IMHO, this thread has got to the level of nits within nits within nits :-) The issue was addressed very well by an earlier response. At the most a sentence or two in the man page is needed. RSA is the way it is and the implementation is correct. Chris Brook
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Richard Levitte - VMS Whacker Sent: Thursday, March 25, 2004 11:21 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: a bug in RSA_public_encrypt with RSA_NO_PADDING In message <[EMAIL PROTECTED]> on Thu, 25 Mar 2004 11:09:42 -0500, Geoff Thorpe <[EMAIL PROTECTED]> said: geoff> On March 25, 2004 10:44 am, Richard Levitte - VMS Whacker wrote: geoff> > To begin with, I think the correct interpretation is that the output geoff> > buffer is required to have the same size as the modulus, so logically, geoff> > an output size parameter isn't required except for checking purposes. geoff> geoff> Well yes, my point had been that the output size is the only size geoff> parameter in the prototype. That's perhaps indicative of the state of geoff> affaires. :-) Uhmm, say what? Currently, the only size parameter is the input size (flen). We're still talking about the RSA_{public,private}_encrypt() functions, right? geoff> > I guess that allowing an input size that's smaller than the modulus geoff> > size could be doable, but isn't adviceable for security reasons or geoff> > something like that... geoff> geoff> Well it could all be handled relative to the padding geoff> parameters, the issue again is that the API isn't exposed in geoff> this form and changing it involves ... well, you know very well geoff> what that involves. <shudder> Actually, I don't, but give me some time to re-read the thread, 'cause I've obviously missed something... geoff> I think this is just one of those things that doesn't warrant geoff> us messing with it right now - if someone cares enough, they geoff> could clarify the relevant docs. I've already made a small change that explains what's expected when RSA_NO_PADDING is used... ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte \ Tunnlandsvägen 52 \ [EMAIL PROTECTED] [EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-708-26 53 44 \ SWEDEN \ Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Unsolicited commercial email is subject to an archival fee of $400. See <http://www.stacken.kth.se/~levitte/mail/> for more info. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]