-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add API support for pipelining in provided ciphers #18298
Comments
We have enabled the pipeline in our engine which need to set the EVP_CIPHER->flags to EVP_CIPH_FLAG_PIPELINE in engine. |
The 3.0 method would be to implement the entire algorithm in the provider. |
@paulidale Do you mean using the void *ossl_method_construct(OSSL_LIB_CTX *ctx, int operation_id, |
No. There is no support for pipelining in OpenSSL 3.0 provided ciphers at the moment. We might like to add it in the future. |
Is there any timeline for enabling pipeline support in provider? |
Unfortunately not. It's not currently planned. |
Marking as inactive, to be closed when 3.4 dev cycle ends, barring further input |
Hi,
We are developing our own provider under OpenSSL 3.0 framework.
However, when it comes to aes_cbc_hmac_sha algorithm, we cannot find a way to setup the EVP_CIPHER structure.
Previously, take the engine in OpenSSL 1.1.1 as an example, after we created the EVP_CIPHER_CTX generated by EVP_CIPHER_CTX_new(), it can be initialized by EVP_CipherInit_ex(), which will call some of the preset functions in engine, and *EVP_CIPHER_meth_set_flags(EVP_CIPHER cipher, unsigned long flags) is one of them, and we can use this function to set the flags variable of cipher in the EVP_CIPHER_CTX structure.
Like this:
However, in openssl3.0, the entire framework has changed, EVP_CIPHER has been finalized as early as after EVP_CIPHER_fetch() function is excuted, we have no way to make any changes to the member variable flags of EVP_CIPHER.
What we want to do is to be able to configure EVP_CIPHER to support the pipeline feature by adding EVP_CIPH_FLAG_PIPELINE to its flags variable.
We can still find the definition of pipeline in the code of openssl 3.0, but the flags variable in cipher is marked as legacy,
so does openssl 3.0 still support the pipeline feature? And if so, then how to configure it?
Thanks!
The text was updated successfully, but these errors were encountered: