[openssl-dev] [openssl-users] pkeyutl does not invoke hash?

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Fri Jan 15 13:29:57 UTC 2016


Yes you are correct. But... For RSA ‎the max size cannot be greater than the modulus, and while I agree that usually it would be less, in general it doesn't have to be, with no negative impact on security when data to be signed is large enough to leave no room for padding. For ECDSA truncating data to be signed before the actual signing isn't going to win many friends in the security community, especially when this data is not a crypto hash output. 

Semi-related: pkeyutl man page says "only SHA1 for ECDSA". Is it still correct? And why such a limitation?

Thanks!

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: Dr. Stephen Henson‎
Sent: Thursday, January 14, 2016 19:03
To: openssl-dev at openssl.org
Reply To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?

On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote:

> On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson"
> <openssl-dev-bounces at openssl.org on behalf of steve at openssl.org> wrote:
> 
> >On Thu, Jan 14, 2016, Salz, Rich wrote:
> >
> >> Okay, how about this. First, remove the NOTES subhead. Add this to
> >>the end of the first paragraph:
> >> 
> >> This program does not hash the input data and requires the input data
> >> to be of the proper size, and must not be greater than the size of
> >> the public key field or modulus. See dgst(1) for a unified
> >> Interace.
> >> 
> >
> >The comment about the public key field or modulus is only true for some
> >public
> >key algorithms (e.g. RSA).
> 
> Public key modulus would be true for RSA and DSA. Field would be true for
> ECDSA (and I daresay EdDSA). What other signatures do we have?

For RSA the maximum size depends on the padding mode and is typically
less than the modulus.

For ECDSA it can be exceed the field size: it is truncated in that case.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160115/94022cde/attachment.bin>


More information about the openssl-dev mailing list