diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index daef9416cce8..60e4106a1ca9 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1345,10 +1345,15 @@
  *
  * This is the signature scheme defined by RFC 8017
  * (PKCS#1: RSA Cryptography Specifications) under the name
- * RSASSA-PSS, with the message generation function MGF1, and with
- * a salt length equal to the length of the hash. The specified
- * hash algorithm is used to hash the input message, to create the
- * salted hash, and for the mask generation.
+ * RSASSA-PSS, with the message generation function MGF1.
+ * The specified hash algorithm is used to hash the input message, to create
+ * the salted hash, and for the mask generation.
+ *
+ * When creating a signature, the salt length is equal to the length of
+ * the hash, or the largest possible salt length for the algorithm and key
+ * size if that is smaller than the hash length.
+ * When verifying a signature, any salt length permitted by the RSASSA-PSS
+ * signature algorithm is accepted.
  *
  * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
  *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).