Skip to content

Update EVP_DigestSignInit() docs#5992

Closed
mattcaswell wants to merge 2 commits intoopenssl:masterfrom
mattcaswell:update-digest-sign-docs
Closed

Update EVP_DigestSignInit() docs#5992
mattcaswell wants to merge 2 commits intoopenssl:masterfrom
mattcaswell:update-digest-sign-docs

Conversation

@mattcaswell
Copy link
Member

Explicitly state which digests can be used with which algorithms.

Fixes #5854

Explicitly state which digests can be used with which algorithms.

Fixes openssl#5854
@mattcaswell
Copy link
Member Author

It's not clear to me if the restriction that you cannot use SHA3 with ECDSA is intentional or not. Perhaps @dot-asm can comment.


Only EVP_PKEY types that support signing can be used with these functions. This
includes MAC algorithms where the MAC generation is considered as a form of
"signing". Built-in EVP_PKEY types supported by these functions are CMAC,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Punctuation inside the quotes.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Poly1305, DSA, HMAC, RSA, Siphash, Ed25519 and Ed448.

Not all digests can be used for all key types. The following combinations apply.
DSA supports SHA1, SHA224, SHA256, SHA384 and SHA512. ECDSA supports SHA1,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this be more digestible as a table or list? (E.g., using over/item/back constructs). At a minimum, it should be alphabetized.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, done.

@richsalz
Copy link
Contributor

Look at https://tools.ietf.org/html/draft-turner-lamps-adding-sha3-to-pkix-01 It's clearly in the works, so if we can support it we should probably do so.

@mattcaswell
Copy link
Member Author

Fixup commit pushed addressing comments.

Copy link
Contributor

@richsalz richsalz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@levitte
Copy link
Member

levitte commented Apr 17, 2018

Any thoughts on backporting this to 1.1.0?

Only EVP_PKEY types that support signing can be used with these functions. This
includes MAC algorithms where the MAC generation is considered as a form of
"signing." Built-in EVP_PKEY types supported by these functions are CMAC,
Poly1305, DSA, HMAC, RSA, Siphash, Ed25519 and Ed448.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SipHash ?

levitte pushed a commit that referenced this pull request Apr 18, 2018
Explicitly state which digests can be used with which algorithms.

Fixes #5854

Reviewed-by: Rich Salz <[email protected]>
(Merged from #5992)
@mattcaswell
Copy link
Member Author

Pushed (including @FdaSilvaYY typo fix). PR coming up for 1.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants