5 Jun
2026
5 Jun
'26
1:34 p.m.
Simon Josefsson simon@josefsson.org writes:
Your 3) seems fine too IMHO, almost any non-trivial C function should be able to return an error code. From the principle of least surprise, I think one ought to return an error code if public and private key doesn't match, if checking that is reliable and cheap.
And on failure, it might make sense to also clear (memset to zero) the signature area before returning? To ensure that no information about the private key is leaked form an incorrect signature operation, and make it a bit safer if the return value is ignored.
Regards, /Niels
--
Niels Möller. PGP key CB4962D070D77D7FCB8BA36271D8F1FF368C6677.
Internet email is subject to wholesale government surveillance.