From bf0d560938f133df2ebd2026ff80fe3f51f07b40 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 6 Jun 2017 13:37:41 +0100 Subject: [PATCH] Move and update RSA-PSS documentation. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/3621) --- .../RSA-PSS.pod} | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) rename doc/{man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod => man7/RSA-PSS.pod} (84%) diff --git a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/doc/man7/RSA-PSS.pod similarity index 84% rename from doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod rename to doc/man7/RSA-PSS.pod index eb9641433e..719789aec3 100644 --- a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod +++ b/doc/man7/RSA-PSS.pod @@ -2,8 +2,7 @@ =head1 NAME -EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md, -EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - RSA PSS signature algorithm +RSA-PSS - EVP_PKEY RSA-PSS algorithm support =head1 SYNOPSIS @@ -18,10 +17,9 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - RSA PSS signature algorithm =head1 DESCRIPTION -The B algorithm implements the RSA PSS signature algorithm. -It is a restricted version of the RSA algorithm which only supports signing, -verification and key generation using PSS padding modes with optional -parameter restrictions. +The B EVP_PKEY implementation is a restricted version of the RSA +algorithm which only supports signing, verification and key generation +using PSS padding modes with optional parameter restrictions. It has associated private key and public key formats. @@ -57,7 +55,7 @@ similar to the B versions. =head1 KEY GENERATION As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() -and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA PSS: +and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS: they have exactly the same meaning as for the RSA algorithm. Optional parameter restrictions can be specified when generating a PSS key. By @@ -77,6 +75,18 @@ generated key can use to B. EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length to B. +=head1 NOTES + +A context for the B algorithm can be obtained by calling: + + EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL); + +The public key format is documented in RFC4055. + +The PKCS#8 private key format used for RSA-PSS keys is similar to the RSA +format except it uses the B OID and the parameters field, if +present, restricts the key parameters in the same way as the public key. + =head1 RETURN VALUES All these functions return 1 for success and 0 or a negative value for failure. -- 2.25.1