From fb420afc878fa38a5d8cf22e25cf7d438d39987a Mon Sep 17 00:00:00 2001
From: Rich Salz <rsalz@akamai.com>
Date: Fri, 24 Apr 2020 10:48:51 -0400
Subject: [PATCH] Use {module,install}-mac, not -checksum

As the documentation points out, these fipsmodule.cnf fields are a MAC,
not a digest or checksum.  Rename them to be correct.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11369)
---
 doc/man5/fips_config.pod     | 12 ++++++------
 include/openssl/fips_names.h |  4 ++--
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 746d68c8ac..e589aa3d95 100644
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -33,9 +33,9 @@ section, as desribed in L<config(5)/Provider Configuration Module>.
 
 =over 4
 
-=item B<module-checksum>
+=item B<module-mac>
 
-The calculated digest of the module file.
+The calculated MAC of the FIPS provider file.
 
 =item B<install-version>
 
@@ -49,9 +49,9 @@ successfully passed its self tests during installation.
 If this field is not present, then the self tests will run when the module
 loads.
 
-=item B<install-checksum>
+=item B<install-mac>
 
-A MAC on the value of the B<install-status> option, to prevent accidental
+A MAC of the value of the B<install-status> option, to prevent accidental
 changes to that value.
 It is written-to at the same time as B<install-status> is updated.
 
@@ -61,8 +61,8 @@ For example:
 
  [fips_install]
  install-version = 1
- module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
- install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
+ module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
+ install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
  install-status = INSTALL_SELF_TEST_KATS_RUN
 
 =head1 SEE ALSO
diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h
index aeb9670d15..1546b11ff7 100644
--- a/include/openssl/fips_names.h
+++ b/include/openssl/fips_names.h
@@ -22,7 +22,7 @@ extern "C" {
  * The calculated MAC of the module file (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
  */
-# define OSSL_PROV_FIPS_PARAM_MODULE_MAC      "module-checksum"
+# define OSSL_PROV_FIPS_PARAM_MODULE_MAC      "module-mac"
 /*
  * A version number for the fips install process (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
@@ -32,7 +32,7 @@ extern "C" {
  * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
  */
-# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC     "install-checksum"
+# define OSSL_PROV_FIPS_PARAM_INSTALL_MAC     "install-mac"
 /*
  * The install status indicator (Used for FIPS Self Testing)
  * Type: OSSL_PARAM_UTF8_STRING
-- 
2.25.1