From 589286efca5ab637ae29ef7f3522dc85ee080d55 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Wed, 28 Aug 2024 17:18:03 +0200
Subject: [PATCH] doc: Document properties param for Argon2 KDF

The Argon2 KDF uses OSSL_KDF_PARAM_PROPERTIES to fetch implementations
of blake2bmac and blake2b512 if ctx->mac and ctx->md are NULL. This
isn't documented in the manpage, so users that might, for example, want
to fetch an instance of Argon2 with the -fips property query to obtain
a working Argon2 KDF even though the default property query requires
fips=yes are left wondering why this fails.

Fortunately, EVP_KDF(3)/PARAMETERS already explains what the properties
are used for, so we really just need to add a single line.

Signed-off-by: Clemens Lang <cllang@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25306)

(cherry picked from commit 6772c2ab1bc5f12dd800247cd6800c45c2c0bf6e)
---
 doc/man7/EVP_KDF-ARGON2.pod | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/man7/EVP_KDF-ARGON2.pod b/doc/man7/EVP_KDF-ARGON2.pod
index d41a3179b53..ecbd3ad7458 100644
--- a/doc/man7/EVP_KDF-ARGON2.pod
+++ b/doc/man7/EVP_KDF-ARGON2.pod
@@ -44,6 +44,8 @@ The supported parameters are:
 
 =item "size" (B<OSSL_KDF_PARAM_SIZE>) <unsigned integer>
 
+=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
+
 These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
 
 Note that RFC 9106 recommends 128 bits salt for most applications, or 64 bits
-- 
2.47.2