Use {module,install}-mac, not -checksum

As the documentation points out, these fipsmodule.cnf fields are a MAC,
not a digest or checksum.  Rename them to be correct.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)

diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 746d68c8ac122342403847ae00dbad8607fbdb3e..e589aa3d9506730231c0cd8218d68e1eb09e88b9 100644 (file)
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -33,9 +33,9 @@ section, as desribed in L<config(5)/Provider Configuration Module>.
 
 =over 4
 
 
 =over 4
 

-=item B<module-checksum>
+=item B<module-mac>

 
 

-The calculated digest of the module file.
+The calculated MAC of the FIPS provider file.

 
 =item B<install-version>
 
 
 =item B<install-version>
 


@@ -49,9 +49,9 @@ successfully passed its self tests during installation.
 If this field is not present, then the self tests will run when the module
 loads.
 
 If this field is not present, then the self tests will run when the module
 loads.
 

-=item B<install-checksum>
+=item B<install-mac>

 
 

-A MAC on the value of the B<install-status> option, to prevent accidental
+A MAC of the value of the B<install-status> option, to prevent accidental

 changes to that value.
 It is written-to at the same time as B<install-status> is updated.
 
 changes to that value.
 It is written-to at the same time as B<install-status> is updated.
 


@@ -61,8 +61,8 @@ For example:
 
  [fips_install]
  install-version = 1
 
  [fips_install]
  install-version = 1

- module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
- install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
+ module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
+ install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C

  install-status = INSTALL_SELF_TEST_KATS_RUN
 
 =head1 SEE ALSO
  install-status = INSTALL_SELF_TEST_KATS_RUN
 
 =head1 SEE ALSO

diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h
index aeb9670d15388def39d5d8c2841f91bcb0a126c6..1546b11ff730714aa2844ee8948e836e027ff914 100644 (file)
--- a/include/openssl/fips_names.h
+++ b/include/openssl/fips_names.h
@@ -22,7 +22,7 @@ extern "C" {
  * The calculated MAC of the module file (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
  */
  * The calculated MAC of the module file (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
  */

-# define OSSL_PROV_FIPS_PARAM_MODULE_MAC      "module-checksum"
+# define OSSL_PROV_FIPS_PARAM_MODULE_MAC      "module-mac"

 /*
  * A version number for the fips install process (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
 /*
  * A version number for the fips install process (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING


@@ -32,7 +32,7 @@ extern "C" {
  * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
  */
  * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
  */

-# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC     "install-checksum"
+# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC     "install-mac"

 /*
  * The install status indicator (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
 /*
  * The install status indicator (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING