diff options
author | Tomas Mraz <tomas@openssl.org> | 2021-02-26 18:28:48 +0100 |
---|---|---|
committer | Pauli <ppzgs1@gmail.com> | 2021-03-03 10:00:21 +1000 |
commit | 8d05a65256294f70a3bc34b7d13cc38e41a17402 (patch) | |
tree | 536216022d9298c0767b063aa8b0dda76345cbff | |
parent | f378755d62e1646b36683de37408dd98549bef69 (diff) |
Resolve TODOs in signature implementations.
The DER writing errors can be ignored safely.
Document that the EVP_MAX_MD_SIZE is a hardcoded limit
for digest sizes.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
-rw-r--r-- | doc/man7/provider-digest.pod | 6 | ||||
-rw-r--r-- | providers/implementations/signature/dsa.c | 6 | ||||
-rw-r--r-- | providers/implementations/signature/eddsa.c | 2 | ||||
-rw-r--r-- | providers/implementations/signature/sm2sig.c | 2 |
4 files changed, 11 insertions, 5 deletions
diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index 4f90cf8b62..a0327a85df 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -249,6 +249,12 @@ OSSL_FUNC_digest_size() should return the digest size. OSSL_FUNC_digest_block_size() should return the block size of the underlying digest algorithm. +=head1 BUGS + +The EVP_Digest() and EVP_DigestFinal_ex() libcrypto API calls do not +expect the digest size to be larger than EVP_MAX_MD_SIZE. Any algorithm which +produces larger digests is unusable with those API calls. + =head1 SEE ALSO L<provider(7)>, L<OSSL_PROVIDER-FIPS(7)>, L<OSSL_PROVIDER-default(7)>, diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index 81e435c419..eadf62361a 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -148,7 +148,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, EVP_MD_free(ctx->md); /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct @@ -313,7 +313,7 @@ int dsa_digest_sign_final(void *vpdsactx, unsigned char *sig, size_t *siglen, */ if (sig != NULL) { /* - * TODO(3.0): There is the possibility that some externally provided + * There is the possibility that some externally provided * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - * but that problem is much larger than just in DSA. */ @@ -338,7 +338,7 @@ int dsa_digest_verify_final(void *vpdsactx, const unsigned char *sig, return 0; /* - * TODO(3.0): There is the possibility that some externally provided + * There is the possibility that some externally provided * digests exceed EVP_MAX_MD_SIZE. We should probably handle that somehow - * but that problem is much larger than just in DSA. */ diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 71b57d70ea..93b98dbbbc 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -105,7 +105,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, } /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c index d12c7191fb..18fdf62487 100644 --- a/providers/implementations/signature/sm2sig.c +++ b/providers/implementations/signature/sm2sig.c @@ -192,7 +192,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, goto error; /* - * TODO(3.0) Should we care about DER writing errors? + * We do not care about DER writing errors. * All it really means is that for some reason, there's no * AlgorithmIdentifier to be had, but the operation itself is * still valid, just as long as it's not used to construct |