[openssl.git] / doc / man5 / fips_config.pod

=pod

=head1 NAME

fips_config - OpenSSL FIPS configuration

=head1 DESCRIPTION

A separate configuration file containing data related to FIPS 'self tests' is
written to during installation time.
This data is used for 2 purposes when the fips module is loaded:

=over 4

=item - Verify the module's checksum each time the fips module loads.

=item - Run the startup FIPS self test KATS (known answer tests).
This only needs to be run once during installation.

=back

The supported options are:

=over 4

=item B<module-checksum>

The calculated MAC of the module file

=item B<install-version>

A version number for the fips install process. Should be 1.

=item B<install-status>

The install status indicator description that will be verified.
If this field is not present the FIPS self tests will run when the fips module
loads.
This value should only be written to after the FIPS module has
successfully passed its self tests during installation.

=item B<install-checksum>

The calculated MAC of the install status indicator.
It is initially empty and is written to at the same time as the install_status.

=back

For example:

 [fips_install]

 install-version = 1
 module-checksum = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
 install-checksum = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
 install-status = INSTALL_SELF_TEST_KATS_RUN

=head1 SEE ALSO

L<config(5)>

=head1 COPYRIGHT

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut