[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Tue Jun 6 13:41:04 UTC 2017


The branch master has been updated
       via  bf0d560938f133df2ebd2026ff80fe3f51f07b40 (commit)
       via  ccd0aeac9f7f9f82e07f0a396c392887ea8fc02d (commit)
      from  9d772829c9e4f202460acb43f9e073841a7cb9db (commit)


- Log -----------------------------------------------------------------
commit bf0d560938f133df2ebd2026ff80fe3f51f07b40
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Jun 6 13:37:41 2017 +0100

    Move and update RSA-PSS documentation.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3621)

commit ccd0aeac9f7f9f82e07f0a396c392887ea8fc02d
Author: Dr. Stephen Henson <steve at openssl.org>
Date:   Tue Jun 6 12:51:01 2017 +0100

    Fix define to match documentation
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/3621)

-----------------------------------------------------------------------

Summary of changes:
 .../RSA-PSS.pod}                                   | 24 +++++++++++++++-------
 include/openssl/rsa.h                              |  2 +-
 2 files changed, 18 insertions(+), 8 deletions(-)
 rename doc/{man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod => man7/RSA-PSS.pod} (84%)

diff --git a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod b/doc/man7/RSA-PSS.pod
similarity index 84%
rename from doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
rename to doc/man7/RSA-PSS.pod
index eb96414..719789a 100644
--- a/doc/man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
+++ b/doc/man7/RSA-PSS.pod
@@ -2,8 +2,7 @@
 
 =head1 NAME
 
-EVP_PKEY_CTX_set_rsa_pss_keygen_md, EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md,
-EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - RSA PSS signature algorithm
+RSA-PSS - EVP_PKEY RSA-PSS algorithm support
 
 =head1 SYNOPSIS
 
@@ -18,10 +17,9 @@ EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - RSA PSS signature algorithm
 
 =head1 DESCRIPTION
 
-The B<EVP_PKEY_RSA_PSS> algorithm implements the RSA PSS signature algorithm.
-It is a restricted version of the RSA algorithm which only supports signing,
-verification and key generation using PSS padding modes with optional
-parameter restrictions.
+The B<RSA-PSS> EVP_PKEY implementation is a restricted version of the RSA
+algorithm which only supports signing, verification and key generation
+using PSS padding modes with optional parameter restrictions.
 
 It has associated private key and public key formats.
 
@@ -57,7 +55,7 @@ similar to the B<RSA> versions.
 =head1 KEY GENERATION
 
 As with RSA key generation the EVP_PKEY_CTX_set_rsa_rsa_keygen_bits()
-and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA PSS:
+and EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS:
 they have exactly the same meaning as for the RSA algorithm.
 
 Optional parameter restrictions can be specified when generating a PSS key. By
@@ -77,6 +75,18 @@ generated key can use to B<md>.
 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt length
 to B<saltlen>.
 
+=head1 NOTES
+
+A context for the B<RSA-PSS> algorithm can be obtained by calling:
+
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);
+
+The public key format is documented in RFC4055.
+
+The PKCS#8 private key format used for RSA-PSS keys is similar to the RSA
+format except it uses the B<id-RSASSA-PSS> OID and the parameters field, if
+present, restricts the key parameters in the same way as the public key.
+
 =head1 RETURN VALUES
 
 All these functions return 1 for success and 0 or a negative value for failure.
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 558b89a..3b56c86 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -147,7 +147,7 @@ extern "C" {
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
                           EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l))
 
-# define  EVP_PKEY_CTX_rsa_pss_keygen_md(ctx, md) \
+# define  EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS,  \
                           EVP_PKEY_OP_TYPE_KEYGEN, EVP_PKEY_CTRL_MD,  \
                           0, (void *)(md))


More information about the openssl-commits mailing list