provider-mac.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/provider-mac.7

Lines Matching +full:mac +full:-
1 .\" -*- mode: troff; coding: utf-8 -*-
57 .IX Title "PROVIDER-MAC 7ossl"
58 .TH PROVIDER-MAC 7ossl 2025-09-30 3.5.4 OpenSSL
64 provider\-mac \- The mac library <\-> provider functions
89 \& /* MAC parameter descriptors */
94 \& /* MAC parameters */
104 The MAC operation enables providers to implement mac algorithms and make
112 (see "Provider Functions" in \fBprovider\-base\fR\|(7)).
127 macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows:
148 A mac algorithm implementation may not implement all of these functions.
157 structure for holding context information during a mac operation.
158 A pointer to this context will be passed back in a number of the other mac
163 \&\fBOSSL_FUNC_mac_freectx()\fR is passed a pointer to the provider side mac context in
169 \&\fBOSSL_FUNC_mac_dupctx()\fR should duplicate the provider side mac context in the
173 \&\fBOSSL_FUNC_mac_init()\fR initialises a mac operation given a newly created provider
174 side mac context in the \fImctx\fR parameter.  The \fIparams\fR are set before setting
175 the MAC \fIkey\fR of \fIkeylen\fR bytes.
177 \&\fBOSSL_FUNC_mac_init_skey()\fR is similar but uses an opaque provider-specific object
178 to initialize the MAC context.
180 \&\fBOSSL_FUNC_mac_update()\fR is called to supply data for MAC computation of a previously
181 initialised mac operation.
184 \&\fBOSSL_FUNC_mac_update()\fR may be called multiple times for a single mac operation.
186 \&\fBOSSL_FUNC_mac_final()\fR completes the MAC computation started through previous
189 The resulting MAC should be written to \fIout\fR and the amount of data written
193 .SS "Mac Parameters"
194 .IX Subsection "Mac Parameters"
201 \&\fBOSSL_FUNC_mac_set_ctx_params()\fR sets mac parameters associated with the given
202 provider side mac context \fImctx\fR to \fIparams\fR.
207 associated with the given provider side mac context \fImctx\fR and stores them
221 All MAC implementations are expected to handle the following parameters:
229 Sets the key in the associated MAC ctx.  This is identical to passing a \fIkey\fR
241 Can be used to get the default MAC size (which might be the only allowable
244 Note that some implementations allow setting the size that the resulting MAC
250 Can be used to get the MAC block size (if supported by the algorithm).
256 .IP """fips-indicator"" (\fBOSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR\fR) <int>" 4
257 .IX Item """fips-indicator"" (OSSL_MAC_PARAM_FIPS_APPROVED_INDICATOR) <int>"
260 either "no-short-mac" or "key-check" are set to 0.
261 .IP """no-short-mac"" (\fBOSSL_MAC_PARAM_FIPS_NO_SHORT_MAC\fR) <integer>" 4
262 .IX Item """no-short-mac"" (OSSL_MAC_PARAM_FIPS_NO_SHORT_MAC) <integer>"
264 The default value of 1 causes an error when too short MAC output is
266 "fips-indicator" to 0.
267 This option breaks FIPS compliance if it causes the approved "fips-indicator"
269 .IP """key-check"" (\fBOSSL_MAC_PARAM_FIPS_KEY_CHECK\fR) <integer>" 4
270 .IX Item """key-check"" (OSSL_MAC_PARAM_FIPS_KEY_CHECK) <integer>"
274 "fips-indicator" to 0.
275 This option breaks FIPS compliance if it causes the approved "fips-indicator"
279 The MAC life-cycle is described in \fBlife_cycle\-rand\fR\|(7).  Providers should
285 provider side mac context, or NULL on failure.
298 \&\fBEVP_MAC\-BLAKE2\fR\|(7), \fBEVP_MAC\-CMAC\fR\|(7), \fBEVP_MAC\-GMAC\fR\|(7),
299 \&\fBEVP_MAC\-HMAC\fR\|(7), \fBEVP_MAC\-KMAC\fR\|(7), \fBEVP_MAC\-Poly1305\fR\|(7),
300 \&\fBEVP_MAC\-Siphash\fR\|(7),
301 \&\fBlife_cycle\-mac\fR\|(7), \fBEVP_MAC\fR\|(3)
304 The provider MAC interface was introduced in OpenSSL 3.0.
305 The parameters "no-short-mac" and "fips-indicator" were added in OpenSSL 3.4.
310 Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved.