[openssl-users] Using RSA_PKCS1_OAEP_PADDING with high level EVP_Seal functions
Dr. Stephen Henson
steve at openssl.org
Thu Sep 8 19:18:50 UTC 2016
On Wed, Sep 07, 2016, Daniel Knoppel wrote:
> Dear all,
>
> I was wondering about two things:
>
> 1. Can the EVP_Seal*() functions be told to use RSA_PKCS1_OAEP_PADDING,
> or do I need to stick with the lower level RSA_public_encrypt()?
>
> >From the source code it seems to me that RSA_PKCS1_PADDING is hardcoded
> because EVP_SealInit() [1] calls EVP_PKEY_encrypt_old() [2], which in
> turn has the line with hardcoded padding:
>
> ret = RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
> RSA_PKCS1_PADDING);
>
EVP_Seal*() is an old function hard coded to use RSA_PKCS1_PADDING as you've
observed.
You don't need to use the low level RSA_public_encrypt() function for
OAEP. Instead use the EVP_PKEY APIs EVP_PKEY_encrypt() and EVP_PKEY_decrypt()
with the padding mode modified and appropriate parameters set.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list