[openssl] master update
Richard Levitte
levitte at openssl.org
Thu Aug 15 08:55:51 UTC 2019
The branch master has been updated
via ec02412b542d1240ed0ecf02e59ca4a4fa08027b (commit)
via ad623ec0cb2b2578a369431a8c3675b8bb2cc3b5 (commit)
via ae3ff60e7bea6fb7510b5c0c2b9599d8430cf001 (commit)
from aee6e29f0e88df18ebc21dbcf9d4d5794d7511e0 (commit)
- Log -----------------------------------------------------------------
commit ec02412b542d1240ed0ecf02e59ca4a4fa08027b
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Aug 12 15:03:24 2019 +0200
Add {get,set}table_params() functions for provider digests
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)
commit ad623ec0cb2b2578a369431a8c3675b8bb2cc3b5
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Aug 12 15:01:00 2019 +0200
Modify 'openssl list' to give more verbose descriptions
With the diverse {get,set}table_params functions, it's possible to
give a more verbose description of the diverse algorithm
implementations. Most notably, we add a description of the parameters
that each implementation is willing to share.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)
commit ae3ff60e7bea6fb7510b5c0c2b9599d8430cf001
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Aug 12 14:56:18 2019 +0200
Add missing EVP param utility functions
These functions were missing for a completes API:
EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
and EVP_CIPHER_CTX_get_params
Additionally, we also add all the corresponding parameter descriptor
returning functions, along the correspoding provider dispatches:
EVP_MD_gettable_params(), EVP_MD_CTX_settable_params(),
EVP_MD_CTX_gettable_params(), EVP_CIPHER_gettable_params(),
EVP_CIPHER_CTX_settable_params(), and EVP_CIPHER_CTX_gettable_params()
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)
-----------------------------------------------------------------------
Summary of changes:
apps/list.c | 186 +++++++++++++++++++---
crypto/evp/digest.c | 42 +++++
crypto/evp/evp_enc.c | 59 +++++++
crypto/include/internal/evp_int.h | 6 +
doc/man1/list.pod | 12 ++
doc/man3/EVP_DigestInit.pod | 34 +++-
doc/man3/EVP_EncryptInit.pod | 29 ++++
doc/man3/OSSL_PARAM_construct_from_text.pod | 2 +-
doc/man7/provider-cipher.pod | 52 ++++--
doc/man7/provider-digest.pod | 51 ++++--
include/openssl/core_numbers.h | 15 ++
include/openssl/evp.h | 10 ++
providers/common/digests/sha2_prov.c | 13 +-
providers/common/digests/sha3_prov.c | 42 ++++-
providers/common/include/internal/core_mkdigest.h | 22 ++-
providers/default/digests/md5_sha1_prov.c | 18 ++-
providers/legacy/digests/mdc2_prov.c | 17 +-
util/libcrypto.num | 10 ++
18 files changed, 551 insertions(+), 69 deletions(-)
diff --git a/apps/list.c b/apps/list.c
index 5f05fb980b..c22a2c6267 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -16,8 +16,94 @@
#include "progs.h"
#include "opt.h"
-static void list_cipher_fn(const EVP_CIPHER *c,
- const char *from, const char *to, void *arg)
+static int verbose = 0;
+
+static int describe_param_type(char *buf, size_t bufsz, const OSSL_PARAM *param)
+{
+ const char *type_mod = "";
+ const char *type = NULL;
+ int show_type_number = 0;
+ int printed_len;
+
+ switch (param->data_type) {
+ case OSSL_PARAM_UNSIGNED_INTEGER:
+ type_mod = "unsigned ";
+ /* FALLTHRU */
+ case OSSL_PARAM_INTEGER:
+ type = "integer";
+ break;
+ case OSSL_PARAM_UTF8_PTR:
+ type_mod = "pointer to a ";
+ /* FALLTHRU */
+ case OSSL_PARAM_UTF8_STRING:
+ type = "UTF8 encoded string";
+ break;
+ case OSSL_PARAM_OCTET_PTR:
+ type_mod = "pointer to an ";
+ /* FALLTHRU */
+ case OSSL_PARAM_OCTET_STRING:
+ type = "octet string";
+ break;
+ default:
+ type = "unknown type";
+ show_type_number = 1;
+ break;
+ }
+
+ printed_len = BIO_snprintf(buf, bufsz, "%s: ", param->key);
+ if (printed_len > 0) {
+ buf += printed_len;
+ bufsz -= printed_len;
+ }
+ printed_len = BIO_snprintf(buf, bufsz, "%s%s", type_mod, type);
+ if (printed_len > 0) {
+ buf += printed_len;
+ bufsz -= printed_len;
+ }
+ if (show_type_number) {
+ printed_len = BIO_snprintf(buf, bufsz, " [%d]", param->data_type);
+ if (printed_len > 0) {
+ buf += printed_len;
+ bufsz -= printed_len;
+ }
+ }
+ if (param->data_size == 0)
+ printed_len = BIO_snprintf(buf, bufsz, " (arbitrary size)");
+ else
+ printed_len = BIO_snprintf(buf, bufsz, " (max %zu bytes large)",
+ param->data_size);
+ if (printed_len > 0) {
+ buf += printed_len;
+ bufsz -= printed_len;
+ }
+ *buf = '\0';
+ return 1;
+}
+
+static int print_param_types(const char *thing, const OSSL_PARAM *pdefs)
+{
+ if (pdefs == NULL) {
+ BIO_printf(bio_out, " No declared %s\n", thing);
+ } else if (pdefs->key == NULL) {
+ /*
+ * An empty list? This shouldn't happen, but let's just make sure to
+ * say something if there's a badly written provider...
+ */
+ BIO_printf(bio_out, " Empty list of %s (!!!)\n", thing);
+ } else {
+ BIO_printf(bio_out, " %s:\n", thing);
+ for (; pdefs->key != NULL; pdefs++) {
+ char buf[200]; /* This should be ample space */
+
+ describe_param_type(buf, sizeof(buf), pdefs);
+ BIO_printf(bio_out, " %s\n", buf);
+ }
+ }
+ return 1;
+}
+
+static void legacy_cipher_fn(const EVP_CIPHER *c,
+ const char *from, const char *to, void *arg)
{
if (c != NULL) {
BIO_printf(arg, " %s\n", EVP_CIPHER_name(c));
@@ -57,7 +143,7 @@ static void list_ciphers(void)
int i;
BIO_printf(bio_out, "Legacy:\n");
- EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
+ EVP_CIPHER_do_all_sorted(legacy_cipher_fn, bio_out);
BIO_printf(bio_out, "Provided:\n");
EVP_CIPHER_do_all_ex(NULL, collect_ciphers, ciphers);
@@ -68,6 +154,14 @@ static void list_ciphers(void)
BIO_printf(bio_out, " %s", EVP_CIPHER_name(c));
BIO_printf(bio_out, " @ %s\n",
OSSL_PROVIDER_name(EVP_CIPHER_provider(c)));
+ if (verbose) {
+ print_param_types("retrievable algorithm parameters",
+ EVP_CIPHER_gettable_params(c));
+ print_param_types("retrievable operation parameters",
+ EVP_CIPHER_CTX_gettable_params(c));
+ print_param_types("settable operation parameters",
+ EVP_CIPHER_CTX_settable_params(c));
+ }
}
sk_EVP_CIPHER_pop_free(ciphers, EVP_CIPHER_meth_free);
}
@@ -118,11 +212,19 @@ static void list_digests(void)
EVP_MD_do_all_ex(NULL, collect_digests, digests);
sk_EVP_MD_sort(digests);
for (i = 0; i < sk_EVP_MD_num(digests); i++) {
- const EVP_MD *c = sk_EVP_MD_value(digests, i);
+ const EVP_MD *m = sk_EVP_MD_value(digests, i);
- BIO_printf(bio_out, " %s", EVP_MD_name(c));
+ BIO_printf(bio_out, " %s", EVP_MD_name(m));
BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_name(EVP_MD_provider(c)));
+ OSSL_PROVIDER_name(EVP_MD_provider(m)));
+ if (verbose) {
+ print_param_types("retrievable algorithm parameters",
+ EVP_MD_gettable_params(m));
+ print_param_types("retrievable operation parameters",
+ EVP_MD_CTX_gettable_params(m));
+ print_param_types("settable operation parameters",
+ EVP_MD_CTX_settable_params(m));
+ }
}
sk_EVP_MD_pop_free(digests, EVP_MD_meth_free);
}
@@ -471,7 +573,7 @@ static void list_disabled(void)
/* Unified enum for help and list commands. */
typedef enum HELPLIST_CHOICE {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE,
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE, OPT_VERBOSE,
OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS,
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_ENGINES, OPT_DISABLED,
@@ -481,6 +583,7 @@ typedef enum HELPLIST_CHOICE {
const OPTIONS list_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"1", OPT_ONE, '-', "List in one column"},
+ {"verbose", OPT_VERBOSE, '-', "Verbose listing"},
{"commands", OPT_COMMANDS, '-', "List of standard commands"},
{"digest-commands", OPT_DIGEST_COMMANDS, '-',
"List of message digest commands"},
@@ -513,6 +616,23 @@ int list_main(int argc, char **argv)
char *prog;
HELPLIST_CHOICE o;
int one = 0, done = 0;
+ struct {
+ unsigned int commands:1;
+ unsigned int digest_commands:1;
+ unsigned int digest_algorithms:1;
+ unsigned int mac_algorithms:1;
+ unsigned int cipher_commands:1;
+ unsigned int cipher_algorithms:1;
+ unsigned int pk_algorithms:1;
+ unsigned int pk_method:1;
+ unsigned int engines:1;
+ unsigned int disabled:1;
+ unsigned int missing_help:1;
+ unsigned int objects:1;
+ unsigned int options:1;
+ } todo = { 0, };
+
+ verbose = 0; /* Clear a possible previous call */
prog = opt_init(argc, argv, list_options);
while ((o = opt_next()) != OPT_EOF) {
@@ -529,44 +649,47 @@ opthelp:
one = 1;
break;
case OPT_COMMANDS:
- list_type(FT_general, one);
+ todo.commands = 1;
break;
case OPT_DIGEST_COMMANDS:
- list_type(FT_md, one);
+ todo.digest_commands = 1;
break;
case OPT_DIGEST_ALGORITHMS:
- list_digests();
+ todo.digest_algorithms = 1;
break;
case OPT_MAC_ALGORITHMS:
- EVP_MAC_do_all_sorted(list_mac_fn, bio_out);
+ todo.mac_algorithms = 1;
break;
case OPT_CIPHER_COMMANDS:
- list_type(FT_cipher, one);
+ todo.cipher_commands = 1;
break;
case OPT_CIPHER_ALGORITHMS:
- list_ciphers();
+ todo.cipher_algorithms = 1;
break;
case OPT_PK_ALGORITHMS:
- list_pkey();
+ todo.pk_algorithms = 1;
break;
case OPT_PK_METHOD:
- list_pkey_meth();
+ todo.pk_method = 1;
break;
case OPT_ENGINES:
- list_engines();
+ todo.engines = 1;
break;
case OPT_DISABLED:
- list_disabled();
+ todo.disabled = 1;
break;
case OPT_MISSING_HELP:
- list_missing_help();
+ todo.missing_help = 1;
break;
case OPT_OBJECTS:
- list_objects();
+ todo.objects = 1;
break;
case OPT_OPTIONS:
list_options_for_command(opt_arg());
break;
+ case OPT_VERBOSE:
+ verbose = 1;
+ break;
}
done = 1;
}
@@ -575,6 +698,31 @@ opthelp:
goto opthelp;
}
+ if (todo.commands)
+ list_type(FT_general, one);
+ if (todo.digest_commands)
+ list_type(FT_md, one);
+ if (todo.digest_algorithms)
+ list_digests();
+ if (todo.mac_algorithms)
+ EVP_MAC_do_all_sorted(list_mac_fn, bio_out);
+ if (todo.cipher_commands)
+ list_type(FT_cipher, one);
+ if (todo.cipher_algorithms)
+ list_ciphers();
+ if (todo.pk_algorithms)
+ list_pkey();
+ if (todo.pk_method)
+ list_pkey_meth();
+ if (todo.engines)
+ list_engines();
+ if (todo.disabled)
+ list_disabled();
+ if (todo.missing_help)
+ list_missing_help();
+ if (todo.objects)
+ list_objects();
+
if (!done)
goto opthelp;
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index afcd73609b..46d5c17e2f 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -524,6 +524,20 @@ int EVP_Digest(const void *data, size_t count,
return ret;
}
+int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[])
+{
+ if (digest != NULL && digest->get_params != NULL)
+ return digest->get_params(params);
+ return 0;
+}
+
+const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest)
+{
+ if (digest != NULL && digest->gettable_params != NULL)
+ return digest->gettable_params();
+ return NULL;
+}
+
int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
{
if (ctx->digest != NULL && ctx->digest->ctx_set_params != NULL)
@@ -531,6 +545,13 @@ int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[])
return 0;
}
+const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest)
+{
+ if (digest != NULL && digest->settable_ctx_params != NULL)
+ return digest->settable_ctx_params();
+ return NULL;
+}
+
int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
{
if (ctx->digest != NULL && ctx->digest->get_params != NULL)
@@ -538,6 +559,13 @@ int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[])
return 0;
}
+const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest)
+{
+ if (digest != NULL && digest->gettable_ctx_params != NULL)
+ return digest->gettable_ctx_params();
+ return NULL;
+}
+
/* TODO(3.0): Remove legacy code below - only used by engines & DigestSign */
int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
{
@@ -655,6 +683,20 @@ static void *evp_md_from_dispatch(const char *name, const OSSL_DISPATCH *fns,
if (md->ctx_get_params == NULL)
md->ctx_get_params = OSSL_get_OP_digest_ctx_get_params(fns);
break;
+ case OSSL_FUNC_DIGEST_GETTABLE_PARAMS:
+ if (md->gettable_params == NULL)
+ md->gettable_params = OSSL_get_OP_digest_gettable_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS:
+ if (md->settable_ctx_params == NULL)
+ md->settable_ctx_params =
+ OSSL_get_OP_digest_settable_ctx_params(fns);
+ break;
+ case OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS:
+ if (md->gettable_ctx_params == NULL)
+ md->gettable_ctx_params =
+ OSSL_get_OP_digest_gettable_ctx_params(fns);
+ break;
}
}
if ((fncnt != 0 && fncnt != 5)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 31e15a63c2..9e0c01aff9 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -1051,6 +1051,48 @@ legacy:
return ret;
}
+int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[])
+{
+ if (cipher != NULL && cipher->get_params != NULL)
+ return cipher->get_params(params);
+ return 0;
+}
+
+int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[])
+{
+ if (ctx->cipher != NULL && ctx->cipher->ctx_set_params != NULL)
+ return ctx->cipher->ctx_set_params(ctx->provctx, params);
+ return 0;
+}
+
+int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[])
+{
+ if (ctx->cipher != NULL && ctx->cipher->ctx_get_params != NULL)
+ return ctx->cipher->ctx_get_params(ctx->provctx, params);
+ return 0;
+}
+
+const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher)
+{
+ if (cipher != NULL && cipher->gettable_params != NULL)
+ return cipher->gettable_params();
+ return NULL;
+}
+
+const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher)
+{
+ if (cipher != NULL && cipher->settable_ctx_params != NULL)
+ return cipher->settable_ctx_params();
+ return NULL;
+}
+
+const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher)
+{
+ if (cipher != NULL && cipher->gettable_ctx_params != NULL)
+ return cipher->gettable_ctx_params();
+ return NULL;
+}
+
#if !defined(FIPS_MODE)
/* TODO(3.0): No support for RAND yet in the FIPS module */
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
@@ -1212,6 +1254,23 @@ static void *evp_cipher_from_dispatch(const char *name,
break;
cipher->ctx_set_params = OSSL_get_OP_cipher_ctx_set_params(fns);
break;
+ case OSSL_FUNC_CIPHER_GETTABLE_PARAMS:
+ if (cipher->gettable_params != NULL)
+ break;
+ cipher->gettable_params = OSSL_get_OP_cipher_gettable_params(fns);
+ break;
+ case OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS:
+ if (cipher->gettable_ctx_params != NULL)
+ break;
+ cipher->gettable_ctx_params =
+ OSSL_get_OP_cipher_gettable_ctx_params(fns);
+ break;
+ case OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS:
+ if (cipher->settable_ctx_params != NULL)
+ break;
+ cipher->settable_ctx_params =
+ OSSL_get_OP_cipher_settable_ctx_params(fns);
+ break;
}
}
if ((fnciphcnt != 0 && fnciphcnt != 3 && fnciphcnt != 4)
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
index cdb5aab87c..ce9b9b8f51 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -215,6 +215,9 @@ struct evp_md_st {
OSSL_OP_digest_get_params_fn *get_params;
OSSL_OP_digest_ctx_set_params_fn *ctx_set_params;
OSSL_OP_digest_ctx_get_params_fn *ctx_get_params;
+ OSSL_OP_digest_gettable_params_fn *gettable_params;
+ OSSL_OP_digest_settable_ctx_params_fn *settable_ctx_params;
+ OSSL_OP_digest_gettable_ctx_params_fn *gettable_ctx_params;
} /* EVP_MD */ ;
@@ -266,6 +269,9 @@ struct evp_cipher_st {
OSSL_OP_cipher_get_params_fn *get_params;
OSSL_OP_cipher_ctx_get_params_fn *ctx_get_params;
OSSL_OP_cipher_ctx_set_params_fn *ctx_set_params;
+ OSSL_OP_cipher_gettable_params_fn *gettable_params;
+ OSSL_OP_cipher_gettable_ctx_params_fn *gettable_ctx_params;
+ OSSL_OP_cipher_settable_ctx_params_fn *settable_ctx_params;
} /* EVP_CIPHER */ ;
/* Macros to code block cipher wrappers */
diff --git a/doc/man1/list.pod b/doc/man1/list.pod
index 1e4d7cdd0a..1817b59760 100644
--- a/doc/man1/list.pod
+++ b/doc/man1/list.pod
@@ -9,6 +9,7 @@ list - list algorithms and features
B<openssl list>
[B<-help>]
+[B<-verbose>]
[B<-1>]
[B<-commands>]
[B<-digest-commands>]
@@ -34,6 +35,11 @@ features.
Display a usage message.
+=item B<-verbose>
+
+Displays extra information.
+The options below where verbosity applies say a bit more about what that means.
+
=item B<-1>
List the commands, digest-commands, or cipher-commands in a single column.
@@ -56,6 +62,9 @@ official algorithm name, B<bar>.
If a line is of the form C<foo @ bar>, then B<foo> is provided by the provider
B<bar>.
+In verbose mode, the algorithms provided by a provider will get additional
+information on what parameters each implementation supports.
+
=item B<-mac-algorithms>
Display a list of message authentication code algorithms.
@@ -75,6 +84,9 @@ official algorithm name, B<bar>.
If a line is of the form C<foo @ bar>, then B<foo> is provided by the provider
B<bar>.
+In verbose mode, the algorithms provided by a provider will get additional
+information on what parameters each implementation supports.
+
=item B<-public-key-algorithms>
Display a list of public key algorithms, with each algorithm as
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index 226bc467c4..1cc07b159e 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -3,8 +3,11 @@
=head1 NAME
EVP_MD_fetch,
+EVP_MD_get_params, EVP_MD_gettable_params,
EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy,
-EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl,
+EVP_MD_CTX_set_params, EVP_MD_CTX_get_params,
+EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params,
EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate,
EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
@@ -25,12 +28,16 @@ EVP_MD_do_all_ex
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
const char *properties);
+ int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
EVP_MD_CTX *EVP_MD_CTX_new(void);
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2);
int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest);
+ const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest);
void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
@@ -121,16 +128,29 @@ EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions
may apply depending on the control type and digest implementation.
See L</CONTROLS> below for more information.
-=item EVP_MD_CTX_get_params
+=item EVP_MD_get_params()
+
+Retrieves the requested list of B<params> from a MD B<md>.
+See L</PARAMS> below for more information.
+
+=item EVP_MD_CTX_get_params()
Retrieves the requested list of B<params> from a MD context B<ctx>.
See L</PARAMS> below for more information.
-=item EVP_MD_CTX_set_params
+=item EVP_MD_CTX_set_params()
-Sets the list of <params> into a MD context B<ctx>.
+Sets the list of B<params> into a MD context B<ctx>.
See L</PARAMS> below for more information.
+=item EVP_MD_gettable_params(), EVP_MD_CTX_gettable_params(),
+EVP_MD_CTX_settable_params()
+
+Get a B<OSSL_PARAM> array that describes the retrievable and settable
+parameters, i.e. parameters that can be used with EVP_MD_get_params(),
+EVP_MD_CTX_get_params() and EVP_MD_CTX_set_params(), respectively.
+See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
+
=item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()
Sets, clears and tests B<ctx> flags. See L</FLAGS> below for more information.
@@ -405,6 +425,12 @@ EVP_MD_CTX_get_params()
Returns 1 if successful or 0 for failure.
+=item EVP_MD_CTX_settable_params(),
+EVP_MD_CTX_gettable_params()
+
+Return an array of constant B<OSSL_PARAM>s, or NULL if there is none
+to get.
+
=item EVP_MD_CTX_copy_ex()
Returns 1 if successful or 0 for failure.
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index e46d401746..011b6e6c3a 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -29,6 +29,8 @@ EVP_get_cipherbyobj,
EVP_CIPHER_name,
EVP_CIPHER_provider,
EVP_CIPHER_nid,
+EVP_CIPHER_get_params,
+EVP_CIPHER_gettable_params,
EVP_CIPHER_block_size,
EVP_CIPHER_key_length,
EVP_CIPHER_iv_length,
@@ -38,6 +40,10 @@ EVP_CIPHER_type,
EVP_CIPHER_CTX_cipher,
EVP_CIPHER_CTX_name,
EVP_CIPHER_CTX_nid,
+EVP_CIPHER_CTX_get_params,
+EVP_CIPHER_CTX_gettable_params,
+EVP_CIPHER_CTX_set_params,
+EVP_CIPHER_CTX_settable_params,
EVP_CIPHER_CTX_block_size,
EVP_CIPHER_CTX_key_length,
EVP_CIPHER_CTX_iv_length,
@@ -117,6 +123,13 @@ EVP_CIPHER_do_all_ex
const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx);
+
+ int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
+ int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
+ const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher);
+ const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher);
int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
@@ -240,6 +253,22 @@ decrypting. If the B<pad> parameter is zero then no padding is
performed, the total amount of data encrypted or decrypted must then
be a multiple of the block size or an error will occur.
+EVP_CIPHER_get_params() retrieves the requested list of algorithm
+B<params> from a B<cipher>.
+
+EVP_CIPHER_CTX_set_params() Sets the list of operation B<params> into a CIPHER
+context B<ctx>.
+
+EVP_CIPHER_CTX_get_params() retrieves the requested list of operation
+B<params> from CIPHER context B<ctx>.
+
+EVP_CIPHER_gettable_params(), EVP_CIPHER_CTX_gettable_params(), and
+EVP_CIPHER_CTX_settable_params() get a constant B<OSSL_PARAM> array
+that decribes the retrievable and settable parameters, i.e. parameters
+that can be used with EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params()
+and EVP_CIPHER_CTX_set_params(), respectively.
+See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
+
EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
diff --git a/doc/man3/OSSL_PARAM_construct_from_text.pod b/doc/man3/OSSL_PARAM_construct_from_text.pod
index e8e2639864..5dc08bd325 100644
--- a/doc/man3/OSSL_PARAM_construct_from_text.pod
+++ b/doc/man3/OSSL_PARAM_construct_from_text.pod
@@ -120,7 +120,7 @@ Can be written like this instead:
OSSL_PARAM *params =
OPENSSL_zalloc(sizeof(*params)
* (sk_OPENSSL_STRING_num(opts) + 1));
- const OSSL_PARAM *paramdefs = EVP_MAC_CTX_set_param_types(mac);
+ const OSSL_PARAM *paramdefs = EVP_MAC_CTX_settable_params(mac);
size_t params_n;
char *opt = "<unknown>";
diff --git a/doc/man7/provider-cipher.pod b/doc/man7/provider-cipher.pod
index 08cfebfb25..33e0a4f004 100644
--- a/doc/man7/provider-cipher.pod
+++ b/doc/man7/provider-cipher.pod
@@ -36,8 +36,17 @@ provider-cipher - The cipher library E<lt>-E<gt> provider functions
int OP_cipher_cipher(void *cctx, unsigned char *out, size_t *outl,
size_t outsize, const unsigned char *in, size_t inl);
+ /* Cipher parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_params(void);
+
+ /* Cipheroperation parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
+
/* Cipher parameters */
int OP_cipher_get_params(OSSL_PARAM params[]);
+
+ /* Cipher operation parameters */
int OP_cipher_ctx_get_params(void *cctx, OSSL_PARAM params[]);
int OP_cipher_ctx_set_params(void *cctx, const OSSL_PARAM params[]);
@@ -70,19 +79,23 @@ For example, the "function" OP_cipher_newctx() has these:
B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
macros in L<openssl-core_numbers.h(7)>, as follows:
- OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX
- OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX
- OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX
+ OP_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX
+ OP_cipher_freectx OSSL_FUNC_CIPHER_FREECTX
+ OP_cipher_dupctx OSSL_FUNC_CIPHER_DUPCTX
- OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT
- OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT
- OP_cipher_update OSSL_FUNC_CIPHER_UPDATE
- OP_cipher_final OSSL_FUNC_CIPHER_FINAL
- OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER
+ OP_cipher_encrypt_init OSSL_FUNC_CIPHER_ENCRYPT_INIT
+ OP_cipher_decrypt_init OSSL_FUNC_CIPHER_DECRYPT_INIT
+ OP_cipher_update OSSL_FUNC_CIPHER_UPDATE
+ OP_cipher_final OSSL_FUNC_CIPHER_FINAL
+ OP_cipher_cipher OSSL_FUNC_CIPHER_CIPHER
- OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS
- OP_cipher_ctx_get_params OSSL_FUNC_CIPHER_CTX_GET_PARAMS
- OP_cipher_ctx_set_params OSSL_FUNC_CIPHER_CTX_SET_PARAMS
+ OP_cipher_get_params OSSL_FUNC_CIPHER_GET_PARAMS
+ OP_cipher_ctx_get_params OSSL_FUNC_CIPHER_CTX_GET_PARAMS
+ OP_cipher_ctx_set_params OSSL_FUNC_CIPHER_CTX_SET_PARAMS
+
+ OP_cipher_gettable_params OSSL_FUNC_CIPHER_GETTABLE_PARAMS
+ OP_cipher_gettable_ctx_params OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS
+ OP_cipher_settable_ctx_params OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS
A cipher algorithm implementation may not implement all of these functions.
In order to be a consistent set of functions there must at least be a complete
@@ -163,16 +176,21 @@ B<outsize> bytes.
See L<OSSL_PARAM(3)> for further details on the parameters structure used by
these functions.
-OP_cipher_get_params() gets details of parameter values associated with the
-provider algorithm and stores them in B<params>.
+OP_cipher_get_params() gets details of the algorithm implementation
+and stores them in B<params>.
-OP_cipher_ctx_set_params() sets cipher parameters associated with the given
+OP_cipher_ctx_set_params() sets cipher operation parameters for the
provider side cipher context B<cctx> to B<params>.
Any parameter settings are additional to any that were previously set.
-OP_cipher_ctx_get_params() gets details of currently set parameter values
-associated with the given provider side cipher context B<cctx> and stores them
-in B<params>.
+OP_cipher_ctx_get_params() gets cipher operation details details from
+the given provider side cipher context B<cctx> and stores them in B<params>.
+
+OP_cipher_gettable_params(), OP_cipher_gettable_ctx_params(), and
+OP_cipher_settable_ctx_params() all return constant B<OSSL_PARAM> arrays
+as descriptors of the parameters that OP_cipher_get_params(),
+OP_cipher_ctx_get_params(), and OP_cipher_ctx_set_params() can handle,
+respectively.
Parameters currently recognised by built-in ciphers are as follows. Not all
parameters are relevant to, or are understood by all ciphers:
diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod
index 08428428fa..1b71cc19f9 100644
--- a/doc/man7/provider-digest.pod
+++ b/doc/man7/provider-digest.pod
@@ -30,10 +30,17 @@ provider-digest - The digest library E<lt>-E<gt> provider functions
int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl,
unsigned char *out, size_t *outl, size_t outsz);
+ /* Digest parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_params(void);
+
+ /* Digest operation parameter descriptors */
+ const OSSL_PARAM *OP_cipher_gettable_ctx_params(void);
+ const OSSL_PARAM *OP_cipher_settable_ctx_params(void);
+
/* Digest parameters */
int OP_digest_get_params(OSSL_PARAM params[]);
- /* Digest context parameters */
+ /* Digest operation parameters */
int OP_digest_ctx_set_params(void *dctx, const OSSL_PARAM params[]);
int OP_digest_ctx_get_params(void *dctx, OSSL_PARAM params[]);
@@ -65,19 +72,22 @@ For example, the "function" OP_digest_newctx() has these:
B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
macros in L<openssl-core_numbers.h(7)>, as follows:
- OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX
- OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX
- OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX
+ OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX
+ OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX
+ OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX
+
+ OP_digest_init OSSL_FUNC_DIGEST_INIT
+ OP_digest_update OSSL_FUNC_DIGEST_UPDATE
+ OP_digest_final OSSL_FUNC_DIGEST_FINAL
+ OP_digest_digest OSSL_FUNC_DIGEST_DIGEST
- OP_digest_init OSSL_FUNC_DIGEST_INIT
- OP_digest_update OSSL_FUNC_DIGEST_UPDATE
- OP_digest_final OSSL_FUNC_DIGEST_FINAL
- OP_digest_digest OSSL_FUNC_DIGEST_DIGEST
+ OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS
+ OP_digest_ctx_get_params OSSL_FUNC_DIGEST_CTX_GET_PARAMS
+ OP_digest_ctx_set_params OSSL_FUNC_DIGEST_CTX_SET_PARAMS
- OP_digest_size OSSL_FUNC_DIGEST_SIZE
- OP_digest_block_size OSSL_FUNC_DIGEST_BLOCK_SIZE
- OP_digest_set_params OSSL_FUNC_DIGEST_SET_PARAMS
- OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS
+ OP_digest_gettable_params OSSL_FUNC_DIGEST_GETTABLE_PARAMS
+ OP_digest_gettable_ctx_params OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS
+ OP_digest_settable_ctx_params OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS
A digest algorithm implementation may not implement all of these functions.
