diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-07-21 16:30:02 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-07-21 16:30:02 +1000 |
commit | 9f7bdcf37f9541f7a1e4dc62ebdf97e8d8ccd307 (patch) | |
tree | 5e68472ae3a8d05c6294c1169b513c0434329a57 /doc/man1/openssl-fipsinstall.pod.in | |
parent | 823a113574451ea2e050bee7ce35861948ad55ca (diff) |
Add ERR_raise() errors to fips OSSL_provider_init and self tests.
As the ERR_raise() is setup at this point returng a range of negative values for errors is not required.
This will need to be revisited if the code ever moves to running from the DEP.
Added a -config option to the fips install so that it can test if a fips module is loadable from configuration.
(The -verify option only uses the generated config, whereas -config uses the normal way of including the generated data via another config file).
Added more failure tests for the raised errors.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12346)
Diffstat (limited to 'doc/man1/openssl-fipsinstall.pod.in')
-rw-r--r-- | doc/man1/openssl-fipsinstall.pod.in | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 30df7bf3e9..ec83e0950f 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -21,6 +21,7 @@ B<openssl fipsinstall> [B<-quiet>] [B<-corrupt_desc> I<selftest_description>] [B<-corrupt_type> I<selftest_type>] +[B<-config> I<parent_config>] =head1 DESCRIPTION @@ -143,6 +144,14 @@ Either option or both may be used to select the tests to corrupt. Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for values that can be used. +=item B<-config> I<parent_config> + +Test that a FIPS provider can be loaded from the specified configuration file. +A previous call to this application needs to generate the extra configuration +data that is included by the base C<parent_config> configuration file. +See L<config(5)> for further information on how to set up a provider section. +All other options are ignored if '-config' is used. + =back =head1 EXAMPLES @@ -167,8 +176,16 @@ Corrupt any self tests which have the description C<SHA1>: -macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \ -corrupt_desc 'SHA1' +Validate that the fips module can be loaded from a base configuration file: + + export OPENSSL_CONF_INCLUDE=<path of configuration files> + export OPENSSL_MODULES=<provider_path> + openssl fipsinstall -config' 'default.cnf' + + =head1 SEE ALSO +L<config(5)>, L<fips_config(5)>, L<OSSL_PROVIDER-FIPS(7)>, L<EVP_MAC(3)> |