permitting no/empty digest in core_obj_add_sigid for openssl-3.0

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17327)

2 files changed, 5 insertions, 3 deletions

diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod
index 482cc320c7..94eb6cc589 100644
--- a/doc/man3/OBJ_nid2obj.pod
+++ b/doc/man3/OBJ_nid2obj.pod
@@ -101,7 +101,8 @@ given NID with two other NIDs - one representing the underlying signature
 algorithm and the other representing a digest algorithm to be used in
 conjunction with it. I<signid> represents the NID for the composite "Signature
 Algorithm", I<dig_id> is the NID for the digest algorithm and I<pkey_id> is the
-NID for the underlying signature algorithm.
+NID for the underlying signature algorithm. As there are signature algorithms
+that do not require a digest, NID_undef is a valid I<dig_id>.
 
 OBJ_cleanup() releases any resources allocated by creating new objects.
 
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index f928934ab7..2696cf7195 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -277,8 +277,9 @@ function L<OBJ_add_sigid(3)>, except that the objects are identified by name
 rather than a numeric NID. Any name (OID, short name or long name) can be used
 to identify the object. It will treat as success the case where the composite
 signature algorithm already exists (even if registered against a different
-underlying signature or digest algorithm). It returns 1 on success or 0 on
-failure.
+underlying signature or digest algorithm). For I<digest_name>, NULL or an
+empty string is permissible for signature algorithms that do not need a digest
+to operate correctly. The function returns 1 on success or 0 on failure.
 This function is not thread safe.
 
 CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_free(), CRYPTO_clear_free(),