From c04e78f0c69201226430fed14c291c281da47f2d Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 18 Apr 2023 11:11:17 +1000 Subject: [PATCH] fips: setup the FIPS provider in pendantic mode for testing Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis Reviewed-by: Hugo Landau (Merged from https://github.com/openssl/openssl/pull/20762) --- test/recipes/00-prep_fipsmodule_cnf.t | 2 +- util/mk-fipsmodule-cnf.pl | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t index 8d53e8a40fd..bf1b0c8081a 100644 --- a/test/recipes/00-prep_fipsmodule_cnf.t +++ b/test/recipes/00-prep_fipsmodule_cnf.t @@ -30,7 +30,7 @@ my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf'); plan tests => 1; # Create the $fipsmoduleconf file -ok(run(app(['openssl', 'fipsinstall', +ok(run(app(['openssl', 'fipsinstall', '-pedantic', '-module', $fipsmodule, '-provider_name', 'fips', '-section_name', 'fips_sect', '-out', $fipsmoduleconf])), "fips install"); diff --git a/util/mk-fipsmodule-cnf.pl b/util/mk-fipsmodule-cnf.pl index 6a86e06b8b5..b4ab729914c 100644 --- a/util/mk-fipsmodule-cnf.pl +++ b/util/mk-fipsmodule-cnf.pl @@ -8,9 +8,14 @@ use Getopt::Long; -my $activate = 1; +# Module options for pedantic FIPS mode +# self_test_onload happens if install_mac isn't included, don't add it below my $conditional_errors = 1; my $security_checks = 1; +my $ems_check = 0; +my $drgb_no_trunc_dgst = 0; + +my $activate = 1; my $mac_key; my $module_name; my $section_name = "fips_sect"; @@ -40,5 +45,7 @@ print <<_____; activate = $activate conditional-errors = $conditional_errors security-checks = $security_checks +ems_check = $ems_check +drgb_no_trunc_dgst = $drgb_no_trunc_dgst module-mac = $module_mac _____ -- 2.47.2