diff options
author | Simo Sorce <simo@redhat.com> | 2023-02-23 19:51:27 -0500 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-03-15 08:42:52 +1100 |
commit | 0fc00fc0e3867fc5f95fab1046ad7d2a85db06f8 (patch) | |
tree | 91ef7e2a84349602a3763855227e75754a1e8ac3 /doc/man3/EVP_SignInit.pod | |
parent | dba97d4c7142621fb279ef2074cd5c0a04eca7d3 (diff) |
Do not fail if ctx dup does not succeed
If the ctx was *really* needed we'll probably fail later with an error
anyway, so no point in failing immediately.
Document that this behavior is dependent on the provider used to
implement the signature/verification.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)
Diffstat (limited to 'doc/man3/EVP_SignInit.pod')
-rw-r--r-- | doc/man3/EVP_SignInit.pod | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 11832ff761..c274ad9917 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -66,12 +66,19 @@ due to external circumstances (see L<RAND(7)>), the operation will fail. The call to EVP_SignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called -later to digest and sign additional data. +later to digest and sign additional data.cApplications may disable this +behavior by setting the EVP_MD_CTX_FLAG_FINALISE context flag via +L<EVP_MD_CTX_set_flags(3)>. Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. +Note that not all providers support continuation, in case the selected +provider does not allow to duplicate contexts EVP_SignFinal() will +finalize the digest context and attempting to process additional data via +EVP_SignUpdate() will result in an error. + =head1 BUGS Older versions of this documentation wrongly stated that calls to |