mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
62457fd941
The hmac flags OSSL_MAC_PARAM_DIGEST_NOINIT and OSSL_MAC_PARAM_DIGEST_ONESHOT dont add any real value to the provider, and the former causes a segfault when the provider attempts to call EVP_MAC_init on an EVP_MAC object that has been instructed not to be initalized (as the update function will not have been set in the MAC object, which is unilaterally called from EVP_MAC_init Remove the tests for the above flags, and document them as being deprecated and ignored. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/23054)
105 lines
2.8 KiB
Plaintext
105 lines
2.8 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
EVP_MAC-HMAC - The HMAC EVP_MAC implementation
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
Support for computing HMAC MACs through the B<EVP_MAC> API.
|
|
|
|
This implementation uses EVP_MD functions to get access to the underlying
|
|
digest.
|
|
|
|
=head2 Identity
|
|
|
|
This implementation is identified with this name and properties, to be
|
|
used with EVP_MAC_fetch():
|
|
|
|
=over 4
|
|
|
|
=item "HMAC", "provider=default" or "provider=fips"
|
|
|
|
=back
|
|
|
|
=head2 Supported parameters
|
|
|
|
The general description of these parameters can be found in
|
|
L<EVP_MAC(3)/PARAMETERS>.
|
|
|
|
The following parameter can be set with EVP_MAC_CTX_set_params():
|
|
|
|
=over 4
|
|
|
|
=item "key" (B<OSSL_MAC_PARAM_KEY>) <octet string>
|
|
|
|
Sets the MAC key.
|
|
Setting this parameter is identical to passing a I<key> to L<EVP_MAC_init(3)>.
|
|
|
|
=item "digest" (B<OSSL_MAC_PARAM_DIGEST>) <UTF8 string>
|
|
|
|
Sets the name of the underlying digest to be used.
|
|
|
|
=item "properties" (B<OSSL_MAC_PARAM_PROPERTIES>) <UTF8 string>
|
|
|
|
Sets the properties to be queried when trying to fetch the underlying digest.
|
|
This must be given together with the digest naming parameter ("digest", or
|
|
B<OSSL_MAC_PARAM_DIGEST>) to be considered valid.
|
|
|
|
=item "digest-noinit" (B<OSSL_MAC_PARAM_DIGEST_NOINIT>) <integer>
|
|
|
|
A flag to set the MAC digest to not initialise the implementation
|
|
specific data.
|
|
The value 0 or 1 is expected.
|
|
This option is deprecated and will be removed in a future release.
|
|
It may be set but is currently ignored
|
|
|
|
=item "digest-oneshot" (B<OSSL_MAC_PARAM_DIGEST_ONESHOT>) <integer>
|
|
|
|
A flag to set the MAC digest to be a one-shot operation.
|
|
The value 0 or 1 is expected.
|
|
This option is deprecated and will be removed in a future release.
|
|
It may be set but is currently ignored.
|
|
|
|
=item "tls-data-size" (B<OSSL_MAC_PARAM_TLS_DATA_SIZE>) <unsigned integer>
|
|
|
|
=back
|
|
|
|
=for comment The "flags" parameter is passed directly to HMAC_CTX_set_flags().
|
|
|
|
The following parameter can be retrieved with EVP_MAC_CTX_get_params():
|
|
|
|
=over 4
|
|
|
|
=item "size" (B<OSSL_MAC_PARAM_SIZE>) <unsigned integer>
|
|
|
|
The "size" parameter can also be retrieved with EVP_MAC_CTX_get_mac_size().
|
|
The length of the "size" parameter is equal to that of an B<unsigned int>.
|
|
|
|
=back
|
|
|
|
=over 4
|
|
|
|
=item "block-size" (B<OSSL_MAC_PARAM_BLOCK_SIZE>) <unsigned integer>
|
|
|
|
Gets the MAC block size. The "block-size" parameter can also be retrieved with
|
|
EVP_MAC_CTX_get_block_size().
|
|
|
|
=back
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<EVP_MAC_CTX_get_params(3)>, L<EVP_MAC_CTX_set_params(3)>,
|
|
L<EVP_MAC(3)/PARAMETERS>, L<OSSL_PARAM(3)>, L<HMAC(3)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|