diff options
author | Pauli <pauli@openssl.org> | 2022-10-26 13:51:02 +1100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-11-02 08:42:46 +1100 |
commit | 7057dddbcb5e053470121adeff0b6595fa6da0d8 (patch) | |
tree | c49dd7fe42c5ac04ff204abcb1b7bba6842b04d3 /doc/man1 | |
parent | a11064c83b58f9e1b3741704a11cfec2d91aac0e (diff) |
fipsinstall: add -self_test_oninstall option.
This option runs the self tests at installation time. It fails for the 3.1
module.
Also changed the default behaviour to that set by the -self_test_onload
option.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19510)
Diffstat (limited to 'doc/man1')
-rw-r--r-- | doc/man1/openssl-fipsinstall.pod.in | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 97e2ae910c..af18f361e6 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -22,6 +22,7 @@ B<openssl fipsinstall> [B<-no_conditional_errors>] [B<-no_security_checks>] [B<-self_test_onload>] +[B<-self_test_oninstall>] [B<-corrupt_desc> I<selftest_description>] [B<-corrupt_type> I<selftest_type>] [B<-config> I<parent_config>] @@ -174,6 +175,14 @@ target machine. Once the self tests have run on the target machine the user could possibly then add the 2 fields into the configuration using some other mechanism. +This is the default. + +=item B<-self_test_oninstall> + +The converse of B<-self_test_oninstall>. The two fields related to the +"test status indicator" and "MAC status indicator" are written to the +output configuration file. + =item B<-quiet> Do not output pass/fail messages. Implies B<-noout>. @@ -209,6 +218,11 @@ test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignore For normal usage the base configuration file should use the default provider when generating the fips configuration file. +The B<-self_test_oninstall> option was added and the +B<-self_test_onload> option was made the default in OpenSSL 3.1. + +The command and all remaining options were added in OpenSSL 3.0. + =head1 EXAMPLES Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test |