summaryrefslogtreecommitdiff
path: root/openssl-freefilesync/README.FIPS
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-freefilesync/README.FIPS')
-rw-r--r--openssl-freefilesync/README.FIPS72
1 files changed, 0 insertions, 72 deletions
diff --git a/openssl-freefilesync/README.FIPS b/openssl-freefilesync/README.FIPS
deleted file mode 100644
index a36c547..0000000
--- a/openssl-freefilesync/README.FIPS
+++ /dev/null
@@ -1,72 +0,0 @@
-User guide for the FIPS Red Hat Enterprise Linux - OpenSSL Module
-=================================================================
-
-This package contains libraries which comprise the FIPS 140-2
-Red Hat Enterprise Linux - OPENSSL Module.
-
-The module files
-================
-/usr/lib[64]/libcrypto.so.1.1.0
-/usr/lib[64]/libssl.so.1.1.0
-/usr/lib[64]/.libcrypto.so.1.1.0.hmac
-/usr/lib[64]/.libssl.so.1.1.0.hmac
-
-Dependencies
-============
-
-The approved mode of operation requires kernel with /dev/urandom RNG running
-with properties as defined in the security policy of the module. This is
-provided by kernel packages with validated Red Hat Enterprise Linux Kernel
-Crytographic Module.
-
-Installation
-============
-
-The RPM package of the module can be installed by standard tools recommended
-for installation of RPM packages on the Red Hat Enterprise Linux system (yum,
-rpm, RHN remote management tool).
-
-The RPM package dracut-fips must be installed for the approved mode of
-operation.
-
-Usage and API
-=============
-
-The module respects kernel command line FIPS setting. If the kernel command
-line contains option fips=1 the module will initialize in the FIPS approved
-mode of operation automatically. To allow for the automatic initialization the
-application using the module has to call one of the following API calls:
-
-- void OPENSSL_init_library(void) - this will do only a basic initialization
-of the library and does initialization of the FIPS approved mode without setting
-up EVP API with supported algorithms.
-
-- void OPENSSL_add_all_algorithms(void) - this API function calls
-OPENSSL_init() implicitly and also adds all approved algorithms to the EVP API
-in the approved mode
-
-- void SSL_library_init(void) - it calls OPENSSL_init() implicitly and also
-adds algorithms which are necessary for TLS protocol support and initializes
-the SSL library.
-
-To explicitely put the library to the approved mode the application can call
-the following function:
-
-- int FIPS_mode_set(int on) - if called with 1 as a parameter it will switch
-the library from the non-approved to the approved mode. If any of the selftests
-and integrity verification tests fail, the library is put into the error state
-and 0 is returned. If they succeed the return value is 1.
-
-To query the module whether it is in the approved mode or not:
-
-- int FIPS_mode(void) - returns 1 if the module is in the approved mode,
-0 otherwise.
-
-To query whether the module is in the error state:
-
-- int FIPS_selftest_failed(void) - returns 1 if the module is in the error
-state, 0 otherwise.
-
-To zeroize the FIPS RNG key and internal state the application calls:
-
-- void RAND_cleanup(void)
bgstack15