X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fman3%2FEVP_DigestVerifyInit.pod;h=97bb773722625be5ecdba4b49b2cee9e6b465f0e;hp=2191b9edbf363b8ca8e9b59af1592101dda0c499;hb=4674aaf4f2217540690489fee22edefe4a463293;hpb=0c714ba214eeceec617703fa1b9fc1cc4521529d diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index 2191b9edbf..97bb773722 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -23,9 +23,17 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be created -with EVP_MD_CTX_new() before calling this function. If B is not NULL the +with EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application if B is not assigned an EVP_PKEY_CTX value before +being passed to EVP_DigestVerifyInit() (which means the EVP_PKEY_CTX is created +inside EVP_DigestVerifyInit() and it will be freed automatically when the +EVP_MD_CTX is freed). + +No B will be created by EVP_DigestSignInit() if the passed B +has already been assigned one via L. See also L. EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the @@ -68,15 +76,16 @@ and public key algorithms. This meant that "clone" digests such as EVP_dss1() needed to be used to sign using SHA1 and DSA. This is no longer necessary and the use of clone digest is now discouraged. -For some key types and parameters the random number generator must be seeded -or the operation will fail. +For some key types and parameters the random number generator must be seeded. +If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to +external circumstances (see L), the operation will fail. The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can be called later to digest and verify additional data. -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +Since only a copy of the digest context is ever finalized, the context must +be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. =head1 SEE ALSO @@ -85,18 +94,19 @@ L, L, L, L, L, L, L, L, -L, L +L, L, +L =head1 HISTORY EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() -were first added to OpenSSL 1.0.0. +were added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. -Licensed under the OpenSSL license (the "License"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L.