Do openssl initialization from applications

Some notes:

* Add module overrides for fips

    We need to use the SHA1 module under OpenSSL because the openssl
    functions called by Digest::SHA1 cause openssl to crash the process.

    We use the Digest::MD5 over the OpenSSL::MD5 module because md5
    is not allowed when in fips mode and causes the process to crash.
    While we work through these issues, we're going to allow it to
    pass by compiling the ruby md5 implementation.

* Use OpenSSL::Digest::SHA256 instead of Digest::SHA256

    Digest::SHA256 is broken in fips mode because it uses
    unapproved APIs. They cause the process to terminate.

1 files changed, 10 insertions, 0 deletions

diff --git a/spec/unit/application_spec.rb b/spec/unit/application_spec.rb
index 6a78e5c827..c8f138cdcc 100644
--- a/spec/unit/application_spec.rb
+++ b/spec/unit/application_spec.rb
@@ -136,6 +136,16 @@ describe Chef::Application do
         expect(Chef::Config.rspec_ran).to eq("true")
       end
 
+      context "when openssl fips" do
+        before do
+          allow(Chef::Config).to receive(:openssl_fips).and_return(true)
+        end
+
+        it "sets openssl in fips mode" do
+          expect(OpenSSL).to receive(:'fips_mode=').with(true)
+          @app.configure_chef
+        end
+      end
     end
 
     describe "when there is no config_file defined" do