In rsa.h rev. 1.45, jsing@ provided

the three macro constants RSA_PSS_SALTLEN_*; document them.
The wording is a combination of our existing text and the wording
in the OpenSSL 1.1.1 branch, which is still under a free license.

1 files changed, 16 insertions, 8 deletions

diff --git a/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 b/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
index dbfd9c16f67..c89ceec4363 100644
--- a/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
+++ b/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: RSA_pkey_ctx_ctrl.3,v 1.3 2019/11/01 13:53:25 schwarze Exp $
+.\" $OpenBSD: RSA_pkey_ctx_ctrl.3,v 1.4 2019/11/01 19:37:21 schwarze Exp $
 .\" full merge up to:
 .\" OpenSSL man3/EVP_PKEY_CTX_ctrl.pod 99d63d46 Oct 26 13:56:48 2016 -0400
 .\" OpenSSL man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
@@ -303,13 +303,21 @@ The
 .Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
 macro sets the RSA PSS salt length to
 .Fa len .
-Two special values are supported: -1 sets the salt length to the digest
-length.
-When signing -2 sets the salt length to the maximum permissible value.
-When verifying -2 causes the salt length to be automatically determined
-based on the PSS block structure.
-If this macro is not called a salt length value of -2 is used by
-default.
+Three special values are supported:
+.Dv RSA_PSS_SALTLEN_DIGEST
+sets the salt length to the digest length.
+.Dv RSA_PSS_SALTLEN_MAX
+sets the salt length to the maximum permissible value.
+When signing,
+.Dv RSA_PSS_SALTLEN_AUTO
+sets the salt length to the maximum permissible value.
+When verifying,
+.Dv RSA_PSS_SALTLEN_AUTO
+causes the salt length to be automatically determined based on the
+PSS block structure.
+If this macro is not called, a salt length value of
+.Dv RSA_PSS_SALTLEN_AUTO
+is used by default.
 .Pp
 If the key has usage restrictions and an attempt is made to set the
 salt length below the minimum value, an error occurs.