diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-05-21 16:58:08 +0200 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-06-01 12:40:00 +0200 |
| commit | ed576acdf591d4164905ab98e89ca5a3b99d90ab (patch) | |
| tree | c0f36ca1b3d42f34c0c502e700ad09b69b713d3c /doc | |
| parent | 5e2d22d53ed322a7124e26a4fbd116a8210eb77a (diff) | |
| download | openssl-new-ed576acdf591d4164905ab98e89ca5a3b99d90ab.tar.gz | |
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
Diffstat (limited to 'doc')
34 files changed, 455 insertions, 400 deletions
diff --git a/doc/build.info b/doc/build.info index 42c1804d6c..b77dac210c 100644 --- a/doc/build.info +++ b/doc/build.info @@ -1227,6 +1227,10 @@ DEPEND[html/man3/EVP_PKEY_get_group_name.html]=man3/EVP_PKEY_get_group_name.pod GENERATE[html/man3/EVP_PKEY_get_group_name.html]=man3/EVP_PKEY_get_group_name.pod DEPEND[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod GENERATE[man/man3/EVP_PKEY_get_group_name.3]=man3/EVP_PKEY_get_group_name.pod +DEPEND[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod +GENERATE[html/man3/EVP_PKEY_get_size.html]=man3/EVP_PKEY_get_size.pod +DEPEND[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod +GENERATE[man/man3/EVP_PKEY_get_size.3]=man3/EVP_PKEY_get_size.pod DEPEND[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod GENERATE[html/man3/EVP_PKEY_gettable_params.html]=man3/EVP_PKEY_gettable_params.pod DEPEND[man/man3/EVP_PKEY_gettable_params.3]=man3/EVP_PKEY_gettable_params.pod @@ -1275,10 +1279,6 @@ DEPEND[html/man3/EVP_PKEY_sign.html]=man3/EVP_PKEY_sign.pod GENERATE[html/man3/EVP_PKEY_sign.html]=man3/EVP_PKEY_sign.pod DEPEND[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod GENERATE[man/man3/EVP_PKEY_sign.3]=man3/EVP_PKEY_sign.pod -DEPEND[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod -GENERATE[html/man3/EVP_PKEY_size.html]=man3/EVP_PKEY_size.pod -DEPEND[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod -GENERATE[man/man3/EVP_PKEY_size.3]=man3/EVP_PKEY_size.pod DEPEND[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod GENERATE[html/man3/EVP_PKEY_todata.html]=man3/EVP_PKEY_todata.pod DEPEND[man/man3/EVP_PKEY_todata.3]=man3/EVP_PKEY_todata.pod @@ -3014,6 +3014,7 @@ html/man3/EVP_PKEY_fromdata.html \ html/man3/EVP_PKEY_get_default_digest_nid.html \ html/man3/EVP_PKEY_get_field_type.html \ html/man3/EVP_PKEY_get_group_name.html \ +html/man3/EVP_PKEY_get_size.html \ html/man3/EVP_PKEY_gettable_params.html \ html/man3/EVP_PKEY_is_a.html \ html/man3/EVP_PKEY_keygen.html \ @@ -3026,7 +3027,6 @@ html/man3/EVP_PKEY_set1_encoded_public_key.html \ html/man3/EVP_PKEY_set_type.html \ html/man3/EVP_PKEY_settable_params.html \ html/man3/EVP_PKEY_sign.html \ -html/man3/EVP_PKEY_size.html \ html/man3/EVP_PKEY_todata.html \ html/man3/EVP_PKEY_verify.html \ html/man3/EVP_PKEY_verify_recover.html \ @@ -3603,6 +3603,7 @@ man/man3/EVP_PKEY_fromdata.3 \ man/man3/EVP_PKEY_get_default_digest_nid.3 \ man/man3/EVP_PKEY_get_field_type.3 \ man/man3/EVP_PKEY_get_group_name.3 \ +man/man3/EVP_PKEY_get_size.3 \ man/man3/EVP_PKEY_gettable_params.3 \ man/man3/EVP_PKEY_is_a.3 \ man/man3/EVP_PKEY_keygen.3 \ @@ -3615,7 +3616,6 @@ man/man3/EVP_PKEY_set1_encoded_public_key.3 \ man/man3/EVP_PKEY_set_type.3 \ man/man3/EVP_PKEY_settable_params.3 \ man/man3/EVP_PKEY_sign.3 \ -man/man3/EVP_PKEY_size.3 \ man/man3/EVP_PKEY_todata.3 \ man/man3/EVP_PKEY_verify.3 \ man/man3/EVP_PKEY_verify_recover.3 \ diff --git a/doc/man3/BIO_f_md.pod b/doc/man3/BIO_f_md.pod index 8ad694853f..aa60ff4eb8 100644 --- a/doc/man3/BIO_f_md.pod +++ b/doc/man3/BIO_f_md.pod @@ -128,7 +128,7 @@ outputs them. This could be used with the examples above. if (!mdtmp) break; BIO_get_md(mdtmp, &md); - printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); + printf("%s digest", OBJ_nid2sn(EVP_MD_get_type(md))); mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); for (i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); printf("\n"); diff --git a/doc/man3/DH_size.pod b/doc/man3/DH_size.pod index e4b7e429a0..75cdc9744c 100644 --- a/doc/man3/DH_size.pod +++ b/doc/man3/DH_size.pod @@ -22,8 +22,8 @@ L<openssl_user_macros(7)>: =head1 DESCRIPTION The functions described on this page are deprecated. -Applications should instead use L<EVP_PKEY_bits(3)>, -L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>. +Applications should instead use L<EVP_PKEY_get_bits(3)>, +L<EVP_PKEY_get_security_bits(3)> and L<EVP_PKEY_get_size(3)>. DH_bits() returns the number of significant bits. @@ -49,7 +49,7 @@ B<dh> doesn't hold any key parameters. =head1 SEE ALSO -L<EVP_PKEY_bits(3)>, +L<EVP_PKEY_get_bits(3)>, L<DH_new(3)>, L<DH_generate_key(3)>, L<BN_num_bits(3)> diff --git a/doc/man3/DSA_size.pod b/doc/man3/DSA_size.pod index b904845447..0d0d1e5994 100644 --- a/doc/man3/DSA_size.pod +++ b/doc/man3/DSA_size.pod @@ -21,8 +21,8 @@ L<openssl_user_macros(7)>: =head1 DESCRIPTION All of the functions described on this page are deprecated. -Applications should instead use L<EVP_PKEY_bits(3)>, -L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>. +Applications should instead use L<EVP_PKEY_get_bits(3)>, +L<EVP_PKEY_get_security_bits(3)> and L<EVP_PKEY_get_size(3)>. DSA_bits() returns the number of bits in key I<dsa>: this is the number of bits in the I<p> parameter. @@ -47,9 +47,9 @@ hold any key parameters. =head1 SEE ALSO -L<EVP_PKEY_bits(3)>, -L<EVP_PKEY_security_bits(3)>, -L<EVP_PKEY_size(3)>, +L<EVP_PKEY_get_bits(3)>, +L<EVP_PKEY_get_security_bits(3)>, +L<EVP_PKEY_get_size(3)>, L<DSA_new(3)>, L<DSA_sign(3)> =head1 HISTORY diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod index 93df44ec8f..2b34eb4469 100644 --- a/doc/man3/EVP_ASYM_CIPHER_free.pod +++ b/doc/man3/EVP_ASYM_CIPHER_free.pod @@ -3,9 +3,9 @@ =head1 NAME EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref, -EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider, +EVP_ASYM_CIPHER_get_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_get0_provider, EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all, -EVP_ASYM_CIPHER_name, EVP_ASYM_CIPHER_description, +EVP_ASYM_CIPHER_get0_name, EVP_ASYM_CIPHER_get0_description, EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params - Functions to manage EVP_ASYM_CIPHER algorithm objects @@ -17,10 +17,10 @@ EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params const char *properties); void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher); int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher); - int EVP_ASYM_CIPHER_number(const EVP_ASYM_CIPHER *cipher); - const char *EVP_ASYM_CIPHER_name(const EVP_ASYM_CIPHER *cipher); + int EVP_ASYM_CIPHER_get_number(const EVP_ASYM_CIPHER *cipher); + const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher); int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name); - OSSL_PROVIDER *EVP_ASYM_CIPHER_provider(const EVP_ASYM_CIPHER *cipher); + OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher); void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_ASYM_CIPHER *cipher, void *arg), @@ -28,7 +28,7 @@ EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher, void (*fn)(const char *name, void *data), void *data); - const char *EVP_ASYM_CIPHER_description(const EVP_ASYM_CIPHER *cipher); + const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher); const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip); const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip); @@ -54,17 +54,18 @@ B<EVP_ASYM_CIPHER> structure. EVP_ASYM_CIPHER_is_a() returns 1 if I<cipher> is an implementation of an algorithm that's identifiable with I<name>, otherwise 0. -EVP_ASYM_CIPHER_provider() returns the provider that I<cipher> was fetched from. +EVP_ASYM_CIPHER_get0_provider() returns the provider that I<cipher> was +fetched from. EVP_ASYM_CIPHER_do_all_provided() traverses all EVP_ASYM_CIPHERs implemented by all activated providers in the given library context I<libctx>, and for each of the implementations, calls the given function I<fn> with the implementation method and the given I<arg> as argument. -EVP_ASYM_CIPHER_number() returns the internal dynamic number assigned to +EVP_ASYM_CIPHER_get_number() returns the internal dynamic number assigned to I<cipher>. -EVP_ASYM_CIPHER_name() returns the algorithm name from the provided +EVP_ASYM_CIPHER_get0_name() returns the algorithm name from the provided implementation for the given I<cipher>. Note that the I<cipher> may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -73,9 +74,9 @@ by the I<cipher> object and should not be freed by the caller. EVP_ASYM_CIPHER_names_do_all() traverses all names for I<cipher>, and calls I<fn> with each name and I<data>. -EVP_ASYM_CIPHER_description() returns a description of the I<cipher>, meant -for display and human consumption. The description is at the discretion of -the I<cipher> implementation. +EVP_ASYM_CIPHER_get0_description() returns a description of the I<cipher>, +meant for display and human consumption. The description is at the +discretion of the I<cipher> implementation. EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() return a constant B<OSSL_PARAM> array that describes the names and types of key diff --git a/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod index c5995a584d..f5021b8728 100644 --- a/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod +++ b/doc/man3/EVP_CIPHER_CTX_get_original_iv.pod @@ -25,11 +25,12 @@ L<openssl_user_macros(7)>: EVP_CIPHER_CTX_get_original_iv() and EVP_CIPHER_CTX_get_updated_iv() copy initialization vector (IV) information from the B<EVP_CIPHER_CTX> into the -caller-supplied buffer. L<EVP_CIPHER_CTX_iv_length(3)> can be used to determine -an appropriate buffer size, and if the supplied buffer is too small, an error -will be returned (and no data copied). EVP_CIPHER_CTX_get_original_iv() -accesses the ("original") IV that was supplied when the B<EVP_CIPHER_CTX> was -initialized, and EVP_CIPHER_CTX_get_updated_iv() accesses the current "IV state" +caller-supplied buffer. L<EVP_CIPHER_CTX_get_iv_length(3)> can be used to +determine an appropriate buffer size, and if the supplied buffer is too small, +an error will be returned (and no data copied). +EVP_CIPHER_CTX_get_original_iv() accesses the ("original") IV that was +supplied when the B<EVP_CIPHER_CTX> was initialized, and +EVP_CIPHER_CTX_get_updated_iv() accesses the current "IV state" of the cipher, which is updated during cipher operation for certain cipher modes (e.g., CBC and OFB). diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 4b6aaeeb1c..9c9403cbd3 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -12,16 +12,16 @@ EVP_MD_CTX_settable_params, EVP_MD_CTX_gettable_params, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_Q_digest, EVP_Digest, EVP_DigestInit_ex2, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, -EVP_MD_is_a, EVP_MD_name, EVP_MD_description, EVP_MD_number, -EVP_MD_names_do_all, EVP_MD_provider, -EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags, -EVP_MD_CTX_name, +EVP_MD_is_a, EVP_MD_get0_name, EVP_MD_get0_description, EVP_MD_get_number, +EVP_MD_names_do_all, EVP_MD_get0_provider, +EVP_MD_get_type, EVP_MD_get_pkey_type, EVP_MD_get_size, EVP_MD_get_block_size, EVP_MD_get_flags, +EVP_MD_CTX_get0_name, EVP_MD_CTX_md, EVP_MD_CTX_get0_md, EVP_MD_CTX_get1_md, -EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size, -EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, +EVP_MD_CTX_get_type, EVP_MD_CTX_get_size, EVP_MD_CTX_get_block_size, +EVP_MD_CTX_get0_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn, EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj, -EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, +EVP_MD_CTX_get_pkey_ctx, EVP_MD_CTX_set_pkey_ctx, EVP_MD_do_all_provided - EVP digest routines @@ -68,27 +68,27 @@ EVP_MD_do_all_provided int EVP_MD_CTX_copy(EVP_MD_CTX *out, EVP_MD_CTX *in); - const char *EVP_MD_name(const EVP_MD *md); - const char *EVP_MD_description(const EVP_MD *md); - int EVP_MD_number(const EVP_MD *md); + const char *EVP_MD_get0_name(const EVP_MD *md); + const char *EVP_MD_get0_description(const EVP_MD *md); + int EVP_MD_get_number(const EVP_MD *md); int EVP_MD_is_a(const EVP_MD *md, const char *name); int EVP_MD_names_do_all(const EVP_MD *md, void (*fn)(const char *name, void *data), void *data); - const OSSL_PROVIDER *EVP_MD_provider(const EVP_MD *md); - int EVP_MD_type(const