Add the concept of "Capabilities" to the default and fips providers

With capabilities we can query a provider about what it can do. Initially we support a "TLS-GROUP" capability. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
author: Matt Caswell <matt@openssl.org> 2020-05-18 14:11:06 +0100
committer: Matt Caswell <matt@openssl.org> 2020-06-19 10:19:31 +0100
commit: 72bfc9585891cffd29eb683ae5fb3181d62b9d33 (patch)
tree: d0aa468eff53efd75fe95b5210c2387acf7903ca /include
parent: edeaa96ae6aa9b5e0ba5fe98a7258086767a7887 (diff)
2 files changed, 20 insertions, 4 deletions
diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h
index fa6b7a9547..96b9d7e684 100644
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@@ -384,6 +384,19 @@ extern "C" {
 #define OSSL_PKEY_PARAM_RSA_TEST_Q2  "q2"
 #define OSSL_SIGNATURE_PARAM_KAT "kat"
 
+/* Capabilities */
+
+/* TLS-GROUP Capbility */
+#define OSSL_CAPABILITY_TLS_GROUP_NAME              "tls-group-name"
+#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL     "tls-group-name-internal"
+#define OSSL_CAPABILITY_TLS_GROUP_ID                "tls-group-id"
+#define OSSL_CAPABILITY_TLS_GROUP_ALG               "tls-group-alg"
+#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS     "tls-group-sec-bits"
+#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS           "tls-min-tls"
+#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS           "tls-max-tls"
+#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS          "tls-min-dtls"
+#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS          "tls-max-dtls"
+
 # ifdef __cplusplus
 }
 # endif
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index f7025d1c1d..667bb21ffb 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -154,20 +154,23 @@ OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **
                                          void **cbarg))
 
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
-# define OSSL_FUNC_PROVIDER_TEARDOWN         1024
+# define OSSL_FUNC_PROVIDER_TEARDOWN           1024
 OSSL_CORE_MAKE_FUNC(void,provider_teardown,(void *provctx))
-# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS  1025
+# define OSSL_FUNC_PROVIDER_GETTABLE_PARAMS    1025
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
                     provider_gettable_params,(void *provctx))
-# define OSSL_FUNC_PROVIDER_GET_PARAMS       1026
+# define OSSL_FUNC_PROVIDER_GET_PARAMS         1026
 OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx,
                                              OSSL_PARAM params[]))
-# define OSSL_FUNC_PROVIDER_QUERY_OPERATION  1027
+# define OSSL_FUNC_PROVIDER_QUERY_OPERATION    1027
 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
                     (void *provctx, int operation_id, int *no_store))
 # define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028
 OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings,
                     (void *provctx))
+# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES   1029
+OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx,
+                    const char *capability, OSSL_CALLBACK *cb, void *arg))
 
 /* Operations */
author	Matt Caswell <matt@openssl.org>	2020-05-18 14:11:06 +0100
committer	Matt Caswell <matt@openssl.org>	2020-06-19 10:19:31 +0100
commit	72bfc9585891cffd29eb683ae5fb3181d62b9d33 (patch)
tree	d0aa468eff53efd75fe95b5210c2387acf7903ca /include
parent	edeaa96ae6aa9b5e0ba5fe98a7258086767a7887 (diff)