diff options
| author | Rich Salz <rsalz@akamai.com> | 2021-02-16 23:51:56 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2021-04-18 10:03:07 +0200 |
| commit | f6c95e46c03025b2694241e1ad785d8bd3ac083b (patch) | |
| tree | 5dcfc46ad06713bc6b581f6bed3ce3e26b0c5970 /doc | |
| parent | Standard style for all EVP_xxx_free routines (diff) | |
| download | openssl-f6c95e46c03025b2694241e1ad785d8bd3ac083b.tar.xz openssl-f6c95e46c03025b2694241e1ad785d8bd3ac083b.zip | |
Add "origin" field to EVP_CIPHER, EVP_MD
Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch,
or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all
three origins. The flag is deliberately right before some function pointers,
so that compile-time failures (int/pointer) will occur, as opposed to
taking a bit in the existing "flags" field. The "global variable" flag
is non-zero, so the default case of using OPENSSL_zalloc (for provider
ciphers), will do the right thing. Ref-counting is a no-op for
Make up_ref no-op for global MD and CIPHER objects
Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as
the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate
EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add
EVP_CIPHER_CTX_get1_CIPHER().
Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common
evp_md_free_int() function.
Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common
evp_cipher_free_int() function.
Also change some flags tests to explicit test == or != zero. E.g.,
if (flags & x) --> if ((flags & x) != 0)
if (!(flags & x)) --> if ((flags & x) == 0)
Only done for those lines where "get0_cipher" calls were made.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14193)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man3/EVP_DigestInit.pod | 19 | ||||
| -rw-r--r-- | doc/man3/EVP_EncryptInit.pod | 19 |
2 files changed, 31 insertions, 7 deletions
diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index d01414e5e6..a405c2be59 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -16,7 +16,8 @@ EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number, EVP_MD_names_do_all, EVP_MD_provider, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, EVP_MD_CTX_name, -EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, +EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, +EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, @@ -78,7 +79,8 @@ EVP_MD_do_all_provided int EVP_MD_block_size(const EVP_MD *md); unsigned long EVP_MD_flags(const EVP_MD *md); - const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); + const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); + EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx); int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); @@ -102,6 +104,8 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, see L<openssl_user_macros(7)>: + const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); + int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx, const void *data, size_t count); @@ -351,14 +355,17 @@ Return the digest method private data for the passed B<EVP_MD_CTX>. The space is allocated by OpenSSL and has the size originally set with EVP_MD_meth_set_app_datasize(). -=item EVP_MD_CTX_md() +=item EVP_MD_CTX_get0_md(), EVP_MD_CTX_get1_md() -Returns the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This +EVP_MD_CTX_get0_md() returns +the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>. This will be the same B<EVP_MD> object originally passed to EVP_DigestInit_ex2() (or other similar function) when the EVP_MD_CTX was first initialised. Note that where explicit fetch is in use (see L<EVP_MD_fetch(3)>) the value returned from this function will not have its reference count incremented and therefore it should not be used after the EVP_MD_CTX is freed. +EVP_MD_CTX_get1_md() is the same except the ownership is passed to the +caller and is from the passed B<EVP_MD_CTX>. =item EVP_MD_CTX_set_update_fn() @@ -697,7 +704,9 @@ EVP_MD_gettable_params(), EVP_MD_gettable_ctx_params(), EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() and EVP_MD_CTX_gettable_params() functions were added in OpenSSL 3.0. -The EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated +The EVP_MD_CTX_md() function was deprecated in OpenSSL 3.0; use +EVP_MD_CTX_get0_md() instead. +EVP_MD_CTX_update_fn() and EVP_MD_CTX_set_update_fn() were deprecated in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index b07c102e04..b4a00cf76c 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -48,6 +48,8 @@ EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_get0_cipher, +EVP_CIPHER_CTX_get1_cipher, EVP_CIPHER_CTX_name, EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_get_params, @@ -153,7 +155,8 @@ EVP_CIPHER_do_all_provided unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); int EVP_CIPHER_type(const EVP_CIPHER *cipher); - const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); + const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); + EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); @@ -181,6 +184,12 @@ EVP_CIPHER_do_all_provided void (*fn)(EVP_CIPHER *cipher, void *arg), void *arg); +Deprecated since OpenSSL 3.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + + const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); + =head1 DESCRIPTION The EVP cipher routines are a high-level interface to certain @@ -417,8 +426,10 @@ cipher implementation. EVP_CIPHER_provider() returns an B<OSSL_PROVIDER> pointer to the provider that implements the given B<EVP_CIPHER>. -EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed +EVP_CIPHER_CTX_get0_cipher() returns the B<EVP_CIPHER> structure when passed an B<EVP_CIPHER_CTX> structure. +EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to +the caller. EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, @@ -938,8 +949,12 @@ EVP_CIPHER_CTX_reset() appeared and EVP_CIPHER_CTX_cleanup() disappeared. EVP_CIPHER_CTX_init() remains as an alias for EVP_CIPHER_CTX_reset(). +The EVP_CIPHER_CTX_cipher() function was deprecated in OpenSSL 3.0; use +EVP_CIPHER_CTX_get0_cipher() instead. + The EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), EVP_CipherInit_ex2(), EVP_CIPHER_fetch(), EVP_CIPHER_free(), EVP_CIPHER_up_ref(), +EVP_CIPHER_CTX_get0_cipher(), EVP_CIPHER_CTX_get1_cipher(), EVP_CIPHER_get_params(), EVP_CIPHER_CTX_set_params(), EVP_CIPHER_CTX_get_params(), EVP_CIPHER_gettable_params(), EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(), |