[openssl] openssl-3.0 update

tomas at openssl.org tomas at openssl.org
Fri Nov 12 15:42:46 UTC 2021 

The branch openssl-3.0 has been updated
       via  487934081d87a0d02bbb9afd6bd650d5d1afe8ea (commit)
      from  bef4e21fe247753484b26167897afce1dc8cd10c (commit)


- Log -----------------------------------------------------------------
commit 487934081d87a0d02bbb9afd6bd650d5d1afe8ea
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Nov 5 14:14:45 2021 +0100

    doc: Document outcome of multiple digestsign/digestverify calls
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16964)
    
    (cherry picked from commit 3641f04fb06e9679a67da113bab65e5f1bb5e9ba)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/EVP_DigestSignInit.pod   | 7 ++++---
 doc/man3/EVP_DigestVerifyInit.pod | 9 +++++----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index c8385949fb..228e9d1c5f 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -167,9 +167,10 @@ The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
 EVP_DigestSignFinal() can be called later to digest and sign additional data.
 
-Since only a copy of the digest context is ever finalized, the context must
-be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
-will occur.
+EVP_DigestSignInit() and EVP_DigestSignInit_ex() functions can be called
+multiple times on a context and the parameters set by previous calls should be
+preserved if the I<pkey> parameter is NULL. The call then just resets the state
+of the I<ctx>.
 
 The use of EVP_PKEY_get_size() with these functions is discouraged because some
 signature operations may have a signature length which depends on the
diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod
index 9a02f12e37..398146b5b8 100644
--- a/doc/man3/EVP_DigestVerifyInit.pod
+++ b/doc/man3/EVP_DigestVerifyInit.pod
@@ -57,7 +57,7 @@ EVP_MD_CTX is freed). If the EVP_PKEY_CTX to be used is created by
 EVP_DigestVerifyInit_ex then it will use the B<OSSL_LIB_CTX> specified
 in I<libctx> and the property query string specified in I<props>.
 
-No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_ex() if the
+No B<EVP_PKEY_CTX> will be created by EVP_DigestVerifyInit_ex() if the
 passed B<ctx> has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>.
 See also L<SM2(7)>.
 
@@ -156,9 +156,10 @@ The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
 be called later to digest and verify additional data.
 
-Since only a copy of the digest context is ever finalized, the context must
-be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
-will occur.
+EVP_DigestVerifyInit() and EVP_DigestVerifyInit_ex() functions can be called
+multiple times on a context and the parameters set by previous calls should be
+preserved if the I<pkey> parameter is NULL. The call then just resets the state
+of the I<ctx>.
 
 =head1 SEE ALSO

More information about the openssl-commits mailing list