Lines Matching +full:mac +full:- +full:base

2 {- OpenSSL::safe::output_do_not_edit_headers(); -}
6 openssl-fipsinstall - perform FIPS configuration installation
11 [B<-help>]
12 [B<-in> I<configfilename>]
13 [B<-out> I<configfilename>]
14 [B<-module> I<modulefilename>]
15 [B<-provider_name> I<providername>]
16 [B<-section_name> I<sectionname>]
17 [B<-verify>]
18 [B<-mac_name> I<macname>]
19 [B<-macopt> I<nm>:I<v>]
20 [B<-noout>]
21 [B<-quiet>]
22 [B<-no_conditional_errors>]
23 [B<-no_security_checks>]
24 [B<-self_test_onload>]
25 [B<-corrupt_desc> I<selftest_description>]
26 [B<-corrupt_type> I<selftest_type>]
27 [B<-config> I<parent_config>]
34 verifies its MAC, but optionally only needs to run the KAT's once,
41 =item - A MAC of the FIPS module file.
43 =item - A test status indicator.
47 =item - A MAC of the status indicator.
49 =item - A control for conditional self tests errors.
60 =item - A control to indicate whether run-time security checks are done.
62 This indicates if run-time checks related to enforcement of security parameters
76 =item B<-help>
80 =item B<-module> I<filename>
86 =item B<-out> I<configfilename>
90 =item B<-in> I<configfilename>
93 Must be used if the B<-verify> option is specified.
95 =item B<-verify>
99 =item B<-provider_name> I<providername>
104 =item B<-section_name> I<sectionname>
109 =item B<-mac_name> I<name>
111 Specifies the name of a supported MAC algorithm which will be used.
112 The MAC mechanisms that are available will depend on the options
114 To see the list of supported MAC's use the command
115 C<openssl list -mac-algorithms>.  The default is B<HMAC>.
117 =item B<-macopt> I<nm>:I<v>
119 Passes options to the MAC algorithm.
128 Specifies the MAC key as an alphanumeric string (use if the key contains
130 The string length must conform to any restrictions of the MAC algorithm.
131 A key must be specified for every MAC algorithm.
137 Specifies the MAC key in hexadecimal form (two hex digits per byte).
138 The key length must conform to any restrictions of the MAC algorithm.
139 A key must be specified for every MAC algorithm.
147 The string length must conform to any restrictions of the MAC algorithm.
149 C<openssl list -digest-commands>.
150 The default digest is SHA-256.
154 =item B<-noout>
158 =item B<-no_conditional_errors>
163 =item B<-no_security_checks>
165 Configure the module to not perform run-time security checks as described above.
167 =item B<-self_test_onload>
170 "MAC status indicator" to the output configuration file. Without these fields
177 =item B<-quiet>
179 Do not output pass/fail messages. Implies B<-noout>.
181 =item B<-corrupt_desc> I<selftest_description>,
182 B<-corrupt_type> I<selftest_type>
187 Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
190 =item B<-config> I<parent_config>
194 data that is included by the base C<parent_config> configuration file.
196 All other options are ignored if '-config' is used.
202 Self tests results are logged by default if the options B<-quiet> and B<-noout>
203 are not specified, or if either of the options B<-corrupt_desc> or
204 B<-corrupt_type> are used.
205 If the base configuration file is set up to autoload the fips module, then the
208 test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
209 For normal usage the base configuration file should use the default provider
214 Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
217  openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
221  openssl fipsinstall -module ./fips.so -in fips.cnf  -provider_name fips -verify
225  openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
226          -corrupt_desc 'SHA1'
228 Validate that the fips module can be loaded from a base configuration file:
231  export OPENSSL_MODULES=<provider-path>
232  openssl fipsinstall -config' 'default.cnf'
239 L<OSSL_PROVIDER-FIPS(7)>,
244 The B<openssl-fipsinstall> application was added in OpenSSL 3.0.
248 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.