doc: note that the FIPS provider contains some non-approved algorithms.

Also note how to select them. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11371)
author: Pauli <paul.dale@oracle.com> 2020-04-16 02:17:07 +0200
committer: Pauli <paul.dale@oracle.com> 2020-04-17 11:51:37 +0200
commit: 4350a6bd427f52d38f32b19f1c4b38a3afe62941 (patch)
tree: 1c279f468c0e81cfa5c9298b0542f1c4d71d19a6 /doc/man7
parent: news: note the addition of ECX and SHAKE256 to the FIPS provider as non-appro... (diff)
download: openssl-4350a6bd427f52d38f32b19f1c4b38a3afe62941.tar.xz
openssl-4350a6bd427f52d38f32b19f1c4b38a3afe62941.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod
index de8e2499d9..fcb9fa1122 100644
--- a/doc/man7/provider.pod
+++ b/doc/man7/provider.pod
@@ -274,9 +274,10 @@ be loaded explicitly, either in code or through OpenSSL configuration
 (see L<config(5)>).
 Should it be needed (if other providers are loaded and offer
 implementations of the same algorithms), the property "provider=fips" can
-be used as a search criterion for these implementations. All algorithm
+be used as a search criterion for these implementations. All approved algorithm
 implementations in the FIPS provider can also be selected with the property
-"fips=yes".
+"fips=yes". The FIPS provider also contains a number of non-approved algorithm
+implementations and these can be selected with the property "fips=no".
 
 =head2 Legacy provider
author	Pauli <paul.dale@oracle.com>	2020-04-16 02:17:07 +0200
committer	Pauli <paul.dale@oracle.com>	2020-04-17 11:51:37 +0200
commit	4350a6bd427f52d38f32b19f1c4b38a3afe62941 (patch)
tree	1c279f468c0e81cfa5c9298b0542f1c4d71d19a6 /doc/man7
parent	news: note the addition of ECX and SHAKE256 to the FIPS provider as non-appro... (diff)
download	openssl-4350a6bd427f52d38f32b19f1c4b38a3afe62941.tar.xz openssl-4350a6bd427f52d38f32b19f1c4b38a3afe62941.zip