[openssl-dev] Variable length of digest
Dmitry Belyavsky
beldmit at gmail.com
Thu Dec 24 08:24:37 UTC 2015
Dear Victor,
On Thu, Dec 24, 2015 at 11:02 AM, Victor Wagner <vitus at wagner.pp.ru> wrote:
> On Thu, 24 Dec 2015 10:45:37 +0300
> Dmitry Belyavsky <beldmit at gmail.com> wrote:
>
>
> > >
> > > If there's a new construct whose output size depends on the input
> > > data, that probably requires a new family of functions.
> > >
> >
> > Well, the gost-mac is treated specially itself and may be it can be
> > simplified introducing the new construction.
>
> Really it is MAC. I.e. it is combination of digest and pkey algorithms,
> and digest itself is never seen by any application. Applications only
> access MAC value via EVP_DigestSignFinal interface. And it already
> allows variable size of signature.
>
If you try to change the output length via the -macopt option of the dgst
command, you'll see that the text output will be 4 bytes.
It seems to happen because of the internal call to the EVP_MD_size()
function.
If we change the EVP_MD_CTX_size() definition from a macro to a function
trying to call the ctrl function and then to fallback to the result of the
EVP_MD_size() function, it should improve the situation.
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151224/5995ced9/attachment.html>
More information about the openssl-dev
mailing list