]>
Commit | Line | Data |
---|---|---|
25e60144 SL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
1b0d1bf7 | 5 | fips_config - OpenSSL FIPS configuration |
25e60144 SL |
6 | |
7 | =head1 DESCRIPTION | |
8 | ||
9 | A separate configuration file containing data related to FIPS 'self tests' is | |
10 | written to during installation time. | |
11 | This data is used for 2 purposes when the fips module is loaded: | |
12 | ||
13 | =over 4 | |
14 | ||
15 | =item - Verify the module's checksum each time the fips module loads. | |
16 | ||
17 | =item - Run the startup FIPS self test KATS (known answer tests). | |
18 | This only needs to be run once during installation. | |
19 | ||
20 | =back | |
21 | ||
22 | The supported options are: | |
23 | ||
24 | =over 4 | |
25 | ||
26 | =item B<module-checksum> | |
27 | ||
28 | The calculated MAC of the module file | |
29 | ||
30 | =item B<install-version> | |
31 | ||
32 | A version number for the fips install process. Should be 1. | |
33 | ||
34 | =item B<install-status> | |
35 | ||
36 | The install status indicator description that will be verified. | |
37 | If this field is not present the FIPS self tests will run when the fips module | |
38 | loads. | |
39 | This value should only be written to after the FIPS module has | |
40 | successfully passed its self tests during installation. | |
41 | ||
42 | =item B<install-checksum> | |
43 | ||
44 | The calculated MAC of the install status indicator. | |
45 | It is initially empty and is written to at the same time as the install_status. | |
46 | ||
47 | =back | |
48 | ||
49 | For example: | |
50 | ||
51 | [fips_install] | |
52 | ||
53 | install-version = 1 | |
54 | module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC | |
55 | install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C | |
56 | install-status = INSTALL_SELF_TEST_KATS_RUN | |
57 | ||
58 | =head1 SEE ALSO | |
59 | ||
60 | L<config(5)> | |
61 | ||
62 | =head1 COPYRIGHT | |
63 | ||
64 | Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
65 | ||
66 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
67 | this file except in compliance with the License. You can obtain a copy | |
68 | in the file LICENSE in the source distribution or at | |
69 | L<https://www.openssl.org/source/license.html>. | |
70 | ||
71 | =cut |