Add missing EVP param utility functions

These functions were missing for a completes API: EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(), and EVP_CIPHER_CTX_get_params Additionally, we also add all the corresponding parameter descriptor returning functions, along the correspoding provider dispatches: EVP_MD_gettable_params(), EVP_MD_CTX_settable_params(), EVP_MD_CTX_gettable_params(), EVP_CIPHER_gettable_params(), EVP_CIPHER_CTX_settable_params(), and EVP_CIPHER_CTX_gettable_params() Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9576)
2024-11-27 05:21:51 +08:00 · 2019-08-12 14:56:18 +02:00 · 2019-08-12 14:56:18 +02:00 · ae3ff60e7b
commit ae3ff60e7b
parent aee6e29f0e
11 changed files with 275 additions and 35 deletions
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@ -524,6 +524,20 @@ int EVP_Digest(const void *data, size_t count,
    return ret;
 }

+int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
+{
+    if (digest != NULL && digest->get_params != NULL)
+        return digest->get_params(params);
+    return 0;
+}
+
+const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
+{
+    if (digest != NULL && digest->gettable_params != NULL)
+        return digest->gettable_params();
+    return NULL;
+}
+
 int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
 {
    if (ctx->digest != NULL && ctx->digest->ctx_set_params != NULL)
@ -531,6 +545,13 @@ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
    return 0;
 }

+const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest)
+{
+    if (digest != NULL && digest->settable_ctx_params != NULL)
+        return digest->settable_ctx_params();
+    return NULL;
+}
+
 int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
 {
    if (ctx->digest != NULL && ctx->digest->get_params != NULL)
@ -538,6 +559,13 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
    return 0;
 }

+const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest)
+{
+    if (digest != NULL && digest->gettable_ctx_params != NULL)
+        return digest->gettable_ctx_params();
+    return NULL;
+}
+
 /* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */
 int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
 {
@ -655,6 +683,20 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
            if (md->ctx_get_params == NULL)
                md->ctx_get_params = OSSL_get_OP_digest_ctx_get_params(fns);
            break;
+        case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
+            if (md->gettable_params == NULL)
+                md->gettable_params = OSSL_get_OP_digest_gettable_params(fns);
+            break;
+        case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
+            if (md->settable_ctx_params == NULL)
+                md->settable_ctx_params =
+                    OSSL_get_OP_digest_settable_ctx_params(fns);
+            break;
+        case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
+            if (md->gettable_ctx_params == NULL)
+                md->gettable_ctx_params =
+                    OSSL_get_OP_digest_gettable_ctx_params(fns);
+            break;
        }
    }
    if ((fncnt != 0 && fncnt != 5)
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@ -1051,6 +1051,48 @@ legacy:
    return ret;
 }

+int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
+{
+    if (cipher != NULL && cipher->get_params != NULL)
+        return cipher->get_params(params);
+    return 0;
+}
+
+int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
+{
+    if (ctx->cipher != NULL && ctx->cipher->ctx_set_params != NULL)
+        return ctx->cipher->ctx_set_params(ctx->provctx, params);
+    return 0;
+}
+
+int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
+{
+    if (ctx->cipher != NULL && ctx->cipher->ctx_get_params != NULL)
+        return ctx->cipher->ctx_get_params(ctx->provctx, params);
+    return 0;
+}
+
+const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher)
+{
+    if (cipher != NULL && cipher->gettable_params != NULL)
+        return cipher->gettable_params();
+    return NULL;
+}
+
+const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher)
+{
+    if (cipher != NULL && cipher->settable_ctx_params != NULL)
+        return cipher->settable_ctx_params();
+    return NULL;
+}
+
+const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher)
+{
+    if (cipher != NULL && cipher->gettable_ctx_params != NULL)
+        return cipher->gettable_ctx_params();
+    return NULL;
+}
+
 #if !defined(FIPS_MODE)
 /* TODO(3.0): No support for RAND yet in the FIPS module */
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
@ -1212,6 +1254,23 @@ static void *evp_cipher_from_dispatch(const char *name,
                break;
            cipher->ctx_set_params = OSSL_get_OP_cipher_ctx_set_params(fns);
            break;
+        case OSSL_FUNC_CIPHER_GETTABLE_PARAMS:
+            if (cipher->gettable_params != NULL)
+                break;
+            cipher->gettable_params = OSSL_get_OP_cipher_gettable_params(fns);
+            break;
+        case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS:
+            if (cipher->gettable_ctx_params != NULL)
+                break;
+            cipher->gettable_ctx_params =
+                OSSL_get_OP_cipher_gettable_ctx_params(fns);
+            break;
+        case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS:
+            if (cipher->settable_ctx_params != NULL)
+                break;
+            cipher->settable_ctx_params =
+                OSSL_get_OP_cipher_settable_ctx_params(fns);
+            break;
        }
    }
    if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@ -215,6 +215,9 @@ struct evp_md_st {
    OSSL_OP_digest_get_params_fn *get_params;
    OSSL_OP_digest_ctx_set_params_fn *ctx_set_params;
    OSSL_OP_digest_ctx_get_params_fn *ctx_get_params;
+    OSSL_OP_digest_gettable_params_fn *gettable_params;
+    OSSL_OP_digest_settable_ctx_params_fn *settable_ctx_params;
+    OSSL_OP_digest_gettable_ctx_params_fn *gettable_ctx_params;

