summaryrefslogtreecommitdiffstats
path: root/doc/man7
diff options
context:
space:
mode:
authorslontis <shane.lontis@oracle.com>2023-02-08 08:22:43 +0100
committerTomas Mraz <tomas@openssl.org>2023-03-07 18:24:45 +0100
commit50ea5cdcb735916591e35a04c1f5a659bf253ddc (patch)
tree8cdfdf314aa83a346256e15dcf36a18c8e931bea /doc/man7
parentS390X: Accelerate keccak XOF (diff)
downloadopenssl-50ea5cdcb735916591e35a04c1f5a659bf253ddc.tar.xz
openssl-50ea5cdcb735916591e35a04c1f5a659bf253ddc.zip
Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.
Fixes #19989 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20241)
Diffstat (limited to 'doc/man7')
-rw-r--r--doc/man7/OSSL_PROVIDER-FIPS.pod15
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 1e1601cef1..a18703f568 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -41,6 +41,21 @@ query. Including C<provider=fips> in your property query guarantees
that the OpenSSL FIPS provider is used for cryptographic operations
rather than other FIPS capable providers.
+=head2 Provider parameters
+
+See L<provider-base(7)/Provider parameters> for a list of base parameters.
+Additionally the OpenSSL FIPS provider also supports the following gettable
+parameters:
+
+=over 4
+
+=item "security-checks" (B<OSSL_OSSL_PROV_PARAM_SECURITY_CHECKS>) <unsigned integer>
+
+For further information refer to the L<openssl-fipsinstall(1)> option
+B<-no_security_checks>.
+
+=back
+
=head1 OPERATIONS AND ALGORITHMS
The OpenSSL FIPS provider supports these operations and algorithms: