| =pod |
| |
| =head1 NAME |
| |
| fips_config - OpenSSL FIPS configuration |
| |
| =head1 DESCRIPTION |
| |
| A separate configuration file containing data related to FIPS 'self tests' is |
| written to during installation time. |
| This data is used for 2 purposes when the fips module is loaded: |
| |
| =over 4 |
| |
| =item - Verify the module's checksum each time the fips module loads. |
| |
| =item - Run the startup FIPS self test KATS (known answer tests). |
| This only needs to be run once during installation. |
| |
| =back |
| |
| The supported options are: |
| |
| =over 4 |
| |
| =item B<module-checksum> |
| |
| The calculated MAC of the module file |
| |
| =item B<install-version> |
| |
| A version number for the fips install process. Should be 1. |
| |
| =item B<install-status> |
| |
| The install status indicator description that will be verified. |
| If this field is not present the FIPS self tests will run when the fips module |
| loads. |
| This value should only be written to after the FIPS module has |
| successfully passed its self tests during installation. |
| |
| =item B<install-checksum> |
| |
| The calculated MAC of the install status indicator. |
| It is initially empty and is written to at the same time as the install_status. |
| |
| =back |
| |
| For example: |
| |
| [fips_install] |
| |
| install-version = 1 |
| module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC |
| install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C |
| install-status = INSTALL_SELF_TEST_KATS_RUN |
| |
| =head1 SEE ALSO |
| |
| L<config(5)> |
| |
| =head1 COPYRIGHT |
| |
| Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. |
| |
| Licensed under the Apache License 2.0 (the "License"). You may not use |
| this file except in compliance with the License. You can obtain a copy |
| in the file LICENSE in the source distribution or at |
| L<https://www.openssl.org/source/license.html>. |
| |
| =cut |
