Lines Matching +full:function +full:- +full:group

1 .\" -*- mode: troff; coding: utf-8 -*-
57 .IX Title "PROVIDER-BASE 7ossl"
58 .TH PROVIDER-BASE 7ossl 2025-09-30 3.5.4 OpenSSL
64 provider\-base
65 \&\- The basic OpenSSL library <\-> provider functions
73 \&  * the function signatures for functions that are offered as function
187 All "functions" mentioned here are passed as function pointers between
189 of the provider initialization function.  See "Provider" in \fBprovider\fR\|(7)
190 for a description of the initialization function. They are known as "upcalls".
192 All these "functions" have a corresponding function type definition
193 named \fBOSSL_FUNC_{name}_fn\fR, and a helper function to retrieve the
194 function pointer from a \fBOSSL_DISPATCH\fR\|(3) element named
196 For example, the "function" \fBcore_gettable_params()\fR has these:
206 macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows:
288 The \fBcore_thread_start()\fR function informs the core that the provider has stated
299 This function is useful only for built-in providers such as the default
301 built-in as the OSSL_LIB_CTX of the library loading the provider might be
313 This corresponds to the OpenSSL function \fBERR_new\fR\|(3).
319 line \fIline\fR and the function name \fIfunc\fR where the error occurred.
321 This corresponds to the OpenSSL function \fBERR_set_debug\fR\|(3).
334 This corresponds to the OpenSSL function \fBERR_vset_error\fR\|(3).
339 This corresponds to the OpenSSL function \fBERR_set_mark\fR\|(3).
344 This corresponds to the OpenSSL function \fBERR_clear_last_mark\fR\|(3).
350 This corresponds to the OpenSSL function \fBERR_pop_to_mark\fR\|(3).
357 This corresponds to the OpenSSL function \fBERR_count_to_mark\fR\|(3).
359 The \fBcore_obj_create()\fR function registers a new OID and associated short name
361 function \fBOBJ_create\fR\|(3) except that it returns 1 on success or 0 on failure.
367 The \fBcore_obj_add_sigid()\fR function registers a new composite signature algorithm
373 function \fBOBJ_add_sigid\fR\|(3), except that the objects are identified by name
379 to operate correctly. The function returns 1 on success or 0 on failure.
461 this provider's teardown function is called.
499 \&\fBprovider_query_operation()\fR is no longer directly required and that the function
507 The \fBprovider_get_capabilities()\fR function should call the callback \fIcb\fR passing
516 The \fBprovider_self_test()\fR function should perform known answer tests on a subset
519 if this function is not used.
534 OpenSSL in-built providers use OPENSSL_VERSION_STR, but this may be different
539 OpenSSL in-built providers use OPENSSL_FULL_VERSION_STR, but this may be
550 .IP """openssl-version"" (\fBOSSL_PROV_PARAM_CORE_VERSION\fR) <UTF8 string ptr>" 4
551 .IX Item """openssl-version"" (OSSL_PROV_PARAM_CORE_VERSION) <UTF8 string ptr>"
554 .IP """provider-name"" (\fBOSSL_PROV_PARAM_CORE_PROV_NAME\fR) <UTF8 string ptr>" 4
555 .IX Item """provider-name"" (OSSL_PROV_PARAM_CORE_PROV_NAME) <UTF8 string ptr>"
557 .IP """module-filename"" (\fBOSSL_PROV_PARAM_CORE_MODULE_FILENAME\fR) <UTF8 string ptr>" 4
558 .IX Item """module-filename"" (OSSL_PROV_PARAM_CORE_MODULE_FILENAME) <UTF8 string ptr>"
610 \fI"TLS-GROUP" Capability\fR
611 .IX Subsection """TLS-GROUP"" Capability"
613 The "TLS-GROUP" capability can be queried by libssl to discover the list of
614 TLS groups that a provider can support. Each group supported can be used for
618 supported_groups extension, and TLS servers can select a group from the offered
622 Each TLS group that a provider supports should be described via the callback
623 passed in through the provider_get_capabilities function. Each group should have
626 .IP """tls-group-name"" (\fBOSSL_CAPABILITY_TLS_GROUP_NAME\fR) <UTF8 string>" 4
627 .IX Item """tls-group-name"" (OSSL_CAPABILITY_TLS_GROUP_NAME) <UTF8 string>"
628 The name of the group as given in the IANA TLS Supported Groups registry
629 <https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#tls\-parameters\-8>.
