On Tuesday 19 January 2016 22:16:23 Blumenthal, Uri - 0553 - MITLL wrote: > Looks good. I might add an *explicit* statement “pkeyutl does not > invoke the specified digest function”. > > Yes I realize it could be seen as repetitive. I’d much rather be > repetitive than risk misunderstanding. And there are no praises for > the shortest man page. :-)
I don't want to do that because AFAIK, for Ed25519 and Ed448 the hash *is* integral part of the signature process and you pass *the whole* message-to-be-signed to the signature function, not its hash. So, unless the above is false, I'd rather not add such absolute statements. But please correct me if I'm wrong. > >On Monday 18 January 2016 19:22:19 Blumenthal, Uri - 0553 - MITLL wrote: > >> My preference would be to explain exactly - to avoid confusion and > >> problems arising from possible misunderstanding. > >> > >> As I said, however, I can live with either - as by now *I* at least > >> understand what this code does. ;-) > >> > >> But it doesn't seem fair for those who did not benefit from > >> studying > >> the piles of openssl-users and openssl-dev archives. > > > >OK, I've updated the PR: https://github.com/openssl/openssl/pull/554 > >https://github.com/tomato42/openssl/commit/f37b5e639e57c2d4c3b404c24e > >cb11b 8ec627e9b > > > >> Sent from my BlackBerry 10 smartphone on the > >> Verizon Wireless 4G LTE network. Original Message > >> From: Hubert Kario > >> Sent: Monday, January 18, 2016 06:23 > >> To: openssl-dev@openssl.org > >> Reply To: openssl-dev@openssl.org > >> Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke > >> hash? > >> > >> On Friday 15 January 2016 00:02:43 Dr. Stephen Henson wrote: > >> > On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > >> > > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen > >> > > Henson" > >> > > > >> > > <openssl-dev-boun...@openssl.org on behalf of > >> > > st...@openssl.org> > >> > >> wrote: > >> > > >On Thu, Jan 14, 2016, Salz, Rich wrote: > >> > > >> Okay, how about this. First, remove the NOTES subhead. Add > >> > > >> this > >> > > >> to > >> > > >> > >> > > >>the end of the first paragraph: > >> > > >> This program does not hash the input data and requires the > >> > > >> input > >> > > >> data > >> > > >> to be of the proper size, and must not be greater than the > >> > > >> size > >> > > >> of > >> > > >> the public key field or modulus. See dgst(1) for a unified > >> > > >> Interace. > >> > > > > >> > > >The comment about the public key field or modulus is only true > >> > > >for > >> > > >some public > >> > > >key algorithms (e.g. RSA). > >> > > > >> > > Public key modulus would be true for RSA and DSA. Field would > >> > > be > >> > > true for ECDSA (and I daresay EdDSA). What other signatures do > >> > > we > >> > > have? > >> > > >> > For RSA the maximum size depends on the padding mode and is > >> > typically > >> > less than the modulus. > >> > > >> > For ECDSA it can be exceed the field size: it is truncated in > >> > that > >> > case. > >> > >> True, but what should we put in the man page? Explain the above > >> exactly, or just not mention the limit at all? -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
