My preference would be to explain exactly - to avoid confusion and problems arising from possible misunderstanding.
As I said, however, I can live with either - as by now *I* at least understand what this code does. ;-) But it doesn't seem fair for those who did not benefit from studying the piles of openssl-users and openssl-dev archives. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Hubert Kario Sent: Monday, January 18, 2016 06:23 To: openssl-dev@openssl.org Reply To: openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl-users] pkeyutl does not invoke hash? On Friday 15 January 2016 00:02:43 Dr. Stephen Henson wrote: > On Thu, Jan 14, 2016, Blumenthal, Uri - 0553 - MITLL wrote: > > On 1/14/16, 16:51 , "openssl-dev on behalf of Dr. Stephen Henson" > > > > <openssl-dev-boun...@openssl.org on behalf of st...@openssl.org> wrote: > > >On Thu, Jan 14, 2016, Salz, Rich wrote: > > >> Okay, how about this. First, remove the NOTES subhead. Add this > > >> to > > >> > > >>the end of the first paragraph: > > >> This program does not hash the input data and requires the input > > >> data > > >> to be of the proper size, and must not be greater than the size > > >> of > > >> the public key field or modulus. See dgst(1) for a unified > > >> Interace. > > > > > >The comment about the public key field or modulus is only true for > > >some public > > >key algorithms (e.g. RSA). > > > > Public key modulus would be true for RSA and DSA. Field would be > > true for ECDSA (and I daresay EdDSA). What other signatures do we > > have? > For RSA the maximum size depends on the padding mode and is typically > less than the modulus. > > For ECDSA it can be exceed the field size: it is truncated in that > case. True, but what should we put in the man page? Explain the above exactly, or just not mention the limit at all? -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev