diff options
| author | Rich Salz <rsalz@akamai.com> | 2020-04-24 10:48:51 -0400 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2020-05-19 16:05:56 +0200 |
| commit | fb420afc878fa38a5d8cf22e25cf7d438d39987a (patch) | |
| tree | e273d469bf6f1d432a374ae546ba6c02f0f9b978 | |
| parent | d03b3158c532bcb3fcde83c66ee9b4858d42621c (diff) | |
| download | openssl-fb420afc878fa38a5d8cf22e25cf7d438d39987a.zip openssl-fb420afc878fa38a5d8cf22e25cf7d438d39987a.tar.gz openssl-fb420afc878fa38a5d8cf22e25cf7d438d39987a.tar.bz2 | |
Use {module,install}-mac, not -checksum
As the documentation points out, these fipsmodule.cnf fields are a MAC,
not a digest or checksum. Rename them to be correct.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)
| -rw-r--r-- | doc/man5/fips_config.pod | 12 | ||||
| -rw-r--r-- | include/openssl/fips_names.h | 4 |
2 files changed, 8 insertions, 8 deletions
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod index 746d68c..e589aa3 100644 --- a/doc/man5/fips_config.pod +++ b/doc/man5/fips_config.pod @@ -33,9 +33,9 @@ section, as desribed in L<config(5)/Provider Configuration Module>. =over 4 -=item B<module-checksum> +=item B<module-mac> -The calculated digest of the module file. +The calculated MAC of the FIPS provider file. =item B<install-version> @@ -49,9 +49,9 @@ successfully passed its self tests during installation. If this field is not present, then the self tests will run when the module loads. -=item B<install-checksum> +=item B<install-mac> -A MAC on the value of the B<install-status> option, to prevent accidental +A MAC of the value of the B<install-status> option, to prevent accidental changes to that value. It is written-to at the same time as B<install-status> is updated. @@ -61,8 +61,8 @@ For example: [fips_install] install-version = 1 - module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC - install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C + module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC + install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C install-status = INSTALL_SELF_TEST_KATS_RUN =head1 SEE ALSO diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h index aeb9670..1546b11 100644 --- a/include/openssl/fips_names.h +++ b/include/openssl/fips_names.h @@ -22,7 +22,7 @@ extern "C" { * The calculated MAC of the module file (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-checksum" +# define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac" /* * A version number for the fips install process (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING @@ -32,7 +32,7 @@ extern "C" { * The calculated MAC of the install status indicator (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING */ -# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-checksum" +# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac" /* * The install status indicator (Used for FIPS Self Testing) * Type: OSSL_PARAM_UTF8_STRING |