Add option to fipsinstall to disable fips security checks at run time.

Changes merged from a patch by @richsalz. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
author: Shane Lontis <shane.lontis@oracle.com> 2020-09-05 13:08:27 +1000
committer: Matt Caswell <matt@openssl.org> 2020-09-18 14:20:50 +0100
commit: 991a6bb58182d4d2077a68eb813c897b7de73462 (patch)
tree: 738fc724534be090323181dc445cf19e442b827c /include
parent: 7a810fac866c6c1d93015999633ee2a29f17b3d2 (diff)
2 files changed, 7 insertions, 0 deletions
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index 932dae932e..9a6cc2c03d 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -24,6 +24,7 @@ extern "C" {
 #define OSSL_PROV_PARAM_VERSION         "version"             /* utf8_string */
 #define OSSL_PROV_PARAM_BUILDINFO       "buildinfo"           /* utf8_string */
 #define OSSL_PROV_PARAM_STATUS          "status"              /* uint */
+#define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks"     /* uint */
 
 /* Self test callback parameters */
 #define OSSL_PROV_PARAM_SELF_TEST_PHASE  "st-phase" /* utf8_string */
diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h
index 7dec75fcea..b42fe503f9 100644
--- a/include/openssl/fips_names.h
+++ b/include/openssl/fips_names.h
@@ -46,6 +46,12 @@ extern "C" {
  */
 # define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors"
 
+/*
+ * A boolean that determines if the runtime FIPS security checks are performed.
+ * Type: OSSL_PARAM_UTF8_STRING
+ */
+# define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks"
+
 # ifdef __cplusplus
 }
 # endif
author	Shane Lontis <shane.lontis@oracle.com>	2020-09-05 13:08:27 +1000
committer	Matt Caswell <matt@openssl.org>	2020-09-18 14:20:50 +0100
commit	991a6bb58182d4d2077a68eb813c897b7de73462 (patch)
tree	738fc724534be090323181dc445cf19e442b827c /include
parent	7a810fac866c6c1d93015999633ee2a29f17b3d2 (diff)