mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

doc: document no_short_mac option to fipsinstall

Browse Source 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/24917)
This commit is contained in:
Pauli 2024-07-17 10:35:56 +10:00
parent 00231a6ae9
commit fc98a2f6ad
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/man1/openssl-fipsinstall.pod.in
View File

@ -31,6 +31,7 @@ B<openssl fipsinstall>
[B<-sskdf_digest_check>]
[B<-x963kdf_digest_check>]
[B<-dsa_sign_disabled>]
[B<-no_short_mac>]
[B<-self_test_onload>]
[B<-self_test_oninstall>]
[B<-corrupt_desc> I<selftest_description>]
@ -192,6 +193,11 @@ Configure the module to enable a run-time Extended Master Secret (EMS) check
when using the TLS1_PRF KDF algorithm. This check is disabled by default.
See RFC 7627 for information related to EMS.
=item B<-no_short_mac>
Configure the module to not allow short MAC outputs.
See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details.
=item B<-no_drbg_truncated_digests>
Configure the module to not allow truncated digests to be used with Hash and