1EVP_PKEY_CTX_SET_RSA_PSS_KEYGEN_MD(3oOspEseVlnP)S_SPLKEY_CTX_SET_RSA_PSS_KEYGEN_MD(3ossl)
2
3
4

NAME

6       EVP_PKEY_CTX_set_rsa_pss_keygen_md,
7       EVP_PKEY_CTX_set_rsa_pss_keygen_md_name,
8       EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md,
9       EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name,
10       EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen - EVP_PKEY RSA-PSS algorithm
11       support functions
12

SYNOPSIS

14        #include <openssl/rsa.h>
15
16        int EVP_PKEY_CTX_set_rsa_pss_keygen_md(EVP_PKEY_CTX *pctx,
17                                               const EVP_MD *md);
18        int EVP_PKEY_CTX_set_rsa_pss_keygen_md_name(EVP_PKEY_CTX *ctx,
19                                                    const char *mdname,
20                                                    const char *mdprops);
21        int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(EVP_PKEY_CTX *pctx,
22                                                    const EVP_MD *md);
23        int EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name(EVP_PKEY_CTX *pctx,
24                                                         const char *mdname);
25        int EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(EVP_PKEY_CTX *pctx,
26                                                    int saltlen);
27

DESCRIPTION

29       These are the functions that implement RSA-PSS(7).
30
31   Signing and Verification
32       The macro EVP_PKEY_CTX_set_rsa_padding() is supported but an error is
33       returned if an attempt is made to set the padding mode to anything
34       other than PSS. It is otherwise similar to the RSA version.
35
36       The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro is used to set the salt
37       length.  If the key has usage restrictions then an error is returned if
38       an attempt is made to set the salt length below the minimum value. It
39       is otherwise similar to the RSA operation except detection of the salt
40       length (using RSA_PSS_SALTLEN_AUTO) is not supported for verification
41       if the key has usage restrictions.
42
43       The EVP_PKEY_CTX_set_signature_md(3) and
44       EVP_PKEY_CTX_set_rsa_mgf1_md(3) functions are used to set the digest
45       and MGF1 algorithms respectively. If the key has usage restrictions
46       then an error is returned if an attempt is made to set the digest to
47       anything other than the restricted value. Otherwise these are similar
48       to the RSA versions.
49
50   Key Generation
51       As with RSA key generation the EVP_PKEY_CTX_set_rsa_keygen_bits() and
52       EVP_PKEY_CTX_set_rsa_keygen_pubexp() macros are supported for RSA-PSS:
53       they have exactly the same meaning as for the RSA algorithm.
54
55       Optional parameter restrictions can be specified when generating a PSS
56       key.  If any restrictions are set (using the macros described below)
57       then all parameters are restricted. For example, setting a minimum salt
58       length also restricts the digest and MGF1 algorithms. If any
59       restrictions are in place then they are reflected in the corresponding
60       parameters of the public key when (for example) a certificate request
61       is signed.
62
63       EVP_PKEY_CTX_set_rsa_pss_keygen_md() restricts the digest algorithm the
64       generated key can use to md.  EVP_PKEY_CTX_set_rsa_pss_keygen_md_name()
65       does the same thing, but passes the algorithm by name rather than by
66       EVP_MD.
67
68       EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md() restricts the MGF1 algorithm
69       the generated key can use to md.
70       EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md_name() does the same thing, but
71       passes the algorithm by name rather than by EVP_MD.
72
73       EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen() restricts the minimum salt
74       length to saltlen.
75

NOTES

77       A context for the RSA-PSS algorithm can be obtained by calling:
78
79        EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA_PSS, NULL);
80

RETURN VALUES

82       All these functions return 1 for success and 0 or a negative value for
83       failure.  In particular a return value of -2 indicates the operation is
84       not supported by the public key algorithm.
85

SEE ALSO

87       RSA-PSS(7), EVP_PKEY_CTX_new(3), EVP_PKEY_CTX_ctrl_str(3),
88       EVP_PKEY_derive(3)
89

91       Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
92
93       Licensed under the Apache License 2.0 (the "License").  You may not use
94       this file except in compliance with the License.  You can obtain a copy
95       in the file LICENSE in the source distribution or at
96       <https://www.openssl.org/source/license.html>.
97
98
99
1003.1.1                             2023E-V0P8_-P3K1EY_CTX_SET_RSA_PSS_KEYGEN_MD(3ossl)
Impressum