On 11-05-2021 17:33, Alex Peshkoff via Firebird-devel wrote:
On 5/11/21 6:24 PM, Mark Rotteveel wrote:
And I repeat: given RSA_SIGN has a HASH parameter, and applies PSS, I
assume it hashes the message using the supplied (or default) hash
algorithm, and then signs the resulting hash. Having to hash this
yourself makes no sense to me.
It _might_ be implemented that way. And I agree that form is slightly
simpler to use (though not as smart as current). You know - I'm always
open to enhancements. But... do you suggest to rework it a few days
before release? When people who tried beta/rc may be ready to use
existing functions (I know at least one company).
Then I propose to at least rename the function to RSA_SIGN_HASH so it 1)
matches the TomCrypt function name it basically calls directly, and 2)
makes clear that it doesn't sign a message, but a hash, and sort the
rest out later.
I think it's better to break things now, because after release we can
never go back. If I had understood beforehand how it worked, I would
have pointed this out earlier when reviewing release notes in the past
years, but until now I thought it was just an odd example, and I only
looked into it deeper when I started updating the Language Reference.
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel