]>
git.ipfire.org Git - thirdparty/openssl.git/blob - include/openssl/fips_names.h
2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #ifndef OPENSSL_FIPS_NAMES_H
11 # define OPENSSL_FIPS_NAMES_H
19 * Parameter names that the FIPS Provider defines
23 * The calculated MAC of the module file (Used for FIPS Self Testing)
24 * Type: OSSL_PARAM_UTF8_STRING
26 # define OSSL_PROV_FIPS_PARAM_MODULE_MAC "module-mac"
28 * A version number for the fips install process (Used for FIPS Self Testing)
29 * Type: OSSL_PARAM_UTF8_STRING
31 # define OSSL_PROV_FIPS_PARAM_INSTALL_VERSION "install-version"
33 * The calculated MAC of the install status indicator (Used for FIPS Self Testing)
34 * Type: OSSL_PARAM_UTF8_STRING
36 # define OSSL_PROV_FIPS_PARAM_INSTALL_MAC "install-mac"
38 * The install status indicator (Used for FIPS Self Testing)
39 * Type: OSSL_PARAM_UTF8_STRING
41 # define OSSL_PROV_FIPS_PARAM_INSTALL_STATUS "install-status"
44 * A boolean that determines if the FIPS conditional test errors result in
45 * the module entering an error state.
46 * Type: OSSL_PARAM_UTF8_STRING
48 # define OSSL_PROV_FIPS_PARAM_CONDITIONAL_ERRORS "conditional-errors"
51 * A boolean that determines if the runtime FIPS security checks are performed.
52 * This is enabled by default.
53 * Type: OSSL_PARAM_UTF8_STRING
55 # define OSSL_PROV_FIPS_PARAM_SECURITY_CHECKS "security-checks"
58 * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
59 * This is disabled by default.
60 * Type: OSSL_PARAM_UTF8_STRING
62 # define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
65 * A boolean that determines if truncated digests can be used with Hash and HMAC
66 * DRBGs. FIPS 140-3 IG D.R disallows such use for efficiency rather than
68 * This is disabled by default.
69 * Type: OSSL_PARAM_UTF8_STRING
71 # define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
77 #endif /* OPENSSL_FIPS_NAMES_H */