root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/doc/man7/EVP_SIGNATURE-RSA.pod

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

203 lines
6.4 KiB
Plaintext
Raw Normal View History

Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=pod
=head1 NAME
EVP_SIGNATURE-RSA
- The EVP_PKEY RSA signature implementation
=head1 DESCRIPTION
Support for computing RSA signatures.
See L<EVP_PKEY-RSA(7)> for information related to RSA keys.
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=head2 Algorithm Names
In this list, names are grouped together to signify that they are the same
algorithm having multiple names. This also includes the OID in canonical
decimal form (which means that they are possible to fetch if the caller has a
mere OID which came out in this form after a call to L<OBJ_obj2txt(3)>).
=over 4
=item "RSA", "rsaEncryption", "1.2.840.113549.1.1.1"
The base signature algorithm, supported explicitly fetched with
L<EVP_PKEY_sign_init_ex2(3)>, and implicitly fetched (through
L<RSA keys|EVP_PKEY-RSA(7)>) with L<EVP_DigestSignInit(3)> and
L<EVP_DigestVerifyInit(3)>.
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
It can't be used with L<EVP_PKEY_sign_message_init(3)>
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-RIPEMD160", "ripemd160WithRSA", "1.3.36.3.3.1.2"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA2-256", "RSA-SHA256", "sha256WithRSAEncryption", "1.2.840.113549.1.1.11"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA2-384", "RSA-SHA384", "sha384WithRSAEncryption", "1.2.840.113549.1.1.12"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA2-512", "RSA-SHA512", "sha512WithRSAEncryption", "1.2.840.113549.1.1.13"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA2-224", "RSA-SHA224", "sha224WithRSAEncryption", "1.2.840.113549.1.1.14"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA2-512/224", "RSA-SHA512-224", "sha512-224WithRSAEncryption", "1.2.840.113549.1.1.15"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA2-512/256", "RSA-SHA512-256", "sha512-256WithRSAEncryption", "1.2.840.113549.1.1.16"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA3-224", "id-rsassa-pkcs1-v1_5-with-sha3-224", "2.16.840.1.101.3.4.3.13"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA3-256", "id-rsassa-pkcs1-v1_5-with-sha3-256", "2.16.840.1.101.3.4.3.14"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA3-384", "id-rsassa-pkcs1-v1_5-with-sha3-384", "2.16.840.1.101.3.4.3.15"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SHA3-512", "id-rsassa-pkcs1-v1_5-with-sha3-512", "2.16.840.1.101.3.4.3.16"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=item "RSA-SM3", "sm3WithRSAEncryption", "1.2.156.10197.1.504"
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
PKCS#1 v1.5 RSA signature schemes with diverse message digest algorithms. They
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
are all supported explicitly fetched with L<EVP_PKEY_sign_init_ex2(3)> and
L<EVP_PKEY_sign_message_init(3)>.
docs: Document the implemented composite signature+hash algorithms The details for RSA and EdDSA have already been documented, albeit the RSA documentation wasn't conforming properly to the POD format. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25422)
2024-09-10 22:43:43 +08:00
They are all pre-set to use the pad mode "pkcs1". This cannot be changed.
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
=back
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=head2 Signature Parameters
The following signature parameters can be set using EVP_PKEY_CTX_set_params().
This may be called after EVP_PKEY_sign_init() or EVP_PKEY_verify_init(),
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Failure of a check causes either a failure OR the FIPS indicator callback to be triggered. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
2024-07-01 09:36:58 +08:00
and before calling EVP_PKEY_sign() or EVP_PKEY_verify(). They may also be set
using EVP_PKEY_sign_init_ex() or EVP_PKEY_verify_init_ex().
