[openssl-users] EVP_MD_CTX and EVP_PKEY_CTX? How to init? How to free?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Sun Apr 30 20:03:29 UTC 2017


Understood. Thanks! 

Yes, it would be nice if 1_0_2-stable and 1_1 branches returned an error on an attempt to sign or verify with RSA_NO_PADDING.

Regards,
Uri

Sent from my iPhone

> On Apr 30, 2017, at 15:19, Dr. Stephen Henson <steve at openssl.org> wrote:
> 
>> On Sun, Apr 30, 2017, Blumenthal, Uri - 0553 - MITLL wrote:
>> 
>> 
>> Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I tried that (without using DigestSign of course), signing succeeded but verification always failed. Was that expected? Are there some special settings one needs to apply besides just setting the padding type?
>> 
> 
> With RSA_NO_PADDING it isn't possible to determine the length of the decrypted
> data during verify. We should really return an error code if an atttempt is
> made to use it for sign/verify.
> 
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4223 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170430/22eaee83/attachment.bin>


More information about the openssl-users mailing list