[openssl-dev] [openssl-users] pkeyutl does not invoke hash?
Hubert Kario
hkario at redhat.com
Mon Jan 18 11:23:30 UTC 2016
On Friday 15 January 2016 00:02:43 Dr. Stephen Henson wrote:
> On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
> > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson"
> >
> > <openssl-dev-bounces at openssl.org on behalf of steve at openssl.org>
wrote:
> > >On Thu, Jan 14, 2016, Salz, Rich wrote:
> > >> Okay, how about this. First, remove the NOTES subhead. Add this
> > >> to
> > >>
> > >>the end of the first paragraph:
> > >> This program does not hash the input data and requires the input
> > >> data
> > >> to be of the proper size, and must not be greater than the size
> > >> of
> > >> the public key field or modulus. See dgst(1) for a unified
> > >> Interace.
> > >
> > >The comment about the public key field or modulus is only true for
> > >some public
> > >key algorithms (e.g. RSA).
> >
> > Public key modulus would be true for RSA and DSA. Field would be
> > true for ECDSA (and I daresay EdDSA). What other signatures do we
> > have?
> For RSA the maximum size depends on the padding mode and is typically
> less than the modulus.
>
> For ECDSA it can be exceed the field size: it is truncated in that
> case.
True, but what should we put in the man page? Explain the above exactly,
or just not mention the limit at all?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160118/738a514d/attachment.sig>
More information about the openssl-dev
mailing list