doc/man7/provider-base.pod

   1 =pod
   2
   3 =head1 NAME
   4
   5 provider-base
   6 - The basic OpenSSL library E<lt>-E<gt> provider functions
   7
   8 =head1 SYNOPSIS
   9
  10  #include <openssl/core_numbers.h>
  11
  12  /*
  13   * None of these are actual functions, but are displayed like this for
  14   * the function signatures for functions that are offered as function
  15   * pointers in OSSL_DISPATCH arrays.
  16   */
  17
  18  /* Functions offered by libcrypto to the providers */
  19  const OSSL_ITEM *core_get_param_types(const OSSL_PROVIDER *prov);
  20  int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
  21  int core_thread_start(const OSSL_PROVIDER *prov,
  22                        OSSL_thread_stop_handler_fn handfn);
  23  void core_put_error(const OSSL_PROVIDER *prov,
  24                      uint32_t reason, const char *file, int line);
  25  void core_add_error_vdata(const OSSL_PROVIDER *prov,
  26                            int num, va_list args);
  27  OPENSSL_CTX *core_get_library_context(const OSSL_PROVIDER *prov);
  28
  29  /*
  30   * Some OpenSSL functionality is directly offered to providers via
  31   * dispatch
  32   */
  33  void *CRYPTO_malloc(size_t num, const char *file, int line);
  34  void *CRYPTO_zalloc(size_t num, const char *file, int line);
  35  void *CRYPTO_memdup(const void *str, size_t siz,
  36                      const char *file, int line);
  37  char *CRYPTO_strdup(const char *str, const char *file, int line);
  38  char *CRYPTO_strndup(const char *str, size_t s,
  39                       const char *file, int line);
  40  void CRYPTO_free(void *ptr, const char *file, int line);
  41  void CRYPTO_clear_free(void *ptr, size_t num,
  42                         const char *file, int line);
  43  void *CRYPTO_realloc(void *addr, size_t num,
  44                       const char *file, int line);
  45  void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
  46                             const char *file, int line);
  47  void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
  48  void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
  49  void CRYPTO_secure_free(void *ptr, const char *file, int line);
  50  void CRYPTO_secure_clear_free(void *ptr, size_t num,
  51                                const char *file, int line);
  52  int CRYPTO_secure_allocated(const void *ptr);
  53  void OPENSSL_cleanse(void *ptr, size_t len);
  54  unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
  55
  56  /* Functions offered by the provider to libcrypto */
  57  void provider_teardown(void *provctx);
  58  const OSSL_ITEM *provider_get_param_types(void *provctx);
  59  int provider_get_params(void *provctx, OSSL_PARAM params[]);
  60  const OSSL_ALGORITHM *provider_query_operation(void *provctx,
  61                                                 int operation_id,
  62                                                 const int *no_store);
  63  const OSSL_ITEM *provider_get_reason_strings(void *provctx);
  64
  65 =head1 DESCRIPTION
  66
  67 All "functions" mentioned here are passed as function pointers between
  68 F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays, in the call
  69 of the provider initialization function.  See L<provider(7)/Provider>
  70 for a description of the initialization function.
