From fd23d267e85c7d4a65792249a41c53941821711c Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Mon, 14 Jul 2025 12:04:17 -0400
Subject: [PATCH] Add a openssl-fips-provider package

This allows it to be replaced by fips-provider-next which is built as an
alternative fips provider. Adds a Suggests to still prefer the openssl's
own packge by default.

Resolves: RHEL-102408

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 openssl.spec | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/openssl.spec b/openssl.spec
index 46cbc64..c6eb050 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -125,8 +125,9 @@ protocols.
 Summary: A general purpose cryptography library with TLS implementation
 Requires: ca-certificates >= 2008-5
 Requires: crypto-policies >= 20180730
-%if ( %{defined rhel} && (! %{defined centos}) )
+%if %{defined rhel}
 Requires: openssl-fips-provider
+Suggests: openssl-fips-provider
 %endif
 
 %description libs
@@ -154,6 +155,17 @@ OpenSSL is a toolkit for supporting cryptography. The openssl-perl
 package provides Perl scripts for converting certificates and keys
 from other formats to the formats used by the OpenSSL toolkit.
 
+%if %{defined centos}
+%package fips-provider
+Summary: The FIPS Provider module
+Requires: %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
+
+%description fips-provider
+OpenSSL is a toolkit for supporting cryptography. The openssl-fips-provider
+package provides the fips.so provider, a cryptography provider that follows
+FIPS requirements and provides FIPS approved algorithms.
+%endif
+
 %prep
 %autosetup -S git -n %{name}-%{version}
 
@@ -404,7 +416,7 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
 %attr(0755,root,root) %{_libdir}/libssl.so.%{version}
 %{_libdir}/libssl.so.%{soversion}
 %attr(0755,root,root) %{_libdir}/engines-%{soversion}
-%attr(0755,root,root) %{_libdir}/ossl-modules
+%attr(0755,root,root) %{_libdir}/ossl-modules/legacy.so
 
 %files devel
 %doc CHANGES.md doc/dir-locals.example.el doc/openssl-c-indent.el
@@ -427,6 +439,11 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
 %dir %{_sysconfdir}/pki/CA/crl
 %dir %{_sysconfdir}/pki/CA/newcerts
 
+%if %{defined centos}
+%files fips-provider
+%attr(0755,root,root) %{_libdir}/ossl-modules/fips.so
+%endif
+
 %ldconfig_scriptlets libs
 
 %changelog