]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 792b2c8) | patch
fipsinstall: Save the 'status indicator' if the FIPS provider is 3.0.X.
authorslontis <shane.lontis@oracle.com>
Tue, 27 Feb 2024 04:57:14 +0000 (15:57 +1100)
committerTomas Mraz <tomas@openssl.org>
Fri, 11 Oct 2024 12:52:37 +0000 (14:52 +0200)
commit01244adfc66aadc1fc3c6cfb8c96a0a6da3d4a3e
treecf71ed4ed7afacf0963d2c989f009c6fb16dabb4tree
parent792b2c8da283d4230caa761ea6f5d050cb5795e7commit | diff
fipsinstall: Save the 'status indicator' if the FIPS provider is 3.0.X.

Fixes #23400

The 3.1 FIPS provider no longer writes out the 'status indicator' by
default due to changes related to FIPS 140-3 requirements. For Backwards
compatability if the fipsinstall detects it is loading a 3.0.X FIPS
provider then it will save the 'status indicator' by default.

Disclaimer: Using a fipsinstall command line utility that is not supplied
with the FIPS provider tarball source is not recommended.

This PR deliberately does not attempt to exclude any additional options
that were added after 3.0.X. These additional options will be ignored by older
providers.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/23689)
apps/fipsinstall.c diff | blob | blame | history
doc/man1/openssl-fipsinstall.pod.in diff | blob | blame | history
test/recipes/03-test_fipsinstall.t diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git