1 files changed, 0 insertions, 402 deletions
diff --git a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 b/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
deleted file mode 100644
index 3d4e79cc47..0000000000
--- a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3
+++ /dev/null
@@ -1,402 +0,0 @@
-.\" $OpenBSD: RSA_pkey_ctx_ctrl.3,v 1.8 2024/12/06 14:27:49 schwarze Exp $
-.\" full merge up to:
-.\" OpenSSL man3/EVP_PKEY_CTX_ctrl.pod 99d63d46 Oct 26 13:56:48 2016 -0400
-.\" OpenSSL man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
-.\"   87103969 Oct 1 14:11:57 2018 -0700
-.\" selective merge up to:
-.\" OpenSSL man3/EVP_PKEY_CTX_ctrl.pod df75c2b f Dec 9 01:02:36 2018 +0100
-.\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
-.\" and Antoine Salon <asalon@vmware.com>.
-.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2017, 2018 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 6 2024 $
-.Dt RSA_PKEY_CTX_CTRL 3
-.Os
-.Sh NAME
-.Nm RSA_pkey_ctx_ctrl ,
-.Nm EVP_PKEY_CTX_set_rsa_padding ,
-.Nm EVP_PKEY_CTX_get_rsa_padding ,
-.Nm EVP_PKEY_CTX_set_rsa_keygen_bits ,
-.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
-.Nm EVP_PKEY_CTX_set_rsa_mgf1_md ,
-.Nm EVP_PKEY_CTX_get_rsa_mgf1_md ,
-.Nm EVP_PKEY_CTX_set_rsa_oaep_md ,
-.Nm EVP_PKEY_CTX_get_rsa_oaep_md ,
-.Nm EVP_PKEY_CTX_set0_rsa_oaep_label ,
-.Nm EVP_PKEY_CTX_get0_rsa_oaep_label ,
-.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen ,
-.Nm EVP_PKEY_CTX_get_rsa_pss_saltlen ,
-.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_md ,
-.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ,
-.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen
-.Nd RSA private key control operations
-.Sh SYNOPSIS
-.In openssl/rsa.h
-.Ft int
-.Fo RSA_pkey_ctx_ctrl
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "int optype"
-.Fa "int cmd"
-.Fa "int p1"
-.Fa "void *p2"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_padding
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "int pad"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_get_rsa_padding
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "int *ppad"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_keygen_bits
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "int mbits"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "BIGNUM *pubexp"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_mgf1_md
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "const EVP_MD *md"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_get_rsa_mgf1_md
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "const EVP_MD **pmd"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_oaep_md
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "const EVP_MD *md"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_get_rsa_oaep_md
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "const EVP_MD **pmd"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set0_rsa_oaep_label
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "unsigned char *label"
-.Fa "int len"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_get0_rsa_oaep_label
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "unsigned char **plabel"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "int len"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_get_rsa_pss_saltlen
-.Fa "EVP_PKEY_CTX *ctx"
-.Fa "int *plen"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_md
-.Fa "EVP_PKEY_CTX *pctx"
-.Fa "const EVP_MD *md"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md
-.Fa "EVP_PKEY_CTX *pctx"
-.Fa "const EVP_MD *md"
-.Fc
-.Ft int
-.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen
-.Fa "EVP_PKEY_CTX *pctx"
-.Fa "int saltlen"
-.Fc
-.Sh DESCRIPTION
-The function
-.Fn RSA_pkey_ctx_ctrl
-is a shallow wrapper around
-.Xr EVP_PKEY_CTX_ctrl 3
-which only succeeds if
-.Fa ctx
-matches either
-.Dv EVP_PKEY_RSA
-or
-.Dv EVP_PKEY_RSA_PSS .
-.Pp
-All the remaining "functions" are implemented as macros.
-.Pp
-The
-.Fn EVP_PKEY_CTX_set_rsa_padding
-macro sets the RSA padding mode for
-.Fa ctx .
-The
-.Fa pad
-parameter can take the value
-.Dv RSA_PKCS1_PADDING
-for PKCS#1 padding,
-.Dv RSA_NO_PADDING
-for no padding,
-.Dv RSA_PKCS1_OAEP_PADDING
-for OAEP padding (encrypt and decrypt only),
-.Dv RSA_X931_PADDING
-for X9.31 padding (signature operations only) and
-.Dv RSA_PKCS1_PSS_PADDING
-(sign and verify only).
-Only the last one can be used with keys of the type
-.Dv EVP_PKEY_RSA_PSS .
-.Pp
-Two RSA padding modes behave differently if
-.Xr EVP_PKEY_CTX_set_signature_md 3
-is used.
-If this macro is called for PKCS#1 padding, the plaintext buffer is an
-actual digest value and is encapsulated in a
-.Vt DigestInfo
-structure according to PKCS#1 when signing and this structure is
-expected (and stripped off) when verifying.
-If this control is not used with RSA and PKCS#1 padding then the
-supplied data is used directly and not encapsulated.
-In the case of X9.31 padding for RSA the algorithm identifier byte is
-added or checked and removed if this control is called.
-If it is not called then the first byte of the plaintext buffer is
-expected to be the algorithm identifier byte.
-.Pp
-The
-.Fn EVP_PKEY_CTX_get_rsa_padding
-macro retrieves the RSA padding mode for
-.Fa ctx .
-.Pp
-The
-.Fn EVP_PKEY_CTX_set_rsa_keygen_bits
-macro sets the RSA key length for RSA or RSA-PSS key generation to
-.Fa mbits .
-The smallest supported value is 512 bits.
-If not specified, 1024 bits is used.
-.Pp
-The
-.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
-macro sets the public exponent value for RSA or RSA-PSS key generation to
-.Fa pubexp .
-Currently, it should be an odd integer.
-The
-.Fa pubexp
-pointer is used internally by this function, so it should not be modified
-or freed after the call.
-If this macro is not called, then 65537 is used.
-.Pp
-The
-.Fn EVP_PKEY_CTX_set_rsa_mgf1_md
-macro sets the MGF1 digest for RSA padding schemes to
-.Fa md .
-Unless explicitly specified, the signing digest is used.
-The padding mode must have been set to
-.Dv RSA_PKCS1_OAEP_PADDING
-or
-.Dv RSA_PKCS1_PSS_PADDING .
-If the key is of the type
-.Dv EVP_PKEY_RSA_PSS
-and has usage restrictions, an error occurs if an attempt is made
-to set the digest to anything other than the restricted value.
-.Pp
-The
-.Fn EVP_PKEY_CTX_get_rsa_mgf1_md
-macro retrieves the MGF1 digest for
-.Fa ctx .
-Unless explicitly specified, the signing digest is used.
-The padding mode must have been set to
-.Dv RSA_PKCS1_OAEP_PADDING
-or
-.Dv RSA_PKCS1_PSS_PADDING .
-.Ss Optimal asymmetric encryption padding
-The following macros require that the padding mode was set to
-.Dv RSA_PKCS1_OAEP_PADDING .
-.Pp
-The
-.Fn EVP_PKEY_CTX_set_rsa_oaep_md
-macro sets the message digest type used in RSA OAEP to
-.Fa md .
-.Pp
-The
-.Fn EVP_PKEY_CTX_get_rsa_oaep_md
-macro gets the message digest type used in RSA OAEP to
-.Pf * Fa pmd .
-.Pp
-The
-.Fn EVP_PKEY_CTX_set0_rsa_oaep_label
-macro sets the RSA OAEP label to
-.Fa label
-and its length to
-.Fa len .
-If
-.Fa label
-is
-.Dv NULL
-or
-.Fa len
-is 0, the label is cleared.
-The library takes ownership of the label so the caller should not
-free the original memory pointed to by
-.Fa label .
-.Pp
-The
-.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
-macro gets the RSA OAEP label to
-.Pf * Fa plabel .
-The return value is the label length.
-The resulting pointer is owned by the library and should not be
-freed by the caller.
-.Ss Probabilistic signature scheme
-The following macros require that the padding mode was set to
-.Dv RSA_PKCS1_PSS_PADDING .