In order to be useable all or none of OP_digest_newctx, OP_digest_freectx,
@@ -130,9 +140,24 @@ exceed B<outsz> bytes.
=head2 Digest Parameters
+See L<OSSL_PARAM(3)> for further details on the parameters structure used by
+these functions.
+
OP_digest_get_params() gets details of the algorithm implementation
and stores them in B<params>.
-See L<OSSL_PARAM(3)> for further details on the parameters structure.
+
+OP_digest_ctx_set_params() sets digest operation parameters for the
+provider side digest context B<dctx> to B<params>.
+Any parameter settings are additional to any that were previously set.
+
+OP_digest_ctx_get_params() gets digest operation details details from
+the given provider side digest context B<dctx> and stores them in B<params>.
+
+OP_digest_gettable_params(), OP_digest_gettable_ctx_params(), and
+OP_digest_settable_ctx_params() all return constant B<OSSL_PARAM> arrays
+as descriptors of the parameters that OP_digest_get_params(),
+OP_digest_ctx_get_params(), and OP_digest_ctx_set_params() can handle,
+respectively.
Parameters currently recognised by built-in digests with this function
are as follows. Not all parametes are relevant to, or are understood
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index e4d3f5d60f..7a5a1cdf8e 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -148,6 +148,9 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings,
# define OSSL_FUNC_DIGEST_GET_PARAMS 8
# define OSSL_FUNC_DIGEST_CTX_SET_PARAMS 9
# define OSSL_FUNC_DIGEST_CTX_GET_PARAMS 10
+# define OSSL_FUNC_DIGEST_GETTABLE_PARAMS 11
+# define OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS 12
+# define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13
OSSL_CORE_MAKE_FUNC(void *, OP_digest_newctx, (void *provctx))
OSSL_CORE_MAKE_FUNC(int, OP_digest_init, (void *dctx))
@@ -168,6 +171,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_set_params,
(void *vctx, const OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_get_params,
(void *vctx, OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_params, (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_settable_ctx_params, (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_digest_gettable_ctx_params, (void))
/* Symmetric Ciphers */
@@ -184,6 +190,9 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_ctx_get_params,
# define OSSL_FUNC_CIPHER_GET_PARAMS 9
# define OSSL_FUNC_CIPHER_CTX_GET_PARAMS 10
# define OSSL_FUNC_CIPHER_CTX_SET_PARAMS 11
+# define OSSL_FUNC_CIPHER_GETTABLE_PARAMS 12
+# define OSSL_FUNC_CIPHER_GETTABLE_CTX_PARAMS 13
+# define OSSL_FUNC_CIPHER_SETTABLE_CTX_PARAMS 14
OSSL_CORE_MAKE_FUNC(void *, OP_cipher_newctx, (void *provctx))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_encrypt_init, (void *cctx,
@@ -214,6 +223,12 @@ OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_get_params, (void *cctx,
OSSL_PARAM params[]))
OSSL_CORE_MAKE_FUNC(int, OP_cipher_ctx_set_params, (void *cctx,
const OSSL_PARAM params[]))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_params,
+ (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_settable_ctx_params,
+ (void))
+OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_cipher_gettable_ctx_params,
+ (void))
/*-
* Key management
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index eab5a53d8a..7fcc4505f5 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -548,8 +548,12 @@ void BIO_set_md(BIO *, const EVP_MD *md);
# define EVP_delete_digest_alias(alias) \
OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+int EVP_MD_get_params(const EVP_MD *digest, OSSL_PARAM params[]);
int EVP_MD_CTX_set_params(EVP_MD_CTX *ctx, const OSSL_PARAM params[]);
int EVP_MD_CTX_get_params(EVP_MD_CTX *ctx, OSSL_PARAM params[]);
+const OSSL_PARAM *EVP_MD_gettable_params(const EVP_MD *digest);
+const OSSL_PARAM *EVP_MD_CTX_settable_params(const EVP_MD *digest);
+const OSSL_PARAM *EVP_MD_CTX_gettable_params(const EVP_MD *digest);
int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
EVP_MD_CTX *EVP_MD_CTX_new(void);
int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
@@ -702,6 +706,12 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]);
+int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]);
+int EVP_CIPHER_CTX_get_params(EVP_CIPHER_CTX *ctx, OSSL_PARAM params[]);
+const OSSL_PARAM *EVP_CIPHER_gettable_params(const EVP_CIPHER *cipher);
+const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(const EVP_CIPHER *cipher);
+const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(const EVP_CIPHER *cipher);
const BIO_METHOD *BIO_f_md(void);
const BIO_METHOD *BIO_f_base64(void);
diff --git a/providers/common/digests/sha2_prov.c b/providers/common/digests/sha2_prov.c
index e823c27039..0f359171ab 100644
--- a/providers/common/digests/sha2_prov.c
+++ b/providers/common/digests/sha2_prov.c
@@ -19,6 +19,17 @@
#include "internal/sha.h"
static OSSL_OP_digest_ctx_set_params_fn sha1_set_params;
+static OSSL_OP_digest_settable_ctx_params_fn sha1_settable_params;
+
+static const OSSL_PARAM known_sha1_ctx_params[] = {
