• NAME
• DESCRIPTION
• SEE ALSO
• COPYRIGHT

NAME

fips_config - OpenSSL FIPS configuration

DESCRIPTION

A separate configuration file containing data related to FIPS 'self tests' is written to during installation time. This data is used for 2 purposes when the fips module is loaded:

- Verify the module's checksum each time the fips module loads.

- Run the startup FIPS self test KATS (known answer tests). This only needs to be run once during installation.

The supported options are:

module-checksum

The calculated MAC of the module file

install-version

A version number for the fips install process. Should be 1.

install-status

The install status indicator description that will be verified. If this field is not present the FIPS self tests will run when the fips module loads. This value should only be written to after the FIPS module has successfully passed its self tests during installation.

install-checksum

The calculated MAC of the install status indicator. It is initially empty and is written to at the same time as the install_status.

For example:

 [fips_install]

 install-version = 1
 module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
 install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
 install-status = INSTALL_SELF_TEST_KATS_RUN

SEE ALSO

COPYRIGHT

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.