| /openssl/crypto/rsa/ |
| H A D | rsa_crpt.c | 34 RSA *rsa, int padding) in RSA_public_encrypt() argument
36 return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); in RSA_public_encrypt()
40 unsigned char *to, RSA *rsa, int padding) in RSA_private_encrypt() argument
42 return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); in RSA_private_encrypt()
46 unsigned char *to, RSA *rsa, int padding) in RSA_private_decrypt() argument
48 return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); in RSA_private_decrypt()
52 RSA *rsa, int padding) in RSA_public_decrypt() argument
54 return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); in RSA_public_decrypt()
|
| H A D | rsa_meth.c | 104 unsigned char *to, RSA *rsa, int padding) in RSA_meth_get_pub_enc()
112 int padding)) in RSA_meth_set_pub_enc() argument
120 unsigned char *to, RSA *rsa, int padding) in RSA_meth_get_pub_dec()
128 int padding)) in RSA_meth_set_pub_dec() argument
136 unsigned char *to, RSA *rsa, int padding) in RSA_meth_get_priv_enc()
144 int padding)) in RSA_meth_set_priv_enc() argument
152 unsigned char *to, RSA *rsa, int padding) in RSA_meth_get_priv_dec()
160 int padding)) in RSA_meth_set_priv_dec() argument
|
| H A D | rsa_ossl.c | 25 unsigned char *to, RSA *rsa, int padding);
29 unsigned char *to, RSA *rsa, int padding);
135 switch (padding) { in rsa_ossl_public_encrypt()
164 if (padding == RSA_NO_PADDING) { in rsa_ossl_public_encrypt()
330 switch (padding) { in rsa_ossl_private_encrypt()
411 if (padding == RSA_X931_PADDING) { in rsa_ossl_private_encrypt()
540 padding = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; in rsa_ossl_private_decrypt()
580 if (padding == RSA_NO_PADDING) { in rsa_ossl_private_decrypt()
662 if (padding == RSA_PKCS1_PADDING) { in rsa_ossl_private_decrypt()
671 switch (padding) { in rsa_ossl_private_decrypt()
[all …]
|
| H A D | rsa_local.h | 106 unsigned char *to, RSA *rsa, int padding);
108 unsigned char *to, RSA *rsa, int padding);
110 unsigned char *to, RSA *rsa, int padding);
112 unsigned char *to, RSA *rsa, int padding);
|
| /openssl/doc/man3/ |
| H A D | SSL_CTX_set_record_padding_callback.pod | 14 SSL_set_block_padding_ex - install callback to specify TLS 1.3 record padding
37 can be used to assign a callback function I<cb> to specify the padding
39 Kernel TLS is not possible if the record padding callback is set, and the callback
50 of the B<block_size>. A B<block_size> of 0 or 1 disables block padding. The limit of
54 allow the caller to separately specify the padding block size to be applied to
76 The B<cb> returns the number of padding bytes to add to the record. A return of 0
77 indicates no padding will be added. A return value that causes the record to
86 The default behavior is to add no padding to the record.
88 A user-supplied padding callback function will override the behavior set by
90 callback to NULL will restore the configured block padding behavior.
[all …]
|
| H A D | RSA_public_encrypt.pod | 16 unsigned char *to, RSA *rsa, int padding);
19 unsigned char *to, RSA *rsa, int padding);
32 B<padding> denotes one of the following modes:
38 PKCS #1 v1.5 padding. This currently is the most widely used mode.
50 cryptographically sound padding modes in the application code.
58 When a padding mode other than RSA_NO_PADDING is in use, then
73 RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 based padding modes and
75 B<padding> is the padding mode that was used to encrypt the data.
91 which can potentially be used to mount a Bleichenbacher padding oracle
92 attack. This is an inherent weakness in the PKCS #1 v1.5 padding
[all …]
|
| H A D | RSA_private_encrypt.pod | 16 unsigned char *to, RSA *rsa, int padding);
19 unsigned char *to, RSA *rsa, int padding);
35 B<padding> denotes one of the following modes:
41 PKCS #1 v1.5 padding. This function does not handle the
49 cryptographically sound padding modes in the application code.