+ {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0},
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *sha1_settable_params(void)
+{
+ return known_sha1_ctx_params;
+}
/* Special set_params method for SSL3 */
static int sha1_set_params(void *vctx, const OSSL_PARAM params[])
@@ -39,7 +50,7 @@ OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(sha1, SHA_CTX,
SHA_CBLOCK, SHA_DIGEST_LENGTH,
EVP_MD_FLAG_DIGALGID_ABSENT,
SHA1_Init, SHA1_Update, SHA1_Final,
- sha1_set_params)
+ sha1_settable_params, sha1_set_params)
OSSL_FUNC_DIGEST_CONSTRUCT(sha224, SHA256_CTX,
SHA256_CBLOCK, SHA224_DIGEST_LENGTH,
diff --git a/providers/common/digests/sha3_prov.c b/providers/common/digests/sha3_prov.c
index 63a57dbcb3..bcef28c98c 100644
--- a/providers/common/digests/sha3_prov.c
+++ b/providers/common/digests/sha3_prov.c
@@ -26,7 +26,8 @@ static OSSL_OP_digest_update_fn keccak_update;
static OSSL_OP_digest_final_fn keccak_final;
static OSSL_OP_digest_freectx_fn keccak_freectx;
static OSSL_OP_digest_dupctx_fn keccak_dupctx;
-static OSSL_OP_digest_ctx_set_params_fn shake_set_params;
+static OSSL_OP_digest_ctx_set_params_fn shake_ctx_set_params;
+static OSSL_OP_digest_settable_ctx_params_fn shake_settable_ctx_params;
static sha3_absorb_fn generic_sha3_absorb;
static sha3_final_fn generic_sha3_final;
@@ -203,8 +204,21 @@ static void *uname##_newctx(void *provctx) \
}
#define OSSL_FUNC_SHA3_DIGEST(name, bitlen, blksize, dgstsize, flags, \
- stparams) \
+ stparamtypes, stparams) \
static OSSL_OP_digest_get_params_fn name##_get_params; \
+static OSSL_OP_digest_gettable_params_fn name##_gettable_params; \
+static const OSSL_PARAM known_##name##_gettable_params[] = { \
+ {OSSL_DIGEST_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, \
+ NULL, sizeof(int), 0}, \
+ {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, \
+ {OSSL_DIGEST_PARAM_FLAGS, OSSL_PARAM_INTEGER, \
+ NULL, sizeof(unsigned long), 0}, \
+ OSSL_PARAM_END \
+}; \
+static const OSSL_PARAM *name##_gettable_params(void) \
+{ \
+ return known_##name##_gettable_params; \
+} \
static int name##_get_params(OSSL_PARAM params[]) \
{ \
OSSL_PARAM *p = NULL; \
@@ -228,7 +242,11 @@ const OSSL_DISPATCH name##_functions[] = { \
{ OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))keccak_freectx }, \
{ OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))keccak_dupctx }, \
{ OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params }, \
+ { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \
+ (void (*)(void))name##_gettable_params }, \
{ OSSL_FUNC_DIGEST_CTX_SET_PARAMS, (void (*)(void))stparams }, \
+ { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))stparamtypes }, \
OSSL_FUNC_DIGEST_CONSTRUCT_END
static void keccak_freectx(void *vctx)
@@ -247,7 +265,17 @@ static void *keccak_dupctx(void *ctx)
return ret;
}
-static int shake_set_params(void *vctx, const OSSL_PARAM params[])
+static const OSSL_PARAM known_shake_settable_ctx_params[] = {
+ {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0},
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *shake_settable_ctx_params(void)
+{
+ return known_shake_settable_ctx_params;
+}
+
+static int shake_ctx_set_params(void *vctx, const OSSL_PARAM params[])
{
const OSSL_PARAM *p;
KECCAK1600_CTX *ctx = (KECCAK1600_CTX *)vctx;
@@ -265,18 +293,20 @@ static int shake_set_params(void *vctx, const OSSL_PARAM params[])
SHA3_newctx(sha3, SHA3_##bitlen, sha3_##bitlen, bitlen, '\x06') \
OSSL_FUNC_SHA3_DIGEST(sha3_##bitlen, bitlen, \
SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
- EVP_MD_FLAG_DIGALGID_ABSENT, NULL)
+ EVP_MD_FLAG_DIGALGID_ABSENT, NULL, NULL)
#define SHAKE(bitlen) \
SHA3_newctx(shake, SHAKE_##bitlen, shake_##bitlen, bitlen, '\x1f') \
OSSL_FUNC_SHA3_DIGEST(shake_##bitlen, bitlen, \
SHA3_BLOCKSIZE(bitlen), SHA3_MDSIZE(bitlen), \
- EVP_MD_FLAG_XOF, shake_set_params)
+ EVP_MD_FLAG_XOF, \
+ shake_settable_ctx_params, shake_ctx_set_params)
#define KMAC(bitlen) \
KMAC_newctx(keccak_kmac_##bitlen, bitlen, '\x04') \
OSSL_FUNC_SHA3_DIGEST(keccak_kmac_##bitlen, bitlen, \
SHA3_BLOCKSIZE(bitlen), KMAC_MDSIZE(bitlen), \
- EVP_MD_FLAG_XOF, shake_set_params)
+ EVP_MD_FLAG_XOF, \
+ shake_settable_ctx_params, shake_ctx_set_params)
SHA3(224)
SHA3(256)
diff --git a/providers/common/include/internal/core_mkdigest.h b/providers/common/include/internal/core_mkdigest.h
index 8a077aec47..a8a99ae036 100644
--- a/providers/common/include/internal/core_mkdigest.h
+++ b/providers/common/include/internal/core_mkdigest.h
@@ -42,6 +42,19 @@ static void *name##_dupctx(void *ctx) \
# define OSSL_FUNC_DIGEST_GET_PARAM(name, blksize, dgstsize, flags) \
static OSSL_OP_digest_get_params_fn name##_get_params; \
+static OSSL_OP_digest_gettable_params_fn name##_gettable_params; \
+static const OSSL_PARAM known_##name##_gettable_params[] = { \
+ {OSSL_DIGEST_PARAM_BLOCK_SIZE, OSSL_PARAM_INTEGER, \
+ NULL, sizeof(int), 0}, \
+ {OSSL_DIGEST_PARAM_SIZE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0}, \
+ {OSSL_DIGEST_PARAM_FLAGS, OSSL_PARAM_INTEGER, \
+ NULL, sizeof(unsigned long), 0}, \
+ OSSL_PARAM_END \
+}; \
+static const OSSL_PARAM *name##_gettable_params(void) \
+{ \
+ return known_##name##_gettable_params; \
+} \
static int name##_get_params(OSSL_PARAM params[]) \
{ \
OSSL_PARAM *p = NULL; \
@@ -77,7 +90,9 @@ const OSSL_DISPATCH name##_functions[] = { \
{ OSSL_FUNC_DIGEST_FINAL, (void (*)(void))name##_wrapfinal }, \
{ OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))name##_freectx }, \
{ OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))name##_dupctx }, \
- { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params },
+ { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))name##_get_params }, \
+ { OSSL_FUNC_DIGEST_GETTABLE_PARAMS, \
+ (void (*)(void))name##_gettable_params },
# define OSSL_FUNC_DIGEST_CONSTRUCT_END \
{ 0, NULL } \
@@ -99,9 +114,12 @@ OSSL_FUNC_DIGEST_CONSTRUCT_END
# define OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(name, CTX, \
blksize, dgstsize, flags, \
- init, upd, fin, setparams) \
+ init, upd, fin, \
+ setparamtypes, setparams) \
OSSL_FUNC_DIGEST_CONSTRUCT_START(name, CTX, blksize, dgstsize, flags, \
init, upd, fin) \
+ { OSSL_FUNC_DIGEST_SETTABLE_CTX_PARAMS, \
+ (void (*)(void))setparamtypes }, \
{ OSSL_FUNC_DIGEST_CTX_SET_PARAMS, (void (*)(void))setparams }, \
OSSL_FUNC_DIGEST_CONSTRUCT_END
diff --git a/providers/default/digests/md5_sha1_prov.c b/providers/default/digests/md5_sha1_prov.c
index 2ed36d03b3..de40993d93 100644
--- a/providers/default/digests/md5_sha1_prov.c
+++ b/providers/default/digests/md5_sha1_prov.c
@@ -17,10 +17,21 @@
#include "internal/md5_sha1.h"
#include "internal/provider_algs.h"
-static OSSL_OP_digest_ctx_set_params_fn md5_sha1_set_params;
+static OSSL_OP_digest_ctx_set_params_fn md5_sha1_ctx_set_params;
+static OSSL_OP_digest_settable_ctx_params_fn md5_sha1_settable_ctx_params;
+
+static const OSSL_PARAM known_md5_sha1_settable_ctx_params[] = {
+ {OSSL_DIGEST_PARAM_SSL3_MS, OSSL_PARAM_OCTET_STRING, NULL, 0, 0},
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *md5_sha1_settable_ctx_params(void)
+{
+ return known_md5_sha1_settable_ctx_params;
+}
/* Special set_params method for SSL3 */
-static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[])
+static int md5_sha1_ctx_set_params(void *vctx, const OSSL_PARAM params[])
{
const OSSL_PARAM *p;
MD5_SHA1_CTX *ctx = (MD5_SHA1_CTX *)vctx;
@@ -37,4 +48,5 @@ static int md5_sha1_set_params(void *vctx, const OSSL_PARAM params[])
OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(md5_sha1, MD5_SHA1_CTX,
MD5_SHA1_CBLOCK, MD5_SHA1_DIGEST_LENGTH, 0,
md5_sha1_init, md5_sha1_update, md5_sha1_final,
- md5_sha1_set_params)
+ md5_sha1_settable_ctx_params,
+ md5_sha1_ctx_set_params)
diff --git a/providers/legacy/digests/mdc2_prov.c b/providers/legacy/digests/mdc2_prov.c
index f77e3992b0..d779c967cd 100644
--- a/providers/legacy/digests/mdc2_prov.c
+++ b/providers/legacy/digests/mdc2_prov.c
@@ -15,9 +15,20 @@
#include "internal/core_mkdigest.h"
#include "internal/provider_algs.h"
-static OSSL_OP_digest_ctx_set_params_fn mdc2_set_params;
+static OSSL_OP_digest_ctx_set_params_fn mdc2_ctx_set_params;
+static OSSL_OP_digest_settable_ctx_params_fn mdc2_settable_ctx_params;
-static int mdc2_set_params(void *vctx, const OSSL_PARAM params[])
+static const OSSL_PARAM known_mdc2_settable_ctx_params[] = {
+ {OSSL_DIGEST_PARAM_PAD_TYPE, OSSL_PARAM_INTEGER, NULL, sizeof(int), 0},
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *mdc2_settable_ctx_params(void)
+{
+ return known_mdc2_settable_ctx_params;
+}
+
+static int mdc2_ctx_set_params(void *vctx, const OSSL_PARAM params[])
{
const OSSL_PARAM *p;
MDC2_CTX *ctx = (MDC2_CTX *)vctx;
@@ -34,4 +45,4 @@ static int mdc2_set_params(void *vctx, const OSSL_PARAM params[])
OSSL_FUNC_DIGEST_CONSTRUCT_PARAMS(mdc2, MDC2_CTX,
MDC2_BLOCK, MDC2_DIGEST_LENGTH, 0,
MDC2_Init, MDC2_Update, MDC2_Final,
- mdc2_set_params)
+ mdc2_settable_ctx_params, mdc2_ctx_set_params)
diff --git a/util/libcrypto.num b/util/libcrypto.num
index ac861fec6b..dfa27f96f7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4710,3 +4710,13 @@ OPENSSL_hexstr2buf_ex 4819 3_0_0 EXIST::FUNCTION:
OPENSSL_buf2hexstr_ex 4820 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_construct_from_text 4821 3_0_0 EXIST::FUNCTION:
OSSL_PARAM_allocate_from_text 4822 3_0_0 EXIST::FUNCTION:
+EVP_MD_gettable_params 4823 3_0_0 EXIST::FUNCTION:
+EVP_MD_CTX_settable_params 4824 3_0_0 EXIST::FUNCTION:
+EVP_MD_CTX_gettable_params 4825 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_get_params 4826 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_set_params 4827 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_get_params 4828 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_gettable_params 4829 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_settable_params 4830 3_0_0 EXIST::FUNCTION:
+EVP_CIPHER_CTX_gettable_params 4831 3_0_0 EXIST::FUNCTION:
+EVP_MD_get_params 4832 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list