diff options
| author | Richard Levitte <levitte@openssl.org> | 2019-08-22 12:50:00 +0200 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2019-08-24 13:01:15 +0200 |
| commit | 703170d4b9da1b3adc0e4d87719a5156080b2dca (patch) | |
| tree | 5223ce61f34a098ed497c54ac271ee26a3d30f15 /doc | |
| parent | 9f57e2184de330e83d0636586e88a8524c513b8e (diff) | |
Get rid of the diversity of names for MAC parameters
The EVP_PKEY MAC implementations had a diversity of controls that were
really the same thing. We did reproduce that for the provider based
MACs, but are changing our minds on this. Instead of that, we now use
one parameter name for passing the name of the underlying ciphers or
digests to a MAC implementation, "cipher" and "digest", and one
parameter name for passing the output size of the MAC, "size".
Then we leave it to the EVP_PKEY->EVP_MAC bridge to translate "md"
to "digest", and "digestsize" to "size".
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9667)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man7/provider-mac.pod | 25 |
1 files changed, 7 insertions, 18 deletions
diff --git a/doc/man7/provider-mac.pod b/doc/man7/provider-mac.pod index 455231172f..14fb3afb67 100644 --- a/doc/man7/provider-mac.pod +++ b/doc/man7/provider-mac.pod @@ -178,21 +178,12 @@ Gets flags associated with the MAC. =for comment We need to investigate if this is the right approach -=item B<OSSL_MAC_PARAM_ALGORITHM> (utf8 string) - -Sets the name of the underlying algorithm to be used. -It must name a suitable algorithm for the MAC that's being used. - -=item B<OSSL_MAC_PARAM_MD> (utf8 string) +=item B<OSSL_MAC_PARAM_CIPHER> (utf8 string) =item B<OSSL_MAC_PARAM_DIGEST> (utf8 string) -=item B<OSSL_MAC_PARAM_CIPHER> (utf8 string) - -These have the same meaning as B<OSSL_MAC_PARAM_ALGORITHM>, but specify -the expected operation for the underlying algorithm. -These are regarded as antiquated, but are kept for easier transition from -legacy MAC implementations. +Sets the name of the underlying cipher or digest to be used. +It must name a suitable algorithm for the MAC that's being used. =item B<OSSL_MAC_PARAM_ENGINE> (utf8 string) @@ -212,13 +203,11 @@ and engine, or a built in legacy function depends on what is available. =item B<OSSL_MAC_PARAM_SIZE> (int) -=item B<OSSL_MAC_PARAM_DIGESTSIZE> (int) - -=item B<OSSL_MAC_PARAM_OUTLEN> (int) +Can be used to get the resulting MAC size. -All three names are considered the same. -B<OSSL_MAC_PARAM_SIZE> and B<OSSL_MAC_PARAM_DIGESTSIZE> are considered -antiquated, but are kept for easier transition from legacy MAC implementations. +With some MAC algorithms, it can also be used to set the size that the +resulting MAC should have. +Allowable sizes are decided within each implementation. =back |