fetching-composite-algorithms.md - OpenGrok cross reference for /freebsd/crypto/openssl/doc/designs/fetching-composite-algorithms.md

Lines Matching +full:composite +full:- +full:in
1 Fetching composite algorithms and using them - adding the bits still missing
5 ----------------
7 We currently support - at least in the public libcrypto API - explicitly
8 fetching composite algorithms (such as AES-128-CBC or HMAC-SHA256), and
9 using them in most cases.  In some cases (symmetric ciphers), our providers
16 [Background / tl;dr](#background-tldr) at the end of this design.
18 Public API - Add variants of `EVP_PKEY_CTX` initializers
19 --------------------------------------------------------
23 - SIGNATURE
24 - ASYM_CIPHER
25 - KEYEXCH
46 Detailed proposal for these APIs will be or are prepared in other design
49 - [Functions for explicitly fetched signature algorithms]
50 - [Functions for explicitly fetched asym-cipher algorithms] (not yet designed)
51 - [Functions for explicitly fetched keyexch algorithms] (not yet designed)
53 -----
55 -----
58 ------------------
60 ### What is a composite algorithm?
62 A composite algorithm is an algorithm that's composed of more than one other
63 algorithm.  In OpenSSL parlance with a focus on signatures, they have been
67 -   AES-128-CBC
68 -   hmacWithSHA256
69 -   sha256WithRSAEncryption
78 application or libcrypto happens to know it, or the OID itself in canonical
83 As a matter of fact, we already have built-in support for fetching
84 composite algorithms, although our providers do not fully participate in
89 algorithm in the `OSSL_ALGORITHM` array, each pointing to different
90 `OSSL_DISPATCH` tables, which would in turn refer to pretty much the same
95 Another example, which we could implement in our providers today, would be
101     { "HMAC-SHA1:hmacWithSHA1:1.2.840.113549.2.7",
103     { "HMAC-SHA224:hmacWithSHA224:1.2.840.113549.2.8",
105     { "HMAC-SHA256:hmacWithSHA256:1.2.840.113549.2.9",
107     { "HMAC-SHA384:hmacWithSHA384:1.2.840.113549.2.10",
109     { "HMAC-SHA512:hmacWithSHA512:1.2.840.113549.2.11",
118 provider to declare composite algorithms through the `OSSL_ALGORITHM` array,
124 This is hurtful in multiple ways:
126 -   It fails the provider authors in terms being able to consistently
128 -   It fails the applications in terms of being able to fetch algorithms and
130 -   It fails discoverability, for example through the `openssl list`
133 <!-- links -->
135     functions-for-explicitly-fetched-signature-algorithms.md