[openssl-dev] [openssl-users] pkeyutl does not invoke hash?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Mon Jan 18 19:22:19 UTC 2016
My preference would be to explain exactly - to avoid confusion and problems arising from possible misunderstanding.
As I said, however, I can live with either - as by now *I* at least understand what this code does. ;-)
But it doesn't seem fair for those who did not benefit from studying the piles of openssl-users and openssl-dev archives.
Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
Original Message
From: Hubert Kario
Sent: Monday, January 18, 2016 06:23
To: openssl-dev at openssl.org
Reply To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash?
On Friday 15 January 2016 00:02:43 Dr. Stephen Henson wrote:
> On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
> > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson"
> >
> > <openssl-dev-bounces at openssl.org on behalf of steve at openssl.org>
wrote:
> > >On Thu, Jan 14, 2016, Salz, Rich wrote:
> > >> Okay, how about this. First, remove the NOTES subhead. Add this
> > >> to
> > >>
> > >>the end of the first paragraph:
> > >> This program does not hash the input data and requires the input
> > >> data
> > >> to be of the proper size, and must not be greater than the size
> > >> of
> > >> the public key field or modulus. See dgst(1) for a unified
> > >> Interace.
> > >
> > >The comment about the public key field or modulus is only true for
> > >some public
> > >key algorithms (e.g. RSA).
> >
> > Public key modulus would be true for RSA and DSA. Field would be
> > true for ECDSA (and I daresay EdDSA). What other signatures do we
> > have?
> For RSA the maximum size depends on the padding mode and is typically
> less than the modulus.
>
> For ECDSA it can be exceed the field size: it is truncated in that
> case.
True, but what should we put in the man page? Explain the above exactly,
or just not mention the limit at all?
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4350 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160118/9fbdc35f/attachment.bin>
More information about the openssl-dev
mailing list