Add config_diagnostics to our configuration files.

The change to a more configuration based approach to enable FIPS mode
operation highlights a shortcoming in the default should do somet

Add config_diagnostics to our configuration files.

The change to a more configuration based approach to enable FIPS mode
operation highlights a shortcoming in the default should do something
approach we've taken for bad configuration files.

Currently, a bad configuration file will be automatically loaded and
once the badness is detected, it will silently stop processing the
configuration and continue normal operations. This is good for remote
servers, allowing changes to be made without bricking things. It's bad
when a user thinks they've configured what they want but got something
wrong and it still appears to work.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16171)

show more ...

Test that EVP_default_properties_is_fips_enabled() works early

We check that EVP_default_properties_is_fips_enabled() is working even
before other function calls have auto-loaded the con

Test that EVP_default_properties_is_fips_enabled() works early

We check that EVP_default_properties_is_fips_enabled() is working even
before other function calls have auto-loaded the config file.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12567)

show more ...

Update some nits around the FIPS module

- Changed the generated FIPS signature file to be "fipsmodule.conf"
since it contains information about the FIPS module/file.
- Add -q option

Update some nits around the FIPS module

- Changed the generated FIPS signature file to be "fipsmodule.conf"
since it contains information about the FIPS module/file.
- Add -q option to fipsinstall command, to stop chatty verbose status
messages.
- Document env var OPENSSL_CONF_INCLUDE

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11177)

show more ...

Use .cnf for config files, not .conf

The default is openssl.cnf The project seems to prefer xxx.conf these
days, but we should use the default convention.

Rename all foo.conf (

Use .cnf for config files, not .conf

The default is openssl.cnf The project seems to prefer xxx.conf these
days, but we should use the default convention.

Rename all foo.conf (except for Configurations) to foo.cnf

Fixes #11174

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11176)

show more ...

Add fips module integrity check

Add environment variable for setting CONF .include path

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openss

Add fips module integrity check

Add environment variable for setting CONF .include path

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9769)

show more ...

test/recipes/30-test_evp.t: Modify to test with different providers

Different providers will give different results, and we need to test
them all.

Reviewed-by: Matt Caswell <mat

test/recipes/30-test_evp.t: Modify to test with different providers

Different providers will give different results, and we need to test
them all.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9398)

show more ...