Dear Rich, Here are some clarifications regarding GOST.
On Fri, Jun 5, 2015 at 1:36 AM, Rich Salz via RT <[email protected]> wrote: > Summarizing some email from the team-internal thread. > > > > rsalz> In s3_srvr.c: > > rsalz> if (i != 64) { > > rsalz> fprintf(stderr, "GOST signature length is %d", i); > > rsalz> } > > > > This looks weird to me. The code following this seems to assume a 64 > > byte signature, BUT the comment around line 2916 suggests that a GOST > > signature can have other lengths as well. That suggests that this > > fprintf() is a debugging print... However, it does look to me like > > we're still only handling 64-byte long GOST signatures, so something > > isn't quite complete. > > ... and I need to read up on GOST. > Yes, it seems to exist here for mostly debugging purposes from the ancient time. And it is rather weird. Both GOST 94 (deprecated) and GOST 2001 signature algorithms have 64-byte signatures, but GOST 2012 (implemented in a separate patch) has both 64 bytes and 128 bytes variants. BTW, we are interested in providing the GOST 2012 support for openssl and have a comprehensive patch implementing it. Thank you! -- SY, Dmitry Belyavsky
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
