Back to bug 2160797
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-01-13 18:14:09 UTC | Pool ID | sst_security_crypto_rhel_9 | |
| Red Hat One Jira (issues.redhat.com) | 2023-01-13 18:16:42 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-145084 | |
| Hubert Kario | 2023-01-13 19:51:20 UTC | Summary | openssl smime command defaults to 3DES and PKCS#1v1.5 encryption in FIPS mode | openssl smime and cms commands default to 3DES and PKCS#1v1.5 encryption in FIPS mode |
| Hubert Kario | 2023-01-16 12:13:50 UTC | Doc Text | Cause: OpenSSL cms and smime commands default to legacy algorithms, like 3DES for symmetric encryption and PKCS#1 v1.5 for asymmetric encryption. Consequence: Those algorithms are forbidden in FIPS mode, thus the operations fail. Workaround (if any): There is no workaround for use of PKCS#1 v1.5 encryption in smime command. For cms command, it's possible to specify the recipient using the -recip switch and then set the padding used using -keyopt rsa_padding_mode:oaep to use OAEP. For use of 3DES, both commands accept accept -aes128 and -aes256 switch to change the symmetric algorithm. Result: Encrypting files using cms and smime commands in FIPS mode doesn't work with default settings. | |
| Doc Type | If docs needed, set a value | Known Issue | ||
| RHEL Program Management | 2023-01-16 12:14:01 UTC | Keywords | Triaged | |
| Red Hat One Jira (issues.redhat.com) | 2023-01-16 12:16:48 UTC | Link ID | Red Hat Issue Tracker CRYPTO-9281 | |
| Red Hat One Jira (issues.redhat.com) | 2023-01-16 12:16:50 UTC | Link ID | Red Hat Issue Tracker CRYPTO-9282 | |
| Hubert Kario | 2023-05-22 11:30:03 UTC | QA Contact | qe-baseos-security | hkario |
| Dmitry Belyavskiy | 2023-05-22 11:37:01 UTC | Status | NEW | MODIFIED |
| errata-xmlrpc | 2023-05-22 19:00:44 UTC | Fixed In Version | openssl-3.0.7-18.el9 | |
| Status | MODIFIED | ON_QA | ||
| Hubert Kario | 2023-06-19 11:54:16 UTC | Status | ON_QA | VERIFIED |
| Simo Sorce | 2023-06-20 13:14:07 UTC | Link ID | Red Hat Issue Tracker CRYPTO-9282 | |
| Red Hat One Jira (issues.redhat.com) | 2023-06-20 13:17:06 UTC | Link ID | Red Hat Issue Tracker CRYPTO-9282 | |
| Lucie Vařáková | 2023-07-12 12:21:16 UTC | Docs Contact | mjahoda |
Back to bug 2160797