1EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD(3oOspEseVlnP)S_SPLKEY_CTX_SET_RSA_PSS_KEYGEN_MD(3ossl)
2
3
4
6 EVP_PKEY_CTX_set_rsa_pss_keygen_md,
7 EVP_PKEY_CTX_set_rsa_pss_keygen_md_name,
8 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md,
9 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name,
10 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - EVP_PKEY RSA-PSS algorithm
11 support functions
12
14 #include <openssl/rsa.h>
15
16 int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx,
17 const EVP_MD *md);
18 int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
19 const char *mdname,
20 const char *mdprops);
21 int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx,
22 const EVP_MD *md);
23 int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *pctx,
24 const char *mdname);
25 int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx,
26 int saltlen);
27
29 These are the functions that implement RSA-PSS(7).
30
31 Signing and Verification
32 The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is
33 returned if an attempt is made to set the padding mode to anything
34 other than PSS. It is otherwise similar to the RSA version.
35
36 The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt
37 length. If the key has usage restrictions then an error is returned if
38 an attempt is made to set the salt length below the minimum value. It
39 is otherwise similar to the RSA operation except detection of the salt
40 length (using RSA_PSS_SALTLEN_AUTO) is not supported for verification
41 if the key has usage restrictions.
42
43 The EVP_PKEY_CTX_set_signature_md(3) and
44 EVP_PKEY_CTX_set_rsa_mgf1_md(3) functions are used to set the digest
45 and MGF1 algorithms respectively. If the key has usage restrictions
46 then an error is returned if an attempt is made to set the digest to
47 anything other than the restricted value. Otherwise these are similar
48 to the RSA versions.
49
50 Key Generation
51 As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() and
52 EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS:
53 they have exactly the same meaning as for the RSA algorithm.
54
55 Optional parameter restrictions can be specified when generating a PSS
56 key. If any restrictions are set (using the macros described below)
57 then all parameters are restricted. For example, setting a minimum salt
58 length also restricts the digest and MGF1 algorithms. If any
59 restrictions are in place then they are reflected in the corresponding
60 parameters of the public key when (for example) a certificate request
61 is signed.
62
63 EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the
64 generated key can use to md. EVP_PKEY_CTX_set_rsa_pss_keygen_md_name()
65 does the same thing, but passes the algorithm by name rather than by
66 EVP_MD.
67
68 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm
69 the generated key can use to md.
70 EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name() does the same thing, but
71 passes the algorithm by name rather than by EVP_MD.
72
73 EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt
74 length to saltlen.
75
77 A context for the RSA-PSS algorithm can be obtained by calling:
78
79 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);
80
82 All these functions return 1 for success and 0 or a negative value for
83 failure. In particular a return value of -2 indicates the operation is
84 not supported by the public key algorithm.
85
87 RSA-PSS(7), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3),
88 EVP_PKEY_derive(3)
89
91 Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
92
93 Licensed under the Apache License 2.0 (the "License"). You may not use
94 this file except in compliance with the License. You can obtain a copy
95 in the file LICENSE in the source distribution or at
96 <https://www.openssl.org/source/license.html>.
97
98
99
1003.0.9 2023E-V0P7_-P2K7EY_CTX_SET_RSA_PSS_KEYGEN_MD(3ossl)