[openssl/openssl] c1f66c: Add EVP digest context serialization
0 views
Skip to first unread message
Simo Sorce
Dec 12, 2025, 3:40:39 AM (5 days ago) Dec 12
to openssl...@openssl.org
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: c1f66c1ec33763de0d5e94e66039238729ef9c4b
https://github.com/openssl/openssl/commit/c1f66c1ec33763de0d5e94e66039238729ef9c4b
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M crypto/err/openssl.txt
M crypto/evp/digest.c
M crypto/evp/evp_err.c
M include/crypto/evp.h
M include/crypto/evperr.h
M include/openssl/core_dispatch.h
M include/openssl/evp.h
M include/openssl/evperr.h
M util/libcrypto.num
Log Message:
-----------
Add EVP digest context serialization
This commit introduces two new functions, EVP_MD_CTX_serialize and
EVP_MD_CTX_deserialize, to the EVP digest API.
These functions allow an application to save the state of a digest
context (EVP_MD_CTX) and restore it later. This is useful for
checkpointing long-running computations, enabling them to be paused
and resumed without starting over.
The implementation adds the OSSL_FUNC_DIGEST_SERIALIZE and
OSSL_FUNC_DIGEST_DESERIALIZE dispatch functions for providers to
supply this functionality.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: 1afb05b6035cfe7a748e9152e72832e760bab3dc
https://github.com/openssl/openssl/commit/1afb05b6035cfe7a748e9152e72832e760bab3dc
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M .clang-format
M providers/implementations/digests/sha2_prov.c
M providers/implementations/include/prov/digestcommon.h
M test/evp_extra_test2.c
Log Message:
-----------
Add serialization for SHA-2 digest contexts
This commit introduces the ability to serialize and deserialize the internal
state of SHA-2 digest contexts (SHA-256 and SHA-512 families).
This functionality is exposed via the new OSSL_DIGEST_SERIALIZATION parameter,
which can be used with EVP_MD_CTX_get_params() to retrieve the state and with
EVP_DigestInit_ex2() to restore it into a new context.
This allows an application to save the state of a hash operation and resume it
later, which is useful for process migration or for saving the state of long-
unning computations. A new test case has been added to verify this.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: b760334f8f10487f972b321069b1c928b9996b0d
https://github.com/openssl/openssl/commit/b760334f8f10487f972b321069b1c928b9996b0d
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M providers/implementations/digests/sha3_prov.c
M test/evp_extra_test2.c
Log Message:
-----------
Add EVP_MD_CTX serialization for SHA3/SHAKE
Implement context serialization and deserialization for the SHA3, KECCAK,
SHAKE, and KMAC provider-based digests.
This is achieved by handling the `OSSL_DIGEST_SERIALIZATION` parameter in
get_ctx_params and set_ctx_params. A custom format is used to store the KECCAK
state, including a magic number and an algorithm identifier to ensure the
context is not loaded into an incompatible digest instance.
This allows an EVP_MD_CTX to be saved and restored, which is useful for
applications that need to checkpoint hashing operations. The existing EVP
serialization tests have been extended to cover these new algorithms.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: a95faeb567115d0d353ac408e79396aaa8a678ec
https://github.com/openssl/openssl/commit/a95faeb567115d0d353ac408e79396aaa8a678ec
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M .gitignore
M build.info
M providers/implementations/digests/sha2_prov.c
A providers/implementations/digests/sha2_prov.inc.in
Log Message:
-----------
Use generated param decoders in SHA provider
Refactor the SHA provider's context parameter handling in sha2_prov.c to use
the generated parameter decoder framework.
This change replaces manual parameter lookups using `OSSL_PARAM_locate` and
static `OSSL_PARAM` arrays with generated decoder functions and structs. A new
template, `sha2_prov.inc.in`, is added to create the necessary decoders during
the build.
This simplifies the code, reduces boilerplate, and improves type safety.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: a010fde5b6566d283c83f6590d88fbf3b681fd0d
https://github.com/openssl/openssl/commit/a010fde5b6566d283c83f6590d88fbf3b681fd0d
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M CHANGES.md
M doc/man3/EVP_DigestInit.pod
M doc/man7/provider-digest.pod
Log Message:
-----------
Add documentation for digest serialization
Documents EVP_MD_CTX_[s|des]erialize functions.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: 2d5c98c30a124bfd865f7d4f77294244de85c2f6
https://github.com/openssl/openssl/commit/2d5c98c30a124bfd865f7d4f77294244de85c2f6
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M test/evp_extra_test2.c
Log Message:
-----------
Fail serialization of finalized MD contexts
Add tests to verify that `EVP_MD_CTX_serialize` and
`EVP_MD_CTX_deserialize` fail when called on a finalized `EVP_MD_CTX`.
A finalized context is in a terminal state and should not be serializable for
resumption or have a new state deserialized into it. These tests confirm the
expected failure behavior.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Compare: https://github.com/openssl/openssl/compare/ba4970afb5b6...2d5c98c30a12
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Home: https://github.com/openssl/openssl
Commit: c1f66c1ec33763de0d5e94e66039238729ef9c4b
https://github.com/openssl/openssl/commit/c1f66c1ec33763de0d5e94e66039238729ef9c4b
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M crypto/err/openssl.txt
M crypto/evp/digest.c
M crypto/evp/evp_err.c
M include/crypto/evp.h
M include/crypto/evperr.h
M include/openssl/core_dispatch.h
M include/openssl/evp.h
M include/openssl/evperr.h
M util/libcrypto.num
Log Message:
-----------
Add EVP digest context serialization
This commit introduces two new functions, EVP_MD_CTX_serialize and
EVP_MD_CTX_deserialize, to the EVP digest API.
These functions allow an application to save the state of a digest
context (EVP_MD_CTX) and restore it later. This is useful for
checkpointing long-running computations, enabling them to be paused
and resumed without starting over.
The implementation adds the OSSL_FUNC_DIGEST_SERIALIZE and
OSSL_FUNC_DIGEST_DESERIALIZE dispatch functions for providers to
supply this functionality.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: 1afb05b6035cfe7a748e9152e72832e760bab3dc
https://github.com/openssl/openssl/commit/1afb05b6035cfe7a748e9152e72832e760bab3dc
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M .clang-format
M providers/implementations/digests/sha2_prov.c
M providers/implementations/include/prov/digestcommon.h
M test/evp_extra_test2.c
Log Message:
-----------
Add serialization for SHA-2 digest contexts
This commit introduces the ability to serialize and deserialize the internal
state of SHA-2 digest contexts (SHA-256 and SHA-512 families).
This functionality is exposed via the new OSSL_DIGEST_SERIALIZATION parameter,
which can be used with EVP_MD_CTX_get_params() to retrieve the state and with
EVP_DigestInit_ex2() to restore it into a new context.
This allows an application to save the state of a hash operation and resume it
later, which is useful for process migration or for saving the state of long-
unning computations. A new test case has been added to verify this.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: b760334f8f10487f972b321069b1c928b9996b0d
https://github.com/openssl/openssl/commit/b760334f8f10487f972b321069b1c928b9996b0d
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M providers/implementations/digests/sha3_prov.c
M test/evp_extra_test2.c
Log Message:
-----------
Add EVP_MD_CTX serialization for SHA3/SHAKE
Implement context serialization and deserialization for the SHA3, KECCAK,
SHAKE, and KMAC provider-based digests.
This is achieved by handling the `OSSL_DIGEST_SERIALIZATION` parameter in
get_ctx_params and set_ctx_params. A custom format is used to store the KECCAK
state, including a magic number and an algorithm identifier to ensure the
context is not loaded into an incompatible digest instance.
This allows an EVP_MD_CTX to be saved and restored, which is useful for
applications that need to checkpoint hashing operations. The existing EVP
serialization tests have been extended to cover these new algorithms.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: a95faeb567115d0d353ac408e79396aaa8a678ec
https://github.com/openssl/openssl/commit/a95faeb567115d0d353ac408e79396aaa8a678ec
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M .gitignore
M build.info
M providers/implementations/digests/sha2_prov.c
A providers/implementations/digests/sha2_prov.inc.in
Log Message:
-----------
Use generated param decoders in SHA provider
Refactor the SHA provider's context parameter handling in sha2_prov.c to use
the generated parameter decoder framework.
This change replaces manual parameter lookups using `OSSL_PARAM_locate` and
static `OSSL_PARAM` arrays with generated decoder functions and structs. A new
template, `sha2_prov.inc.in`, is added to create the necessary decoders during
the build.
This simplifies the code, reduces boilerplate, and improves type safety.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: a010fde5b6566d283c83f6590d88fbf3b681fd0d
https://github.com/openssl/openssl/commit/a010fde5b6566d283c83f6590d88fbf3b681fd0d
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M CHANGES.md
M doc/man3/EVP_DigestInit.pod
M doc/man7/provider-digest.pod
Log Message:
-----------
Add documentation for digest serialization
Documents EVP_MD_CTX_[s|des]erialize functions.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Commit: 2d5c98c30a124bfd865f7d4f77294244de85c2f6
https://github.com/openssl/openssl/commit/2d5c98c30a124bfd865f7d4f77294244de85c2f6
Author: Simo Sorce <si...@redhat.com>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M test/evp_extra_test2.c
Log Message:
-----------
Fail serialization of finalized MD contexts
Add tests to verify that `EVP_MD_CTX_serialize` and
`EVP_MD_CTX_deserialize` fail when called on a finalized `EVP_MD_CTX`.
A finalized context is in a terminal state and should not be serializable for
resumption or have a new state deserialized into it. These tests confirm the
expected failure behavior.
Signed-off-by: Simo Sorce <si...@redhat.com>
Reviewed-by: Shane Lontis <shane....@oracle.com>
Reviewed-by: Tomas Mraz <to...@openssl.org>
Reviewed-by: Dmitry Belyavskiy <bel...@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)
Compare: https://github.com/openssl/openssl/compare/ba4970afb5b6...2d5c98c30a12
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
Reply all
Reply to author
Forward
0 new messages