-.Pp
-The
-.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
-macro sets the RSA PSS salt length to
-.Fa len .
-Three special values are supported:
-.Dv RSA_PSS_SALTLEN_DIGEST
-sets the salt length to the digest length.
-.Dv RSA_PSS_SALTLEN_MAX
-sets the salt length to the maximum permissible value.
-When signing,
-.Dv RSA_PSS_SALTLEN_AUTO
-sets the salt length to the maximum permissible value.
-When verifying,
-.Dv RSA_PSS_SALTLEN_AUTO
-causes the salt length to be automatically determined based on the
-PSS block structure.
-If this macro is not called, a salt length value of
-.Dv RSA_PSS_SALTLEN_AUTO
-is used by default.
-.Pp
-If the key has usage restrictions and an attempt is made to set the
-salt length below the minimum value, an error occurs.
-Also, if the key has usage restrictions,
-.Dv RSA_PSS_SALTLEN_AUTO
-is not supported for verification.
-.Pp
-The
-.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen
-macro retrieves the RSA PSS salt length for
-.Fa ctx .
-.Pp
-Optional parameter restrictions can be specified when generating a PSS
-key.
-If any restrictions are set using the macros described below,
-then all parameters are restricted.
-For example, setting a minimum salt length also restricts the digest and
-MGF1 algorithms.
-If any restrictions are in place, then they are reflected in the
-corresponding parameters of the public key when (for example) a
-certificate request is signed.
-.Pp
-.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_md
-restricts the digest algorithm the generated key can use to
-.Fa md .
-.Pp
-.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md
-restricts the MGF1 algorithm the generated key can use to
-.Fa md .
-.Pp
-.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen
-restricts the minimum salt length to
-.Fa saltlen .
-.Sh RETURN VALUES
-These functions return a positive value for success or 0 or a negative
-value for failure.
-In particular, a return value of -2 indicates the operation is not
-supported by the public key algorithm.
-.Sh SEE ALSO
-.Xr EVP_DigestInit 3 ,
-.Xr EVP_PKEY_CTX_ctrl 3 ,
-.Xr EVP_PKEY_CTX_new 3 ,
-.Xr EVP_PKEY_decrypt 3 ,
-.Xr EVP_PKEY_derive 3 ,
-.Xr EVP_PKEY_encrypt 3 ,
-.Xr EVP_PKEY_get_default_digest_nid 3 ,
-.Xr EVP_PKEY_keygen 3 ,
-.Xr EVP_PKEY_sign 3 ,
-.Xr EVP_PKEY_verify 3 ,
-.Xr EVP_PKEY_verify_recover 3
-.Sh HISTORY
-The functions
-.Fn EVP_PKEY_CTX_set_rsa_padding ,
-.Fn EVP_PKEY_CTX_set_rsa_keygen_bits ,
-.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
-and
-.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .
-.Pp
-The functions
-.Fn EVP_PKEY_CTX_get_rsa_padding ,
-.Fn EVP_PKEY_CTX_set_rsa_mgf1_md ,
-.Fn EVP_PKEY_CTX_get_rsa_mgf1_md ,
-and
-.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen
-first appeared in OpenSSL 1.0.1 and have been available since
-.Ox 5.3 .
-.Pp
-The functions
-.Fn EVP_PKEY_CTX_set_rsa_oaep_md ,
-.Fn EVP_PKEY_CTX_get_rsa_oaep_md ,
-.Fn EVP_PKEY_CTX_set0_rsa_oaep_label ,
-and
-.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 6.7 .
-.Pp
-The function
-.Fn RSA_pkey_ctx_ctrl
-first appeared in OpenSSL 1.1.1 and has been available since
-.Ox 6.7 .

