From: Dr. David von Oheimb Date: Sun, 13 Apr 2025 19:55:53 +0000 (+0200) Subject: ASN1_item_sign.pod: fix description of the algor1, algor2, and signature in/out-param... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b13b8eb95e7ceca37b5e1c7079ba8f17a0fa9d89;p=thirdparty%2Fopenssl.git ASN1_item_sign.pod: fix description of the algor1, algor2, and signature in/out-parameters This provides a fix for the documentation part of #22932. Reviewed-by: Tomas Mraz Reviewed-by: Tom Cosgrove (Merged from https://github.com/openssl/openssl/pull/27372) --- diff --git a/doc/man3/ASN1_item_sign.pod b/doc/man3/ASN1_item_sign.pod index 9db44ce4928..48805dd7963 100644 --- a/doc/man3/ASN1_item_sign.pod +++ b/doc/man3/ASN1_item_sign.pod @@ -40,24 +40,32 @@ ASN1 sign and verify =head1 DESCRIPTION ASN1_item_sign_ex() is used to sign arbitrary ASN1 data using a data object -I, the ASN.1 structure I, private key I and message digest I. -The data that is signed is formed by taking the data object in I and -converting it to der format using the ASN.1 structure I. -The I that will be signed, and a structure containing the signature may -both have a copy of the B. The ASN1_item_sign_ex() function will -write the correct B to the structs based on the algorithms and -parameters that have been set up. If one of I or I points to the -B of the I to be signed, then that B will first be -written before the signature is generated. -Examples of valid values that can be used by the ASN.1 structure I are -ASN1_ITEM_rptr(X509_CINF), ASN1_ITEM_rptr(X509_REQ_INFO) and -ASN1_ITEM_rptr(X509_CRL_INFO). +I, the ASN.1 structure I, private key I, and message digest I. +The data to be signed is formed by taking the data object in I +and converting it to DER format using the ASN.1 type structure I. +Examples of values that can be used for I are I, +I, and I. + +I, , and I are essentially output parameters. +The generated signature is set into I, +which must have been allocated beforehand, e.g., using I. +This may happen indirectly, for instance by having an ASN.1 structure like +B that includes a non-optional signature field of type B. +The and I parameters are optional and support outputting +up to two B values representing the signature algorithm +(typically including a digest algorithm, and/or possibly other parameters), +which is useful for structures like B that must contain the same signature +algorithm information in two places: I and I. +Each of the and I pointers may be NULL, otherwise +they must have been allocated beforehand (e.g., using I, +or indirectly like for the Bfields I and I), +and the ASN1_item_sign_ex() function sets into it the signature algorithm. This +is done before generating the signature value and setting it into I. + The B specified in I and the property query string specified in I are used when searching for algorithms in providers. -The generated signature is set into I. The optional parameter I can be NULL, but can be set for special key types. -See EVP_PKEY_CTX_set1_id() for further info. The output parameters and -I are ignored if they are NULL. +See EVP_PKEY_CTX_set1_id() for further info. ASN1_item_sign() is similar to ASN1_item_sign_ex() but uses default values of NULL for the I, I and I.