Skip to content

Commit 42738cd

Browse files
mattcaswellmattcaswell
committed
Add documentation for EVP_CIPHER_fetch
We extend the EVP_MD_fetch documentation to be more generic and to also cover EVP_CIPHER_fetch. We expect this to be further expanded with other "fetch" functions in the future. Reviewed-by: Shane Lontis <[email protected]> (Merged from openssl#9233)
1 parent 262c008 commit 42738cd

File tree

2 files changed

+94
-35
lines changed

2 files changed

+94
-35
lines changed

doc/man3/EVP_MD_fetch.pod

Lines changed: 94 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
=head1 NAME
44

5-
EVP_MD_fetch
5+
EVP_MD_fetch, EVP_CIPHER_fetch
66
- Functions to explicitly fetch algorithm implementations
77

88
=head1 SYNOPSIS
@@ -11,60 +11,106 @@ EVP_MD_fetch
1111

1212
EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm,
1313
const char *properties);
14+
EVP_CIPHER *EVP_CIPHER_fetch(OPENSSL_CTX *ctx, const char *algorithm,
15+
const char *properties);
1416

1517
=head1 DESCRIPTION
1618

17-
The B<EVP_MD> object is used for representing a digest method implementation.
19+
Cryptographic algorithms are represented by different OpenSSL objects depending
20+
on what type of algorithm it is. The following cryptographic algorithm types are
21+
supported.
1822

19-
Having obtained a digest implementation as an B<EVP_MD> type it can be used to
20-
calculate the digest of input data using functions such as
21-
L<EVP_DigestInit_ex(3)>, L<EVP_DigestUpdate(3)> and L<EVP_DigestFinal_ex(3)>.
23+
=over 4
24+
25+
=item B<EVP_MD>
26+
27+
Represents a digest algorithm.
28+
29+
=item B<EVP_CIPHER>
30+
31+
Represents a symmetric cipher algorithm.
32+
33+
=item B<EVP_MAC>
34+
35+
Represents a Message Authentication Code algorithm.
36+
37+
=item B<EVP_KDF>
38+
39+
Represents a Key Derivation Function algorithm.
40+
41+
=back
2242

23-
Digest implementations may be obtained in one of three ways, i.e. implicit
24-
fetch, explicit fetch or user defined.
43+
The algorithm objects may or may not have an associated algorithm
44+
implementation.
45+
Cryptographic algorithms are implemented by providers.
46+
Any algorithm may be supported by zero or more providers.
47+
In order to use an algorithm an implementation must first be obtained.
48+
This can happen in one of three ways, i.e. implicit fetch, explicit fetch or
49+
user defined.
2550

2651
=over 4
2752

2853
=item Implicit Fetch
2954

3055
With implicit fetch an application can use functions such as L<EVP_sha256(3)>,
31-
L<EVP_sha512(3)> or L<EVP_blake2b512(3)> to obtain an B<EVP_MD> object. When
32-
used in a function like L<EVP_DigestInit_ex(3)> the actual implementation to
33-
be used will be fetched implicitly using default search criteria. Typically,
34-
(unless the default search criteria have been changed and/or different providers
35-
have been loaded), this will return an implementation of the appropriate
36-
algorithm from the default provider.
56+
L<EVP_blake2b512(3)> or L<EVP_aes_128_cbc(3)> to obtain an algorithm object with
57+
no associated implementation.
58+
When used in a function like L<EVP_DigestInit_ex(3)> or L<EVP_CipherInit_ex(3)>
59+
the actual implementation to be used will be fetched implicitly using default
60+
search criteria.
61+
Typically, this will return an implementation of the appropriate algorithm from
62+
the default provider unless the default search criteria have been changed and/or
63+
different providers have been loaded.
3764

3865
=item Explicit Fetch
3966

40-
With explicit fetch an application uses the EVP_MD_fetch() function to obtain
41-
an algorithm implementation. An implementation with the given name and
42-
satisfying the search criteria specified in the B<properties> parameter
43-
combined with the default search criteria will be looked for within the
44-
available providers and returned.
67+
With explicit fetch an application uses one of the "fetch" functions to obtain
68+
an algorithm object with an associated implementation.
69+
An implementation with the given name that satisfies the search criteria
70+
specified in the B<properties> parameter combined with the default search
71+
criteria will be looked for within the available providers and returned.
4572
See L<EVP_set_default_properties(3)> for information on default search criteria
4673
and L<OSSL_PROVIDER(3)> for information about providers.
4774

4875
=item User defined
4976

50-
Using the user defined approach an application constructs its own EVP_MD object.
51-
See L<EVP_MD_meth_new(3)> for details.
77+
Using the user defined approach an application constructs its own algorithm
78+
object.
79+
See L<EVP_MD_meth_new(3)> and L<EVP_CIPHER_meth_new(3)> for details.
5280

5381
=back
5482

55-
The EVP_MD_fetch() function will look for an algorithm within the providers that
56-
have been loaded into the B<OPENSSL_CTX> given in the B<ctx> parameter. This
57-
parameter may be NULL in which case the default B<OPENSSL_CTX> will be used. See
58-
L<OPENSSL_CTX_new(3)> and L<OSSL_PROVIDER_load(3)> for further details.
83+
Having obtained an algorithm implementation as an algorithm object it can then
84+
be used to perform cryptographic operations.
85+
For example to calculate the digest of input data with an B<EVP_MD> algorithm
86+
object you can use functions such as L<EVP_DigestInit_ex(3)>,
87+
L<EVP_DigestUpdate(3)> and L<EVP_DigestFinal_ex(3)>.
88+
89+
The fetch functions will look for an algorithm within the providers that
90+
have been loaded into the B<OPENSSL_CTX> given in the B<ctx> parameter.
91+
This parameter may be NULL in which case the default B<OPENSSL_CTX> will be
92+
used.
93+
See L<OPENSSL_CTX_new(3)> and L<OSSL_PROVIDER_load(3)> for further details.
5994

