Cleanups for FIPS indicator documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25195)

1 files changed, 6 insertions, 2 deletions

diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 8e1e0e9e31..3a09ab4434 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -901,6 +901,8 @@ Used to pass the TLS MAC data.
 
 =item "fips-indicator" (B<OSSL_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
 
+This option is used by the OpenSSL FIPS provider.
+
 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
 This may be used after calling a cipher final operation such as
 EVP_EncryptFinal_ex(). It may return 0 if the "encrypt-check" option is set to 0.
@@ -1063,13 +1065,15 @@ The default value is "GB".
 
 =item "encrypt-check" (B<OSSL_CIPHER_PARAM_FIPS_ENCRYPT_CHECK>) <integer>
 
+This option is used by the OpenSSL FIPS provider.
+
 If required this parameter should be set early via an cipher encrypt init
 function such as EVP_EncryptInit_ex2().
 The default value of 1 causes an error when an encryption operation is triggered.
 Setting this to 0 will ignore the error and set the approved "fips-indicator" to
 0.
-This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if
-set to 0.
+This option breaks FIPS compliance if it causes the approved "fips-indicator"
+to return 0.
 
 =back