 } /* EVP_MD */ ;

@ -266,6 +269,9 @@ struct evp_cipher_st {
    OSSL_OP_cipher_get_params_fn *get_params;
    OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params;
    OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params;
+    OSSL_OP_cipher_gettable_params_fn *gettable_params;
+    OSSL_OP_cipher_gettable_ctx_params_fn *gettable_ctx_params;
+    OSSL_OP_cipher_settable_ctx_params_fn *settable_ctx_params;
 } /* EVP_CIPHER */ ;

 /* Macros to code block cipher wrappers */
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@ -3,8 +3,11 @@
 =head1 NAME

 EVP_MD_fetch,
+EVP_MD_get_params, EVP_MD_gettable_params,
 EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy,
-EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl,
+EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
+EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params,
 EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
 EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
@ -25,12 +28,16 @@ EVP_MD_do_all_ex

 EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
                      const char *properties);
+ int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
 EVP_MD_CTX *EVP_MD_CTX_new(void);
 int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
 void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
 void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2);
 int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
 int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest);
+ const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest);
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
@ -121,16 +128,29 @@ EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions
 may apply depending on the control type and digest implementation.
 See L</CONTROLS> below for more information.

-=item EVP_MD_CTX_get_params
+=item EVP_MD_get_params()
+
+Retrieves the requested list of B<params> from a MD B<md>.
+See L</PARAMS> below for more information.
+
+=item EVP_MD_CTX_get_params()

 Retrieves the requested list of B<params> from a MD context B<ctx>.
 See L</PARAMS> below for more information.

-=item EVP_MD_CTX_set_params
+=item EVP_MD_CTX_set_params()

-Sets the list of <params> into a MD context B<ctx>.
+Sets the list of B<params> into a MD context B<ctx>.
 See L</PARAMS> below for more information.

+=item EVP_MD_gettable_params(), EVP_MD_CTX_gettable_params(),
+EVP_MD_CTX_settable_params()
+
+Get a B<OSSL_PARAM> array that describes the retrievable and settable
+parameters, i.e. parameters that can be used with EVP_MD_get_params(),
+EVP_MD_CTX_get_params() and EVP_MD_CTX_set_params(), respectively.
+See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
+
 =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()

 Sets, clears and tests B<ctx> flags.  See L</FLAGS> below for more information.
@ -405,6 +425,12 @@ EVP_MD_CTX_get_params()

 Returns 1 if successful or 0 for failure.

+=item EVP_MD_CTX_settable_params(),
+EVP_MD_CTX_gettable_params()
+
+Return an array of constant B<OSSL_PARAM>s, or NULL if there is none
+to get.
+
 =item EVP_MD_CTX_copy_ex()

 Returns 1 if successful or 0 for failure.
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@ -29,6 +29,8 @@ EVP_get_cipherbyobj,
 EVP_CIPHER_name,
 EVP_CIPHER_provider,
 EVP_CIPHER_nid,
+EVP_CIPHER_get_params,
+EVP_CIPHER_gettable_params,
 EVP_CIPHER_block_size,
 EVP_CIPHER_key_length,
 EVP_CIPHER_iv_length,
@ -38,6 +40,10 @@ EVP_CIPHER_type,
 EVP_CIPHER_CTX_cipher,
 EVP_CIPHER_CTX_name,
 EVP_CIPHER_CTX_nid,
+EVP_CIPHER_CTX_get_params,
+EVP_CIPHER_CTX_gettable_params,
+EVP_CIPHER_CTX_set_params,
+EVP_CIPHER_CTX_settable_params,
 EVP_CIPHER_CTX_block_size,
 EVP_CIPHER_CTX_key_length,
 EVP_CIPHER_CTX_iv_length,
@ -117,6 +123,13 @@ EVP_CIPHER_do_all_ex
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
 const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx);
+
+ int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher);
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
@ -240,6 +253,22 @@ decrypting. If the B<pad> parameter is zero then no padding is
 performed, the total amount of data encrypted or decrypted must then
 be a multiple of the block size or an error will occur.