diff --git a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 b/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 deleted file mode 100644 index 3d4e79cc47..0000000000 --- a/src/lib/libcrypto/man/RSA_pkey_ctx_ctrl.3 +++ /dev/null
@@ -1,402 +0,0 @@
1	.\" $OpenBSD: RSA_pkey_ctx_ctrl.3,v 1.8 2024/12/06 14:27:49 schwarze Exp $
2	.\" full merge up to:
3	.\" OpenSSL man3/EVP_PKEY_CTX_ctrl.pod 99d63d46 Oct 26 13:56:48 2016 -0400
4	.\" OpenSSL man3/EVP_PKEY_CTX_set_rsa_pss_keygen_md.pod
5	.\" 87103969 Oct 1 14:11:57 2018 -0700
6	.\" selective merge up to:
7	.\" OpenSSL man3/EVP_PKEY_CTX_ctrl.pod df75c2b f Dec 9 01:02:36 2018 +0100
8	.\"
9	.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
10	.\" and Antoine Salon <asalon@vmware.com>.
11	.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2017, 2018 The OpenSSL Project.
12	.\" All rights reserved.
13	.\"
14	.\" Redistribution and use in source and binary forms, with or without
15	.\" modification, are permitted provided that the following conditions
16	.\" are met:
17	.\"
18	.\" 1. Redistributions of source code must retain the above copyright
19	.\" notice, this list of conditions and the following disclaimer.
20	.\"
21	.\" 2. Redistributions in binary form must reproduce the above copyright
22	.\" notice, this list of conditions and the following disclaimer in
23	.\" the documentation and/or other materials provided with the
24	.\" distribution.
25	.\"
26	.\" 3. All advertising materials mentioning features or use of this
27	.\" software must display the following acknowledgment:
28	.\" "This product includes software developed by the OpenSSL Project
29	.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
30	.\"
31	.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
32	.\" endorse or promote products derived from this software without
33	.\" prior written permission. For written permission, please contact
34	.\" openssl-core@openssl.org.
35	.\"
36	.\" 5. Products derived from this software may not be called "OpenSSL"
37	.\" nor may "OpenSSL" appear in their names without prior written
38	.\" permission of the OpenSSL Project.
39	.\"
40	.\" 6. Redistributions of any form whatsoever must retain the following
41	.\" acknowledgment:
42	.\" "This product includes software developed by the OpenSSL Project
43	.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
44	.\"
45	.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
46	.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
48	.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
49	.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
50	.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
51	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
52	.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
54	.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
55	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
56	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
57	.\"
58	.Dd $Mdocdate: December 6 2024 $
59	.Dt RSA_PKEY_CTX_CTRL 3
60	.Os
61	.Sh NAME
62	.Nm RSA_pkey_ctx_ctrl ,
63	.Nm EVP_PKEY_CTX_set_rsa_padding ,
64	.Nm EVP_PKEY_CTX_get_rsa_padding ,
65	.Nm EVP_PKEY_CTX_set_rsa_keygen_bits ,
66	.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
67	.Nm EVP_PKEY_CTX_set_rsa_mgf1_md ,
68	.Nm EVP_PKEY_CTX_get_rsa_mgf1_md ,
69	.Nm EVP_PKEY_CTX_set_rsa_oaep_md ,
70	.Nm EVP_PKEY_CTX_get_rsa_oaep_md ,
71	.Nm EVP_PKEY_CTX_set0_rsa_oaep_label ,
72	.Nm EVP_PKEY_CTX_get0_rsa_oaep_label ,
73	.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen ,
74	.Nm EVP_PKEY_CTX_get_rsa_pss_saltlen ,
75	.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_md ,
76	.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md ,
77	.Nm EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen
78	.Nd RSA private key control operations
79	.Sh SYNOPSIS
80	.In openssl/rsa.h
81	.Ft int
82	.Fo RSA_pkey_ctx_ctrl
83	.Fa "EVP_PKEY_CTX *ctx"
84	.Fa "int optype"
85	.Fa "int cmd"
86	.Fa "int p1"
87	.Fa "void *p2"
88	.Fc
89	.Ft int
90	.Fo EVP_PKEY_CTX_set_rsa_padding
91	.Fa "EVP_PKEY_CTX *ctx"
92	.Fa "int pad"
93	.Fc
94	.Ft int
95	.Fo EVP_PKEY_CTX_get_rsa_padding
96	.Fa "EVP_PKEY_CTX *ctx"
97	.Fa "int *ppad"
98	.Fc
99	.Ft int
100	.Fo EVP_PKEY_CTX_set_rsa_keygen_bits
101	.Fa "EVP_PKEY_CTX *ctx"
102	.Fa "int mbits"
103	.Fc
104	.Ft int
105	.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp
106	.Fa "EVP_PKEY_CTX *ctx"
107	.Fa "BIGNUM *pubexp"
108	.Fc
109	.Ft int
110	.Fo EVP_PKEY_CTX_set_rsa_mgf1_md
111	.Fa "EVP_PKEY_CTX *ctx"
112	.Fa "const EVP_MD *md"
113	.Fc
114	.Ft int
115	.Fo EVP_PKEY_CTX_get_rsa_mgf1_md
116	.Fa "EVP_PKEY_CTX *ctx"
117	.Fa "const EVP_MD **pmd"
118	.Fc
119	.Ft int
120	.Fo EVP_PKEY_CTX_set_rsa_oaep_md
121	.Fa "EVP_PKEY_CTX *ctx"
122	.Fa "const EVP_MD *md"
123	.Fc
124	.Ft int
125	.Fo EVP_PKEY_CTX_get_rsa_oaep_md
126	.Fa "EVP_PKEY_CTX *ctx"
127	.Fa "const EVP_MD **pmd"
128	.Fc
129	.Ft int
130	.Fo EVP_PKEY_CTX_set0_rsa_oaep_label
131	.Fa "EVP_PKEY_CTX *ctx"
132	.Fa "unsigned char *label"
133	.Fa "int len"
134	.Fc
135	.Ft int
136	.Fo EVP_PKEY_CTX_get0_rsa_oaep_label
137	.Fa "EVP_PKEY_CTX *ctx"
138	.Fa "unsigned char **plabel"
139	.Fc
140	.Ft int
141	.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen
142	.Fa "EVP_PKEY_CTX *ctx"
143	.Fa "int len"
144	.Fc
145	.Ft int
146	.Fo EVP_PKEY_CTX_get_rsa_pss_saltlen
147	.Fa "EVP_PKEY_CTX *ctx"
148	.Fa "int *plen"
149	.Fc
150	.Ft int
151	.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_md
152	.Fa "EVP_PKEY_CTX *pctx"
153	.Fa "const EVP_MD *md"
154	.Fc
155	.Ft int
156	.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md
157	.Fa "EVP_PKEY_CTX *pctx"
158	.Fa "const EVP_MD *md"
159	.Fc
160	.Ft int
161	.Fo EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen
162	.Fa "EVP_PKEY_CTX *pctx"
163	.Fa "int saltlen"
164	.Fc
165	.Sh DESCRIPTION
166	The function
167	.Fn RSA_pkey_ctx_ctrl
168	is a shallow wrapper around
169	.Xr EVP_PKEY_CTX_ctrl 3
170	which only succeeds if
171	.Fa ctx
172	matches either
173	.Dv EVP_PKEY_RSA
174	or
175	.Dv EVP_PKEY_RSA_PSS .
176	.Pp
177	All the remaining "functions" are implemented as macros.
178	.Pp
179	The
180	.Fn EVP_PKEY_CTX_set_rsa_padding
181	macro sets the RSA padding mode for
182	.Fa ctx .
183	The
184	.Fa pad
185	parameter can take the value
186	.Dv RSA_PKCS1_PADDING
187	for PKCS#1 padding,
188	.Dv RSA_NO_PADDING
189	for no padding,
190	.Dv RSA_PKCS1_OAEP_PADDING
191	for OAEP padding (encrypt and decrypt only),
192	.Dv RSA_X931_PADDING
193	for X9.31 padding (signature operations only) and
194	.Dv RSA_PKCS1_PSS_PADDING
195	(sign and verify only).
196	Only the last one can be used with keys of the type
197	.Dv EVP_PKEY_RSA_PSS .
