diff options
author | Pauli <pauli@openssl.org> | 2023-04-18 11:11:17 +1000 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2023-04-21 17:01:38 +0100 |
commit | c04e78f0c69201226430fed14c291c281da47f2d (patch) | |
tree | 77ca7e8ae270c3aaabff648293ca6b32181dd635 /util | |
parent | 4454c20f026bb47f158ea05c207f143c81d674d8 (diff) |
fips: setup the FIPS provider in pendantic mode for testing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20762)
Diffstat (limited to 'util')
-rw-r--r-- | util/mk-fipsmodule-cnf.pl | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl index 6a86e06b8b..b4ab729914 100644 --- a/util/mk-fipsmodule-cnf.pl +++ b/util/mk-fipsmodule-cnf.pl @@ -8,9 +8,14 @@ use Getopt::Long; -my $activate = 1; +# Module options for pedantic FIPS mode +# self_test_onload happens if install_mac isn't included, don't add it below my $conditional_errors = 1; my $security_checks = 1; +my $ems_check = 0; +my $drgb_no_trunc_dgst = 0; + +my $activate = 1; my $mac_key; my $module_name; my $section_name = "fips_sect"; @@ -40,5 +45,7 @@ print <<_____; activate = $activate conditional-errors = $conditional_errors security-checks = $security_checks +ems_check = $ems_check +drgb_no_trunc_dgst = $drgb_no_trunc_dgst module-mac = $module_mac _____ |