Bug 2142517

Summary: OpenSSL PKCS#11 provider compatibility
Product: Red Hat Enterprise Linux 9 Reporter: Dmitry Belyavskiy <dbelyavs>
Component: opensslAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: medium Docs Contact:
Priority: medium    
Version: 9.2CC: cllang, hkario, ssorce
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-3.0.7-2.el9 Doc Type: Enhancement
Doc Text:
Feature: backport of several bugfixes improving compatibility with 3rd-party openssl providers Reason: Result:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 08:20:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitry Belyavskiy 2022-11-14 10:03:43 UTC 
OpenSSL PKCS#11 provider requires OpenSSL 3.0.5 and some more upstream changes to deal with non-exportable private keys. These changes should go to 9.2
Comment 2 Simo Sorce 2022-11-21 16:05:29 UTC 
List of needed commits from master tree:

EVP_PKEY_eq: regain compatibility with the 3.0.0 FIPS provider
c342004e07fd2c03a672f79353d13554fe0ffdaf
^^ already in 3.0.7

Propagate selection all the way on key export:
98642df4ba886818900ab7e6b23703544e6addd4

Update documentation for keymgmt export utils
504427eb5f32108dd64ff7858012863fe47b369b

Add test for EVP_PKEY_eq
e5202fbd461cb6c067874987998e91c6093e5267

Drop explicit check for engines in opt_legacy_okay
2fea56832780248af2aba2e4433ece2d18428515
Comment 9 errata-xmlrpc 2023-05-09 08:20:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Low: openssl security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:2523