From 5d6e692c36d6ecf1427c2a7c5fc37c501a251c03 Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Fri, 26 Jul 2024 09:29:05 +1000
Subject: [PATCH] doc: document -signature_digest_check option to fipsinstall

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25020)
---
 doc/man1/openssl-fipsinstall.pod.in | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index f61d9839923..4b1564e8981 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -25,6 +25,7 @@ B<openssl fipsinstall>
 [B<-ems_check>]
 [B<-eddsa_no_verify_digested>]
 [B<-no_drbg_truncated_digests>]
+[B<-signature_digest_check>]
 [B<-hkdf_digest_check>]
 [B<-tls13_kdf_digest_check>]
 [B<-tls1_prf_digest_check>]
@@ -221,6 +222,11 @@ See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details.
 Configure the module to not allow truncated digests to be used with Hash and
 HMAC DRBGs.  See FIPS 140-3 IG D.R for details.
 
+=item B<-signature_digest_check>
+
+Configure the module to enforce signature algorithms to use digests that are
+explicitly permitted by the various standards.
+
 =item B<-hkdf_digest_check>
 
 Configure the module to enable a run-time digest check when deriving a key by
-- 
2.47.2