From: Matt Caswell <matt@openssl.org>
Date: Fri, 8 Oct 2021 13:43:17 +0000 (+0100)
Subject: Add an additional note to EVP_DigestSign() documentation
X-Git-Tag: openssl-3.2.0-alpha1~3450
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=dc3f057ce1701d5fd77cc4fcc1d14afe3e3122a3;p=thirdparty%2Fopenssl.git

Add an additional note to EVP_DigestSign() documentation

Clarify what happens if it fails. Make it clear that you can pass a NULL
"sig" buffer to get the "siglen".

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
---

diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index 8748014465..c8385949fb 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -130,7 +130,11 @@ written to I<siglen>.
 
 EVP_DigestSign() signs I<tbslen> bytes of data at I<tbs> and places the
 signature in I<sig> and its length in I<siglen> in a similar way to
-EVP_DigestSignFinal().
+EVP_DigestSignFinal(). In the event of a failure EVP_DigestSign() cannot be
+called again without reinitialising the EVP_MD_CTX. If I<sig> is NULL before the
+call then I<siglen> will be populated with the required size for the I<sig>
+buffer. If I<sig> is non-NULL before the call then I<siglen> should contain the
+length of the I<sig> buffer.
 
 =head1 RETURN VALUES