[openssl-dev] [openssl-users] pkeyutl does not invoke hash?

[Hubert Kario]

On Thursday 14 January 2016 14:41:20 Blumenthal, Uri - 0553 - MITLL wrote:
> If you already know what Dr. Henson explained in the quoted emails -
> then the man page is crystal clear. However, if you don't - then it
> is very easy (it was to me) to make an erroneous assumption (that is
> not explicitly contradicted) that the digest you specify would be
> applied to the data you are signing by pkeyutl itself. 
> 
> This is why I'm asking to include a statement (taking the relevant
> paragraph from Steve's email seems the best and the simplest way to
> me) somewhere in the beginning of the Notes section. That added
> statement/paragraph would makeit unambiguously clear that specified
> or implied digest and it's parameters are used by pkeyutl ONLY for
> sanity checks and inclusion into the signature structure, but are NOT
> applied to the input data by pkeyutl (which instead the user must
> himself perform prior to invoking pkeyutl).

How about such change?:
--------->8----------

While the man page of pkeyutl mentions usage of hashes of data,
it is not explicit in that the data should be passed in
is the result of hashing and that the function will no perform
any hashing on the input data.

This patch adds a note that makes this explicit.
---
 doc/apps/pkeyutl.pod | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod
index 27be9a9..b6f9e40 100644
--- a/doc/apps/pkeyutl.pod
+++ b/doc/apps/pkeyutl.pod
@@ -135,6 +135,10 @@ and its implementation. The OpenSSL operations and options are indicated below.
 
 Unless otherwise mentioned all algorithms support the B<digest:alg> option
 which specifies the digest in use for sign, verify and verifyrecover operations.
+This value is used only for sanity-checking the lengths of passed in data and
+setting the values of signature structures (e.g. B<DigestInfo>) of the
+generated signature. In other words, if the value of digest is B<sha1> the
+input should be 20 bytes long binary encoding of SHA-1 hash function.
 The value B<alg> should represent a digest name as used in the
 EVP_get_digestbyname() function for example B<sha1>.
 
-- 
2.4.3

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160114/7268e45b/attachment.sig>