doc: update FIPS provider version information

With 3.0.8 validated, we need to note this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21049)

diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
index a18703f568fc55f195f772bb38ad72e0927cab56..844c14df9e257bdae0f9dcaf83b4528542d5a95f 100644 (file)
--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -426,6 +426,17 @@ A simple self test callback is shown below for illustrative purposes.
 
 =head1 NOTES
 
+Some released versions of OpenSSL do not include a validated
+FIPS provider.  To determine which versions have undergone
+the validation process, please refer to the
+L<OpenSSL Downloads page|https://www.openssl.org/source/>.  If you
+require FIPS-approved functionality, it is essential to build your FIPS
+provider using one of the validated versions listed there.  Normally,
+it is possible to utilize a FIPS provider constructed from one of the
+validated versions alongside F<libcrypto> and F<libssl> compiled from any
+release within the same major release series.  This flexibility enables
+you to address bug fixes and CVEs that fall outside the FIPS boundary.
+
 The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms,
 consequently the property query C<fips=yes> is mandatory for applications that
 want to operate in a FIPS approved manner.  The algorithms are:
@@ -449,16 +460,13 @@ L<OSSL_SELF_TEST_new(3)>,
 L<OSSL_PARAM(3)>,
 L<openssl-core.h(7)>,
 L<openssl-core_dispatch.h(7)>,
-L<provider(7)>
+L<provider(7)>,
+L<https://www.openssl.org/source/>
 
 =head1 HISTORY
 
 This functionality was added in OpenSSL 3.0.
 
-OpenSSL 3.0 includes a FIPS 140-2 approved FIPS provider.
-
-OpenSSL 3.1 includes a FIPS 140-3 approved FIPS provider.
-
 =head1 COPYRIGHT
 
 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.

diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod
index c465dca56c6b10ca16f7bc5071fdb303a20a5dc8..f3fca15c58b4f34e1cea1e861a5f6f4045d4432f 100644 (file)
--- a/doc/man7/fips_module.pod
+++ b/doc/man7/fips_module.pod
@@ -470,6 +470,17 @@ L<OSSL_PROVIDER_get0_name(3)>.
 
 =head1 NOTES
 
+Some released versions of OpenSSL do not include a validated
+FIPS provider.  To determine which versions have undergone
+the validation process, please refer to the
+L<OpenSSL Downloads page|https://www.openssl.org/source/>.  If you
+require FIPS-approved functionality, it is essential to build your FIPS
+provider using one of the validated versions listed there.  Normally,
+it is possible to utilize a FIPS provider constructed from one of the
+validated versions alongside F<libcrypto> and F<libssl> compiled from any
+release within the same major release series.  This flexibility enables
+you to address bug fixes and CVEs that fall outside the FIPS boundary.
+
 The FIPS provider in OpenSSL 3.1 includes some non-FIPS validated algorithms,
 consequently the property query C<fips=yes> is mandatory for applications that
 want to operate in a FIPS approved manner.  The algorithms are:
@@ -486,17 +497,14 @@ want to operate in a FIPS approved manner.  The algorithms are:
 
 =head1 SEE ALSO
 
-L<migration_guide(7)>, L<crypto(7)>, L<fips_config(5)>
+L<migration_guide(7)>, L<crypto(7)>, L<fips_config(5)>,
+L<https://www.openssl.org/source/>
 
 =head1 HISTORY
 
 The FIPS module guide was created for use with the new FIPS provider
 in OpenSSL 3.0.
 
-OpenSSL 3.0 includes a FIPS 140-2 approved FIPS provider.
-
-OpenSSL 3.1 includes a FIPS 140-3 approved FIPS provider.
-
 =head1 COPYRIGHT
 
 Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.