fips: make installations FIPS compliant by default

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21363)

(cherry picked from commit dc6f3b9b8d6e54ea7d8669a158fd73b451862c7d)

diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl
index ac4df54c95b8325882e1256a9fad200b22fdb2af..3eb397adad5e4171613431333ff2a39fa884bcd9 100644 (file)
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -12,8 +12,8 @@ use Getopt::Long;
 # self_test_onload happens if install_mac isn't included, don't add it below
 my $conditional_errors = 1;
 my $security_checks = 1;
-my $ems_check = 0;
-my $drgb_no_trunc_dgst = 0;
+my $ems_check = 1;
+my $drgb_no_trunc_dgst = 1;
 
 my $activate = 1;
 my $mac_key;