From 5fa0564b3aea3f2c2c2bd18082a9a3d96f818688 Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Thu, 27 May 2021 15:53:25 +0200 Subject: [PATCH] Enable FIPS via config options Resolves: rhbz#1903209 Signed-off-by: Sahana Prasad --- openssl.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/openssl.spec b/openssl.spec index 6aa064d..1678a08 100644 --- a/openssl.spec +++ b/openssl.spec @@ -15,7 +15,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.0 -Release: 0.alpha16.1%{?dist} +Release: 0.alpha16.2%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -194,7 +194,7 @@ export HASHBANGPERL=/usr/bin/perl --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/openssl.config \ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \ - enable-cms enable-md2 enable-rc5 enable-ktls \ + enable-cms enable-md2 enable-rc5 enable-ktls enable-fips\ no-idea no-mdc2 no-ec2m no-sm2 no-sm4 \ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' @@ -342,6 +342,7 @@ export LD_LIBRARY_PATH %dir %{_sysconfdir}/pki/tls/misc %dir %{_sysconfdir}/pki/tls/private %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf +%config(noreplace) %{_sysconfdir}/pki/tls/fipsmodule.cnf %config(noreplace) %{_sysconfdir}/pki/tls/ct_log_list.cnf %attr(0755,root,root) %{_libdir}/libcrypto.so.%{version} %{_libdir}/libcrypto.so.%{soversion} @@ -372,6 +373,9 @@ export LD_LIBRARY_PATH %ldconfig_scriptlets libs %changelog +* Thu May 27 2021 Sahana Prasad 3.0.0-0.alpha16.2 +- Enable FIPS via config options + * Mon May 17 2021 Sahana Prasad 3.0.0-0.alpha16.1 - Update to alpha 16 version Resolves: rhbz#1952901 openssl sends alert after orderly connection close