EVP_MD *md); - int EVP_MD_pkey_type(const EVP_MD *md); - int EVP_MD_size(const EVP_MD *md); - int EVP_MD_block_size(const EVP_MD *md); - unsigned long EVP_MD_flags(const EVP_MD *md); + const OSSL_PROVIDER *EVP_MD_get0_provider(const EVP_MD *md); + int EVP_MD_get_type(const EVP_MD *md); + int EVP_MD_get_pkey_type(const EVP_MD *md); + int EVP_MD_get_size(const EVP_MD *md); + int EVP_MD_get_block_size(const EVP_MD *md); + unsigned long EVP_MD_get_flags(const EVP_MD *md); const EVP_MD *EVP_MD_CTX_get0_md(const EVP_MD_CTX *ctx); EVP_MD *EVP_MD_CTX_get1_md(EVP_MD_CTX *ctx); - const char *EVP_MD_CTX_name(const EVP_MD_CTX *ctx); - int EVP_MD_CTX_size(const EVP_MD_CTX *ctx); - int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx); - int EVP_MD_CTX_type(const EVP_MD_CTX *ctx); - void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); + const char *EVP_MD_CTX_get0_name(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_get_block_size(const EVP_MD_CTX *ctx); + int EVP_MD_CTX_get_type(const EVP_MD_CTX *ctx); + void *EVP_MD_CTX_get0_md_data(const EVP_MD_CTX *ctx); const EVP_MD *EVP_md_null(void); @@ -96,7 +96,7 @@ EVP_MD_do_all_provided const EVP_MD *EVP_get_digestbynid(int type); const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o); - EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); + EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx, @@ -312,13 +312,13 @@ EVP_sha256() rather than the result of an EVP_MD_fetch()), only cipher names registered with the default library context (see L<OSSL_LIB_CTX(3)>) will be considered. -=item EVP_MD_number() +=item EVP_MD_get_number() Returns the internal dynamic number assigned to the I<md>. This is only useful with fetched B<EVP_MD>s. -=item EVP_MD_name(), -EVP_MD_CTX_name() +=item EVP_MD_get0_name(), +EVP_MD_CTX_get0_name() Return the name of the given message digest. For fetched message digests with multiple names, only one of them is returned; it's @@ -329,36 +329,36 @@ recommended to use EVP_MD_names_do_all() instead. Traverses all names for the I<md>, and calls I<fn> with each name and I<data>. This is only useful with fetched B<EVP_MD>s. -=item EVP_MD_description() +=item EVP_MD_get0_description() Returns a description of the digest, meant for display and human consumption. The description is at the discretion of the digest implementation. -=item EVP_MD_provider() +=item EVP_MD_get0_provider() Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given B<EVP_MD>. -=item EVP_MD_size(), -EVP_MD_CTX_size() +=item EVP_MD_get_size(), +EVP_MD_CTX_get_size() Return the size of the message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the hash. -=item EVP_MD_block_size(), -EVP_MD_CTX_block_size() +=item EVP_MD_get_block_size(), +EVP_MD_CTX_get_block_size() Return the block size of the message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure. -=item EVP_MD_type(), -EVP_MD_CTX_type() +=item EVP_MD_get_type(), +EVP_MD_CTX_get_type() Return the NID of the OBJECT IDENTIFIER representing the given message digest -when passed an B<EVP_MD> structure. For example, C<EVP_MD_type(EVP_sha1())> +when passed an B<EVP_MD> structure. For example, C<EVP_MD_get_type(EVP_sha1())> returns B<NID_sha1>. This function is normally used when setting ASN1 OIDs. -=item EVP_MD_CTX_md_data() +=item EVP_MD_CTX_get0_md_data() Return the digest method private data for the passed B<EVP_MD_CTX>. The space is allocated by OpenSSL and has the size originally set with @@ -386,12 +386,12 @@ update function from the B<EVP_MD> type specified at initialization is used. Returns the update function for I<ctx>. -=item EVP_MD_flags() +=item EVP_MD_get_flags() Returns the I<md> flags. Note that these are different from the B<EVP_MD_CTX> ones. See L<EVP_MD_meth_set_flags(3)> for more information. -=item EVP_MD_pkey_type() +=item EVP_MD_get_pkey_type() Returns the NID of the public key signing algorithm associated with this digest. For example EVP_sha1() is associated with RSA so this will return @@ -410,7 +410,7 @@ EVP_get_digestbyobj() Returns an B<EVP_MD> structure when passed a digest name, a digest B<NID> or an B<ASN1_OBJECT> structure respectively. -=item EVP_MD_CTX_pkey_ctx() +=item EVP_MD_CTX_get_pkey_ctx() Returns the B<EVP_PKEY_CTX> assigned to I<ctx>. The returned pointer should not be freed by the caller. @@ -568,16 +568,16 @@ to get. Returns 1 if successful or 0 for failure. -=item EVP_MD_type(), -EVP_MD_pkey_type() +=item EVP_MD_get_type(), +EVP_MD_get_pkey_type() Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none exists. -=item EVP_MD_size(), -EVP_MD_block_size(), -EVP_MD_CTX_size(), -EVP_MD_CTX_block_size() +=item EVP_MD_get_size(), +EVP_MD_get_block_size(), +EVP_MD_CTX_get_size(), +EVP_MD_CTX_get_block_size() Returns the digest or block size in bytes. @@ -625,9 +625,9 @@ implementations of digests to be specified. If digest contexts are not cleaned up after use, memory leaks will occur. -EVP_MD_CTX_name(), EVP_MD_CTX_size(), EVP_MD_CTX_block_size(), -EVP_MD_CTX_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are defined -as macros. +EVP_MD_CTX_get0_name(), EVP_MD_CTX_get_size(), EVP_MD_CTX_get_block_size(), +EVP_MD_CTX_get_type(), EVP_get_digestbynid() and EVP_get_digestbyobj() are +defined as macros. EVP_MD_CTX_ctrl() sends commands to message digests for additional configuration or control. diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod index a24db53949..86d4270ed4 100644 --- a/doc/man3/EVP_DigestSignInit.pod +++ b/doc/man3/EVP_DigestSignInit.pod @@ -165,9 +165,9 @@ Since only a copy of the digest context is ever finalized, the context must be cleaned up after use by calling EVP_MD_CTX_free() or a memory leak will occur. -The use of EVP_PKEY_size() with these functions is discouraged because some +The use of EVP_PKEY_get_size() with these functions is discouraged because some signature operations may have a signature length which depends on the -parameters set. As a result EVP_PKEY_size() would have to return a value +parameters set. As a result EVP_PKEY_get_size() would have to return a value which indicates the maximum possible signature for any set of parameters. =head1 SEE ALSO diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 0fc7b1e82c..ea43e26369 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -33,43 +33,46 @@ EVP_get_cipherbyname, EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_is_a, -EVP_CIPHER_name, -EVP_CIPHER_description, -EVP_CIPHER_number, +EVP_CIPHER_get0_name, +EVP_CIPHER_get0_description, +EVP_CIPHER_get_number, EVP_CIPHER_names_do_all, -EVP_CIPHER_provider, -EVP_CIPHER_nid, +EVP_CIPHER_get0_provider, +EVP_CIPHER_get_nid, EVP_CIPHER_get_params, EVP_CIPHER_gettable_params, -EVP_CIPHER_block_size, -EVP_CIPHER_key_length, -EVP_CIPHER_iv_length, -EVP_CIPHER_flags, -EVP_CIPHER_mode, -EVP_CIPHER_type, +EVP_CIPHER_get_block_size, +EVP_CIPHER_get_key_length, +EVP_CIPHER_get_iv_length, +EVP_CIPHER_get_flags, +EVP_CIPHER_get_mode, +EVP_CIPHER_get_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_get0_cipher, EVP_CIPHER_CTX_get1_cipher, -EVP_CIPHER_CTX_name, -EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_get0_name, +EVP_CIPHER_CTX_get_nid, EVP_CIPHER_CTX_get_params, EVP_CIPHER_gettable_ctx_params, EVP_CIPHER_CTX_gettable_params, EVP_CIPHER_CTX_set_params, EVP_CIPHER_settable_ctx_params, EVP_CIPHER_CTX_settable_params, -EVP_CIPHER_CTX_block_size, -EVP_CIPHER_CTX_key_length, -EVP_CIPHER_CTX_iv_length, -EVP_CIPHER_CTX_tag_length, +EVP_CIPHER_CTX_get_block_size, +EVP_CIPHER_CTX_get_key_length, +EVP_CIPHER_CTX_get_iv_length, +EVP_CIPHER_CTX_get_tag_length, EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, -EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_set_flags, EVP_CIPHER_CTX_clear_flags, EVP_CIPHER_CTX_test_flags, -EVP_CIPHER_CTX_mode, +EVP_CIPHER_CTX_get_type, +EVP_CIPHER_CTX_get_mode, +EVP_CIPHER_CTX_get_num, +EVP_CIPHER_CTX_set_num, +EVP_CIPHER_CTX_is_encrypting, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, EVP_CIPHER_CTX_set_padding, @@ -145,26 +148,26 @@ EVP_CIPHER_do_all_provided const EVP_CIPHER *EVP_get_cipherbynid(int nid); const EVP_CIPHER *EVP_get_cipherbyobj(const ASN1_OBJECT *a); - int EVP_CIPHER_nid(const EVP_CIPHER *e); - int EVP_CIPHER_number(const EVP_CIPHER *e); + int EVP_CIPHER_get_nid(const EVP_CIPHER *e); + int EVP_CIPHER_get_number(const EVP_CIPHER *e); int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name); int EVP_CIPHER_names_do_all(const EVP_CIPHER *cipher, void (*fn)(const char *name, void *data), void *data); - const char *EVP_CIPHER_name(const EVP_CIPHER *cipher); - const char *EVP_CIPHER_description(const EVP_CIPHER *cipher); - const OSSL_PROVIDER *EVP_CIPHER_provider(const EVP_CIPHER *cipher); - int EVP_CIPHER_block_size(const EVP_CIPHER *e); - int EVP_CIPHER_key_length(const EVP_CIPHER *e); - int EVP_CIPHER_iv_length(const EVP_CIPHER *e); - unsigned long EVP_CIPHER_flags(const EVP_CIPHER *e); - unsigned long EVP_CIPHER_mode(const EVP_CIPHER *e); - int EVP_CIPHER_type(const EVP_CIPHER *cipher); + const char *EVP_CIPHER_get0_name(const EVP_CIPHER *cipher); + const char *EVP_CIPHER_get0_description(const EVP_CIPHER *cipher); + const OSSL_PROVIDER *EVP_CIPHER_get0_provider(const EVP_CIPHER *cipher); + int EVP_CIPHER_get_block_size(const EVP_CIPHER *e); + int EVP_CIPHER_get_key_length(const EVP_CIPHER *e); + int EVP_CIPHER_get_iv_length(const EVP_CIPHER *e); + unsigned long EVP_CIPHER_get_flags(const EVP_CIPHER *e); + unsigned long EVP_CIPHER_get_mode(const EVP_CIPHER *e); + int EVP_CIPHER_get_type(const EVP_CIPHER *cipher); const EVP_CIPHER *EVP_CIPHER_CTX_get0_cipher(const EVP_CIPHER_CTX *ctx); EVP_CIPHER *EVP_CIPHER_CTX_get1_cipher(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); - const char *EVP_CIPHER_CTX_name(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx); + const char *EVP_CIPHER_CTX_get0_name(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_get_params(EVP_CIPHER *cipher, OSSL_PARAM params[]); int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]); @@ -174,14 +177,17 @@ EVP_CIPHER_do_all_provided const OSSL_PARAM *EVP_CIPHER_gettable_ctx_params(const EVP_CIPHER *cipher); const OSSL_PARAM *EVP_CIPHER_CTX_settable_params(EVP_CIPHER_CTX *ctx); const OSSL_PARAM *EVP_CIPHER_CTX_gettable_params(EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_tag_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_key_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx); void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); void EVP_CIPHER_CTX_set_app_data(const EVP_CIPHER_CTX *ctx, void *data); - int EVP_CIPHER_CTX_type(const EVP_CIPHER_CTX *ctx); - int EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_type(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_mode(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_get_num(const EVP_CIPHER_CTX *ctx); + int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num); + int EVP_CIPHER_CTX_is_encrypting(const EVP_CIPHER_CTX *ctx); int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); @@ -196,6 +202,12 @@ L<openssl_user_macros(7)>: const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B<OPENSSL_API_COMPAT> with a suitable version value, see +L<openssl_user_macros(7)>: + + int EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); + =head1 DESCRIPTION The EVP cipher routines are a high-level interface to certain @@ -390,7 +402,7 @@ result in I<out>. For legacy ciphers - If the cipher doesn't have the flag B<EVP_CIPH_FLAG_CUSTOM_CIPHER> set, then I<inl> must be a multiple of -EVP_CIPHER_block_size(). If it isn't, the result is undefined. If the cipher +EVP_CIPHER_get_block_size(). If it isn't, the result is undefined. If the cipher has that flag set, then I<inl> can be any size. Due to the constraints of the API contract of this function it shouldn't be used @@ -402,7 +414,7 @@ EVP_CipherFinal_ex() instead. Return an EVP_CIPHER structure when passed a cipher name, a NID or an ASN1_OBJECT structure. -=item EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() +=item EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() Return the NID of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The actual NID value is an internal value which may not have a @@ -426,12 +438,12 @@ when decrypting. If the I<pad> parameter is zero then no padding is performed, the total amount of data encrypted or decrypted must then be a multiple of the block size or an error will occur. -=item EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() +=item EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() Return the key length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum -key length for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for -a given cipher, the value of EVP_CIPHER_CTX_key_length() may be different for +key length for all ciphers. Note: although EVP_CIPHER_get_key_length() is fixed for +a given cipher, the value of EVP_CIPHER_CTX_get_key_length() may be different for variable key length ciphers. =item EVP_CIPHER_CTX_set_key_length() @@ -440,25 +452,25 @@ Sets the key length of the cipher context. If the cipher is a fixed length cipher then attempting to set the key length to any value other than the fixed value is an error. -=item EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() +=item EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() Return the IV length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>. It will return zero if the cipher does not use an IV. The constant B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers. -=item EVP_CIPHER_CTX_tag_length() +=item EVP_CIPHER_CTX_get_tag_length() Returns the tag length of an AEAD cipher when passed a B<EVP_CIPHER_CTX>. It will return zero if the cipher does not support a tag. It returns a default value if the tag length has not been set. -=item EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() +=item EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() Return the block size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The constant B<EVP_MAX_BLOCK_LENGTH> is also the maximum block length for all ciphers. -=item EVP_CIPHER_type() and EVP_CIPHER_CTX_type() +=item EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() Return the type of the passed cipher or context. This "type" is the actual NID of the cipher OBJECT IDENTIFIER and as such it ignores the cipher parameters @@ -474,12 +486,12 @@ value from the likes of EVP_aes128() rather than the result of an EVP_CIPHER_fetch()), only cipher names registered with the default library context (see L<OSSL_LIB_CTX(3)>) will be considered. -=item EVP_CIPHER_number() +=item EVP_CIPHER_get_number() Returns the internal dynamic number assigned to the I<cipher>. This is only useful with fetched B<EVP_CIPHER>s. -=item EVP_CIPHER_name() and EVP_CIPHER_CTX_name() +=item EVP_CIPHER_get0_name() and EVP_CIPHER_CTX_get0_name() Return the name of the passed cipher or context. For fetched ciphers with multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all(). @@ -489,12 +501,12 @@ multiple names, only one of them is returned. See also EVP_CIPHER_names_do_all() Traverses all names for the I<cipher>, and calls I<fn> with each name and I<data>. This is only useful with fetched B<EVP_CIPHER>s. -=item EVP_CIPHER_description() +=item EVP_CIPHER_get0_description() Returns a description of the cipher, meant for display and human consumption. The description is at the discretion of the cipher implementation. -=item EVP_CIPHER_provider() +=item EVP_CIPHER_get0_provider() Returns an B<OSSL_PROVIDER> pointer to the provider that implements the given B<EVP_CIPHER>. @@ -505,7 +517,7 @@ Returns the B<EVP_CIPHER> structure when passed an B<EVP_CIPHER_CTX> structure. EVP_CIPHER_CTX_get1_cipher() is the same except the ownership is passed to the caller. -=item EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() +=item EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode() Return the block cipher mode: EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE, EVP_CIPH_OFB_MODE, @@ -513,11 +525,26 @@ EVP_CIPH_CTR_MODE, EVP_CIPH_GCM_MODE, EVP_CIPH_CCM_MODE, EVP_CIPH_XTS_MODE, EVP_CIPH_WRAP_MODE, EVP_CIPH_OCB_MODE or EVP_CIPH_SIV_MODE. If the cipher is a stream cipher then EVP_CIPH_STREAM_CIPHER is returned. -=item EVP_CIPHER_flags() +=item EVP_CIPHER_get_flags() Returns any flags associated with the cipher. See L</FLAGS> for a list of currently defined flags. +=item EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num() + +Gets or sets the cipher specific "num" parameter for the associated I<ctx>. +Built-in ciphers typically use this to track how much of the current underlying block +has been "used" already. + +=item EVP_CIPHER_CTX_is_encrypting() + +Reports whether the I<ctx> is being used for encryption or decryption. + +=item EVP_CIPHER_CTX_flags() + +A deprecated macro calling C<EVP_CIPHER_get_flags(EVP_CIPHER_CTX_get0_cipher(ctx))>. +Do not use. + =item EVP_CIPHER_param_to_asn1() Sets the AlgorithmIdentifier "parameter" based on the passed cipher. This will @@ -544,7 +571,7 @@ is not supported. Generates a random key of the appropriate length based on the cipher context. The B<EVP_CIPHER> can provide its own random key generation routine to support keys of a specific form. I<key> must point to a buffer at least as big as the -value returned by EVP_CIPHER_CTX_key_length(). +value returned by EVP_CIPHER_CTX_get_key_length(). =item EVP_CIPHER_do_all_provided() @@ -570,18 +597,18 @@ EVP_CIPHER_get_params() can be used with the following B<OSSL_PARAM> keys: =item "mode" (B<OSSL_CIPHER_PARAM_MODE>) <unsigned integer> Gets the mode for the associated cipher algorithm I<cipher>. -See L</EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode()> for a list of valid modes. -Use EVP_CIPHER_mode() to retrieve the cached value. +See L</EVP_CIPHER_get_mode() and EVP_CIPHER_CTX_get_mode()> for a list of valid modes. +Use EVP_CIPHER_get_mode() to retrieve the cached value. =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> Gets the key length for the associated cipher algorithm I<cipher>. -Use EVP_CIPHER_key_length() to retrieve the cached value. +Use EVP_CIPHER_get_key_length() to retrieve the cached value. =item "ivlen" (B<OSSL_CIPHER_PARAM_IVLEN>) <unsigned integer> Gets the IV length for the associated cipher algorithm I<cipher>. -Use EVP_CIPHER_iv_length() to retrieve the cached value. +Use EVP_CIPHER_get_iv_length() to retrieve the cached value. =item "blocksize" (B<OSSL_CIPHER_PARAM_BLOCK_SIZE>) <unsigned integer> @@ -591,12 +618,12 @@ Note that the block size for a cipher may be different to the block size for the underlying encryption/decryption primitive. For example AES in CTR mode has a block size of 1 (because it operates like a stream cipher), even though AES has a block size of 16. -Use EVP_CIPHER_block_size() to retreive the cached value. +Use EVP_CIPHER_get_block_size() to retreive the cached value. =item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer> Gets 1 if this is an AEAD cipher algorithm, otherwise it gets 0. -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) to retrieve the cached value. =item "custom-iv" (B<OSSL_CIPHER_PARAM_CUSTOM_IV>) <integer> @@ -604,7 +631,7 @@ cached value. Gets 1 if the cipher algorithm I<cipher> has a custom IV, otherwise it gets 0. Storing and initializing the IV is left entirely to the implementation, if a custom IV is used. -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_CUSTOM_IV) to retrieve the cached value. =item "cts" (B<OSSL_CIPHER_PARAM_CTS>) <integer> @@ -613,7 +640,7 @@ Gets 1 if the cipher algorithm I<cipher> uses ciphertext stealing, otherwise it gets 0. This is currently used to indicate that the cipher is a one shot that only allows a single call to EVP_CipherUpdate(). -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_CTS) to retrieve the cached value. =item "tls-multi" (B<OSSL_CIPHER_PARAM_TLS1_MULTIBLOCK>) <integer> @@ -621,7 +648,7 @@ cached value. Gets 1 if the cipher algorithm I<cipher> supports interleaving of crypto blocks, otherwise it gets 0. The interleaving is an optimization only applicable to certain TLS ciphers. -Use (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the +Use (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) to retrieve the cached value. =back @@ -644,13 +671,13 @@ See also EVP_CIPHER_CTX_set_padding(). Gets or sets the cipher specific "num" parameter for the cipher context I<ctx>. Built-in ciphers typically use this to track how much of the current underlying block has been "used" already. -See also EVP_CIPHER_CTX_num() and EVP_CIPHER_CTX_set_num(). +See also EVP_CIPHER_CTX_get_num() and EVP_CIPHER_CTX_set_num(). =item "keylen" (B<OSSL_CIPHER_PARAM_KEYLEN>) <unsigned integer> Gets or sets the key length for the cipher context I<ctx>. The length of the "keylen" parameter should not exceed that of a B<size_t>. -See also EVP_CIPHER_CTX_key_length() and EVP_CIPHER_CTX_set_key_length(). +See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length(). =item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string> @@ -723,7 +750,7 @@ The following B<OSSL_PARAM> keys can be used with EVP_CIPHER_CTX_get_params(): Gets the IV length for the cipher context I<ctx>. The length of the "ivlen" parameter should not exceed that of a B<size_t>. -See also EVP_CIPHER_CTX_iv_length(). +See also EVP_CIPHER_CTX_get_iv_length(). =item "iv" (B<OSSL_CIPHER_PARAM_IV>) <octet string OR octet ptr> @@ -749,7 +776,7 @@ the key to odd parity). Gets the tag length to be used for an AEAD cipher for the associated cipher context I<ctx>. It gets a default value if it has not been set. The length of the "taglen" parameter should not exceed that of a B<size_t>. -See also EVP_CIPHER_CTX_tag_length(). +See also EVP_CIPHER_CTX_get_tag_length(). =item "tlsaadpad" (B<OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD>) <unsigned integer> @@ -1116,27 +1143,38 @@ EVP_CIPHER_CTX_reset() returns 1 for success and 0 for failure. EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() return an B<EVP_CIPHER> structure or NULL on error. -EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID. +EVP_CIPHER_get_nid() and EVP_CIPHER_CTX_get_nid() return a NID. -EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block -size. +EVP_CIPHER_get_block_size() and EVP_CIPHER_CTX_get_block_size() return the +block size. -EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key +EVP_CIPHER_get_key_length() and EVP_CIPHER_CTX_get_key_length() return the key length. EVP_CIPHER_CTX_set_padding() always returns 1. -EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV +EVP_CIPHER_get_iv_length() and EVP_CIPHER_CTX_get_iv_length() return the IV length or zero if the cipher does not use an IV. -EVP_CIPHER_CTX_tag_length() return the tag length or zero if the cipher does not -use a tag. +EVP_CIPHER_CTX_get_tag_length() return the tag length or zero if the cipher +does not use a tag. -EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's -OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. +EVP_CIPHER_get_type() and EVP_CIPHER_CTX_get_type() return the NID of the +cipher's OBJECT IDENTIFIER or NID_undef if it has no defined +OBJECT IDENTIFIER. EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure. +EVP_CIPHER_CTX_get_num() returns a nonnegative num value or +B<EVP_CTRL_RET_UNSUPPORTED> if the implementation does not support the call +or on any other error. + +EVP_CIPHER_CTX_set_num() returns 1 on success and 0 if the implementation +does not support the call or on any other error. + +EVP_CIPHER_CTX_is_encrypting() returns 1 if the I<ctx> is set up for encryption +0 otherwise. + EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater than zero for success and zero or a negative number on failure. @@ -1463,8 +1501,8 @@ with a 128-bit key: ctx = EVP_CIPHER_CTX_new(); EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, do_encrypt, NULL); - OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) == 16); - OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); + OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16); + OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16); /* Now we can set key and IV */ EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL); @@ -1577,6 +1615,8 @@ EVP_CIPHER_settable_ctx_params(), EVP_CIPHER_gettable_ctx_params(), EVP_CIPHER_CTX_settable_params() and EVP_CIPHER_CTX_gettable_params() functions were added in 3.0. +The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0. + =head1 COPYRIGHT Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man3/EVP_KDF.pod b/doc/man3/EVP_KDF.pod index 08b15f08ab..2fd6651c2b 100644 --- a/doc/man3/EVP_KDF.pod +++ b/doc/man3/EVP_KDF.pod @@ -5,8 +5,9 @@ EVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, EVP_KDF_CTX_reset, EVP_KDF_derive, -EVP_KDF_CTX_get_kdf_size, EVP_KDF_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, -EVP_KDF_number, EVP_KDF_name, EVP_KDF_names_do_all, EVP_KDF_description, +EVP_KDF_CTX_get_kdf_size, +EVP_KDF_get0_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, EVP_KDF_get_number, +EVP_KDF_get0_name, EVP_KDF_names_do_all, EVP_KDF_get0_description, EVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, EVP_KDF_get_params, EVP_KDF_gettable_params, EVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, @@ -31,11 +32,11 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines void EVP_KDF_free(EVP_KDF *kdf); EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, const char *properties); - int EVP_KDF_number(const EVP_KDF *kdf); + int EVP_KDF_get_number(const EVP_KDF *kdf); int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); - const char *EVP_KDF_name(const EVP_KDF *kdf); - const char *EVP_KDF_description(const EVP_KDF *kdf); - const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); + const char *EVP_KDF_get0_name(const EVP_KDF *kdf); + const char *EVP_KDF_get0_description(const EVP_KDF *kdf); + const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KDF *kdf, void *arg), void *arg); @@ -50,7 +51,7 @@ EVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf); const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf); - const OSSL_PROVIDER *EVP_KDF_provider(const EVP_KDF *kdf); + const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); =head1 DESCRIPTION @@ -162,7 +163,7 @@ calculate a fixed output size have not yet been supplied. EVP_KDF_is_a() returns 1 if I<kdf> is an implementation of an algorithm that's identifiable with I<name>, otherwise 0. -EVP_KDF_provider() returns the provider that holds the implementation +EVP_KDF_get0_provider() returns the provider that holds the implementation of the given I<kdf>. EVP_KDF_do_all_provided() traverses all KDF implemented by all activated @@ -170,19 +171,19 @@ providers in the given library context I<libctx>, and for each of the implementations, calls the given function I<fn> with the implementation method and the given I<arg> as argument. -EVP_KDF_number() returns the internal dynamic number assigned to +EVP_KDF_get_number() returns the internal dynamic number assigned to I<kdf>. -EVP_KDF_name() return the name of the given KDF. For fetched KDFs +EVP_KDF_get0_name() return the name of the given KDF. For fetched KDFs with multiple names, only one of them is returned; it's recommended to use EVP_KDF_names_do_all() instead. EVP_KDF_names_do_all() traverses all names for I<kdf>, and calls I<fn> with each name and I<data>. -EVP_KDF_description() returns a description of the I<kdf>, meant for display -and human consumption. The description is at the discretion of the I<kdf> -implementation. +EVP_KDF_get0_description() returns a description of the I<kdf>, meant for +display and human consumption. The description is at the discretion of +the I<kdf> implementation. =head1 PARAMETERS @@ -262,7 +263,7 @@ The memory size must never exceed what can be given with a B<size_t>. EVP_KDF_fetch() returns a pointer to a newly fetched B<EVP_KDF>, or NULL if allocation failed. -EVP_KDF_provider() returns a pointer to the provider for the KDF, or +EVP_KDF_get0_provider() returns a pointer to the provider for the KDF, or NULL on error. EVP_KDF_up_ref() returns 1 on success, 0 on error. @@ -275,7 +276,7 @@ EVP_KDF_CTX_free() and EVP_KDF_CTX_reset() do not return a value. EVP_KDF_CTX_get_kdf_size() returns the output size. B<SIZE_MAX> is returned to indicate that the algorithm produces a variable amount of output; 0 to indicate failure. -EVP_KDF_name() returns the name of the KDF, or NULL on error. +EVP_KDF_get0_name() returns the name of the KDF, or NULL on error. EVP_KDF_names_do_all() returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod index 13600c521c..766825859b 100644 --- a/doc/man3/EVP_KEM_free.pod +++ b/doc/man3/EVP_KEM_free.pod @@ -3,8 +3,8 @@ =head1 NAME EVP_KEM_fetch, EVP_KEM_free, EVP_KEM_up_ref, -EVP_KEM_number, EVP_KEM_name, EVP_KEM_is_a, EVP_KEM_provider, -EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_description, +EVP_KEM_get_number, EVP_KEM_get0_name, EVP_KEM_is_a, EVP_KEM_get0_provider, +EVP_KEM_do_all_provided, EVP_KEM_names_do_all, EVP_KEM_get0_description, EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params - Functions to manage EVP_KEM algorithm objects @@ -16,15 +16,15 @@ EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params const char *properties); void EVP_KEM_free(EVP_KEM *kem); int EVP_KEM_up_ref(EVP_KEM *kem); - int EVP_KEM_number(const EVP_KEM *kem); - const char *EVP_KEM_name(const EVP_KEM *kem); + int EVP_KEM_get_number(const EVP_KEM *kem); + const char *EVP_KEM_get0_name(const EVP_KEM *kem); int EVP_KEM_is_a(const EVP_KEM *kem, const char *name); - OSSL_PROVIDER *EVP_KEM_provider(const EVP_KEM *kem); + OSSL_PROVIDER *EVP_KEM_get0_provider(const EVP_KEM *kem); void EVP_KEM_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEM *kem, void *arg), void *arg); int EVP_KEM_names_do_all(const EVP_KEM *kem, void (*fn)(const char *name, void *data), void *data); - const char *EVP_KEM_description(const EVP_KEM *kem); + const char *EVP_KEM_get0_description(const EVP_KEM *kem); const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem); const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem); @@ -48,16 +48,16 @@ EVP_KEM_up_ref() increments the reference count for an B<EVP_KEM> structure. EVP_KEM_is_a() returns 1 if I<kem> is an implementation of an algorithm that's identifiable with I<name>, otherwise 0. -EVP_KEM_provider() returns the provider that I<kem> was fetched from. +EVP_KEM_get0_provider() returns the provider that I<kem> was fetched from. EVP_KEM_do_all_provided() traverses all EVP_KEMs implemented by all activated providers in the given library context I<libctx>, and for each of the implementations, calls the given function I<fn> with the implementation method and the given I<arg> as argument. -EVP_KEM_number() returns the internal dynamic number assigned to I<kem>. +EVP_KEM_get_number() returns the internal dynamic number assigned to I<kem>. -EVP_KEM_name() returns the algorithm name from the provided +EVP_KEM_get0_name() returns the algorithm name from the provided implementation for the given I<kem>. Note that the I<kem> may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -66,9 +66,9 @@ by the I<kem> object and should not be freed by the caller. EVP_KEM_names_do_all() traverses all names for I<kem>, and calls I<fn> with each name and I<data>. -EVP_KEM_description() returns a description of the I<kem>, meant for display -and human consumption. The description is at the discretion of the I<kem> -implementation. +EVP_KEM_get0_description() returns a description of the I<kem>, meant for +display and human consumption. The description is at the discretion of +the I<kem> implementation. EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return a constant B<OSSL_PARAM> array that describes the names and types of key diff --git a/doc/man3/EVP_KEYEXCH_free.pod b/doc/man3/EVP_KEYEXCH_free.pod index d0a0b6ef06..28eaf523f8 100644 --- a/doc/man3/EVP_KEYEXCH_free.pod +++ b/doc/man3/EVP_KEYEXCH_free.pod @@ -2,10 +2,10 @@ =head1 NAME -EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, EVP_KEYEXCH_provider, -EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, -EVP_KEYEXCH_number, EVP_KEYEXCH_names_do_all, -EVP_KEYEXCH_name, EVP_KEYEXCH_description, +EVP_KEYEXCH_fetch, EVP_KEYEXCH_free, EVP_KEYEXCH_up_ref, +EVP_KEYEXCH_get0_provider, EVP_KEYEXCH_is_a, EVP_KEYEXCH_do_all_provided, +EVP_KEYEXCH_get_number, EVP_KEYEXCH_names_do_all, +EVP_KEYEXCH_get0_name, EVP_KEYEXCH_get0_description, EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params - Functions to manage EVP_KEYEXCH algorithm objects @@ -17,17 +17,17 @@ EVP_KEYEXCH_gettable_ctx_params, EVP_KEYEXCH_settable_ctx_params const char *properties); void EVP_KEYEXCH_free(EVP_KEYEXCH *exchange); int EVP_KEYEXCH_up_ref(EVP_KEYEXCH *exchange); - OSSL_PROVIDER *EVP_KEYEXCH_provider(const EVP_KEYEXCH *exchange); + OSSL_PROVIDER *EVP_KEYEXCH_get0_provider(const EVP_KEYEXCH *exchange); int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *exchange, const char *name); - int EVP_KEYEXCH_number(const EVP_KEYEXCH *exchange); - const char *EVP_KEYEXCH_name(const EVP_KEYEXCH *exchange); + int EVP_KEYEXCH_get_number(const EVP_KEYEXCH *exchange); + const char *EVP_KEYEXCH_get0_name(const EVP_KEYEXCH *exchange); void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYEXCH *exchange, void *arg), void *arg); int EVP_KEYEXCH_names_do_all(const EVP_KEYEXCH *exchange, void (*fn)(const char *name, void *data), void *data); - const char *EVP_KEYEXCH_description(const EVP_KEYEXCH *keyexch); + const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch); const OSSL_PARAM *EVP_KEYEXCH_gettable_ctx_params(const EVP_KEYEXCH *keyexch); const OSSL_PARAM *EVP_KEYEXCH_settable_ctx_params(const EVP_KEYEXCH *keyexch); @@ -48,15 +48,16 @@ structure is freed. EVP_KEYEXCH_up_ref() increments the reference count for an B<EVP_KEYEXCH> structure. -EVP_KEYEXCH_provider() returns the provider that I<exchange> was fetched from. +EVP_KEYEXCH_get0_provider() returns the provider that I<exchange> was +fetched from. EVP_KEYEXCH_is_a() checks if I<exchange> is an implementation of an algorithm that's identifiable with I<name>. -EVP_KEYEXCH_number() returns the internal dynamic number assigned to +EVP_KEYEXCH_get_number() returns the internal dynamic number assigned to the I<exchange>. -EVP_KEYEXCH_name() returns the algorithm name from the provided +EVP_KEYEXCH_get0_name() returns the algorithm name from the provided implementation for the given I<exchange>. Note that the I<exchange> may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -65,9 +66,9 @@ by the I<exchange> object and should not be freed by the caller. EVP_KEYEXCH_names_do_all() traverses all names for the I<exchange>, and calls I<fn> with each name and I<data>. -EVP_KEYEXCH_description() returns a description of the I<keyexch>, meant for -display and human consumption. The description is at the discretion of the -I<keyexch> implementation. +EVP_KEYEXCH_get0_description() returns a description of the I<keyexch>, meant +for display and human consumption. The description is at the discretion of +the I<keyexch> implementation. EVP_KEYEXCH_do_all_provided() traverses all key exchange implementations by all activated providers in the library context I<libctx>, and for each @@ -92,7 +93,7 @@ names. A return value of 0 means that the callback was not called for any names. EVP_KEYEXCH_is_a() returns 1 of I<exchange> was identifiable, otherwise 0. -EVP_KEYEXCH_number() returns an integer. +EVP_KEYEXCH_get_number() returns an integer. EVP_KEYEXCH_gettable_ctx_params() and EVP_KEYEXCH_settable_ctx_params() return a constant B<OSSL_PARAM> array or NULL on error. diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod index 9f143cd6ed..de5a9256a0 100644 --- a/doc/man3/EVP_KEYMGMT.pod +++ b/doc/man3/EVP_KEYMGMT.pod @@ -6,11 +6,11 @@ EVP_KEYMGMT, EVP_KEYMGMT_fetch, EVP_KEYMGMT_up_ref, EVP_KEYMGMT_free, -EVP_KEYMGMT_provider, +EVP_KEYMGMT_get0_provider, EVP_KEYMGMT_is_a, -EVP_KEYMGMT_number, -EVP_KEYMGMT_description, -EVP_KEYMGMT_name, +EVP_KEYMGMT_get_number, +EVP_KEYMGMT_get0_description, +EVP_KEYMGMT_get0_name, EVP_KEYMGMT_do_all_provided, EVP_KEYMGMT_names_do_all, EVP_KEYMGMT_gettable_params, @@ -28,11 +28,11 @@ EVP_KEYMGMT_gen_settable_params const char *properties); int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt); void EVP_KEYMGMT_free(EVP_KEYMGMT *keymgmt); - const OSSL_PROVIDER *EVP_KEYMGMT_provider(const EVP_KEYMGMT *keymgmt); + const OSSL_PROVIDER *EVP_KEYMGMT_get0_provider(const EVP_KEYMGMT *keymgmt); int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name); - int EVP_KEYMGMT_number(const EVP_KEYMGMT *keymgmt); - const char *EVP_KEYMGMT_name(const EVP_KEYMGMT *keymgmt); - const char *EVP_KEYMGMT_description(const EVP_KEYMGMT *keymgmt); + int EVP_KEYMGMT_get_number(const EVP_KEYMGMT *keymgmt); + const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt); + const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt); void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_KEYMGMT *keymgmt, void *arg), @@ -65,27 +65,27 @@ B<EVP_KEYMGMT> I<keymgmt>. EVP_KEYMGMT_free() decrements the reference count for the given B<EVP_KEYMGMT> I<keymgmt>, and when the count reaches zero, frees it. -EVP_KEYMGMT_provider() returns the provider that has this particular +EVP_KEYMGMT_get0_provider() returns the provider that has this particular implementation. EVP_KEYMGMT_is_a() checks if I<keymgmt> is an implementation of an algorithm that's identifiable with I<name>. -EVP_KEYMGMT_number() returns the internal dynamic number assigned to +EVP_KEYMGMT_get_number() returns the internal dynamic number assigned to the I<keymgmt>. -EVP_KEYMGMT_name() returns the algorithm name from the provided implementation -for the given I<keymgmt>. Note that the I<keymgmt> may have multiple synonyms -associated with it. In this case the first name from the algorithm -definition is returned. Ownership of the returned string is retained by the -I<keymgmt> object and should not be freed by the caller. +EVP_KEYMGMT_get0_name() returns the algorithm name from the provided +implementation for the given I<keymgmt>. Note that the I<keymgmt> may have +multiple synonyms associated with it. In this case the first name from the +algorithm definition is returned. Ownership of the returned string is +retained by the I<keymgmt> object and should not be freed by the caller. EVP_KEYMGMT_names_do_all() traverses all names for the I<keymgmt>, and calls I<fn> with each name and I<data>. -EVP_KEYMGMT_description() returns a description of the I<keymgmt>, meant for -display and human consumption. The description is at the discretion of the -I<keymgmt> implementation. +EVP_KEYMGMT_get0_description() returns a description of the I<keymgmt>, meant +for display and human consumption. The description is at the discretion +of the I<keymgmt> implementation. EVP_KEYMGMT_do_all_provided() traverses all key keymgmt implementations by all activated providers in the library context I<libctx>, and for each @@ -121,17 +121,17 @@ names. A return value of 0 means that the callback was not called for any names. EVP_KEYMGMT_free() doesn't return any value. -EVP_KEYMGMT_provider() returns a pointer to a provider object, or NULL +EVP_KEYMGMT_get0_provider() returns a pointer to a provider object, or NULL on error. EVP_KEYMGMT_is_a() returns 1 of I<keymgmt> was identifiable, otherwise 0. -EVP_KEYMGMT_number() returns an integer. +EVP_KEYMGMT_get_number() returns an integer. -EVP_KEYMGMT_name() returns the algorithm name, or NULL on error. +EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error. -EVP_KEYMGMT_description() returns a pointer to a decription, or NULL if +EVP_KEYMGMT_get0_description() returns a pointer to a decription, or NULL if there isn't one. EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and diff --git a/doc/man3/EVP_MAC.pod b/doc/man3/EVP_MAC.pod index 0fc34009ec..6468e22a02 100644 --- a/doc/man3/EVP_MAC.pod +++ b/doc/man3/EVP_MAC.pod @@ -3,10 +3,11 @@ =head1 NAME EVP_MAC, EVP_MAC_fetch, EVP_MAC_up_ref, EVP_MAC_free, EVP_MAC_is_a, -EVP_MAC_number, EVP_MAC_name, EVP_MAC_names_do_all, EVP_MAC_description, -EVP_MAC_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, +EVP_MAC_get_number, EVP_MAC_get0_name, EVP_MAC_names_do_all, +EVP_MAC_get0_description, +EVP_MAC_get0_provider, EVP_MAC_get_params, EVP_MAC_gettable_params, EVP_MAC_CTX, EVP_MAC_CTX_new, EVP_MAC_CTX_free, EVP_MAC_CTX_dup, -EVP_MAC_CTX_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, +EVP_MAC_CTX_get0_mac, EVP_MAC_CTX_get_params, EVP_MAC_CTX_set_params, EVP_MAC_CTX_get_mac_size, EVP_MAC_CTX_get_block_size, EVP_Q_mac, EVP_MAC_init, EVP_MAC_update, EVP_MAC_final, EVP_MAC_finalXOF, EVP_MAC_gettable_ctx_params, EVP_MAC_settable_ctx_params, @@ -25,19 +26,19 @@ EVP_MAC_do_all_provided - EVP MAC routines int EVP_MAC_up_ref(EVP_MAC *mac); void EVP_MAC_free(EVP_MAC *mac); int EVP_MAC_is_a(const EVP_MAC *mac, const char *name); - int EVP_MAC_number(const EVP_MAC *mac); - const char *EVP_MAC_name(const EVP_MAC *mac); + int EVP_MAC_get_number(const EVP_MAC *mac); + const char *EVP_MAC_get0_name(const EVP_MAC *mac); int EVP_MAC_names_do_all(const EVP_MAC *mac, void (*fn)(const char *name, void *data), void *data); - const char *EVP_MAC_description(const EVP_MAC *mac); - const OSSL_PROVIDER *EVP_MAC_provider(const EVP_MAC *mac); + const char *EVP_MAC_get0_description(const EVP_MAC *mac); + const OSSL_PROVIDER *EVP_MAC_get0_provider(const EVP_MAC *mac); int EVP_MAC_get_params(EVP_MAC *mac, OSSL_PARAM params[]); EVP_MAC_CTX *EVP_MAC_CTX_new(EVP_MAC *mac); void EVP_MAC_CTX_free(EVP_MAC_CTX *ctx); EVP_MAC_CTX *EVP_MAC_CTX_dup(const EVP_MAC_CTX *src); - EVP_MAC *EVP_MAC_CTX_mac(EVP_MAC_CTX *ctx); + EVP_MAC *EVP_MAC_CTX_get0_mac(EVP_MAC_CTX *ctx); int EVP_MAC_CTX_get_params(EVP_MAC_CTX *ctx, OSSL_PARAM params[]); int EVP_MAC_CTX_set_params(EVP_MAC_CTX *ctx, const OSSL_PARAM params[]); @@ -121,7 +122,7 @@ NULL is a valid parameter, for which this function is a no-op. EVP_MAC_CTX_dup() duplicates the I<src> context and returns a newly allocated context. -EVP_MAC_CTX_mac() returns the B<EVP_MAC> associated with the context +EVP_MAC_CTX_get0_mac() returns the B<EVP_MAC> associated with the context I<ctx>. =head2 Computing functions @@ -219,7 +220,7 @@ Not all MAC algorithms support this. EVP_MAC_is_a() checks if the given I<mac> is an implementation of an algorithm that's identifiable with I<name>. -EVP_MAC_provider() returns the provider that holds the implementation +EVP_MAC_get0_provider() returns the provider that holds the implementation of the given I<mac>. EVP_MAC_do_all_provided() traverses all MAC implemented by all activated @@ -227,19 +228,19 @@ providers in the given library context I<libctx>, and for each of the implementations, calls the given function I<fn> with the implementation method and the given I<arg> as argument. -EVP_MAC_number() returns the internal dynamic number assigned to +EVP_MAC_get_number() returns the internal dynamic number assigned to I<mac>. -EVP_MAC_name() return the name of the given MAC. For fetched MACs +EVP_MAC_get0_name() return the name of the given MAC. For fetched MACs with multiple names, only one of them is returned; it's recommended to use EVP_MAC_names_do_all() instead. EVP_MAC_names_do_all() traverses all names for I<mac>, and calls I<fn> with each name and I<data>. -EVP_MAC_description() returns a description of the I<mac>, meant for display -and human consumption. The description is at the discretion of the mac -implementation. +EVP_MAC_get0_description() returns a description of the I<mac>, meant +for display and human consumption. The description is at the discretion +of the mac implementation. =head1 PARAMETERS @@ -364,9 +365,9 @@ EVP_MAC_free() returns nothing at all. EVP_MAC_is_a() returns 1 if the given method can be identified with the given name, otherwise 0. -EVP_MAC_name() returns a name of the MAC, or NULL on error. +EVP_MAC_get0_name() returns a name of the MAC, or NULL on error. -EVP_MAC_provider() returns a pointer to the provider for the MAC, or +EVP_MAC_get0_provider() returns a pointer to the provider for the MAC, or NULL on error. EVP_MAC_CTX_new() and EVP_MAC_CTX_dup() return a pointer to a newly diff --git a/doc/man3/EVP_MD_meth_new.pod b/doc/man3/EVP_MD_meth_new.pod index e2db3fc52a..698216ac26 100644 --- a/doc/man3/EVP_MD_meth_new.pod +++ b/doc/man3/EVP_MD_meth_new.pod @@ -144,7 +144,7 @@ computations after the method's private data structure has been copied from one B<EVP_MD_CTX> to another. If all that's needed is to copy the data, there is no need for this copy function. Note that the copy function is passed two B<EVP_MD_CTX *>, the private -data structure is then available with EVP_MD_CTX_md_data(). +data structure is then available with EVP_MD_CTX_get0_md_data(). This copy function is called by EVP_MD_CTX_copy() and EVP_MD_CTX_copy_ex(). @@ -152,7 +152,7 @@ EVP_MD_meth_set_cleanup() sets the function for B<md> to do extra cleanup before the method's private data structure is cleaned out and freed. Note that the cleanup function is passed a B<EVP_MD_CTX *>, the -private data structure is then available with EVP_MD_CTX_md_data(). +private data structure is then available with EVP_MD_CTX_get0_md_data(). This cleanup function is called by EVP_MD_CTX_reset() and EVP_MD_CTX_free(). diff --git a/doc/man3/EVP_PKEY_ASN1_METHOD.pod b/doc/man3/EVP_PKEY_ASN1_METHOD.pod index 4a515590cc..cc50d363da 100644 --- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod +++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod @@ -197,10 +197,10 @@ It's called by L<EVP_PKEY_print_private(3)>. int (*pkey_security_bits) (const EVP_PKEY *pk); The pkey_size() method returns the key size in bytes. -It's called by L<EVP_PKEY_size(3)>. +It's called by L<EVP_PKEY_get_size(3)>. The pkey_bits() method returns the key size in bits. -It's called by L<EVP_PKEY_bits(3)>. +It's called by L<EVP_PKEY_get_bits(3)>. int (*param_decode) (EVP_PKEY *pkey, const unsigned char **pder, int derlen); diff --git a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod index aae31710d7..f16963640d 100644 --- a/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod +++ b/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod @@ -4,14 +4,14 @@ EVP_PKEY_CTX_set_hkdf_md, EVP_PKEY_CTX_set1_hkdf_salt, EVP_PKEY_CTX_set1_hkdf_key, EVP_PKEY_CTX_add1_hkdf_info, -EVP_PKEY_CTX_hkdf_mode - +EVP_PKEY_CTX_set_hkdf_mode - HMAC-based Extract-and-Expand key derivation algorithm =head1 SYNOPSIS #include <openssl/kdf.h> - int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); + int EVP_PKEY_CTX_set_hkdf_mode(EVP_PKEY_CTX *pctx, int mode); int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); @@ -33,8 +33,8 @@ and "extracts" from it a fixed-length pseudorandom key K. The second stage "expands" the key K into several additional pseudorandom keys (the output of the KDF). -EVP_PKEY_CTX_hkdf_mode() sets the mode for the HKDF operation. There are three -modes that are currently defined: +EVP_PKEY_CTX_set_hkdf_mode() sets the mode for the HKDF operation. There +are three modes that are currently defined: =over 4 diff --git a/doc/man3/EVP_PKEY_size.pod b/doc/man3/EVP_PKEY_get_size.pod index 786c503914..0af189eba9 100644 --- a/doc/man3/EVP_PKEY_size.pod +++ b/doc/man3/EVP_PKEY_get_size.pod @@ -2,20 +2,20 @@ =head1 NAME -EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits +EVP_PKEY_get_size, EVP_PKEY_get_bits, EVP_PKEY_get_security_bits - EVP_PKEY information functions =head1 SYNOPSIS #include <openssl/evp.h> - int EVP_PKEY_size(const EVP_PKEY *pkey); - int EVP_PKEY_bits(const EVP_PKEY *pkey); - int EVP_PKEY_security_bits(const EVP_PKEY *pkey); + int EVP_PKEY_get_size(const EVP_PKEY *pkey); + int EVP_PKEY_get_bits(const EVP_PKEY *pkey); + int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey); =head1 DESCRIPTION -EVP_PKEY_size() returns the maximum suitable size for the output +EVP_PKEY_get_size() returns the maximum suitable size for the output buffers for almost all operations that can be done with I<pkey>. The primary documented use is with L<EVP_SignFinal(3)> and L<EVP_SealInit(3)>, but it isn't limited there. The returned size is @@ -24,38 +24,38 @@ L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)>, L<EVP_PKEY_derive(3)>. It must be stressed that, unless the documentation for the operation that's being performed says otherwise, the size returned by -EVP_PKEY_size() is only preliminary and not exact, so the final +EVP_PKEY_get_size() is only preliminary and not exact, so the final contents of the target buffer may be smaller. It is therefore crucial to take note of the size given back by the function that performs the operation, such as L<EVP_PKEY_sign(3)> (the I<siglen> argument will receive that length), to avoid bugs. -EVP_PKEY_bits() returns the cryptographic length of the cryptosystem +EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem to which the key in I<pkey> belongs, in bits. Note that the definition of cryptographic length is specific to the key cryptosystem. -EVP_PKEY_security_bits() returns the number of security bits of the given +EVP_PKEY_get_security_bits() returns the number of security bits of the given I<pkey>, bits of security is defined in NIST SP800-57. =head1 RETURN VALUES -EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a -positive number, or 0 if this size isn't available. +EVP_PKEY_get_size(), EVP_PKEY_get_bits() and