fipsmodule.cnf: set the signature digest checks option on installation

author Pauli <ppzgs1@gmail.com>

Mon, 29 Jul 2024 02:42:58 +0000 (12:42 +1000)

committer Pauli <ppzgs1@gmail.com>

Sun, 11 Aug 2024 23:30:50 +0000 (09:30 +1000)
author Pauli <ppzgs1@gmail.com>
Mon, 29 Jul 2024 02:42:58 +0000 (12:42 +1000)
committer Pauli <ppzgs1@gmail.com>
Sun, 11 Aug 2024 23:30:50 +0000 (09:30 +1000)
diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl

index a1f0595d704683a6b4b99676aefff4c838fe8bff..270cc8f8e801ae88f07e05530161609383ece131 100644 (file)
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -15,7 +15,7 @@ my $security_checks = 1;
  my $ems_check = 1;
  my $no_short_mac = 1;
  my $drgb_no_trunc_dgst = 1;
-my $kdf_digest_check = 1;
+my $digest_check = 1;
  my $dsa_sign_disabled = 1;
  my $tdes_encrypt_disabled = 1;
  my $pkcs15_pad_disable = 1;
@@ -59,13 +59,14 @@ module-mac = $module_mac
  tls1-prf-ems-check = $ems_check
  no-short-mac = $no_short_mac
  drbg-no-trunc-md = $drgb_no_trunc_dgst
+signature-digest-check = $digest_check
  dsa-sign-disabled = $dsa_sign_disabled
-hkdf-digest-check = $kdf_digest_check
-tls13-kdf-digest-check = $kdf_digest_check
-tls1-prf-digest-check = $kdf_digest_check
-sshkdf-digest-check = $kdf_digest_check
-sskdf-digest-check = $kdf_digest_check
-x963kdf-digest-check = $kdf_digest_check
+hkdf-digest-check = $digest_check
+tls13-kdf-digest-check = $digest_check
+tls1-prf-digest-check = $digest_check
+sshkdf-digest-check = $digest_check
+sskdf-digest-check = $digest_check
+x963kdf-digest-check = $digest_check
  tdes-encrypt-disabled = $tdes_encrypt_disabled
  rsa-pkcs15-padding-disabled = $pkcs15_pad_disable
  rsa-sign-x931-pad-disabled = $rsa_sign_x931_pad_disabled
author	Pauli <ppzgs1@gmail.com>
	Mon, 29 Jul 2024 02:42:58 +0000 (12:42 +1000)
committer	Pauli <ppzgs1@gmail.com>
	Sun, 11 Aug 2024 23:30:50 +0000 (09:30 +1000)