  71
  72 All these "functions" have a corresponding function type definition
  73 named B<OSSL_{name}_fn>, and a helper function to retrieve the
  74 function pointer from a B<OSSL_DISPATCH> element named
  75 B<OSSL_get_{name}>.
  76 For example, the "function" core_get_param_types() has these:
  77
  78  typedef OSSL_ITEM *
  79      (OSSL_core_get_param_types_fn)(const OSSL_PROVIDER *prov);
  80  static ossl_inline OSSL_NAME_core_get_param_types_fn
  81      OSSL_get_core_get_param_types(const OSSL_DISPATCH *opf);
  82
  83 B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
  84 macros in L<openssl-core_numbers.h(7)>, as follows:
  85
  86 For I<in> (the B<OSSL_DISPATCH> array passed from F<libcrypto> to the
  87 provider):
  88
  89  core_get_param_types           OSSL_FUNC_CORE_GET_PARAM_TYPES
  90  core_get_params                OSSL_FUNC_CORE_GET_PARAMS
  91  core_thread_start              OSSL_FUNC_CORE_THREAD_START
  92  core_put_error                 OSSL_FUNC_CORE_PUT_ERROR
  93  core_add_error_vdata           OSSL_FUNC_CORE_ADD_ERROR_VDATA
  94  core_get_library_context       OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT
  95  CRYPTO_malloc                  OSSL_FUNC_CRYPTO_MALLOC
  96  CRYPTO_zalloc                  OSSL_FUNC_CRYPTO_ZALLOC
  97  CRYPTO_memdup                  OSSL_FUNC_CRYPTO_MEMDUP
  98  CRYPTO_strdup                  OSSL_FUNC_CRYPTO_STRDUP
  99  CRYPTO_strndup                 OSSL_FUNC_CRYPTO_STRNDUP
 100  CRYPTO_free                    OSSL_FUNC_CRYPTO_FREE
 101  CRYPTO_clear_free              OSSL_FUNC_CRYPTO_CLEAR_FREE
 102  CRYPTO_realloc                 OSSL_FUNC_CRYPTO_REALLOC
 103  CRYPTO_clear_realloc           OSSL_FUNC_CRYPTO_CLEAR_REALLOC
 104  CRYPTO_secure_malloc           OSSL_FUNC_CRYPTO_SECURE_MALLOC
 105  CRYPTO_secure_zalloc           OSSL_FUNC_CRYPTO_SECURE_ZALLOC
 106  CRYPTO_secure_free             OSSL_FUNC_CRYPTO_SECURE_FREE
 107  CRYPTO_secure_clear_free       OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE
 108  CRYPTO_secure_allocated        OSSL_FUNC_CRYPTO_SECURE_ALLOCATED
 109  OPENSSL_cleanse                OSSL_FUNC_OPENSSL_CLEANSE
 110  OPENSSL_hexstr2buf             OSSL_FUNC_OPENSSL_HEXSTR2BUF
 111
 112 For I<*out> (the B<OSSL_DISPATCH> array passed from the provider to
 113 F<libcrypto>):
 114
 115  provider_teardown              OSSL_FUNC_PROVIDER_TEARDOWN
 116  provider_get_param_types       OSSL_FUNC_PROVIDER_GET_PARAM_TYPES
 117  provider_get_params            OSSL_FUNC_PROVIDER_GET_PARAMS
 118  provider_query_operation       OSSL_FUNC_PROVIDER_QUERY_OPERATION
 119  provider_get_reason_strings    OSSL_FUNC_PROVIDER_GET_REASON_STRINGS
 120
 121 =head2 Core functions
 122
 123 core_get_param_types() returns a constant array of descriptor
 124 B<OSSL_PARAM>, for parameters that core_get_params() can handle.
 125
 126 core_get_params() retrieves I<prov> parameters from the core.
 127 See L</Core parameters> below for a description of currently known
 128 parameters.
 129
 130 =for comment core_thread_start() TBA
 131
 132 core_put_error() is used to report an error back to the core, with
 133 reference to the provider object I<prov>.
 134 The I<reason> is a number defined by the provider and used to index
 135 the reason strings table that's returned by
 136 provider_get_reason_strings().
 137 I<file> and I<line> may also be passed to indicate exactly where the
 138 error occured or was reported.
 139 This corresponds to the OpenSSL function L<ERR_put_error(3)>.
 140
 141 core_add_error_vdata() is used to add additional text data to an
 142 error already reported with core_put_error().
 143 It takes I<num> strings in a B<va_list> and concatenates them.
 144 Provider authors will have to write the corresponding variadic
 145 argument function.
 146
 147 core_get_library_context() retrieves the library context in which the
 148 B<OSSL_PROVIDER> object I<prov> is stored.
 149 This may sometimes be useful if the provider wishes to store a
 150 reference to its context in the same library context.
 151
 152 CRYPTO_malloc(), CRYPTO_zalloc(), CRYPTO_memdup(), CRYPTO_strdup(),
 153 CRYPTO_strndup(), CRYPTO_free(), CRYPTO_clear_free(),
 154 CRYPTO_realloc(), CRYPTO_clear_realloc(), CRYPTO_secure_malloc(),
 155 CRYPTO_secure_zalloc(), CRYPTO_secure_free(),
 156 CRYPTO_secure_clear_free(), CRYPTO_secure_allocated(),
 157 OPENSSL_cleanse(), and OPENSSL_hexstr2buf() correspond exactly to the
 158 public functions with the same name.
 159 As a matter of fact, the pointers in the B<OSSL_DISPATCH> array are
 160 direct pointers to those public functions.
 161
 162 =head2 Provider functions
 163
 164 provider_teardown() is called when a provider is shut down and removed
 165 from the core's provider store.
 166 It must free the passed I<provctx>.
 167
 168 provider_get_param_types() should return a constant array of
 169 descriptor B<OSSL_PARAM>, for parameters that provider_get_params()
 170 can handle.
 171
 172 provider_get_params() should process the B<OSSL_PARAM> array
 173 I<params>, setting the values of the parameters it understands.
 174
 175 provider_query_operation() should return a constant B<OSSL_ALGORITHM>
 176 that corresponds to the given I<operation_id>.
 177 It should indicate if the core may store a reference to this array by
 178 setting I<*no_store> to 0 (core may store a reference) or 1 (core may
 179 not store a reference).
 180
 181 provider_get_reason_strings() should return a constant B<OSSL_ITEM>
 182 array that provides reason strings for reason codes the provider may
 183 use when reporting errors using core_put_error().
 184
 185 None of these functions are mandatory, but a provider is fairly
 186 useless without at least provider_query_operation(), and
 187 provider_get_param_types() is fairly useless if not accompanied by
 188 provider_get_params().
 189
 190 =head2 Core parameters
 191
 192 core_get_params() understands the following known parameters:
 193
 194 =over 4
 195
 196 =item "openssl-version"
 197
 198 This is a B<OSSL_PARAM_UTF8_PTR> type of parameter, pointing at the
 199 OpenSSL libraries' full version string, i.e. the string expanded from
 200 the macro B<OPENSSL_VERSION_STR>.
 201
 202 =item "provider-name"
 203
 204 This is a B<OSSL_PARAM_UTF8_PTR> type of parameter, pointing at the
 205 OpenSSL libraries' idea of what the calling provider is called.
 206
 207 =back
 208
 209 Additionally, provider specific configuration parameters from the
 210 config file are available, in dotted name form.
 211 The dotted name form is a concatenation of section names and final
 212 config command name separated by periods.
 213
 214 For example, let's say we have the following config example:
 215
 216  openssl_conf = openssl_init
 217
 218  [openssl_init]
 219  providers = providers_sect
 220
 221  [providers_sect]
 222  foo = foo_sect
 223
 224  [foo_sect]
 225  activate = 1
 226  data1 = 2
 227  data2 = str
 228  more = foo_more
 229
 230  [foo_more]
 231  data3 = foo,bar
 232
 233 The provider will have these additional parameters available:
 234
 235 =over 4
 236
 237 =item "activate"
 238
 239 pointing at the string "1"
 240
 241 =item "data1"
 242
 243 pointing at the string "2"
 244
 245 =item "data2"
 246
 247 pointing at the string "str"
 248
 249 =item "more.data3"
 250
 251 pointing at the string "foo,bar"
 252
 253 =back
 254
 255 For more information on handling parameters, see L<OSSL_PARAM(3)> as
 256 L<OSSL_PARAM_int(3)>.
 257
 258 =head1 EXAMPLES
 259
 260 This is an example of a simple provider made available as a
 261 dynamically loadable module.
