[openssl/openssl] 6912e0: Update Documentation for EVP_DigestSign, EVP_Diges...

Shane noreply at github.com
Thu Apr 4 06:41:58 UTC 2024


  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: 6912e07c95e91f51f13bc1971aba0f0a8e3fcc02
      https://github.com/openssl/openssl/commit/6912e07c95e91f51f13bc1971aba0f0a8e3fcc02
  Author: slontis <shane.lontis at oracle.com>
  Date:   2024-04-04 (Thu, 04 Apr 2024)

  Changed paths:
    M doc/man3/EVP_DigestSignInit.pod
    M doc/man3/EVP_DigestVerifyInit.pod

  Log Message:
  -----------
  Update Documentation for EVP_DigestSign, EVP_DigestVerify.

Fixes #23075

In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify
were changed so that a flag is set once these functions
do a one-shot sign or verify operation. This PR updates the
documentation to match the behaviour.

Investigations showed that prior to 3.2 different key
type behaved differently if multiple calls were done.

By accident X25519 and X448 would produce the same signature,
but ECDSA and RSA remembered the digest state between calls,
so the signature was different when multiple calls were done.

Because of this undefined behaviour something needed to be done,
so keeping the 'only allow it to be called once' behaviour
seems a reasonable approach.

Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23834)

(cherry picked from commit 5e908e6068708c89da7b5591cc65ff4b3d3135d2)



To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications


More information about the openssl-commits mailing list