Replumbing: New public API to load or add providers

Adding a provider means creating an internal provier object and adding it to the store. This allows the addition of built in providers, be it in the OpenSSL libraries or in any application. "Loading" a provider is defined broadly. A built in provider is already "loaded" in essence and only needs activating, while a provider in a dynamically loadable module requires actually loading the module itself. In this API, "loading" a provider does both. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8287)
author: Richard Levitte <levitte@openssl.org> 2019-02-19 23:07:57 +0100
committer: Richard Levitte <levitte@openssl.org> 2019-03-11 20:40:13 +0100
commit: 3374dc03edda56cbfd2a558fc62b7970eb0b9ad1 (patch)
tree: 927a72965bf7ac7c9a1ef12c8400578ef7b493a9 /crypto
parent: 4c2883a9bf59c5ee31e8e2e101b3894a16c06950 (diff)
4 files changed, 74 insertions, 1 deletions
diff --git a/crypto/build.info b/crypto/build.info
index fdf0810dbe..0cca6ab7a3 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -17,7 +17,7 @@ SOURCE[../libcrypto]=\
         ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
         threads_pthread.c threads_win.c threads_none.c getenv.c \
         o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \
-        trace.c \
+        trace.c provider.c \
         {- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -}
 
 DEPEND[cversion.o]=buildinf.h
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index a99d488fa1..bf7985cee9 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -46,6 +46,8 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
      "OPENSSL_sk_deep_copy"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN, 0),
+     "OSSL_PROVIDER_add_builtin"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0),
      "ossl_provider_activate"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0),
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 4b331ebafa..3b3f761db2 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -368,6 +368,7 @@ CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
 CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
 CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
 CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
+CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN:132:OSSL_PROVIDER_add_builtin
 CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate
 CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new
 CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init
diff --git a/crypto/provider.c b/crypto/provider.c
new file mode 100644
index 0000000000..823d5dd585
--- /dev/null
+++ b/crypto/provider.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cryptoerr.h>
+#include <openssl/provider.h>
+#include "internal/provider.h"
+
+OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    /* Find it or create it */
+    if ((prov = ossl_provider_find(libctx, name)) == NULL
+        && (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
+        return NULL;
+
+    if (!ossl_provider_activate(prov)) {
+        ossl_provider_free(prov);
+        return NULL;
+    }
+
+    return prov;
+}
+
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
+{
+    ossl_provider_free(prov);
+    return 1;
+}
+
+const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov)
+{
+    return ossl_provider_get_param_types(prov);
+}
+
+int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[])
+{
+    return ossl_provider_get_params(prov, params);
+}
+
+int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
+                              OSSL_provider_init_fn *init_fn)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    if (name == NULL || init_fn == NULL) {
+        CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    /* Create it */
+    if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
+        return 0;
+
+    /*
+     * It's safely stored in the internal store at this point,
+     * free the returned extra reference
+     */
+    ossl_provider_free(prov);
+
+    return 1;
+}
author	Richard Levitte <levitte@openssl.org>	2019-02-19 23:07:57 +0100
committer	Richard Levitte <levitte@openssl.org>	2019-03-11 20:40:13 +0100
commit	3374dc03edda56cbfd2a558fc62b7970eb0b9ad1 (patch)
tree	927a72965bf7ac7c9a1ef12c8400578ef7b493a9 /crypto
parent	4c2883a9bf59c5ee31e8e2e101b3894a16c06950 (diff)