From: pohsingwu Date: Tue, 30 Jul 2024 09:23:47 +0000 (+0800) Subject: Update documentation X-Git-Tag: openssl-3.4.0-alpha1~251 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fa9a84386cc61d00a15c56010900a46429c6242;p=thirdparty%2Fopenssl.git Update documentation Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/23900) --- diff --git a/doc/man7/EVP_KDF-HKDF.pod b/doc/man7/EVP_KDF-HKDF.pod index 54141c80653..15171e82990 100644 --- a/doc/man7/EVP_KDF-HKDF.pod +++ b/doc/man7/EVP_KDF-HKDF.pod @@ -89,8 +89,9 @@ This option is used by the OpenSSL FIPS provider. =item "key-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if the length of -used key-derivation key (B) is shorter than 112 bits. +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the +length of used key-derivation key (B) is shorter than 112 +bits. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod index 9a2b7c776cf..bd9059778f8 100644 --- a/doc/man7/EVP_KDF-SS.pod +++ b/doc/man7/EVP_KDF-SS.pod @@ -70,8 +70,9 @@ This option is used by the OpenSSL FIPS provider. =item "key-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if the length of -used key-derivation key (B) is shorter than 112 bits. +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the +length of used key-derivation key (B) is shorter than 112 +bits. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if diff --git a/doc/man7/EVP_KDF-SSHKDF.pod b/doc/man7/EVP_KDF-SSHKDF.pod index 1d0daf95b14..4acc2c90a89 100644 --- a/doc/man7/EVP_KDF-SSHKDF.pod +++ b/doc/man7/EVP_KDF-SSHKDF.pod @@ -89,7 +89,7 @@ This option is used by the OpenSSL FIPS provider. =item "digest-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if used digest is not approved. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. @@ -101,8 +101,9 @@ SHA2-224, SHA2-256, SHA2-384, SHA2-512. =item "key-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if the length of -used key-derivation key (B) is shorter than 112 bits. +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the +length of used key-derivation key (B) is shorter than 112 +bits. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if diff --git a/doc/man7/EVP_KDF-TLS13_KDF.pod b/doc/man7/EVP_KDF-TLS13_KDF.pod index dd706e6b16f..1b13e2f9477 100644 --- a/doc/man7/EVP_KDF-TLS13_KDF.pod +++ b/doc/man7/EVP_KDF-TLS13_KDF.pod @@ -63,7 +63,7 @@ This option is used by the OpenSSL FIPS provider. =item "digest-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if used digest is not approved. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. @@ -75,8 +75,9 @@ SHA2-384. =item "key-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if the length of -used key-derivation key (B) is shorter than 112 bits. +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the +length of used key-derivation key (B) is shorter than 112 +bits. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if diff --git a/doc/man7/EVP_KDF-TLS1_PRF.pod b/doc/man7/EVP_KDF-TLS1_PRF.pod index b09002b08a7..b3eb5286db9 100644 --- a/doc/man7/EVP_KDF-TLS1_PRF.pod +++ b/doc/man7/EVP_KDF-TLS1_PRF.pod @@ -61,7 +61,7 @@ set to 0. =item "digest-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if used digest is not approved. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. @@ -73,8 +73,9 @@ SHA2-256, SHA2-384, SHA2-512. =item "key-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if the length of -used key-derivation key (B) is shorter than 112 bits. +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the +length of used key-derivation key (B) is shorter than 112 +bits. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if diff --git a/doc/man7/EVP_KDF-X963.pod b/doc/man7/EVP_KDF-X963.pod index f7616ae2608..17de2fc69fb 100644 --- a/doc/man7/EVP_KDF-X963.pod +++ b/doc/man7/EVP_KDF-X963.pod @@ -45,7 +45,7 @@ This option is used by the OpenSSL FIPS provider. =item "digest-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if used digest is not approved. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. @@ -58,8 +58,9 @@ SHA3-256, SHA3-384, SHA3-512. =item "key-check" (B) -The default value of 1 causes an error during EVP_KDF_derive() if the length of -used key-derivation key (B) is shorter than 112 bits. +The default value of 1 causes an error during EVP_KDF_CTX_set_params() if the +length of used key-derivation key (B) is shorter than 112 +bits. Setting this to zero will ignore the error and set the approved "fips-indicator" to 0. This option is used by the OpenSSL FIPS provider, and breaks FIPS compliance if