Commit 1913df42 authored by Matt Caswell's avatar Matt Caswell
Browse files

Update pkeyutl documentation about the digest option 



DSA can accept other digests other than SHA1. EC ignores the digest option
altogether.

Fixes #8425

Reviewed-by: default avatarRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8432)

(cherry picked from commit 6a6d9ecd1dff669c162e8ab940dac5db2e82679d)
parent a7e1cb8c

doc/man1/pkeyutl.pod

+5 −6
Original line number Diff line number Diff line
@@ -272,20 +272,19 @@ value less than the minimum restriction. 
=head1 DSA ALGORITHM



The DSA algorithm supports signing and verification operations only. Currently

there are no additional options other than B<digest>. Only the SHA1

digest can be used and this digest is assumed by default.

there are no additional B<-pkeyopt> options other than B<digest>. The SHA1

digest is assumed by default.



=head1 DH ALGORITHM



The DH algorithm only supports the derivation operation and no additional

options.

B<-pkeyopt> options.



=head1 EC ALGORITHM



The EC algorithm supports sign, verify and derive operations. The sign and

verify operations use ECDSA and derive uses ECDH. Currently there are no

additional options other than B<digest>. Only the SHA1 digest can be used and

this digest is assumed by default.

verify operations use ECDSA and derive uses ECDH. SHA1 is assumed by default for

the B<-pkeyopt> B<digest> option.



=head1 X25519 and X448 ALGORITHMS