From: Pauli <ppzgs1@gmail.com>
Date: Mon, 29 Jul 2024 02:42:58 +0000 (+1000)
Subject: fipsmodule.cnf: set the signature digest checks option on installation
X-Git-Tag: openssl-3.4.0-alpha1~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f33265039cdbd0e4589c80970e02e208f3f94d2;p=thirdparty%2Fopenssl.git

fipsmodule.cnf: set the signature digest checks option on installation

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)
---

diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl
index a1f0595d704..270cc8f8e80 100644
--- a/util/mk-fipsmodule-cnf.pl
+++ b/util/mk-fipsmodule-cnf.pl
@@ -15,7 +15,7 @@ my $security_checks = 1;
 my $ems_check = 1;
 my $no_short_mac = 1;
 my $drgb_no_trunc_dgst = 1;
-my $kdf_digest_check = 1;
+my $digest_check = 1;
 my $dsa_sign_disabled = 1;
 my $tdes_encrypt_disabled = 1;
 my $pkcs15_pad_disable = 1;
@@ -59,13 +59,14 @@ module-mac = $module_mac
 tls1-prf-ems-check = $ems_check
 no-short-mac = $no_short_mac
 drbg-no-trunc-md = $drgb_no_trunc_dgst
+signature-digest-check = $digest_check
 dsa-sign-disabled = $dsa_sign_disabled
-hkdf-digest-check = $kdf_digest_check
-tls13-kdf-digest-check = $kdf_digest_check
-tls1-prf-digest-check = $kdf_digest_check
-sshkdf-digest-check = $kdf_digest_check
-sskdf-digest-check = $kdf_digest_check
-x963kdf-digest-check = $kdf_digest_check
+hkdf-digest-check = $digest_check
+tls13-kdf-digest-check = $digest_check
+tls1-prf-digest-check = $digest_check
+sshkdf-digest-check = $digest_check
+sskdf-digest-check = $digest_check
+x963kdf-digest-check = $digest_check
 tdes-encrypt-disabled = $tdes_encrypt_disabled
 rsa-pkcs15-padding-disabled = $pkcs15_pad_disable
 rsa-sign-x931-pad-disabled = $rsa_sign_x931_pad_disabled