From 8e5beb77088bfec064d60506b1e76ddb0ac417fe Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Wed, 21 Feb 2024 11:36:30 +0100 Subject: [PATCH] Use certified FIPS module instead of freshly built one in Red Hat distribution Related: RHEL-23474 --- openssl.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/openssl.spec b/openssl.spec index 20e5027..944551b 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.7 -Release: 26%{?dist} +Release: 27%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -230,9 +230,6 @@ BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), BuildRequires: git-core Requires: coreutils Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} -%if ( %{defined rhel} && (! %{defined centos}) ) -Requires: openssl-fips-provider -%endif %description The OpenSSL toolkit provides support for secure communications between @@ -244,6 +241,9 @@ protocols. Summary: A general purpose cryptography library with TLS implementation Requires: ca-certificates >= 2008-5 Requires: crypto-policies >= 20180730 +%if ( %{defined rhel} && (! %{defined centos}) ) +Requires: openssl-fips-provider +%endif %description libs OpenSSL is a toolkit for supporting cryptography. The openssl-libs @@ -553,6 +553,10 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco %ldconfig_scriptlets libs %changelog +* Wed Feb 21 2024 Dmitry Belyavskiy - 1:3.0.7-27 +- Use certified FIPS module instead of freshly built one in Red Hat distribution + Related: RHEL-23474 + * Tue Nov 21 2023 Dmitry Belyavskiy - 1:3.0.7-26 - Avoid implicit function declaration when building openssl Related: RHEL-1780