Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
Disabling EVP_PKEY_sign and EVP_PKEY_verify also breaks EVP_SignFinal, which is used by many applications, among them OpenSSH. This change thus broke sshd in FIPS mode. Revert it for now until we found a better solution. Related: rhbz#2087147 Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
Clemens Lang
parent
794d81540e
commit
96926ffe00
@ -118,7 +118,8 @@ Patch58: 0058-FIPS-limit-rsa-encrypt.patch
|
||||
Patch60: 0060-FIPS-KAT-signature-tests.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
|
||||
Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
|
||||
Patch62: 0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
|
||||
# Disabled for now because it breaks EVP_SignFinal
|
||||
#Patch62: 0062-Disable-EVP_PKEY_-sign-verify-in-FIPS-provider.patch
|
||||
# https://github.com/openssl/openssl/pull/18141
|
||||
Patch63: 0063-CVE-2022-1473.patch
|
||||
# upstream commits 55c80c222293a972587004c185dc5653ae207a0e 2eda98790c5c2741d76d23cc1e74b0dc4f4b391a
|
||||
@ -463,6 +464,8 @@ install -m644 %{SOURCE9} \
|
||||
- Resolves: rhbz#2087911
|
||||
- CVE-2022-1292 openssl: c_rehash script allows command injection
|
||||
- Resolves: rhbz#2090362
|
||||
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
|
||||
Related: rhbz#2087147
|
||||
|
||||
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-32
|
||||
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
|
||||
|
||||
Loading…
Reference in New Issue
Block a user