doc: note that PBKDF2 does not support XOF digests

PBKDF2 uses HMAC internally, which does not support eXtendable Output
Function (XOF) digests such as SHAKE128 or SHAKE256. Document this
limitation to prevent user confusion when attempting to use XOF
digests with PBKDF2.

Fixes #22877

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
MergeDate: Fri Feb 13 14:39:07 2026
(Merged from https://github.com/openssl/openssl/pull/29792)

diff --git a/doc/man7/EVP_KDF-PBKDF2.pod b/doc/man7/EVP_KDF-PBKDF2.pod
index 79de97d7134ffc05566b1a51e56373c9cac3f014..b760b6e7d7f8de215bb3ef6857cdadd4f8e99cd4 100644 (file)
--- a/doc/man7/EVP_KDF-PBKDF2.pod
+++ b/doc/man7/EVP_KDF-PBKDF2.pod
@@ -40,6 +40,10 @@ This parameter has a default value of 2048.
 
 These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
 
+B<Note:> PBKDF2 uses HMAC internally, which does not support eXtendable Output
+Function (XOF) digests such as SHAKE128 or SHAKE256. Attempting to use an XOF
+digest with PBKDF2 will result in an error.
+
 =item "pkcs5" (B<OSSL_KDF_PARAM_PKCS5>) <integer>
 
 This parameter can be used to enable or disable SP800-132 compliance checks.