fips: allow to customize provider vendor name

FIPS providers need to specify identifiable names and versions. Allow to customize the fips provider name prefix, via VERSION.dat which already allows to customize version & buildinfo. With this patch in-place it removes the need of patching code to set customized provider name. E.g. echo FIPS_VENDOR=ACME >> VERSION.dat, results in ``` $ OPENSSL_CONF=fips-and-base.cnf ../util/wrap.pl ../apps/openssl list -providers --verbose Providers: base name: OpenSSL Base Provider version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) fips name: ACME FIPS Provider for OpenSSL version: 3.4.0 status: active build info: 3.4.0-dev gettable provider parameters: name: pointer to a UTF8 encoded string (arbitrary size) version: pointer to a UTF8 encoded string (arbitrary size) buildinfo: pointer to a UTF8 encoded string (arbitrary size) status: integer (arbitrary size) security-checks: integer (arbitrary size) tls1-prf-ems-check: integer (arbitrary size) drbg-no-trunc-md: integer (arbitrary size) ``` Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24368)
author: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk> 2024-05-10 12:58:18 +0200
committer: Pauli <ppzgs1@gmail.com> 2024-08-15 00:33:48 +0200
commit: 8945f406a73a01862695a424679f9440f592604b (patch)
tree: 7b8a5bea55bce6cd0df1a1d6697262c0165b97ab /Configure
parent: Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only (diff)
download: openssl-8945f406a73a01862695a424679f9440f592604b.tar.xz
openssl-8945f406a73a01862695a424679f9440f592604b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/Configure b/Configure
index 84d6dd8539..a6b66df4c4 100755
--- a/Configure
+++ b/Configure
@@ -1342,6 +1342,11 @@ push @{$config{openssl_feature_defines}},
      map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
         @seed_sources;
 
+my $provider_string = $disabled{"fips-post"} ? "non-compliant FIPS Provider" : "FIPS Provider";
+
+$config{FIPS_VENDOR} =
+    (defined $version{FIPS_VENDOR} ? "$version{FIPS_VENDOR} $provider_string for OpenSSL" : "OpenSSL $provider_string");
+
 # Backward compatibility?
 if ($target =~ m/^CygWin32(-.*)$/) {
     $target = "Cygwin".$1;
author	Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>	2024-05-10 12:58:18 +0200
committer	Pauli <ppzgs1@gmail.com>	2024-08-15 00:33:48 +0200
commit	8945f406a73a01862695a424679f9440f592604b (patch)
tree	7b8a5bea55bce6cd0df1a1d6697262c0165b97ab /Configure
parent	Apply the FIPS_eddsa_no_verify_digested indicator on prehash EdDSA only (diff)
download	openssl-8945f406a73a01862695a424679f9440f592604b.tar.xz openssl-8945f406a73a01862695a424679f9440f592604b.zip