1=pod 2 3=head1 NAME 4 5EVP_ASYM_CIPHER-RSA 6- RSA Asymmetric Cipher algorithm support 7 8=head1 DESCRIPTION 9 10Asymmetric Cipher support for the B<RSA> key type. 11 12=head2 RSA Asymmetric Cipher parameters 13 14=over 4 15 16=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <UTF8 string> 17 18The default provider understands these RSA padding modes in string form: 19 20=over 4 21 22=item "none" (B<OSSL_PKEY_RSA_PAD_MODE_NONE>) 23 24=item "oaep" (B<OSSL_PKEY_RSA_PAD_MODE_OAEP>) 25 26=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>) 27 28This padding mode is no longer supported by the FIPS provider for key 29agreement and key transport. 30(This is a FIPS 140-3 requirement) 31 32=item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>) 33 34=back 35 36=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <integer> 37 38The default provider understands these RSA padding modes in integer form: 39 40=over 4 41 42=item 1 (B<RSA_PKCS1_PADDING>) 43 44This padding mode is no longer supported by the FIPS provider for key 45agreement and key transport. 46(This is a FIPS 140-3 requirement) 47 48=item 3 (B<RSA_NO_PADDING>) 49 50=item 4 (B<RSA_PKCS1_OAEP_PADDING>) 51 52=item 5 (B<RSA_X931_PADDING>) 53 54=back 55 56See L<EVP_PKEY_CTX_set_rsa_padding(3)> for further details. 57 58=item "digest" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST>) <UTF8 string> 59 60=item "digest-props" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS>) <UTF8 string> 61 62=item "mgf1-digest" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST>) <UTF8 string> 63 64=item "mgf1-digest-props" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS>) <UTF8 string> 65 66=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string> 67 68=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer> 69 70See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>. 71 72=item "tls-negotiated-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer> 73 74See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>. 75 76See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information. 77 78=back 79 80The OpenSSL FIPS provider also supports the following parameters: 81 82=over 4 83 84=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 85 86=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer> 87 88See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information. 89 90=item "pkcs15-pad-disabled" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED>) <integer> 91 92The default value of 1 causes an error during encryption if the RSA padding 93mode is set to "pkcs1". 94Setting this to zero will ignore the error and set the approved 95"fips-indicator" to 0. 96This option breaks FIPS compliance if it causes the approved "fips-indicator" 97to return 0. 98 99=back 100 101=head1 SEE ALSO 102 103L<EVP_PKEY-RSA(7)>, 104L<EVP_PKEY(3)>, 105L<provider-asym_cipher(7)>, 106L<provider-keymgmt(7)>, 107L<OSSL_PROVIDER-default(7)> 108L<OSSL_PROVIDER-FIPS(7)> 109 110=head1 COPYRIGHT 111 112Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. 113 114Licensed under the Apache License 2.0 (the "License"). You may not use 115this file except in compliance with the License. You can obtain a copy 116in the file LICENSE in the source distribution or at 117L<https://www.openssl.org/source/license.html>. 118 119=cut 120