Rename ctx_{get,set}_params to {get,set}_ctx_params

Recently, we added dispatched functions to get parameter descriptions,
and those for operation context parameters ended up being calle

Rename ctx_{get,set}_params to {get,set}_ctx_params

Recently, we added dispatched functions to get parameter descriptions,
and those for operation context parameters ended up being called
something_gettable_ctx_params and something_settable_ctx_params.

The corresponding dispatched functions to actually perform parameter
transfers were previously called something_ctx_get_params and
something_ctx_set_params, which doesn't quite match, so we rename them
to something_get_ctx_params and something_set_ctx_params.

An argument in favor of this name change is English, where you'd
rather say something like "set the context parameters".

This only change the libcrypto <-> provider interface.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9612)

show more ...

Add missing EVP param utility functions

These functions were missing for a completes API:

EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
and EVP_CIPH

Add missing EVP param utility functions

These functions were missing for a completes API:

EVP_MD_get_params(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(),
and EVP_CIPHER_CTX_get_params

Additionally, we also add all the corresponding parameter descriptor
returning functions, along the correspoding provider dispatches:

EVP_MD_gettable_params(), EVP_MD_CTX_settable_params(),
EVP_MD_CTX_gettable_params(), EVP_CIPHER_gettable_params(),
EVP_CIPHER_CTX_settable_params(), and EVP_CIPHER_CTX_gettable_params()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9576)

show more ...

Adapt diverse EVP_MD functions to use get_params and set_params interfaces

Also clean up EVP_MD_CTX_ctrl(), which did use these interfaces, but
development since allows for more elegant

Adapt diverse EVP_MD functions to use get_params and set_params interfaces

Also clean up EVP_MD_CTX_ctrl(), which did use these interfaces, but
development since allows for more elegant code.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9391)

show more ...

Add EVP_CIPHER_do_all_ex() and EVP_MD_do_all_ex()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

Add a mechnism to save the name of fetched methods

This will be useful for information display, as well as for code that
want to check the name of an algorithm. This can eventually repl

Add a mechnism to save the name of fetched methods

This will be useful for information display, as well as for code that
want to check the name of an algorithm. This can eventually replace
all NID checks.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

show more ...

ossl_provider_upref to ossl_provider_up_ref

Common pattern is that the routines to increment the reference count
are called something_up_ref, not something_upref. Adapt
ossl_provide

ossl_provider_upref to ossl_provider_up_ref

Common pattern is that the routines to increment the reference count
are called something_up_ref, not something_upref. Adapt
ossl_provider_upref() accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9293)

show more ...

Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref

All the other upref functions are spelled as "up_ref". These new functions
should be consistent.

Reviewed

Rename EVP_MD_upref/EVP_CIPHER_upref to EVP_MD_up_ref/EVP_CIPHER_up_ref

All the other upref functions are spelled as "up_ref". These new functions
should be consistent.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9233)

show more ...

Change OSSL_PARAM return size to not be a pointer.

Instead of referencing the return size from the OSSL_PARAM structure, make the
size a field within the structure.

Reviewed-by:

Change OSSL_PARAM return size to not be a pointer.

Instead of referencing the return size from the OSSL_PARAM structure, make the
size a field within the structure.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9135)

show more ...

Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).

This is still required currently by engines and digestsign/digestverify.
This PR contains merged in code from Richard Levitte's P

Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3).

This is still required currently by engines and digestsign/digestverify.
This PR contains merged in code from Richard Levitte's PR #9126.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9103)

show more ...

EVP_DigestInit_ex(): drop previous context engine earlier

If a EVP_MD_CTX holds a reference to a previously given engine, and
the type of its digest isn't the same as the one given in th

EVP_DigestInit_ex(): drop previous context engine earlier

If a EVP_MD_CTX holds a reference to a previously given engine, and
the type of its digest isn't the same as the one given in the new
call, drop that engine reference, allowing providers or other engines
to provide the new algorithm on an equal basis.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9077)

show more ...

Move digests to providers

Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers aft

Move digests to providers

Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)

show more ...

Make some EVP code available from within the FIPS module

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)

EVP_FETCH: remove the need to transport the legacy NID through construction

Now that the legacy NID isn't used as a main index for fetched
algorithms, the legacy NID was just transported

EVP_FETCH: remove the need to transport the legacy NID through construction

Now that the legacy NID isn't used as a main index for fetched
algorithms, the legacy NID was just transported around unnecessarily.
This is removed, and the legacy NID is simply set by EVP_{API}_fetch()
after the construction process is done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

show more ...

Replumbing: give the possibility for the provider to create a context

OSSL_provider_init() gets another output parameter, holding a pointer
to a provider side context. It's entirely up

Replumbing: give the possibility for the provider to create a context

OSSL_provider_init() gets another output parameter, holding a pointer
to a provider side context. It's entirely up to the provider to
define the context and what it's being used for. This pointer is
passed back to other provider functions, typically the provider global
get_params and set_params functions, and also the diverse algorithm
context creators, and of course, the teardown function.

With this, a provider can be instantiated more than once, or be
re-loaded as the case may be, while maintaining instance state.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8848)

show more ...

Make EVP_Encrypt*/EVP_Decrypt* and EVP_Cipher* provider aware

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)

Providers: for the digest_final operation, pass a output buffer size

This allows the provider digest_final operation to check that it
doesn't over-run the output buffer.

The EVP

Providers: for the digest_final operation, pass a output buffer size

This allows the provider digest_final operation to check that it
doesn't over-run the output buffer.

The EVP_DigestFinal_ex function doesn't take that same parameter, so
it will have to assume that the user provided a properly sized buffer,
but this leaves better room for future enhancements of the public API.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8747)

show more ...

Add a legacy provider and put MD2 in it

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)

Use the right NID when putting a method in the store

When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that pr

Use the right NID when putting a method in the store

When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that process
we may be told about other methods with a different NID. We need to
make sure we don't confuse the two.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)

show more ...

Support EVP_MD_block_size() with providers

Fixes #8565

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8604)

Ensure EVP_MD_CTX_md returns the EVP_MD originally used

Fixes #8613

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8614)

Tolerate 0 byte input length for Update functions

We treat that as automatic success. Other EVP_*Update functions already do
this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_Enc

Tolerate 0 byte input length for Update functions

We treat that as automatic success. Other EVP_*Update functions already do
this (e.g. EVP_EncryptUpdate, EVP_DecryptUpdate etc). EVP_EncodeUpdate is
a bit of an anomoly. That treats 0 byte input length as an error.

Fixes #8576

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8587)

show more ...

Implement SHA256 in the default provider

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

Make EVP_Digest* functions provider aware

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

Implement EVP_MD_fetch()

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8513)

Following the license change, modify the boilerplates in crypto/evp/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Following the license change, modify the boilerplates in crypto/evp/

[skip ci]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7794)

show more ...