root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

doc: add documentation for -eddsa_no_verify_digested fipsinstall option 

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25032)
This commit is contained in:
Pauli 2024-07-30 11:23:07 +10:00
parent 70b6d57fd9
commit b00ea9a6a2
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/man1/openssl-fipsinstall.pod.in
View File

@ -23,6 +23,7 @@ B<openssl fipsinstall>
[B<-no_conditional_errors>]
[B<-no_security_checks>]
[B<-ems_check>]
[B<-eddsa_no_verify_digested>]
[B<-no_drbg_truncated_digests>]
[B<-hkdf_digest_check>]
[B<-tls13_kdf_digest_check>]
@ -202,6 +203,12 @@ Configure the module to enable a run-time Extended Master Secret (EMS) check
when using the TLS1_PRF KDF algorithm. This check is disabled by default.
See RFC 7627 for information related to EMS.
=item B<-eddsa_no_verify_digested>
Configure the module to not allow EdDSA to verify from a message digest
directly. Instead, EdDSA will digest the message itself.
This check is disabled by default.
=item B<-no_short_mac>
Configure the module to not allow short MAC outputs.