X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fcrypto%2FEVP_SignInit.pod;h=06d02a5fcab64f1dab27b8f724145192073dd8f0;hp=f9a76cf4b85192305e7ad5c4f2d27103ffedebc0;hb=1afd7fa97c5445b18ce8afe6f81b932b2c217a5f;hpb=2edcb4ac7143e19409271956e2319f4fe246bb8c

diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
index f9a76cf4b8..06d02a5fca 100644
--- a/doc/crypto/EVP_SignInit.pod
+++ b/doc/crypto/EVP_SignInit.pod
@@ -29,11 +29,12 @@ EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
 signature context B<ctx>. This function can be called several times on the
 same B<ctx> to include additional data.
 
-EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
-and places the signature in B<sig>. If the B<s> parameter is not NULL
-then the number of bytes of data written (i.e. the length of the signature)
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
+places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
+bytes in size. B<s> is an OUT parameter, and not used as an IN parameter.
+The number of bytes of data written (i.e. the length of the signature)
 will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
-will be written. 
+will be written.
 
 EVP_SignInit() initializes a signing context B<ctx> to use the default
 implementation of digest B<type>.
@@ -78,6 +79,15 @@ will occur.
 Older versions of this documentation wrongly stated that calls to 
 EVP_SignUpdate() could not be made after calling EVP_SignFinal().
 
+Since the private key is passed in the call to EVP_SignFinal() any error
+relating to the private key (for example an unsuitable key and digest
+combination) will not be indicated until after potentially large amounts of
+data have been passed through EVP_SignUpdate().
+
+It is not possible to change the signing parameters using these function.
+
+The previous two bugs are fixed in the newer EVP_SignDigest*() function.
+
 =head1 SEE ALSO
 
 L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
@@ -91,6 +101,6 @@ L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
 EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
 available in all versions of SSLeay and OpenSSL.
 
-EVP_SignInit_ex() was added in OpenSSL 0.9.7
+EVP_SignInit_ex() was added in OpenSSL 0.9.7.
 
 =cut