From 2c09df2807a14b355dfb5cb57c3817519bf77c46 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Sun, 16 Jul 2023 15:06:18 +0200
Subject: [PATCH] openssl-kdf.pod.in: add text on 'salt' and 'info' parameters;
 small further improvements

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21469)

(cherry picked from commit 7b2a3a1e9d5246fb0f2935f152d0daec715f79f9)
---
 doc/man1/openssl-kdf.pod.in | 39 ++++++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/doc/man1/openssl-kdf.pod.in b/doc/man1/openssl-kdf.pod.in
index 23776378a1b..9c89e22c4e2 100644
--- a/doc/man1/openssl-kdf.pod.in
+++ b/doc/man1/openssl-kdf.pod.in
@@ -66,8 +66,7 @@ cases.
 =item B<-kdfopt> I<nm>:I<v>
 
 Passes options to the KDF algorithm.
-A comprehensive list of parameters can be found in the EVP_KDF_CTX
-implementation documentation.
+A comprehensive list of parameters can be found in L<EVP_KDF(3)/PARAMETERS>.
 Common parameter names used by EVP_KDF_CTX_set_params() are:
 
 =over 4
@@ -81,9 +80,8 @@ A key must be specified for most KDF algorithms.
 
 =item B<hexkey:>I<string>
 
-Specifies the secret key in hexadecimal form (two hex digits per byte).
-The key length must conform to any restrictions of the KDF algorithm.
-A key must be specified for most KDF algorithms.
+Alternative to the B<key:> option where
+the secret key is specified in hexadecimal form (two hex digits per byte).
 
 =item B<pass:>I<string>
 
@@ -93,8 +91,35 @@ The password must be specified for PBKDF2 and scrypt.
 
 =item B<hexpass:>I<string>
 
-Specifies the password in hexadecimal form (two hex digits per byte).
-The password must be specified for PBKDF2 and scrypt.
+Alternative to the B<pass:> option where
+the password is specified in hexadecimal form (two hex digits per byte).
+
+=item B<salt:>I<string>
+
+Specifies a non-secret unique cryptographic salt as an alphanumeric string
+(use if it contains printable characters only).
+The length must conform to any restrictions of the KDF algorithm.
+A salt parameter is required for several KDF algorithms,
+such as L<EVP_KDF-PBKDF2(7)>.
+
+=item B<hexsalt:>I<string>
+
+Alternative to the B<salt:> option where
+the salt is specified in hexadecimal form (two hex digits per byte).
+
+=item B<info:>I<string>
+
+Some KDF implementations, such as L<EVP_KDF-HKDF(7)>, take an 'info' parameter
+for binding the derived key material
+to application- and context-specific information.
+Specifies the info, fixed info, other info or shared info argument
+as an alphanumeric string (use if it contains printable characters only).
+The length must conform to any restrictions of the KDF algorithm.
+
+=item B<hexinfo:>I<string>
+
+Alternative to the B<info:> option where
+the info is specified in hexadecimal form (two hex digits per byte).
 
 =item B<digest:>I<string>
 
-- 
2.47.2