diff options
author | slontis <shane.lontis@oracle.com> | 2023-02-08 08:22:43 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-03-07 18:24:45 +0100 |
commit | 50ea5cdcb735916591e35a04c1f5a659bf253ddc (patch) | |
tree | 8cdfdf314aa83a346256e15dcf36a18c8e931bea /doc/man7 | |
parent | S390X: Accelerate keccak XOF (diff) | |
download | openssl-50ea5cdcb735916591e35a04c1f5a659bf253ddc.tar.xz openssl-50ea5cdcb735916591e35a04c1f5a659bf253ddc.zip |
Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.
Fixes #19989
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20241)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/OSSL_PROVIDER-FIPS.pod | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 1e1601cef1..a18703f568 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -41,6 +41,21 @@ query. Including C<provider=fips> in your property query guarantees that the OpenSSL FIPS provider is used for cryptographic operations rather than other FIPS capable providers. +=head2 Provider parameters + +See L<provider-base(7)/Provider parameters> for a list of base parameters. +Additionally the OpenSSL FIPS provider also supports the following gettable +parameters: + +=over 4 + +=item "security-checks" (B<OSSL_OSSL_PROV_PARAM_SECURITY_CHECKS>) <unsigned integer> + +For further information refer to the L<openssl-fipsinstall(1)> option +B<-no_security_checks>. + +=back + =head1 OPERATIONS AND ALGORITHMS The OpenSSL FIPS provider supports these operations and algorithms: |