[openssl] OpenSSL_1_1_1-stable update

Dr. Paul Dale pauli at openssl.org
Thu Sep 2 00:10:23 UTC 2021

The branch OpenSSL_1_1_1-stable has been updated
       via  9e72d1a3145a0585b96fa9b4e9ab31ce35a43aba (commit)
      from  1f8e36720fff9bdc9f08fe24a38cc91b1b78ddb0 (commit)

- Log -----------------------------------------------------------------
commit 9e72d1a3145a0585b96fa9b4e9ab31ce35a43aba
Author: Pauli <pauli at openssl.org>
Date:   Wed Sep 1 09:52:03 2021 +1000

    doc: document the rsa_oaep_md: pkeyopt
    This was missing but essential for using non-SHA1 digests with OAEP.
    Fixes #15998
    Manual backport of #16410
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16488)


Summary of changes:
 doc/man1/pkeyutl.pod | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod
index 3b350efadd..f6fd48d5b5 100644
--- a/doc/man1/pkeyutl.pod
+++ b/doc/man1/pkeyutl.pod
@@ -246,6 +246,11 @@ B<PSS> block structure.
 For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
 explicitly set in PSS mode then the signing digest is used.
+=item B<rsa_oaep_md:>I<digest>
+Sets the digest used for the OAEP hash function. If not explicitly set then
+SHA1 is used.
@@ -319,6 +324,11 @@ seed consisting of the single byte 0xFF:
  openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
     -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
+Decrypt some data using a private key with OAEP padding using SHA256:
+ openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
+    -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
 =head1 SEE ALSO
 L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>

More information about the openssl-commits mailing list