OSSL_PARAMs

Richard Levitte levitte at openssl.org
Tue Jun 4 13:26:30 UTC 2019


On Tue, 04 Jun 2019 14:57:00 +0200,
Salz, Rich wrote:
> 
> 
> >    Part of the idea was that this would be a means of communication
>     between application and provider, just like controls are with
>     libcrypto sub-systems.
>   
> 
> I can probably find the email thread (or maybe it was a GitHub
> comment on my proposal for params), where you said, quite
> definitively, that this was *not* a general-purpose mechanism but
> rather a way to expose the necessary internals for opaque objects
> like RSA keys.

Either I misunderstood what you said at the time, or you misunderstood
what I said...  there's definitely a disconnect here somewhere.

What I wonder is why it should be exclusively only one of those
options?

Either way, the OSSL_PARAM is defined publically and openly (i.e.
non-opaque), and we currently have the following functions in the
public API:

    EVP_MD_CTX_set_params
    EVP_MD_CTX_get_params
    OSSL_PROVIDER_get_params

I fully expect that more will come.  I have a branch where I've
EVP_MAC_CTX_set_params, for example, and I wouldn't be surprised if
EVP_CIPHER_CTX_set_params and EVP_CIPHER_CTX_get_params appear before
long (I'm actually rather surprised they haven't already), and I'm
absolutely sure we will see similar functions for asymmetric
algorithms.

> What changed your mind?
> 
> Perhaps not surprisingly, I agree with Shane's assessment and am
> strongly opposed to the project foisting this on everyone at this
> time.  @DavidBen, your thoughts?

Maybe we're reading differently, I didn't see Shane being opposed to
parameter passing in this way per se, just the exact form of the
OSSL_PARAM structure, which is different.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/


More information about the openssl-project mailing list