From ecc17a2cd574b31ce6f95f5a7d8ee6c62ecbb51b Mon Sep 17 00:00:00 2001 From: Pavel Valena Date: Wed, 16 Aug 2023 14:02:51 +0200 Subject: [PATCH] fix(fips): include openssl's fips.so and openssl.cnf Resolves: #2176560 --- modules.d/01fips/module-setup.sh | 13 +++++++++++++ modules.d/01fips/openssl.cnf | 7 +++++++ 2 files changed, 20 insertions(+) diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh index cc9d15ce..7ff5e640 100755 --- a/modules.d/01fips/module-setup.sh +++ b/modules.d/01fips/module-setup.sh @@ -82,4 +82,17 @@ install() { dfatal "To create an initramfs with fips support, dracut has to run as root" return 1 } + + # if we have openssl we need to install their fips library and configuration + [ -x /usr/bin/openssl ] && { + read -r _ conf < <(openssl version -d) + conf=${conf#\"} + conf=${conf%\"} + inst_simple "${moddir}/openssl.cnf" "$conf/openssl.cnf" + + read -r _ mod < <(openssl version -m) + mod=${mod#\"} + mod=${mod%\"} + inst_simple "$mod/fips.so" + } } diff --git a/modules.d/01fips/openssl.cnf b/modules.d/01fips/openssl.cnf new file mode 100644 index 00000000..ee9adcf0 --- /dev/null +++ b/modules.d/01fips/openssl.cnf @@ -0,0 +1,7 @@ +openssl_conf = openssl_init +[openssl_init] +providers = provider_sect +[provider_sect] +default = default_sect +[default_sect] +activate = 1