[openssl-users] Migrating from EVP_Verify*/EVP_Sign* to EVP_Digest*

Dr. Stephen Henson steve at openssl.org
Tue Feb 28 11:49:16 UTC 2017

On Tue, Feb 28, 2017, Tobias Nie?en wrote:

> Hello,
> we are currently discussing support for RSASSA-PSS padding in the
> node.js built-in crypto module:
> https://github.com/nodejs/node/issues/1127
> So far, the crypto module uses the older EVP_Sign/EVP_Verify APIs,
> which do not support specifying
> the padding (and salt length). We considered switching to the newer
> EVP_Digest* functions, but we
> cannot provide the public key during initialization of the signature
> / verification process as this would
> require unacceptable changes to the public API of the crypto module.
> Is there any way to use the
> new API without specifying the key during initialization?
> Considering that the old API just computes
> a message digest until EVP_SignFinal/EVP_VerifyFinal is called,
> shouldn't it be possible to do merely
> the same thing using the new API?

No there isn't with the new API. The reason for that is that some operations
performed (for example which digests can be used, or which salt lengths are
permissible for PSS) depend on the public key. For example in the master
branch RSA-PSS keys can restrict the digest which can be use with the key. The
way the new API is structured you get the error as soon as you attempt the

> If it is impossible, is there any workaround?

There is an alternative which may help. Instead of using EVP_Sign* which
computes the digest and signs with it you can instead call EVP_DigestInit_ex,
EVP_DigestUpdate and EVP_DigestFinal_ex() to compute the raw digest.

Then you can use the EVP_PKEY APIs to sign the raw digest with EVP_PKEY_sign()
using RSA-PSS or verify it with EVP_PKEY_verify().

If that isn't clear let me know and I'll explain further.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list