[thirdparty/openssl.git] / doc / man3 / OSSL_PROVIDER.pod

=pod

=head1 NAME

OSSL_PROVIDER_set_default_search_path,
OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload,
OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
OSSL_PROVIDER_query_operation, OSSL_PROVIDER_get0_provider_ctx,
OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name,
OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test
- provider routines

=head1 SYNOPSIS

 #include <openssl/provider.h>

 typedef struct ossl_provider_st OSSL_PROVIDER;

 void OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *libctx,
                                            const char *path);

 OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name);
 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name);
 int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx,
                          int (*cb)(OSSL_PROVIDER *provider, void *cbdata),
                          void *cbdata);

 const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);

 const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
                                                     int operation_id,
                                                     int *no_cache);
 void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);

 int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
                               ossl_provider_init_fn *init_fn);

 const char *OSSL_PROVIDER_name(const OSSL_PROVIDER *prov);

 int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
                                    const char *capability,
                                    OSSL_CALLBACK *cb,
                                    void *arg);
 int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);

=head1 DESCRIPTION

B<OSSL_PROVIDER> is a type that holds internal information about
implementation providers (see L<provider(7)> for information on what a
provider is).
A provider can be built in to the application or the OpenSSL
libraries, or can be a loadable module.
The functions described here handle both forms.

Some of these functions operate within a library context, please see
L<OPENSSL_CTX(3)> for further details.

=head2 Functions

OSSL_PROVIDER_set_default_search_path() specifies the default search B<path>
that is to be used for looking for providers in the specified B<libctx>.
If left unspecified, an environment variable and a fall back default value will
be used instead.

OSSL_PROVIDER_add_builtin() is used to add a built in provider to
B<OSSL_PROVIDER> store in the given library context, by associating a
provider name with a provider initialization function.
This name can then be used with OSSL_PROVIDER_load().

OSSL_PROVIDER_load() loads and initializes a provider.
This may simply initialize a provider that was previously added with
OSSL_PROVIDER_add_builtin() and run its given initialization function,
or load a provider module with the given name and run its provider
entry point, C<OSSL_provider_init>.

OSSL_PROVIDER_unload() unloads the given provider.
For a provider added with OSSL_PROVIDER_add_builtin(), this simply
runs its teardown function.

OSSL_PROVIDER_available() checks if a named provider is available
for use.

OSSL_PROVIDER_do_all() iterates over all loaded providers, calling
I<cb> for each one, with the current provider in I<provider> and the
I<cbdata> that comes from the caller.

OSSL_PROVIDER_gettable_params() is used to get a provider parameter
descriptor set as a constant B<OSSL_PARAM> array.
See L<OSSL_PARAM(3)> for more information.

OSSL_PROVIDER_get_params() is used to get provider parameter values.
The caller must prepare the B<OSSL_PARAM> array before calling this
function, and the variables acting as buffers for this parameter array
should be filled with data when it returns successfully.

OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
If the self tests fail then the provider will fail to provide any further
services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
beforehand in order to display diagnostics for the running self tests.

OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
function (see L<provider(7)>), if the provider has one. It returns an
array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
applications should not need to call.

OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
provider. The provider context is an opaque handle set by the provider itself
and is passed back to the provider by libcrypto in various function calls.

If it is permissible to cache references to this array then I<*no_store> is set
to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
have a short lifetime.

OSSL_PROVIDER_name() returns the name of the given provider.

OSSL_PROVIDER_get_capabilities() provides information about the capabilities
supported by the provider specified in I<prov> with the capability name
I<capability>. For each capability of that name supported by the provider it
will call the callback I<cb> and supply a set of B<OSSL_PARAM>s describing the
capability. It will also pass back the argument I<arg>. For more details about
capabilities and what they can be used for please see
L<provider-base(7)/CAPABILTIIES>.

=head1 RETURN VALUES

OSSL_PROVIDER_add(), OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and
OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error.

OSSL_PROVIDER_load() returns a pointer to a provider object on
success, or B<NULL> on error.

OSSL_PROVIDER_available() returns 1 if the named provider is available,
otherwise 0.

OSSL_PROVIDER_gettable_params() returns a pointer to an array
of constant B<OSSL_PARAM>, or NULL if none is provided.

OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error.

OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
error.

OSSL_PROVIDER_self_test() returns 1 if the self tests pass, or 0 on error.

=head1 EXAMPLES

This demonstrates how to load the provider module "foo" and ask for
its build number.

