Naming of methods in RSA_METHOD

Rafael Ferrer eureka6676 at
Sun Mar 1 07:51:00 UTC 2020

So I went back to this and I think the problem is we are forced to 
create a RSA_private_encrypt function even if all we want to do is sign.

That branch gets hit on doing a TLS connection but not on creating a 
certificate. Ideally, shouldn't RSA_PKCS1_PSS_PADDING (and the other 
padding mode) also be handled by the RSA_sign of the engine 
implementation? I mean it is inside a function called pkey_rsa_sign. 
Though the RSA_sign function signature doesn't seem to allow specifying 
the padding.

More information about the openssl-users mailing list