58 11>). B<padding> is the padding mode that was used to sign the data.
|
| H A D | RSA_padding_add_PKCS1_type_1.pod | 10 padding
65 However, they can also be called directly to implement padding for other
126 padding oracle attack. This is an inherent weakness in the PKCS #1
127 v1.5 padding design. Prefer PKCS1_OAEP padding. If that is not
134 Do not remove the zero-padding from the decrypted raw RSA data
137 used to mount a Bleichenbacher attack against any padding mode
|
| H A D | EVP_PKEY_CTX_ctrl.pod | 250 EVP_PKEY_CTX_set_rsa_padding() sets the RSA padding mode for I<ctx>.
252 padding, B<RSA_NO_PADDING> for
253 no padding, B<RSA_PKCS1_OAEP_PADDING> for OAEP padding (encrypt and
321 padding schemes to the digest named I<mdname>. If the RSA algorithm
334 The padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING> or
356 size I<namelen>. The padding mode must have been set to
370 The padding mode must have been set to B<RSA_PKCS1_OAEP_PADDING>.
373 I<label>. The return value is the label length. The padding mode
398 instead of padding errors in case padding checks fail. Applications that
497 EVP_PKEY_CTX_set_dh_pad() sets the DH padding mode.
[all …]
|
| H A D | RSA_meth_new.pod | 42 unsigned char *to, RSA *rsa, int padding);
46 int padding));
50 unsigned char *to, RSA *rsa, int padding);
54 int padding));
58 int padding);
61 unsigned char *to, RSA *rsa, int padding));
65 int padding);
68 unsigned char *to, RSA *rsa, int padding));
|
| H A D | EVP_EncodeInit.pod | 107 if its length is not a multiple of 4 (including any padding), to be processed
122 If any invalid base64 characters are encountered or if the base64 padding
127 ended with base64 padding (B<=>), or that the next 4 byte group starts with the
133 end of data terminated with one or two padding characters).
147 characters or padding (only at the tail of the input) and its length MUST be
151 is responsible for taking trailing padding into account, by ignoring as many
169 then no more non-padding base64 characters are expected.
|
| H A D | EVP_PKEY_sign.pod | 47 implementation or padding is not normally supported.
74 signed after appropriate padding.
77 algorithm, and the result is signed after appropriate padding.
111 with, as well as the padding mode (see L<EVP_PKEY_CTX_set_signature_md(3)> and
149 =head2 RSA with PKCS#1 padding for SHA256
151 Sign data using RSA with PKCS#1 padding and a SHA256 digest as input:
195 for which the padding is pre-determined to be B<RSA_PKCS1_PADDING>, and the
239 C<sha256WithRSAEncryption>, for which the padding is pre-determined to be
|
| H A D | EVP_PKEY_decrypt.pod | 56 In OpenSSL versions before 3.2.0, when used in PKCS#1 v1.5 padding,
62 v1.5 padding as implemented in the B<default> provider implements
65 That means it doesn't return an error when it detects an error in padding,
|
| H A D | RSA_set_method.pod | 95 unsigned char *to, RSA *rsa, int padding);
99 unsigned char *to, RSA *rsa, int padding);
103 unsigned char *to, RSA *rsa, int padding);
107 unsigned char *to, RSA *rsa, int padding);
|
| /openssl/providers/implementations/ciphers/ |
| H A D | cipher_aes_gcm_siv_hw.c | 154 uint8_t padding[BLOCK_SIZE]; in aes_gcm_siv_encrypt() local
186 memset(padding, 0, sizeof(padding)); in aes_gcm_siv_encrypt()
187 memcpy(padding, &in[DOWN16(len)], REMAINDER16(len)); in aes_gcm_siv_encrypt()
188 ossl_polyval_ghash_hash(ctx->Htable, S_s, padding, sizeof(padding)); in aes_gcm_siv_encrypt()
216 uint64_t padding[2]; in aes_gcm_siv_decrypt() local
251 padding[0] = padding[1] = 0; in aes_gcm_siv_decrypt()
252 memcpy(padding, &out[DOWN16(len)], REMAINDER16(len)); in aes_gcm_siv_decrypt()
253 ossl_polyval_ghash_hash(ctx->Htable, S_s, (uint8_t *)padding, sizeof(padding)); in aes_gcm_siv_decrypt()
|
| /openssl/ssl/record/methods/ |
| H A D | tls13_meth.c | 343 size_t padding = 0; in tls13_add_record_padding() local
362 if (rl->padding != NULL) { in tls13_add_record_padding()
363 padding = rl->padding(rl->cbarg, thistempl->type, rlen); in tls13_add_record_padding()
387 padding = 0; in tls13_add_record_padding()
389 padding = bp - remainder; in tls13_add_record_padding()
392 if (padding > 0) { in tls13_add_record_padding()
394 if (padding > max_padding) in tls13_add_record_padding()
395 padding = max_padding; in tls13_add_record_padding()
396 if (!WPACKET_memset(thispkt, 0, padding)) { in tls13_add_record_padding()
401 TLS_RL_RECORD_add_length(thiswr, padding); in tls13_add_record_padding()
|
| /openssl/doc/man7/ |
| H A D | EVP_KEYEXCH-DH.pod | 23 Sets the padding mode for the associated key exchange ctx.
