From: Pauli Date: Tue, 30 Jul 2024 01:23:07 +0000 (+1000) Subject: doc: add documentation for -eddsa_no_verify_digested fipsinstall option X-Git-Tag: openssl-3.4.0-alpha1~233 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b00ea9a6a2a72f5ac7b38e82c9a7b6796972fc36;p=thirdparty%2Fopenssl.git doc: add documentation for -eddsa_no_verify_digested fipsinstall option Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/25032) --- diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in index 88e4a8a20c7..ba9229c894f 100644 --- a/doc/man1/openssl-fipsinstall.pod.in +++ b/doc/man1/openssl-fipsinstall.pod.in @@ -23,6 +23,7 @@ B [B<-no_conditional_errors>] [B<-no_security_checks>] [B<-ems_check>] +[B<-eddsa_no_verify_digested>] [B<-no_drbg_truncated_digests>] [B<-hkdf_digest_check>] [B<-tls13_kdf_digest_check>] @@ -202,6 +203,12 @@ Configure the module to enable a run-time Extended Master Secret (EMS) check when using the TLS1_PRF KDF algorithm. This check is disabled by default. See RFC 7627 for information related to EMS. +=item B<-eddsa_no_verify_digested> + +Configure the module to not allow EdDSA to verify from a message digest +directly. Instead, EdDSA will digest the message itself. +This check is disabled by default. + =item B<-no_short_mac> Configure the module to not allow short MAC outputs.