Replumbing: New public API to load or add providers
authorRichard Levitte <levitte@openssl.org>
Tue, 19 Feb 2019 22:07:57 +0000 (23:07 +0100)
committerRichard Levitte <levitte@openssl.org>
Mon, 11 Mar 2019 19:40:13 +0000 (20:40 +0100)
Adding a provider means creating an internal provier object and adding
it to the store.  This allows the addition of built in providers, be it
in the OpenSSL libraries or in any application.

"Loading" a provider is defined broadly.  A built in provider is already
"loaded" in essence and only needs activating, while a provider in a
dynamically loadable module requires actually loading the module itself.
In this API, "loading" a provider does both.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)

crypto/build.info
crypto/cpt_err.c
crypto/err/openssl.txt
crypto/provider.c [new file with mode: 0644]
include/openssl/cryptoerr.h
include/openssl/provider.h [new file with mode: 0644]
util/libcrypto.num

index fdf0810dbe55faf87a96712ce0f011856f8178a2..0cca6ab7a3fa7a5a293242d9595553906be8b951 100644 (file)
@@ -17,7 +17,7 @@ SOURCE[../libcrypto]=\
         ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
         threads_pthread.c threads_win.c threads_none.c getenv.c \
         o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \
-        trace.c \
+        trace.c provider.c \
         {- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -}
 
 DEPEND[cversion.o]=buildinf.h
index a99d488fa1538204e9c0adcb3af3c8ef618e118d..bf7985cee9df33ef588388d5fa2fee6de168d673 100644 (file)
@@ -46,6 +46,8 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
      "OPENSSL_sk_deep_copy"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN, 0),
+     "OSSL_PROVIDER_add_builtin"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0),
      "ossl_provider_activate"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0),
index 4b331ebafa7d09ef77f85da3dd104cb414dd2101..3b3f761db2041f9712c40da76753d5888dfda797 100644 (file)
@@ -368,6 +368,7 @@ CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
 CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
 CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
 CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
+CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN:132:OSSL_PROVIDER_add_builtin
 CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate
 CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new
 CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
diff --git a/crypto/provider.c b/crypto/provider.c
new file mode 100644 (file)
index 0000000..823d5dd
--- /dev/null
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cryptoerr.h>
+#include <openssl/provider.h>
+#include "internal/provider.h"
+
+OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    /* Find it or create it */
+    if ((prov = ossl_provider_find(libctx, name)) == NULL
+        && (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
+        return NULL;
+
+    if (!ossl_provider_activate(prov)) {
+        ossl_provider_free(prov);
+        return NULL;
+    }
+
+    return prov;
+}
+
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
+{
+    ossl_provider_free(prov);
+    return 1;
+}
+
+const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov)
+{
+    return ossl_provider_get_param_types(prov);
+}
+
+int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[])
+{
+    return ossl_provider_get_params(prov, params);
+}
+
+int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
+                              OSSL_provider_init_fn *init_fn)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    if (name == NULL || init_fn == NULL) {
+        CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    /* Create it */
+    if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
+        return 0;
+
+    /*
+     * It's safely stored in the internal store at this point,
+     * free the returned extra reference
+     */
+    ossl_provider_free(prov);
+
+    return 1;
+}
index 4924e336eb3a383ac117683e3d705a75b0317e33..c27f05c9af9f3cae480eca6f0fee69344d6db36b 100644 (file)
@@ -43,6 +43,7 @@ int ERR_load_CRYPTO_strings(void);
 # define CRYPTO_F_OPENSSL_LH_NEW                          126
 # define CRYPTO_F_OPENSSL_SK_DEEP_COPY                    127
 # define CRYPTO_F_OPENSSL_SK_DUP                          128
+# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN               132
 # define CRYPTO_F_OSSL_PROVIDER_ACTIVATE                  130
 # define CRYPTO_F_OSSL_PROVIDER_NEW                       131
 # define CRYPTO_F_PKEY_HMAC_INIT                          123
diff --git a/include/openssl/provider.h b/include/openssl/provider.h
new file mode 100644 (file)
index 0000000..7dc5b8a
--- /dev/null
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_PROVIDER_H
+# define OSSL_PROVIDER_H
+
+# include <openssl/core.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* Load and unload a provider */
+OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name);
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
+
+const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov);
+int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[]);
+
+/* Add a built in providers */
+int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name,
+                              OSSL_provider_init_fn *init_fn);
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
index cb0cb2279bd106ce2ead3efc09759a72d2e5fbfd..42435931c75cc9c70fcbf89e482699841a05d13e 100644 (file)
@@ -4655,3 +4655,8 @@ OSSL_trace_set_callback                 4610      3_0_0   EXIST::FUNCTION:
 OSSL_trace_enabled                      4611   3_0_0   EXIST::FUNCTION:
 OSSL_trace_begin                        4612   3_0_0   EXIST::FUNCTION:
 OSSL_trace_end                          4613   3_0_0   EXIST::FUNCTION:
+OSSL_PROVIDER_load                      4614   3_0_0   EXIST::FUNCTION:
+OSSL_PROVIDER_unload                    4615   3_0_0   EXIST::FUNCTION:
+OSSL_PROVIDER_add_builtin               4616   3_0_0   EXIST::FUNCTION:
+OSSL_PROVIDER_get_param_types           4617   3_0_0   EXIST::FUNCTION:
+OSSL_PROVIDER_get_params                4618   3_0_0   EXIST::FUNCTION: