Hello,
I'm having a hard time figuring out how to use the EVP interface to get a
RSA-PSS signature. I can successfully call RSA_padding_add_PKCS1_PSS, but when
I try to call the various macros for EVP_PKEY_CTX_ctrl.
The thing is, I'm not sure in which order (if any) these functions should be
called. Currently, this is what I have: (OSSL_err() calls
ERR_print_errors_fp(stderr))
EVP_PKEY_CTX* keygen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
EVP_PKEY* pkey = NULL;
if (EVP_PKEY_keygen_init(keygen_ctx)<1) OSSL_err();
else printf("keygen init ok\n");
if (EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, 2048)<1) OSSL_err();
else printf("set rsa keygen bits ok\n");
if (EVP_PKEY_CTX_set_rsa_padding(keygen_ctx, RSA_PKCS1_PSS_PADDING)<1)
OSSL_err();
if (EVP_PKEY_CTX_set_rsa_pss_saltlen(keygen_ctx, -2)<1) OSSL_err();
if (EVP_PKEY_keygen(keygen_ctx, &pkey)<1) OSSL_err(); else printf("keygen
ok\n");
When I call the functions in this order, I get everything okay up to
set_rsa_padding, which returns
0:error:0408F090:rsa routines:PKEY_RSA_CTRL:illegal or unsupported padding
mode:rsa_pmeth.c:403:
0:error:06089093:digital envelope routines:EVP_PKEY_CTX_ctrl:command not
supported:pmeth_lib.c:358:
If I call set_rsa_pss_salten before set_rsa_padding, I get
0:error:06089094:digital envelope routines:EVP_PKEY_CTX_ctrl:invalid
operation:pmeth_lib.c:351:
EVP_PKEY_keygen works if I call it before those two. I also tried to use
EVP_PKEY_CTX_set_signature_md before them, to no avail.
Is there anything obvious I'm missing? I tried building the library and
enabling debug mode, but I can't get gdb to find the source. Simply browsing
the code got me nowhere.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