+EVP_CIPHER_get_params() retrieves the requested list of algorithm
+B<params> from a B<cipher>.
+
+EVP_CIPHER_CTX_set_params() Sets the list of operation B<params> into a CIPHER
+context B<ctx>.
+
+EVP_CIPHER_CTX_get_params() retrieves the requested list of operation
+B<params> from CIPHER context B<ctx>.
+
+EVP_CIPHER_gettable_params(), EVP_CIPHER_CTX_gettable_params(), and
+EVP_CIPHER_CTX_settable_params() get a constant B<OSSL_PARAM> array
+that decribes the retrievable and settable parameters, i.e. parameters
+that can be used with EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params()
+and EVP_CIPHER_CTX_set_params(), respectively.
+See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
+
 EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
 length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
 structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
--- a/doc/man3/OSSL_PARAM_construct_from_text.pod
+++ b/doc/man3/OSSL_PARAM_construct_from_text.pod
@ -120,7 +120,7 @@ Can be written like this instead:
  OSSL_PARAM *params =
      OPENSSL_zalloc(sizeof(*params)
                     * (sk_OPENSSL_STRING_num(opts) + 1));
-  const OSSL_PARAM *paramdefs = EVP_MAC_CTX_set_param_types(mac);
+  const OSSL_PARAM *paramdefs = EVP_MAC_CTX_settable_params(mac);
  size_t params_n;
  char *opt = "<unknown>";

--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@ -36,8 +36,17 @@ provider-cipher - The cipher library E<lt>-E<gt> provider functions
 int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl,
                      size_t outsize, const unsigned char *in, size_t inl);

+ /* Cipher parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_params(void);
+
+ /* Cipheroperation parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
+
 /* Cipher parameters */
 int OP_cipher_get_params(OSSL_PARAM params[]);
+
+ /* Cipher operation parameters */
 int OP_cipher_ctx_get_params(void *cctx, OSSL_PARAM params[]);
 int OP_cipher_ctx_set_params(void *cctx, const OSSL_PARAM params[]);

@ -70,19 +79,23 @@ For example, the "function" OP_cipher_newctx() has these:
 B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
 macros in L<openssl-core_numbers.h(7)>, as follows:

- OP_cipher_newctx            OSSL_FUNC_CIPHER_NEWCTX
- OP_cipher_freectx           OSSL_FUNC_CIPHER_FREECTX
- OP_cipher_dupctx            OSSL_FUNC_CIPHER_DUPCTX
+ OP_cipher_newctx               OSSL_FUNC_CIPHER_NEWCTX
+ OP_cipher_freectx              OSSL_FUNC_CIPHER_FREECTX
+ OP_cipher_dupctx               OSSL_FUNC_CIPHER_DUPCTX

- OP_cipher_encrypt_init      OSSL_FUNC_CIPHER_ENCRYPT_INIT
- OP_cipher_decrypt_init      OSSL_FUNC_CIPHER_DECRYPT_INIT
- OP_cipher_update            OSSL_FUNC_CIPHER_UPDATE
- OP_cipher_final             OSSL_FUNC_CIPHER_FINAL
- OP_cipher_cipher            OSSL_FUNC_CIPHER_CIPHER
+ OP_cipher_encrypt_init         OSSL_FUNC_CIPHER_ENCRYPT_INIT
+ OP_cipher_decrypt_init         OSSL_FUNC_CIPHER_DECRYPT_INIT
+ OP_cipher_update               OSSL_FUNC_CIPHER_UPDATE
+ OP_cipher_final                OSSL_FUNC_CIPHER_FINAL
+ OP_cipher_cipher               OSSL_FUNC_CIPHER_CIPHER