198	.Pp
199	Two RSA padding modes behave differently if
200	.Xr EVP_PKEY_CTX_set_signature_md 3
201	is used.
202	If this macro is called for PKCS#1 padding, the plaintext buffer is an
203	actual digest value and is encapsulated in a
204	.Vt DigestInfo
205	structure according to PKCS#1 when signing and this structure is
206	expected (and stripped off) when verifying.
207	If this control is not used with RSA and PKCS#1 padding then the
208	supplied data is used directly and not encapsulated.
209	In the case of X9.31 padding for RSA the algorithm identifier byte is
210	added or checked and removed if this control is called.
211	If it is not called then the first byte of the plaintext buffer is
212	expected to be the algorithm identifier byte.
213	.Pp
214	The
215	.Fn EVP_PKEY_CTX_get_rsa_padding
216	macro retrieves the RSA padding mode for
217	.Fa ctx .
218	.Pp
219	The
220	.Fn EVP_PKEY_CTX_set_rsa_keygen_bits
221	macro sets the RSA key length for RSA or RSA-PSS key generation to
222	.Fa mbits .
223	The smallest supported value is 512 bits.
224	If not specified, 1024 bits is used.
225	.Pp
226	The
227	.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp
228	macro sets the public exponent value for RSA or RSA-PSS key generation to
229	.Fa pubexp .
230	Currently, it should be an odd integer.
231	The
232	.Fa pubexp
233	pointer is used internally by this function, so it should not be modified
234	or freed after the call.
235	If this macro is not called, then 65537 is used.
236	.Pp
237	The
238	.Fn EVP_PKEY_CTX_set_rsa_mgf1_md
239	macro sets the MGF1 digest for RSA padding schemes to
240	.Fa md .
241	Unless explicitly specified, the signing digest is used.
242	The padding mode must have been set to
243	.Dv RSA_PKCS1_OAEP_PADDING
244	or
245	.Dv RSA_PKCS1_PSS_PADDING .
246	If the key is of the type
247	.Dv EVP_PKEY_RSA_PSS
248	and has usage restrictions, an error occurs if an attempt is made
249	to set the digest to anything other than the restricted value.
250	.Pp
251	The
252	.Fn EVP_PKEY_CTX_get_rsa_mgf1_md
253	macro retrieves the MGF1 digest for
254	.Fa ctx .
255	Unless explicitly specified, the signing digest is used.
256	The padding mode must have been set to
257	.Dv RSA_PKCS1_OAEP_PADDING
258	or
259	.Dv RSA_PKCS1_PSS_PADDING .
260	.Ss Optimal asymmetric encryption padding
261	The following macros require that the padding mode was set to
262	.Dv RSA_PKCS1_OAEP_PADDING .
263	.Pp
264	The
265	.Fn EVP_PKEY_CTX_set_rsa_oaep_md
266	macro sets the message digest type used in RSA OAEP to
267	.Fa md .
268	.Pp
269	The
270	.Fn EVP_PKEY_CTX_get_rsa_oaep_md
271	macro gets the message digest type used in RSA OAEP to
272	.Pf * Fa pmd .
273	.Pp
274	The
275	.Fn EVP_PKEY_CTX_set0_rsa_oaep_label
276	macro sets the RSA OAEP label to
277	.Fa label
278	and its length to
279	.Fa len .
280	If
281	.Fa label
282	is
283	.Dv NULL
284	or
285	.Fa len
286	is 0, the label is cleared.
287	The library takes ownership of the label so the caller should not
288	free the original memory pointed to by
289	.Fa label .
290	.Pp
291	The
292	.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
293	macro gets the RSA OAEP label to
294	.Pf * Fa plabel .
295	The return value is the label length.
296	The resulting pointer is owned by the library and should not be
297	freed by the caller.
298	.Ss Probabilistic signature scheme
299	The following macros require that the padding mode was set to
300	.Dv RSA_PKCS1_PSS_PADDING .
301	.Pp
302	The
303	.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
304	macro sets the RSA PSS salt length to
305	.Fa len .
