Looks good. I might add an *explicit* statement “pkeyutl does not invoke the specified digest function”.
Yes I realize it could be seen as repetitive. I’d much rather be repetitive than risk misunderstanding. And there are no praises for the shortest man page. :-) -- Regards, Uri Blumenthal On 1/19/16, 7:15 , "Hubert Kario" <hka...@redhat.com> wrote: >On Monday 18 January 2016 19:22:19 Blumenthal, Uri - 0553 - MITLL wrote: >> My preference would be to explain exactly - to avoid confusion and >> problems arising from possible misunderstanding. >> >> As I said, however, I can live with either - as by now *I* at least >> understand what this code does. ;-) >> >> But it doesn't seem fair for those who did not benefit from studying >> the piles of openssl-users and openssl-dev archives. > >OK, I've updated the PR: https://github.com/openssl/openssl/pull/554 >https://github.com/tomato42/openssl/commit/f37b5e639e57c2d4c3b404c24ecb11b >8ec627e9b > >> Sent from my BlackBerry 10 smartphone on the >> Verizon Wireless 4G LTE network. Original Message >> From: Hubert Kario >> Sent: Monday, January 18, 2016 06:23 >> To: openssl-dev@openssl.org >> Reply To: openssl-dev@openssl.org >> Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke >> hash? >> On Friday 15 January 2016 00:02:43 Dr. Stephen Henson wrote: >> > On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: >> > > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson" >> > > >> > > <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> >> >> wrote: >> > > >On Thu, Jan 14, 2016, Salz, Rich wrote: >> > > >> Okay, how about this. First, remove the NOTES subhead. Add this >> > > >> to >> > > >> >> > > >>the end of the first paragraph: >> > > >> This program does not hash the input data and requires the >> > > >> input >> > > >> data >> > > >> to be of the proper size, and must not be greater than the size >> > > >> of >> > > >> the public key field or modulus. See dgst(1) for a unified >> > > >> Interace. >> > > > >> > > >The comment about the public key field or modulus is only true >> > > >for >> > > >some public >> > > >key algorithms (e.g. RSA). >> > > >> > > Public key modulus would be true for RSA and DSA. Field would be >> > > true for ECDSA (and I daresay EdDSA). What other signatures do we >> > > have? >> > >> > For RSA the maximum size depends on the padding mode and is >> > typically >> > less than the modulus. >> > >> > For ECDSA it can be exceed the field size: it is truncated in that >> > case. >> >> True, but what should we put in the man page? Explain the above >> exactly, or just not mention the limit at all? > >-- >Regards, >Hubert Kario >Senior Quality Engineer, QE BaseOS Security team >Web: www.cz.redhat.com >Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
