From: Pauli Date: Sun, 26 Feb 2023 23:14:43 +0000 (+1100) Subject: Update FIPS provider documentation to note that fips=yes is mandatory X-Git-Tag: openssl-3.2.0-alpha1~1221 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a81220a01e888c3ee4ab18dfdcab6472d9e214c;p=thirdparty%2Fopenssl.git Update FIPS provider documentation to note that fips=yes is mandatory This was in the notes section but an earlier comment about it not being mandatory was missed. Fixes #20376 Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/20382) --- diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod index 9396b5e4318..1e1601cef1b 100644 --- a/doc/man7/OSSL_PROVIDER-FIPS.pod +++ b/doc/man7/OSSL_PROVIDER-FIPS.pod @@ -29,14 +29,17 @@ L or L, as well as with other functions that take a property query string, such as L. -It isn't mandatory to query for any of these properties, except to -make sure to get implementations of this provider and none other. - -The C property can be use to make sure only FIPS approved -implementations are used for crypto operations. This may also include -other non-crypto support operations that are not in the FIPS provider, -such as asymmetric key encoders, -see L. +To be FIPS compliant, it is mandatory to include C as +part of all property queries. This ensures that only FIPS approved +implementations are used for cryptographic operations. The C +query may also include other non-crypto support operations that +are not in the FIPS provider, such as asymmetric key encoders, see +L. + +It is not mandatory to include C as part of your property +query. Including C in your property query guarantees +that the OpenSSL FIPS provider is used for cryptographic operations +rather than other FIPS capable providers. =head1 OPERATIONS AND ALGORITHMS