From: Matt Caswell Date: Wed, 24 Jul 2019 14:24:01 +0000 (+0100) Subject: Document the provider DIGEST operation X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8ccf2ffbd6a98d3750b715787c80d5d2b76d054b;p=openssl Document the provider DIGEST operation Extends the existing provider documentation with information about the DIGEST operation. This is primarily for provider authors. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9453) --- diff --git a/doc/man7/provider-digest.pod b/doc/man7/provider-digest.pod new file mode 100644 index 0000000000..f6c3286528 --- /dev/null +++ b/doc/man7/provider-digest.pod @@ -0,0 +1,214 @@ +=pod + +=head1 NAME + +provider-digest - The digest library E-E provider functions + +=head1 SYNOPSIS + +=for comment multiple includes + + #include + #include + + /* + * None of these are actual functions, but are displayed like this for + * the function signatures for functions that are offered as function + * pointers in OSSL_DISPATCH arrays. + */ + + /* Context management */ + void *OP_digest_newctx(void *provctx); + void OP_digest_freectx(void *dctx); + void *OP_digest_dupctx(void *dctx); + + /* Digest generation */ + int OP_digest_init(void *dctx); + int OP_digest_update(void *dctx, const unsigned char *in, size_t inl); + int OP_digest_final(void *dctx, unsigned char *out, size_t *outl, + size_t outsz); + int OP_digest_digest(void *provctx, const unsigned char *in, size_t inl, + unsigned char *out, size_t *outl, size_t outsz); + + /* Digest parameters */ + size_t OP_digest_size(void); + size_t OP_digest_block_size(void); + int OP_digest_set_params(void *dctx, const OSSL_PARAM params[]); + int OP_digest_get_params(void *dctx, OSSL_PARAM params[]); + +=head1 DESCRIPTION + +This documentation is primarily aimed at provider authors. See L +for further information. + +The DIGEST operation enables providers to implement digest algorithms and make +them available to applications via the API functions L, +L and L (and other related functions). + +All "functions" mentioned here are passed as function pointers between +F and the provider in B arrays via +B arrays that are returned by the provider's +provider_query_operation() function +(see L). + +All these "functions" have a corresponding function type definition +named B, and a helper function to retrieve the +function pointer from an B element named +B. +For example, the "function" OP_digest_newctx() has these: + + typedef void *(OSSL_OP_digest_newctx_fn)(void *provctx); + static ossl_inline OSSL_OP_digest_newctx_fn + OSSL_get_OP_digest_newctx(const OSSL_DISPATCH *opf); + +B arrays are indexed by numbers that are provided as +macros in L, as follows: + + OP_digest_newctx OSSL_FUNC_DIGEST_NEWCTX + OP_digest_freectx OSSL_FUNC_DIGEST_FREECTX + OP_digest_dupctx OSSL_FUNC_DIGEST_DUPCTX + + OP_digest_init OSSL_FUNC_DIGEST_INIT + OP_digest_update OSSL_FUNC_DIGEST_UPDATE + OP_digest_final OSSL_FUNC_DIGEST_FINAL + OP_digest_digest OSSL_FUNC_DIGEST_DIGEST + + OP_digest_size OSSL_FUNC_DIGEST_SIZE + OP_digest_block_size OSSL_FUNC_DIGEST_BLOCK_SIZE + OP_digest_set_params OSSL_FUNC_DIGEST_SET_PARAMS + OP_digest_get_params OSSL_FUNC_DIGEST_GET_PARAMS + +A digest algorithm implementation may not implement all of these functions. +In order to be useable all or none of OP_digest_newctx, OP_digest_freectx, +OP_digest_init, OP_digest_update and OP_digest_final should be implemented. +All other functions are optional. + +=head2 Context Management Functions + +OP_digest_newctx() should create and return a pointer to a provider side +structure for holding context information during a digest operation. +A pointer to this context will be passed back in a number of the other digest +operation function calls. +The paramater B is the provider context generated during provider +initialisation (see L). + +OP_digest_freectx() is passed a pointer to the provider side digest context in +the B parameter. +This function should free any resources associated with that context. + +OP_digest_dupctx() should duplicate the provider side digest context in the +B parameter and return the duplicate copy. + +=head2 Digest Generation Functions + +OP_digest_init() initialises a digest operation given a newly created +provider side digest context in the B paramter. + +OP_digest_update() is called to supply data to be digested as part of a +previously initialised digest operation. +The B parameter contains a pointer to a previously initialised provider +side context. +OP_digest_update() should digest B bytes of data at the location pointed to +by B. +OP_digest_update() may be called multiple times for a single digest operation. + +OP_digest_final() generates a digest started through previous