Resolves: RHEL-59579
This commit is contained in:
parent
7e52c7a01b
commit
ed5ad1f04e
12
nss-3.101-fips-check-ec25519-size.patch
Normal file
12
nss-3.101-fips-check-ec25519-size.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up ./lib/softoken/pkcs11u.c.fips_check_curver25519 ./lib/softoken/pkcs11u.c
|
||||
--- ./lib/softoken/pkcs11u.c.fips_check_curver25519 2024-11-11 11:24:25.186654635 +0100
|
||||
+++ ./lib/softoken/pkcs11u.c 2024-11-07 10:26:03.806562274 +0100
|
||||
@@ -2356,7 +2356,7 @@ sftk_getKeyLength(SFTKObject *source)
|
||||
* key length is CKA_VALUE, which is the default */
|
||||
keyType = CKK_INVALID_KEY_TYPE;
|
||||
}
|
||||
- if (keyType == CKK_EC) {
|
||||
+ if (keyType == CKK_EC || keyType == CKK_EC_EDWARDS || keyType == CKK_EC_MONTGOMERY) {
|
||||
SECOidTag curve = sftk_quickGetECCCurveOid(source);
|
||||
switch (curve) {
|
||||
case SEC_OID_CURVE25519:
|
7
nss.spec
7
nss.spec
@ -63,7 +63,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: %{nss_version}
|
||||
Release: 8%{?dist}
|
||||
Release: 9%{?dist}
|
||||
License: MPLv2.0
|
||||
URL: http://www.mozilla.org/projects/security/pki/nss/
|
||||
Requires: nspr >= %{nspr_version}%{nspr_release}
|
||||
@ -202,6 +202,7 @@ Patch84: nss-3.101-fix-pkcs12-pbkdf1-encoding.patch
|
||||
Patch85: nss-3.101-fix-cms-abi-break.patch
|
||||
Patch86: nss-3.101-long-pwd-fix.patch
|
||||
Patch87: nss-3.101-fix-shlibsign-fips.patch
|
||||
Patch88: nss-3.101-fips-check-ec25519-size.patch
|
||||
|
||||
#revert patches
|
||||
Patch300: nss-3.101-default-libpkix.patch
|
||||
@ -1000,6 +1001,10 @@ update-crypto-policies --no-reload &> /dev/null || :
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 11 2024 Frantisek Krenzelok <krenzelok.frantisek@gmail.com> - 3.101.0-9
|
||||
- Add SEC_OID_CURVE25519 to FIPS checks.
|
||||
- This will mark algorithm using it as FIPS unapproved.
|
||||
|
||||
* Mon Nov 4 2024 Bob Relyea <rrelyea@redhat.com> - 3.101.0-8
|
||||
- fix shlibsign to work when the system is in FIPS mode.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user