xref: /openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod (revision 7ed6de99) 
1=pod
2
3=head1 NAME
4
5EVP_ASYM_CIPHER-RSA
6- RSA Asymmetric Cipher algorithm support
7
8=head1 DESCRIPTION
9
10Asymmetric Cipher support for the B<RSA> key type.
11
12=head2 RSA Asymmetric Cipher parameters
13
14=over 4
15
16=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <UTF8 string>
17
18The default provider understands these RSA padding modes in string form:
19
20=over 4
21
22=item "none" (B<OSSL_PKEY_RSA_PAD_MODE_NONE>)
23
24=item "oaep" (B<OSSL_PKEY_RSA_PAD_MODE_OAEP>)
25
26=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>)
27
28This padding mode is no longer supported by the FIPS provider for key
29agreement and key transport.
30(This is a FIPS 140-3 requirement)
31
32=item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>)
33
34=back
35
36=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <integer>
37
38The default provider understands these RSA padding modes in integer form:
39
40=over 4
41
42=item 1 (B<RSA_PKCS1_PADDING>)
43
44This padding mode is no longer supported by the FIPS provider for key
45agreement and key transport.
46(This is a FIPS 140-3 requirement)
47
48=item 3 (B<RSA_NO_PADDING>)
49
50=item 4 (B<RSA_PKCS1_OAEP_PADDING>)
51
52=item 5 (B<RSA_X931_PADDING>)
53
54=back
55
56See L<EVP_PKEY_CTX_set_rsa_padding(3)> for further details.
57
58=item "digest" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST>) <UTF8 string>
59
60=item "digest-props" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS>) <UTF8 string>
61
62=item "mgf1-digest" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST>) <UTF8 string>
63
64=item "mgf1-digest-props" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS>) <UTF8 string>
65
66=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
67
68=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
69
70See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
71
72=item "tls-negotiated-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
73
74See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
75
76See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
77
78=back
79
80The OpenSSL FIPS provider also supports the following parameters:
81
82=over 4
83
84=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
85
86=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
87
88See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
89
90=item "pkcs15-pad-disabled" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED>) <integer>
91
92The default value of 1 causes an error during encryption if the RSA padding
93mode is set to "pkcs1".
94Setting this to zero will ignore the error and set the approved
95"fips-indicator" to 0.
96This option breaks FIPS compliance if it causes the approved "fips-indicator"
97to return 0.
98
99=back
100
101=head1 SEE ALSO
102
103L<EVP_PKEY-RSA(7)>,
104L<EVP_PKEY(3)>,
105L<provider-asym_cipher(7)>,
106L<provider-keymgmt(7)>,
107L<OSSL_PROVIDER-default(7)>
108L<OSSL_PROVIDER-FIPS(7)>
109
110=head1 COPYRIGHT
111
112Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
113
114Licensed under the Apache License 2.0 (the "License").  You may not use
115this file except in compliance with the License.  You can obtain a copy
116in the file LICENSE in the source distribution or at
117L<https://www.openssl.org/source/license.html>.
118
119=cut
120