From: Pauli <ppzgs1@gmail.com>
Date: Wed, 2 Oct 2024 02:29:41 +0000 (+1000)
Subject: doc: add note about fips jitter option
X-Git-Tag: openssl-3.5.0-alpha1~1021
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47ebeb1c100e4a02cf880897a72db696e7e43559;p=thirdparty%2Fopenssl.git

doc: add note about fips jitter option

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25498)
---

diff --git a/doc/man7/EVP_RAND-JITTER.pod b/doc/man7/EVP_RAND-JITTER.pod
index 466f9bf4bf8..8c4d9511e3f 100644
--- a/doc/man7/EVP_RAND-JITTER.pod
+++ b/doc/man7/EVP_RAND-JITTER.pod
@@ -46,6 +46,15 @@ A context for the seed source can be obtained by calling:
 
 The B<enable-jitter> option was added in OpenSSL 3.4.
 
+By specifying the B<enable-fips-jitter> configuration option, the FIPS
+provider will use an internal jitter source for its entropy.  Enabling
+this option will cause the FIPS provider to operate in a non-compliant
+mode unless an entropy assessment
+L<ESV|https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations>
+and validation through the
+L<CMVP|https://csrc.nist.gov/projects/cryptographic-module-validation-program>
+are additionally conducted.  This option was added in OpenSSL 3.5.
+
 =head1 EXAMPLES
 
  EVP_RAND *rand;