fips: make installations FIPS compliant by default

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21363)

diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl
index e55ce180b74f946fd227019f33a9aeffb16f4ea9..a1867140640c223ad3c488c77ec849747e998c66 100644 (file)
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -12,8 +12,8 @@ use Getopt::Long;
 # self_test_onload happens if install_mac isn't included, don't add it below
 my $conditional_errors = 1;
 my $security_checks = 1;
-my $ems_check = 0;
-my $drgb_no_trunc_dgst = 0;
+my $ems_check = 1;
+my $drgb_no_trunc_dgst = 1;
 
 my $activate = 1;
 my $mac_key;