1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
|
=pod
=head1 NAME
provider - OpenSSL operation implementation providers
=head1 SYNOPSIS
=for openssl generic
#include <openssl/provider.h>
=head1 DESCRIPTION
=head2 General
A I<provider>, in OpenSSL terms, is a unit of code that provides one
or more implementations for various operations for diverse algorithms
that one might want to perform.
An I<operation> is something one wants to do, such as encryption and
decryption, key derivation, MAC calculation, signing and verification,
etc.
An I<algorithm> is a named method to perform an operation.
Very often, the algorithms revolve around cryptographic operations,
but may also revolve around other types of operation, such as managing
certain types of objects.
=head2 Provider
I<NOTE: This section is mostly interesting for provider authors.>
A I<provider> offers an initialization function, as a set of base
functions in the form of an B<OSSL_DISPATCH> array, and by extension,
a set of B<OSSL_ALGORITHM>s (see L<openssl-core.h(7)>).
It may be a dynamically loadable module, or may be built-in, in
OpenSSL libraries or in the application.
If it's a dynamically loadable module, the initialization function
must be named C<OSSL_provider_init> and must be exported.
If it's built-in, the initialization function may have any name.
The initialization function must have the following signature:
int NAME(const OSSL_CORE_HANDLE *handle,
const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,
void **provctx);
I<handle> is the OpenSSL library object for the provider, and works
as a handle for everything the OpenSSL libraries need to know about
the provider.
For the provider itself, it is passed to some of the functions given in the
dispatch array I<in>.
I<in> is a dispatch array of base functions offered by the OpenSSL
libraries, and the available functions are further described in
L<provider-base(7)>.
I<*out> must be assigned a dispatch array of base functions that the
provider offers to the OpenSSL libraries.
The functions that may be offered are further described in
L<provider-base(7)>, and they are the central means of communication
between the OpenSSL libraries and the provider.
I<*provctx> should be assigned a provider specific context to allow
the provider multiple simultaneous uses.
This pointer will be passed to various operation functions offered by
the provider.
One of the functions the provider offers to the OpenSSL libraries is
the central mechanism for the OpenSSL libraries to get access to
operation implementations for diverse algorithms.
Its referred to with the number B<OSSL_FUNC_PROVIDER_QUERY_OPERATION>
and has the following signature:
const OSSL_ALGORITHM *provider_query_operation(void *provctx,
int operation_id,
const int *no_store);
I<provctx> is the provider specific context that was passed back by
the initialization function.
I<operation_id> is an operation identity (see L</Operations> below).
I<no_store> is a flag back to the OpenSSL libraries which, when
nonzero, signifies that the OpenSSL libraries will not store a
reference to the returned data in their internal store of
implementations.
The returned B<OSSL_ALGORITHM> is the foundation of any OpenSSL
library API that uses providers for their implementation, most
commonly in the I<fetching> type of functions
(see L</Fetching algorithms> below).
=head2 Operations
I<NOTE: This section is mostly interesting for provider authors.>
Operations are referred to with numbers, via macros with names
starting with C<OSSL_OP_>.
With each operation comes a set of defined function types that a
provider may or may not offer, depending on its needs.
Currently available operations are:
=over 4
=item Digests
In the OpenSSL libraries, the corresponding method object is
B<EVP_MD>.
The number for this operation is B<OSSL_OP_DIGEST>.
The functions the provider can offer are described in
L<provider-digest(7)>
=item Symmetric ciphers
In the OpenSSL libraries, the corresponding method object is
B<EVP_CIPHER>.
The number for this operation is B<OSSL_OP_CIPHER>.
The functions the provider can offer are described in
L<provider-cipher(7)>
=item Message Authentication Code (MAC)
In the OpenSSL libraries, the corresponding method object is
B<EVP_MAC>.
The number for this operation is B<OSSL_OP_MAC>.
The functions the provider can offer are described in
L<provider-mac(7)>
=item Key Derivation Function (KDF)
In the OpenSSL libraries, the corresponding method object is
B<EVP_KDF>.
