[openssl-users] Using RSA_PKCS1_OAEP_PADDING with high level EVP_Seal functions

Dr. Stephen Henson steve at openssl.org
Thu Sep 8 19:18:50 UTC 2016

On Wed, Sep 07, 2016, Daniel Knoppel wrote:

> Dear all,
> I was wondering about two things:
> 1. Can the EVP_Seal*() functions be told to use RSA_PKCS1_OAEP_PADDING,
> or do I need to stick with the lower level RSA_public_encrypt()?
> >From the source code it seems to me that RSA_PKCS1_PADDING is hardcoded
> because EVP_SealInit() [1] calls EVP_PKEY_encrypt_old() [2], which in
> turn has the line with hardcoded padding:
> ret = RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),

EVP_Seal*() is an old function hard coded to use RSA_PKCS1_PADDING as you've

You don't need to use the low level RSA_public_encrypt() function for
OAEP. Instead use the EVP_PKEY APIs EVP_PKEY_encrypt() and EVP_PKEY_decrypt()
with the padding mode modified and appropriate parameters set.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list