rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

Add a openssl-fips-provider package

Browse Source 
This allows it to be replaced by fips-provider-next which is built as an
alternative fips provider. Adds a Suggests to still prefer the openssl's
own packge by default.

Resolves: RHEL-105298

Signed-off-by: Simo Sorce <simo@redhat.com>
This commit is contained in:
Simo Sorce 2025-07-14 12:04:17 -04:00
parent e014d8a609
commit 6b623cae3c
1 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
openssl.spec
View File

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.5.1 Version: 3.5.1
Release: 1%{?dist} Release: 2%{?dist}
Epoch: 1 Epoch: 1
Source0: openssl-%{version}.tar.gz Source0: openssl-%{version}.tar.gz
Source1: fips-hmacify.sh Source1: fips-hmacify.sh
@ -125,8 +125,9 @@ protocols.
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Requires: ca-certificates >= 2008-5 Requires: ca-certificates >= 2008-5
Requires: crypto-policies >= 20250404-3 Requires: crypto-policies >= 20250404-3
%if ( %{defined rhel} && (! %{defined centos}) ) %if %{defined rhel}
Requires: openssl-fips-provider Requires: openssl-fips-provider
Suggests: openssl-fips-provider
%endif %endif
%description libs %description libs
@ -154,6 +155,17 @@ OpenSSL is a toolkit for supporting cryptography. The openssl-perl
package provides Perl scripts for converting certificates and keys package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit. from other formats to the formats used by the OpenSSL toolkit.
%if %{defined centos}
%package fips-provider
Summary: The FIPS Provider module
Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
%description fips-provider
OpenSSL is a toolkit for supporting cryptography. The openssl-fips-provider
package provides the fips.so provider, a cryptography provider that follows
FIPS requirements and provides FIPS approved algorithms.
%endif
%prep %prep
%autosetup -S git -n %{name}-%{version} %autosetup -S git -n %{name}-%{version}
@ -407,7 +419,7 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
%attr(0755,root,root) %{_libdir}/libssl.so.%{version} %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
%{_libdir}/libssl.so.%{soversion} %{_libdir}/libssl.so.%{soversion}
%attr(0755,root,root) %{_libdir}/engines-%{soversion} %attr(0755,root,root) %{_libdir}/engines-%{soversion}
%attr(0755,root,root) %{_libdir}/ossl-modules %attr(0755,root,root) %{_libdir}/ossl-modules/legacy.so
%files devel %files devel
%doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el %doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
@ -431,9 +443,22 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
%dir %{_sysconfdir}/pki/CA/crl %dir %{_sysconfdir}/pki/CA/crl
%dir %{_sysconfdir}/pki/CA/newcerts %dir %{_sysconfdir}/pki/CA/newcerts
%if %{defined centos}
%files fips-provider
%attr(0755,root,root) %{_libdir}/ossl-modules/fips.so
%endif
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Thu Jul 24 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-2
- Move fips.so to a seprate subpackage
Reverts FIPS self test for SLH-DSA
Add Suggests to try to prefer the openssl-fips-provider package
over the fips-provider-next package by default
Revolves: RHEL-102408
Related: RHEL-80811
* Tue Jul 01 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.1-1 * Tue Jul 01 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.1-1
- Rebasing to OpenSSL 3.5.1 - Rebasing to OpenSSL 3.5.1
Resolves: RHEL-90350 Resolves: RHEL-90350