The number for this operation is B<OSSL_OP_KDF>.
The functions the provider can offer are described in
L<provider-kdf(7)>
=item Key Exchange
In the OpenSSL libraries, the corresponding method object is
B<EVP_KEYEXCH>.
The number for this operation is B<OSSL_OP_KEYEXCH>.
The functions the provider can offer are described in
L<provider-keyexch(7)>
=item Asymmetric Ciphers
In the OpenSSL libraries, the corresponding method object is
B<EVP_ASYM_CIPHER>.
The number for this operation is B<OSSL_OP_ASYM_CIPHER>.
The functions the provider can offer are described in
L<provider-asym_cipher(7)>
=item Asymmetric Key Encapsulation
In the OpenSSL libraries, the corresponding method object is B<EVP_KEM>.
The number for this operation is B<OSSL_OP_KEM>.
The functions the provider can offer are described in L<provider-kem(7)>
=item Encoding
In the OpenSSL libraries, the corresponding method object is
B<OSSL_ENCODER>.
The number for this operation is B<OSSL_OP_ENCODER>.
The functions the provider can offer are described in
L<provider-encoder(7)>
=back
=head2 Fetching algorithms
=head3 Explicit fetch
I<NOTE: This section is mostly interesting to OpenSSL users.>
Users of the OpenSSL libraries never query the provider directly for
its diverse implementations and dispatch tables.
Instead, the diverse OpenSSL APIs often have fetching functions that
do the work, and they return an appropriate method object back to the
user.
These functions usually have the name C<APINAME_fetch>, where
C<APINAME> is the name of the API, for example L<EVP_MD_fetch(3)>.
These fetching functions follow a fairly common pattern, where three
arguments are passed:
=over 4
=item The library context
See L<OSSL_LIB_CTX(3)> for a more detailed description.
This may be NULL to signify the default (global) library context, or a
context created by the user.
Only providers loaded in this library context (see
L<OSSL_PROVIDER_load(3)>) will be considered by the fetching
function. In case no provider has been loaded in this library context
the default provider will be loaded as fallback (see
L<OSSL_PROVIDER-default(7)>).
=item An identifier
This is most commonly an algorithm name (this is the case for all EVP
methods), but may also be called something else.
=for comment For example, an OSSL_STORE implementation would use the
URI scheme as an identifier.
=item A property query string
See L<property(7)> for a more detailed description.
This is used to select more exactly which providers will get to offer
an implementation.
=back
The method object that is fetched can then be used with diverse other
functions that use them, for example L<EVP_DigestInit_ex(3)>.
=head3 Implicit fetch
I<NOTE: This section is mostly interesting to OpenSSL users.>
OpenSSL has a number of functions that return a method object with no
associated implementation, such as L<EVP_sha256(3)>,
L<EVP_blake2b512(3)> or L<EVP_aes_128_cbc(3)>, which are present for
compatibility with OpenSSL before version 3.0.
When they are used with functions like L<EVP_DigestInit_ex(3)> or
L<EVP_CipherInit_ex(3)>, the actual implementation to be used is
fetched implicitly using default search criteria.
Implicit fetching can also occur when a NULL algorithm parameter is
supplied.
In this case an algorithm implementation is implicitly fetched using
default search criteria and an algorithm name that is consistent with
the type of EVP_PKEY being used.
=head3 Algorithm naming
Algorithm names are case insensitive. Any particular algorithm can have multiple
aliases associated with it. The canonical OpenSSL naming scheme follows this
format:
ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
VERSION is only present if there are multiple versions of an algorithm (e.g.
MD2, MD4, MD5). It may be omitted if there is only one version.
SUBNAME may be present where multiple algorithms are combined together,
e.g. MD5-SHA1.
SIZE is only present if multiple versions of an algorithm exist with different
sizes (e.g. AES-128-CBC, AES-256-CBC)
MODE is only present where applicable.
Other aliases may exist for example where standards bodies or common practice
use alternative names or names that OpenSSL has used historically.
=head1 OPENSSL PROVIDERS
OpenSSL comes with a set of providers.
