-
-EVP_DigestSignInit() sets up signing context B<ctx> to use digest B<type> from
-ENGINE B<e> and private key B<pkey>. B<ctx> must be created with
-EVP_MD_CTX_new() before calling this function. If B<pctx> is not NULL, the
-EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can
-be used to set alternative signing options. Note that any existing value in
-B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed
-directly by the application if B<ctx> is not assigned an EVP_PKEY_CTX value before
-being passed to EVP_DigestSignInit() (which means the EVP_PKEY_CTX is created
-inside EVP_DigestSignInit() and it will be freed automatically when the
-EVP_MD_CTX is freed).
-
-The digest B<type> may be NULL if the signing algorithm supports it.
-
-No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit() if the passed B<ctx>
-has already been assigned one via L<EVP_MD_CTX_set_ctx(3)>. See also L<SM2(7)>.
+Input data is digested first before the signing takes place.
+
+EVP_DigestSignInit_ex() sets up signing context B<ctx> to use a digest with the
+name B<mdname> and private key B<pkey>. The signature algorithm B<signature>
+will be used for the actual signing which must be compatible with the private
+key. The name of the digest to be used is passed to the provider of the
+signature algorithm in use. How that provider interprets the digest name is
+provider specific. The provider may implement that digest directly itself or it
+may (optionally) choose to fetch it (which could result in a digest from a
+different provider being selected). If the provider supports fetching the digest
+then it may use the B<props> argument for the properties to be used during the
+fetch.
+
+The B<signature> parameter may be NULL in which case a suitable signature
+algorithm implementation will be implicitly fetched based on the type of key in
+use. See L<provider(7)> for further information about providers and fetching
+algorithms.
+
+The OpenSSL default and legacy providers support fetching digests and can fetch
+those digests from any available provider. The OpenSSL fips provider also
+supports fetching digests but will only fetch digests that are themselves
+implemented inside the fips provider.
+
+B<ctx> must be created with EVP_MD_CTX_new() before calling this function. If
+B<pctx> is not NULL, the EVP_PKEY_CTX of the signing operation will be written
+to B<*pctx>: this can be used to set alternative signing options. Note that any
+existing value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must
+not be freed directly by the application if B<ctx> is not assigned an
+EVP_PKEY_CTX value before being passed to EVP_DigestSignInit_ex() (which means
+the EVP_PKEY_CTX is created inside EVP_DigestSignInit_ex() and it will be freed
+automatically when the EVP_MD_CTX is freed).
+
+The digest B<mdname> may be NULL if the signing algorithm supports it. The
+B<props> argument can always be NULL.
+
+No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_ex() if the passed
+B<ctx> has already been assigned one via L<EVP_MD_CTX_set_ctx(3)>. See also
+L<SM2(7)>.
projects / openssl.git / blobdiff