- OP_cipher_get_params        OSSL_FUNC_CIPHER_GET_PARAMS
- OP_cipher_ctx_get_params    OSSL_FUNC_CIPHER_CTX_GET_PARAMS
- OP_cipher_ctx_set_params    OSSL_FUNC_CIPHER_CTX_SET_PARAMS
+ OP_cipher_get_params           OSSL_FUNC_CIPHER_GET_PARAMS
+ OP_cipher_ctx_get_params       OSSL_FUNC_CIPHER_CTX_GET_PARAMS
+ OP_cipher_ctx_set_params       OSSL_FUNC_CIPHER_CTX_SET_PARAMS
+
+ OP_cipher_gettable_params      OSSL_FUNC_CIPHER_GETTABLE_PARAMS
+ OP_cipher_gettable_ctx_params  OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS
+ OP_cipher_settable_ctx_params  OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS

 A cipher algorithm implementation may not implement all of these functions.
 In order to be a consistent set of functions there must at least be a complete
@ -163,16 +176,21 @@ B<outsize> bytes.
 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
 these functions.

-OP_cipher_get_params() gets details of parameter values associated with the
-provider algorithm and stores them in B<params>.
+OP_cipher_get_params() gets details of the algorithm implementation
+and stores them in B<params>.

-OP_cipher_ctx_set_params() sets cipher parameters associated with the given
+OP_cipher_ctx_set_params() sets cipher operation parameters for the
 provider side cipher context B<cctx> to B<params>.
 Any parameter settings are additional to any that were previously set.

-OP_cipher_ctx_get_params() gets details of currently set parameter values
-associated with the given provider side cipher context B<cctx> and stores them
-in B<params>.
+OP_cipher_ctx_get_params() gets cipher operation details details from
+the given provider side cipher context B<cctx> and stores them in B<params>.
+
+OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params(), and
+OP_cipher_settable_ctx_params() all return constant B<OSSL_PARAM> arrays
+as descriptors of the parameters that OP_cipher_get_params(),
+OP_cipher_ctx_get_params(), and OP_cipher_ctx_set_params() can handle,
+respectively.

 Parameters currently recognised by built-in ciphers are as follows. Not all
 parameters are relevant to, or are understood by all ciphers:
--- a/doc/man7/provider-digest.pod
+++ b/doc/man7/provider-digest.pod
@ -30,10 +30,17 @@ provider-digest - The digest library E<lt>-E<gt> provider functions
 int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl,
                      unsigned char *out, size_t *outl, size_t outsz);

+ /* Digest parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_params(void);
+
+ /* Digest operation parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
+
 /* Digest parameters */
 int OP_digest_get_params(OSSL_PARAM params[]);

- /* Digest context parameters */
+ /* Digest operation parameters */
 int OP_digest_ctx_set_params(void *dctx, const OSSL_PARAM params[]);
 int OP_digest_ctx_get_params(void *dctx, OSSL_PARAM params[]);

@ -65,19 +72,22 @@ For example, the "function" OP_digest_newctx() has these:
 B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
 macros in L<openssl-core_numbers.h(7)>, as follows:

- OP_digest_newctx        OSSL_FUNC_DIGEST_NEWCTX
- OP_digest_freectx       OSSL_FUNC_DIGEST_FREECTX
- OP_digest_dupctx        OSSL_FUNC_DIGEST_DUPCTX
+ OP_digest_newctx               OSSL_FUNC_DIGEST_NEWCTX
+ OP_digest_freectx              OSSL_FUNC_DIGEST_FREECTX
+ OP_digest_dupctx               OSSL_FUNC_DIGEST_DUPCTX

- OP_digest_init          OSSL_FUNC_DIGEST_INIT
- OP_digest_update        OSSL_FUNC_DIGEST_UPDATE
- OP_digest_final         OSSL_FUNC_DIGEST_FINAL
- OP_digest_digest        OSSL_FUNC_DIGEST_DIGEST
+ OP_digest_init                 OSSL_FUNC_DIGEST_INIT
+ OP_digest_update               OSSL_FUNC_DIGEST_UPDATE
+ OP_digest_final                OSSL_FUNC_DIGEST_FINAL
+ OP_digest_digest               OSSL_FUNC_DIGEST_DIGEST

