Product SiteDocumentation Site

1.56.  fipscheck

1.56.1.  RHEA-2009:1266: enhancement update

An updated fipscheck package which contains enhancements necessary for FIPS validation is now available.
FIPSCheck is a library used to verify the integrity of modules validated under FIPS-140-2. The fipscheck package provides helper binaries for creating and verifying HMAC-SHA256 checksum files.
These updated fipscheck packages add the following enhancements:
  • previously, the fipscheck libraries and binaries were installed in / (root). However, because they are not required by anything in /, they are now relocated to /usr. (BZ#475800)
  • previously, the fipscheck libraries were packaged in the main fipscheck package. This would lead to a file conflict when installing fipscheck on architectures with multilib support. The fipscheck libraries are now shipped in fipscheck-lib subpackages for each architecture, therefore avoiding the file conflict. (BZ#502676)
  • fipscheck now includes a runtime integrity self-test which is necessary for FIPS 140-2 level 1 validation of Red Hat Enterprise Linux 5 cryptography modules.
  • the FIPSCHECK_DEBUG environment variable adds improved debugging. Error messages can be saved to the syslog or sent to stderr.
  • fipscheck can now compute HMACs on multiple files at the same time.
Users of fipscheck are advised to upgrade to these updated packages, which add these enhancements.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.