[openssl-dev] [openssl-users] pkeyutl does not invoke hash?
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Tue Jan 19 22:16:23 UTC 2016
Looks good. I might add an *explicit* statement “pkeyutl does not invoke
the specified digest function”.
Yes I realize it could be seen as repetitive. I’d much rather be
repetitive than risk misunderstanding. And there are no praises for the
shortest man page. :-)
--
Regards,
Uri Blumenthal
On 1/19/16, 7:15 , "Hubert Kario" <hkario at redhat.com> wrote:
>On Monday 18 January 2016 19:22:19 Blumenthal, Uri - 0553 - MITLL wrote:
>> My preference would be to explain exactly - to avoid confusion and
>> problems arising from possible misunderstanding.
>>
>> As I said, however, I can live with either - as by now *I* at least
>> understand what this code does. ;-)
>>
>> But it doesn't seem fair for those who did not benefit from studying
>> the piles of openssl-users and openssl-dev archives.
>
>OK, I've updated the PR: https://github.com/openssl/openssl/pull/554
>https://github.com/tomato42/openssl/commit/f37b5e639e57c2d4c3b404c24ecb11b
>8ec627e9b
>
>> Sent from my BlackBerry 10 smartphone on the
>> Verizon Wireless 4G LTE network. Original Message
>> From: Hubert Kario
>> Sent: Monday, January 18, 2016 06:23
>> To: openssl-dev at openssl.org
>> Reply To: openssl-dev at openssl.org
>> Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke
>> hash?
>> On Friday 15 January 2016 00:02:43 Dr. Stephen Henson wrote:
>> > On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote:
>> > > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson"
>> > >
>> > > <openssl-dev-bounces at openssl.org on behalf of steve at openssl.org>
>>
>> wrote:
>> > > >On Thu, Jan 14, 2016, Salz, Rich wrote:
>> > > >> Okay, how about this. First, remove the NOTES subhead. Add this
>> > > >> to
>> > > >>
>> > > >>the end of the first paragraph:
>> > > >> This program does not hash the input data and requires the
>> > > >> input
>> > > >> data
>> > > >> to be of the proper size, and must not be greater than the size
>> > > >> of
>> > > >> the public key field or modulus. See dgst(1) for a unified
>> > > >> Interace.
>> > > >
>> > > >The comment about the public key field or modulus is only true
>> > > >for
>> > > >some public
>> > > >key algorithms (e.g. RSA).
>> > >
>> > > Public key modulus would be true for RSA and DSA. Field would be
>> > > true for ECDSA (and I daresay EdDSA). What other signatures do we
>> > > have?
>> >
>> > For RSA the maximum size depends on the padding mode and is
>> > typically
>> > less than the modulus.
>> >
>> > For ECDSA it can be exceed the field size: it is truncated in that
>> > case.
>>
>> True, but what should we put in the man page? Explain the above
>> exactly, or just not mention the limit at all?
>
>--
>Regards,
>Hubert Kario
>Senior Quality Engineer, QE BaseOS Security team
>Web: www.cz.redhat.com
>Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4308 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160119/158d4ac3/attachment-0001.bin>
More information about the openssl-dev
mailing list