OSSL_PROVIDER.pod 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
  1. =pod
  2. =head1 NAME
  3. OSSL_PROVIDER_set_default_search_path,
  4. OSSL_PROVIDER_get0_default_search_path,
  5. OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
  6. OSSL_PROVIDER_load_ex, OSSL_PROVIDER_try_load_ex,
  7. OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
  8. OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
  9. OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation,
  10. OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch,
  11. OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities,
  12. OSSL_PROVIDER_self_test
  13. - provider routines
  14. =head1 SYNOPSIS
  15. #include <openssl/provider.h>
  16. typedef struct ossl_provider_st OSSL_PROVIDER;
  17. int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx,
  18. const char *path);
  19. const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
  20. OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name);
  21. OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
  22. OSSL_PARAM *params);
  23. OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name,
  24. int retain_fallbacks);
  25. OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
  26. OSSL_PARAM *params,
  27. int retain_fallbacks);
  28. int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
  29. int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name);
  30. int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
  31. int (*cb)(OSSL_PROVIDER *provider, void *cbdata),
  32. void *cbdata);
  33. const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
  34. int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
  35. const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
  36. int operation_id,
  37. int *no_cache);
  38. void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
  39. int operation_id,
  40. const OSSL_ALGORITHM *algs);
  41. void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
  42. const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov);
  43. int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name,
  44. ossl_provider_init_fn *init_fn);
  45. const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov);
  46. int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
  47. const char *capability,
  48. OSSL_CALLBACK *cb,
  49. void *arg);
  50. int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);
  51. =head1 DESCRIPTION
  52. B<OSSL_PROVIDER> is a type that holds internal information about
  53. implementation providers (see L<provider(7)> for information on what a
  54. provider is).
  55. A provider can be built in to the application or the OpenSSL
  56. libraries, or can be a loadable module.
  57. The functions described here handle both forms.
  58. Some of these functions operate within a library context, please see
  59. L<OSSL_LIB_CTX(3)> for further details.
  60. =head2 Functions
  61. OSSL_PROVIDER_set_default_search_path() specifies the default search I<path>
  62. that is to be used for looking for providers in the specified I<libctx>.
  63. If left unspecified, an environment variable and a fall back default value will
  64. be used instead.
  65. OSSL_PROVIDER_get0_default_search_path() retrieves the default search I<path>
  66. that is to be used for looking for providers in the specified I<libctx>.
  67. If successful returns the path or empty string; the path is valid until the
  68. context is released or OSSL_PROVIDER_set_default_search_path() is called.
  69. OSSL_PROVIDER_add_builtin() is used to add a built in provider to
  70. B<OSSL_PROVIDER> store in the given library context, by associating a
  71. provider name with a provider initialization function.
  72. This name can then be used with OSSL_PROVIDER_load().
  73. OSSL_PROVIDER_load() loads and initializes a provider.
  74. This may simply initialize a provider that was previously added with
  75. OSSL_PROVIDER_add_builtin() and run its given initialization function,
  76. or load a provider module with the given name and run its provider
  77. entry point, C<OSSL_provider_init>. The I<name> can be a path
  78. to a provider module, in that case the provider name as returned
  79. by OSSL_PROVIDER_get0_name() will be the path. Interpretation
  80. of relative paths is platform dependent and they are relative
  81. to the configured "MODULESDIR" directory or the path set in
  82. the environment variable OPENSSL_MODULES if set.
  83. OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that
  84. it does not disable the fallback providers if the provider cannot be
  85. loaded and initialized or if I<retain_fallbacks> is nonzero.
  86. If the provider loads successfully and I<retain_fallbacks> is zero, the
  87. fallback providers are disabled.
  88. OSSL_PROVIDER_load_ex() and OSSL_PROVIDER_try_load_ex() are the variants
  89. of the previous functions accepting an C<OSSL_PARAM> array of the parameters
  90. that are passed as the configuration of the loaded provider. The parameters
  91. of any type but C<OSSL_PARAM_UTF8_STRING> are silently ignored. If the
  92. parameters are provided, they replace B<all> the ones specified in the
  93. configuration file.
  94. OSSL_PROVIDER_unload() unloads the given provider.
  95. For a provider added with OSSL_PROVIDER_add_builtin(), this simply
  96. runs its teardown function.
  97. OSSL_PROVIDER_available() checks if a named provider is available
  98. for use.
  99. OSSL_PROVIDER_do_all() iterates over all loaded providers, calling
  100. I<cb> for each one, with the current provider in I<provider> and the
  101. I<cbdata> that comes from the caller. If no other provider has been loaded
  102. before calling this function, the default provider is still available as
  103. fallback.
  104. See L<OSSL_PROVIDER-default(7)> for more information on this fallback
  105. behaviour.
  106. OSSL_PROVIDER_gettable_params() is used to get a provider parameter
  107. descriptor set as a constant L<OSSL_PARAM(3)> array.
  108. OSSL_PROVIDER_get_params() is used to get provider parameter values.
  109. The caller must prepare the L<OSSL_PARAM(3)> array before calling this
  110. function, and the variables acting as buffers for this parameter array
  111. should be filled with data when it returns successfully.
  112. OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
  113. If the self tests fail then the provider will fail to provide any further
  114. services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
  115. beforehand in order to display diagnostics for the running self tests.
  116. OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
  117. function (see L<provider(7)>), if the provider has one. It returns an
  118. array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
  119. NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
  120. applications should not need to call.
  121. OSSL_PROVIDER_unquery_operation() calls the provider's I<unquery_operation>
  122. function (see L<provider(7)>), if the provider has one. This is considered a
  123. low-level function that most applications should not need to call.
  124. OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
  125. provider. The provider context is an opaque handle set by the provider itself
  126. and is passed back to the provider by libcrypto in various function calls.
  127. OSSL_PROVIDER_get0_dispatch() returns the provider's dispatch table as it was
  128. returned in the I<out> parameter from the provider's init function. See
  129. L<provider-base(7)>.
  130. If it is permissible to cache references to this array then I<*no_store> is set
  131. to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
  132. have a short lifetime.
  133. OSSL_PROVIDER_get0_name() returns the name of the given provider.
  134. OSSL_PROVIDER_get_capabilities() provides information about the capabilities
  135. supported by the provider specified in I<prov> with the capability name
  136. I<capability>. For each capability of that name supported by the provider it
  137. will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
  138. capability. It will also pass back the argument I<arg>. For more details about
  139. capabilities and what they can be used for please see
  140. L<provider-base(7)/CAPABILTIIES>.
  141. =head1 RETURN VALUES
  142. OSSL_PROVIDER_set_default_search_path(), OSSL_PROVIDER_add(),
  143. OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and
  144. OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error.
  145. OSSL_PROVIDER_get0_default_search_path() returns a pointer to a path on success,
  146. or NULL on error or if the path has not previously been set.
  147. OSSL_PROVIDER_load() and OSSL_PROVIDER_try_load() return a pointer to a
  148. provider object on success, or NULL on error.
  149. OSSL_PROVIDER_do_all() returns 1 if the callback I<cb> returns 1 for every
  150. provider it is called with, or 0 if any provider callback invocation returns 0;
  151. callback processing stops at the first callback invocation on a provider
  152. that returns 0.
  153. OSSL_PROVIDER_available() returns 1 if the named provider is available,
  154. otherwise 0.
  155. OSSL_PROVIDER_gettable_params() returns a pointer to an array
  156. of constant L<OSSL_PARAM(3)>, or NULL if none is provided.
  157. OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error.
  158. OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
  159. error.
  160. OSSL_PROVIDER_self_test() returns 1 if the self tests pass, or 0 on error.
  161. =head1 EXAMPLES
  162. This demonstrates how to load the provider module "foo" and ask for
  163. its build information.
  164. #include <openssl/params.h>
  165. #include <openssl/provider.h>
  166. #include <openssl/err.h>
  167. OSSL_PROVIDER *prov = NULL;
  168. const char *build = NULL;
  169. OSSL_PARAM request[] = {
  170. { "buildinfo", OSSL_PARAM_UTF8_PTR, &build, 0, 0 },
  171. { NULL, 0, NULL, 0, 0 }
  172. };
  173. if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
  174. && OSSL_PROVIDER_get_params(prov, request))
  175. printf("Provider 'foo' buildinfo: %s\n", build);
  176. else
  177. ERR_print_errors_fp(stderr);
  178. =head1 SEE ALSO
  179. L<openssl-core.h(7)>, L<OSSL_LIB_CTX(3)>, L<provider(7)>
  180. =head1 HISTORY
  181. The type and functions described here were added in OpenSSL 3.0.
  182. The I<OSSL_PROVIDER_load_ex> and I<OSSL_PROVIDER_try_load_ex> functions were
  183. added in OpenSSL 3.2.
  184. =head1 COPYRIGHT
  185. Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  186. Licensed under the Apache License 2.0 (the "License"). You may not use
  187. this file except in compliance with the License. You can obtain a copy
  188. in the file LICENSE in the source distribution or at
  189. L<https://www.openssl.org/source/license.html>.
  190. =cut