1=pod 2 3=head1 NAME 4 5EVP_ASYM_CIPHER-RSA 6- RSA Asymmetric Cipher algorithm support 7 8=head1 DESCRIPTION 9 10Asymmetric Cipher support for the B<RSA> key type. 11 12=head2 RSA Asymmetric Cipher parameters 13 14=over 4 15 16=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <UTF8 string> 17 18The default provider understands these RSA padding modes in string form: 19 20=over 4 21 22=item "none" (B<OSSL_PKEY_RSA_PAD_MODE_NONE>) 23 24=item "oaep" (B<OSSL_PKEY_RSA_PAD_MODE_OAEP>) 25 26=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>) 27 28This padding mode is no longer supported by the FIPS provider for key 29agreement and key transport. 30(This is a FIPS 140-3 requirement). 31See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pkcs15_pad_disabled>. 32 33=item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>) 34 35=back 36 37=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <integer> 38 39The default provider understands these RSA padding modes in integer form: 40 41=over 4 42 43=item 1 (B<RSA_PKCS1_PADDING>) 44 45This padding mode is no longer supported by the FIPS provider for key 46agreement and key transport. 47(This is a FIPS 140-3 requirement) 48 49=item 3 (B<RSA_NO_PADDING>) 50 51=item 4 (B<RSA_PKCS1_OAEP_PADDING>) 52 53=item 5 (B<RSA_X931_PADDING>) 54 55=back 56 57See L<EVP_PKEY_CTX_set_rsa_padding(3)> for further details. 58 59=item "digest" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST>) <UTF8 string> 60 61=item "digest-props" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS>) <UTF8 string> 62 63=item "mgf1-digest" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST>) <UTF8 string> 64 65=item "mgf1-digest-props" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS>) <UTF8 string> 66 67=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string> 68 69=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer> 70 71See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>. 72 73=item "tls-negotiated-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer> 74 75See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>. 76 77See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information. 78 79=back 80 81The OpenSSL FIPS provider also supports the following parameters: 82 83=over 4 84 85=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 86 87=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer> 88 89See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information. 90 91=item "pkcs15-pad-disabled" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED>) <integer> 92 93The default value of 1 causes an error during encryption if the RSA padding 94mode is set to "pkcs1". 95Setting this to zero will ignore the error and set the approved 96"fips-indicator" to 0. 97This option breaks FIPS compliance if it causes the approved "fips-indicator" 98to return 0. 99 100=back 101 102=head1 SEE ALSO 103 104L<EVP_PKEY-RSA(7)>, 105L<EVP_PKEY(3)>, 106L<provider-asym_cipher(7)>, 107L<provider-keymgmt(7)>, 108L<OSSL_PROVIDER-default(7)> 109L<OSSL_PROVIDER-FIPS(7)> 110 111=head1 COPYRIGHT 112 113Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. 114 115Licensed under the Apache License 2.0 (the "License"). You may not use 116this file except in compliance with the License. You can obtain a copy 117in the file LICENSE in the source distribution or at 118L<https://www.openssl.org/source/license.html>. 119 120=cut 121