Replumbing: New public API to load or add providers

Adding a provider means creating an internal provier object and adding
it to the store.  This allows the addition of built in providers, be it
in the OpenSSL libraries or in any application.

"Loading" a provider is defined broadly.  A built in provider is already
"loaded" in essence and only needs activating, while a provider in a
dynamically loadable module requires actually loading the module itself.
In this API, "loading" a provider does both.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)
This commit is contained in:
Richard Levitte 2019-02-19 23:07:57 +01:00
parent 4c2883a9bf
commit 3374dc03ed
7 changed files with 114 additions and 1 deletions

View file

@ -17,7 +17,7 @@ SOURCE[../libcrypto]=\
ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
threads_pthread.c threads_win.c threads_none.c getenv.c \ threads_pthread.c threads_win.c threads_none.c getenv.c \
o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \ o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \
trace.c \ trace.c provider.c \
{- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -} {- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -}
DEPEND[cversion.o]=buildinf.h DEPEND[cversion.o]=buildinf.h

View file

@ -46,6 +46,8 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0), {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
"OPENSSL_sk_deep_copy"}, "OPENSSL_sk_deep_copy"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"}, {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN, 0),
"OSSL_PROVIDER_add_builtin"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0), {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0),
"ossl_provider_activate"}, "ossl_provider_activate"},
{ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0), {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0),

View file

@ -368,6 +368,7 @@ CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN:132:OSSL_PROVIDER_add_builtin
CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate
CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new
CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init

70
crypto/provider.c Normal file
View file

@ -0,0 +1,70 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/err.h>
#include <openssl/cryptoerr.h>
#include <openssl/provider.h>
#include "internal/provider.h"
OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
{
OSSL_PROVIDER *prov = NULL;
/* Find it or create it */
if ((prov = ossl_provider_find(libctx, name)) == NULL
&& (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
return NULL;
if (!ossl_provider_activate(prov)) {
ossl_provider_free(prov);
return NULL;
}
return prov;
}
int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
{
ossl_provider_free(prov);
return 1;
}
const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov)
{
return ossl_provider_get_param_types(prov);
}
int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[])
{
return ossl_provider_get_params(prov, params);
}
int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
OSSL_provider_init_fn *init_fn)
{
OSSL_PROVIDER *prov = NULL;
if (name == NULL || init_fn == NULL) {
CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
/* Create it */
if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
return 0;
/*
* It's safely stored in the internal store at this point,
* free the returned extra reference
*/
ossl_provider_free(prov);
return 1;
}

View file

@ -43,6 +43,7 @@ int ERR_load_CRYPTO_strings(void);
# define CRYPTO_F_OPENSSL_LH_NEW 126 # define CRYPTO_F_OPENSSL_LH_NEW 126
# define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127 # define CRYPTO_F_OPENSSL_SK_DEEP_COPY 127
# define CRYPTO_F_OPENSSL_SK_DUP 128 # define CRYPTO_F_OPENSSL_SK_DUP 128
# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN 132
# define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 130 # define CRYPTO_F_OSSL_PROVIDER_ACTIVATE 130
# define CRYPTO_F_OSSL_PROVIDER_NEW 131 # define CRYPTO_F_OSSL_PROVIDER_NEW 131
# define CRYPTO_F_PKEY_HMAC_INIT 123 # define CRYPTO_F_PKEY_HMAC_INIT 123

View file

@ -0,0 +1,34 @@
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef OSSL_PROVIDER_H
# define OSSL_PROVIDER_H
# include <openssl/core.h>
# ifdef __cplusplus
extern "C" {
# endif
/* Load and unload a provider */
OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name);
int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov);
int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[]);
/* Add a built in providers */
int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name,
OSSL_provider_init_fn *init_fn);
# ifdef __cplusplus
}
# endif
#endif

View file

@ -4655,3 +4655,8 @@ OSSL_trace_set_callback 4610 3_0_0 EXIST::FUNCTION:
OSSL_trace_enabled 4611 3_0_0 EXIST::FUNCTION: OSSL_trace_enabled 4611 3_0_0 EXIST::FUNCTION:
OSSL_trace_begin 4612 3_0_0 EXIST::FUNCTION: OSSL_trace_begin 4612 3_0_0 EXIST::FUNCTION:
OSSL_trace_end 4613 3_0_0 EXIST::FUNCTION: OSSL_trace_end 4613 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_load 4614 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_unload 4615 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_add_builtin 4616 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get_param_types 4617 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get_params 4618 3_0_0 EXIST::FUNCTION: