fips_config.pod - OpenGrok cross reference for /freebsd/crypto/openssl/doc/man5/fips

Lines Matching +full:security +full:- +full:module
5 fips_config - OpenSSL FIPS configuration
10 is used to hold information about the FIPS module. This includes a digest
11 of the shared library file, and status about the self-testing.
12 This data is used automatically by the module itself for two
17 =item - Run the startup FIPS self-test known answer tests (KATS).
20 run each time the module is used.
22 =item - Verify the module's checksum.
24 This is done each time the module is used.
28 This file is generated by the L<openssl-fipsinstall(1)> program, and
29 used internally by the FIPS module during its initialization.
33 section, as described in L<config(5)/Provider Configuration Module>.
39 If present, the module is activated. The value assigned to this name is not
42 =item B<conditional-errors>
44 The FIPS module normally enters an internal error mode if any self test fails.
55 =item B<module-mac>
59 =item B<install-version>
63 =item B<install-status>
67 =item B<install-mac>
75 The following FIPS configuration options indicate if run-time checks related to
76 enforcement of FIPS security parameters such as minimum security strength of
80 the relevant Security Policy.
82 See L<openssl-fipsinstall(1)/OPTIONS> for further information related to these
87 =item B<security-checks>
89 See L<openssl-fipsinstall(1)/OPTIONS> B<-no_security_checks>
91 =item B<tls1-prf-ems-check>
93 See L<openssl-fipsinstall(1)/OPTIONS> B<-ems_check>
95 =item B<no-short-mac>
97 See L<openssl-fipsinstall(1)/OPTIONS> B<-no_short_mac>
99 =item B<drbg-no-trunc-md>
101 See L<openssl-fipsinstall(1)/OPTIONS> B<-no_drbg_truncated_digests>
103 =item B<signature-digest-check>
105 See L<openssl-fipsinstall(1)/OPTIONS> B<-signature_digest_check>
107 =item B<hkdf-digest-check>
111 =item B<tls13-kdf-digest-check>
113 See L<openssl-fipsinstall(1)/OPTIONS> B<-tls13_kdf_digest_check>
115 =item B<tls1-prf-digest-check>
117 See L<openssl-fipsinstall(1)/OPTIONS> B<-tls1_prf_digest_check>
119 =item B<sshkdf-digest-check>
121 See L<openssl-fipsinstall(1)/OPTIONS> B<-sshkdf_digest_check>
123 =item B<sskdf-digest-check>
127 =item B<x963kdf-digest-check>
129 See L<openssl-fipsinstall(1)/OPTIONS> B<-x963kdf_digest_check>
131 =item B<dsa-sign-disabled>
133 See L<openssl-fipsinstall(1)/OPTIONS> B<-dsa_sign_disabled>
135 =item B<tdes-encrypt-disabled>
137 See L<openssl-fipsinstall(1)/OPTIONS> B<-tdes_encrypt_disabled>
139 =item B<rsa-pkcs15-pad-disabled>
141 See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pkcs15_pad_disabled>
143 =item B<rsa-pss-saltlen-check>
145 See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pss_saltlen_check>
147 =item B<rsa-sign-x931-pad-disabled>
149 See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_sign_x931_disabled>
151 =item B<hkdf-key-check>
153 See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_key_check>
155 =item B<kbkdf-key-check>
157 See L<openssl-fipsinstall(1)/OPTIONS> B<-kbkdf_key_check>
159 =item B<tls13-kdf-key-check>
161 See L<openssl-fipsinstall(1)/OPTIONS> B<-tls13_kdf_key_check>
163 =item B<tls1-prf-key-check>
165 See L<openssl-fipsinstall(1)/OPTIONS> B<-tls1_prf_key_check>
167 =item B<sshkdf-key-check>
169 See L<openssl-fipsinstall(1)/OPTIONS> B<-sshkdf_key_check>
171 =item B<sskdf-key-check>
173 See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_key_check>
175 =item B<x963kdf-key-check>
177 See L<openssl-fipsinstall(1)/OPTIONS> B<-x963kdf_key_check>
179 =item B<x942kdf-key-check>
181 See L<openssl-fipsinstall(1)/OPTIONS> B<-x942kdf_key_check>
183 =item B<pbkdf2-lower-bound-check>
185 See L<openssl-fipsinstall(1)/OPTIONS> B<-no_pbkdf2_lower_bound_check>
187 =item B<ecdh-cofactor-check>
189 See L<openssl-fipsinstall(1)/OPTIONS> B<-ecdh_cofactor_check>
191 =item B<hmac-key-check>
193 See L<openssl-fipsinstall(1)/OPTIONS> B<-hmac_key_check>
195 =item B<kmac-key-check>
197 See L<openssl-fipsinstall(1)/OPTIONS> B<-kmac_key_check>
205  install-version = 1
206  conditional-errors = 1
207  security-checks = 1
208  module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
209  install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
210  install-status = INSTALL_SELF_TEST_KATS_RUN
216 non-FIPS validated algorithms via broken or mistaken configuration.
222 L<openssl-fipsinstall(1)>
230 Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.