doc: add note about fips jitter option

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)

diff --git a/doc/man7/EVP_RAND-JITTER.pod b/doc/man7/EVP_RAND-JITTER.pod
index 466f9bf4bf82d8fb0299f71012d74a7fe0d6c612..8c4d9511e3fd18fbc2a471c72ae6f3e6d95f3f60 100644 (file)
--- a/doc/man7/EVP_RAND-JITTER.pod
+++ b/doc/man7/EVP_RAND-JITTER.pod
@@ -46,6 +46,15 @@ A context for the seed source can be obtained by calling:
 
 The B<enable-jitter> option was added in OpenSSL 3.4.
 
+By specifying the B<enable-fips-jitter> configuration option, the FIPS
+provider will use an internal jitter source for its entropy.  Enabling
+this option will cause the FIPS provider to operate in a non-compliant
+mode unless an entropy assessment
+L<ESV|https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations>
+and validation through the
+L<CMVP|https://csrc.nist.gov/projects/cryptographic-module-validation-program>
+are additionally conducted.  This option was added in OpenSSL 3.5.
+
 =head1 EXAMPLES
 
  EVP_RAND *rand;