Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-88912

pkcs12 should not default to pbmac1 in FIPS mode in RHEL-9

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • openssl-3.5.0-2.el9
    • No
    • Low
    • 2
    • rhel-security-crypto
    • ssg_security
    • 19
    • 26
    • 0.2
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto25Q2, Crypto25July
    • Hide

      AC1) pbmac1 is not required for importing PKCS#12 files in FIPS mode
      AC2) OpenSSL does not generate PKCS#12 with PBMAC1 by default when in FIPS mode
      AC3) Import of PKCS#12 files with PBMAC1 is supported in both regular and FIPS mode
      AC4) Export of PKCS#12 files with PBMAC1, when specified through command line options, is possible in regular and FIPS mode

      Show
      AC1) pbmac1 is not required for importing PKCS#12 files in FIPS mode AC2) OpenSSL does not generate PKCS#12 with PBMAC1 by default when in FIPS mode AC3) Import of PKCS#12 files with PBMAC1 is supported in both regular and FIPS mode AC4) Export of PKCS#12 files with PBMAC1, when specified through command line options, is possible in regular and FIPS mode
    • Pass
    • Not Needed
    • Automated
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • All
    • None

      OpenSSL for RHEL-9 should be reverted to the original behavior and not require pbmac1 for PKCS12 files to process them in FIPS mode.

              dbelyavs@redhat.com Dmitry Belyavskiy
              rh-ee-gpantela Georgios Stavros Pantelakis
              Dmitry Belyavskiy Dmitry Belyavskiy
              Georgios Stavros Pantelakis Georgios Stavros Pantelakis
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: