xref: /freebsd/crypto/openssl/doc/man3/OSSL_PROVIDER.pod (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1=pod
2
3=head1 NAME
4
5OSSL_PROVIDER_set_default_search_path,
6OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
7OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
8OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
9OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation,
10OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch,
11OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities,
12OSSL_PROVIDER_self_test
13- provider routines
14
15=head1 SYNOPSIS
16
17 #include <openssl/provider.h>
18
19 typedef struct ossl_provider_st OSSL_PROVIDER;
20
21 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx,
22                                           const char *path);
23
24 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name);
25 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name,
26                                       int retain_fallbacks);
27 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
28 int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name);
29 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
30                          int (*cb)(OSSL_PROVIDER *provider, void *cbdata),
31                          void *cbdata);
32
33 const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
34 int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
35
36 const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
37                                                     int operation_id,
38                                                     int *no_cache);
39 void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
40                                      int operation_id,
41                                      const OSSL_ALGORITHM *algs);
42 void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
43 const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov);
44
45 int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name,
46                               ossl_provider_init_fn *init_fn);
47
48 const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov);
49
50 int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
51                                    const char *capability,
52                                    OSSL_CALLBACK *cb,
53                                    void *arg);
54 int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);
55
56=head1 DESCRIPTION
57
58B<OSSL_PROVIDER> is a type that holds internal information about
59implementation providers (see L<provider(7)> for information on what a
60provider is).
61A provider can be built in to the application or the OpenSSL
62libraries, or can be a loadable module.
63The functions described here handle both forms.
64
65Some of these functions operate within a library context, please see
66L<OSSL_LIB_CTX(3)> for further details.
67
68=head2 Functions
69
70OSSL_PROVIDER_set_default_search_path() specifies the default search I<path>
71that is to be used for looking for providers in the specified I<libctx>.
72If left unspecified, an environment variable and a fall back default value will
73be used instead.
74
75OSSL_PROVIDER_add_builtin() is used to add a built in provider to
76B<OSSL_PROVIDER> store in the given library context, by associating a
77provider name with a provider initialization function.
78This name can then be used with OSSL_PROVIDER_load().
79
80OSSL_PROVIDER_load() loads and initializes a provider.
81This may simply initialize a provider that was previously added with
82OSSL_PROVIDER_add_builtin() and run its given initialization function,
83or load a provider module with the given name and run its provider
84entry point, C<OSSL_provider_init>. The I<name> can be a path
85to a provider module, in that case the provider name as returned
86by OSSL_PROVIDER_get0_name() will be the path. Interpretation
87of relative paths is platform dependent and they are relative
88to the configured "MODULESDIR" directory or the path set in
89the environment variable OPENSSL_MODULES if set.
90
91OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that
92it does not disable the fallback providers if the provider cannot be
93loaded and initialized or if I<retain_fallbacks> is nonzero.
94If the provider loads successfully and I<retain_fallbacks> is zero, the
95fallback providers are disabled.
96
97OSSL_PROVIDER_unload() unloads the given provider.
98For a provider added with OSSL_PROVIDER_add_builtin(), this simply
99runs its teardown function.
100
101OSSL_PROVIDER_available() checks if a named provider is available
102for use.
103
104OSSL_PROVIDER_do_all() iterates over all loaded providers, calling
105I<cb> for each one, with the current provider in I<provider> and the
106I<cbdata> that comes from the caller. If no other provider has been loaded
107before calling this function, the default provider is still available as
108fallback.
109See L<OSSL_PROVIDER-default(7)> for more information on this fallback
110behaviour.
111
112OSSL_PROVIDER_gettable_params() is used to get a provider parameter
113descriptor set as a constant L<OSSL_PARAM(3)> array.
114
115OSSL_PROVIDER_get_params() is used to get provider parameter values.
116The caller must prepare the L<OSSL_PARAM(3)> array before calling this
117function, and the variables acting as buffers for this parameter array
118should be filled with data when it returns successfully.
119
120OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
121If the self tests fail then the provider will fail to provide any further
122services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
123beforehand in order to display diagnostics for the running self tests.
124
125OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
126function (see L<provider(7)>), if the provider has one. It returns an
127array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
128NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
129applications should not need to call.
130
131OSSL_PROVIDER_unquery_operation() calls the provider's I<unquery_operation>
132function (see L<provider(7)>), if the provider has one.  This is considered a
133low-level function that most applications should not need to call.
134
135OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
136provider. The provider context is an opaque handle set by the provider itself
137and is passed back to the provider by libcrypto in various function calls.
138
139OSSL_PROVIDER_get0_dispatch() returns the provider's dispatch table as it was
140returned in the I<out> parameter from the provider's init function. See
141L<provider-base(7)>.
142
143If it is permissible to cache references to this array then I<*no_store> is set
144to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
145have a short lifetime.
146
147OSSL_PROVIDER_get0_name() returns the name of the given provider.
148
149OSSL_PROVIDER_get_capabilities() provides information about the capabilities
150supported by the provider specified in I<prov> with the capability name
151I<capability>. For each capability of that name supported by the provider it
152will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
153capability. It will also pass back the argument I<arg>. For more details about
154capabilities and what they can be used for please see
155L<provider-base(7)/CAPABILTIIES>.
156
157=head1 RETURN VALUES
158
159OSSL_PROVIDER_set_default_search_path(), OSSL_PROVIDER_add(),
160OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and
161OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error.
162
163OSSL_PROVIDER_load() and OSSL_PROVIDER_try_load() return a pointer to a
164provider object on success, or NULL on error.
165
166OSSL_PROVIDER_do_all() returns 1 if the callback I<cb> returns 1 for every
167provider it is called with, or 0 if any provider callback invocation returns 0;
168callback processing stops at the first callback invocation on a provider
169that returns 0.
170
171OSSL_PROVIDER_available() returns 1 if the named provider is available,
172otherwise 0.
173
174OSSL_PROVIDER_gettable_params() returns a pointer to an array
175of constant L<OSSL_PARAM(3)>, or NULL if none is provided.
176
177OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error.
178
179OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
180error.
181
182OSSL_PROVIDER_self_test() returns 1 if the self tests pass, or 0 on error.
183
184=head1 EXAMPLES
185
186This demonstrates how to load the provider module "foo" and ask for
187its build information.
188
189 #include <openssl/params.h>
190 #include <openssl/provider.h>
191 #include <openssl/err.h>
192
193 OSSL_PROVIDER *prov = NULL;
194 const char *build = NULL;
195 OSSL_PARAM request[] = {
196     { "buildinfo", OSSL_PARAM_UTF8_PTR, &build, 0, 0 },
197     { NULL, 0, NULL, 0, 0 }
198 };
199
200 if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
201     && OSSL_PROVIDER_get_params(prov, request))
202     printf("Provider 'foo' buildinfo: %s\n", build);
203 else
204     ERR_print_errors_fp(stderr);
205
206=head1 SEE ALSO
207
208L<openssl-core.h(7)>, L<OSSL_LIB_CTX(3)>, L<provider(7)>
209
210=head1 HISTORY
211
212The type and functions described here were added in OpenSSL 3.0.
213
214=head1 COPYRIGHT
215
216Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
217
218Licensed under the Apache License 2.0 (the "License").  You may not use
219this file except in compliance with the License.  You can obtain a copy
220in the file LICENSE in the source distribution or at
221L<https://www.openssl.org/source/license.html>.
222
223=cut
224