confluentinc / common-docker

Confluent Commons with support for building and testing Docker images.
Apache License 2.0
4 stars 69 forks source link

CPBR-1695: installing FIPS compliant openssl version #539

Closed rahejaprince closed 4 weeks ago

rahejaprince commented 4 weeks ago

Change Description

This PR installs FIPS enabled openssl in cp base new docker images.

Testing

Following simple test was run to make sure FIPS is enabled for openssl. openssl is failing for md5 and passing for SHA256

[root@d88f07127ba0 ~]# openssl md5 anaconda-post.log
Error setting digest
C0C6068FFFFF0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (MD5 : 102), Properties ()
C0C6068FFFFF0000:error:03000086:digital envelope routines:evp_md_init_internal:initialization error:crypto/evp/digest.c:254:
[root@d88f07127ba0 ~]# openssl sha256 anaconda-post.log
SHA2-256(anaconda-post.log)= 7249a74ddc50e4ee5a5107fb4063a35aa534ed8b82975b7fe0d2bc7b69c9e8de
confluent-cla-assistant[bot] commented 4 weeks ago

:tada: All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.