diff --git a/SOURCES/ECDSA-validation-in-FIPS.patch b/SOURCES/ECDSA-validation-in-FIPS.patch
new file mode 100644
index 0000000..bc7c7ac
--- /dev/null
+++ b/SOURCES/ECDSA-validation-in-FIPS.patch
@@ -0,0 +1,39 @@
+--- xmlsec1-1.2.20/src/openssl/signatures.c     2014-05-27 14:29:01.000000000 -0400
++++ xmlsec1-1.2.20-fips-ecdsa/src/openssl/signatures.c  2022-04-26 10:54:52.307545779 -0400
+@@ -1333,7 +1333,7 @@
+     NID_ecdsa_with_SHA224,
+     SHA224_DIGEST_LENGTH,
+ #ifndef XMLSEC_OPENSSL_096
+-    0,
++    EVP_MD_FLAG_FIPS,
+     xmlSecOpenSSLEcdsaSha224EvpInit,
+     xmlSecOpenSSLEcdsaSha224EvpUpdate,
+     xmlSecOpenSSLEcdsaSha224EvpFinal,
+@@ -1431,7 +1431,7 @@
+     NID_ecdsa_with_SHA256,
+     SHA256_DIGEST_LENGTH,
+ #ifndef XMLSEC_OPENSSL_096
+-    0,
++    EVP_MD_FLAG_FIPS,
+     xmlSecOpenSSLEcdsaSha256EvpInit,
+     xmlSecOpenSSLEcdsaSha256EvpUpdate,
+     xmlSecOpenSSLEcdsaSha256EvpFinal,
+@@ -1529,7 +1529,7 @@
+     NID_ecdsa_with_SHA384,
+     SHA384_DIGEST_LENGTH,
+ #ifndef XMLSEC_OPENSSL_096
+-    0,
++    EVP_MD_FLAG_FIPS,
+     xmlSecOpenSSLEcdsaSha384EvpInit,
+     xmlSecOpenSSLEcdsaSha384EvpUpdate,
+     xmlSecOpenSSLEcdsaSha384EvpFinal,
+@@ -1627,7 +1627,7 @@
+     NID_ecdsa_with_SHA512,
+     SHA512_DIGEST_LENGTH,
+ #ifndef XMLSEC_OPENSSL_096
+-    0,
++    EVP_MD_FLAG_FIPS,
+     xmlSecOpenSSLEcdsaSha512EvpInit,
+     xmlSecOpenSSLEcdsaSha512EvpUpdate,
+     xmlSecOpenSSLEcdsaSha512EvpFinal,
+
diff --git a/SPECS/xmlsec1.spec b/SPECS/xmlsec1.spec
index 6662cde..4c96a4a 100644
--- a/SPECS/xmlsec1.spec
+++ b/SPECS/xmlsec1.spec
@@ -1,7 +1,7 @@
 Summary: Library providing support for "XML Signature" and "XML Encryption" standards
 Name: xmlsec1
 Version: 1.2.20
-Release: 7%{?dist}%{?extra_release}
+Release: 8%{?dist}%{?extra_release}
 License: MIT
 Group: System Environment/Libraries
 Source0: http://www.aleksey.com/xmlsec/download/xmlsec1-%{version}.tar.gz
@@ -22,8 +22,9 @@ BuildRequires: automake
 BuildRequires: gettext-devel
 BuildRequires: libtool
 
-Patch3: xmlsec1-1.2.20-covscan-fixes.patch
-Patch10: CVE-2017-1000061.patch
+Patch1: xmlsec1-1.2.20-covscan-fixes.patch
+Patch2: CVE-2017-1000061.patch
+Patch3: ECDSA-validation-in-FIPS.patch
 
 %description
 XML Security Library is a C library based on LibXML2  and OpenSSL.
@@ -126,8 +127,9 @@ Libraries, includes, etc. for developing XML Security applications with NSS.
 
 %prep
 %setup -q
-%patch3 -p1 -b .covscan
-%patch10 -p1 -b .CVE-2017-1000061
+%patch -P 1 -p1 -b .covscan
+%patch -P 2 -p1 -b .CVE-2017-1000061
+%patch -P 3 -p1 -b .ECDSA-validation-in-FIPS
 
 %build
 autoreconf -if
@@ -221,14 +223,19 @@ rm -fr ${RPM_BUILD_ROOT}
 %{_libdir}/pkgconfig/xmlsec1-nss.pc
 
 %changelog
-* Wed Aug  9 2017 Simo Sorce <simo@redhat.com> - 1.2.20-7
+* Wed Oct 11 2023 Tomas Halman <thalman@redhat.com> - 1.2.20-8
+- xmlsec1 fails to validate XML signatures made using ECDSA algorithm in FIPS mode
+- Resolves: RHEL-3337
+
+* Wed Aug 9 2017 Simo Sorce <simo@redhat.com> - 1.2.20-7
 - CVE-2017-1000061
 - Related: #1472092
+- Resolves: #1472091
 - Fix mis-applied patch hunk
 
 * Tue Jul 18 2017 Simo Sorce <simo@redhat.com> - 1.2.20-6
 - CVE-2017-1000061
-- Resolves: #1472092
+- Resolves: #1472091
 
 * Fri Sep  5 2014 Simo Sorce <simo@redhat.com> - 1.2.20-5
 - Add package to RHEL7