provider-base.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/provider-base.7

Lines Matching +full:max +full:- +full:functions
1 .\" -*- mode: troff; coding: utf-8 -*-
57 .IX Title "PROVIDER-BASE 7ossl"
58 .TH PROVIDER-BASE 7ossl 2025-09-30 3.5.4 OpenSSL
64 provider\-base
65 \&\- The basic OpenSSL library <\-> provider functions
72 \&  * None of these are actual functions, but are displayed like this for
73 \&  * the function signatures for functions that are offered as function
77 \& /* Functions offered by libcrypto to the providers */
156 \& /* Functions for querying the providers in the application library context */
171 \& /* Functions offered by the provider to libcrypto */
187 All "functions" mentioned here are passed as function pointers between
192 All these "functions" have a corresponding function type definition
206 macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows:
279 .SS "Core functions"
280 .IX Subsection "Core functions"
299 This function is useful only for built-in providers such as the default
301 built-in as the OSSL_LIB_CTX of the library loading the provider might be
388 \&\fBOPENSSL_hexstr2buf()\fR correspond exactly to the public functions with
390 array are typically direct pointers to those public functions. Note that the BIO
391 functions take an \fBOSSL_CORE_BIO\fR type rather than the standard \fBBIO\fR
441 and must not call other OpenSSL API functions or upcalls.
479 .SS "Provider functions"
480 .IX Subsection "Provider functions"
521 None of these functions are mandatory, but a provider is fairly
534 OpenSSL in-built providers use OPENSSL_VERSION_STR, but this may be different
539 OpenSSL in-built providers use OPENSSL_FULL_VERSION_STR, but this may be
550 .IP """openssl-version"" (\fBOSSL_PROV_PARAM_CORE_VERSION\fR) <UTF8 string ptr>" 4
551 .IX Item """openssl-version"" (OSSL_PROV_PARAM_CORE_VERSION) <UTF8 string ptr>"
554 .IP """provider-name"" (\fBOSSL_PROV_PARAM_CORE_PROV_NAME\fR) <UTF8 string ptr>" 4
555 .IX Item """provider-name"" (OSSL_PROV_PARAM_CORE_PROV_NAME) <UTF8 string ptr>"
557 .IP """module-filename"" (\fBOSSL_PROV_PARAM_CORE_MODULE_FILENAME\fR) <UTF8 string ptr>" 4
558 .IX Item """module-filename"" (OSSL_PROV_PARAM_CORE_MODULE_FILENAME) <UTF8 string ptr>"
610 \fI"TLS-GROUP" Capability\fR
611 .IX Subsection """TLS-GROUP"" Capability"
613 The "TLS-GROUP" capability can be queried by libssl to discover the list of
626 .IP """tls-group-name"" (\fBOSSL_CAPABILITY_TLS_GROUP_NAME\fR) <UTF8 string>" 4
627 .IX Item """tls-group-name"" (OSSL_CAPABILITY_TLS_GROUP_NAME) <UTF8 string>"
629 <https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#tls\-parameters\-8>.
630 .IP """tls-group-name-internal"" (\fBOSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL\fR) <UTF8 string>" 4
631 .IX Item """tls-group-name-internal"" (OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL) <UTF8 string>"
633 "tls-group-name", but does not have to be.
634 .IP """tls-group-id"" (\fBOSSL_CAPABILITY_TLS_GROUP_ID\fR) <unsigned integer>" 4
635 .IX Item """tls-group-id"" (OSSL_CAPABILITY_TLS_GROUP_ID) <unsigned integer>"
642 .IP """tls-group-alg"" (\fBOSSL_CAPABILITY_TLS_GROUP_ALG\fR) <UTF8 string>" 4
643 .IX Item """tls-group-alg"" (OSSL_CAPABILITY_TLS_GROUP_ALG) <UTF8 string>"
650 name given via "tls-group-name-internal" above will be passed via
652 .IP """tls-group-sec-bits"" (\fBOSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS\fR) <unsigned integer>" 4
653 .IX Item """tls-group-sec-bits"" (OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS) <unsigned integer>"
655 should be comparable with the ones given in table 2 and 3 of the NIST SP800\-57
657 .IP """tls-group-is-kem"" (\fBOSSL_CAPABILITY_TLS_GROUP_IS_KEM\fR) <unsigned integer>" 4
658 .IX Item """tls-group-is-kem"" (OSSL_CAPABILITY_TLS_GROUP_IS_KEM) <unsigned integer>"
665 In KEX mode, in a typical Diffie-Hellman fashion, both sides execute \fIkeygen\fR
667 implementation must support the provider functions as described in
668 \&\fBprovider\-keyexch\fR\|(7).
674 in KEM mode, the group implementation must support the provider functions as
675 described in \fBprovider\-kem\fR\|(7).
679 .IP """tls-min-tls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MIN_TLS\fR) <integer>" 4
680 .IX Item """tls-min-tls"" (OSSL_CAPABILITY_TLS_GROUP_MIN_TLS) <integer>"
682 .IP """tls-max-tls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MAX_TLS\fR) <integer>" 4
683 .IX Item """tls-max-tls"" (OSSL_CAPABILITY_TLS_GROUP_MAX_TLS) <integer>"
684 .IP """tls-min-dtls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MIN_DTLS\fR) <integer>" 4
685 .IX Item """tls-min-dtls"" (OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS) <integer>"
686 .IP """tls-max-dtls"" (\fBOSSL_CAPABILITY_TLS_GROUP_MAX_DTLS\fR) <integer>" 4
687 .IX Item """tls-max-dtls"" (OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS) <integer>"
690 versions supported by the group. The values equate to the on-the-wire encoding
693 or maximum. A \-1 indicates that the group should not be used in that protocol.
695 \fI"TLS-SIGALG" Capability\fR
696 .IX Subsection """TLS-SIGALG"" Capability"
698 The "TLS-SIGALG" capability can be queried by libssl to discover the list of
700 can be used for client\- or server-authentication in addition to the built-in
711 .IP """iana-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_IANA_NAME\fR) <UTF8 string>" 4
712 .IX Item """iana-name"" (OSSL_CAPABILITY_TLS_SIGALG_IANA_NAME) <UTF8 string>"
715 <https://www.iana.org/assignments/tls\-parameters/tls\-parameters.xhtml#tls\-signaturescheme>.
717 .IP """iana-code-point"" (\fBOSSL_CAPABILITY_TLS_SIGALG_CODE_POINT\fR) <unsigned integer>" 4
718 .IX Item """iana-code-point"" (OSSL_CAPABILITY_TLS_SIGALG_CODE_POINT) <unsigned integer>"
726 .IP """sigalg-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_NAME\fR) <UTF8 string>" 4
727 .IX Item """sigalg-name"" (OSSL_CAPABILITY_TLS_SIGALG_NAME) <UTF8 string>"
728 A name for the full (possibly composite hash-and-signature) signature
733 parameters "sig-name" and "hash-name".
735 .IP """sigalg-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_OID\fR) <UTF8 string>" 4
736 .IX Item """sigalg-oid"" (OSSL_CAPABILITY_TLS_SIGALG_OID) <UTF8 string>"
737 The OID of the "sigalg-name" algorithm in canonical numeric text form. If
739 a NID for this OID, using the "sigalg-name" parameter for its (short) name.
743 .IP """sig-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_SIG_NAME\fR) <UTF8 string>" 4
744 .IX Item """sig-name"" (OSSL_CAPABILITY_TLS_SIGALG_SIG_NAME) <UTF8 string>"
746 "sigalg-name". If "sigalg-name" is implemented by the provider, this
749 .IP """sig-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_SIG_OID\fR) <UTF8 string>" 4
750 .IX Item """sig-oid"" (OSSL_CAPABILITY_TLS_SIGALG_SIG_OID) <UTF8 string>"
751 The OID of the "sig-name" algorithm in canonical numeric text form. If
753 a NID for this OID, using the "sig-name" parameter for its (short) name.
757 .IP """hash-name"" (\fBOSSL_CAPABILITY_TLS_SIGALG_HASH_NAME\fR) <UTF8 string>" 4
758 .IX Item """hash-name"" (OSSL_CAPABILITY_TLS_SIGALG_HASH_NAME) <UTF8 string>"
759 The name of the hash algorithm that is part of a composite "sigalg-name".
760 If "sigalg-name" is implemented by the provider, this parameter is redundant
763 .IP """hash-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_HASH_OID\fR) <UTF8 string>" 4
764 .IX Item """hash-oid"" (OSSL_CAPABILITY_TLS_SIGALG_HASH_OID) <UTF8 string>"
765 The OID of the "hash-name" algorithm in canonical numeric text form. If
767 a NID for this OID, using the "hash-name" parameter for its (short) name.
771 .IP """key-type"" (\fBOSSL_CAPABILITY_TLS_SIGALG_KEYTYPE\fR) <UTF8 string>" 4
772 .IX Item """key-type"" (OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE) <UTF8 string>"
774 isn't present, it's assumed to be the same as "sig-name" if that's present,
775 otherwise "sigalg-name".
777 .IP """key-type-oid"" (\fBOSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID\fR) <UTF8 string>" 4
778 .IX Item """key-type-oid"" (OSSL_CAPABILITY_TLS_SIGALG_KEYTYPE_OID) <UTF8 string>"
779 The OID of the "key-type" in canonical numeric text form. If
781 a NID for this OID, using the "key-type" parameter for its (short) name.
785 .IP """sec-bits"" (\fBOSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS\fR) <unsigned integer>" 4
786 .IX Item """sec-bits"" (OSSL_CAPABILITY_TLS_SIGALG_SECURITY_BITS) <unsigned integer>"
789 SP800\-57 document. This number is used to determine the security strength of
795 .IP """tls-min-tls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MIN_TLS\fR) <integer>" 4
796 .IX Item """tls-min-tls"" (OSSL_CAPABILITY_TLS_SIGALG_MIN_TLS) <integer>"
798 .IP """tls-max-tls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MAX_TLS\fR) <integer>" 4
799 .IX Item """tls-max-tls"" (OSSL_CAPABILITY_TLS_SIGALG_MAX_TLS) <integer>"
800 .IP """tls-min-dtls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS\fR) <integer>" 4
801 .IX Item """tls-min-dtls"" (OSSL_CAPABILITY_TLS_SIGALG_MIN_DTLS) <integer>"
802 .IP """tls-max-dtls"" (\fBOSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS\fR) <integer>" 4
803 .IX Item """tls-max-dtls"" (OSSL_CAPABILITY_TLS_SIGALG_MAX_DTLS) <integer>"
807 on-the-wire encoding of the various TLS versions. For example TLSv1.3 is
809 there is no defined minimum or maximum. A \-1 in either the min or max field
815 The \fBcore_obj_create()\fR and \fBcore_obj_add_sigid()\fR functions were not thread safe
871 \&         fooctx\->provctx = provctx;
873 \&         c_put_error(provctx\->handle, E_MALLOC, _\|_FILE_\|_, _\|_LINE_\|_);
886 \&     fooctx\->b = 0x33;
896 \&     for (; inl\-\- > 0; in++)
897 \&         *in ^= fooctx\->b;
905 \&     fooctx\->b = 0x66;
956 \&     for (; in\->function_id != 0; in++)
957 \&         switch (in\->function_id) {
973 \&     pctx\->handle = handle;
986 \& { return (OSSL_FUNC_bar_newctx_fn *)opf\->function; }
991 \& { return (OSSL_FUNC_bar_freectx_fn *)opf\->function; }
996 \& { return (OSSL_FUNC_bar_init_fn *)opf\->function; }
1002 \& { return (OSSL_FUNC_bar_update_fn *)opf\->function; }
1007 \& { return (OSSL_FUNC_bar_final_fn *)opf\->function; }
1024 Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved.