From 6ba0e5efa37d3fc453a22a1458916266cde30aea Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Mon, 2 May 2022 18:33:35 +0200 Subject: [PATCH] When FIPS provider is in use, we forbid only some padding modes - spec Resolves: rhbz#2053289 --- openssl.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index 00a31d1..275a680 100644 --- a/openssl.spec +++ b/openssl.spec @@ -15,7 +15,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.1 -Release: 24%{?dist} +Release: 25%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -94,6 +94,8 @@ Patch55: 0055-nonlegacy-fetch-null-deref.patch Patch56: 0056-strcasecmp.patch # https://github.com/openssl/openssl/pull/18175 Patch57: 0057-strcasecmp-fix.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2053289 +Patch58: 0058-FIPS-limit-rsa-encrypt.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -424,6 +426,11 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Mon May 02 2022 Dmitry Belyavskiy - 1:3.0.1-25 +- FIPS provider should block RSA encryption for key transport. +- Other RSA encryption options should still be available +- Resolves: rhbz#2053289 + * Thu Apr 28 2022 Clemens Lang - 1:3.0.1-24 - Fix regression in evp_pkey_name2type caused by tr_TR locale fix Resolves: rhbz#2071631