For RSA PSS, document that salt length = hash length

This is the most common mode and the only mode that Mbed TLS functions
fully supports (mbedtls_rsa_rsassa_pss_verify_ext can verify
signatures with a different salt length).
This commit is contained in:
Gilles Peskine 2018-06-29 23:35:02 +02:00 committed by itayzafrir
parent f969b3ac74
commit a4d20bd387

View file

@ -807,7 +807,8 @@ typedef uint32_t psa_algorithm_t;
*
* This is the signature scheme defined by RFC 8017
* (PKCS#1: RSA Cryptography Specifications) under the name
* RSASSA-PSS, with the message generation function MGF1. The specified
* RSASSA-PSS, with the message generation function MGF1, and with
* a salt length equal to the length of the hash. The specified
* hash algorithm is used to hash the input message, to create the
* salted hash, and for the mask generation.
*