630 .IP """tls-group-name-internal"" (\fBOSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL\fR) <UTF8 string>" 4
631 .IX Item """tls-group-name-internal"" (OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL) <UTF8 string>"
632 The name of the group as known by the provider. This could be the same as the
633 "tls-group-name", but does not have to be.
634 .IP """tls-group-id"" (\fBOSSL_CAPABILITY_TLS_GROUP_ID\fR) <unsigned integer>" 4
635 .IX Item """tls-group-id"" (OSSL_CAPABILITY_TLS_GROUP_ID) <unsigned integer>"
636 The TLS group id value as given in the IANA TLS Supported Groups registry.
638 It is possible to register the same group id from within different
641 unspecified which implementation for a particular group id will be used.
642 .IP """tls-group-alg"" (\fBOSSL_CAPABILITY_TLS_GROUP_ALG\fR) <UTF8 string>" 4
643 .IX Item """tls-group-alg"" (OSSL_CAPABILITY_TLS_GROUP_ALG) <UTF8 string>"
645 be used with this group. Keys created should be able to support \fIkey exchange\fR
649 key/parameter generation parameter, \fBOSSL_PKEY_PARAM_GROUP_NAME\fR. The group
650 name given via "tls-group-name-internal" above will be passed via
652 .IP """tls-group-sec-bits"" (\fBOSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS\fR) <unsigned integer>" 4
653 .IX Item """tls-group-sec-bits"" (OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS) <unsigned integer>"
654 The number of bits of security offered by keys in this group. The number of bits
655 should be comparable with the ones given in table 2 and 3 of the NIST SP800\-57
657 .IP """tls-group-is-kem"" (\fBOSSL_CAPABILITY_TLS_GROUP_IS_KEM\fR) <unsigned integer>" 4
658 .IX Item """tls-group-is-kem"" (OSSL_CAPABILITY_TLS_GROUP_IS_KEM) <unsigned integer>"
659 Boolean flag to describe if the group should be used in \fIkey exchange\fR (KEX)
663 mode for the group.
665 In KEX mode, in a typical Diffie-Hellman fashion, both sides execute \fIkeygen\fR
666 then \fIderive\fR against the peer public key. To operate in KEX mode, the group
668 \&\fBprovider\-keyexch\fR\|(7).
674 in KEM mode, the group implementation must support the provider functions as
675 described in \fBprovider\-kem\fR\|(7).
679 .IP """tls-min-tls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MIN_TLS\fR) <integer>" 4
680 .IX Item """tls-min-tls"" (OSSL_CAPABILITY_TLS_GROUP_MIN_TLS) <integer>"
682 .IP """tls-max-tls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MAX_TLS\fR) <integer>" 4
683 .IX Item """tls-max-tls"" (OSSL_CAPABILITY_TLS_GROUP_MAX_TLS) <integer>"
684 .IP """tls-min-dtls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MIN_DTLS\fR) <integer>" 4
685 .IX Item """tls-min-dtls"" (OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS) <integer>"
686 .IP """tls-max-dtls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MAX_DTLS\fR) <integer>" 4
687 .IX Item """tls-max-dtls"" (OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS) <integer>"
690 versions supported by the group. The values equate to the on-the-wire encoding
693 or maximum. A \-1 indicates that the group should not be used in that protocol.
695 \fI"TLS-SIGALG" Capability\fR
696 .IX Subsection """TLS-SIGALG"" Capability"
698 The "TLS-SIGALG" capability can be queried by libssl to discover the list of
700 can be used for client\- or server-authentication in addition to the built-in
709 the callback passed in through the provider_get_capabilities function. Each
711 .IP """iana-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_IANA_NAME\fR) <UTF8 string>" 4
712 .IX Item """iana-name"" (OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME) <UTF8 string>"
715 <https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#tls\-signaturescheme>.
717 .IP """iana-code-point"" (\fBOSSL_CAPABILITY_TLS_SIGALG_CODE_POINT\fR) <unsigned integer>" 4
718 .IX Item """iana-code-point"" (OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT) <unsigned integer>"
726 .IP """sigalg-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_NAME\fR) <UTF8 string>" 4
727 .IX Item """sigalg-name"" (OSSL_CAPABILITY_TLS_SIGALG_NAME) <UTF8 string>"
728 A name for the full (possibly composite hash-and-signature) signature
733 parameters "sig-name" and "hash-name".
