Set RSA_FLAG_FIPS_METHOD for RSA methods

This makes the engine to set the flag regardless of the used device.  It
is the user responsibility to ensure the device is FIPS-140-2 certified.

Resolves: rhbz#1827535

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch

@@ -0,0 +1,11 @@
+--- a/src/p11_rsa.c	2019-04-03 21:58:18.000000000 +0200
++++ b/src/p11_rsa.c	2019-11-28 15:46:18.898258545 +0100
+@@ -478,7 +478,7 @@
+ 		if (ops == NULL)
+ 			return NULL;
+ 		RSA_meth_set1_name(ops, "libp11 RSA method");
+-		RSA_meth_set_flags(ops, 0);
++		RSA_meth_set_flags(ops, RSA_FLAG_FIPS_METHOD);
+ 		RSA_meth_set_priv_enc(ops, pkcs11_rsa_priv_enc_method);
+ 		RSA_meth_set_priv_dec(ops, pkcs11_rsa_priv_dec_method);
+ 		RSA_meth_set_finish(ops, pkcs11_rsa_free_method);

openssl-pkcs11.spec

@@ -1,5 +1,5 @@
 Version: 0.4.10
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 # Define the directory where the OpenSSL engines are installed
 %global enginesdir %{_libdir}/engines-1.1
@@ -15,6 +15,7 @@ Patch0:         openssl-pkcs11-0.4.10-various-bug-fixes.patch
 Patch1:         openssl-pkcs11-0.4.10-search-objects-in-all-matching-tokens.patch
 Patch2:         openssl-pkcs11-0.4.10-add-support-pin-source.patch
 Patch3:         openssl-pkcs11-0.4.10-set-rsa-flag-ext-pkey.patch
+Patch4:         openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch
 
 BuildRequires:  autoconf automake libtool
 BuildRequires:  openssl-devel
@@ -114,6 +115,9 @@ make check %{?_smp_mflags} || if [ $? -ne 0 ]; then cat tests/*.log; exit 1; fi;
 %endif
 
 %changelog
+* Mon Apr 27 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.4.10-6
+- Set RSA_FLAG_FIPS_METHOD for RSA methods (#1827535)
+
 * Mon Feb 03 2020 James Cassell <cyberpear@fedoraproject.org> - 0.4.10-5
 - minimization: depend on openssl-libs rather than openssl