OP_digest_init() +and OP_digest_update() calls. +The B parameter contains a pointer to the provider side context. +The digest should be written to B<*out> and the length of the digest to +B<*outl>. +The digest should not exceed B bytes. + +OP_digest_digest() is a "oneshot" digest function. +No provider side digest context is used. +Instead the provider context that was created during provider initialisation is +passed in the B parameter (see L). +B bytes at B should be digested and the result should be stored at +B. The length of the digest should be stored in B<*outl> which should not +exceed B bytes. + +=head2 Digest Parameters + +OP_digest_size() should return the size of the digest. + +OP_digest_block_size() should return the size of the block size of the +underlying digest algorithm. + +OP_digest_set_params() set digest parameters associated with the given provider +side digest context B to B. +Any parameter settings are additional to any that were previously set. +See L for further details on the parameters structure. + +OP_digest_get_params() gets details of currently set parameters values associated +with the give provider side digest context B and stores them in B. +See L for further details on the parameters structure. + +Parameters currently recognised by built-in digests are as follows. Not all +parametes are relevant to, or are understood by all digests: + +=over 4 + +=item B (size_t) + +Sets the digest length for extendable output functions. + +=item B (octet string) + +This parameter is set by libssl in order to calculate a signature hash for an +SSLv3 CertificateVerify message as per RFC6101. +It is only set after all handshake messages have already been digested via +OP_digest_update() calls. +The parameter provides the master secret value to be added to the digest. +The digest implementation should calculate the complete digest as per RFC6101 +section 5.6.8. +The next call after setting this parameter will be OP_digest_final(). +This is only relevant for implementations of SHA1 or MD5_SHA1. + +=item B (int) + +Sets the pad type to be used. +The only built-in digest that uses this is MDC2. +Normally the final MDC2 block is padded with 0s. +If the pad type is set to 2 then the final block is padded with 0x80 followed by +0s. + +=item B (utf8 string) + +Gets the digest Message Integrity Check algorithm string. +This is used when creating S/MIME multipart/signed messages, as specified in +RFC 5751. + +=back + +=head1 RETURN VALUES + +OP_digest_newctx() and OP_digest_dupctx() should return the newly created +provider side digest context, or NULL on failure. + +OP_digest_init(), OP_digest_update(), OP_digest_final(), OP_digest_digest(), +OP_digest_set_params() and OP_digest_get_params() should return 1 for success or +0 on error. + +OP_digest_size() should return the digest size. + +OP_digest_block_size() should return the block size of the underlying digest +algorithm. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The provider DIGEST interface was introduced in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index ed3deaae7b..40f1ad6327 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -69,7 +69,7 @@ For example, the "function" OP_keymgmt_importdomparams() has these: typedef void * (OSSL_OP_keymgmt_importdomparams_fn)(void *provctx, const OSSL_PARAM params[]); - static ossl_inline OSSL_NAME_keymgmt_importdomparams_fn + static ossl_inline OSSL_OP_keymgmt_importdomparams_fn OSSL_get_OP_keymgmt_importdomparams(const OSSL_DISPATCH *opf); B arrays are indexed by numbers that are provided as diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h index 7bd02263c4..3428ab59d9 100644 --- a/include/openssl/core_numbers.h +++ b/include/openssl/core_numbers.h @@ -157,19 +157,17 @@ OSSL_CORE_MAKE_FUNC(int, OP_digest_final, unsigned char *out, size_t *outl, size_t outsz)) OSSL_CORE_MAKE_FUNC(int, OP_digest_digest, (void *provctx, const unsigned char *in, size_t inl, - unsigned char *out, size_t *out_l, size_t outsz)) + unsigned char *out, size_t *outl, size_t outsz)) -OSSL_CORE_MAKE_FUNC(void, OP_digest_cleanctx, (void *dctx)) OSSL_CORE_MAKE_FUNC(void, OP_digest_freectx, (void *dctx)) OSSL_CORE_MAKE_FUNC(void *, OP_digest_dupctx, (void *dctx)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_size, (void)) OSSL_CORE_MAKE_FUNC(size_t, OP_digest_block_size, (void)) OSSL_CORE_MAKE_FUNC(int, OP_digest_set_params, - (void *vctx, const OSSL_PARAM params[])) + (void *dctx, const OSSL_PARAM params[])) OSSL_CORE_MAKE_FUNC(int, OP_digest_get_params, - (void *vctx, OSSL_PARAM params[])) -OSSL_CORE_MAKE_FUNC(unsigned long, OP_cipher_get_flags, (void)) + (void *dctx, OSSL_PARAM params[])) /* Symmetric Ciphers */