From: Reinhard Urban Date: Wed, 30 Nov 2022 11:44:02 +0000 (+0100) Subject: doc: fix EVP_SignInit.pod X-Git-Tag: openssl-3.2.0-alpha1~1637 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=328dc33365f8bd9c097bc95c3632467f690502a4;p=thirdparty%2Fopenssl.git doc: fix EVP_SignInit.pod Fixes GH #19786 Also simplify the CSPRNG must be seeded argument. Since version 1.1.1, the CSPRNG is seeded automatically on first use, so it's not the responsibility of the programmer anymore. Still, he needs to be aware that the seeding might fail. Reviewed-by: Matt Caswell Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19789) --- diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 64de251843a..11832ff7618 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -60,10 +60,9 @@ The B interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. -When signing with DSA private keys the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to -external circumstances (see L), the operation will fail. -This requirement does not hold for RSA signatures. +When signing with some private key types the random number generator must +be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails +due to external circumstances (see L), the operation will fail. The call to EVP_SignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called @@ -85,7 +84,7 @@ data have been passed through EVP_SignUpdate(). It is not possible to change the signing parameters using these function. -The previous two bugs are fixed in the newer EVP_SignDigest*() function. +The previous two bugs are fixed in the newer EVP_DigestSign*() functions. =head1 SEE ALSO