[openssl-users] Migrating from EVP_Verify*/EVP_Sign* to EVP_Digest*

Tobias Nießen tniessen at tnie.de
Tue Feb 28 11:01:44 UTC 2017


we are currently discussing support for RSASSA-PSS padding in the 
node.js built-in crypto module:

So far, the crypto module uses the older EVP_Sign/EVP_Verify APIs, which 
do not support specifying
the padding (and salt length). We considered switching to the newer 
EVP_Digest* functions, but we
cannot provide the public key during initialization of the signature / 
verification process as this would
require unacceptable changes to the public API of the crypto module. Is 
there any way to use the
new API without specifying the key during initialization? Considering 
that the old API just computes
a message digest until EVP_SignFinal/EVP_VerifyFinal is called, 
shouldn't it be possible to do merely
the same thing using the new API?

If it is impossible, is there any workaround?

Thank you in advance,

More information about the openssl-users mailing list