On Thu, May 15, 2014, Jan Danielsson wrote:
> Hello,
>
> Purely for a test case to see if a small wrapper library for
> EVP_DigestSign*() can output the exact same signature twice, I tried
> calling:
>
> if((rc = EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_NO_PADDING)) <= 0) {
> print("failed with %d\n", rc);
> }
>
> With plain old PKCS1 and PKCS1/PSS the call is successful, but for
> NO_PADDING I get rc=0. In practice this isn't a problem for pretty
> obvious reasons, but it worries me slightly, and it makes me wonder if
> there's some other problem hiding which I should be aware of.
>
> Is there some code in there which doesn't allow RSA_NO_PADDING? The
> documentation seems quite explicit that EVP_PKEY_CTX_set_rsa_padding()
> allows RSA_NO_PADDING, but perhaps there are some caveats?
>
Currently RSA_NO_PADDING is only supported for encrypt/decrypt and not
for sign/verify. One reason is that you can't sanity check the recovered
plaintext length without padding.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
