Replumbing: New public API to load or add providers

Adding a provider means creating an internal provier object and adding it to the store. This allows the addition of built in providers, be it in the OpenSSL libraries or in any application. "Loading" a provider is defined broadly. A built in provider is already "loaded" in essence and only needs activating, while a provider in a dynamically loadable module requires actually loading the module itself. In this API, "loading" a provider does both. Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#8287)
a-mair · Mar 11, 2019 · 3374dc0 · 3374dc0
1 parent 4c2883a
commit 3374dc0
Show file tree

Hide file tree

Showing 7 changed files with 114 additions and 1 deletion.
diff --git a/crypto/build.info b/crypto/build.info
@@ -17,7 +17,7 @@ SOURCE[../libcrypto]=\
         ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
         threads_pthread.c threads_win.c threads_none.c getenv.c \
         o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \
-        trace.c \
+        trace.c provider.c \
         {- $target{cpuid_asm_src} -} {- $target{uplink_aux_src} -}
 
 DEPEND[cversion.o]=buildinf.h

diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
@@ -46,6 +46,8 @@ static const ERR_STRING_DATA CRYPTO_str_functs[] = {
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
      "OPENSSL_sk_deep_copy"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN, 0),
+     "OSSL_PROVIDER_add_builtin"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_ACTIVATE, 0),
      "ossl_provider_activate"},
     {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OSSL_PROVIDER_NEW, 0),

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -368,6 +368,7 @@ CRYPTO_F_OPENSSL_INIT_CRYPTO:116:OPENSSL_init_crypto
 CRYPTO_F_OPENSSL_LH_NEW:126:OPENSSL_LH_new
 CRYPTO_F_OPENSSL_SK_DEEP_COPY:127:OPENSSL_sk_deep_copy
 CRYPTO_F_OPENSSL_SK_DUP:128:OPENSSL_sk_dup
+CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN:132:OSSL_PROVIDER_add_builtin
 CRYPTO_F_OSSL_PROVIDER_ACTIVATE:130:ossl_provider_activate
 CRYPTO_F_OSSL_PROVIDER_NEW:131:ossl_provider_new
 CRYPTO_F_PKEY_HMAC_INIT:123:pkey_hmac_init

diff --git a/crypto/provider.c b/crypto/provider.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cryptoerr.h>
+#include <openssl/provider.h>
+#include "internal/provider.h"
+
+OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    /* Find it or create it */
+    if ((prov = ossl_provider_find(libctx, name)) == NULL
+        && (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
+        return NULL;
+
+    if (!ossl_provider_activate(prov)) {
+        ossl_provider_free(prov);
+        return NULL;
+    }
+
+    return prov;
+}
+
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov)
+{
+    ossl_provider_free(prov);
+    return 1;
+}
+
+const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov)
+{
+    return ossl_provider_get_param_types(prov);
+}
+
+int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[])
+{
+    return ossl_provider_get_params(prov, params);
+}
+
+int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
+                              OSSL_provider_init_fn *init_fn)
+{
+    OSSL_PROVIDER *prov = NULL;
+
+    if (name == NULL || init_fn == NULL) {
+        CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    /* Create it */
+    if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
+        return 0;
+
+    /*
+     * It's safely stored in the internal store at this point,
+     * free the returned extra reference
+     */
+    ossl_provider_free(prov);
+
+    return 1;
+}
diff --git a/include/openssl/cryptoerr.h b/include/openssl/cryptoerr.h
@@ -43,6 +43,7 @@ int ERR_load_CRYPTO_strings(void);
 # define CRYPTO_F_OPENSSL_LH_NEW                          126
 # define CRYPTO_F_OPENSSL_SK_DEEP_COPY                    127
 # define CRYPTO_F_OPENSSL_SK_DUP                          128
+# define CRYPTO_F_OSSL_PROVIDER_ADD_BUILTIN               132
 # define CRYPTO_F_OSSL_PROVIDER_ACTIVATE                  130
 # define CRYPTO_F_OSSL_PROVIDER_NEW                       131
 # define CRYPTO_F_PKEY_HMAC_INIT                          123

diff --git a/include/openssl/provider.h b/include/openssl/provider.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_PROVIDER_H
+# define OSSL_PROVIDER_H
+
+# include <openssl/core.h>
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* Load and unload a provider */
+OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *, const char *name);
+int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
+
+const OSSL_ITEM *OSSL_PROVIDER_get_param_types(OSSL_PROVIDER *prov);
+int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, const OSSL_PARAM params[]);
+
+/* Add a built in providers */
+int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name,
+                              OSSL_provider_init_fn *init_fn);
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
diff --git a/util/libcrypto.num b/util/libcrypto.num
@@ -4655,3 +4655,8 @@ OSSL_trace_set_callback                 4610	3_0_0	EXIST::FUNCTION:
 OSSL_trace_enabled                      4611	3_0_0	EXIST::FUNCTION:
 OSSL_trace_begin                        4612	3_0_0	EXIST::FUNCTION:
 OSSL_trace_end                          4613	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_load                      4614	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_unload                    4615	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_add_builtin               4616	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get_param_types           4617	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_get_params                4618	3_0_0	EXIST::FUNCTION: