Got it! have to adjust FIPS now, moving FIPS support back to the main…

… openssl.rb file for v3 and laster in onnibus-software Signed-off-by: John McCrae <john.mccrae@progress.com>
chef · Apr 22, 2024 · 4382ba6 · 4382ba6
1 parent 89975a3
commit 4382ba6
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/config/software/openssl.rb b/config/software/openssl.rb
@@ -210,9 +210,27 @@
     command "sudo /usr/sbin/slibclean", env: env
   end
 
+  # if version.start_with?("3") && fips_mode?
+  #   make "install_sw install_ssldirs install_fips", env: env
+  # else
+  #   make "install", env: env
+  # end
+
+  make "install", env: env
+
   if version.start_with?("3") && fips_mode?
-    make "install_sw install_ssldirs install_fips", env: env
-  else
-    make "install", env: env
+    # running the make install_fips step to install the FIPS provider
+    # make "install_fips", env: env
+
+    fips_cnf_file = "#{install_dir}/embedded/ssl/fipsmodule.cnf"
+    fips_module_file = "#{install_dir}/embedded/lib/ossl-modules/fips.#{windows? ? "dll" : "so"}"
+
+    # Running the `openssl fipsinstall -out fipsmodule.cnf -module fips.so` command
+    command "#{install_dir}/embedded/bin/openssl fipsinstall -out #{fips_cnf_file} -module #{fips_module_file}"
+
+    # Updating the openssl.cnf file to enable the fips provider
+    command "sed -i -e 's|# .include fipsmodule.cnf|.include #{fips_cnf_file}|g' #{install_dir}/embedded/ssl/openssl.cnf"
+    command "sed -i -e 's|# fips = fips_sect|fips = fips_sect|g' #{install_dir}/embedded/ssl/openssl.cnf"
   end
+
 end