From ae3ff60e7bea6fb7510b5c0c2b9599d8430cf001 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 12 Aug 2019 14:56:18 +0200 Subject: [PATCH] Add missing EVP param utility functions These functions were missing for a completes API: EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(), and EVP_CIPHER_CTX_get_params Additionally, we also add all the corresponding parameter descriptor returning functions, along the correspoding provider dispatches: EVP_MD_gettable_params(), EVP_MD_CTX_settable_params(), EVP_MD_CTX_gettable_params(), EVP_CIPHER_gettable_params(), EVP_CIPHER_CTX_settable_params(), and EVP_CIPHER_CTX_gettable_params() Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/9576) --- crypto/evp/digest.c | 42 +++++++++++++++ crypto/evp/evp_enc.c | 59 +++++++++++++++++++++ crypto/include/internal/evp_int.h | 6 +++ doc/man3/EVP_DigestInit.pod | 34 ++++++++++-- doc/man3/EVP_EncryptInit.pod | 29 ++++++++++ doc/man3/OSSL_PARAM_construct_from_text.pod | 2 +- doc/man7/provider-cipher.pod | 52 ++++++++++++------ doc/man7/provider-digest.pod | 51 +++++++++++++----- include/openssl/core_numbers.h | 15 ++++++ include/openssl/evp.h | 10 ++++ util/libcrypto.num | 10 ++++ 11 files changed, 275 insertions(+), 35 deletions(-) diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index afcd73609b..46d5c17e2f 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -524,6 +524,20 @@ int EVP_Digest(const void *data, size_t count, return ret; } +int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]) +{ + if (digest != NULL && digest->get_params != NULL) + return digest->get_params(params); + return 0; +} + +const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest) +{ + if (digest != NULL && digest->gettable_params != NULL) + return digest->gettable_params(); + return NULL; +} + int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) { if (ctx->digest != NULL && ctx->digest->ctx_set_params != NULL) @@ -531,6 +545,13 @@ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]) return 0; } +const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest) +{ + if (digest != NULL && digest->settable_ctx_params != NULL) + return digest->settable_ctx_params(); + return NULL; +} + int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]) { if (ctx->digest != NULL && ctx->digest->get_params != NULL) @@ -538,6 +559,13 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]) return 0; } +const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest) +{ + if (digest != NULL && digest->gettable_ctx_params != NULL) + return digest->gettable_ctx_params(); + return NULL; +} + /* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */ int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) { @@ -655,6 +683,20 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns, if (md->ctx_get_params == NULL) md->ctx_get_params = OSSL_get_OP_digest_ctx_get_params(fns); break; + case OSSL_FUNC_DIGEST_GETTABLE_PARAMS: + if (md->gettable_params == NULL) + md->gettable_params = OSSL_get_OP_digest_gettable_params(fns); + break; + case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS: + if (md->settable_ctx_params == NULL) + md->settable_ctx_params = + OSSL_get_OP_digest_settable_ctx_params(fns); + break; + case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS: + if (md->gettable_ctx_params == NULL) + md->gettable_ctx_params = + OSSL_get_OP_digest_gettable_ctx_params(fns); + break; } } if ((fncnt != 0 && fncnt != 5) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 31e15a63c2..9e0c01aff9 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -1051,6 +1051,48 @@ legacy: return ret; } +int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]) +{ + if (cipher != NULL && cipher->get_params != NULL) + return cipher->get_params(params); + return 0; +} + +int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]) +{ + if (ctx->cipher != NULL && ctx->cipher->ctx_set_params != NULL) + return ctx->cipher->ctx_set_params(ctx->provctx, params); + return 0; +} + +int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]) +{ + if (ctx->cipher != NULL && ctx->cipher->ctx_get_params != NULL) + return ctx->cipher->ctx_get_params(ctx->provctx, params); + return 0; +} + +const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher) +{ + if (cipher != NULL && cipher->gettable_params != NULL) + return cipher->gettable_params(); + return NULL; +} + +const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher) +{ + if (cipher != NULL && cipher->settable_ctx_params != NULL) + return cipher->settable_ctx_params(); + return NULL; +} + +const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher) +{ + if (cipher != NULL && cipher->gettable_ctx_params != NULL) + return cipher->gettable_ctx_params(); + return NULL; +} + #if !defined(FIPS_MODE) /* TODO(3.0): No support for RAND yet in the FIPS module */ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) @@ -1212,6 +1254,23 @@ static void *evp_cipher_from_dispatch(const char *name, break; cipher->ctx_set_params = OSSL_get_OP_cipher_ctx_set_params(fns); break; + case OSSL_FUNC_CIPHER_GETTABLE_PARAMS: + if (cipher->gettable_params != NULL) + break; + cipher->gettable_params = OSSL_get_OP_cipher_gettable_params(fns); + break; + case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS: + if (cipher->gettable_ctx_params != NULL) + break; + cipher->gettable_ctx_params = + OSSL_get_OP_cipher_gettable_ctx_params(fns); + break; + case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS: + if (cipher->settable_ctx_params != NULL) + break; + cipher->settable_ctx_params = + OSSL_get_OP_cipher_settable_ctx_params(fns); + break; } } if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4) diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h index cdb5aab87c..ce9b9b8f51 100644 --- a/crypto/include/internal/evp_int.h +++ b/crypto/include/internal/evp_int.h @@ -215,6 +215,9 @@ struct evp_md_st { OSSL_OP_digest_get_params_fn *get_params; OSSL_OP_digest_ctx_set_params_fn *ctx_set_params; OSSL_OP_digest_ctx_get_params_fn *ctx_get_params; + OSSL_OP_digest_gettable_params_fn *gettable_params; + OSSL_OP_digest_settable_ctx_params_fn *settable_ctx_params; + OSSL_OP_digest_gettable_ctx_params_fn *gettable_ctx_params; } /* EVP_MD */ ; @@ -266,6 +269,9 @@ struct evp_cipher_st { OSSL_OP_cipher_get_params_fn *get_params; OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params; OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params; + OSSL_OP_cipher_gettable_params_fn *gettable_params; + OSSL_OP_cipher_gettable_ctx_params_fn *gettable_ctx_params; + OSSL_OP_cipher_settable_ctx_params_fn *settable_ctx_params; } /* EVP_CIPHER */ ; /* Macros to code block cipher wrappers */ diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 226bc467c4..1cc07b159e 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -3,8 +3,11 @@ =head1 NAME EVP_MD_fetch, +EVP_MD_get_params, EVP_MD_gettable_params, EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy, -EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, +EVP_MD_CTX_set_params, EVP_MD_CTX_get_params, +EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, @@ -25,12 +28,16 @@ EVP_MD_do_all_ex EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties); + int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); + const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); EVP_MD_CTX *EVP_MD_CTX_new(void); int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); + const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest); + const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest); void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); @@ -121,16 +128,29 @@ EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions may apply depending on the control type and digest implementation. See L below for more information. -=item EVP_MD_CTX_get_params +=item EVP_MD_get_params() + +Retrieves the requested list of B from a MD B. +See L below for more information. + +=item EVP_MD_CTX_get_params() Retrieves the requested list of B from a MD context B. See L below for more information. -=item EVP_MD_CTX_set_params +=item EVP_MD_CTX_set_params() -Sets the list of into a MD context B. +Sets the list of B into a MD context B. See L below for more information. +=item EVP_MD_gettable_params(), EVP_MD_CTX_gettable_params(), +EVP_MD_CTX_settable_params() + +Get a B array that describes the retrievable and settable +parameters, i.e. parameters that can be used with EVP_MD_get_params(), +EVP_MD_CTX_get_params() and EVP_MD_CTX_set_params(), respectively. +See L for the use of B as parameter descriptor. + =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() Sets, clears and tests B flags. See L below for more information. @@ -405,6 +425,12 @@ EVP_MD_CTX_get_params() Returns 1 if successful or 0 for failure. +=item EVP_MD_CTX_settable_params(), +EVP_MD_CTX_gettable_params() + +Return an array of constant Bs, or NULL if there is none +to get. + =item EVP_MD_CTX_copy_ex() Returns 1 if successful or 0 for failure. diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index e46d401746..011b6e6c3a 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -29,6 +29,8 @@ EVP_get_cipherbyobj, EVP_CIPHER_name, EVP_CIPHER_provider, EVP_CIPHER_nid, +EVP_CIPHER_get_params, +EVP_CIPHER_gettable_params, EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, @@ -38,6 +40,10 @@ EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_name, EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_get_params, +EVP_CIPHER_CTX_gettable_params, +EVP_CIPHER_CTX_set_params, +EVP_CIPHER_CTX_settable_params, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, @@ -117,6 +123,13 @@ EVP_CIPHER_do_all_ex const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); + + int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); + int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); + int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); + const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); + const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher); + const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher); int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); @@ -240,6 +253,22 @@ decrypting. If the B parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur. +EVP_CIPHER_get_params() retrieves the requested list of algorithm +B from a B. + +EVP_CIPHER_CTX_set_params() Sets the list of operation B into a CIPHER +context B. + +EVP_CIPHER_CTX_get_params() retrieves the requested list of operation +B from CIPHER context B. + +EVP_CIPHER_gettable_params(), EVP_CIPHER_CTX_gettable_params(), and +EVP_CIPHER_CTX_settable_params() get a constant B array +that decribes the retrievable and settable parameters, i.e. parameters +that can be used with EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() +and EVP_CIPHER_CTX_set_params(), respectively. +See L for the use of B as parameter descriptor. + EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key length of a cipher when passed an B or B structure. The constant B is the maximum key length diff --git a/doc/man3/OSSL_PARAM_construct_from_text.pod b/doc/man3/OSSL_PARAM_construct_from_text.pod index e8e2639864..5dc08bd325 100644 --- a/doc/man3/OSSL_PARAM_construct_from_text.pod +++ b/doc/man3/OSSL_PARAM_construct_from_text.pod @@ -120,7 +120,7 @@ Can be written like this instead: OSSL_PARAM *params = OPENSSL_zalloc(sizeof(*params) * (sk_OPENSSL_STRING_num(opts) + 1)); - const OSSL_PARAM *paramdefs = EVP_MAC_CTX_set_param_types(mac); + const OSSL_PARAM *paramdefs = EVP_MAC_CTX_settable_params(mac); size_t params_n; char *opt = ""; diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod index 08cfebfb25..33e0a4f004 100644 --- a/doc/man7/provider-cipher.pod +++ b/doc/man7/provider-cipher.pod @@ -36,8 +36,17 @@ provider-cipher - The cipher library E-E provider functions int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl, size_t outsize, const unsigned char *in, size_t inl); + /* Cipher parameter descriptors */ + const OSSL_PARAM *OP_cipher_gettable_params(void); + + /* Cipheroperation parameter descriptors */ + const OSSL_PARAM *OP_cipher_gettable_ctx_params(void); + const OSSL_PARAM *OP_cipher_settable_ctx_params(void); + /* Cipher parameters */ int OP_cipher_get_params(OSSL_PARAM params[]); + + /* Cipher operation parameters */ int OP_cipher_ctx_get_params(void *cctx, OSSL_PARAM params[]); int OP_cipher_ctx_set_params(void *cctx, const OSSL_PARAM params[]); @@ -70,19 +79,23 @@ For example, the "function" OP_cipher_newctx() has these: B arrays are indexed by numbers that are provided as macros in L, as follows: - OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX - OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX - OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX + OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX + OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX + OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX - OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT - OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT - OP_cipher_update OSSL_FUNC_CIPHER_UPDATE - OP_cipher_final OSSL_FUNC_CIPHER_FINAL - OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER + OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT + OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT + OP_cipher_update OSSL_FUNC_CIPHER_UPDATE + OP_cipher_final OSSL_FUNC_CIPHER_FINAL + OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER - OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS - OP_cipher_ctx_get_params OSSL_FUNC_CIPHER_CTX_GET_PARAMS - OP_cipher_ctx_set_params OSSL_FUNC_CIPHER_CTX_SET_PARAMS + OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS + OP_cipher_ctx_get_params OSSL_FUNC_CIPHER_CTX_GET_PARAMS + OP_cipher_ctx_set_params OSSL_FUNC_CIPHER_CTX_SET_PARAMS + + OP_cipher_gettable_params OSSL_FUNC_CIPHER_GETTABLE_PARAMS + OP_cipher_gettable_ctx_params OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS + OP_cipher_settable_ctx_params OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS A cipher algorithm implementation may not implement all of these functions. In order to be a consistent set of functions there must at least be a complete @@ -163,16 +176,21 @@ B bytes. See L for further details on the parameters structure used by these functions. -OP_cipher_get_params() gets details of parameter values associated with the -provider algorithm and stores them in B. +OP_cipher_get_params() gets details of the algorithm implementation +and stores them in B. -OP_cipher_ctx_set_params() sets cipher parameters associated with the given +OP_cipher_ctx_set_params() sets cipher operation parameters for the provider side cipher context B to B. Any parameter settings are additional to any that were previously set. -OP_cipher_ctx_get_params() gets details of currently set parameter values -associated with the given provider side cipher context B and stores them -in B. +OP_cipher_ctx_get_params() gets cipher operation details details from +the given provider side cipher context B and stores them in B. + +OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params(), and +OP_cipher_settable_ctx_params() all return constant B arrays +as descriptors of the parameters that OP_cipher_get_params(), +OP_cipher_ctx_get_params(), and OP_cipher_ctx_set_params() can handle, +respectively. Parameters currently recognised by built-in ciphers are as follows. Not all parameters are relevant to, or are understood by all ciphers: diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod index 08428428fa..1b71cc19f9 100644 --- a/doc/man7/provider-digest.pod +++ b/doc/man7/provider-digest.pod @@ -30,10 +30,17 @@ provider-digest - The digest library E-E provider functions int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl, unsigned char *out, size_t *outl, size_t outsz); + /* Digest parameter descriptors */ + const OSSL_PARAM *OP_cipher_gettable_params(void); + + /* Digest operation parameter descriptors */ + const OSSL_PARAM *OP_cipher_gettable_ctx_params(void); + const OSSL_PARAM *OP_cipher_settable_ctx_params(void); + /* Digest parameters */ int OP_digest_get_params(OSSL_PARAM params[]); - /* Digest context parameters */ + /* Digest operation parameters */ int OP_digest_ctx_set_params(void *dctx, const OSSL_PARAM params[]); int OP_digest_ctx_get_params(void *dctx, OSSL_PARAM params[]); @@ -65,19 +72,22 @@ For example, the "function" OP_digest_newctx() has these: B arrays are indexed by numbers that are provided as macros in L, as follows: - OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX - OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX - OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX + OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX + OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX + OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX - OP_digest_init OSSL_FUNC_DIGEST_INIT - OP_digest_update OSSL_FUNC_DIGEST_UPDATE - OP_digest_final OSSL_FUNC_DIGEST_FINAL - OP_digest_digest OSSL_FUNC_DIGEST_DIGEST + OP_digest_init OSSL_FUNC_DIGEST_INIT + OP_digest_update OSSL_FUNC_DIGEST_UPDATE + OP_digest_final OSSL_FUNC_DIGEST_FINAL + OP_digest_digest OSSL_FUNC_DIGEST_DIGEST - OP_digest_size OSSL_FUNC_DIGEST_SIZE - OP_digest_block_size OSSL_FUNC_DIGEST_BLOCK_SIZE - OP_digest_set_params OSSL_FUNC_DIGEST_SET_PARAMS - OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS + OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS + OP_digest_ctx_get_params OSSL_FUNC_DIGEST_CTX_GET_PARAMS + OP_digest_ctx_set_params OSSL_FUNC_DIGEST_CTX_SET_PARAMS + + OP_digest_gettable_params OSSL_FUNC_DIGEST_GETTABLE_PARAMS + OP_digest_gettable_ctx_params OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS + OP_digest_settable_ctx_params OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS A digest algorithm implementation may not implement all of these functions. In order to be useable all or none of OP_digest_newctx, OP_digest_freectx, @@ -130,9 +140,24 @@ exceed B bytes. =head2 Digest Parameters +See L for further details on the parameters structure used by +these functions. + OP_digest_get_params() gets details of the algorithm implementation and stores them in B. -See L for further details on the parameters structure. + +OP_digest_ctx_set_params() sets digest operation parameters for the +provider side digest context B to B. +Any parameter settings are additional to any that were previously set. + +OP_digest_ctx_get_params() gets digest operation details details from +the given provider side digest context B and stores them in B. + +OP_digest_gettable_params(), OP_digest_gettable_ctx_params(), and +OP_digest_settable_ctx_params() all return constant B arrays +as descriptors of the parameters that OP_digest_get_params(), +OP_digest_ctx_get_params(), and OP_digest_ctx_set_params() can handle, +respectively. Parameters currently recognised by built-in digests with this function are as follows. Not all parametes are relevant to, or are understood diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index e4d3f5d60f..7a5a1cdf8e 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -148,6 +148,9 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, # define OSSL_FUNC_DIGEST_GET_PARAMS 8 # define OSSL_FUNC_DIGEST_CTX_SET_PARAMS 9 # define OSSL_FUNC_DIGEST_CTX_GET_PARAMS 10 +# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11 +# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12 +# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13 OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx)) @@ -168,6 +171,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_set_params, (void *vctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_get_params, (void *vctx, OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_settable_ctx_params, (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_ctx_params, (void)) /* Symmetric Ciphers */ @@ -184,6 +190,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_get_params, # define OSSL_FUNC_CIPHER_GET_PARAMS 9 # define OSSL_FUNC_CIPHER_CTX_GET_PARAMS 10 # define OSSL_FUNC_CIPHER_CTX_SET_PARAMS 11 +# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS 12 +# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS 13 +# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS 14 OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void *provctx)) OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *cctx, @@ -214,6 +223,12 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx, OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx, const OSSL_PARAM params[])) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_params, + (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_settable_ctx_params, + (void)) +OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_ctx_params, + (void)) /*- * Key management diff --git a/include/openssl/evp.h b/include/openssl/evp.h index eab5a53d8a..7fcc4505f5 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -548,8 +548,12 @@ void BIO_set_md(BIO *, const EVP_MD *md); # define EVP_delete_digest_alias(alias) \ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); +int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]); int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]); int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest); +const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest); +const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest); int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); EVP_MD_CTX *EVP_MD_CTX_new(void); int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); @@ -702,6 +706,12 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); +int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); +int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); +int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]); +const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher); +const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher); const BIO_METHOD *BIO_f_md(void); const BIO_METHOD *BIO_f_base64(void); diff --git a/util/libcrypto.num b/util/libcrypto.num index ac861fec6b..dfa27f96f7 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4710,3 +4710,13 @@ OPENSSL_hexstr2buf_ex 4819 3_0_0 EXIST::FUNCTION: OPENSSL_buf2hexstr_ex 4820 3_0_0 EXIST::FUNCTION: OSSL_PARAM_construct_from_text 4821 3_0_0 EXIST::FUNCTION: OSSL_PARAM_allocate_from_text 4822 3_0_0 EXIST::FUNCTION: +EVP_MD_gettable_params 4823 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_settable_params 4824 3_0_0 EXIST::FUNCTION: +EVP_MD_CTX_gettable_params 4825 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_get_params 4826 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_set_params 4827 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_get_params 4828 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_gettable_params 4829 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_settable_params 4830 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_CTX_gettable_params 4831 3_0_0 EXIST::FUNCTION: +EVP_MD_get_params 4832 3_0_0 EXIST::FUNCTION: