tbslen parameter in EVP_PKEY_sign() and EVP_PKEY_verify()
Kyle Hamilton
aerowolf at gmail.com
Tue Apr 7 18:17:48 UTC 2020
32 bytes means you're signing using RSA-WITH-SHA-256, yes?
tbs is the digest value you calculated, tbslen is the size in bytes of
the digest.
-Kyle H
On Tue, Apr 7, 2020 at 1:07 PM Jason Proctor <jason at spatiallabs.com> wrote:
>
> Esteemed cryptologists,
>
> Question regarding the "tbslen" parameter to the sign and verify
> functions. The documentation says --
>
> "The verified data (i.e. the data believed originally signed) is
> specified using the tbs and tbslen parameters."
>
> Which might indicate that tbslen is the length of the payload. However
> I found that I had to set this to the length of the *signature* to get
> these calls to work. The sign() operation fails at rsa_pmeth.c line
> 134, and the debugger does indeed tell me that it's expecting 32
> there, rather than the payload length which is 1024.
>
> Is this correct? Anything I'm missing, here?
>
> thanks for any clarity here
> Jason at Spatial
More information about the openssl-users
mailing list