735 .IP """sigalg-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_OID\fR) <UTF8 string>" 4
736 .IX Item """sigalg-oid"" (OSSL_CAPABILITY_TLS_SIGALG_OID) <UTF8 string>"
737 The OID of the "sigalg-name" algorithm in canonical numeric text form. If
739 a NID for this OID, using the "sigalg-name" parameter for its (short) name.
743 .IP """sig-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_SIG_NAME\fR) <UTF8 string>" 4
744 .IX Item """sig-name"" (OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME) <UTF8 string>"
746 "sigalg-name". If "sigalg-name" is implemented by the provider, this
749 .IP """sig-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_SIG_OID\fR) <UTF8 string>" 4
750 .IX Item """sig-oid"" (OSSL_CAPABILITY_TLS_SIGALG_SIG_OID) <UTF8 string>"
751 The OID of the "sig-name" algorithm in canonical numeric text form. If
753 a NID for this OID, using the "sig-name" parameter for its (short) name.
757 .IP """hash-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_HASH_NAME\fR) <UTF8 string>" 4
758 .IX Item """hash-name"" (OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME) <UTF8 string>"
759 The name of the hash algorithm that is part of a composite "sigalg-name".
760 If "sigalg-name" is implemented by the provider, this parameter is redundant
763 .IP """hash-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_HASH_OID\fR) <UTF8 string>" 4
764 .IX Item """hash-oid"" (OSSL_CAPABILITY_TLS_SIGALG_HASH_OID) <UTF8 string>"
765 The OID of the "hash-name" algorithm in canonical numeric text form. If
767 a NID for this OID, using the "hash-name" parameter for its (short) name.
771 .IP """key-type"" (\fBOSSL_CAPABILITY_TLS_SIGALG_KEYTYPE\fR) <UTF8 string>" 4
772 .IX Item """key-type"" (OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE) <UTF8 string>"
774 isn't present, it's assumed to be the same as "sig-name" if that's present,
775 otherwise "sigalg-name".
777 .IP """key-type-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID\fR) <UTF8 string>" 4
778 .IX Item """key-type-oid"" (OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID) <UTF8 string>"
779 The OID of the "key-type" in canonical numeric text form. If
781 a NID for this OID, using the "key-type" parameter for its (short) name.
785 .IP """sec-bits"" (\fBOSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS\fR) <unsigned integer>" 4
786 .IX Item """sec-bits"" (OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS) <unsigned integer>"
789 SP800\-57 document. This number is used to determine the security strength of
795 .IP """tls-min-tls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MIN_TLS\fR) <integer>" 4
796 .IX Item """tls-min-tls"" (OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS) <integer>"
798 .IP """tls-max-tls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MAX_TLS\fR) <integer>" 4
799 .IX Item """tls-max-tls"" (OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS) <integer>"
800 .IP """tls-min-dtls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS\fR) <integer>" 4
801 .IX Item """tls-min-dtls"" (OSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS) <integer>"
802 .IP """tls-max-dtls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS\fR) <integer>" 4
803 .IX Item """tls-max-dtls"" (OSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS) <integer>"
807 on-the-wire encoding of the various TLS versions. For example TLSv1.3 is
809 there is no defined minimum or maximum. A \-1 in either the min or max field
838 \&  * To ensure we get the function signature right, forward declare
839 \&  * them using function types provided by openssl/core_dispatch.h
871 \&         fooctx\->provctx = provctx;
873 \&         c_put_error(provctx\->handle, E_MALLOC, _\|_FILE_\|_, _\|_LINE_\|_);
886 \&     fooctx\->b = 0x33;
896 \&     for (; inl\-\- > 0; in++)
897 \&         *in ^= fooctx\->b;
905 \&     fooctx\->b = 0x66;
956 \&     for (; in\->function_id != 0; in++)
957 \&         switch (in\->function_id) {
973 \&     pctx\->handle = handle;
986 \& { return (OSSL_FUNC_bar_newctx_fn *)opf\->function; }
991 \& { return (OSSL_FUNC_bar_freectx_fn *)opf\->function; }
996 \& { return (OSSL_FUNC_bar_init_fn *)opf\->function; }
1002 \& { return (OSSL_FUNC_bar_update_fn *)opf\->function; }
1007 \& { return (OSSL_FUNC_bar_final_fn *)opf\->function; }
1024 Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved.