[openssl-dev] [openssl.org #3895] fprintf in ssl library
Dmitry Belyavsky via RT
rt at openssl.org
Fri Jun 5 08:14:46 UTC 2015
Dear Rich,
Here are some clarifications regarding GOST.
On Fri, Jun 5, 2015 at 1:36 AM, Rich Salz via RT <rt at openssl.org> wrote:
> Summarizing some email from the team-internal thread.
>
>
> > rsalz> In s3_srvr.c:
> > rsalz> if (i != 64) {
> > rsalz> fprintf(stderr, "GOST signature length is %d", i);
> > rsalz> }
> >
> > This looks weird to me. The code following this seems to assume a 64
> > byte signature, BUT the comment around line 2916 suggests that a GOST
> > signature can have other lengths as well. That suggests that this
> > fprintf() is a debugging print... However, it does look to me like
> > we're still only handling 64-byte long GOST signatures, so something
> > isn't quite complete.
> > ... and I need to read up on GOST.
>
Yes, it seems to exist here for mostly debugging purposes from the ancient
time. And it is rather weird.
Both GOST 94 (deprecated) and GOST 2001 signature algorithms have 64-byte
signatures, but GOST 2012 (implemented in a separate patch) has both 64
bytes and 128 bytes variants.
BTW, we are interested in providing the GOST 2012 support for openssl and
have a comprehensive patch implementing it.
Thank you!
--
SY, Dmitry Belyavsky
More information about the openssl-dev
mailing list