doc: add note about fips jitter option

Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Shane Lontis <[email protected]> (Merged from openssl#25498)
paulidale · Oct 9, 2024 · 47ebeb1 · 47ebeb1
1 parent 4bdbd83
commit 47ebeb1
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/doc/man7/EVP_RAND-JITTER.pod b/doc/man7/EVP_RAND-JITTER.pod
@@ -46,6 +46,15 @@ A context for the seed source can be obtained by calling:
 
 The B<enable-jitter> option was added in OpenSSL 3.4.
 
+By specifying the B<enable-fips-jitter> configuration option, the FIPS
+provider will use an internal jitter source for its entropy.  Enabling
+this option will cause the FIPS provider to operate in a non-compliant
+mode unless an entropy assessment
+L<ESV|https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations>
+and validation through the
+L<CMVP|https://csrc.nist.gov/projects/cryptographic-module-validation-program>
+are additionally conducted.  This option was added in OpenSSL 3.5.
+
 =head1 EXAMPLES
 
  EVP_RAND *rand;