Difference between revisions of "FIPS mode()"

From OpenSSLWiki
Jump to navigationJump to search
(Importing text file)
 
(raw output from pod2wiki)
Line 1: Line 1:
=pod
+
----
 +
'''NAME'''
  
=head1 NAME
+
FIPS_mode - retrieve the current FIPS 140-2 mode of operation
  
FIPS_mode - retrieve the current FIPS 140-2 mode of operation
 
  
=head1 SYNOPSIS
+
----
 +
'''SYNOPSIS'''
  
 
  #include <openssl/crypto.h>
 
  #include <openssl/crypto.h>
Line 11: Line 12:
 
  int FIPS_mode(void);
 
  int FIPS_mode(void);
  
=head1 DESCRIPTION
 
  
FIPS_mode() is used to determine the FIPS mode of operation by a
+
----
program utilizing the services of the validated library. The
+
'''DESCRIPTION'''
library must have been built with the FIPS Object Module, and the
+
 
FIPS Object Module must have been acquired, built, and installed in
+
FIPS_mode() is used to determine the FIPS mode of operation by a program utilizing the services of the validated library. The library must have been built with the FIPS Object Module, and the FIPS Object Module must have been acquired, built, and installed in accordance with the Open''''''SSL Security Policy.
accordance with the OpenSSL Security Policy.
+
 
 +
The return value is either 0 to indicate that the FIPS mode of operation is not enabled, or the value used for the ONOFF parameter passed to an earlier successful call to FIPS_mode_set(). Effectively any non-zero value indicates FIPS mode; values other than 1 may have additional significance such as designating an additional restriction to Suite B algorithms.
 +
 
 +
If the library was built without support of the FIPS Object Module, then the function will return 0 with an error code of CRYPTO_R_FIPS_MODE_NOT_SUPPORTED (0x0f06d065).
 +
 
  
The return value is either 0 to indicate that the FIPS mode of
+
----
operation is not enabled, or the value used for the ONOFF parameter
+
'''RETURN VALUES'''
passed to an earlier successful call to FIPS_mode_set(). Effectively
 
any non-zero value indicates FIPS mode; values other than 1 may
 
have additional significance such as designating an additional restriction
 
to Suite B algorithms.
 
  
If the library was built without support of the FIPS Object Module,
+
A return code of non-zero indicates FIPS mode, 0 indicates non-FIPS mode. When called from a version of Open''''''SSL that is not "FIPS capable" (capable of utilizing an embedded FIPS Object Module), then FIPS_mode() will always return 0.
then the function will return 0 with an error code of
 
CRYPTO_R_FIPS_MODE_NOT_SUPPORTED (0x0f06d065).
 
  
=head1 RETURN VALUES
 
  
A return code of non-zero indicates FIPS mode, 0 indicates non-FIPS mode.
+
----
When called from a version of OpenSSL that is not "FIPS capable" (capable
+
'''SEE ALSO'''
of utilizing an embedded FIPS Object Module), then FIPS_mode() will always
 
return 0.
 
  
=head1 SEE ALSO
+
FIPS_mode_set(3), FIPS_selftest(3)
  
L<FIPS_mode_set(3)|FIPS_mode_set(3)>, L<FIPS_selftest(3)|FIPS_selftest(3)>
 
  
=head1 NOTES
+
----
 +
'''NOTES'''
  
 
FIPS_mode() was formerly included with <openssl/fips.h>.
 
FIPS_mode() was formerly included with <openssl/fips.h>.
  
=head1 HISTORY
 
  
FIPS support was introduced in version 0.9.7 of OpenSSL.
+
----
 +
'''HISTORY'''
  
=cut
+
FIPS support was introduced in version 0.9.7 of Open''''''SSL.

Revision as of 13:37, 25 March 2013


NAME

FIPS_mode - retrieve the current FIPS 140-2 mode of operation



SYNOPSIS

#include <openssl/crypto.h>
int FIPS_mode(void);



DESCRIPTION

FIPS_mode() is used to determine the FIPS mode of operation by a program utilizing the services of the validated library. The library must have been built with the FIPS Object Module, and the FIPS Object Module must have been acquired, built, and installed in accordance with the Open'SSL Security Policy.

The return value is either 0 to indicate that the FIPS mode of operation is not enabled, or the value used for the ONOFF parameter passed to an earlier successful call to FIPS_mode_set(). Effectively any non-zero value indicates FIPS mode; values other than 1 may have additional significance such as designating an additional restriction to Suite B algorithms.

If the library was built without support of the FIPS Object Module, then the function will return 0 with an error code of CRYPTO_R_FIPS_MODE_NOT_SUPPORTED (0x0f06d065).



RETURN VALUES

A return code of non-zero indicates FIPS mode, 0 indicates non-FIPS mode. When called from a version of Open'SSL that is not "FIPS capable" (capable of utilizing an embedded FIPS Object Module), then FIPS_mode() will always return 0.



SEE ALSO

FIPS_mode_set(3), FIPS_selftest(3)



NOTES

FIPS_mode() was formerly included with <openssl/fips.h>.



HISTORY

FIPS support was introduced in version 0.9.7 of Open'SSL.