[thirdparty/openssl.git] / doc / man5 / fips_config.pod

=pod

=head1 NAME

fips_config - OpenSSL FIPS configuration

=head1 DESCRIPTION

A separate configuration file containing data related to FIPS 'self tests' is
written to during installation time.
This data is used for 2 purposes when the fips module is loaded:

=over 4

=item - Verify the module's checksum each time the fips module loads.

=item - Run the startup FIPS self test KATS (known answer tests).
This only needs to be run once during installation.

=back

The supported options are:

=over 4

=item B<module-checksum>

The calculated MAC of the module file

=item B<install-version>

A version number for the fips install process. Should be 1.

=item B<install-status>

The install status indicator description that will be verified.
If this field is not present the FIPS self tests will run when the fips module
loads.
This value should only be written to after the FIPS module has
successfully passed its self tests during installation.

=item B<install-checksum>

The calculated MAC of the install status indicator.
It is initially empty and is written to at the same time as the install_status.

=back

For example:

 [fips_install]

 install-version = 1
 module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
 install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
 install-status = INSTALL_SELF_TEST_KATS_RUN

=head1 SEE ALSO

L<config(5)>

=head1 COPYRIGHT

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
25e60144 SL	1	=pod
	2
	3	=head1 NAME
	4
1b0d1bf7	5	fips_config - OpenSSL FIPS configuration
25e60144 SL	6
	7	=head1 DESCRIPTION
	8
	9	A separate configuration file containing data related to FIPS 'self tests' is
	10	written to during installation time.
	11	This data is used for 2 purposes when the fips module is loaded:
	12
	13	=over 4
	14
	15	=item - Verify the module's checksum each time the fips module loads.
	16
	17	=item - Run the startup FIPS self test KATS (known answer tests).
	18	This only needs to be run once during installation.
	19
	20	=back
	21
	22	The supported options are:
	23
	24	=over 4
	25
	26	=item B<module-checksum>
	27
	28	The calculated MAC of the module file
	29
	30	=item B<install-version>
	31
	32	A version number for the fips install process. Should be 1.
	33
	34	=item B<install-status>
	35
	36	The install status indicator description that will be verified.
	37	If this field is not present the FIPS self tests will run when the fips module
	38	loads.
	39	This value should only be written to after the FIPS module has
	40	successfully passed its self tests during installation.
	41
	42	=item B<install-checksum>
	43
	44	The calculated MAC of the install status indicator.
	45	It is initially empty and is written to at the same time as the install_status.
	46
	47	=back
	48
	49	For example:
	50
	51	[fips_install]
	52
	53	install-version = 1
	54	module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
	55	install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
	56	install-status = INSTALL_SELF_TEST_KATS_RUN
	57
	58	=head1 SEE ALSO
	59
	60	L<config(5)>
	61
	62	=head1 COPYRIGHT
	63
	64	Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	65
	66	Licensed under the Apache License 2.0 (the "License"). You may not use
	67	this file except in compliance with the License. You can obtain a copy
	68	in the file LICENSE in the source distribution or at
	69	L<https://www.openssl.org/source/license.html>.
70
71	=cut