Add EVP digest context serialization

This commit introduces two new functions, EVP_MD_CTX_serialize and
EVP_MD_CTX_deserialize, to the EVP digest API.

These functions allow an application to save the state of a digest
context (EVP_MD_CTX) and restore it later. This is useful for
checkpointing long-running computations, enabling them to be paused
and resumed without starting over.

The implementation adds the OSSL_FUNC_DIGEST_SERIALIZE and
OSSL_FUNC_DIGEST_DESERIALIZE dispatch functions for providers to
supply this functionality.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28837)

include/crypto/evp.h

@@ -294,6 +294,8 @@ struct evp_md_st {
     OSSL_FUNC_digest_gettable_params_fn *gettable_params;
     OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params;
     OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params;
+    OSSL_FUNC_digest_serialize_fn *serialize;
+    OSSL_FUNC_digest_deserialize_fn *deserialize;
 
 } /* EVP_MD */;
 

include/crypto/evperr.h

@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy

include/openssl/core_dispatch.h

@@ -315,6 +315,8 @@ OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_alert,
 #define OSSL_FUNC_DIGEST_GETTABLE_CTX_PARAMS 13
 #define OSSL_FUNC_DIGEST_SQUEEZE 14
 #define OSSL_FUNC_DIGEST_COPYCTX 15
+#define OSSL_FUNC_DIGEST_SERIALIZE 16
+#define OSSL_FUNC_DIGEST_DESERIALIZE 17
 
 OSSL_CORE_MAKE_FUNC(void *, digest_newctx, (void *provctx))
 OSSL_CORE_MAKE_FUNC(int, digest_init, (void *dctx, const OSSL_PARAM params[]))
@@ -345,6 +347,10 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_settable_ctx_params,
     (void *dctx, void *provctx))
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, digest_gettable_ctx_params,
     (void *dctx, void *provctx))
+OSSL_CORE_MAKE_FUNC(int, digest_serialize,
+    (void *dctx, unsigned char *out, size_t *outl))
+OSSL_CORE_MAKE_FUNC(int, digest_deserialize,
+    (void *dctx, const unsigned char *in, size_t inl))
 
 /* Symmetric Ciphers */
 

include/openssl/evp.h

@@ -753,6 +753,10 @@ __owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *out,
     size_t outlen);
 __owur int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *out,
     size_t outlen);
+__owur int EVP_MD_CTX_serialize(EVP_MD_CTX *ctx, unsigned char *out,
+    size_t *outlen);
+__owur int EVP_MD_CTX_deserialize(EVP_MD_CTX *ctx, const unsigned char *in,
+    size_t inlen);
 
 __owur EVP_MD *EVP_MD_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
     const char *properties);

include/openssl/evperr.h

@@ -33,6 +33,7 @@
 #define EVP_R_CIPHER_PARAMETER_ERROR 122
 #define EVP_R_COMMAND_NOT_SUPPORTED 147
 #define EVP_R_CONFLICTING_ALGORITHM_NAME 201
+#define EVP_R_CONTEXT_FINALIZED 239
 #define EVP_R_COPY_ERROR 173
 #define EVP_R_CTRL_NOT_IMPLEMENTED 132
 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133