doc: document pkcs15-padding-disabled param for RSA

Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/25070)
2025-01-30 14:01:55 +08:00 · 2024-07-31 13:26:02 +10:00 · 2024-07-31 13:26:02 +10:00 · 18fd8f687f
commit 18fd8f687f
parent 9bd5362a71
1 changed files with 13 additions and 0 deletions
--- a/doc/man7/EVP_ASYM_CIPHER-RSA.pod
+++ b/doc/man7/EVP_ASYM_CIPHER-RSA.pod
@ -25,6 +25,10 @@ The default provider understands these RSA padding modes in string form:

 =item "pkcs1" (B<OSSL_PKEY_RSA_PAD_MODE_PKCSV15>)

+This padding mode is no longer supported by the FIPS provider for key
+agreement and key transport.
+(This is a FIPS 140-3 requirement)
+
 =item "x931" (B<OSSL_PKEY_RSA_PAD_MODE_X931>)

 =back
@ -37,6 +41,10 @@ The default provider understands these RSA padding modes in integer form:

 =item 1 (B<RSA_PKCS1_PADDING>)

+This padding mode is no longer supported by the FIPS provider for key
+agreement and key transport.
+(This is a FIPS 140-3 requirement)
+
 =item 3 (B<RSA_NO_PADDING>)

 =item 4 (B<RSA_PKCS1_OAEP_PADDING>)
@ -71,6 +79,11 @@ See B<RSA_PKCS1_WITH_TLS_PADDING> on the page L<EVP_PKEY_CTX_set_rsa_padding(3)>

 See L<provider-asym_cipher(7)/Asymmetric Cipher Parameters> for more information.

+=item "pkcs15-padding-disabled" (B<OSSL_ASYM_CIPHER_PARAM_PKCS15_PADDING_DISABLED>) <integer>
+
+If nonzero, PKCS#1 version 1.5 padding is disabled.
+This option is used by the OpenSSL FIPS provider.
+
 =back

 =head1 SEE ALSO