diff options
| author | slontis <shane.lontis@oracle.com> | 2024-03-14 06:11:40 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2024-04-04 08:39:38 +0200 |
| commit | 5e908e6068708c89da7b5591cc65ff4b3d3135d2 (patch) | |
| tree | 6af36557a14a7e2514e342e81dd27c7c2ceddcf8 /CONTRIBUTING.md | |
| parent | Align 'openssl req' string_mask docs to how the software really works (diff) | |
| download | openssl-5e908e6068708c89da7b5591cc65ff4b3d3135d2.tar.xz openssl-5e908e6068708c89da7b5591cc65ff4b3d3135d2.zip | |
Update Documentation for EVP_DigestSign, EVP_DigestVerify.
Fixes #23075
In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify
were changed so that a flag is set once these functions
do a one-shot sign or verify operation. This PR updates the
documentation to match the behaviour.
Investigations showed that prior to 3.2 different key
type behaved differently if multiple calls were done.
By accident X25519 and X448 would produce the same signature,
but ECDSA and RSA remembered the digest state between calls,
so the signature was different when multiple calls were done.
Because of this undefined behaviour something needed to be done,
so keeping the 'only allow it to be called once' behaviour
seems a reasonable approach.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23834)
Diffstat (limited to 'CONTRIBUTING.md')
0 files changed, 0 insertions, 0 deletions