doc: document no_short_mac option to fipsinstall

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/24917)
author: Pauli <ppzgs1@gmail.com> 2024-07-17 02:35:56 +0200
committer: Pauli <ppzgs1@gmail.com> 2024-07-26 02:09:29 +0200
commit: fc98a2f6ad8f8afe5f0e32d2ae66d09d39b1ff9d (patch)
tree: 73bd6a74fd9992b6c4c554d0f5f17846edf848f6
parent: fipsinstall: add no_short_mac option (diff)
download: openssl-fc98a2f6ad8f8afe5f0e32d2ae66d09d39b1ff9d.tar.xz
openssl-fc98a2f6ad8f8afe5f0e32d2ae66d09d39b1ff9d.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index cb98598904..0524c0fef1 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -31,6 +31,7 @@ B<openssl fipsinstall>
 [B<-sskdf_digest_check>]
 [B<-x963kdf_digest_check>]
 [B<-dsa_sign_disabled>]
+[B<-no_short_mac>]
 [B<-self_test_onload>]
 [B<-self_test_oninstall>]
 [B<-corrupt_desc> I<selftest_description>]
@@ -192,6 +193,11 @@ Configure the module to enable a run-time Extended Master Secret (EMS) check
 when using the TLS1_PRF KDF algorithm. This check is disabled by default.
 See RFC 7627 for information related to EMS.
 
+=item B<-no_short_mac>
+
+Configure the module to not allow short MAC outputs.
+See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details.
+
 =item B<-no_drbg_truncated_digests>
 
 Configure the module to not allow truncated digests to be used with Hash and
author	Pauli <ppzgs1@gmail.com>	2024-07-17 02:35:56 +0200
committer	Pauli <ppzgs1@gmail.com>	2024-07-26 02:09:29 +0200
commit	fc98a2f6ad8f8afe5f0e32d2ae66d09d39b1ff9d (patch)
tree	73bd6a74fd9992b6c4c554d0f5f17846edf848f6
parent	fipsinstall: add no_short_mac option (diff)
download	openssl-fc98a2f6ad8f8afe5f0e32d2ae66d09d39b1ff9d.tar.xz openssl-fc98a2f6ad8f8afe5f0e32d2ae66d09d39b1ff9d.zip