Introduce intermediate digest/MAC API and use it in the engine and provider#520
Merged
chipitsine merged 2 commits intogost-engine:masterfrom Mar 15, 2026
Merged
Introduce intermediate digest/MAC API and use it in the engine and provider#520chipitsine merged 2 commits intogost-engine:masterfrom
chipitsine merged 2 commits intogost-engine:masterfrom
Conversation
This reverts commit 562e9ff.
There was a problem hiding this comment.
Pull request overview
This PR introduces a new internal “intermediate” digest/MAC API (GOST_digest* + GOST_digest_ctx*) and refactors both the provider and engine paths to use it, reducing reliance on EVP_MD*/EVP_MD_CTX* in provider code while keeping ENGINE compatibility via an adapter layer.
Changes:
- Add
gost_digest.*+gost_digest_ctx.*plus internalgost_digest_details.hto represent and run digest/MAC implementations via internal contexts. - Refactor provider digest and MAC implementations to use
GOST_digest_ctx_*instead of EVP digest contexts. - Add an ENGINE adapter (
gost_eng_digest*) to expose the new digest/MAC implementations through legacy EVP interfaces.
Reviewed changes
Copilot reviewed 30 out of 30 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| utils_one_level_inheritance.h | Removed legacy macro-based “inheritance” utility previously used for digest descriptors. |
| gost_tls12_additional_kexpimp.c | Switched include to gost_lcl.h to pick up needed digest/MAC control definitions via internal headers. |
| gost_prov_mac.h | New header exposing provider MAC init/deinit and algorithm list. |
| gost_prov_mac.c | Provider MAC refactor to GOST_digest_ctx_*; renamed MAC descriptors and added MAC init/deinit. |
| gost_prov_digest.c | Provider digest refactor to GOST_digest_ctx_* and new digest init/deinit flow. |
| gost_prov.h | Removed outdated MAC deinit declaration / MAC algorithm extern (moved to new header). |
| gost_prov.c | Provider init/teardown updated to call MAC init/deinit. |
| gost_omac_acpkm.c | Migrated ACPKM OMAC implementation from EVP_MD_CTX to GOST_digest_ctx. |
| gost_omac.c | Migrated OMAC implementation from EVP_MD_CTX to GOST_digest_ctx; descriptor rename/base templating updates. |
| gost_md2012.c | Migrated Streebog(2012) digest implementations to GOST_digest_ctx and new descriptor layout. |
| gost_md.c | Migrated GOST R 34.11-94 digest implementation to GOST_digest_ctx and new descriptor layout. |
| gost_mac.h | Removed old header that defined digest ctrl constants (now defined in gost_lcl.h). |
| gost_lcl.h | Switched from gost_mac.h to gost_digest.h; updated exported digest symbols; moved ctrl defines here. |
| gost_eng_digest_define.h | New macro-based generator for per-digest ENGINE ctrl adapter and GOST_eng_digest instances. |
| gost_eng_digest_define.c | New compilation unit instantiating ENGINE adapters for all supported digests/MACs. |
| gost_eng_digest.h | New ENGINE adapter API declarations (GOST_eng_digest_*). |
| gost_eng_digest.c | New ENGINE adapter implementation bridging EVP_MD to GOST_digest_ctx. |
| gost_eng.c | ENGINE registration updated to use GOST_eng_digest adapters instead of raw GOST_digest. |
| gost_digest_details.h | New internal struct definition for GOST_digest descriptors. |
| gost_digest_ctx.c | New internal digest context implementation (GOST_digest_ctx_*). |
| gost_digest_base.h | Removed obsolete “base” digest descriptor abstraction. |
| gost_digest_base.c | Removed obsolete “base” digest descriptor abstraction implementation. |
| gost_digest_3411_94.h | Removed old standalone provider digest descriptor declaration. |
| gost_digest_3411_94.c | Removed old standalone provider digest implementation (now in gost_md.c). |
| gost_digest_3411_2012.h | Removed old standalone provider digest descriptor declarations. |
| gost_digest_3411_2012.c | Removed old standalone provider digest implementation (now in gost_md2012.c). |
| gost_digest.h | Public digest API updated to new GOST_digest* / GOST_digest_ctx* entry points. |
| gost_digest.c | New GOST_digest_init/deinit and descriptor “base” resolution implementation. |
| gost_crypt.c | Migrated GOST 28147-89 MAC digests and associated ctrl logic to GOST_digest_ctx. |
| CMakeLists.txt | Consolidated digest sources into core; added new ENGINE adapter sources; removed gost_new_core_digest target and link usage. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
…ovider This commit adds the `GOST_digest*` and `GOST_digest_ctx*` APIs, providing access to digest and MAC implementations. These APIs replace the use of `EVP_MD*` APIs. An adapter is added to use the new APIs from the engine implementation, so the major part of the new code is extensively tested with both engine and provider tests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds the
GOST_digest*andGOST_digest_ctx*APIs, providingaccess to digest and MAC implementations. These APIs replace the use of
EVP_MD*/EVP_MD_CTX*APIs in provider.An adapter is added to use the new APIs from the engine implementation,
so the major part of the new code is extensively tested with both engine
and provider tests.
The previously added standalone
gost_digestadapter for the provideris removed (the commit is reverted), as that approach resulted in large
diffs while not improving clarity.
This PR addresses several issues: resolves #502, resolves #503, resolves #505.