fips: setup the FIPS provider in pendantic mode for testing

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20762)
author: Pauli <pauli@openssl.org> 2023-04-18 11:11:17 +1000
committer: Hugo Landau <hlandau@openssl.org> 2023-04-21 17:01:38 +0100
commit: c04e78f0c69201226430fed14c291c281da47f2d (patch)
tree: 77ca7e8ae270c3aaabff648293ca6b32181dd635 /util
parent: 4454c20f026bb47f158ea05c207f143c81d674d8 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl
index 6a86e06b8b..b4ab729914 100644
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -8,9 +8,14 @@
 
 use Getopt::Long;
 
-my $activate = 1;
+# Module options for pedantic FIPS mode
+# self_test_onload happens if install_mac isn't included, don't add it below
 my $conditional_errors = 1;
 my $security_checks = 1;
+my $ems_check = 0;
+my $drgb_no_trunc_dgst = 0;
+
+my $activate = 1;
 my $mac_key;
 my $module_name;
 my $section_name = "fips_sect";
@@ -40,5 +45,7 @@ print <<_____;
 activate = $activate
 conditional-errors = $conditional_errors
 security-checks = $security_checks
+ems_check = $ems_check
+drgb_no_trunc_dgst = $drgb_no_trunc_dgst
 module-mac = $module_mac
 _____
author	Pauli <pauli@openssl.org>	2023-04-18 11:11:17 +1000
committer	Hugo Landau <hlandau@openssl.org>	2023-04-21 17:01:38 +0100
commit	c04e78f0c69201226430fed14c291c281da47f2d (patch)
tree	77ca7e8ae270c3aaabff648293ca6b32181dd635 /util
parent	4454c20f026bb47f158ea05c207f143c81d674d8 (diff)