feat(fips): include openssl's fips.so and openssl.cnf

author Pavel Valena <pvalena@redhat.com>

Wed, 16 Aug 2023 12:02:51 +0000 (14:02 +0200)

committer Laszlo <laszlo.gombos@gmail.com>

Sat, 19 Oct 2024 11:57:17 +0000 (07:57 -0400)
author Pavel Valena <pvalena@redhat.com>
Wed, 16 Aug 2023 12:02:51 +0000 (14:02 +0200)
committer Laszlo <laszlo.gombos@gmail.com>
Sat, 19 Oct 2024 11:57:17 +0000 (07:57 -0400)
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh

index a497ac5c5f675f2c5a325f96f2e0b406980143b7..ed4ef20b98b19e42e0b28ae5113d05ef7eb07827 100755 (executable)
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -62,4 +62,17 @@ install() {
      inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort cat tail tr
  
      inst_simple /etc/system-fips
+
+    # if we have openssl we need to install their fips library and configuration
+    [ -x /usr/bin/openssl ] && {
+        read -r _ conf < <(openssl version -d)
+        conf=${conf#\"}
+        conf=${conf%\"}
+        inst_simple "${moddir}/openssl.cnf" "$conf/openssl.cnf"
+
+        read -r _ mod < <(openssl version -m)
+        mod=${mod#\"}
+        mod=${mod%\"}
+        inst_simple "$mod/fips.so"
+    }
  }
diff --git a/modules.d/01fips/openssl.cnf b/modules.d/01fips/openssl.cnf

new file mode 100644 (file)

index 0000000..ee9adcf
--- /dev/null
+++ b/modules.d/01fips/openssl.cnf
@@ -0,0 +1,7 @@
+openssl_conf = openssl_init
+[openssl_init]
+providers = provider_sect
+[provider_sect]
+default = default_sect
+[default_sect]
+activate = 1
author	Pavel Valena <pvalena@redhat.com>
	Wed, 16 Aug 2023 12:02:51 +0000 (14:02 +0200)
committer	Laszlo <laszlo.gombos@gmail.com>
	Sat, 19 Oct 2024 11:57:17 +0000 (07:57 -0400)
modules.d/01fips/module-setup.sh		patch \| blob \| blame \| history
modules.d/01fips/openssl.cnf	[new file with mode: 0644]	patch \| blob