From: Benjamin Kaduk <bkaduk@akamai.com>
Date: Wed, 14 Jun 2017 16:47:02 +0000 (-0500)
Subject: Improve BN_CTX documentation
X-Git-Tag: OpenSSL_1_1_1-pre1~1112
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7b5b2c461475ad2c810fec093dd9c2927876ec25;p=oweals%2Fopenssl.git

Improve BN_CTX documentation

Since BN_CTX_init() is gone, all calls use BN_CTX_new().  Also,
essentially all consumers will use BN_CTX_start()/BN_CTX_end(),
so make that more clear from the BN_CTX_new() man page.

Document the thread-unsafety of individual BN_CTX objects.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3682)
---

diff --git a/doc/man3/BN_CTX_new.pod b/doc/man3/BN_CTX_new.pod
index 4cf3634e9b..7fba72e108 100644
--- a/doc/man3/BN_CTX_new.pod
+++ b/doc/man3/BN_CTX_new.pod
@@ -26,12 +26,14 @@ BN_CTX_secure_new() allocates and initializes a B<BN_CTX> structure
 but uses the secure heap (see L<CRYPTO_secure_malloc(3)>) to hold the
 B<BIGNUM>s.
 
-BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
-created by BN_CTX_new(), also the structure itself.
-If L<BN_CTX_start(3)> has been used on the B<BN_CTX>,
-L<BN_CTX_end(3)> must be called before the B<BN_CTX>
-may be freed by BN_CTX_free().
-If B<c> is NULL, nothing is done.
+BN_CTX_free() frees the components of the B<BN_CTX> and the structure itself.
+Since BN_CTX_start() is required in order to obtain B<BIGNUM>s from the
+B<BN_CTX>, in most cases BN_CTX_end() must be called before the B<BN_CTX> may
+be freed by BN_CTX_free().  If B<c> is NULL, nothing is done.
+
+A given B<BN_CTX> must only be used by a single thread of execution.  No
+locking is performed, and the internal pool allocator will not properly handle
+multiple threads of execution.
 
 =head1 RETURN VALUES