/softoken/config.mk
 diff --git a/lib/softoken/fips_algorithms.h b/lib/softoken/fips_algorithms.h
 --- a/lib/softoken/fips_algorithms.h
 +++ b/lib/softoken/fips_algorithms.h
-@@ -49,33 +49,46 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] 
+@@ -49,33 +49,45 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] 
 #define CKF_KEK (CKF_WRAP | CKF_UNWRAP)
 #define CKF_KEA CKF_DERIVE
 #define CKF_KDF CKF_DERIVE
@ -187,7 +187,7 @@ diff --git a/lib/softoken/fips_algorithms.h b/lib/softoken/fips_algorithms.h
 #define AES_FB_STEP 64
     { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone },
     { CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
-     { CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone },
+-    { CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone },
 +    { CKM_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone },
 +
     /* -------------- RSA Multipart Signing Operations -------------------- */
@ -211,7 +211,7 @@ diff --git a/lib/softoken/fips_algorithms.h b/lib/softoken/fips_algorithms.h
     { CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
     { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
     { CKM_DSA_PARAMETER_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
-@@ -95,76 +108,73 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] 
+@@ -95,76 +107,73 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] 
     { CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
     { CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
     { CKM_ECDSA_SHA512, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
--- a/nss.spec
+++ b/nss.spec
@ -1,6 +1,6 @@
 %global nss_version 3.79.0
 %global nspr_version 4.34.0
-%global baserelease 12
+%global baserelease 13
 %global nss_release %baserelease
 # NOTE: To avoid NVR clashes of nspr* packages:
 # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
@ -1154,7 +1154,10 @@ update-crypto-policies &> /dev/null || :


 %changelog
-* Mon Aug 11 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-12
+* Wed Aug 24 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-13
+- remove OAEP from the FIPS indicators
+
+* Thu Aug 11 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-12
 - only turn off rand changes on all non-fips kernels

 * Mon Aug 8 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-11