- OP_digest_size          OSSL_FUNC_DIGEST_SIZE
- OP_digest_block_size    OSSL_FUNC_DIGEST_BLOCK_SIZE
- OP_digest_set_params    OSSL_FUNC_DIGEST_SET_PARAMS
- OP_digest_get_params    OSSL_FUNC_DIGEST_GET_PARAMS
+ OP_digest_get_params           OSSL_FUNC_DIGEST_GET_PARAMS
+ OP_digest_ctx_get_params       OSSL_FUNC_DIGEST_CTX_GET_PARAMS
+ OP_digest_ctx_set_params       OSSL_FUNC_DIGEST_CTX_SET_PARAMS
+
+ OP_digest_gettable_params      OSSL_FUNC_DIGEST_GETTABLE_PARAMS
+ OP_digest_gettable_ctx_params  OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS
+ OP_digest_settable_ctx_params  OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS

 A digest algorithm implementation may not implement all of these functions.
 In order to be useable all or none of OP_digest_newctx, OP_digest_freectx,
@ -130,9 +140,24 @@ exceed B<outsz> bytes.

 =head2 Digest Parameters

+See L<OSSL_PARAM(3)> for further details on the parameters structure used by
+these functions.
+
 OP_digest_get_params() gets details of the algorithm implementation
 and stores them in B<params>.
-See L<OSSL_PARAM(3)> for further details on the parameters structure.
+
+OP_digest_ctx_set_params() sets digest operation parameters for the
+provider side digest context B<dctx> to B<params>.
+Any parameter settings are additional to any that were previously set.
+
+OP_digest_ctx_get_params() gets digest operation details details from
+the given provider side digest context B<dctx> and stores them in B<params>.
+
+OP_digest_gettable_params(), OP_digest_gettable_ctx_params(), and
+OP_digest_settable_ctx_params() all return constant B<OSSL_PARAM> arrays
+as descriptors of the parameters that OP_digest_get_params(),
+OP_digest_ctx_get_params(), and OP_digest_ctx_set_params() can handle,
+respectively.

 Parameters currently recognised by built-in digests with this function
 are as follows. Not all parametes are relevant to, or are understood
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@ -148,6 +148,9 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings,
 # define OSSL_FUNC_DIGEST_GET_PARAMS                 8
 # define OSSL_FUNC_DIGEST_CTX_SET_PARAMS             9
 # define OSSL_FUNC_DIGEST_CTX_GET_PARAMS            10
+# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS           11
+# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS       12
+# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS       13

 OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx))
@ -168,6 +171,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_set_params,
                    (void *vctx, const OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_get_params,
                    (void *vctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_params, (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_settable_ctx_params, (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_ctx_params, (void))

 /* Symmetric Ciphers */

@ -184,6 +190,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_get_params,
 # define OSSL_FUNC_CIPHER_GET_PARAMS                 9
 # define OSSL_FUNC_CIPHER_CTX_GET_PARAMS            10
 # define OSSL_FUNC_CIPHER_CTX_SET_PARAMS            11
+# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS           12
+# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS       13
+# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS       14

 OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *cctx,
@ -214,6 +223,12 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx,
                                                    OSSL_PARAM params[]))
 OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx,
                                                    const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_params,
+                    (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_settable_ctx_params,
+                    (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_ctx_params,
+                    (void))

 /*-
 * Key management
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@ -548,8 +548,12 @@ void BIO_set_md(BIO *, const EVP_MD *md);
 # define EVP_delete_digest_alias(alias) \
        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);

+int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
 int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
 int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
+const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
+const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest);
+const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest);
 int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
 EVP_MD_CTX *EVP_MD_CTX_new(void);
 int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
@ -702,6 +706,12 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
+int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
+const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
+const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher);
+const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher);

 const BIO_METHOD *BIO_f_md(void);
 const BIO_METHOD *BIO_f_base64(void);
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@ -4710,3 +4710,13 @@ OPENSSL_hexstr2buf_ex                   4819	3_0_0	EXIST::FUNCTION:
 OPENSSL_buf2hexstr_ex                   4820	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_construct_from_text          4821	3_0_0	EXIST::FUNCTION:
 OSSL_PARAM_allocate_from_text           4822	3_0_0	EXIST::FUNCTION:
+EVP_MD_gettable_params                  4823	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_settable_params              4824	3_0_0	EXIST::FUNCTION:
+EVP_MD_CTX_gettable_params              4825	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_get_params                   4826	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_params               4827	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_params               4828	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_gettable_params              4829	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_settable_params          4830	3_0_0	EXIST::FUNCTION:
+EVP_CIPHER_CTX_gettable_params          4831	3_0_0	EXIST::FUNCTION:
+EVP_MD_get_params                       4832	3_0_0	EXIST::FUNCTION: