Update Documentation for EVP_DigestSign, EVP_DigestVerify.

Fixes #23075

In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify
were changed so that a flag is set once these function

Update Documentation for EVP_DigestSign, EVP_DigestVerify.

Fixes #23075

In OpenSSL 3.2 EVP_DigestSign and EVP_DigestVerify
were changed so that a flag is set once these functions
do a one-shot sign or verify operation. This PR updates the
documentation to match the behaviour.

Investigations showed that prior to 3.2 different key
type behaved differently if multiple calls were done.

By accident X25519 and X448 would produce the same signature,
but ECDSA and RSA remembered the digest state between calls,
so the signature was different when multiple calls were done.

Because of this undefined behaviour something needed to be done,
so keeping the 'only allow it to be called once' behaviour
seems a reasonable approach.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23834)

show more ...

Copyright year updates


Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes

Do not fail if ctx dup does not succeed

If the ctx was *really* needed we'll probably fail later with an error
anyway, so no point in failing immediately.

Document that this beh

Do not fail if ctx dup does not succeed

If the ctx was *really* needed we'll probably fail later with an error
anyway, so no point in failing immediately.

Document that this behavior is dependent on the provider used to
implement the signature/verification.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20375)

show more ...

Add notes about ignoring initialization failures on contexts

Fixes #20130

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Me

Add notes about ignoring initialization failures on contexts

Fixes #20130

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20136)

show more ...

Change name of parameter in documentation from sigret to sig

The rest of the documentation talks about sig, not sigret

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by:

Change name of parameter in documentation from sigret to sig

The rest of the documentation talks about sig, not sigret

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18943)

show more ...

Add documentation for key validation that indicates the difference between the
EVP_PKEY_XXX_check() calls for the default and fips providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>

Add documentation for key validation that indicates the difference between the
EVP_PKEY_XXX_check() calls for the default and fips providers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18235)

show more ...

doc: Document outcome of multiple digestsign/digestverify calls

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16964)

Add an additional note to EVP_DigestSign() documentation

Clarify what happens if it fails. Make it clear that you can pass a NULL
"sig" buffer to get the "siglen".

Reviewed-by:

Add an additional note to EVP_DigestSign() documentation

Clarify what happens if it fails. Make it clear that you can pass a NULL
"sig" buffer to get the "siglen".

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)

show more ...

doc: document the params arguments to the initialisation functions.

These were accidentally omitted when the arguments were added globally.

Fixes #16067

Reviewed-by: Tomas

doc: document the params arguments to the initialisation functions.

These were accidentally omitted when the arguments were added globally.

Fixes #16067

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16072)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15801)

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_,

Rename all getters to use get/get0 in name

For functions that exist in 1.1.1 provide a simple aliases via #define.

Fixes #15236

Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)

show more ...

EVP_DigestSignInit.pod: Clarification in EVP_DigestSignFinal() parameter 'sig'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from htt

EVP_DigestSignInit.pod: Clarification in EVP_DigestSignFinal() parameter 'sig'

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15354)

show more ...

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)

show more ...

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged fro

Run the withlibctx.pl script

Automatically rename all instances of _with_libctx() to _ex() as per
our coding style.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12970)

show more ...

Add EVP signature with libctx methods.

-Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx()
-Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to

Add EVP signature with libctx methods.

-Added EVP_SignFinal_with_libctx() and EVP_VerifyFinal_with_libctx()
-Renamed EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_with_libctx() to
EVP_DigestSignInit_with_libctx() and EVP_DigestVerifyInit_with_libctx()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)

show more ...

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from ht

Fix typos and repeated words

CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)

show more ...

Update copyright year

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11616)

Make it possible to easily specify a libctx for EVP_DigestSign*

EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex did not provide the
capability to specify an explicit OPENSSL_CTX parame

Make it possible to easily specify a libctx for EVP_DigestSign*

EVP_DigestSignInit_ex and EVP_DigestVerifyInit_ex did not provide the
capability to specify an explicit OPENSSL_CTX parameter. It is still
possible by explicitly setting an EVP_PKEY_CTX - but in most cases it
would be much simpler to just specify it in the Init call. We add the
capability to do that.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11353)

show more ...

doc: Fix typo in EVP_DigestSignInit manpage

CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by:

doc: Fix typo in EVP_DigestSignInit manpage

CLA: trivial

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10841)

show more ...

Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()

The returned -2 was to mark when these operations are unsupported.
However, that breaks away from the previous API and expectatio

Change returned -2 to 0 in EVP_Digest{Sign,Verify}Init()

The returned -2 was to mark when these operations are unsupported.
However, that breaks away from the previous API and expectations, and
there's not enough justification for that not being zero.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10815)

show more ...

Fix L<EVP_MD_CTX_set_pkey_ctx> links

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/p

Fix L<EVP_MD_CTX_set_pkey_ctx> links

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10420)

(cherry picked from commit ca7c982821cd6d7546f92623da61a6f43ee32d0a)

show more ...

Fix L<xxx(1)> links to be L<openssl-xxx(1)>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://gi

Fix L<xxx(1)> links to be L<openssl-xxx(1)>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10328)

show more ...

EVP: Make the SIGNATURE implementation leaner

Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
u

EVP: Make the SIGNATURE implementation leaner

Because the algorithm to use is decided already when creating an
EVP_PKEY_CTX regardless of how it was created, it turns out that it's
unnecessary to provide the SIGNATURE method explicitly, and rather
always have it be fetched implicitly.

This means fewer changes for applications that want to use new
signature algorithms / implementations.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10303)

show more ...

Update documentation

Add documentation for EVP_DigestSignInit_ex() and
EVP_DigestVerifyInit_ex(), and add an appropriate CHANGES entry.

Reviewed-by: Paul Dale <paul.dale@oracle.

Update documentation

Add documentation for EVP_DigestSignInit_ex() and
EVP_DigestVerifyInit_ex(), and add an appropriate CHANGES entry.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10013)

show more ...

Fix Typos

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/ope

Fix Typos

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9288)

show more ...