diff options
| author | B Stack <bgstack15@gmail.com> | 2019-10-18 12:39:23 +0000 |
|---|---|---|
| committer | B Stack <bgstack15@gmail.com> | 2019-10-18 12:39:23 +0000 |
| commit | d759954c9cb89dc6c98d8800899e2925660ad08c (patch) | |
| tree | 30a4c7b0cb1c9eff135dae8c5c59ab5cb238ddfc /openssl-freefilesync/README.FIPS | |
| parent | Merge branch 'oddjob-mkhomedir' into 'master' (diff) | |
| parent | waterfox: el8 disable system_webp (diff) | |
| download | stackrpms-d759954c9cb89dc6c98d8800899e2925660ad08c.tar.gz stackrpms-d759954c9cb89dc6c98d8800899e2925660ad08c.tar.bz2 stackrpms-d759954c9cb89dc6c98d8800899e2925660ad08c.zip | |
Merge branch 'centos-8' into 'master'
Add Centos 8 support
Closes #12
See merge request bgstack15/stackrpms!93
Diffstat (limited to 'openssl-freefilesync/README.FIPS')
| -rw-r--r-- | openssl-freefilesync/README.FIPS | 72 |
1 files changed, 0 insertions, 72 deletions
diff --git a/openssl-freefilesync/README.FIPS b/openssl-freefilesync/README.FIPS deleted file mode 100644 index a36c547..0000000 --- a/openssl-freefilesync/README.FIPS +++ /dev/null @@ -1,72 +0,0 @@ -User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module -================================================================= - -This package contains libraries which comprise the FIPS 140-2 -Red Hat Enterprise Linux - OPENSSL Module. - -The module files -================ -/usr/lib[64]/libcrypto.so.1.1.0 -/usr/lib[64]/libssl.so.1.1.0 -/usr/lib[64]/.libcrypto.so.1.1.0.hmac -/usr/lib[64]/.libssl.so.1.1.0.hmac - -Dependencies -============ - -The approved mode of operation requires kernel with /dev/urandom RNG running -with properties as defined in the security policy of the module. This is -provided by kernel packages with validated Red Hat Enterprise Linux Kernel -Crytographic Module. - -Installation -============ - -The RPM package of the module can be installed by standard tools recommended -for installation of RPM packages on the Red Hat Enterprise Linux system (yum, -rpm, RHN remote management tool). - -The RPM package dracut-fips must be installed for the approved mode of -operation. - -Usage and API -============= - -The module respects kernel command line FIPS setting. If the kernel command -line contains option fips=1 the module will initialize in the FIPS approved -mode of operation automatically. To allow for the automatic initialization the -application using the module has to call one of the following API calls: - -- void OPENSSL_init_library(void) - this will do only a basic initialization -of the library and does initialization of the FIPS approved mode without setting -up EVP API with supported algorithms. - -- void OPENSSL_add_all_algorithms(void) - this API function calls -OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API -in the approved mode - -- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also -adds algorithms which are necessary for TLS protocol support and initializes -the SSL library. - -To explicitely put the library to the approved mode the application can call -the following function: - -- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch -the library from the non-approved to the approved mode. If any of the selftests -and integrity verification tests fail, the library is put into the error state -and 0 is returned. If they succeed the return value is 1. - -To query the module whether it is in the approved mode or not: - -- int FIPS_mode(void) - returns 1 if the module is in the approved mode, -0 otherwise. - -To query whether the module is in the error state: - -- int FIPS_selftest_failed(void) - returns 1 if the module is in the error -state, 0 otherwise. - -To zeroize the FIPS RNG key and internal state the application calls: - -- void RAND_cleanup(void) |