doc: document -signature_digest_check option to fipsinstall

author Pauli <ppzgs1@gmail.com>

Thu, 25 Jul 2024 23:29:05 +0000 (09:29 +1000)

committer Pauli <ppzgs1@gmail.com>

Sun, 11 Aug 2024 23:30:42 +0000 (09:30 +1000)
author Pauli <ppzgs1@gmail.com>
Thu, 25 Jul 2024 23:29:05 +0000 (09:29 +1000)
committer Pauli <ppzgs1@gmail.com>
Sun, 11 Aug 2024 23:30:42 +0000 (09:30 +1000)
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in

index f61d98399234573fe7dbbcd4c547cad3193d7312..4b1564e89811ed1daf3fc529db6c941244da3ffd 100644 (file)
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -25,6 +25,7 @@ B<openssl fipsinstall>
  [B<-ems_check>]
  [B<-eddsa_no_verify_digested>]
  [B<-no_drbg_truncated_digests>]
+[B<-signature_digest_check>]
  [B<-hkdf_digest_check>]
  [B<-tls13_kdf_digest_check>]
  [B<-tls1_prf_digest_check>]
@@ -221,6 +222,11 @@ See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details.
  Configure the module to not allow truncated digests to be used with Hash and
  HMAC DRBGs.  See FIPS 140-3 IG D.R for details.
  
+=item B<-signature_digest_check>
+
+Configure the module to enforce signature algorithms to use digests that are
+explicitly permitted by the various standards.
+
  =item B<-hkdf_digest_check>
  
  Configure the module to enable a run-time digest check when deriving a key by
author	Pauli <ppzgs1@gmail.com>
	Thu, 25 Jul 2024 23:29:05 +0000 (09:29 +1000)
committer	Pauli <ppzgs1@gmail.com>
	Sun, 11 Aug 2024 23:30:42 +0000 (09:30 +1000)