openssl/openssl

APPS/pkeyutl: loose ends from PR 22910 and 25831 and issue 25898

Open

#25,892 建立於 2024年11月6日

在 GitHub 查看
 (0 留言) (0 反應) (0 負責人)C (11,262 fork)batch import
branch: masterhelp wantedtriaged: feature

倉庫指標

Star
 (30,157 star)
PR 合併指標
 (30 天內沒有已合併 PR)

描述

The following points are still open from our exchange on PRs #22910 and #25831 and issue #25898:

  • whether it's worth/suitable to backport part of the commits of #22910, in particular that -digest and use of EdDSA implies -rawin for convenience.
  • in case -sign or -verify input is not considered 'raw', how to make the check on the input length of the pure asymmetric signing operation more precise/correct - note that the existing comparison with EVP_MAX_MD_SIZE = 512 bits is too coarse for ECDSA (where input length typically is smaller) and too tight for RSA (where the possible input length typically is larger)
  • when using -verifyrecover, how to add a to-the-point check on the size of -in, which is supposed to be a signature output - see #25898
  • find and use a better alternative to: EVP_PKEY_is_a(pkey, "ED25519") || EVP_PKEY_is_a(pkey, "ED448") for checking whether a signature algorithm expects raw (undigested) input or not as mentioned in https://github.com/openssl/openssl/pull/22910#issuecomment-2446512288
  • Update: this item is meanwhile handled by #25958: Further Improve openssl-pkeyutl.pod.in for instance:
    • s/algorithms support the B<digest:>I<alg> option /algorithms support the B<digest:>I<alg> argument of the B<-pkeyopt> option/ (for context see here).
    • examples should default to sha256 rather than to the obsolete sha1 (for context see here).

貢獻者指南