From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 5 Nov 2021 13:14:45 +0000 (+0100)
Subject: doc: Document outcome of multiple digestsign/digestverify calls
X-Git-Tag: openssl-3.2.0-alpha1~3353
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3641f04fb06e9679a67da113bab65e5f1bb5e9ba;p=thirdparty%2Fopenssl.git

doc: Document outcome of multiple digestsign/digestverify calls

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)
---

diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index c8385949fb6..228e9d1c5f8 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -167,9 +167,10 @@ The call to EVP_DigestSignFinal() internally finalizes a copy of the digest
 context. This means that calls to EVP_DigestSignUpdate() and
 EVP_DigestSignFinal() can be called later to digest and sign additional data.
 
-Since only a copy of the digest context is ever finalized, the context must
-be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
-will occur.
+EVP_DigestSignInit() and EVP_DigestSignInit_ex() functions can be called
+multiple times on a context and the parameters set by previous calls should be
+preserved if the I<pkey> parameter is NULL. The call then just resets the state
+of the I<ctx>.
 
 The use of EVP_PKEY_get_size() with these functions is discouraged because some
 signature operations may have a signature length which depends on the
diff --git a/doc/man3/EVP_DigestVerifyInit.pod b/doc/man3/EVP_DigestVerifyInit.pod
index 9a02f12e375..398146b5b8e 100644
--- a/doc/man3/EVP_DigestVerifyInit.pod
+++ b/doc/man3/EVP_DigestVerifyInit.pod
@@ -57,7 +57,7 @@ EVP_MD_CTX is freed). If the EVP_PKEY_CTX to be used is created by
 EVP_DigestVerifyInit_ex then it will use the B<OSSL_LIB_CTX> specified
 in I<libctx> and the property query string specified in I<props>.
 
-No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit_ex() if the
+No B<EVP_PKEY_CTX> will be created by EVP_DigestVerifyInit_ex() if the
 passed B<ctx> has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>.
 See also L<SM2(7)>.
 
@@ -156,9 +156,10 @@ The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest
 context. This means that EVP_VerifyUpdate() and EVP_VerifyFinal() can
 be called later to digest and verify additional data.
 
-Since only a copy of the digest context is ever finalized, the context must
-be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak
-will occur.
+EVP_DigestVerifyInit() and EVP_DigestVerifyInit_ex() functions can be called
+multiple times on a context and the parameters set by previous calls should be
+preserved if the I<pkey> parameter is NULL. The call then just resets the state
+of the I<ctx>.
 
 =head1 SEE ALSO