24 Setting a value of 1 will turn padding on.
25 Setting a value of 0 will turn padding off.
26 If padding is off then the derived shared secret may be smaller than the
28 If padding is on then the derived shared secret will have its first bytes
31 The padding mode parameter is ignored (and padding implicitly enabled) when
96 /* Optionally set the padding */
|
| H A D | EVP_ASYM_CIPHER-RSA.pod | 18 The default provider understands these RSA padding modes in string form:
28 This padding mode is no longer supported by the FIPS provider for key
38 The default provider understands these RSA padding modes in integer form:
44 This padding mode is no longer supported by the FIPS provider for key
92 The default value of 1 causes an error during encryption if the RSA padding
|
| H A D | RSA-PSS.pod | 11 using PSS padding modes with optional parameter restrictions.
21 padding mode is always PSS. If the key in use has parameter restrictions then
|
| H A D | provider-asym_cipher.pod | 191 The type of padding to be used. The interpretation of this value will depend
196 Gets or sets the name of the OAEP digest algorithm used when OAEP padding is in
214 Gets or sets the name of the MGF1 digest algorithm used when OAEP or PSS padding
223 Gets the OAEP label used when OAEP padding is in use.
227 Sets the OAEP label used when OAEP padding is in use.
241 a deterministically random value if the PKCS#1 v1.5 padding check fails.
|
| /openssl/include/openssl/ |
| H A D | rsa.h | 294 RSA *rsa, int padding);
297 RSA *rsa, int padding);
300 RSA *rsa, int padding);
303 RSA *rsa, int padding);
499 RSA *rsa, int padding);
504 int padding));
509 RSA *rsa, int padding);
514 int padding));
519 RSA *rsa, int padding);
524 int padding));
[all …]
|
| H A D | core_names.h.in | 83 /* RSA padding modes */
90 /* RSA pss padding salt length */
|
| /openssl/doc/man1/ |
| H A D | openssl-pkeyutl.pod.in | 248 Depending on the key type, signature type, and mode of padding, the maximum
261 verify and verifyrecover operations. However, some padding modes
269 This sets the RSA padding mode. Acceptable values for I<mode> are B<pkcs1> for
270 PKCS#1 padding, B<none> for no padding, B<oaep>
279 the decryption will not fail in case of padding check failures. Use B<none>
281 value has correct PKCS#1 v1.5 padding.
302 For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
316 of padding check failure.
325 supports the sign and verify operations with PSS padding. The following
334 restrictions. The padding mode can only be set to B<pss> which is the
[all …]
|
| H A D | openssl-rsautl.pod.in | 106 The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
107 ANSI X9.31, or no padding, respectively.
111 using PKCS#1 v1.5 mode will not return errors in case padding check failed.
113 padding is correct.
165 and random padding data visible instead of the 0xff bytes.
|
| /openssl/test/recipes/30-test_evp_data/ |
| H A D | evpencod.txt | 36 # Missing padding
157 # Multiline output without padding
162 # Multiline output with padding
|
