openssl-fipsinstall.pod.in - OpenGrok cross reference for /third_party/openssl/doc/man1/openssl-fipsinstall.pod.in

Lines Matching +full:no +full:- +full:fips
2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-fipsinstall - perform FIPS configuration installation
11 [B<-help>]
12 [B<-in> I<configfilename>]
13 [B<-out> I<configfilename>]
14 [B<-module> I<modulefilename>]
15 [B<-provider_name> I<providername>]
16 [B<-section_name> I<sectionname>]
17 [B<-verify>]
18 [B<-mac_name> I<macname>]
19 [B<-macopt> I<nm>:I<v>]
20 [B<-noout>]
21 [B<-quiet>]
22 [B<-no_conditional_errors>]
23 [B<-no_security_checks>]
24 [B<-self_test_onload>]
25 [B<-corrupt_desc> I<selftest_description>]
26 [B<-corrupt_type> I<selftest_type>]
27 [B<-config> I<parent_config>]
31 This command is used to generate a FIPS module configuration file.
32 This configuration file can be used each time a FIPS module is loaded
33 in order to pass data to the FIPS module self tests. The FIPS module always
41 =item - A MAC of the FIPS module file.
43 =item - A test status indicator.
47 =item - A MAC of the status indicator.
49 =item - A control for conditional self tests errors.
51 By default if a continuous test (e.g a key pair test) fails then the FIPS module
52 will enter an error state, and no services or cryptographic algorithms will be
54 The default value of '1' will cause the fips module error state to be entered.
60 =item - A control to indicate whether run-time security checks are done.
62 This indicates if run-time checks related to enforcement of security parameters
65 If the value is '0' the checks are not performed and FIPS compliance must
76 =item B<-help>
80 =item B<-module> I<filename>
82 Filename of the FIPS module to perform an integrity check on.
86 =item B<-out> I<configfilename>
90 =item B<-in> I<configfilename>
93 Must be used if the B<-verify> option is specified.
95 =item B<-verify>
99 =item B<-provider_name> I<providername>
102 The default value is C<fips>.
104 =item B<-section_name> I<sectionname>
109 =item B<-mac_name> I<name>
115 C<openssl list -mac-algorithms>.  The default is B<HMAC>.
117 =item B<-macopt> I<nm>:I<v>
132 If no key is provided, the default that was specified when OpenSSL was
140 If no key is provided, the default that was specified when OpenSSL was
149 C<openssl list -digest-commands>.
150 The default digest is SHA-256.
154 =item B<-noout>
158 =item B<-no_conditional_errors>
163 =item B<-no_security_checks>
165 Configure the module to not perform run-time security checks as described above.
167 =item B<-self_test_onload>
177 =item B<-quiet>
179 Do not output pass/fail messages. Implies B<-noout>.
181 =item B<-corrupt_desc> I<selftest_description>,
182 B<-corrupt_type> I<selftest_type>
187 Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
190 =item B<-config> I<parent_config>
192 Test that a FIPS provider can be loaded from the specified configuration file.
196 All other options are ignored if '-config' is used.
202 Self tests results are logged by default if the options B<-quiet> and B<-noout>
203 are not specified, or if either of the options B<-corrupt_desc> or
204 B<-corrupt_type> are used.
205 If the base configuration file is set up to autoload the fips module, then the
206 fips module will be loaded and self tested BEFORE the fipsinstall application
208 test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
210 when generating the fips configuration file.
214 Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
215 for the module, and save the F<fips.cnf> configuration file:
217  openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
219 Verify that the configuration file F<fips.cnf> contains the correct info:
221  openssl fipsinstall -module ./fips.so -in fips.cnf  -provider_name fips -verify
225  openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
226          -corrupt_desc 'SHA1'
228 Validate that the fips module can be loaded from a base configuration file:
231  export OPENSSL_MODULES=<provider-path>
232  openssl fipsinstall -config' 'default.cnf'
239 L<OSSL_PROVIDER-FIPS(7)>,
244 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.