The algorithms available in each of these providers may vary due to build time
configuration options. The L<openssl-list(1)> command can be used to list the
currently available algorithms.
The names of the algorithms shown from L<openssl-list(1)> can be used as an
algorithm identifier to the appropriate fetching function.
=head2 Default provider
The default provider is built in as part of the F<libcrypto> library.
Should it be needed (if other providers are loaded and offer
implementations of the same algorithms), the property "provider=default"
can be used as a search criterion for these implementations. The default
provider includes all the functionality of the base provider below.
=head2 Base provider
The base provider is built in as part of the F<libcrypto> library.
Should it be needed (if other providers are loaded and offer
implementations of the same algorithms), the property "provider=base"
can be used as a search criterion for these implementations. Some
non-cryptographic algorithms (such as encoders for loading keys and
parameters from files) are not FIPS algorithm implementations in themselves but
support algorithms from the FIPS provider and are allowed for use in "FIPS
mode". The property "fips=yes" can be used to select such algorithms.
=head2 FIPS provider
The FIPS provider is a dynamically loadable module, and must therefore
be loaded explicitly, either in code or through OpenSSL configuration
(see L<config(5)>).
Should it be needed (if other providers are loaded and offer
implementations of the same algorithms), the property "provider=fips" can
be used as a search criterion for these implementations. All approved algorithm
implementations in the FIPS provider can also be selected with the property
"fips=yes". The FIPS provider also contains a number of non-approved algorithm
implementations and these can be selected with the property "fips=no".
=head2 Legacy provider
The legacy provider is a dynamically loadable module, and must therefore
be loaded explicitly, either in code or through OpenSSL configuration
(see L<config(5)>).
Should it be needed (if other providers are loaded and offer
implementations of the same algorithms), the property "provider=legacy" can be
used as a search criterion for these implementations.
=head2 Null provider
The null provider is built in as part of the F<libcrypto> library. It contains
no algorithms in it at all. When fetching algorithms the default provider will
be automatically loaded if no other provider has been explicitly loaded. To
prevent that from happening you can explicitly load the null provider.
=head1 EXAMPLES
=head2 Fetching
Fetch any available implementation of SHA2-256 in the default context:
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", NULL);
...
EVP_MD_free(md);
Fetch any available implementation of AES-128-CBC in the default context:
EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
...
EVP_CIPHER_free(cipher);
Fetch an implementation of SHA2-256 from the default provider in the default
context:
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider=default");
...
EVP_MD_free(md);
Fetch an implementation of SHA2-256 that is not from the default provider in the
default context:
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "provider!=default");
...
EVP_MD_free(md);
Fetch an implementation of SHA2-256 from the default provider in the specified
context:
EVP_MD *md = EVP_MD_fetch(ctx, "SHA2-256", "provider=default");
...
EVP_MD_free(md);
Load the legacy provider into the default context and then fetch an
implementation of WHIRLPOOL from it:
/* This only needs to be done once - usually at application start up */
OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "provider=legacy");
...
EVP_MD_free(md);
Note that in the above example the property string "provider=legacy" is optional
since, assuming no other providers have been loaded, the only implementation of
the "whirlpool" algorithm is in the "legacy" provider. Also note that the
default provider should be explicitly loaded if it is required in addition to
other providers:
/* This only needs to be done once - usually at application start up */
OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default");
EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL);
EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
...
EVP_MD_free(md_whirlpool);
EVP_MD_free(md_sha256);
=head1 SEE ALSO
L<EVP_DigestInit_ex(3)>, L<EVP_EncryptInit_ex(3)>,
L<OSSL_LIB_CTX(3)>,
L<EVP_set_default_properties(3)>,
L<EVP_MD_fetch(3)>,
L<EVP_CIPHER_fetch(3)>,
L<EVP_KEYMGMT_fetch(3)>,
L<openssl-core.h(7)>,
L<provider-base(7)>,
L<provider-digest(7)>,
L<provider-cipher(7)>,
L<provider-keyexch(7)>
=head1 HISTORY
The concept of providers and everything surrounding them was
introduced in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
|
