mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
ca7cac886b
Ensure we get correct behaviour in the event that an attempt is made to load the fips provider but it fails to load. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16168)
17 lines
376 B
INI
17 lines
376 B
INI
openssl_conf = openssl_init
|
|
|
|
.include fipsmodule.cnf
|
|
|
|
[openssl_init]
|
|
providers = provider_sect
|
|
alg_section = evp_properties
|
|
|
|
[evp_properties]
|
|
# Ensure FIPS non-approved algorithms in the FIPS module are suppressed (e.g.
|
|
# TEST-RAND). This also means that EVP_default_properties_is_fips_enabled()
|
|
# returns the expected value
|
|
fips_mode = true
|
|
|
|
[provider_sect]
|
|
fips = fips_sect
|