Can EVP_PKEY_encrypt input and output buffers be the same for RSA encrypt/decrypt? OpenSSL documentation neither explicitly denies nor allows to do it .
Asked
Active
Viewed 404 times
1
olegst
- 1,209
- 1
- 13
- 33
-
There s not a lot to gain since the data buffers are limited to the maximum data size that will be smaller then the key size. – zaph Mar 01 '17 at 15:09
-
If it doesn't explicitly say in the documentation that you can then you shouldn't. Even if it works today, without the promise in the documentation it may change in the future and break your code. – President James K. Polk Mar 01 '17 at 20:35
1 Answers
1
Have a look at rsa_ossl_public_encrypt and rsa_ossl_private_decrypt. Seems like it should work for openssl implementation.
As far as I understand the flow is as follows:
- create a big integer from the input buffer - this integer has its own memory thus you do not need the input buffer at this point.
- encrypt/decrypt - result is a big integer
- store the resulting big integer to the output buffer (overwrite input buffer)
I would be careful with such usage since they don't explicitly allow it in the documentation. In case you use some other engine it can break.
Marek Klein
- 1,410
- 12
- 20