Re: [openssl-dev] Bug: digest parameter is rejected
See crypto/rsa/rsa_pmeth.c pkey_rsa_ctrl_str for the options. There is also rsa_oaep_label Thank you!! That saved the day: . . . . . Where can I see the complete list of the options that “-pkeyopt” supports now? I missed the crypto/rsa/rsa_pmeth.c pkey_rsa_ctrl_str part. ;-( Apology for not paying attention. The label is supplied as the initial hash, hex-encoded, right? Oh, it would be nice to add “rsa_oaep_md:digest” and “rsa_oaep_label:hexstring” to the man page. ;-) smime.p7s Description: S/MIME cryptographic signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Bug: digest parameter is rejected
On 09/18/2017 09:32 AM, Blumenthal, Uri - 0553 - MITLL wrote: > > RSA-OAEP supports different hash functions and MGF. SHA-1 is the default. > > > > OpenSSL implementation of OAEP wrongly refuses to set the hash > algorithm, preventing one from using SHA-2 family: > > You'll probably need to pick up master and its -rsa_mgf1_md argument to pkeyutl. -Ben -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Bug: digest parameter is rejected
RSA-OAEP supports different hash functions and MGF. SHA-1 is the default. OpenSSL implementation of OAEP wrongly refuses to set the hash algorithm, preventing one from using SHA-2 family: $ openssl version OpenSSL 1.0.2l 25 May 2017 $ openssl pkeyutl -encrypt -in t1264.dat -out t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt rsa_padding_mode:oaep $ openssl pkeyutl -encrypt -in t1264.dat -out t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt rsa_padding_mode:oaep -pkeyopt digest:sha256 parameter setting error 140736155067400:error:06089094:digital envelope routines:EVP_PKEY_CTX_ctrl:invalid operation:pmeth_lib.c:376: $ ~/openssl-1.1/bin/openssl version OpenSSL 1.1.0g-dev xx XXX $ ~/openssl-1.1/bin/openssl pkeyutl -encrypt -in t1264.dat -out t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt rsa_padding_mode:oaep $ ~/openssl-1.1/bin/openssl pkeyutl -encrypt -in t1264.dat -out t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt rsa_padding_mode:oaep -pkeyopt digest:sha256 pkeyutl: Can't set parameter: 140736155067328:error:06089094:digital envelope routines:EVP_PKEY_CTX_ctrl:invalid operation:crypto/evp/pmeth_lib.c:312: $ It seems that OpenSSL tries to enforce the incorrect assumption that digest/hash is only applicable to signature padding, but not to encryption padding? -- Regards, Uri Blumenthal smime.p7s Description: S/MIME cryptographic signature -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev