OSSL_PROVIDER.pod 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192
  1. =pod
  2. =head1 NAME
  3. OSSL_PROVIDER_set_default_search_path,
  4. OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
  5. OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
  6. OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
  7. OSSL_PROVIDER_query_operation, OSSL_PROVIDER_get0_provider_ctx,
  8. OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name,
  9. OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test
  10. - provider routines
  11. =head1 SYNOPSIS
  12. #include <openssl/provider.h>
  13. typedef struct ossl_provider_st OSSL_PROVIDER;
  14. void OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *libctx,
  15. const char *path);
  16. OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name);
  17. OSSL_PROVIDER *OSSL_PROVIDER_try_load(OPENSSL_CTX *libctx, const char *name);
  18. int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
  19. int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name);
  20. int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx,
  21. int (*cb)(OSSL_PROVIDER *provider, void *cbdata),
  22. void *cbdata);
  23. const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
  24. int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
  25. const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
  26. int operation_id,
  27. int *no_cache);
  28. void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
  29. int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
  30. ossl_provider_init_fn *init_fn);
  31. const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov);
  32. int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
  33. const char *capability,
  34. OSSL_CALLBACK *cb,
  35. void *arg);
  36. int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);
  37. =head1 DESCRIPTION
  38. B<OSSL_PROVIDER> is a type that holds internal information about
  39. implementation providers (see L<provider(7)> for information on what a
  40. provider is).
  41. A provider can be built in to the application or the OpenSSL
  42. libraries, or can be a loadable module.
  43. The functions described here handle both forms.
  44. Some of these functions operate within a library context, please see
  45. L<OPENSSL_CTX(3)> for further details.
  46. =head2 Functions
  47. OSSL_PROVIDER_set_default_search_path() specifies the default search B<path>
  48. that is to be used for looking for providers in the specified B<libctx>.
  49. If left unspecified, an environment variable and a fall back default value will
  50. be used instead.
  51. OSSL_PROVIDER_add_builtin() is used to add a built in provider to
  52. B<OSSL_PROVIDER> store in the given library context, by associating a
  53. provider name with a provider initialization function.
  54. This name can then be used with OSSL_PROVIDER_load().
  55. OSSL_PROVIDER_load() loads and initializes a provider.
  56. This may simply initialize a provider that was previously added with
  57. OSSL_PROVIDER_add_builtin() and run its given initialization function,
  58. or load a provider module with the given name and run its provider
  59. entry point, C<OSSL_provider_init>.
  60. OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that
  61. it does not disable the fall-back providers if the provider cannot be
  62. loaded and initialized.
  63. If the provider loads successfully, however, the fall-back providers are
  64. disabled.
  65. OSSL_PROVIDER_unload() unloads the given provider.
  66. For a provider added with OSSL_PROVIDER_add_builtin(), this simply
  67. runs its teardown function.
  68. OSSL_PROVIDER_available() checks if a named provider is available
  69. for use.
  70. OSSL_PROVIDER_do_all() iterates over all loaded providers, calling
  71. I<cb> for each one, with the current provider in I<provider> and the
  72. I<cbdata> that comes from the caller.
  73. OSSL_PROVIDER_gettable_params() is used to get a provider parameter
  74. descriptor set as a constant B<OSSL_PARAM> array.
  75. See L<OSSL_PARAM(3)> for more information.
  76. OSSL_PROVIDER_get_params() is used to get provider parameter values.
  77. The caller must prepare the B<OSSL_PARAM> array before calling this
  78. function, and the variables acting as buffers for this parameter array
  79. should be filled with data when it returns successfully.
  80. OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
  81. If the self tests fail then the provider will fail to provide any further
  82. services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
  83. beforehand in order to display diagnostics for the running self tests.
  84. OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
  85. function (see L<provider(7)>), if the provider has one. It returns an
  86. array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
  87. NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
  88. applications should not need to call.
  89. OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
  90. provider. The provider context is an opaque handle set by the provider itself
  91. and is passed back to the provider by libcrypto in various function calls.
  92. If it is permissible to cache references to this array then I<*no_store> is set
  93. to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
  94. have a short lifetime.
  95. OSSL_PROVIDER_name() returns the name of the given provider.
  96. OSSL_PROVIDER_get_capabilities() provides information about the capabilities
  97. supported by the provider specified in I<prov> with the capability name
  98. I<capability>. For each capability of that name supported by the provider it
  99. will call the callback I<cb> and supply a set of B<OSSL_PARAM>s describing the
  100. capability. It will also pass back the argument I<arg>. For more details about
  101. capabilities and what they can be used for please see
  102. L<provider-base(7)/CAPABILTIIES>.
  103. =head1 RETURN VALUES
  104. OSSL_PROVIDER_add(), OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and
  105. OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error.
  106. OSSL_PROVIDER_load() and OSSL_PROVIDER_try_load() return a pointer to a
  107. provider object on success, or B<NULL> on error.
  108. OSSL_PROVIDER_available() returns 1 if the named provider is available,
  109. otherwise 0.
  110. OSSL_PROVIDER_gettable_params() returns a pointer to an array
  111. of constant B<OSSL_PARAM>, or NULL if none is provided.
  112. OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error.
  113. OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
  114. error.
  115. OSSL_PROVIDER_self_test() returns 1 if the self tests pass, or 0 on error.
  116. =head1 EXAMPLES
  117. This demonstrates how to load the provider module "foo" and ask for
  118. its build number.
  119. OSSL_PROVIDER *prov = NULL;
  120. const char *build = NULL;
  121. size_t built_l = 0;
  122. OSSL_PARAM request[] = {
  123. { "build", OSSL_PARAM_UTF8_STRING_PTR, &build, 0, &build_l },
  124. { NULL, 0, NULL, 0, NULL }
  125. };
  126. if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
  127. && OSSL_PROVIDER_get_params(prov, request))
  128. printf("Provider 'foo' build %s\n", build);
  129. else
  130. ERR_print_errors_fp(stderr);
  131. =head1 SEE ALSO
  132. L<openssl-core.h(7)>, L<OPENSSL_CTX(3)>, L<provider(7)>
  133. =head1 HISTORY
  134. The type and functions described here were added in OpenSSL 3.0.
  135. =head1 COPYRIGHT
  136. Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  137. Licensed under the Apache License 2.0 (the "License"). You may not use
  138. this file except in compliance with the License. You can obtain a copy
  139. in the file LICENSE in the source distribution or at
  140. L<https://www.openssl.org/source/license.html>.
  141. =cut