diff options
author | Pauli <pauli@openssl.org> | 2023-05-26 08:01:39 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-01 16:19:15 +1000 |
commit | 09198e05511cac3f2673c5a45c64bb964f5f7885 (patch) | |
tree | 9db5d919b4ea77c1db8aa990d0867653bd4c3f43 /doc | |
parent | ce9a53653542ad887163f9e9f5c2f76ed47593f5 (diff) |
doc: update FIPS provider version information
With 3.0.8 validated, we need to note this in the documentation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21060)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man7/OSSL_PROVIDER-FIPS.pod | 16 | ||||
-rw-r--r-- | doc/man7/fips_module.pod | 16 |
2 files changed, 30 insertions, 2 deletions
diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 2f34866d99..66165bdb0c 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -408,6 +408,19 @@ A simple self test callback is shown below for illustrative purposes. return ret; } +=head1 NOTES + +Some released versions of OpenSSL do not include a validated +FIPS provider. To determine which versions have undergone +the validation process, please refer to the +L<OpenSSL Downloads page|https://www.openssl.org/source/>. If you +require FIPS-approved functionality, it is essential to build your FIPS +provider using one of the validated versions listed there. Normally, +it is possible to utilize a FIPS provider constructed from one of the +validated versions alongside F<libcrypto> and F<libssl> compiled from any +release within the same major release series. This flexibility enables +you to address bug fixes and CVEs that fall outside the FIPS boundary. + =head1 SEE ALSO L<openssl-fipsinstall(1)>, @@ -417,7 +430,8 @@ L<OSSL_SELF_TEST_new(3)>, L<OSSL_PARAM(3)>, L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, -L<provider(7)> +L<provider(7)>, +L<https://www.openssl.org/source/> =head1 HISTORY diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod index b1d67ca61b..551323597c 100644 --- a/doc/man7/fips_module.pod +++ b/doc/man7/fips_module.pod @@ -456,9 +456,23 @@ use L<EVP_MD_get0_provider(3)>. To extract the name from the B<OSSL_PROVIDER>, use L<OSSL_PROVIDER_get0_name(3)>. +=head1 NOTES + +Some released versions of OpenSSL do not include a validated +FIPS provider. To determine which versions have undergone +the validation process, please refer to the +L<OpenSSL Downloads page|https://www.openssl.org/source/>. If you +require FIPS-approved functionality, it is essential to build your FIPS +provider using one of the validated versions listed there. Normally, +it is possible to utilize a FIPS provider constructed from one of the +validated versions alongside F<libcrypto> and F<libssl> compiled from any +release within the same major release series. This flexibility enables +you to address bug fixes and CVEs that fall outside the FIPS boundary. + =head1 SEE ALSO -L<migration_guide(7)>, L<crypto(7)>, L<fips_config(5)> +L<migration_guide(7)>, L<crypto(7)>, L<fips_config(5)>, +L<https://www.openssl.org/source/> =head1 HISTORY |