6095
The B<algorithm> parameter gives the name of the algorithm to be looked up.
61-
Different algorithms can be made available by loading different providers. The
62-
built-in default provider algorithm implementation names are: SHA1, SHA224,
63-
SHA256, SHA384, SHA512, SHA512-224, SHA512-256,SHA3-224, SHA3-256, SHA3-384,
64-
SHA3-512, SHAKE128, SHAKE256, SM3, BLAKE2b512, BLAKE2s256 and MD5-SHA1.
96+
Different algorithms can be made available by loading different providers.
97+
98+
The built-in default provider digest algorithm implementation names are: SHA1,
99+
SHA224, SHA256, SHA384, SHA512, SHA512-224, SHA512-256, SHA3-224, SHA3-256,
100+
SHA3-384, SHA3-512, SHAKE128, SHAKE256, SM3, BLAKE2b512, BLAKE2s256 and
101+
MD5-SHA1.
102+
103+
The built-in default provider cipher algorithm implementation names are:
104+
AES-256-ECB, AES-192-ECB, AES-128-ECB, AES-256-CBC, AES-192-CBC, AES-128-CBC,
105+
AES-256-OFB, AES-192-OFB, AES-128-OFB, AES-256-CFB, AES-192-CFB, AES-128-CFB,
106+
AES-256-CFB1, AES-192-CFB1, AES-128-CFB1, AES-256-CFB8, AES-192-CFB8,
107+
AES-128-CFB8, AES-256-CTR, AES-192-CTR, AES-128-CTR, id-aes256-GCM,
108+
id-aes192-GCM and id-aes128-GCM.
65109

66110
Additional algorithm implementations may be obtained by loading the "legacy"
67-
provider. The names of these algorithms are: RIPEMD160, MD2, MD4, MD5, MDC2 and
111+
provider.
112+
113+
The legacy provider digest algorithms are: RIPEMD160, MD2, MD4, MD5, MDC2 and
68114
whirlpool.
69115

70116
The B<properties> parameter specifies the search criteria that will be used to
@@ -82,8 +128,13 @@ NULL in which case any implementation from the available providers with the
82128
given algorithm name will be returned.
83129

84130
The return value from a call to EVP_MD_fetch() must be freed by the caller using
85-
L<EVP_MD_meth_free(3)>. Note that EVP_MD objects are reference counted. See
86-
L<EVP_MD_upref(3)>.
131+
L<EVP_MD_meth_free(3)>.
132+
Note that EVP_MD objects are reference counted. See L<EVP_MD_up_ref(3)>.
133+
134+
The return value from a call to EVP_CIPHER_fetch() must be freed by the caller
135+
using L<EVP_CIPHER_meth_free(3)>.
136+
Note that EVP_CIPHER objects are reference counted.
137+
See L<EVP_CIPHER_up_ref(3)>.
87138

88139
=head1 NOTES
89140

@@ -107,6 +158,14 @@ an EVP_MD object, or NULL on error.
107158
Fetch any available implementation of SHA256 in the default context:
108159

109160
EVP_MD *md = EVP_MD_fetch(NULL, "SHA256", NULL);
161+
...
162+
EVP_MD_meth_free(md);
163+
164+
Fetch any available implementation of AES-128-CBC in the default context:
165+
166+
EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
167+
...
168+
EVP_CIPHER_meth_free(cipher);
110169

111170
Fetch an implementation of SHA256 from the default provider in the default
112171
context:
@@ -157,9 +216,10 @@ other providers:
157216

158217
=head1 SEE ALSO
159218

160-
L<EVP_DigestInit(3)>, L<EVP_MD_meth_new(3)>, L<EVP_MD_meth_free(3)>,
161-
L<EVP_MD_upref(3)>, L<OSSL_PROVIDER_load(3)>, L<OPENSSL_CTX(3)>,
162-
L<EVP_set_default_properties(3)>
219+
L<EVP_DigestInit_ex(3)>, L<EVP_EncryptInit_ex(3)>, L<EVP_MD_meth_new(3)>,
220+
L<EVP_MD_meth_free(3)>, L<EVP_CIPHER_meth_new(3)>, L<EVP_CIPHER_meth_free(3)>,
221+
L<EVP_MD_up_ref(3)>, L<EVP_CIPHER_up_ref(3)>, L<OSSL_PROVIDER_load(3)>,
222+
L<OPENSSL_CTX(3)>, L<EVP_set_default_properties(3)>
163223

164224
=head1 HISTORY
165225

util/missingcrypto.txt

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -496,7 +496,6 @@ EVP_CIPHER_CTX_set_num
496496
EVP_CIPHER_CTX_test_flags
497497
EVP_CIPHER_do_all
498498
EVP_CIPHER_do_all_sorted
499-
EVP_CIPHER_fetch
500499
EVP_CIPHER_get_asn1_iv
501500
EVP_CIPHER_impl_ctx_size
502501
EVP_CIPHER_set_asn1_iv

0 commit comments

Comments
 (0)