EVP_PKEY_get_security_bits() +return a positive number, or 0 if this size isn't available. =head1 NOTES Most functions that have an output buffer and are mentioned with -EVP_PKEY_size() have a functionality where you can pass NULL for the +EVP_PKEY_get_size() have a functionality where you can pass NULL for the buffer and still pass a pointer to an integer and get the exact size that this function call delivers in the context that it's called in. This allows those functions to be called twice, once to find out the exact buffer size, then allocate the buffer in between, and call that function again actually output the data. For those functions, it -isn't strictly necessary to call EVP_PKEY_size() to find out the +isn't strictly necessary to call EVP_PKEY_get_size() to find out the buffer size, but may be useful in cases where it's desirable to know the upper limit in advance. -It should also be especially noted that EVP_PKEY_size() shouldn't be +It should also be especially noted that EVP_PKEY_get_size() shouldn't be used to get the output size for EVP_DigestSignFinal(), according to L<EVP_DigestSignFinal(3)/NOTES>. diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index d98d7c240e..89b93c9bac 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -7,7 +7,7 @@ EVP_PKEY_new, EVP_PKEY_up_ref, EVP_PKEY_dup, EVP_PKEY_free, -EVP_PKEY_description, +EVP_PKEY_get0_description, EVP_PKEY_new_raw_private_key_ex, EVP_PKEY_new_raw_private_key, EVP_PKEY_new_raw_public_key_ex, @@ -28,7 +28,7 @@ EVP_PKEY_get_raw_public_key int EVP_PKEY_up_ref(EVP_PKEY *key); EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *key); void EVP_PKEY_free(EVP_PKEY *key); - const char *EVP_PKEY_description(const EVP_PKEY *key); + const char *EVP_PKEY_get0_description(const EVP_PKEY *key); EVP_PKEY *EVP_PKEY_new_raw_private_key_ex(OSSL_LIB_CTX *libctx, const char *keytype, @@ -92,9 +92,9 @@ a raw key, otherwise the duplication will fail. EVP_PKEY_free() decrements the reference count of I<key> and, if the reference count is zero, frees it up. If I<key> is NULL, nothing is done. -EVP_PKEY_description() returns a description of the type of B<EVP_PKEY>, meant -for display and human consumption. The description is at the discretion of the -key type implementation. +EVP_PKEY_get0_description() returns a description of the type of B<EVP_PKEY>, +meant for display and human consumption. The description is at the +discretion of the key type implementation. EVP_PKEY_new_raw_private_key_ex() allocates a new B<EVP_PKEY>. Unless an engine should be used for the key type, a provider for the key is found using diff --git a/doc/man3/EVP_PKEY_set1_RSA.pod b/doc/man3/EVP_PKEY_set1_RSA.pod index e905024199..e3b81a5df6 100644 --- a/doc/man3/EVP_PKEY_set1_RSA.pod +++ b/doc/man3/EVP_PKEY_set1_RSA.pod @@ -8,7 +8,7 @@ EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY, EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH, EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash, -EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, +EVP_PKEY_get0, EVP_PKEY_type, EVP_PKEY_get_id, EVP_PKEY_get_base_id, EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions @@ -16,8 +16,8 @@ EVP_PKEY assignment functions #include <openssl/evp.h> - int EVP_PKEY_id(const EVP_PKEY *pkey); - int EVP_PKEY_base_id(const EVP_PKEY *pkey); + int EVP_PKEY_get_id(const EVP_PKEY *pkey); + int EVP_PKEY_get_base_id(const EVP_PKEY *pkey); int EVP_PKEY_type(int type); Deprecated since OpenSSL 3.0, can be hidden entirely by defining @@ -55,13 +55,14 @@ L<openssl_user_macros(7)>: =head1 DESCRIPTION -EVP_PKEY_base_id() returns the type of I<pkey>. For example +EVP_PKEY_get_base_id() returns the type of I<pkey>. For example an RSA key will return B<EVP_PKEY_RSA>. -EVP_PKEY_id() returns the actual OID associated with I<pkey>. Historically keys -using the same algorithm could use different OIDs. For example an RSA key could -use the OIDs corresponding to the NIDs B<NID_rsaEncryption> (equivalent to -B<EVP_PKEY_RSA>) or B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of +EVP_PKEY_get_id() returns the actual OID associated with I<pkey>. +Historically keys using the same algorithm could use different OIDs. +For example an RSA key could use the OIDs corresponding to +the NIDs B<NID_rsaEncryption> (equivalent to B<EVP_PKEY_RSA>) or +B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not often seen in practice. @@ -133,7 +134,7 @@ instead of engines (see L<provider(7)> for details). The following functions are only reliable with B<EVP_PKEY>s that have been assigned an internal key with EVP_PKEY_assign_*(): -EVP_PKEY_id(), EVP_PKEY_base_id(), EVP_PKEY_type() +EVP_PKEY_get_id(), EVP_PKEY_get_base_id(), EVP_PKEY_type() For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic. @@ -163,12 +164,12 @@ the passed B<EC_KEY> is an L<SM2(7)> key, and will set the B<EVP_PKEY> type to B<EVP_PKEY_SM2> in that case, instead of B<EVP_PKEY_EC>. Most applications wishing to know a key type will simply call -EVP_PKEY_base_id() and will not care about the actual type: +EVP_PKEY_get_base_id() and will not care about the actual type: which will be identical in almost all cases. Previous versions of this document suggested using EVP_PKEY_type(pkey->type) to determine the type of a key. Since B<EVP_PKEY> is now opaque this -is no longer possible: the equivalent is EVP_PKEY_base_id(pkey). +is no longer possible: the equivalent is EVP_PKEY_get_base_id(pkey). EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM key as part of its routine to load a private key. @@ -186,7 +187,7 @@ EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(), EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305() and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure. -EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key +EVP_PKEY_get_base_id(), EVP_PKEY_get_id() and EVP_PKEY_type() return a key type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error. EVP_PKEY_set1_engine() returns 1 for success and 0 for failure. diff --git a/doc/man3/EVP_PKEY_set_type.pod b/doc/man3/EVP_PKEY_set_type.pod index e5111a555b..9ba460c5c0 100644 --- a/doc/man3/EVP_PKEY_set_type.pod +++ b/doc/man3/EVP_PKEY_set_type.pod @@ -35,7 +35,7 @@ It is an error if no L<EVP_PKEY_ASN1_METHOD(3)> could be found for I<type>. For both EVP_PKEY_set_type() and EVP_PKEY_set_type_str(), I<pkey> gets -a numeric type, which can be retrieved with L<EVP_PKEY_id(3)>. This +a numeric type, which can be retrieved with L<EVP_PKEY_get_id(3)>. This numeric type is taken from the L<EVP_PKEY_ASN1_METHOD(3)> that was found, and is equal to or closely related to I<type> in the case of EVP_PKEY_set_type(), or related to I<str> in the case of @@ -44,7 +44,7 @@ EVP_PKEY_set_type_str(). EVP_PKEY_set_type_by_keymgmt() initialises I<pkey> to contain an internal provider side key. When doing this, it associates I<pkey> with I<keymgmt>. For keys initialised like this, the numeric type -retrieved with L<EVP_PKEY_id(3)> will always be B<EVP_PKEY_NONE>. +retrieved with L<EVP_PKEY_get_id(3)> will always be B<EVP_PKEY_NONE>. =head1 RETURN VALUES @@ -52,7 +52,7 @@ All functions described here return 1 if successful, or 0 on error. =head1 SEE ALSO -L<EVP_PKEY_assign(3)>, L<EVP_PKEY_id(3)>, L<EVP_PKEY_get0_RSA(3)>, +L<EVP_PKEY_assign(3)>, L<EVP_PKEY_get_id(3)>, L<EVP_PKEY_get0_RSA(3)>, L<EVP_PKEY_copy_parameters(3)>, L<EVP_PKEY_ASN1_METHOD(3)>, L<EVP_KEYMGMT(3)> diff --git a/doc/man3/EVP_RAND.pod b/doc/man3/EVP_RAND.pod index b2d1e18417..bcee801c4e 100644 --- a/doc/man3/EVP_RAND.pod +++ b/doc/man3/EVP_RAND.pod @@ -5,10 +5,11 @@ EVP_RAND, EVP_RAND_fetch, EVP_RAND_free, EVP_RAND_up_ref, EVP_RAND_CTX, EVP_RAND_CTX_new, EVP_RAND_CTX_free, EVP_RAND_instantiate, EVP_RAND_uninstantiate, EVP_RAND_generate, EVP_RAND_reseed, EVP_RAND_nonce, -EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_strength, -EVP_RAND_state, -EVP_RAND_provider, EVP_RAND_CTX_rand, EVP_RAND_is_a, EVP_RAND_number, -EVP_RAND_name, EVP_RAND_names_do_all, EVP_RAND_description, +EVP_RAND_enable_locking, EVP_RAND_verify_zeroization, EVP_RAND_get_strength, +EVP_RAND_get_state, +EVP_RAND_get0_provider, EVP_RAND_CTX_get0_rand, EVP_RAND_is_a, +EVP_RAND_get_number, EVP_RAND_get0_name, EVP_RAND_names_do_all, +EVP_RAND_get0_description, EVP_RAND_CTX_get_params, EVP_RAND_CTX_set_params, EVP_RAND_do_all_provided, EVP_RAND_get_params, EVP_RAND_gettable_ctx_params, EVP_RAND_settable_ctx_params, @@ -29,7 +30,7 @@ EVP_RAND_STATE_ERROR - EVP RAND routines void EVP_RAND_free(EVP_RAND *rand); EVP_RAND_CTX *EVP_RAND_CTX_new(EVP_RAND *rand, EVP_RAND_CTX *parent); void EVP_RAND_CTX_free(EVP_RAND_CTX *ctx); - EVP_RAND *EVP_RAND_CTX_rand(EVP_RAND_CTX *ctx); + EVP_RAND *EVP_RAND_CTX_get0_rand(EVP_RAND_CTX *ctx); int EVP_RAND_get_params(EVP_RAND *rand, OSSL_PARAM params[]); int EVP_RAND_CTX_get_params(EVP_RAND_CTX *ctx, OSSL_PARAM params[]); int EVP_RAND_CTX_set_params(EVP_RAND_CTX *ctx, const OSSL_PARAM params[]); @@ -38,11 +39,11 @@ EVP_RAND_STATE_ERROR - EVP RAND routines const OSSL_PARAM *EVP_RAND_settable_ctx_params(const EVP_RAND *rand); const OSSL_PARAM *EVP_RAND_CTX_gettable_params(EVP_RAND_CTX *ctx); const OSSL_PARAM *EVP_RAND_CTX_settable_params(EVP_RAND_CTX *ctx); - int EVP_RAND_number(const EVP_RAND *rand); - const char *EVP_RAND_name(const EVP_RAND *rand); - const char *EVP_RAND_description(const EVP_RAND *rand); + int EVP_RAND_get_number(const EVP_RAND *rand); + const char *EVP_RAND_get0_name(const EVP_RAND *rand); + const char *EVP_RAND_get0_description(const EVP_RAND *rand); int EVP_RAND_is_a(const EVP_RAND *rand, const char *name); - const OSSL_PROVIDER *EVP_RAND_provider(const EVP_RAND *rand); + const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand); void EVP_RAND_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_RAND *rand, void *arg), void *arg); @@ -64,8 +65,8 @@ EVP_RAND_STATE_ERROR - EVP RAND routines int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen); int EVP_RAND_enable_locking(EVP_RAND_CTX *ctx); int EVP_RAND_verify_zeroization(EVP_RAND_CTX *ctx); - unsigned int EVP_RAND_strength(EVP_RAND_CTX *ctx); - int EVP_RAND_state(EVP_RAND_CTX *ctx); + unsigned int EVP_RAND_get_strength(EVP_RAND_CTX *ctx); + int EVP_RAND_get_state(EVP_RAND_CTX *ctx); #define EVP_RAND_STATE_UNINITIALISED 0 #define EVP_RAND_STATE_READY 1 @@ -121,7 +122,7 @@ rely on the operating system for their randomness because this is often scarce. EVP_RAND_CTX_free() frees up the context I<ctx>. If I<ctx> is NULL, nothing is done. -EVP_RAND_CTX_rand() returns the B<EVP_RAND> associated with the context +EVP_RAND_CTX_get0_rand() returns the B<EVP_RAND> associated with the context I<ctx>. =head2 Random Number Generator Functions @@ -209,9 +210,9 @@ B<OSSL_PARAM> as a parameter descriptor. =head2 Information functions -EVP_RAND_strength() returns the security strength of the RAND I<ctx>. +EVP_RAND_get_strength() returns the security strength of the RAND I<ctx>. -EVP_RAND_state() returns the current state of the RAND I<ctx>. +EVP_RAND_get_state() returns the current state of the RAND I<ctx>. States defined by the OpenSSL RNGs are: =over 4 @@ -234,7 +235,7 @@ EVP_RAND_STATE_ERROR: this RNG is in an error state. EVP_RAND_is_a() returns 1 if I<rand> is an implementation of an algorithm that's identifiable with I<name>, otherwise 0. -EVP_RAND_provider() returns the provider that holds the implementation +EVP_RAND_get0_provider() returns the provider that holds the implementation of the given I<rand>. EVP_RAND_do_all_provided() traverses all RAND implemented by all activated @@ -242,17 +243,17 @@ providers in the given library context I<libctx>, and for each of the implementations, calls the given function I<fn> with the implementation method and the given I<arg> as argument. -EVP_RAND_number() returns the internal dynamic number assigned to +EVP_RAND_get_number() returns the internal dynamic number assigned to I<rand>. -EVP_RAND_name() returns the canonical name of I<rand>. +EVP_RAND_get0_name() returns the canonical name of I<rand>. EVP_RAND_names_do_all() traverses all names for I<rand>, and calls I<fn> with each name and I<data>. -EVP_RAND_description() returns a description of the rand, meant for display -and human consumption. The description is at the discretion of the rand -implementation. +EVP_RAND_get0_description() returns a description of the rand, meant for +display and human consumption. The