{
    "content": [
        {
            "type": "text",
            "text": "# fips_config (info)\n\n## NAME\n\nfipsconfig - OpenSSL FIPS configuration\n\n## DESCRIPTION\n\nA separate configuration file, using the OpenSSL config(5) syntax, is\nused to hold information about the FIPS module. This includes a digest\nof the shared library file, and status about the self-testing.  This\ndata is used automatically by the module itself for two purposes:\n\n## Sections\n\n- **NAME**\n- **DESCRIPTION**\n- **NOTES**\n- **SEE ALSO**\n- **COPYRIGHT**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n"
        }
    ],
    "structuredContent": {
        "command": "fips_config",
        "section": "",
        "mode": "info",
        "summary": "fipsconfig - OpenSSL FIPS configuration",
        "synopsis": null,
        "tldr_summary": null,
        "tldr_examples": [],
        "tldr_source": null,
        "flags": [],
        "examples": [],
        "see_also": [
            {
                "name": "config",
                "section": "5",
                "url": "https://www.chedong.com/phpMan.php/man/config/5/json"
            },
            {
                "name": "openssl-fipsinstall",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-fipsinstall/1/json"
            }
        ],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 72,
                "subsections": []
            },
            {
                "name": "NOTES",
                "lines": 5,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "COPYRIGHT",
                "lines": 8,
                "subsections": []
            }
        ],
        "sections": {
            "NAME": {
                "content": "fipsconfig - OpenSSL FIPS configuration\n",
                "subsections": []
            },
            "DESCRIPTION": {
                "content": "A separate configuration file, using the OpenSSL config(5) syntax, is\nused to hold information about the FIPS module. This includes a digest\nof the shared library file, and status about the self-testing.  This\ndata is used automatically by the module itself for two purposes:\n\n- Run the startup FIPS self-test known answer tests (KATS).\nThis is normally done once, at installation time, but may also be\nset up to run each time the module is used.\n\n- Verify the module's checksum.\nThis is done each time the module is used.\n\nThis file is generated by the openssl-fipsinstall(1) program, and used\ninternally by the FIPS module during its initialization.\n\nThe following options are supported. They should all appear in a\nsection whose name is identified by the fips option in the providers\nsection, as described in \"Provider Configuration Module\" in config(5).\n\nactivate\nIf present, the module is activated. The value assigned to this\nname is not significant.\n\ninstall-version\nA version number for the fips install process. Should be 1.\n\nconditional-errors\nThe FIPS module normally enters an internal error mode if any self\ntest fails.  Once this error mode is active, no services or\ncryptographic algorithms are accessible from this point on.\nContinuous tests are a subset of the self tests (e.g., a key pair\ntest during key generation, or the CRNG output test).  Setting this\nvalue to 0 allows the error mode to not be triggered if any\ncontinuous test fails. The default value of 1 will trigger the\nerror mode.  Regardless of the value, the operation (e.g., key\ngeneration) that called the continuous test will return an error\ncode if its continuous test fails. The operation may then be\nretried if the error mode has not been triggered.\n\nsecurity-checks\nThis indicates if run-time checks related to enforcement of\nsecurity parameters such as minimum security strength of keys and\napproved curve names are used.  A value of '1' will perform the\nchecks, otherwise if the value is '0' the checks are not performed\nand FIPS compliance must be done by procedures documented in the\nrelevant Security Policy.\n\nmodule-mac\nThe calculated MAC of the FIPS provider file.\n\ninstall-status\nAn indicator that the self-tests were successfully run.  This\nshould only be written after the module has successfully passed its\nself tests during installation.  If this field is not present, then\nthe self tests will run when the module loads.\n\ninstall-mac\nA MAC of the value of the install-status option, to prevent\naccidental changes to that value.  It is written-to at the same\ntime as install-status is updated.\n\nFor example:\n\n[fipssect]\nactivate = 1\ninstall-version = 1\nconditional-errors = 1\nsecurity-checks = 1\nmodule-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC\ninstall-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C\ninstall-status = INSTALLSELFTESTKATSRUN\n",
                "subsections": []
            },
            "NOTES": {
                "content": "When using the FIPS provider, it is recommended that the\nconfigdiagnostics option is enabled to prevent accidental use of non-\nFIPS validated algorithms via broken or mistaken configuration.  See\nconfig(5).\n",
                "subsections": []
            },
            "SEE ALSO": {
                "content": "config(5) openssl-fipsinstall(1)\n",
                "subsections": []
            },
            "COPYRIGHT": {
                "content": "Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\").  You may not use\nthis file except in compliance with the License.  You can obtain a copy\nin the file LICENSE in the source distribution or at\n<https://www.openssl.org/source/license.html>.\n\n3.0.2                             2026-06-02                 FIPSCONFIG(5SSL)",
                "subsections": []
            }
        }
    }
}