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=over 4
=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
=item "properties" (B<OSSL_SIGNATURE_PARAM_PROPERTIES>) <UTF8 string>
Refactor OpenSSL 'RSA' EVP_SIGNATURE to also include RSA+hash composites (in the code, "sigalg" is used to refer to these composite algorithms, which is a nod to libcrypto and libssl, where that term is commonly used for composite algorithms) To make this implementation possible, wrappers were added around the hash function itself, allowing the use of existing hash implementations through their respective OSSL_DISPATCH tables, but also retaining the dynamic fetch of hash implementations when the digest_sign / digest_verify functionality is used. This wrapper allows implementing the RSA+hash composites through simple initializer function and a custom OSSL_DISPATCH table for each. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23416)
2024-07-06 22:26:39 +08:00
These are not supported with the RSA signature schemes that already include a
message digest algorithm, See L</Algorithm Names> above.
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
These common parameters are described in L<provider-signature(7)>.
=item "pad-mode" (B<OSSL_SIGNATURE_PARAM_PAD_MODE>) <UTF8 string>
The type of padding to be used. Its value can be one of the following:
=over 4
=item "none" (B<OSSL_PKEY_RSA_PAD_MODE_NONE>)
doc: remove end of line whitespace Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16641)
2021-09-21 08:59:56 +08:00
=item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>)
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>)
Add RSA Signature restrictions for X9.31 padding in the FIPS provider. In FIPS 140-3, RSA Signing with X9.31 padding is not approved, but verification is allowed for legacy purposes. An indicator has been added for RSA signing with X9.31 padding. A strict restriction on the size of the RSA modulus has been added i.e. It must be 1024 + 256 * s (which is part of the ANSI X9.31 spec). Added implementation comments to the X9.31 padding code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24021)
2024-07-29 08:16:30 +08:00
This padding mode is no longer supported by the FIPS provider for signature
generation, but may be used for signature verification for legacy use cases.
(This is a FIPS 140-3 requirement)
doc: remove end of line whitespace Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16641)
2021-09-21 08:59:56 +08:00
=item "pss" (B<OSSL_PKEY_RSA_PAD_MODE_PSS>)
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=back
=item "mgf1-digest" (B<OSSL_SIGNATURE_PARAM_MGF1_DIGEST>) <UTF8 string>
The digest algorithm name to use for the maskGenAlgorithm used by "pss" mode.
=item "mgf1-properties" (B<OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES>) <UTF8 string>
Sets the name of the property query associated with the "mgf1-digest" algorithm.
NULL is used if this optional value is not set.
Updated information for OSSL_SIGNATURE_PARAM_PSS_SALTLEN Fixes #18066 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18736)
2022-07-07 05:26:16 +08:00
=item "saltlen" (B<OSSL_SIGNATURE_PARAM_PSS_SALTLEN>) <integer> or <UTF8 string>
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
Updated information for OSSL_SIGNATURE_PARAM_PSS_SALTLEN Fixes #18066 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18736)
2022-07-07 05:26:16 +08:00
The "pss" mode minimum salt length. The value can either be an integer,
a string value representing a number or one of the following string values:
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=over 4
=item "digest" (B<OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST>)
Use the same length as the digest size.
=item "max" (B<OSSL_PKEY_RSA_PSS_SALT_LEN_MAX>)
Use the maximum salt length.
=item "auto" (B<OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO>)
Auto detect the salt length.
