New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
APPS/pkeyutl
: improve -rawin
usability and doc
#22910
base: master
Are you sure you want to change the base?
Conversation
This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago |
This PR is in a state where it requires action by @openssl/otc but the last update was 61 days ago |
This PR is in a state where it requires action by @openssl/otc but the last update was 92 days ago |
This PR is in a state where it requires action by @openssl/committers but the last update was 30 days ago |
9e1aa2f
to
b8ece73
Compare
Thanks for pointing me to that, and
Yes. Rebased to fix trivial merge conflict in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two minor questions
3a14f5f
to
da8b344
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@t-j-h would you mind confirming your approval? |
@hlandau or can you give the 2nd approval? |
da8b344
to
ca0e1ea
Compare
Rebased to fix trivial merge conflict |
ca0e1ea
to
119ae50
Compare
Rebased again to fix trivial merge conflict in |
PIng @openssl/committers for 2nd approval / reconfirmation. |
algorithms (but not EdDSA) needs to be hashed by some message digest algorithm. | ||
The user can specify a digest algorithm by using the B<-digest> option. | ||
This option can only be used with B<-sign> and B<-verify> | ||
and is implied by the Ed25519 and Ed448 algorithms. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this still be true if/when the Ed25519ph and Ed448ph algorithms are supported?
Presumably the key algorithm will be the same, and the user will need some way to indicate whether to prehash the data with SHA-512? (I'm not saying this will be a problem, just asking the question, we should have some idea of how the PH variants should be supported before making changes that could hypothetically get in the way).
This improves the usability of they
pkeyutl
app when signing or verifying with Ed25519 and Ed448 keys.When the
-rawin
option was not given with them, so far an obscure low-level error was thrown such asThis PR makes sure that the
-rawin
option is implied for such scenarios, also making the app more convenient to use.Implementing this required a split of the
init_ctx()
helper function, which is now less convoluted.Tests and doc are updated accordingly,
and on this occasion the help output and the doc of the
-rawin
option are made less confusing.Checklist