2019-08-19 09:18:33 +10:00
|
|
|
=pod
|
|
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
2019-10-05 14:03:57 -04:00
|
|
|
fips_config - OpenSSL FIPS configuration
|
2019-08-19 09:18:33 +10:00
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
2020-03-19 10:19:41 -04:00
|
|
|
A separate configuration file, using the OpenSSL L<config(5)> syntax,
|
|
|
|
|
is used to hold information about the FIPS module. This includes a digest
|
|
|
|
|
of the shared library file, and status about the self-testing.
|
|
|
|
|
This data is used automatically by the module itself for two
|
|
|
|
|
purposes:
|
2019-08-19 09:18:33 +10:00
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
2020-03-19 10:19:41 -04:00
|
|
|
=item - Run the startup FIPS self-test known answer tests (KATS).
|
2019-08-19 09:18:33 +10:00
|
|
|
|
2020-03-19 10:19:41 -04:00
|
|
|
This is done once, at installation time.
|
|
|
|
|
|
|
|
|
|
=item - Verify the module's checksum.
|
|
|
|
|
|
|
|
|
|
This is done each time the module is used.
|
2019-08-19 09:18:33 +10:00
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
2020-03-19 10:19:41 -04:00
|
|
|
This file is generated by the L<openssl-fipsinstall(1)> program, and
|
|
|
|
|
used internally by the FIPS module during its initialization.
|
|
|
|
|
|
|
|
|
|
The following options are supported. They should all appear in a section
|
|
|
|
|
whose name is identified by the B<fips> option in the B<providers>
|
2020-06-17 00:20:40 +02:00
|
|
|
section, as described in L<config(5)/Provider Configuration Module>.
|
2019-08-19 09:18:33 +10:00
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
2020-04-24 10:48:51 -04:00
|
|
|
=item B<module-mac>
|
2019-08-19 09:18:33 +10:00
|
|
|
|
2020-04-24 10:48:51 -04:00
|
|
|
The calculated MAC of the FIPS provider file.
|
2019-08-19 09:18:33 +10:00
|
|
|
|
|
|
|
|
=item B<install-version>
|
|
|
|
|
|
|
|
|
|
A version number for the fips install process. Should be 1.
|
|
|
|
|
|
|
|
|
|
=item B<install-status>
|
|
|
|
|
|
2020-03-19 10:19:41 -04:00
|
|
|
An indicator that the self-tests were run.
|
|
|
|
|
This should only be written after the module has
|
2019-08-19 09:18:33 +10:00
|
|
|
successfully passed its self tests during installation.
|
2020-03-19 10:19:41 -04:00
|
|
|
If this field is not present, then the self tests will run when the module
|
|
|
|
|
loads.
|
2019-08-19 09:18:33 +10:00
|
|
|
|
2020-04-24 10:48:51 -04:00
|
|
|
=item B<install-mac>
|
2019-08-19 09:18:33 +10:00
|
|
|
|
2020-04-24 10:48:51 -04:00
|
|
|
A MAC of the value of the B<install-status> option, to prevent accidental
|
2020-03-19 10:19:41 -04:00
|
|
|
changes to that value.
|
|
|
|
|
It is written-to at the same time as B<install-status> is updated.
|
2019-08-19 09:18:33 +10:00
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
2020-07-21 16:30:02 +10:00
|
|
|
[fips_sect]
|
2019-08-19 09:18:33 +10:00
|
|
|
install-version = 1
|
2020-04-24 10:48:51 -04:00
|
|
|
module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
|
|
|
|
|
install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
|
2019-08-19 09:18:33 +10:00
|
|
|
install-status = INSTALL_SELF_TEST_KATS_RUN
|
|
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
|
|
L<config(5)>
|
|
|
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
2020-06-04 14:33:57 +01:00
|
|
|
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
|
2019-08-19 09:18:33 +10:00
|
|
|
|
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
|
|
=cut
|
