xref: /freebsd/crypto/openssl/doc/man7/EVP_ASYM_CIPHER-RSA.pod (revision 88b8b7f0c4e9948667a2279e78e975a784049cba)
1=pod
2
3=head1 NAME
4
5EVP_ASYM_CIPHER-RSA
6- RSA Asymmetric Cipher algorithm support
7
8=head1 DESCRIPTION
9
10Asymmetric Cipher support for the B<RSA> key type.
11
12=head2 RSA Asymmetric Cipher parameters
13
14=over 4
15
16=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <UTF8 string>
17
18The default provider understands these RSA padding modes in string form:
19
20=over 4
21
22=item "none" (B<OSSL_PKEY_RSA_PAD_MODE_NONE>)
23
24=item "oaep" (B<OSSL_PKEY_RSA_PAD_MODE_OAEP>)
25
26=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>)
27
28This padding mode is no longer supported by the FIPS provider for key
29agreement and key transport.
30(This is a FIPS 140-3 requirement).
31See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pkcs15_pad_disabled>.
32
33=item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>)
34
35=back
36
37=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <integer>
38
39The default provider understands these RSA padding modes in integer form:
40
41=over 4
42
43=item 1 (B<RSA_PKCS1_PADDING>)
44
45This padding mode is no longer supported by the FIPS provider for key
46agreement and key transport.
47(This is a FIPS 140-3 requirement)
48
49=item 3 (B<RSA_NO_PADDING>)
50
51=item 4 (B<RSA_PKCS1_OAEP_PADDING>)
52
53=item 5 (B<RSA_X931_PADDING>)
54
55=back
56
57See L<EVP_PKEY_CTX_set_rsa_padding(3)> for further details.
58
59=item "digest" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST>) <UTF8 string>
60
61=item "digest-props" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS>) <UTF8 string>
62
63=item "mgf1-digest" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST>) <UTF8 string>
64
65=item "mgf1-digest-props" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS>) <UTF8 string>
66
67=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
68
69=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
70
71See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
72
73=item "tls-negotiated-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
74
75See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>.
76
77See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
78
79=back
80
81The OpenSSL FIPS provider also supports the following parameters:
82
83=over 4
84
85=item "fips-indicator" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
86
87=item "key-check" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK>) <integer>
88
89See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.
90
91=item "pkcs15-pad-disabled" (B<OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED>) <integer>
92
93The default value of 1 causes an error during encryption if the RSA padding
94mode is set to "pkcs1".
95Setting this to zero will ignore the error and set the approved
96"fips-indicator" to 0.
97This option breaks FIPS compliance if it causes the approved "fips-indicator"
98to return 0.
99
100=back
101
102=head1 SEE ALSO
103
104L<EVP_PKEY-RSA(7)>,
105L<EVP_PKEY(3)>,
106L<provider-asym_cipher(7)>,
107L<provider-keymgmt(7)>,
108L<OSSL_PROVIDER-default(7)>
109L<OSSL_PROVIDER-FIPS(7)>
110
111=head1 COPYRIGHT
112
113Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
114
115Licensed under the Apache License 2.0 (the "License").  You may not use
116this file except in compliance with the License.  You can obtain a copy
117in the file LICENSE in the source distribution or at
118L<https://www.openssl.org/source/license.html>.
119
120=cut
121