Enable applications to directly call a provider's query operation

This is useful to get hold of the low-level dispatch tables. This could
be used to create a new provider based on an existing one.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)

diff --git a/crypto/provider.c b/crypto/provider.c
index 13438cefe35c87711885fd80895df7dad8e71ff3..6b029eccedb1abeb9d49fcf6c4459e8d629077de 100644 (file)
--- a/crypto/provider.c
+++ b/crypto/provider.c
@@ -57,6 +57,15 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
     return ossl_provider_get_params(prov, params);
 }
 
+
+const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
+                                                    int operation_id,
+                                                    int *no_cache)
+{
+    return ossl_provider_query_operation(prov, operation_id, no_cache);
+}
+
+
 int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
                               OSSL_provider_init_fn *init_fn)
 {

diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod
index 93d6e1421cc505d0e9dc05b1965932bb088d80a6..177e2c2e83d4b855a3d4336ca6f18b0e78e5a6be 100644 (file)
--- a/doc/man3/OSSL_PROVIDER.pod
+++ b/doc/man3/OSSL_PROVIDER.pod
@@ -6,7 +6,8 @@ OSSL_PROVIDER_set_default_search_path,
 OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload,
 OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
 OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
-OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines
+OSSL_PROVIDER_query_operation, OSSL_PROVIDER_add_builtin,
+OSSL_PROVIDER_name - provider routines
 
 =head1 SYNOPSIS
 
@@ -27,6 +28,10 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines
  const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
  int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
 
+ const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
+                                                     int operation_id,
+                                                     int *no_cache);
+
  int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
                                ossl_provider_init_fn *init_fn);
 
@@ -82,6 +87,16 @@ The caller must prepare the B<OSSL_PARAM> array before calling this
 function, and the variables acting as buffers for this parameter array
 should be filled with data when it returns successfully.
 
+OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
+function (see L<provider(7)>), if the provider has one. It should return an
+array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
+NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
+applications should not need to call.
+
+If it is permissible to cache references to this array then I<*no_store> is set
+to 0 or 1 otherwise. If the array is not cacheable then it should be assumed to
+have a short lifetime.
+
 OSSL_PROVIDER_name() returns the name of the given provider.
 
 =head1 RETURN VALUES
@@ -101,6 +116,9 @@ of constant B<OSSL_PARAM>, or NULL if none is provided.
 
 OSSL_PROVIDER_get_params() returns 1 on success, or 0 on error.
 
+OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
+error.
+
 =head1 EXAMPLES
 
 This demonstrates how to load the provider module "foo" and ask for

diff --git a/include/openssl/provider.h b/include/openssl/provider.h
index 6ce68b16e7d9d34e5024fa6a1060d740da11863a..91b864e4230b9ac88b63e7751bd381b22fd88eee 100644 (file)
--- a/include/openssl/provider.h
+++ b/include/openssl/provider.h
@@ -30,6 +30,10 @@ int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx,
 const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
 
+const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
+                                                    int operation_id,
+                                                    int *no_cache);
+
 /* Add a built in providers */
 int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name,
                               OSSL_provider_init_fn *init_fn);

diff --git a/util/libcrypto.num b/util/libcrypto.num
index fd0509172f9a1503a593ef69581d4d30a3a4c782..3ac1c1ca4958b716e2ae01e2b84148b29b30d338 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5097,3 +5097,4 @@ EC_GROUP_get_field_type                 ? 3_0_0   EXIST::FUNCTION:EC
 X509_PUBKEY_eq                          ?      3_0_0   EXIST::FUNCTION:
 EVP_PKEY_eq                             ?      3_0_0   EXIST::FUNCTION:
 EVP_PKEY_parameters_eq                  ?      3_0_0   EXIST::FUNCTION:
+OSSL_PROVIDER_query_operation           ?      3_0_0   EXIST::FUNCTION: