diff options
author | slontis <shane.lontis@oracle.com> | 2023-02-08 17:22:43 +1000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-03-07 18:26:59 +0100 |
commit | 6a0a3fee222d7687c543bceaf245507674e66c58 (patch) | |
tree | 102d67e993235d4cb0d8f88ac6b8b40e9a97e30e /doc/man7 | |
parent | 5b2fe0ba65b37950742305684ad54abcba305e13 (diff) |
Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.
Fixes #19989
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20241)
(cherry picked from commit 50ea5cdcb735916591e35a04c1f5a659bf253ddc)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/OSSL_PROVIDER-FIPS.pod | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 691f36a357..063a47af80 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -41,6 +41,21 @@ query. Including C<provider=fips> in your property query guarantees that the OpenSSL FIPS provider is used for cryptographic operations rather than other FIPS capable providers. +=head2 Provider parameters + +See L<provider-base(7)/Provider parameters> for a list of base parameters. +Additionally the OpenSSL FIPS provider also supports the following gettable +parameters: + +=over 4 + +=item "security-checks" (B<OSSL_OSSL_PROV_PARAM_SECURITY_CHECKS>) <unsigned integer> + +For further information refer to the L<openssl-fipsinstall(1)> option +B<-no_security_checks>. + +=back + =head1 OPERATIONS AND ALGORITHMS The OpenSSL FIPS provider supports these operations and algorithms: |