 OSSL_PROVIDER *prov = NULL;
 const char *build = NULL;
 size_t built_l = 0;
 OSSL_PARAM request[] = {
     { "build", OSSL_PARAM_UTF8_STRING_PTR, &build, 0, &build_l },
     { NULL, 0, NULL, 0, NULL }
 };

 if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
     && OSSL_PROVIDER_get_params(prov, request))
     printf("Provider 'foo' build %s\n", build);
 else
     ERR_print_errors_fp(stderr);

=head1 SEE ALSO

L<openssl-core.h(7)>, L<OPENSSL_CTX(3)>, L<provider(7)>

=head1 HISTORY

The type and functions described here were added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
c4532834 RL	1	=pod
	2
	3	=head1 NAME
	4
6bd4e3f2	5	OSSL_PROVIDER_set_default_search_path,
c4532834	6	OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload,
a7ad40c5	7	OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
dca97d00	8	OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
d01d3752	9	OSSL_PROVIDER_query_operation, OSSL_PROVIDER_get0_provider_ctx,
3c49e4ff	10	OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name,
04cb5ec0 SL	11	OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test
04cb5ec0 SL	12	- provider routines
c4532834 RL	13
	14	=head1 SYNOPSIS
	15
	16	#include <openssl/provider.h>
	17
	18	typedef struct ossl_provider_st OSSL_PROVIDER;
	19
6bd4e3f2 P	20	void OSSL_PROVIDER_set_default_search_path(OPENSSL_CTX *libctx,
	21	const char *path);
	22
36f5ec55	23	OSSL_PROVIDER OSSL_PROVIDER_load(OPENSSL_CTX libctx, const char *name);
c4532834	24	int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
36f5ec55	25	int OSSL_PROVIDER_available(OPENSSL_CTX libctx, const char name);
a7ad40c5 RL	26	int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx,
	27	int (cb)(OSSL_PROVIDER provider, void *cbdata),
	28	void *cbdata);
c4532834	29
dca97d00	30	const OSSL_PARAM OSSL_PROVIDER_gettable_params(OSSL_PROVIDER prov);
4e7991b4	31	int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
c4532834	32
5f603a28 MC	33	const OSSL_ALGORITHM OSSL_PROVIDER_query_operation(const OSSL_PROVIDER prov,
	34	int operation_id,
	35	int *no_cache);
d01d3752	36	void OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER prov);
5f603a28	37
36f5ec55	38	int OSSL_PROVIDER_add_builtin(OPENSSL_CTX libctx, const char name,
c4532834 RL	39	ossl_provider_init_fn *init_fn);
c4532834 RL	40
b37066fd RL	41	const char OSSL_PROVIDER_name(const OSSL_PROVIDER prov);
b37066fd RL	42
3c49e4ff MC	43	int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
	44	const char *capability,
	45	OSSL_CALLBACK *cb,
	46	void *arg);
04cb5ec0	47	int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);
3c49e4ff	48
c4532834 RL	49	=head1 DESCRIPTION
	50
	51	B<OSSL_PROVIDER> is a type that holds internal information about
	52	implementation providers (see L<provider(7)> for information on what a
	53	provider is).
	54	A provider can be built in to the application or the OpenSSL
	55	libraries, or can be a loadable module.
	56	The functions described here handle both forms.
	57
36f5ec55 RL	58	Some of these functions operate within a library context, please see
	59	L<OPENSSL_CTX(3)> for further details.
	60
c4532834 RL	61	=head2 Functions
c4532834 RL	62
6bd4e3f2 P	63	OSSL_PROVIDER_set_default_search_path() specifies the default search B<path>
	64	that is to be used for looking for providers in the specified B<libctx>.
	65	If left unspecified, an environment variable and a fall back default value will
	66	be used instead.
	67
c4532834 RL	68	OSSL_PROVIDER_add_builtin() is used to add a built in provider to
	69	B<OSSL_PROVIDER> store in the given library context, by associating a
	70	provider name with a provider initialization function.
	71	This name can then be used with OSSL_PROVIDER_load().
	72
	73	OSSL_PROVIDER_load() loads and initializes a provider.
	74	This may simply initialize a provider that was previously added with
	75	OSSL_PROVIDER_add_builtin() and run its given initialization function,
	76	or load a provider module with the given name and run its provider
	77	entry point, C<OSSL_provider_init>.
	78
	79	OSSL_PROVIDER_unload() unloads the given provider.
	80	For a provider added with OSSL_PROVIDER_add_builtin(), this simply
	81	runs its teardown function.
	82
36f5ec55 RL	83	OSSL_PROVIDER_available() checks if a named provider is available
	84	for use.
	85
a7ad40c5 RL	86	OSSL_PROVIDER_do_all() iterates over all loaded providers, calling
	87	I<cb> for each one, with the current provider in I<provider> and the
	88	I<cbdata> that comes from the caller.
	89
dca97d00	90	OSSL_PROVIDER_gettable_params() is used to get a provider parameter
26175013 RL	91	descriptor set as a constant B<OSSL_PARAM> array.
26175013 RL	92	See L<OSSL_PARAM(3)> for more information.
c4532834 RL	93
	94	OSSL_PROVIDER_get_params() is used to get provider parameter values.
	95	The caller must prepare the B<OSSL_PARAM> array before calling this
	96	function, and the variables acting as buffers for this parameter array
	97	should be filled with data when it returns successfully.
	98
04cb5ec0 SL	99	OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
	100	If the self tests fail then the provider will fail to provide any further
	101	services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
	102	beforehand in order to display diagnostics for the running self tests.
	103
5f603a28	104	OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
d01d3752	105	function (see L<provider(7)>), if the provider has one. It returns an
5f603a28 MC	106	array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
	107	NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
	108	applications should not need to call.
	109
d01d3752 MC	110	OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
	111	provider. The provider context is an opaque handle set by the provider itself
	112	and is passed back to the provider by libcrypto in various function calls.
	113
5f603a28	114	If it is permissible to cache references to this array then I<*no_store> is set
d01d3752	115	to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
5f603a28 MC	116	have a short lifetime.
5f603a28 MC	117
b37066fd RL	118	OSSL_PROVIDER_name() returns the name of the given provider.
b37066fd RL	119
3c49e4ff MC	120	OSSL_PROVIDER_get_capabilities() provides information about the capabilities
	121	supported by the provider specified in I<prov> with the capability name
	122	I<capability>. For each capability of that name supported by the provider it
	123	will call the callback I<cb> and supply a set of B<OSSL_PARAM>s describing the
	124	capability. It will also pass back the argument I<arg>. For more details about
	125	capabilities and what they can be used for please see
	126	L<provider-base(7)/CAPABILTIIES>.
	127
c4532834 RL	128	=head1 RETURN VALUES
c4532834 RL	129
3c49e4ff MC	130	OSSL_PROVIDER_add(), OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and
3c49e4ff MC	131	OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error.
c4532834 RL	132
	133	OSSL_PROVIDER_load() returns a pointer to a provider object on
	134	success, or B<NULL> on error.
	135
36f5ec55 RL	136	OSSL_PROVIDER_available() returns 1 if the named provider is available,
	137	otherwise 0.
	138
dca97d00	139	OSSL_PROVIDER_gettable_params() returns a pointer to an array
26175013	140	of constant B<OSSL_PARAM>, or NULL if none is provided.
c4532834	141
04cb5ec0	142	OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error.
c4532834	143
5f603a28 MC	144	OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
	145	error.
	146
04cb5ec0 SL	147	OSSL_PROVIDER_self_test() returns 1 if the self tests pass, or 0 on error.
04cb5ec0 SL	148
c4532834 RL	149	=head1 EXAMPLES
	150
	151	This demonstrates how to load the provider module "foo" and ask for
	152	its build number.
	153
	154	OSSL_PROVIDER *prov = NULL;
	155	const char *build = NULL;
	156	size_t built_l = 0;
4e7991b4	157	OSSL_PARAM request[] = {
c4532834 RL	158	{ "build", OSSL_PARAM_UTF8_STRING_PTR, &build, 0, &build_l },
	159	{ NULL, 0, NULL, 0, NULL }
	160	};
	161
	162	if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
	163	&& OSSL_PROVIDER_get_params(prov, request))
	164	printf("Provider 'foo' build %s\n", build);
	165	else
	166	ERR_print_errors_fp(stderr);
	167
	168	=head1 SEE ALSO
	169
36f5ec55	170	L<openssl-core.h(7)>, L<OPENSSL_CTX(3)>, L<provider(7)>
c4532834 RL	171
	172	=head1 HISTORY
	173
	174	The type and functions described here were added in OpenSSL 3.0.
	175
	176	=head1 COPYRIGHT
	177
33388b44	178	Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
c4532834 RL	179
	180	Licensed under the Apache License 2.0 (the "License"). You may not use
	181	this file except in compliance with the License. You can obtain a copy
	182	in the file LICENSE in the source distribution or at
	183	L<https://www.openssl.org/source/license.html>.
	184
	185	=cut