Matt, *Thank you!* Crystal clear now. Semi-related question. Is RSA_NO_PADDING allowed for EVP signature? When I tried that (without using DigestSign of course), signing succeeded but verification always failed. Was that expected? Are there some special settings one needs to apply besides just setting the padding type? Thanks! Regards, Uri Sent from my iPhone > On Apr 29, 2017, at 19:34, Matt Caswell <matt@xxxxxxxxxxx> wrote: > > > >> On 28/04/17 20:29, Blumenthal, Uri - 0553 - MITLL wrote: >> I’m playing with RSA-PSS signatures, and stumbled upon a few problems. I >> tried the OpenSSL manual pages, but still coming short of complete >> understanding. :-) >> >> >> >> This is how I initialize the contexts (error handlers removed for brevity): >> >> >> >> ctx = EVP_PKEY_CTX_new(privkey, NULL); > > Don't do this. Just set ctx to NULL. > >> >> md_ctx = EVP_MD_CTX_create(); >> >> const EVP_MD *md = EVP_sha256(); >> >> rv = EVP_DigestInit_ex(md_ctx, md, NULL); >> >> rv = EVP_DigestSignInit(md_ctx, &ctx, md, NULL, privkey); > > ctx gets "filled in" by the EVP_DigestSignInit call. > >> >> >> >> First question: do I need EVP_DigestInit_ex() there? > > No. It unnecessary. > >> >> >> >> Second question: do I have to specify hash-function (EVP_MD*) twice? >> First when initializing EVP_MD_CTX, and second for EVP_DigestSignInit()? >> > > No...don't call EVP_DigestInit_ex() at all. > >> >> >> At the end I need to dispose of both ctx and md_ctx. > > "ctx" is "owned" by md_ctx. Just free md_ctx and ctx also gets freed. > > > Matt > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users