1 .\" Automatically generated by Pod::Man 4.07 (Pod::Simple 3.35)
4 .\" ========================================================================
5 .de Sp \" Vertical space (when we can't use .PP)
9 .de Vb \" Begin verbatim text
14 .de Ve \" End verbatim text
18 .\" Set up some character translations and predefined strings. \*(-- will
19 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
20 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
21 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23 .\" nothing in troff, for use with C<>.
25 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
45 .\" Escape single quotes in literal strings from groff's Unicode transform.
49 .\" If the F register is >0, we'll generate index entries on stderr for
50 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
51 .\" entries marked with X<> in POD. Of course, you'll have to process the
52 .\" output yourself in some meaningful fashion.
54 .\" Avoid warning from groff about undefined register 'F'.
60 . tm Index:\\$1\t\\n%\t"\\$2"
68 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69 .\" Fear. Run. Save yourself. No user-serviceable parts.
70 . \" fudge factors for nroff and troff
79 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
85 . \" simple accents for nroff and troff
95 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
102 . \" troff and (daisy-wheel) nroff accents
103 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110 .ds ae a\h'-(\w'a'u*4/10)'e
111 .ds Ae A\h'-(\w'A'u*4/10)'E
112 . \" corrections for vroff
113 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
115 . \" for low resolution devices (crt and lpr)
116 .if \n(.H>23 .if \n(.V>19 \
129 .\" ========================================================================
131 .IX Title "RSA_padding_add_PKCS1_type_1 3"
132 .TH RSA_padding_add_PKCS1_type_1 3 "2018-03-27" "1.0.2o" "OpenSSL"
133 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
134 .\" way too many mistakes in technical documents.
138 RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
139 RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
140 RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
141 RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
142 RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption
145 .IX Header "SYNOPSIS"
147 \& #include <openssl/rsa.h>
149 \& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
150 \& unsigned char *f, int fl);
152 \& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
153 \& unsigned char *f, int fl, int rsa_len);
155 \& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
156 \& unsigned char *f, int fl);
158 \& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
159 \& unsigned char *f, int fl, int rsa_len);
161 \& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
162 \& unsigned char *f, int fl, unsigned char *p, int pl);
164 \& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
165 \& unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
167 \& int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
168 \& unsigned char *f, int fl);
170 \& int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
171 \& unsigned char *f, int fl, int rsa_len);
173 \& int RSA_padding_add_none(unsigned char *to, int tlen,
174 \& unsigned char *f, int fl);
176 \& int RSA_padding_check_none(unsigned char *to, int tlen,
177 \& unsigned char *f, int fl, int rsa_len);
180 .IX Header "DESCRIPTION"
181 The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt,
182 decrypt, sign and verify functions. Normally they should not be called
183 from application programs.
185 However, they can also be called directly to implement padding for other
186 asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and
187 \&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined
188 with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding
191 \&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into
192 \&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR
193 does not meet the size requirements of the encoding method.
195 The following encoding methods are implemented:
197 .IX Item "PKCS1_type_1"
198 \&\s-1PKCS\s0 #1 v2.0 EMSA\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures
200 .IX Item "PKCS1_type_2"
201 \&\s-1PKCS\s0 #1 v2.0 EME\-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2)
202 .IP "\s-1PKCS1_OAEP\s0" 4
203 .IX Item "PKCS1_OAEP"
204 \&\s-1PKCS\s0 #1 v2.0 EME-OAEP
207 \&\s-1PKCS\s0 #1 EME\-PKCS1\-v1_5 with SSL-specific modification
212 The random number generator must be seeded prior to calling
213 \&\fIRSA_padding_add_xxx()\fR.
215 \&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain
216 a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective
217 encoding method and stores the recovered data of at most \fBtlen\fR bytes
218 (for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR)
221 For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter
222 of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0.
224 .IX Header "RETURN VALUES"
225 The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error.
226 The \fIRSA_padding_check_xxx()\fR functions return the length of the
227 recovered data, \-1 on error. Error codes can be obtained by calling
228 \&\fIERR_get_error\fR\|(3).
231 The \fIRSA_padding_check_PKCS1_type_2()\fR padding check leaks timing
232 information which can potentially be used to mount a Bleichenbacher
233 padding oracle attack. This is an inherent weakness in the \s-1PKCS\s0 #1
234 v1.5 padding design. Prefer \s-1PKCS1_OAEP\s0 padding.
236 .IX Header "SEE ALSO"
237 \&\fIRSA_public_encrypt\fR\|(3),
238 \&\fIRSA_private_decrypt\fR\|(3),
239 \&\fIRSA_sign\fR\|(3), \fIRSA_verify\fR\|(3)
242 \&\fIRSA_padding_add_PKCS1_type_1()\fR, \fIRSA_padding_check_PKCS1_type_1()\fR,
243 \&\fIRSA_padding_add_PKCS1_type_2()\fR, \fIRSA_padding_check_PKCS1_type_2()\fR,
244 \&\fIRSA_padding_add_SSLv23()\fR, \fIRSA_padding_check_SSLv23()\fR,
245 \&\fIRSA_padding_add_none()\fR and \fIRSA_padding_check_none()\fR appeared in
248 \&\fIRSA_padding_add_PKCS1_OAEP()\fR and \fIRSA_padding_check_PKCS1_OAEP()\fR were
249 added in OpenSSL 0.9.2b.