Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.

Fixes #19989 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20241) (cherry picked from commit 50ea5cdcb735916591e35a04c1f5a659bf253ddc)
author: slontis <shane.lontis@oracle.com> 2023-02-08 17:22:43 +1000
committer: Tomas Mraz <tomas@openssl.org> 2023-03-07 18:26:59 +0100
commit: 6a0a3fee222d7687c543bceaf245507674e66c58 (patch)
tree: 102d67e993235d4cb0d8f88ac6b8b40e9a97e30e /doc/man7
parent: 5b2fe0ba65b37950742305684ad54abcba305e13 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index 691f36a357..063a47af80 100644
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -41,6 +41,21 @@ query.  Including C<provider=fips> in your property query guarantees
 that the OpenSSL FIPS provider is used for cryptographic operations
 rather than other FIPS capable providers.
 
+=head2 Provider parameters
+
+See L<provider-base(7)/Provider parameters> for a list of base parameters.
+Additionally the OpenSSL FIPS provider also supports the following gettable
+parameters:
+
+=over 4
+
+=item "security-checks" (B<OSSL_OSSL_PROV_PARAM_SECURITY_CHECKS>) <unsigned integer>
+
+For further information refer to the L<openssl-fipsinstall(1)> option
+B<-no_security_checks>.
+
+=back
+
 =head1 OPERATIONS AND ALGORITHMS
 
 The OpenSSL FIPS provider supports these operations and algorithms:
author	slontis <shane.lontis@oracle.com>	2023-02-08 17:22:43 +1000
committer	Tomas Mraz <tomas@openssl.org>	2023-03-07 18:26:59 +0100
commit	6a0a3fee222d7687c543bceaf245507674e66c58 (patch)
tree	102d67e993235d4cb0d8f88ac6b8b40e9a97e30e /doc/man7
parent	5b2fe0ba65b37950742305684ad54abcba305e13 (diff)