doc/man3/OSSL_PROVIDER.pod

   1 =pod
   2
   3 =head1 NAME
   4
   5 OSSL_PROVIDER_set_default_search_path,
   6 OSSL_PROVIDER_get0_default_search_path,
   7 OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
   8 OSSL_PROVIDER_load_ex, OSSL_PROVIDER_try_load_ex,
   9 OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
  10 OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
  11 OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation,
  12 OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch,
  13 OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities,
  14 OSSL_PROVIDER_self_test
  15 - provider routines
  16
  17 =head1 SYNOPSIS
  18
  19  #include <openssl/provider.h>
  20
  21  typedef struct ossl_provider_st OSSL_PROVIDER;
  22
  23  int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx,
  24                                            const char *path);
  25  const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
  26
  27  OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name);
  28  OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
  29                                       OSSL_PARAM *params);
  30  OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name,
  31                                        int retain_fallbacks);
  32  OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
  33                                           OSSL_PARAM *params,
  34                                           int retain_fallbacks);
  35  int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
  36  int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name);
  37  int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
  38                           int (*cb)(OSSL_PROVIDER *provider, void *cbdata),
  39                           void *cbdata);
  40
  41  const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
  42  int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
  43
  44  const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
  45                                                      int operation_id,
  46                                                      int *no_cache);
  47  void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
  48                                       int operation_id,
  49                                       const OSSL_ALGORITHM *algs);
  50  void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
  51  const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov);
  52
  53  int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name,
  54                                ossl_provider_init_fn *init_fn);
  55
  56  const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov);
  57
  58  int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
  59                                     const char *capability,
  60                                     OSSL_CALLBACK *cb,
  61                                     void *arg);
  62  int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);
  63
  64 =head1 DESCRIPTION
  65
  66 B<OSSL_PROVIDER> is a type that holds internal information about
  67 implementation providers (see L<provider(7)> for information on what a
  68 provider is).
  69 A provider can be built in to the application or the OpenSSL
  70 libraries, or can be a loadable module.
  71 The functions described here handle both forms.
  72
  73 Some of these functions operate within a library context, please see
  74 L<OSSL_LIB_CTX(3)> for further details.
  75
  76 =head2 Functions
  77
  78 OSSL_PROVIDER_set_default_search_path() specifies the default search I<path>
  79 that is to be used for looking for providers in the specified I<libctx>.
  80 If left unspecified, an environment variable and a fall back default value will
  81 be used instead.
  82
  83 OSSL_PROVIDER_get0_default_search_path() retrieves the default search I<path>
  84 that is to be used for looking for providers in the specified I<libctx>.
  85 If successful returns the path or empty string; the path is valid until the
  86 context is released or OSSL_PROVIDER_set_default_search_path() is called.
  87
  88 OSSL_PROVIDER_add_builtin() is used to add a built in provider to
  89 B<OSSL_PROVIDER> store in the given library context, by associating a
  90 provider name with a provider initialization function.
  91 This name can then be used with OSSL_PROVIDER_load().
  92
  93 OSSL_PROVIDER_load() loads and initializes a provider.
  94 This may simply initialize a provider that was previously added with
  95 OSSL_PROVIDER_add_builtin() and run its given initialization function,
  96 or load a provider module with the given name and run its provider
  97 entry point, C<OSSL_provider_init>. The I<name> can be a path
  98 to a provider module, in that case the provider name as returned
  99 by OSSL_PROVIDER_get0_name() will be the path. Interpretation
 100 of relative paths is platform dependent and they are relative
 101 to the configured "MODULESDIR" directory or the path set in
 102 the environment variable OPENSSL_MODULES if set.
 103
 104 OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that
 105 it does not disable the fallback providers if the provider cannot be
 106 loaded and initialized or if I<retain_fallbacks> is nonzero.
 107 If the provider loads successfully and I<retain_fallbacks> is zero, the
 108 fallback providers are disabled.
 109
 110 OSSL_PROVIDER_load_ex() and OSSL_PROVIDER_try_load_ex() are the variants
 111 of the previous functions accepting an C<OSSL_PARAM> array of the parameters
 112 that are passed as the configuration of the loaded provider. The parameters
 113 of any type but C<OSSL_PARAM_UTF8_STRING> are silently ignored. If the
 114 parameters are provided, they replace B<all> the ones specified in the
 115 configuration file.
 116
 117 OSSL_PROVIDER_unload() unloads the given provider.
 118 For a provider added with OSSL_PROVIDER_add_builtin(), this simply
 119 runs its teardown function.
 120
 121 OSSL_PROVIDER_available() checks if a named provider is available
 122 for use.
 123
 124 OSSL_PROVIDER_do_all() iterates over all loaded providers, calling
 125 I<cb> for each one, with the current provider in I<provider> and the
 126 I<cbdata> that comes from the caller. If no other provider has been loaded
 127 before calling this function, the default provider is still available as
 128 fallback.
 129 See L<OSSL_PROVIDER-default(7)> for more information on this fallback
 130 behaviour.
 131
 132 OSSL_PROVIDER_gettable_params() is used to get a provider parameter
 133 descriptor set as a constant L<OSSL_PARAM(3)> array.
 134
 135 OSSL_PROVIDER_get_params() is used to get provider parameter values.
 136 The caller must prepare the L<OSSL_PARAM(3)> array before calling this
 137 function, and the variables acting as buffers for this parameter array
 138 should be filled with data when it returns successfully.
 139
 140 OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
 141 If the self tests fail then the provider will fail to provide any further
 142 services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
 143 beforehand in order to display diagnostics for the running self tests.
 144
 145 OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
 146 function (see L<provider(7)>), if the provider has one. It returns an
 147 array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
 148 NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
 149 applications should not need to call.
 150
 151 OSSL_PROVIDER_unquery_operation() calls the provider's I<unquery_operation>
 152 function (see L<provider(7)>), if the provider has one.  This is considered a
 153 low-level function that most applications should not need to call.
 154
 155 OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
 156 provider. The provider context is an opaque handle set by the provider itself
 157 and is passed back to the provider by libcrypto in various function calls.
 158
 159 OSSL_PROVIDER_get0_dispatch() returns the provider's dispatch table as it was
 160 returned in the I<out> parameter from the provider's init function. See
 161 L<provider-base(7)>.
 162
 163 If it is permissible to cache references to this array then I<*no_store> is set
 164 to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
 165 have a short lifetime.
 166
 167 OSSL_PROVIDER_get0_name() returns the name of the given provider.
 168
 169 OSSL_PROVIDER_get_capabilities() provides information about the capabilities
 170 supported by the provider specified in I<prov> with the capability name
 171 I<capability>. For each capability of that name supported by the provider it
 172 will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
 173 capability. It will also pass back the argument I<arg>. For more details about
 174 capabilities and what they can be used for please see
 175 L<provider-base(7)/CAPABILTIIES>.
 176
 177 =head1 RETURN VALUES
 178
 179 OSSL_PROVIDER_set_default_search_path(), OSSL_PROVIDER_add(),
 180 OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and
 181 OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error.
 182
 183 OSSL_PROVIDER_get0_default_search_path() returns a pointer to a path on success,
 184 or NULL on error or if the path has not previously been set.
 185
 186 OSSL_PROVIDER_load() and OSSL_PROVIDER_try_load() return a pointer to a
 187 provider object on success, or NULL on error.
 188
 189 OSSL_PROVIDER_do_all() returns 1 if the callback I<cb> returns 1 for every
 190 provider it is called with, or 0 if any provider callback invocation returns 0;
 191 callback processing stops at the first callback invocation on a provider
 192 that returns 0.
 193
 194 OSSL_PROVIDER_available() returns 1 if the named provider is available,
 195 otherwise 0.
 196
 197 OSSL_PROVIDER_gettable_params() returns a pointer to an array
 198 of constant L<OSSL_PARAM(3)>, or NULL if none is provided.
 199
 200 OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error.
 201
 202 OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
 203 error.
 204
 205 OSSL_PROVIDER_self_test() returns 1 if the self tests pass, or 0 on error.
 206
 207 =head1 EXAMPLES
 208
 209 This demonstrates how to load the provider module "foo" and ask for
 210 its build information.
 211
 212  #include <openssl/params.h>
 213  #include <openssl/provider.h>
 214  #include <openssl/err.h>
 215
 216  OSSL_PROVIDER *prov = NULL;
 217  const char *build = NULL;
 218  OSSL_PARAM request[] = {
 219      { "buildinfo", OSSL_PARAM_UTF8_PTR, &build, 0, 0 },
 220      { NULL, 0, NULL, 0, 0 }
 221  };
 222
 223  if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
 224      && OSSL_PROVIDER_get_params(prov, request))
 225      printf("Provider 'foo' buildinfo: %s\n", build);
 226  else
 227      ERR_print_errors_fp(stderr);
 228
 229 =head1 SEE ALSO
 230
 231 L<openssl-core.h(7)>, L<OSSL_LIB_CTX(3)>, L<provider(7)>
 232
 233 =head1 HISTORY
 234
 235 The type and functions described here were added in OpenSSL 3.0.
 236
 237 The I<OSSL_PROVIDER_load_ex> and I<OSSL_PROVIDER_try_load_ex> functions were
 238 added in OpenSSL 3.2.
 239
 240 =head1 COPYRIGHT
 241
 242 Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
 243
 244 Licensed under the Apache License 2.0 (the "License").  You may not use
 245 this file except in compliance with the License.  You can obtain a copy
 246 in the file LICENSE in the source distribution or at
 247 L<https://www.openssl.org/source/license.html>.
 248
 249 =cut