The EVP_PKEY_CTX_ctrl(3) manual page requires additions for RSA-PSS

but it is growing to excessive size, so split out RSA_pkey_ctx_ctrl(3).
author: schwarze <> 2019-11-01 12:02:58 +0000
committer: schwarze <> 2019-11-01 12:02:58 +0000
commit: c486619b21445153ea79c808f81279ffd3efde9c (patch)
tree: 1f232c188891f67b6d0a83b05dded6fdc2d84581 /src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
parent: 06b54e9217af744c680ff812191733948cfafa40 (diff)
download: openbsd-c486619b21445153ea79c808f81279ffd3efde9c.tar.gz
openbsd-c486619b21445153ea79c808f81279ffd3efde9c.tar.bz2
openbsd-c486619b21445153ea79c808f81279ffd3efde9c.zip
1 files changed, 346 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 b/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
new file mode 100644
index 0000000000..866c63ad81
--- /dev/null
+++ b/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
@@ -0,0 +1,346 @@
+.\" $OpenBSD: RSA_pkey_ctx_ctrl.3,v 1.1 2019/11/01 12:02:58 schwarze Exp $
+.\" full merge up to:
+.\" OpenSSL man3/EVP_PKEY_CTX_ctrl 99d63d46 Oct 26 13:56:48 2016 -0400
+.\" selective merge up to:
+.\" OpenSSL man3/EVP_PKEY_CTX_ctrl df75c2b f Dec 9 01:02:36 2018 +0100
+.\"
+.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
+.\" and Antoine Salon <asalon@vmware.com>.
+.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project.
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate: November 1 2019 $
+.Dt RSA_PKEY_CTX_CTRL 3
+.Os
+.Sh NAME
+.Nm RSA_pkey_ctx_ctrl ,
+.Nm EVP_PKEY_CTX_set_rsa_padding ,
+.Nm EVP_PKEY_CTX_get_rsa_padding ,
+.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen ,
+.Nm EVP_PKEY_CTX_get_rsa_pss_saltlen ,
+.Nm EVP_PKEY_CTX_set_rsa_keygen_bits ,
+.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
+.Nm EVP_PKEY_CTX_set_rsa_mgf1_md ,
+.Nm EVP_PKEY_CTX_get_rsa_mgf1_md ,
+.Nm EVP_PKEY_CTX_set_rsa_oaep_md ,
+.Nm EVP_PKEY_CTX_get_rsa_oaep_md ,
+.Nm EVP_PKEY_CTX_set0_rsa_oaep_label ,
+.Nm EVP_PKEY_CTX_get0_rsa_oaep_label
+.Nd RSA private key control operations
+.Sh SYNOPSIS
+.In openssl/rsa.h
+.Ft int
+.Fo RSA_pkey_ctx_ctrl
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int optype"
+.Fa "int cmd"
+.Fa "int p1"
+.Fa "void *p2"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_padding
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int pad"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_rsa_padding
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int *ppad"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int len"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_rsa_pss_saltlen
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int *plen"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_keygen_bits
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "int mbits"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "BIGNUM *pubexp"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_mgf1_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD *md"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_rsa_mgf1_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD **pmd"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set_rsa_oaep_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD *md"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get_rsa_oaep_md
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "const EVP_MD **pmd"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_set0_rsa_oaep_label
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char *label"
+.Fa "int len"
+.Fc
+.Ft int
+.Fo EVP_PKEY_CTX_get0_rsa_oaep_label
+.Fa "EVP_PKEY_CTX *ctx"
+.Fa "unsigned char **plabel"
+.Fc
+.Sh DESCRIPTION
+The function
+.Fn RSA_pkey_ctx_ctrl
+is a shallow wrapper around
+.Xr EVP_PKEY_CTX_ctrl 3
+which only succeeds if
+.Fa ctx
+matches either
+.Dv EVP_PKEY_RSA
+or
+.Dv EVP_PKEY_RSA_PSS .
+.Pp
+All the remaining "functions" are implemented as macros.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_padding
+macro sets the RSA padding mode for
+.Fa ctx .
+The
+.Fa pad
+parameter can take the value
+.Dv RSA_PKCS1_PADDING
+for PKCS#1 padding,
+.Dv RSA_NO_PADDING
+for no padding,
+.Dv RSA_PKCS1_OAEP_PADDING
+for OAEP padding (encrypt and decrypt only),
+.Dv RSA_X931_PADDING
+for X9.31 padding (signature operations only) and
+.Dv RSA_PKCS1_PSS_PADDING
+(sign and verify only).
+.Pp
+Two RSA padding modes behave differently if
+.Fn EVP_PKEY_CTX_set_signature_md
+is used.
+If this macro is called for PKCS#1 padding, the plaintext buffer is an
+actual digest value and is encapsulated in a
+.Vt DigestInfo
+structure according to PKCS#1 when signing and this structure is
+expected (and stripped off) when verifying.
+If this control is not used with RSA and PKCS#1 padding then the
+supplied data is used directly and not encapsulated.
+In the case of X9.31 padding for RSA the algorithm identifier byte is
+added or checked and removed if this control is called.
+If it is not called then the first byte of the plaintext buffer is
+expected to be the algorithm identifier byte.
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_rsa_padding
+macro retrieves the RSA padding mode for
+.Fa ctx .
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
+macro sets the RSA PSS salt length to
+.Fa len .
+As its name implies, it is only supported for PSS padding.
+Two special values are supported: -1 sets the salt length to the digest
+length.
+When signing -2 sets the salt length to the maximum permissible value.
+When verifying -2 causes the salt length to be automatically determined
+based on the PSS block structure.
+If this macro is not called a salt length value of -2 is used by
+default.
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen
+macro retrieves the RSA PSS salt length for
+.Fa ctx .
+The padding mode must have been set to
+.Dv RSA_PKCS1_PSS_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_keygen_bits
+macro sets the RSA key length for RSA key generation to
+.Fa mbits .
+The smallest supported value is 512 bits.
+If not specified, 1024 bits is used.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
+macro sets the public exponent value for RSA key generation to
+.Fa pubexp .
+Currently, it should be an odd integer.
+The
+.Fa pubexp
+pointer is used internally by this function, so it should not be modified
+or freed after the call.
+If this macro is not called, then 65537 is used.
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_mgf1_md
+macro sets the MGF1 digest for RSA padding schemes to
+.Fa md .
+Unless explicitly specified, the signing digest is used.
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING
+or
+.Dv RSA_PKCS1_PSS_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_rsa_mgf1_md
+macro retrieves the MGF1 digest for
+.Fa ctx .
+Unless explicitly specified, the signing digest is used.
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING
+or
+.Dv RSA_PKCS1_PSS_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_set_rsa_oaep_md
+macro sets the message digest type used in RSA OAEP to
+.Fa md .
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_get_rsa_oaep_md
+macro gets the message digest type used in RSA OAEP to
+.Pf * Fa md .
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_set0_rsa_oaep_label
+macro sets the RSA OAEP label to
+.Fa label
+and its length to
+.Fa len .
+If
+.Fa label
+is
+.Dv NULL
+or
+.Fa len
+is 0, the label is cleared.
+The library takes ownership of the label so the caller should not
+free the original memory pointed to by
+.Fa label .
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+.Pp
+The
+.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
+macro gets the RSA OAEP label to
+.Pf * Fa plabel .
+The return value is the label length.
+The padding mode must have been set to
+.Dv RSA_PKCS1_OAEP_PADDING .
+The resulting pointer is owned by the library and should not be
+freed by the caller.
+.Sh RETURN VALUES
+These functions return a positive value for success or 0 or a negative
+value for failure.
+In particular, a return value of -2 indicates the operation is not
+supported by the public key algorithm.
+.Sh SEE ALSO
+.Xr EVP_DigestInit 3 ,
+.Xr EVP_PKEY_CTX_ctrl 3 ,
+.Xr EVP_PKEY_CTX_new 3 ,
+.Xr EVP_PKEY_decrypt 3 ,
+.Xr EVP_PKEY_derive 3 ,
+.Xr EVP_PKEY_encrypt 3 ,
+.Xr EVP_PKEY_get_default_digest_nid 3 ,
+.Xr EVP_PKEY_keygen 3 ,
+.Xr EVP_PKEY_meth_set_ctrl 3 ,
+.Xr EVP_PKEY_sign 3 ,
+.Xr EVP_PKEY_verify 3 ,
+.Xr EVP_PKEY_verify_recover 3
+.Sh HISTORY
+The functions
+.Fn EVP_PKEY_CTX_set_rsa_padding ,
+.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen ,
+.Fn EVP_PKEY_CTX_set_rsa_keygen_bits ,
+and
+.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
+first appeared in OpenSSL 1.0.0 and have been available since
+.Ox 4.9 .
+.Pp
+The functions
+.Fn EVP_PKEY_CTX_get_rsa_padding ,
+.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen ,
+.Fn EVP_PKEY_CTX_set_rsa_mgf1_md ,
+and
+.Fn EVP_PKEY_CTX_get_rsa_mgf1_md
+first appeared in OpenSSL 1.0.1 and have been available since
+.Ox 5.3 .
+.Pp
+The functions
+.Fn EVP_PKEY_CTX_set_rsa_oaep_md ,
+.Fn EVP_PKEY_CTX_get_rsa_oaep_md ,
+.Fn EVP_PKEY_CTX_set0_rsa_oaep_label ,
+and
+.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
+first appeared in OpenSSL 1.0.2 and have been available since
+.Ox 6.7 .
+.Pp
+The function
+.Fn RSA_pkey_ctx_ctrl
+first appeared in OpenSSL 1.1.1 and has been available since
+.Ox 6.7 .
author	schwarze <>	2019-11-01 12:02:58 +0000
committer	schwarze <>	2019-11-01 12:02:58 +0000
commit	c486619b21445153ea79c808f81279ffd3efde9c (patch)
tree	1f232c188891f67b6d0a83b05dded6fdc2d84581 /src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
parent	06b54e9217af744c680ff812191733948cfafa40 (diff)
download	openbsd-c486619b21445153ea79c808f81279ffd3efde9c.tar.gz openbsd-c486619b21445153ea79c808f81279ffd3efde9c.tar.bz2 openbsd-c486619b21445153ea79c808f81279ffd3efde9c.zip

diff --git a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 b/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 new file mode 100644 index 0000000000..866c63ad81 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
@@ -0,0 +1,346 @@
	1	.\" $OpenBSD: RSA_pkey_ctx_ctrl.3,v 1.1 2019/11/01 12:02:58 schwarze Exp $
	2	.\" full merge up to:
	3	.\" OpenSSL man3/EVP_PKEY_CTX_ctrl 99d63d46 Oct 26 13:56:48 2016 -0400
	4	.\" selective merge up to:
	5	.\" OpenSSL man3/EVP_PKEY_CTX_ctrl df75c2b f Dec 9 01:02:36 2018 +0100
	6	.\"
	7	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
	8	.\" and Antoine Salon <asalon@vmware.com>.
	9	.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project.
	10	.\" All rights reserved.
	11	.\"
	12	.\" Redistribution and use in source and binary forms, with or without
	13	.\" modification, are permitted provided that the following conditions
	14	.\" are met:
	15	.\"
	16	.\" 1. Redistributions of source code must retain the above copyright
	17	.\" notice, this list of conditions and the following disclaimer.
	18	.\"
	19	.\" 2. Redistributions in binary form must reproduce the above copyright
	20	.\" notice, this list of conditions and the following disclaimer in
	21	.\" the documentation and/or other materials provided with the
	22	.\" distribution.
	23	.\"
	24	.\" 3. All advertising materials mentioning features or use of this
	25	.\" software must display the following acknowledgment:
	26	.\" "This product includes software developed by the OpenSSL Project
	27	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	28	.\"
	29	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	30	.\" endorse or promote products derived from this software without
	31	.\" prior written permission. For written permission, please contact
	32	.\" openssl-core@openssl.org.
	33	.\"
	34	.\" 5. Products derived from this software may not be called "OpenSSL"
	35	.\" nor may "OpenSSL" appear in their names without prior written
	36	.\" permission of the OpenSSL Project.
