Replumbing: New public API to load or add providers

Adding a provider means creating an internal provier object and adding
it to the store.  This allows the addition of built in providers, be it
in the OpenSSL libraries or in any application.

"Loading" a provider is defined broadly.  A built in provider is already
"loaded" in essence and only needs activating, while a provider in a
dynamically loadable module requires actually loading the module itself.
In this API, "loading" a provider does both.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)

7 files changed, 114 insertions, 1 deletions

diff --git a/crypto/build.info b/crypto/build.info
index fdf0810dbe..0cca6ab7a3 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -17,7 +17,7 @@ SOURCE[../libcrypto]=\
         ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
         threads_pthread.c threads_win.c threads_none.c getenv.c \
         o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \
-        trace.c \
+        trace.c provider.c \
         {- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -}
 
 DEPEND[cversion.o]=buildinf.h
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index a99d488fa1..bf7985cee9 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -46,6 +46,8 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
      "OPENSSL_sk_deep_copy"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN, 0),
+     "OSSL_PROVIDER_add_builtin"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0),
      "ossl_provider_activate"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0),
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 4b331ebafa..3b3f761db2 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -368,6 +368,7 @@ CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
 CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
 CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
 CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
+CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN:132:OSSL_PROVIDER_add_builtin
 CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate
 CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new
 CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
diff --git a/crypto/provider.c b/crypto/provider.c
new file mode 100644
index 0000000000..823d5dd585
--- /dev/null
+++ b/crypto/provider.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cryptoerr.h>
+#include <openssl/provider.h>
+#include "internal/provider.h"
+
+OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    /* Find it or create it */
+    if ((prov = ossl_provider_find(libctx, name)) == NULL
+        && (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
+        return NULL;
+
+    if (!ossl_provider_activate(prov)) {
+        ossl_provider_free(prov);
+        return NULL;
+    }
+
+    return prov;
+}
+
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
+{
+    ossl_provider_free(prov);
+    return 1;
+}
+
+const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov)
+{
+    return ossl_provider_get_param_types(prov);
+}
+
+int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[])
+{
+    return ossl_provider_get_params(prov, params);
+}
+
+int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
+                              OSSL_provider_init_fn *init_fn)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    if (name == NULL || init_fn == NULL) {
+        CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    /* Create it */
+    if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
+        return 0;
+
+    /*
+     * It's safely stored in the internal store at this point,
+     * free the returned extra reference
+     */
+    ossl_provider_free(prov);
+
+    return 1;
+}
diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
index 4924e336eb..c27f05c9af 100644
--- a/include/openssl/cryptoerr.h
+++ b/include/openssl/cryptoerr.h
@@ -43,6 +43,7 @@ int ERR_load_CRYPTO_strings(void);
 # define CRYPTO_F_OPENSSL_LH_NEW                          126
 # define CRYPTO_F_OPENSSL_SK_DEEP_COPY                    127
 # define CRYPTO_F_OPENSSL_SK_DUP                          128
+# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN               132
 # define CRYPTO_F_OSSL_PROVIDER_ACTIVATE                  130
 # define CRYPTO_F_OSSL_PROVIDER_NEW                       131
 # define CRYPTO_F_PKEY_HMAC_INIT                          123
diff --git a/include/openssl/provider.h b/include/openssl/provider.h
new file mode 100644
index 0000000000..7dc5b8ae54
--- /dev/null
+++ b/include/openssl/provider.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_PROVIDER_H
+# define OSSL_PROVIDER_H
+
+# include <openssl/core.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* Load and unload a provider */
+OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name);
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
+
+const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov);
+int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[]);
+
+/* Add a built in providers */
+int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name,
+                              OSSL_provider_init_fn *init_fn);
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
index cb0cb2279b..42435931c7 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4655,3 +4655,8 @@ OSSL_trace_set_callback                 4610	3_0_0	EXIST::FUNCTION:
 OSSL_trace_enabled                      4611	3_0_0	EXIST::FUNCTION:
 OSSL_trace_begin                        4612	3_0_0	EXIST::FUNCTION:
 OSSL_trace_end                          4613	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_load                      4614	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_unload                    4615	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_add_builtin               4616	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get_param_types           4617	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get_params                4618	3_0_0	EXIST::FUNCTION: