From f097e8759820f6f9b78adb99eb4bfced2945d623 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 23 Aug 2018 11:37:22 +0100 Subject: [PATCH] Clarify the EVP_DigestSignInit docs They did not make it clear how the memory management works for the |pctx| parameter. Fixes #7037 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7042) --- doc/man3/EVP_DigestSignInit.pod | 8 +++++--- doc/man3/EVP_DigestVerifyInit.pod | 7 +++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index 19198016e0..fe2be7bbf5 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -24,10 +24,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestSignInit() sets up signing context B to use digest B from ENGINE B and private key B. B must be created with -EVP_MD_CTX_new() before calling this function. If B is not NULL the +EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can -be used to set alternative signing options. The digest B may be NULL if -the signing algorithm supports it. +be used to set alternative signing options. Note that any existing value in +B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be freed +directly by the application (it will be freed automatically when the EVP_MD_CTX +is freed). The digest B may be NULL if the signing algorithm supports it. Only EVP_PKEY types that support signing can be used with these functions. This includes MAC algorithms where the MAC generation is considered as a form of diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod index e24a925cfb..0d25debcb1 100644 --- a/doc/man3/EVP_DigestVerifyInit.pod +++ b/doc/man3/EVP_DigestVerifyInit.pod @@ -23,9 +23,12 @@ The EVP signature routines are a high level interface to digital signatures. EVP_DigestVerifyInit() sets up verification context B to use digest B from ENGINE B and public key B. B must be created -with EVP_MD_CTX_new() before calling this function. If B is not NULL the +with EVP_MD_CTX_new() before calling this function. If B is not NULL, the EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this -can be used to set alternative verification options. +can be used to set alternative verification options. Note that any existing +value in B<*pctx> is overwritten. The EVP_PKEY_CTX value returned must not be +freed directly by the application (it will be freed automatically when the +EVP_MD_CTX is freed). EVP_DigestVerifyUpdate() hashes B bytes of data at B into the verification context B. This function can be called several times on the -- 2.34.1