The branch master has been updated
via f097e8759820f6f9b78adb99eb4bfced2945d623 (commit)
from f273ff953abfafbb5fc4d68904469f862fbeae8a (commit)
- Log -----------------------------------------------------------------
commit f097e8759820f6f9b78adb99eb4bfced2945d623
Author: Matt Caswell <m...@openssl.org>
Date: Thu Aug 23 11:37:22 2018 +0100
Clarify the EVP_DigestSignInit docs
They did not make it clear how the memory management works for the |pctx|
parameter.
Fixes #7037
Reviewed-by: Tim Hudson <t...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7042)
-----------------------------------------------------------------------
Summary of changes:
doc/man3/EVP_DigestSignInit.pod | 8 +++++---
doc/man3/EVP_DigestVerifyInit.pod | 7 +++++--
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index 1919801..fe2be7b 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -24,10 +24,12 @@ The EVP signature routines are a high level interface to
digital signatures.
EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
ENGINE B<e> and private key B<pkey>. B<ctx> must be created with
-EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
+EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the
EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
-be used to set alternative signing options. The digest B<type> may be NULL if
-the signing algorithm supports it.
+be used to set alternative signing options. Note that any existing value in
+B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed
+directly by the application (it will be freed automatically when the EVP_MD_CTX
+is freed). The digest B<type> may be NULL if the signing algorithm supports it.
Only EVP_PKEY types that support signing can be used with these functions. This
includes MAC algorithms where the MAC generation is considered as a form of
diff --git a/doc/man3/EVP_DigestVerifyInit.pod
b/doc/man3/EVP_DigestVerifyInit.pod
index e24a925..0d25deb 100644
--- a/doc/man3/EVP_DigestVerifyInit.pod
+++ b/doc/man3/EVP_DigestVerifyInit.pod
@@ -23,9 +23,12 @@ The EVP signature routines are a high level interface to
digital signatures.
EVP_DigestVerifyInit() sets up verification context B<ctx> to use digest
B<type> from ENGINE B<e> and public key B<pkey>. B<ctx> must be created
-with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL the
+with EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the
EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this
-can be used to set alternative verification options.
+can be used to set alternative verification options. Note that any existing
+value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be
+freed directly by the application (it will be freed automatically when the
+EVP_MD_CTX is freed).
EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
verification context B<ctx>. This function can be called several times on the
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