	37	.\"
	38	.\" 6. Redistributions of any form whatsoever must retain the following
	39	.\" acknowledgment:
	40	.\" "This product includes software developed by the OpenSSL Project
	41	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	42	.\"
	43	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	44	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	45	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	46	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	47	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	48	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	49	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	50	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	51	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	52	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	53	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	54	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
	55	.\"
	56	.Dd $Mdocdate: November 1 2019 $
	57	.Dt RSA_PKEY_CTX_CTRL 3
	58	.Os
	59	.Sh NAME
	60	.Nm RSA_pkey_ctx_ctrl ,
	61	.Nm EVP_PKEY_CTX_set_rsa_padding ,
	62	.Nm EVP_PKEY_CTX_get_rsa_padding ,
	63	.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen ,
	64	.Nm EVP_PKEY_CTX_get_rsa_pss_saltlen ,
	65	.Nm EVP_PKEY_CTX_set_rsa_keygen_bits ,
	66	.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
	67	.Nm EVP_PKEY_CTX_set_rsa_mgf1_md ,
	68	.Nm EVP_PKEY_CTX_get_rsa_mgf1_md ,
	69	.Nm EVP_PKEY_CTX_set_rsa_oaep_md ,
	70	.Nm EVP_PKEY_CTX_get_rsa_oaep_md ,
	71	.Nm EVP_PKEY_CTX_set0_rsa_oaep_label ,
	72	.Nm EVP_PKEY_CTX_get0_rsa_oaep_label
	73	.Nd RSA private key control operations
	74	.Sh SYNOPSIS
	75	.In openssl/rsa.h
	76	.Ft int
	77	.Fo RSA_pkey_ctx_ctrl
	78	.Fa "EVP_PKEY_CTX *ctx"
	79	.Fa "int optype"
	80	.Fa "int cmd"
	81	.Fa "int p1"
	82	.Fa "void *p2"
	83	.Fc
	84	.Ft int
	85	.Fo EVP_PKEY_CTX_set_rsa_padding
	86	.Fa "EVP_PKEY_CTX *ctx"
	87	.Fa "int pad"
	88	.Fc
	89	.Ft int
	90	.Fo EVP_PKEY_CTX_get_rsa_padding
	91	.Fa "EVP_PKEY_CTX *ctx"
	92	.Fa "int *ppad"
	93	.Fc
	94	.Ft int
	95	.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen
	96	.Fa "EVP_PKEY_CTX *ctx"
	97	.Fa "int len"
	98	.Fc
	99	.Ft int
	100	.Fo EVP_PKEY_CTX_get_rsa_pss_saltlen
	101	.Fa "EVP_PKEY_CTX *ctx"
	102	.Fa "int *plen"
	103	.Fc
	104	.Ft int
	105	.Fo EVP_PKEY_CTX_set_rsa_keygen_bits
	106	.Fa "EVP_PKEY_CTX *ctx"
	107	.Fa "int mbits"
	108	.Fc
	109	.Ft int
	110	.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp
	111	.Fa "EVP_PKEY_CTX *ctx"
	112	.Fa "BIGNUM *pubexp"
	113	.Fc
	114	.Ft int
	115	.Fo EVP_PKEY_CTX_set_rsa_mgf1_md
	116	.Fa "EVP_PKEY_CTX *ctx"
	117	.Fa "const EVP_MD *md"
	118	.Fc
	119	.Ft int
	120	.Fo EVP_PKEY_CTX_get_rsa_mgf1_md
	121	.Fa "EVP_PKEY_CTX *ctx"
	122	.Fa "const EVP_MD **pmd"
	123	.Fc
	124	.Ft int
	125	.Fo EVP_PKEY_CTX_set_rsa_oaep_md
	126	.Fa "EVP_PKEY_CTX *ctx"
	127	.Fa "const EVP_MD *md"
	128	.Fc
	129	.Ft int
	130	.Fo EVP_PKEY_CTX_get_rsa_oaep_md
	131	.Fa "EVP_PKEY_CTX *ctx"
	132	.Fa "const EVP_MD **pmd"
	133	.Fc
	134	.Ft int
	135	.Fo EVP_PKEY_CTX_set0_rsa_oaep_label
	136	.Fa "EVP_PKEY_CTX *ctx"
	137	.Fa "unsigned char *label"
	138	.Fa "int len"
	139	.Fc
	140	.Ft int
	141	.Fo EVP_PKEY_CTX_get0_rsa_oaep_label
	142	.Fa "EVP_PKEY_CTX *ctx"
	143	.Fa "unsigned char **plabel"
	144	.Fc
	145	.Sh DESCRIPTION
	146	The function
	147	.Fn RSA_pkey_ctx_ctrl
	148	is a shallow wrapper around
	149	.Xr EVP_PKEY_CTX_ctrl 3
	150	which only succeeds if
	151	.Fa ctx
	152	matches either
	153	.Dv EVP_PKEY_RSA
	154	or
	155	.Dv EVP_PKEY_RSA_PSS .
	156	.Pp
	157	All the remaining "functions" are implemented as macros.
	158	.Pp
	159	The
	160	.Fn EVP_PKEY_CTX_set_rsa_padding
	161	macro sets the RSA padding mode for
	162	.Fa ctx .
	163	The
	164	.Fa pad
	165	parameter can take the value
	166	.Dv RSA_PKCS1_PADDING
	167	for PKCS#1 padding,
	168	.Dv RSA_NO_PADDING
	169	for no padding,
	170	.Dv RSA_PKCS1_OAEP_PADDING
	171	for OAEP padding (encrypt and decrypt only),
	172	.Dv RSA_X931_PADDING
	173	for X9.31 padding (signature operations only) and
	174	.Dv RSA_PKCS1_PSS_PADDING
	175	(sign and verify only).
	176	.Pp
	177	Two RSA padding modes behave differently if
	178	.Fn EVP_PKEY_CTX_set_signature_md
	179	is used.
	180	If this macro is called for PKCS#1 padding, the plaintext buffer is an
	181	actual digest value and is encapsulated in a
	182	.Vt DigestInfo
	183	structure according to PKCS#1 when signing and this structure is
	184	expected (and stripped off) when verifying.
	185	If this control is not used with RSA and PKCS#1 padding then the
	186	supplied data is used directly and not encapsulated.
	187	In the case of X9.31 padding for RSA the algorithm identifier byte is
	188	added or checked and removed if this control is called.
	189	If it is not called then the first byte of the plaintext buffer is
	190	expected to be the algorithm identifier byte.
	191	.Pp
	192	The
	193	.Fn EVP_PKEY_CTX_get_rsa_padding
	194	macro retrieves the RSA padding mode for
	195	.Fa ctx .
	196	.Pp
	197	The
	198	.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
	199	macro sets the RSA PSS salt length to
	200	.Fa len .
	201	As its name implies, it is only supported for PSS padding.
	202	Two special values are supported: -1 sets the salt length to the digest
	203	length.
	204	When signing -2 sets the salt length to the maximum permissible value.
	205	When verifying -2 causes the salt length to be automatically determined
	206	based on the PSS block structure.
	207	If this macro is not called a salt length value of -2 is used by
	208	default.
	209	.Pp
	210	The
	211	.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen
	212	macro retrieves the RSA PSS salt length for
	213	.Fa ctx .
	214	The padding mode must have been set to
	215	.Dv RSA_PKCS1_PSS_PADDING .
	216	.Pp
	217	The
	218	.Fn EVP_PKEY_CTX_set_rsa_keygen_bits
	219	macro sets the RSA key length for RSA key generation to
	220	.Fa mbits .
	221	The smallest supported value is 512 bits.
	222	If not specified, 1024 bits is used.
	223	.Pp
	224	The
	225	.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
	226	macro sets the public exponent value for RSA key generation to
	227	.Fa pubexp .
	228	Currently, it should be an odd integer.
	229	The
	230	.Fa pubexp
	231	pointer is used internally by this function, so it should not be modified
	232	or freed after the call.
	233	If this macro is not called, then 65537 is used.
	234	.Pp
	235	The
	236	.Fn EVP_PKEY_CTX_set_rsa_mgf1_md
	237	macro sets the MGF1 digest for RSA padding schemes to
	238	.Fa md .
	239	Unless explicitly specified, the signing digest is used.
	240	The padding mode must have been set to
	241	.Dv RSA_PKCS1_OAEP_PADDING
	242	or
	243	.Dv RSA_PKCS1_PSS_PADDING .
	244	.Pp
	245	The
	246	.Fn EVP_PKEY_CTX_get_rsa_mgf1_md
	247	macro retrieves the MGF1 digest for
	248	.Fa ctx .
	249	Unless explicitly specified, the signing digest is used.
	250	The padding mode must have been set to
	251	.Dv RSA_PKCS1_OAEP_PADDING
	252	or
	253	.Dv RSA_PKCS1_PSS_PADDING .
	254	.Pp
	255	The
	256	.Fn EVP_PKEY_CTX_set_rsa_oaep_md
	257	macro sets the message digest type used in RSA OAEP to
	258	.Fa md .
	259	The padding mode must have been set to
	260	.Dv RSA_PKCS1_OAEP_PADDING .
	261	.Pp
	262	The
	263	.Fn EVP_PKEY_CTX_get_rsa_oaep_md
	264	macro gets the message digest type used in RSA OAEP to
	265	.Pf * Fa md .
	266	The padding mode must have been set to
	267	.Dv RSA_PKCS1_OAEP_PADDING .
	268	.Pp
	269	The
	270	.Fn EVP_PKEY_CTX_set0_rsa_oaep_label
	271	macro sets the RSA OAEP label to
	272	.Fa label
	273	and its length to
	274	.Fa len .
	275	If
	276	.Fa label
	277	is
	278	.Dv NULL
	279	or
	280	.Fa len
	281	is 0, the label is cleared.
	282	The library takes ownership of the label so the caller should not
	283	free the original memory pointed to by
	284	.Fa label .
	285	The padding mode must have been set to
	286	.Dv RSA_PKCS1_OAEP_PADDING .
	287	.Pp
	288	The
	289	.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
	290	macro gets the RSA OAEP label to
	291	.Pf * Fa plabel .
	292	The return value is the label length.
	293	The padding mode must have been set to
	294	.Dv RSA_PKCS1_OAEP_PADDING .
	295	The resulting pointer is owned by the library and should not be
	296	freed by the caller.
	297	.Sh RETURN VALUES
	298	These functions return a positive value for success or 0 or a negative
	299	value for failure.
	300	In particular, a return value of -2 indicates the operation is not
	301	supported by the public key algorithm.
	302	.Sh SEE ALSO
	303	.Xr EVP_DigestInit 3 ,
	304	.Xr EVP_PKEY_CTX_ctrl 3 ,
	305	.Xr EVP_PKEY_CTX_new 3 ,
	306	.Xr EVP_PKEY_decrypt 3 ,
	307	.Xr EVP_PKEY_derive 3 ,
	308	.Xr EVP_PKEY_encrypt 3 ,
	309	.Xr EVP_PKEY_get_default_digest_nid 3 ,
	310	.Xr EVP_PKEY_keygen 3 ,
	311	.Xr EVP_PKEY_meth_set_ctrl 3 ,
	312	.Xr EVP_PKEY_sign 3 ,
	313	.Xr EVP_PKEY_verify 3 ,
	314	.Xr EVP_PKEY_verify_recover 3
	315	.Sh HISTORY
	316	The functions
	317	.Fn EVP_PKEY_CTX_set_rsa_padding ,
	318	.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen ,
	319	.Fn EVP_PKEY_CTX_set_rsa_keygen_bits ,
	320	and
	321	.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
	322	first appeared in OpenSSL 1.0.0 and have been available since
	323	.Ox 4.9 .
	324	.Pp
	325	The functions
	326	.Fn EVP_PKEY_CTX_get_rsa_padding ,
	327	.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen ,
	328	.Fn EVP_PKEY_CTX_set_rsa_mgf1_md ,
	329	and
	330	.Fn EVP_PKEY_CTX_get_rsa_mgf1_md
	331	first appeared in OpenSSL 1.0.1 and have been available since
	332	.Ox 5.3 .
	333	.Pp
	334	The functions
	335	.Fn EVP_PKEY_CTX_set_rsa_oaep_md ,
	336	.Fn EVP_PKEY_CTX_get_rsa_oaep_md ,
	337	.Fn EVP_PKEY_CTX_set0_rsa_oaep_label ,
	338	and
	339	.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
	340	first appeared in OpenSSL 1.0.2 and have been available since
	341	.Ox 6.7 .
	342	.Pp
	343	The function
	344	.Fn RSA_pkey_ctx_ctrl
	345	first appeared in OpenSSL 1.1.1 and has been available since
	346	.Ox 6.7 .