Re: [openssl-dev] Variable length of digest

2015-12-24 Thread Ann
Am 23.12.2015 um 23:18 schrieb Dr. Stephen Henson: > That's an interesting question. What digest requires this? Is the output > length arbitrary or do the standards specify a maximum size? > > Is e.g. SHA-512/t (see 5.3.6 of FIPS 180-4) an appropriate example? Here t is any positive integer

Re: [openssl-dev] Variable length of digest

2015-12-24 Thread Dmitry Belyavsky
Dear Victor, On Thu, Dec 24, 2015 at 11:02 AM, Victor Wagner wrote: > On Thu, 24 Dec 2015 10:45:37 +0300 > Dmitry Belyavsky wrote: > > > > > > > > If there's a new construct whose output size depends on the input > > > data, that probably requires a new

[openssl-dev] [openssl.org #4200] extra data for ec keys

2015-12-24 Thread Roumen Petrov via RT
Update patch sent to request tracker - without gap for CRYPTO_EX_INDEX Salz, Rich wrote: >> External cryptographic modules may store addition information to key. >> What about to define CRYPTO_EX_DATA for ec keys? > That is the plan -- we will remove EX_EX_DATA and the internal API and just >

Re: [openssl-dev] Variable length of digest

2015-12-24 Thread Victor Wagner
On Thu, 24 Dec 2015 10:45:37 +0300 Dmitry Belyavsky wrote: > > > > If there's a new construct whose output size depends on the input > > data, that probably requires a new family of functions. > > > > Well, the gost-mac is treated specially itself and may be it can be >

[openssl-dev] access-EC_KEY-method-property

2015-12-24 Thread Roumen Petrov
Salz, Rich wrote: [SNIP] I would like to request external applications to be able to change method - see attached patch "0009-access-EC_KEY-method-property.patch". Can you say how this would be used? Since the key method is opaque... Yes but a number of functions (see below) allow

Re: [openssl-dev] Variable length of digest

2015-12-24 Thread Dr. Stephen Henson
On Thu, Dec 24, 2015, Dmitry Belyavsky wrote: > > If you try to change the output length via the -macopt option of the dgst > command, you'll see that the text output will be 4 bytes. > It seems to happen because of the internal call to the EVP_MD_size() > function. > > If we change the

Re: [openssl-dev] access-EC_KEY-method-property

2015-12-24 Thread Salz, Rich
> Yes but a number of functions (see below) allow implementation as external > to openssl cryptographic module: Yes, I figured that out after I sent the mail :( Patch is in code review now, thanks! ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #4200] extra data for ec keys

2015-12-24 Thread Salz, Rich via RT
I fixed that, added docs. It's in code review now. Thanks! ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Variable length of digest

2015-12-24 Thread Victor Wagner
On Thu, 24 Dec 2015 11:24:37 +0300 Dmitry Belyavsky wrote: > > If you try to change the output length via the -macopt option of the > dgst command, you'll see that the text output will be 4 bytes. It is misfeature of dgst command. You have to use -signopt, not -macopt,