diff options
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man7/EVP_KDF-SS.pod | 16 | ||||
| -rw-r--r-- | doc/man7/EVP_KDF-SSHKDF.pod | 2 | ||||
| -rw-r--r-- | doc/man7/EVP_KDF-TLS13_KDF.pod | 2 | ||||
| -rw-r--r-- | doc/man7/EVP_KDF-TLS1_PRF.pod | 2 | ||||
| -rw-r--r-- | doc/man7/EVP_KDF-X963.pod | 2 |
5 files changed, 4 insertions, 20 deletions
diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod index 6e09f9b845..c8d19691a7 100644 --- a/doc/man7/EVP_KDF-SS.pod +++ b/doc/man7/EVP_KDF-SS.pod @@ -61,22 +61,6 @@ This parameter set the shared secret that is used for key derivation. This parameter sets an optional value for fixedinfo, also known as otherinfo. -=item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int> - -A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. -This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check" -related parameter is set to 0 and the check fails. -This option is used by the OpenSSL FIPS provider. - -=item "digest-check" (B<OSSL_KDF_PARAM_FIPS_DIGEST_CHECK>) <int> - -The default value of 1 causes an error during EVP_KDF_derive() if -used digest is not approved. -Setting this to zero will ignore the error and set the approved -"fips-indicator" to 0. -This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if -set to 0. - =back =head1 NOTES diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index 396afa2b5d..3b5994e967 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -83,7 +83,7 @@ A single char of value 70 (ASCII char 'F'). =item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int> A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. -This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check" +This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check" related parameter is set to 0 and the check fails. This option is used by the OpenSSL FIPS provider. diff --git a/doc/man7/EVP_KDF-TLS13_KDF.pod b/doc/man7/EVP_KDF-TLS13_KDF.pod index f0d74d6992..2dd32d33d4 100644 --- a/doc/man7/EVP_KDF-TLS13_KDF.pod +++ b/doc/man7/EVP_KDF-TLS13_KDF.pod @@ -57,7 +57,7 @@ There are two modes that are currently defined: =item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int> A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. -This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check" +This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check" related parameter is set to 0 and the check fails. This option is used by the OpenSSL FIPS provider. diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod index 708d0ea4c2..224340a624 100644 --- a/doc/man7/EVP_KDF-TLS1_PRF.pod +++ b/doc/man7/EVP_KDF-TLS1_PRF.pod @@ -47,7 +47,7 @@ this should be more than enough for any normal use of the TLS PRF. =item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <integer> A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. -This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check" +This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check" related parameter is set to 0 and the check fails. This option is used by the OpenSSL FIPS provider. diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod index e275edeaa6..c6d4c66ef3 100644 --- a/doc/man7/EVP_KDF-X963.pod +++ b/doc/man7/EVP_KDF-X963.pod @@ -39,7 +39,7 @@ This parameter specifies an optional value for shared info. =item "fips-indicator" (B<OSSL_KDF_PARAM_FIPS_APPROVED_INDICATOR>) <int> A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. -This may be used after calling EVP_KDF_derive. It returns 0 if any "***_check" +This may be used after calling EVP_KDF_derive. It returns 0 if any "***-check" related parameter is set to 0 and the check fails. This option is used by the OpenSSL FIPS provider. |