Hi Hanno, all, Thus wrote Hanno Boeck via RT ([email protected]):
> openssl genrsa 2001 > test.key > openssl req -batch -new -x509 -sigopt rsa_padding_mode:pss -nodes -days 99999 > -key test.key> test.crt > openssl verify -check_ss_sig -CAfile test.crt test.crt I've had a quick look, the problem is that the saltlen encoded in the certificate (==229) and the saltlen used for the calculations (==228) are different. In RSA_padding_add_PKCS1_PSS_mgf1(), RSA_size(rsa) is 250. In rsa_item_sign(), EVP_PKEY_size(pk) is 251. I can't take the ticket in the RT but I'm happy to progress this and propose a patch. Best regards, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
