1 .\" $OpenBSD: RSA_padding_add_PKCS1_type_1.3,v 1.8 2018/03/21 16:09:51 schwarze Exp $
2 .\" OpenSSL 1e3f62a3 Jul 17 16:47:13 2017 +0200
4 .\" This file was written by Ulf Moeller <ulf@openssl.org>.
5 .\" Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 .\" Redistribution and use in source and binary forms, with or without
8 .\" modification, are permitted provided that the following conditions
11 .\" 1. Redistributions of source code must retain the above copyright
12 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in
16 .\" the documentation and/or other materials provided with the
19 .\" 3. All advertising materials mentioning features or use of this
20 .\" software must display the following acknowledgment:
21 .\" "This product includes software developed by the OpenSSL Project
22 .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24 .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 .\" endorse or promote products derived from this software without
26 .\" prior written permission. For written permission, please contact
27 .\" openssl-core@openssl.org.
29 .\" 5. Products derived from this software may not be called "OpenSSL"
30 .\" nor may "OpenSSL" appear in their names without prior written
31 .\" permission of the OpenSSL Project.
33 .\" 6. Redistributions of any form whatsoever must retain the following
35 .\" "This product includes software developed by the OpenSSL Project
36 .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38 .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
51 .Dd $Mdocdate: March 21 2018 $
52 .Dt RSA_PADDING_ADD_PKCS1_TYPE_1 3
55 .Nm RSA_padding_add_PKCS1_type_1 ,
56 .Nm RSA_padding_check_PKCS1_type_1 ,
57 .Nm RSA_padding_add_PKCS1_type_2 ,
58 .Nm RSA_padding_check_PKCS1_type_2 ,
59 .Nm RSA_padding_add_PKCS1_OAEP ,
60 .Nm RSA_padding_check_PKCS1_OAEP ,
61 .Nm RSA_padding_add_none ,
62 .Nm RSA_padding_check_none
63 .Nd asymmetric encryption padding
67 .Fo RSA_padding_add_PKCS1_type_1
68 .Fa "unsigned char *to"
70 .Fa "unsigned char *f"
74 .Fo RSA_padding_check_PKCS1_type_1
75 .Fa "unsigned char *to"
77 .Fa "unsigned char *f"
82 .Fo RSA_padding_add_PKCS1_type_2
83 .Fa "unsigned char *to"
85 .Fa "unsigned char *f"
89 .Fo RSA_padding_check_PKCS1_type_2
90 .Fa "unsigned char *to"
92 .Fa "unsigned char *f"
97 .Fo RSA_padding_add_PKCS1_OAEP
98 .Fa "unsigned char *to"
100 .Fa "unsigned char *f"
102 .Fa "unsigned char *p"
106 .Fo RSA_padding_check_PKCS1_OAEP
107 .Fa "unsigned char *to"
109 .Fa "unsigned char *f"
112 .Fa "unsigned char *p"
116 .Fo RSA_padding_add_none
117 .Fa "unsigned char *to"
119 .Fa "unsigned char *f"
123 .Fo RSA_padding_check_none
124 .Fa "unsigned char *to"
126 .Fa "unsigned char *f"
131 These functions are called from the RSA encrypt, decrypt, sign, and
133 Normally they should not be called from application programs.
135 However, they can also be called directly to implement padding for other
137 .Fn RSA_padding_add_PKCS1_OAEP
139 .Fn RSA_padding_check_PKCS1_OAEP
140 may be used in an application combined with
142 in order to implement OAEP with an encoding parameter.
144 .Fn RSA_padding_add_*
151 bytes and stores the result at
155 does not meet the size requirements of the encoding method.
157 The following encoding methods are implemented:
159 .Bl -tag -width PKCS1_type_2 -compact
161 PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1);
164 PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
166 PKCS #1 v2.0 EME-OAEP
171 .Fn RSA_padding_check_*
176 contain a valid encoding for a
178 byte RSA key in the respective encoding method and stores the recovered
189 .Fn RSA_padding_*_OAEP ,
191 points to the encoding parameter of length
201 .Fn RSA_padding_add_*
202 functions return 1 on success or 0 on error.
204 .Fn RSA_padding_check_*
205 functions return the length of the recovered data or -1 on error.
206 Error codes can be obtained by calling
207 .Xr ERR_get_error 3 .
210 .Xr RSA_private_decrypt 3 ,
211 .Xr RSA_public_encrypt 3 ,
215 .Fn RSA_padding_add_PKCS1_type_1 ,
216 .Fn RSA_padding_check_PKCS1_type_1 ,
217 .Fn RSA_padding_add_PKCS1_type_2 ,
218 .Fn RSA_padding_check_PKCS1_type_2 ,
219 .Fn RSA_padding_add_none ,
221 .Fn RSA_padding_check_none
222 first appeared in SSLeay 0.9.0 and have been available since
225 .Fn RSA_padding_add_PKCS1_OAEP
227 .Fn RSA_padding_check_PKCS1_OAEP
228 first appeared in OpenSSL 0.9.2b and have been available since
232 .Fn RSA_padding_check_PKCS1_type_2
233 padding check leaks timing information which can potentially be
234 used to mount a Bleichenbacher padding oracle attack.
235 This is an inherent weakness in the PKCS #1 v1.5 padding design.
236 Prefer PKCS1_OAEP padding.