Support OpenSSL FIPS mode
Resolves: rhbz#2127923
This commit is contained in:
		
							parent
							
								
									9da0c35872
								
							
						
					
					
						commit
						970db8561e
					
				
							
								
								
									
										1189
									
								
								00329-fips.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1189
									
								
								00329-fips.patch
									
									
									
									
									
										Normal file
									
								
							
										
											
												File diff suppressed because it is too large
												Load Diff
											
										
									
								
							| @ -20,7 +20,7 @@ URL: https://www.python.org/ | ||||
| #global prerel ... | ||||
| %global upstream_version %{general_version}%{?prerel} | ||||
| Version: %{general_version}%{?prerel:~%{prerel}} | ||||
| Release: 1%{?dist} | ||||
| Release: 2%{?dist} | ||||
| License: Python | ||||
| 
 | ||||
| 
 | ||||
| @ -306,6 +306,21 @@ Patch251: 00251-change-user-install-location.patch | ||||
| # Ideally, we should talk to upstream and explain why we don't want this | ||||
| Patch328: 00328-pyc-timestamp-invalidation-mode.patch | ||||
| 
 | ||||
| # 00329 # | ||||
| # Support OpenSSL FIPS mode | ||||
| # - In FIPS mode, OpenSSL wrappers are always used in hashlib | ||||
| # - The "usedforsecurity" keyword argument can be used to the various digest | ||||
| #   algorithms in hashlib so that you can whitelist a callsite with | ||||
| #   "usedforsecurity=False" | ||||
| # - OpenSSL wrappers for the hashes blake2{b512,s256}, | ||||
| # - In FIPS mode, the blake2 hashes use OpenSSL wrappers | ||||
| #   and do not offer extended functionality (keys, tree hashing, custom digest size) | ||||
| # | ||||
| # - In FIPS mode, hmac.HMAC can only be instantiated with an OpenSSL wrapper | ||||
| #   or a string with OpenSSL hash name as the "digestmod" argument. | ||||
| #   The argument must be specified (instead of defaulting to ‘md5’). | ||||
| Patch329: 00329-fips.patch | ||||
| 
 | ||||
| # 00371 # c1754d9c2750f89cb702e1b63a99201f5f7cff00 | ||||
| # Revert "bpo-1596321: Fix threading._shutdown() for the main thread (GH-28549) (GH-28589)" | ||||
| # | ||||
| @ -1584,6 +1599,9 @@ CheckPython optimized | ||||
| # ====================================================== | ||||
| 
 | ||||
| %changelog | ||||
| * Thu Feb 16 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.11.2-2 | ||||
| - Support OpenSSL FIPS mode | ||||
| 
 | ||||
| * Thu Feb 09 2023 Charalampos Stratakis <cstratak@redhat.com> - 3.11.2-1 | ||||
| - Update to 3.11.2 | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user