diff options
| author | Pauli <ppzgs1@gmail.com> | 2024-08-16 02:21:12 +0200 |
|---|---|---|
| committer | Pauli <ppzgs1@gmail.com> | 2024-08-22 23:17:02 +0200 |
| commit | a9fc8702e072db7c9ec28b50f162dca9580ae89a (patch) | |
| tree | 0407b14bc1b5b1dae315be3e807faae62e443e52 | |
| parent | fuzz/hashtable.c: rc == -1 on insert is OK when fuzzing (diff) | |
| download | openssl-a9fc8702e072db7c9ec28b50f162dca9580ae89a.tar.xz openssl-a9fc8702e072db7c9ec28b50f162dca9580ae89a.zip | |
doc: document the OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25211)
| -rw-r--r-- | doc/man7/EVP_SIGNATURE-ECDSA.pod | 2 | ||||
| -rw-r--r-- | doc/man7/EVP_SIGNATURE-RSA.pod | 2 | ||||
| -rw-r--r-- | doc/man7/provider-signature.pod | 9 |
3 files changed, 13 insertions, 0 deletions
diff --git a/doc/man7/EVP_SIGNATURE-ECDSA.pod b/doc/man7/EVP_SIGNATURE-ECDSA.pod index 49d9dff949..c6cc23dfa6 100644 --- a/doc/man7/EVP_SIGNATURE-ECDSA.pod +++ b/doc/man7/EVP_SIGNATURE-ECDSA.pod @@ -44,6 +44,8 @@ EVP_PKEY_CTX_get_params(). =item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer> +=item "verify-message" (B<OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE> <integer> + The parameters are described in L<provider-signature(7)>. =back diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod index 6ae682f7e1..b33b0728fa 100644 --- a/doc/man7/EVP_SIGNATURE-RSA.pod +++ b/doc/man7/EVP_SIGNATURE-RSA.pod @@ -147,6 +147,8 @@ EVP_PKEY_CTX_get_params(). =item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer> +=item "verify-message" (B<OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE> <integer> + These common parameter are described in L<provider-signature(7)>. =item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string> diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod index e09f5f31d4..ce14c4c705 100644 --- a/doc/man7/provider-signature.pod +++ b/doc/man7/provider-signature.pod @@ -395,6 +395,15 @@ This may be used after calling either the sign or verify final functions. It may return 0 if either the "digest-check", "key-check", or "sign-check" are set to 0. This option is used by the OpenSSL FIPS provider. +=item "verify-message" (B<OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE> <integer> + +A getter that returns 1 if a signature verification operation acted on +a raw message, or 0 if it verified a predigested message. A value of 0 +indicates likely non-approved usage of the FIPS provider. This flag is +set when any signature verification initialisation function is called. +It is also set to 1 when any signing operation is performed to signify +compliance. See FIPS 140-3 IG 2.4.B for further information. + =item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer> If required this parameter should be set early via an init function |