Merge pull request #2703 from wolfi-dev/fix/openssl-fips

openssl: fix fips module installation and default provider name

Author: imjasonh

openssl.yaml

@@ -1,7 +1,7 @@
 package:
   name: openssl
   version: 3.1.1
-  epoch: 0
+  epoch: 1
   description: "the OpenSSL cryptography suite"
   copyright:
     - license: Apache-2.0
@@ -74,6 +74,17 @@ pipeline:
 
   - uses: strip
 
+  # The fipsmodule.cnf generated by the OpenSSL build system is incorrect.
+  # Regenerate it ourselves.
+  - if: ${{options.fips.enabled}} == 'true'
+    runs: |
+      rm -f ${{targets.destdir}}/etc/ssl/fipsmodule.cnf
+
+      LD_LIBRARY_PATH="${{targets.destdir}}/usr/lib" \
+        ${{targets.destdir}}/usr/bin/openssl fipsinstall \
+          -module ${{targets.destdir}}/usr/lib/ossl-modules/fips.so \
+          -out ${{targets.destdir}}/etc/ssl/fipsmodule.cnf
+
 data:
   - name: engines
     items:

openssl/fips-preamble.cnf

@@ -9,9 +9,9 @@ alg_section = algorithm_sect
 
 [provider_sect]
 fips = fips_sect
-base = base_sect
+default = default_sect
 
-[base_sect]
+[default_sect]
 activate = 1
 
 [algorithm_sect]