Hi, openssl hackers! I wrote little program that demonstrates problem, see attached file. It's a bit long but it shows that only EVP_PKEY_decrypt() fails with 4K keys. Rest of functions are just fine.
See evp_decrypt_with_pvtk() function for failure. 06.06.12 05:40, Dave Thompson написав(ла): >> From: owner-openssl-us...@openssl.org On Behalf Of Oleksiy Lukin >> Sent: Tuesday, 05 June, 2012 03:59 >> I have problem with EVP_PKEY_decrypt() function and 4K RSA >> private key >> decrypting data encrypted with EVP_PKEY_encrypt() and corresponding >> public key. Keys generated using openssl CA shell script. >> > Are you counting bits (as is conventional) or bytes/octets? Bits, sure. >> EVP_PKEY_decrypt() just returns -2 saying that this key is not >> supported. BUT! RSA_private_decrypt() works just fine with >> this key and >> successfully decrypts data encrypted by EVP_PKEY_encrypt()! Sign and >> verify operations works fine with EVP_PKEY_sign() and >> EVP_PKEY_verify() >> with the same keys. >> >> I use openssl 1.0.1c. >> >> The questions are: >> >> 1. Is there some meaningful limitation coded into EVP_PKEY_decrypt() >> that does not allow decrypt operation? > Not that I see, and 1c works for me with a 4kbit RSA key. > > There is a limit in the *RSA* module to 16kbit in all cases, and a > smaller limit on publickey operations *not* using a small exponent. > Both these limits apply whether used through EVP or directly, and > RSA keys generated by OpenSSL (always?) have small exponents. > >> 2. If no such limitations, how I can make it work with 4K RSA keys? >> > No idea. Try to produce a minimal test program that fails and post it. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- SY, Alex Lukin RIPE NIC HDL: LEXA1-RIPE
OpenSSL_EVP_4k.tgz
Description: application/compressed-tar