description is at the discretion of +the rand implementation. EVP_RAND_verify_zeroization() confirms if the internal DRBG state is currently zeroed. This is used by the FIPS provider to support the mandatory @@ -351,15 +352,16 @@ not be considered a breaking change to the API. EVP_RAND_fetch() returns a pointer to a newly fetched B<EVP_RAND>, or NULL if allocation failed. -EVP_RAND_provider() returns a pointer to the provider for the RAND, or +EVP_RAND_get0_provider() returns a pointer to the provider for the RAND, or NULL on error. -EVP_RAND_CTX_rand() returns a pointer to the B<EVP_RAND> associated with the -context. +EVP_RAND_CTX_get0_rand() returns a pointer to the B<EVP_RAND> associated +with the context. -EVP_RAND_name() returns the name of the random number generation algorithm. +EVP_RAND_get0_name() returns the name of the random number generation +algorithm. -EVP_RAND_number() returns the provider specific identification number +EVP_RAND_get_number() returns the provider specific identification number for the specified algorithm. EVP_RAND_up_ref() returns 1 on success, 0 on error. @@ -374,7 +376,8 @@ EVP_RAND_CTX_free() does not return a value. EVP_RAND_nonce() returns the length of the nonce. -EVP_RAND_strength() returns the strength of the random number generator in bits. +EVP_RAND_get_strength() returns the strength of the random number generator +in bits. EVP_RAND_gettable_params(), EVP_RAND_gettable_ctx_params() and EVP_RAND_settable_ctx_params() return an array of OSSL_PARAMs. diff --git a/doc/man3/EVP_SIGNATURE_free.pod b/doc/man3/EVP_SIGNATURE_free.pod index a1897bbdb0..5c506dc67c 100644 --- a/doc/man3/EVP_SIGNATURE_free.pod +++ b/doc/man3/EVP_SIGNATURE_free.pod @@ -3,9 +3,9 @@ =head1 NAME EVP_SIGNATURE_fetch, EVP_SIGNATURE_free, EVP_SIGNATURE_up_ref, -EVP_SIGNATURE_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_provider, +EVP_SIGNATURE_get_number, EVP_SIGNATURE_is_a, EVP_SIGNATURE_get0_provider, EVP_SIGNATURE_do_all_provided, EVP_SIGNATURE_names_do_all, -EVP_SIGNATURE_name, EVP_SIGNATURE_description, +EVP_SIGNATURE_get0_name, EVP_SIGNATURE_get0_description, EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params - Functions to manage EVP_SIGNATURE algorithm objects @@ -17,10 +17,10 @@ EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params const char *properties); void EVP_SIGNATURE_free(EVP_SIGNATURE *signature); int EVP_SIGNATURE_up_ref(EVP_SIGNATURE *signature); - int EVP_SIGNATURE_number(const EVP_SIGNATURE *signature); - const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature); + int EVP_SIGNATURE_get_number(const EVP_SIGNATURE *signature); + const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name); - OSSL_PROVIDER *EVP_SIGNATURE_provider(const EVP_SIGNATURE *signature); + OSSL_PROVIDER *EVP_SIGNATURE_get0_provider(const EVP_SIGNATURE *signature); void EVP_SIGNATURE_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(EVP_SIGNATURE *signature, void *arg), @@ -28,8 +28,8 @@ EVP_SIGNATURE_gettable_ctx_params, EVP_SIGNATURE_settable_ctx_params int EVP_SIGNATURE_names_do_all(const EVP_SIGNATURE *signature, void (*fn)(const char *name, void *data), void *data); - const char *EVP_SIGNATURE_name(const EVP_SIGNATURE *signature); - const char *EVP_SIGNATURE_description(const EVP_SIGNATURE *signature); + const char *EVP_SIGNATURE_get0_name(const EVP_SIGNATURE *signature); + const char *EVP_SIGNATURE_get0_description(const EVP_SIGNATURE *signature); const OSSL_PARAM *EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig); const OSSL_PARAM *EVP_SIGNATURE_settable_ctx_params(const EVP_SIGNATURE *sig); @@ -55,17 +55,18 @@ structure. EVP_SIGNATURE_is_a() returns 1 if I<signature> is an implementation of an algorithm that's identifiable with I<name>, otherwise 0. -EVP_SIGNATURE_provider() returns the provider that I<signature> was fetched from. +EVP_SIGNATURE_get0_provider() returns the provider that I<signature> was +fetched from. EVP_SIGNATURE_do_all_provided() traverses all SIGNATURE implemented by all activated roviders in the given library context I<libctx>, and for each of the implementations, calls the given function I<fn> with the implementation method and the given I<arg> as argument. -EVP_SIGNATURE_number() returns the internal dynamic number assigned to +EVP_SIGNATURE_get_number() returns the internal dynamic number assigned to I<signature>. -EVP_SIGNATURE_name() returns the algorithm name from the provided +EVP_SIGNATURE_get0_name() returns the algorithm name from the provided implementation for the given I<signature>. Note that the I<signature> may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained @@ -74,9 +75,9 @@ by the I<signature> object and should not be freed by the caller. EVP_SIGNATURE_names_do_all() traverses all names for I<signature>, and calls I<fn> with each name and I<data>. -EVP_SIGNATURE_description() returns a description of the I<signature>, meant -for display and human consumption. The description is at the discretion of -the I<signature> implementation. +EVP_SIGNATURE_get0_description() returns a description of the I<signature>, +meant for display and human consumption. The description is at the +discretion of the I<signature> implementation. EVP_SIGNATURE_gettable_ctx_params() and EVP_SIGNATURE_settable_ctx_params() return a constant B<OSSL_PARAM> array that describes the names and types of key diff --git a/doc/man3/EVP_SealInit.pod b/doc/man3/EVP_SealInit.pod index d2652f5cf9..8427fcc659 100644 --- a/doc/man3/EVP_SealInit.pod +++ b/doc/man3/EVP_SealInit.pod @@ -29,13 +29,13 @@ using one or more public keys, this allows the same encrypted data to be decrypted using any of the corresponding private keys. B<ek> is an array of buffers where the public key encrypted secret key will be written, each buffer must contain enough room for the corresponding encrypted key: that is -B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual +B<ek[i]> must have room for B<EVP_PKEY_get_size(pubk[i])> bytes. The actual size of each encrypted secret key is written to the array B<ekl>. B<pubk> is an array of B<npubk> public keys. The B<iv> parameter is a buffer where the generated IV is written to. It must contain enough room for the corresponding cipher's IV, as determined by (for -example) EVP_CIPHER_iv_length(type). +example) EVP_CIPHER_get_iv_length(type). If the cipher does not require an IV then the B<iv> parameter is ignored and can be B<NULL>. diff --git a/doc/man3/EVP_SignInit.pod b/doc/man3/EVP_SignInit.pod index e98d1faf46..cf0663cf8e 100644 --- a/doc/man3/EVP_SignInit.pod +++ b/doc/man3/EVP_SignInit.pod @@ -35,11 +35,11 @@ same I<ctx> to include additional data. EVP_SignFinal_ex() signs the data in I<ctx> using the private key I<pkey> and places the signature in I<sig>. The library context I<libctx> and property query I<propq> are used when creating a context to use with the key -I<pkey>. I<sig> must be at least C<EVP_PKEY_size(pkey)> bytes in size. I<s> is -an OUT parameter, and not used as an IN parameter. +I<pkey>. I<sig> must be at least C<EVP_PKEY_get_size(pkey)> bytes in size. +I<s> is an OUT parameter, and not used as an IN parameter. The number of bytes of data written (i.e. the length of the signature) -will be written to the integer at I<s>, at most C<EVP_PKEY_size(pkey)> bytes -will be written. +will be written to the integer at I<s>, at most C<EVP_PKEY_get_size(pkey)> +bytes will be written. EVP_SignFinal() is similar to EVP_SignFinal_ex() but uses default values of NULL for the library context I<libctx> and the property query I<propq>. @@ -89,7 +89,8 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function. =head1 SEE ALSO -L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)>, +L<EVP_PKEY_get_size(3)>, L<EVP_PKEY_get_bits(3)>, +L<EVP_PKEY_get_security_bits(3)>, L<EVP_VerifyInit(3)>, L<EVP_DigestInit(3)>, L<evp(7)>, L<HMAC(3)>, L<MD2(3)>, diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod index fed0da27f8..039f77848b 100644 --- a/doc/man3/OSSL_DECODER.pod +++ b/doc/man3/OSSL_DECODER.pod @@ -6,12 +6,12 @@ OSSL_DECODER, OSSL_DECODER_fetch, OSSL_DECODER_up_ref, OSSL_DECODER_free, -OSSL_DECODER_provider, -OSSL_DECODER_properties, +OSSL_DECODER_get0_provider, +OSSL_DECODER_get0_properties, OSSL_DECODER_is_a, -OSSL_DECODER_number, -OSSL_DECODER_name, -OSSL_DECODER_description, +OSSL_DECODER_get_number, +OSSL_DECODER_get0_name, +OSSL_DECODER_get0_description, OSSL_DECODER_do_all_provided, OSSL_DECODER_names_do_all, OSSL_DECODER_gettable_params, @@ -28,12 +28,12 @@ OSSL_DECODER_get_params const char *properties); int OSSL_DECODER_up_ref(OSSL_DECODER *decoder); void OSSL_DECODER_free(OSSL_DECODER *decoder); - const OSSL_PROVIDER *OSSL_DECODER_provider(const OSSL_DECODER *decoder); - const char *OSSL_DECODER_properties(const OSSL_DECODER *decoder); + const OSSL_PROVIDER *OSSL_DECODER_get0_provider(const OSSL_DECODER *decoder); + const char *OSSL_DECODER_get0_properties(const OSSL_DECODER *decoder); int OSSL_DECODER_is_a(const OSSL_DECODER *decoder, const char *name); - int OSSL_DECODER_number(const OSSL_DECODER *decoder); - const char *OSSL_DECODER_name(const OSSL_DECODER *decoder); - const char *OSSL_DECODER_description(const OSSL_DECODER *decoder); + int OSSL_DECODER_get_number(const OSSL_DECODER *decoder); + const char *OSSL_DECODER_get0_name(const OSSL_DECODER *decoder); + const char *OSSL_DECODER_get0_description(const OSSL_DECODER *decoder); void OSSL_DECODER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(OSSL_DECODER *decoder, void *arg), void *arg); @@ -64,21 +64,21 @@ I<decoder>. OSSL_DECODER_free() decrements the reference count for the given I<decoder>, and when the count reaches zero, frees it. -OSSL_DECODER_provider() returns the provider of the given +OSSL_DECODER_get0_provider() returns the provider of the given I<decoder>. -OSSL_DECODER_properties() returns the property definition associated +OSSL_DECODER_get0_properties() returns the property definition associated with the given I<decoder>. OSSL_DECODER_is_a() checks if I<decoder> is an implementation of an algorithm that's identifiable with I<name>. -OSSL_DECODER_number() returns the internal dynamic number assigned +OSSL_DECODER_get_number() returns the internal dynamic number assigned to the given I<decoder>. -OSSL_DECODER_number() returns the name used to fetch the given I<decoder>. +OSSL_DECODER_get_number() returns the name used to fetch the given I<decoder>. -OSSL_DECODER_description() returns a description of the I<decoder>, meant +OSSL_DECODER_get0_description() returns a description of the I<decoder>, meant for display and human consumption. The description is at the discretion of the I<decoder> implementation. @@ -106,24 +106,24 @@ OSSL_DECODER_up_ref() returns 1 on success, or 0 on error. OSSL_DECODER_free() doesn't return any value. -OSSL_DECODER_provider() returns a pointer to a provider object, or +OSSL_DECODER_get0_provider() returns a pointer to a provider object, or NULL on error. -OSSL_DECODER_properties() returns a pointer to a property +OSSL_DECODER_get0_properties() returns a pointer to a property definition string, or NULL on error. OSSL_DECODER_is_a() returns 1 if I<decoder> was identifiable, otherwise 0. -OSSL_DECODER_number() returns an integer. +OSSL_DECODER_get_number() returns an integer. -OSSL_DECODER_name() returns the algorithm name from the provided +OSSL_DECODER_get0_name() returns the algorithm name from the provided implementation for the given I<decoder>. Note that the I<decoder> may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I<decoder> object and should not be freed by the caller. -OSSL_DECODER_description() returns a pointer to a decription, or NULL if +OSSL_DECODER_get0_description() returns a pointer to a decription, or NULL if there isn't one. OSSL_DECODER_names_do_all() returns 1 if the callback was called for all @@ -167,7 +167,7 @@ To list all decoders in a provider to a bio_out: for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) { OSSL_DECODER *decoder = sk_OSSL_DECODER_value(decoders, i); - if (strcmp(OSSL_PROVIDER_name(OSSL_DECODER_provider(decoder)), + if (strcmp(OSSL_PROVIDER_name(OSSL_DECODER_get0_provider(decoder)), provider) != 0) continue; diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index 9ad335653e..0ff37a3b82 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -6,12 +6,12 @@ OSSL_ENCODER, OSSL_ENCODER_fetch, OSSL_ENCODER_up_ref, OSSL_ENCODER_free, -OSSL_ENCODER_provider, -OSSL_ENCODER_properties, +OSSL_ENCODER_get0_provider, +OSSL_ENCODER_get0_properties, OSSL_ENCODER_is_a, -OSSL_ENCODER_number, -OSSL_ENCODER_name, -OSSL_ENCODER_description, +OSSL_ENCODER_get_number, +OSSL_ENCODER_get0_name, +OSSL_ENCODER_get0_description, OSSL_ENCODER_do_all_provided, OSSL_ENCODER_names_do_all, OSSL_ENCODER_gettable_params, @@ -28,12 +28,12 @@ OSSL_ENCODER_get_params const char *properties); int OSSL_ENCODER_up_ref(OSSL_ENCODER *encoder); void OSSL_ENCODER_free(OSSL_ENCODER *encoder); - const OSSL_PROVIDER *OSSL_ENCODER_provider(const OSSL_ENCODER *encoder); - const char *OSSL_ENCODER_properties(const OSSL_ENCODER *encoder); + const OSSL_PROVIDER *OSSL_ENCODER_get0_provider(const OSSL_ENCODER *encoder); + const char *OSSL_ENCODER_get0_properties(const OSSL_ENCODER *encoder); int OSSL_ENCODER_is_a(const OSSL_ENCODER *encoder, const char *name); - int OSSL_ENCODER_number(const OSSL_ENCODER *encoder); - const char *OSSL_ENCODER_name(const OSSL_ENCODER *encoder); - const char *OSSL_ENCODER_description(const OSSL_ENCODER *encoder); + int OSSL_ENCODER_get_number(const OSSL_ENCODER *encoder); + const char *OSSL_ENCODER_get0_name(const OSSL_ENCODER *encoder); + const char *OSSL_ENCODER_get0_description(const OSSL_ENCODER *encoder); void OSSL_ENCODER_do_all_provided(OSSL_LIB_CTX *libctx, void (*fn)(OSSL_ENCODER *encoder, void *arg), void *arg); @@ -64,21 +64,21 @@ I<encoder>. OSSL_ENCODER_free() decrements the reference count for the given I<encoder>, and when the count reaches zero, frees it. -OSSL_ENCODER_provider() returns the provider of the given +OSSL_ENCODER_get0_provider() returns the provider of the given I<encoder>. -OSSL_ENCODER_properties() returns the property definition associated +OSSL_ENCODER_get0_properties() returns the property definition associated with the given I<encoder>. OSSL_ENCODER_is_a() checks if I<encoder> is an implementation of an algorithm that's identifiable with I<name>. -OSSL_ENCODER_number() returns the internal dynamic number assigned to +OSSL_ENCODER_get_number() returns the internal dynamic number assigned to the given I<encoder>. -OSSL_ENCODER_number() returns the name used to fetch the given I<encoder>. +OSSL_ENCODER_get_number() returns the name used to fetch the given I<encoder>. -OSSL_ENCODER_description() returns a description of the I<loader>, meant +OSSL_ENCODER_get0_description() returns a description of the I<loader>, meant for display and human consumption. The description is at the discretion of the I<loader> implementation. @@ -107,24 +107,24 @@ OSSL_ENCODER_up_ref() returns 1 on success, or 0 on error. OSSL_ENCODER_free() doesn't return any value. -OSSL_ENCODER_provider() returns a pointer to a provider object, or +OSSL_ENCODER_get0_provider() returns a pointer to a provider object, or NULL on error. -OSSL_ENCODER_properties() returns a pointer to a property +OSSL_ENCODER_get0_properties() returns a pointer to a property definition string, or NULL on error. OSSL_ENCODER_is_a() returns 1 of I<encoder> was identifiable, otherwise 0. -OSSL_ENCODER_number() returns an integer. +OSSL_ENCODER_get_number() returns an integer. -OSSL_ENCODER_name() returns the algorithm name from the provided +OSSL_ENCODER_get0_name() returns the algorithm name from the provided implementation for the given I<encoder>. Note that the I<encoder> may have multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I<encoder> object and should not be freed by the caller. -OSSL_ENCODER_description() returns a pointer to a decription, or NULL if +OSSL_ENCODER_get0_description() returns a pointer to a decription, or NULL if there isn't one. OSSL_ENCODER_names_do_all() returns 1 if the callback was called for all diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index 7413104079..1d790fa6d7 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -6,11 +6,11 @@ OSSL_STORE_LOADER, OSSL_STORE_LOADER_fetch, OSSL_STORE_LOADER_up_ref, OSSL_STORE_LOADER_free, -OSSL_STORE_LOADER_provider, -OSSL_STORE_LOADER_properties, +OSSL_STORE_LOADER_get0_provider, +OSSL_STORE_LOADER_get0_properties, OSSL_STORE_LOADER_is_a, -OSSL_STORE_LOADER_number, -OSSL_STORE_LOADER_description, +OSSL_STORE_LOADER_get_number, +OSSL_STORE_LOADER_get0_description, OSSL_STORE_LOADER_do_all_provided, OSSL_STORE_LOADER_names_do_all, OSSL_STORE_LOADER_CTX, OSSL_STORE_LOADER_new, @@ -39,11 +39,11 @@ unregister STORE loaders for different URI schemes const char *properties); int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader); void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); - const OSSL_PROVIDER *OSSL_STORE_LOADER_provider(const OSSL_STORE_LOADER * + const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * loader); - const char *OSSL_STORE_LOADER_properties(const OSSL_STORE_LOADER *loader); - int OSSL_STORE_LOADER_number(const OSSL_STORE_LOADER *loader); - const char *OSSL_STORE_LOADER_description(const OSSL_STORE_LOADER *loader); + const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader); + int OSSL_STORE_LOADER_get_number(const OSSL_STORE_LOADER *loader); + const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader); int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *scheme); void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx, @@ -129,19 +129,19 @@ I<loader>. OSSL_STORE_LOADER_free() decrements the reference count for the given I<loader>, and when the count reaches zero, frees it. -OSSL_STORE_LOADER_provider() returns the provider of the given +OSSL_STORE_LOADER_get0_provider() returns the provider of the given I<loader>. -OSSL_STORE_LOADER_properties() returns the property definition associated +OSSL_STORE_LOADER_get0_properties() returns the property definition associated with the given I<loader>. OSSL_STORE_LOADER_is_a() checks if I<loader> is an implementation of an algorithm that's identifiable with I<scheme>. -OSSL_STORE_LOADER_number() returns the internal dynamic number assigned +OSSL_STORE_LOADER_get_number() returns the internal dynamic number assigned to the given I<loader>. -OSSL_STORE_LOADER_description() returns a description of the I<loader>, meant +OSSL_STORE_LOADER_get0_description() returns a description of the I<loader>, meant for display and human consumption. The description is at the discretion of the I<loader> implementation. @@ -323,18 +323,18 @@ names. A return value of 0 means that the callback was not called for any names. OSSL_STORE_LOADER_free() doesn't return any value. -OSSL_STORE_LOADER_provider() returns a pointer to a provider object, or +OSSL_STORE_LOADER_get0_provider() returns a pointer to a provider object, or NULL on error. -OSSL_STORE_LOADER_properties() returns a pointer to a property +OSSL_STORE_LOADER_get0_properties() returns a pointer to a property definition string, or NULL on error. OSSL_STORE_LOADER_is_a() returns 1 if I<loader> was identifiable, otherwise 0. -OSSL_STORE_LOADER_number() returns an integer. +OSSL_STORE_LOADER_get_number() returns an integer. -OSSL_STORE_LOADER_description() returns a pointer to a decription, or NULL if +OSSL_STORE_LOADER_get0_description() returns a pointer to a decription, or NULL if there isn't one. The functions with the types B<OSSL_STORE_open_fn>, @@ -365,9 +365,9 @@ L<provider-storemgmt(7)> =head1 HISTORY OSSL_STORE_LOADER_fetch(), OSSL_STORE_LOADER_up_ref(), -OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_provider(), -OSSL_STORE_LOADER_properties(), OSSL_STORE_LOADER_is_a(), -OSSL_STORE_LOADER_number(), OSSL_STORE_LOADER_do_all_provided() and +OSSL_STORE_LOADER_free(), OSSL_STORE_LOADER_get0_provider(), +OSSL_STORE_LOADER_get0_properties(), OSSL_STORE_LOADER_is_a(), +OSSL_STORE_LOADER_get_number(), OSSL_STORE_LOADER_do_all_provided() and OSSL_STORE_LOADER_names_do_all() were added in OpenSSL 3.0. OSSL_STORE_open_ex_fn() was added in OpenSSL 3.0. diff --git a/doc/man3/PEM_read_bio_PrivateKey.pod b/doc/man3/PEM_read_bio_PrivateKey.pod index c053d03a21..9df61892fd 100644 --- a/doc/man3/PEM_read_bio_PrivateKey.pod +++ b/doc/man3/PEM_read_bio_PrivateKey.pod @@ -420,8 +420,8 @@ The pseudo code to derive the key would look similar to: EVP_CIPHER* cipher = EVP_des_ede3_cbc(); EVP_MD* md = EVP_md5(); - unsigned int nkey = EVP_CIPHER_key_length(cipher); - unsigned int niv = EVP_CIPHER_iv_length(cipher); + unsigned int nkey = EVP_CIPHER_get_key_length(cipher); + unsigned int niv = EVP_CIPHER_get_iv_length(cipher); unsigned char key[nkey]; unsigned char iv[niv]; diff --git a/doc/man3/RSA_size.pod b/doc/man3/RSA_size.pod index 6e3451f22c..bed88106e2 100644 --- a/doc/man3/RSA_size.pod +++ b/doc/man3/RSA_size.pod @@ -25,8 +25,8 @@ RSA_bits() returns the number of significant bits. B<rsa> and B<rsa-E<gt>n> must not be B<NULL>. The remaining functions described on this page are deprecated. -Applications should instead use L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)> -and L<EVP_PKEY_security_bits(3)>. +Applications should instead use L<EVP_PKEY_get_size(3)>, L<EVP_PKEY_get_bits(3)> +and L<EVP_PKEY_get_security_bits(3)>. RSA_size() returns the RSA modulus size in bytes. It can be used to determine how much memory must be allocated for an RSA encrypted diff --git a/doc/man7/EVP_MD-common.pod b/doc/man7/EVP_MD-common.pod index 58d8ed5641..4e0dbb6cd4 100644 --- a/doc/man7/EVP_MD-common.pod +++ b/doc/man7/EVP_MD-common.pod @@ -18,14 +18,14 @@ The digest block size. The length of the "blocksize" parameter should not exceed that of a B<size_t>. -This value can also be retrieved with L<EVP_MD_block_size(3)>. +This value can also be retrieved with L<EVP_MD_get_block_size(3)>. =item "size" (B<OSSL_DIGEST_PARAM_SIZE>) <unsigned integer> The digest output size. The length of the "size" parameter should not exceed that of a B<size_t>. -This value can also be retrieved with L<EVP_MD_size(3)>. +This value can also be retrieved with L<EVP_MD_get_size(3)>. =item "flags" (B<OSSL_DIGEST_PARAM_FLAGS>) <unsigned integer> @@ -42,7 +42,7 @@ EVP_MD_FLAG_FIPS isn't relevant any more. =end comment -This value can also be retrieved with L<EVP_MD_flags(3)>. +This value can also be retrieved with L<EVP_MD_get_flags(3)>. =back diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod index b45404cce0..78fb8f8f37 100644 --- a/doc/man7/crypto.pod +++ b/doc/man7/crypto.pod @@ -390,7 +390,7 @@ encryption/decryption, signatures, message authentication codes, etc. goto err; /* Allocate the output buffer */ - outdigest = OPENSSL_malloc(EVP_MD_size(sha256)); + outdigest = OPENSSL_malloc(EVP_MD_get_size(sha256)); if (outdigest == NULL) goto err; diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod index 3fdbfc0386..82d245a8bc 100644 --- a/doc/man7/fips_module.pod +++ b/doc/man7/fips_module.pod @@ -445,7 +445,8 @@ provider that implements it. The process is similar for all algorithms. Here the example of a digest is used. To go from an B<EVP_MD_CTX> to an B<EVP_MD>, use L<EVP_MD_CTX_md(3)> . -To go from the B<EVP_MD> to its B<OSSL_PROVIDER>, use L<EVP_MD_provider(3)>. +To go from the B<EVP_MD> to its B<OSSL_PROVIDER>, +use L<EVP_MD_get0_provider(3)>. To extract the name from the B<OSSL_PROVIDER>, use L<OSSL_PROVIDER_name(3)>. =head1 SEE ALSO diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index b230eb7839..e2d21a9540 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -1203,7 +1203,8 @@ Algorithms for "DESX-CBC", "DES-ECB", "DES-CBC", "DES-OFB", "DES-CFB", DH_bits(), DH_security_bits(), DH_size() -Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>. +Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and +L<EVP_PKEY_get_size(3)>. =item - @@ -1284,7 +1285,8 @@ See L</Deprecated low-level key parameter setters> DSA_bits(), DSA_security_bits(), DSA_size() -Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>. +Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and +L<EVP_PKEY_get_size(3)>. =item - @@ -1376,7 +1378,7 @@ See L</Deprecated low-level signing functions>. ECDSA_size() -Applications should use L<EVP_PKEY_size(3)>. +Applications should use L<EVP_PKEY_get_size(3)>. =item - @@ -1900,7 +1902,8 @@ The RIPE algorithm has been moved to the L<Legacy Provider|/Legacy Algorithms>. RSA_bits(), RSA_security_bits(), RSA_size() -Use L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)> and L<EVP_PKEY_size(3)>. +Use L<EVP_PKEY_get_bits(3)>, L<EVP_PKEY_get_security_bits(3)> and +L<EVP_PKEY_get_size(3)>. =item - |