 262 It implements the fictitious algorithm C<FOO> for the fictitious
 263 operation C<BAR>.
 264
 265  #include <malloc.h>
 266  #include <openssl/core.h>
 267  #include <openssl/core_numbers.h>
 268
 269  /* Errors used in this provider */
 270  #define E_MALLOC       1
 271
 272  static const OSSL_ITEM reasons[] = {
 273      { E_MALLOC, "memory allocation failure" }.
 274      { 0, NULL } /* Termination */
 275  };
 276
 277  /*
 278   * To ensure we get the function signature right, forward declare
 279   * them using function types provided by openssl/core_numbers.h
 280   */
 281  OSSL_OP_bar_newctx_fn foo_newctx;
 282  OSSL_OP_bar_freectx_fn foo_freectx;
 283  OSSL_OP_bar_init_fn foo_init;
 284  OSSL_OP_bar_update_fn foo_update;
 285  OSSL_OP_bar_final_fn foo_final;
 286
 287  OSSL_provider_query_operation_fn p_query;
 288  OSSL_provider_get_reason_strings_fn p_reasons;
 289  OSSL_provider_teardown_fn p_teardown;
 290
 291  OSSL_provider_init_fn OSSL_provider_init;
 292
 293  OSSL_core_put_error *c_put_error = NULL;
 294
 295  /* Provider context */
 296  struct prov_ctx_st {
 297      OSSL_PROVIDER *prov;
 298  }
 299
 300  /* operation context for the algorithm FOO */
 301  struct foo_ctx_st {
 302      struct prov_ctx_st *provctx;
 303      int b;
 304  };
 305
 306  static void *foo_newctx(void *provctx)
 307  {
 308      struct foo_ctx_st *fooctx = malloc(sizeof(*fooctx));
 309
 310      if (fooctx != NULL)
 311          fooctx->provctx = provctx;
 312      else
 313          c_put_error(provctx->prov, E_MALLOC, __FILE__, __LINE__);
 314      return fooctx;
 315  }
 316
 317  static void foo_freectx(void *fooctx)
 318  {
 319      free(fooctx);
 320  }
 321
 322  static int foo_init(void *vfooctx)
 323  {
 324      struct foo_ctx_st *fooctx = vfooctx;
 325
 326      fooctx->b = 0x33;
 327  }
 328
 329  static int foo_update(void *vfooctx, unsigned char *in, size_t inl)
 330  {
 331      struct foo_ctx_st *fooctx = vfooctx;
 332
 333      /* did you expect something serious? */
 334      if (inl == 0)
 335          return 1;
 336      for (; inl-- > 0; in++)
 337          *in ^= fooctx->b;
 338      return 1;
 339  }
 340
 341  static int foo_final(void *vfooctx)
 342  {
 343      struct foo_ctx_st *fooctx = vfooctx;
 344
 345      fooctx->b = 0x66;
 346  }
 347
 348  static const OSSL_DISPATCH foo_fns[] = {
 349      { OSSL_FUNC_BAR_NEWCTX, (void (*)(void))foo_newctx },
 350      { OSSL_FUNC_BAR_FREECTX, (void (*)(void))foo_freectx },
 351      { OSSL_FUNC_BAR_INIT, (void (*)(void))foo_init },
 352      { OSSL_FUNC_BAR_UPDATE, (void (*)(void))foo_update },
 353      { OSSL_FUNC_BAR_FINAL, (void (*)(void))foo_final },
 354      { 0, NULL }
 355  };
 356
 357  static const OSSL_ALGORITHM bars[] = {
 358      { "FOO", "provider=chumbawamba", foo_fns },
 359      { NULL, NULL, NULL }
 360  };
 361
 362  static const OSSL_ALGORITHM *p_query(void *provctx, int operation_id,
 363                                       int *no_store)
 364  {
 365      switch (operation_id) {
 366      case OSSL_OP_BAR:
 367          return bars;
 368      }
 369      return NULL;
 370  }
 371
 372  static const OSSL_ITEM *p_reasons(void *provctx)
 373  {
 374      return reasons;
 375  }
 376
 377  static void p_teardown(void *provctx)
 378  {
 379      free(provctx);
 380  }
 381
 382  static const OSSL_DISPATCH prov_fns[] = {
 383      { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_teardown },
 384      { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))p_query },
 385      { OSSL_FUNC_PROVIDER_GET_REASON_STRINGS, (void (*)(void))p_reasons },
 386      { 0, NULL }
 387  };
 388
 389  int OSSL_provider_init(const OSSL_PROVIDER *provider,
 390                         const OSSL_DISPATCH *in,
 391                         const OSSL_DISPATCH **out,
 392                         void **provctx)
 393  {
 394      struct prov_ctx_st *pctx = NULL;
 395
 396      for (; in->function_id != 0; in++)
 397          switch (in->function_id) {
 398          case OSSL_FUNC_CORE_PUT_ERROR:
 399              c_put_error = OSSL_get_core_put_error(in);
 400              break;
 401          }
 402
 403      *out = prov_fns;
 404
 405      if ((pctx = malloc(sizeof(*pctx))) == NULL) {
 406          /*
 407           * ALEA IACTA EST, if the core retrieves the reason table
 408           * regardless, that string will be displayed, otherwise not.
 409           */
 410          c_put_error(provider, E_MALLOC, __FILE__, __LINE__);
 411          return 0;
 412      }
 413      return 1;
 414  }
 415
 416 This relies on a few things existing in F<openssl/core_numbers.h>:
 417
 418  #define OSSL_OP_BAR            4711
 419
 420  #define OSSL_FUNC_BAR_NEWCTX      1
 421  typedef void *(OSSL_OP_bar_newctx_fn)(void *provctx);
 422  static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf)
 423  { return (OSSL_OP_bar_newctx_fn *)opf->function; }
 424
 425  #define OSSL_FUNC_BAR_FREECTX     2
 426  typedef void (OSSL_OP_bar_freectx_fn)(void *ctx);
 427  static ossl_inline OSSL_get_bar_newctx(const OSSL_DISPATCH *opf)
 428  { return (OSSL_OP_bar_freectx_fn *)opf->function; }
 429
 430  #define OSSL_FUNC_BAR_INIT        3
 431  typedef void *(OSSL_OP_bar_init_fn)(void *ctx);
 432  static ossl_inline OSSL_get_bar_init(const OSSL_DISPATCH *opf)
 433  { return (OSSL_OP_bar_init_fn *)opf->function; }
 434
 435  #define OSSL_FUNC_BAR_UPDATE      4
 436  typedef void *(OSSL_OP_bar_update_fn)(void *ctx,
 437                                        unsigned char *in, size_t inl);
 438  static ossl_inline OSSL_get_bar_update(const OSSL_DISPATCH *opf)
 439  { return (OSSL_OP_bar_update_fn *)opf->function; }
 440
 441  #define OSSL_FUNC_BAR_FINAL       5
 442  typedef void *(OSSL_OP_bar_final_fn)(void *ctx);
 443  static ossl_inline OSSL_get_bar_final(const OSSL_DISPATCH *opf)
 444  { return (OSSL_OP_bar_final_fn *)opf->function; }
 445
 446 =head1 SEE ALSO
 447
 448 L<provider(7)>
 449
 450 =head1 HISTORY
 451
 452 The concept of providers and everything surrounding them was
 453 introduced in OpenSSL 3.0.
 454
 455 =head1 COPYRIGHT
 456
 457 Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 458
 459 Licensed under the Apache License 2.0 (the "License").  You may not use
 460 this file except in compliance with the License.  You can obtain a copy
 461 in the file LICENSE in the source distribution or at
 462 L<https://www.openssl.org/source/license.html>.
 463
 464 =cut