306	Three special values are supported:
307	.Dv RSA_PSS_SALTLEN_DIGEST
308	sets the salt length to the digest length.
309	.Dv RSA_PSS_SALTLEN_MAX
310	sets the salt length to the maximum permissible value.
311	When signing,
312	.Dv RSA_PSS_SALTLEN_AUTO
313	sets the salt length to the maximum permissible value.
314	When verifying,
315	.Dv RSA_PSS_SALTLEN_AUTO
316	causes the salt length to be automatically determined based on the
317	PSS block structure.
318	If this macro is not called, a salt length value of
319	.Dv RSA_PSS_SALTLEN_AUTO
320	is used by default.
321	.Pp
322	If the key has usage restrictions and an attempt is made to set the
323	salt length below the minimum value, an error occurs.
324	Also, if the key has usage restrictions,
325	.Dv RSA_PSS_SALTLEN_AUTO
326	is not supported for verification.
327	.Pp
328	The
329	.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen
330	macro retrieves the RSA PSS salt length for
331	.Fa ctx .
332	.Pp
333	Optional parameter restrictions can be specified when generating a PSS
334	key.
335	If any restrictions are set using the macros described below,
336	then all parameters are restricted.
337	For example, setting a minimum salt length also restricts the digest and
338	MGF1 algorithms.
339	If any restrictions are in place, then they are reflected in the
340	corresponding parameters of the public key when (for example) a
341	certificate request is signed.
342	.Pp
343	.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_md
344	restricts the digest algorithm the generated key can use to
345	.Fa md .
346	.Pp
347	.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md
348	restricts the MGF1 algorithm the generated key can use to
349	.Fa md .
350	.Pp
351	.Fn EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen
352	restricts the minimum salt length to
353	.Fa saltlen .
354	.Sh RETURN VALUES
355	These functions return a positive value for success or 0 or a negative
356	value for failure.
357	In particular, a return value of -2 indicates the operation is not
358	supported by the public key algorithm.
359	.Sh SEE ALSO
360	.Xr EVP_DigestInit 3 ,
361	.Xr EVP_PKEY_CTX_ctrl 3 ,
362	.Xr EVP_PKEY_CTX_new 3 ,
363	.Xr EVP_PKEY_decrypt 3 ,
364	.Xr EVP_PKEY_derive 3 ,
365	.Xr EVP_PKEY_encrypt 3 ,
366	.Xr EVP_PKEY_get_default_digest_nid 3 ,
367	.Xr EVP_PKEY_keygen 3 ,
368	.Xr EVP_PKEY_sign 3 ,
369	.Xr EVP_PKEY_verify 3 ,
370	.Xr EVP_PKEY_verify_recover 3
371	.Sh HISTORY
372	The functions
373	.Fn EVP_PKEY_CTX_set_rsa_padding ,
374	.Fn EVP_PKEY_CTX_set_rsa_keygen_bits ,
375	.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp ,
376	and
377	.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen
378	first appeared in OpenSSL 1.0.0 and have been available since
379	.Ox 4.9 .
380	.Pp
381	The functions
382	.Fn EVP_PKEY_CTX_get_rsa_padding ,
383	.Fn EVP_PKEY_CTX_set_rsa_mgf1_md ,
384	.Fn EVP_PKEY_CTX_get_rsa_mgf1_md ,
385	and
386	.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen
387	first appeared in OpenSSL 1.0.1 and have been available since
388	.Ox 5.3 .
389	.Pp
390	The functions
391	.Fn EVP_PKEY_CTX_set_rsa_oaep_md ,
392	.Fn EVP_PKEY_CTX_get_rsa_oaep_md ,
393	.Fn EVP_PKEY_CTX_set0_rsa_oaep_label ,
394	and
395	.Fn EVP_PKEY_CTX_get0_rsa_oaep_label
396	first appeared in OpenSSL 1.0.2 and have been available since
397	.Ox 6.7 .
398	.Pp
399	The function
400	.Fn RSA_pkey_ctx_ctrl
401	first appeared in OpenSSL 1.1.1 and has been available since
402	.Ox 6.7 .