Description of problem: I'm unable to run fipsinstall to install the FIPS module. Getting: This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode. This looks wrong as I don't use RHEL build, this is on Fedora (Kinoite) 38 running Fedora 38 in a container. I was happily using this on Fedora 37 before (with F37 container). Version-Release number of selected component (if applicable): openssl-3.0.8-1.fc38.x86_64 How reproducible: Run fipinstall, for example: sudo openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/lib64/ossl-modules/fips.so
It looks this patch https://src.fedoraproject.org/rpms/openssl/blob/f38/f/0034.fipsinstall_disable.patch has been applied in F38 and Rawhide, while it doesn't exist in Fedora 37. I guess it was brought from RHEL (during sync) and it's just missing a condition to avoid using it on Fedora?
This is expected, we're shipping the same patches RHEL uses in Fedora. Please switch the entire Fedora system into FIPS mode using `fips-mode-setup --enable`. Note that we do not FIPS-certify Fedora, and it also currently lags behind some of the FIPS compliance patches applied to RHEL (although we will eventually be pushing all FIPS patches into Fedora as well). We do not plan to conditionally apply the FIPS patches to RHEL only.