Some clear guidelines for the legacy algs.

author Dmitry Belyavskiy <beldmit@gmail.com>

Tue, 22 Jun 2021 15:33:12 +0000 (17:33 +0200)

committer Pauli <pauli@openssl.org>

Thu, 24 Jun 2021 02:32:08 +0000 (12:32 +1000)
author Dmitry Belyavskiy <beldmit@gmail.com>
Tue, 22 Jun 2021 15:33:12 +0000 (17:33 +0200)
committer Pauli <pauli@openssl.org>
Thu, 24 Jun 2021 02:32:08 +0000 (12:32 +1000)
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod

index 82c7ffcc432fd3d6ac14c6471f5420de689acc82..6d281472c97cf0179ce3a6de25315574cf476f71 100644 (file)
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -60,6 +60,12 @@ There is however a dedicated C<install_fips> make target, which serves the
  special purpose of installing only the FIPS provider into an existing
  OpenSSL installation.
  
+Not all algorithms may be available for the application at a particular moment.
+If the application code uses any digest or cipher algorithm via the EVP interface,
+the application should verify the result of the L<EVP_EncryptInit(3)>,
+L<EVP_EncryptInit_ex(3)>, and L<EVP_DigestInit(3)> functions. In case when
+the requested algorithm is not available, these functions will fail.
+
  See also L</Legacy Algorithms> for information on the legacy provider.
  
  See also L</Completing the installation of the FIPS Module> and
author	Dmitry Belyavskiy <beldmit@gmail.com>
	Tue, 22 Jun 2021 15:33:12 +0000 (17:33 +0200)
committer	Pauli <pauli@openssl.org>
	Thu, 24 Jun 2021 02:32:08 +0000 (12:32 +1000)