From: Emilia Kasper Date: Fri, 22 Aug 2014 11:16:55 +0000 (+0200) Subject: Improve EVP_PKEY_sign documentation X-Git-Tag: master-post-reformat~464 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=d64c533a207f7b6d86c3bc8ffb053e5f4d0c1ca0;hp=a520ae36288e01c19cd13dfca885b74bfd37d0e2 Improve EVP_PKEY_sign documentation Clarify the intended use of EVP_PKEY_sign. Make the code example compile. Reviewed-by: Dr Stephen Henson --- diff --git a/doc/crypto/EVP_PKEY_sign.pod b/doc/crypto/EVP_PKEY_sign.pod index a044f2c131..21974b4b1a 100644 --- a/doc/crypto/EVP_PKEY_sign.pod +++ b/doc/crypto/EVP_PKEY_sign.pod @@ -28,9 +28,14 @@ B and the amount of data written to B. =head1 NOTES +EVP_PKEY_sign() does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +L and +L signing interfaces instead. + After the call to EVP_PKEY_sign_init() algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation (see L). The function EVP_PKEY_sign() can be called more than once on the same context if several operations are performed using the same parameters. @@ -49,13 +54,17 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: #include EVP_PKEY_CTX *ctx; + /* md is a SHA-256 digest in this example. */ unsigned char *md, *sig; - size_t mdlen, siglen; + size_t mdlen = 32, siglen; EVP_PKEY *signing_key; - /* NB: assumes signing_key, md and mdlen are already set up - * and that signing_key is an RSA private key + + /* + * NB: assumes signing_key and md are set up before the next + * step. signing_key must be an RSA private key and md must + * point to the SHA-256 digest to be signed. */ - ctx = EVP_PKEY_CTX_new(signing_key); + ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); if (!ctx) /* Error occurred */ if (EVP_PKEY_sign_init(ctx) <= 0) @@ -83,6 +92,7 @@ Sign data using RSA with PKCS#1 padding and SHA256 digest: =head1 SEE ALSO L, +L, L, L, L,