It seems that there is a bug in RSA_public_encrypt with the padding method set as RSA_NO_PADDING.
The bug is: when flen is not the RSA key size (e.g., 32 bytes), the function returns -1 and no encryption is done.
What is the principle behind this design?
RSA works on input that has the same number of bits as the RSA key size. (An earlier message from you disagreed with this; you're wrong.)
In other words, a 1024-bit RSA key works on 1024 bits of input and returns 1024 bits of output. If your input is not the same size as the key, you must use padding to make it so. If you do not use padding, than the RSA algorithm cannot be executed.
/r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
