diff options
author | Reinhard Urban <reinhard.urban@nubix.de> | 2022-11-30 12:44:02 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2022-12-02 13:20:01 +0100 |
commit | 328dc33365f8bd9c097bc95c3632467f690502a4 (patch) | |
tree | 109b3d12045fa9180a07d53e184367f6747ddd8b /doc/man3/EVP_SignInit.pod | |
parent | 8f48a978e5cce483eadfd0df20e34480f205511c (diff) |
doc: fix EVP_SignInit.pod
Fixes GH #19786
Also simplify the CSPRNG must be seeded argument.
Since version 1.1.1, the CSPRNG is seeded automatically on first use,
so it's not the responsibility of the programmer anymore. Still, he
needs to be aware that the seeding might fail.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19789)
Diffstat (limited to 'doc/man3/EVP_SignInit.pod')
-rw-r--r-- | doc/man3/EVP_SignInit.pod | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index 64de251843..11832ff761 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -60,10 +60,9 @@ The B<EVP> interface to digital signatures should almost always be used in preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. -When signing with DSA private keys the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to -external circumstances (see L<RAND(7)>), the operation will fail. -This requirement does not hold for RSA signatures. +When signing with some private key types the random number generator must +be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails +due to external circumstances (see L<RAND(7)>), the operation will fail. The call to EVP_SignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called @@ -85,7 +84,7 @@ data have been passed through EVP_SignUpdate(). It is not possible to change the signing parameters using these function. -The previous two bugs are fixed in the newer EVP_SignDigest*() function. +The previous two bugs are fixed in the newer EVP_DigestSign*() functions. =head1 SEE ALSO |