[openssl-dev] [openssl-users] pkeyutl does not invoke hash?

Tue Jan 19 12:15:32 UTC 2016

On Monday 18 January 2016 19:22:19 Blumenthal, Uri - 0553 - MITLL wrote:
> My preference would be to explain exactly - to avoid confusion and
> problems arising from possible misunderstanding.
> 
> As I said, however, I can live with either - as by now *I* at least
> understand what this code does. ;-)
> 
> But it doesn't seem fair for those who did not benefit from studying
> the piles of openssl-users and openssl-dev archives.

OK, I've updated the PR: https://github.com/openssl/openssl/pull/554
https://github.com/tomato42/openssl/commit/f37b5e639e57c2d4c3b404c24ecb11b8ec627e9b
 
> Sent from my BlackBerry 10 smartphone on the
> Verizon Wireless 4G LTE network. Original Message
> From: Hubert Kario
> Sent: Monday, January 18, 2016 06:23
> To: openssl-dev at openssl.org
> Reply To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke
> hash?
> On Friday 15 January 2016 00:02:43 Dr. Stephen Henson wrote:
> > On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
> > > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson"
> > > 
> > > <openssl-dev-bounces at openssl.org on behalf of steve at openssl.org>
> 
> wrote:
> > > >On Thu, Jan 14, 2016, Salz, Rich wrote:
> > > >> Okay, how about this. First, remove the NOTES subhead. Add this
> > > >> to
> > > >>
> > > >>the end of the first paragraph:
> > > >> This program does not hash the input data and requires the
> > > >> input
> > > >> data
> > > >> to be of the proper size, and must not be greater than the size
> > > >> of
> > > >> the public key field or modulus. See dgst(1) for a unified
> > > >> Interace.
> > > >
> > > >The comment about the public key field or modulus is only true
> > > >for
> > > >some public
> > > >key algorithms (e.g. RSA).
> > > 
> > > Public key modulus would be true for RSA and DSA. Field would be
> > > true for ECDSA (and I daresay EdDSA). What other signatures do we
> > > have?
> > 
> > For RSA the maximum size depends on the padding mode and is
> > typically
> > less than the modulus.
> > 
> > For ECDSA it can be exceed the field size: it is truncated in that
> > case.
> 
> True, but what should we put in the man page? Explain the above
> exactly, or just not mention the limit at all?

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160119/75c32b2e/attachment.sig>