signature: Clamp PSS salt len to MD len FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection 5.5 "PKCS #1" says: "For RSASSA-PSS […] the length (in bytes) of the salt (sLen) shall satisfy 0 <= sLen <= hLen, where hLen is the length of the hash function output block (in bytes)." Introduce a new option RSA_PSS_SALTLEN_AUTO_DIGEST_MAX and make it the default. The new value will behave like RSA_PSS_SALTLEN_AUTO, but will not use more than the digest length when signing, so that FIPS 186-4 is not violated. This value has two advantages when compared with RSA_PSS_SALTLEN_DIGEST: (1) It will continue to do auto-detection when verifying signatures for maximum compatibility, where RSA_PSS_SALTLEN_DIGEST would fail for other digest sizes. (2) It will work for combinations where the maximum salt length is smaller than the digest size, which typically happens with large digest sizes (e.g., SHA-512) and small RSA keys. J.-S. Coron shows in "Optimal Security Proofs for PSS and Other Signature Schemes. Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pp. 272 – 287. Springer Verlag, 2002." that longer salts than the output size of modern hash functions do not increase security: "For example,for an application in which at most one billion signatures will be generated, k0 = 30 bits of random salt are actually sufficient to guarantee the same level of security as RSA, and taking a larger salt does not increase the security level." Signed-off-by: Clemens Lang <cllang@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19724)
2022-11-18 19:35:33 +08:00
=item "auto-digestmax" (B<OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX>)
Auto detect the salt length when verifying. Maximize the salt length up to the
digest size when signing to comply with FIPS 186-4 section 5.5.
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=back
Cleanups for FIPS indicator documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25195)
2024-08-15 14:20:26 +08:00
=back
The OpenSSL FIPS provider also supports the following parameters:
=over 4
=item "key-check" (B<OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK>) <integer>
=item "digest-check" (B<OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK>) <integer>
=item "sign-x931-pad-check" (B<OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK>) <integer>
These parameters are described in L<provider-signature(7)>.
Restrict salt length for RSA-PSS in the FIPS provider Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25115)
2024-08-07 10:24:36 +08:00
=item "rsa-pss-saltlen-check" (B<OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK>) <integer>
The default value of 1 causes an error during signature generation or
verification if salt length (B<OSSL_SIGNATURE_PARAM_PSS_SALTLEN>) is not between
zero and the output block size of the digest function (inclusive).
Setting this to zero will ignore the error and set the approved "fips-indicator"
to 0.
Cleanups for FIPS indicator documentation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25195)
2024-08-15 14:20:26 +08:00
This option breaks FIPS compliance if it causes the approved "fips-indicator"
to return 0.
Restrict salt length for RSA-PSS in the FIPS provider Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25115)
2024-08-07 10:24:36 +08:00
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=back
The following signature parameters can be retrieved using
EVP_PKEY_CTX_get_params().
=over 4
=item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
Fix parameter types int -> integer changes Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24881)
2024-07-15 09:06:45 +08:00
=item "fips-indicator" (B<OSSL_SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Failure of a check causes either a failure OR the FIPS indicator callback to be triggered. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
2024-07-01 09:36:58 +08:00
doc: document the OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE parameter Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/25211)
2024-08-16 08:21:12 +08:00
=item "verify-message" (B<OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE> <integer>
Change all existing FIPS configurable checks to use FIPS indicators. This changes the logic to always do the security checks and then decide what to do based on if this passes or not. Failure of a check causes either a failure OR the FIPS indicator callback to be triggered. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24623)
2024-07-01 09:36:58 +08:00
These common parameter are described in L<provider-signature(7)>.
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
=item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
=item "pad-mode" (B<OSSL_SIGNATURE_PARAM_PAD_MODE>) <UTF8 string>
=item "mgf1-digest" (B<OSSL_SIGNATURE_PARAM_MGF1_DIGEST>) <UTF8 string>
Updated information for OSSL_SIGNATURE_PARAM_PSS_SALTLEN Fixes #18066 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18736)
2022-07-07 05:26:16 +08:00
=item "saltlen" (B<OSSL_SIGNATURE_PARAM_PSS_SALTLEN>) <integer> or <UTF8 string>
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
These parameters are as described above.
=back
=head1 SEE ALSO
L<EVP_PKEY_CTX_set_params(3)>,
L<EVP_PKEY_sign(3)>,
L<EVP_PKEY_verify(3)>,
L<provider-signature(7)>,
=head1 COPYRIGHT
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes
2024-09-05 15:35:49 +08:00
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
Update core_names.h fields and document most fields. Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
2020-05-26 11:53:07 +08:00
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut