On Thu, Nov 27, 2008, Nanavati, Sitanshu wrote: > Thank you! Steve. > > I just added the flag; however the call goes to rsa_sign.c. > I have hooked following two methods to SSLeay. Could that be a problem for > Sign and verify? > > int (*rsa_pub_dec)(int flen, unsigned char *from, > unsigned char *to, RSA *rsa, int padding); > > int (*rsa_priv_enc)(int flen, unsigned char *from, > unsigned char *to, RSA *rsa, int padding); >
The call *always* goes to rsa_sign.c however if you implement rsa_sign and set that flag it is redirected immediately to your function. In that case you get raw digests and it is the implementations responsibility to process the digest in an appropriate way. This only supports the PKCS#1 v1.5 signature scheme and whatever digests the API handles. However certain APIs (for example CryptoAPI) only support this interface. If you implement rsa_priv_enc() then you get the data after it has been processed by RSA_sign() and any DigestInfo structure set up. This is the preferred route because other signature schemes can be handled (if supported) and digest type handling is done by OpenSSL itself. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
