]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2410cb4) | patch
Update Documentation for EVP_DigestSign, EVP_DigestVerify.
authorslontis <shane.lontis@oracle.com>
Thu, 14 Mar 2024 05:11:40 +0000 (16:11 +1100)
committerTomas Mraz <tomas@openssl.org>
Thu, 4 Apr 2024 06:39:38 +0000 (08:39 +0200)
commit5e908e6068708c89da7b5591cc65ff4b3d3135d2
tree6af36557a14a7e2514e342e81dd27c7c2ceddcf8tree
parent2410cb42e62c3be69dcf1aad1bdf1eb0233b670fcommit | diff
Update Documentation for EVP_DigestSign, EVP_DigestVerify.

Fixes #23075

In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify
were changed so that a flag is set once these functions
do a one-shot sign or verify operation. This PR updates the
documentation to match the behaviour.

Investigations showed that prior to 3.2 different key
type behaved differently if multiple calls were done.

By accident X25519 and X448 would produce the same signature,
but ECDSA and RSA remembered the digest state between calls,
so the signature was different when multiple calls were done.

Because of this undefined behaviour something needed to be done,
so keeping the 'only allow it to be called once' behaviour
seems a reasonable approach.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23834)
doc/man3/EVP_DigestSignInit.pod diff | blob | blame | history
doc/man3/EVP_DigestVerifyInit.pod diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git