xref: /openssl/doc/man3/OSSL_PROVIDER.pod (revision da1c088f) 
1=pod
2
3=head1 NAME
4
5OSSL_PROVIDER_set_default_search_path,
6OSSL_PROVIDER_get0_default_search_path,
7OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
8OSSL_PROVIDER_load_ex, OSSL_PROVIDER_try_load_ex,
9OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
10OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
11OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation,
12OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch,
13OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities,
14OSSL_PROVIDER_self_test
15- provider routines
16
17=head1 SYNOPSIS
18
19 #include <openssl/provider.h>
20
21 typedef struct ossl_provider_st OSSL_PROVIDER;
22
23 int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx,
24                                           const char *path);
25 const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx);
26
27 OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name);
28 OSSL_PROVIDER *OSSL_PROVIDER_load_ex(OSSL_LIB_CTX *, const char *name,
29                                      OSSL_PARAM *params);
30 OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name,
31                                       int retain_fallbacks);
32 OSSL_PROVIDER *OSSL_PROVIDER_try_load_ex(OSSL_LIB_CTX *, const char *name,
33                                          OSSL_PARAM *params,
34                                          int retain_fallbacks);
35 int OSSL_PROVIDER_unload(OSSL_PROVIDER *prov);
36 int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name);
37 int OSSL_PROVIDER_do_all(OSSL_LIB_CTX *ctx,
38                          int (*cb)(OSSL_PROVIDER *provider, void *cbdata),
39                          void *cbdata);
40
41 const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
42 int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
43
44 const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
45                                                     int operation_id,
46                                                     int *no_cache);
47 void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
48                                      int operation_id,
49                                      const OSSL_ALGORITHM *algs);
50 void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
51 const OSSL_DISPATCH *OSSL_PROVIDER_get0_dispatch(const OSSL_PROVIDER *prov);
52
53 int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name,
54                               ossl_provider_init_fn *init_fn);
55
56 const char *OSSL_PROVIDER_get0_name(const OSSL_PROVIDER *prov);
57
58 int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
59                                    const char *capability,
60                                    OSSL_CALLBACK *cb,
61                                    void *arg);
62 int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);
63
64=head1 DESCRIPTION
65
66B<OSSL_PROVIDER> is a type that holds internal information about
67implementation providers (see L<provider(7)> for information on what a
68provider is).
69A provider can be built in to the application or the OpenSSL
70libraries, or can be a loadable module.
71The functions described here handle both forms.
72
73Some of these functions operate within a library context, please see
74L<OSSL_LIB_CTX(3)> for further details.
75
76=head2 Functions
77
78OSSL_PROVIDER_set_default_search_path() specifies the default search I<path>
79that is to be used for looking for providers in the specified I<libctx>.
80If left unspecified, an environment variable and a fall back default value will
81be used instead.
82
83OSSL_PROVIDER_get0_default_search_path() retrieves the default search I<path>
84that is to be used for looking for providers in the specified I<libctx>.
85If successful returns the path or empty string; the path is valid until the
86context is released or OSSL_PROVIDER_set_default_search_path() is called.
87
88OSSL_PROVIDER_add_builtin() is used to add a built in provider to
89B<OSSL_PROVIDER> store in the given library context, by associating a
90provider name with a provider initialization function.
91This name can then be used with OSSL_PROVIDER_load().
92
93OSSL_PROVIDER_load() loads and initializes a provider.
94This may simply initialize a provider that was previously added with
95OSSL_PROVIDER_add_builtin() and run its given initialization function,
96or load a provider module with the given name and run its provider
97entry point, C<OSSL_provider_init>. The I<name> can be a path
98to a provider module, in that case the provider name as returned
99by OSSL_PROVIDER_get0_name() will be the path. Interpretation
100of relative paths is platform dependent and they are relative
101to the configured "MODULESDIR" directory or the path set in
102the environment variable OPENSSL_MODULES if set.
103
104OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that
105it does not disable the fallback providers if the provider cannot be
106loaded and initialized or if I<retain_fallbacks> is nonzero.
107If the provider loads successfully and I<retain_fallbacks> is zero, the
108fallback providers are disabled.
109
110OSSL_PROVIDER_load_ex() and OSSL_PROVIDER_try_load_ex() are the variants
111of the previous functions accepting an C<OSSL_PARAM> array of the parameters
112that are passed as the configuration of the loaded provider. The parameters
113of any type but C<OSSL_PARAM_UTF8_STRING> are silently ignored. If the
114parameters are provided, they replace B<all> the ones specified in the
115configuration file.
116
117OSSL_PROVIDER_unload() unloads the given provider.
118For a provider added with OSSL_PROVIDER_add_builtin(), this simply
119runs its teardown function.
120
121OSSL_PROVIDER_available() checks if a named provider is available
122for use.
123
124OSSL_PROVIDER_do_all() iterates over all loaded providers, calling
125I<cb> for each one, with the current provider in I<provider> and the
126I<cbdata> that comes from the caller. If no other provider has been loaded
127before calling this function, the default provider is still available as
128fallback.
129See L<OSSL_PROVIDER-default(7)> for more information on this fallback
130behaviour.
131
132OSSL_PROVIDER_gettable_params() is used to get a provider parameter
133descriptor set as a constant L<OSSL_PARAM(3)> array.
134
135OSSL_PROVIDER_get_params() is used to get provider parameter values.
136The caller must prepare the L<OSSL_PARAM(3)> array before calling this
137function, and the variables acting as buffers for this parameter array
138should be filled with data when it returns successfully.
139
140OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
141If the self tests fail then the provider will fail to provide any further
142services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
143beforehand in order to display diagnostics for the running self tests.
144
145OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
146function (see L<provider(7)>), if the provider has one. It returns an
147array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
148NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
149applications should not need to call.
150
151OSSL_PROVIDER_unquery_operation() calls the provider's I<unquery_operation>
152function (see L<provider(7)>), if the provider has one.  This is considered a
153low-level function that most applications should not need to call.
154
155OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
156provider. The provider context is an opaque handle set by the provider itself
157and is passed back to the provider by libcrypto in various function calls.
158
159OSSL_PROVIDER_get0_dispatch() returns the provider's dispatch table as it was
160returned in the I<out> parameter from the provider's init function. See
161L<provider-base(7)>.
162
163If it is permissible to cache references to this array then I<*no_store> is set
164to 0 or 1 otherwise. If the array is not cacheable then it is assumed to
165have a short lifetime.
166
167OSSL_PROVIDER_get0_name() returns the name of the given provider.
168
169OSSL_PROVIDER_get_capabilities() provides information about the capabilities
170supported by the provider specified in I<prov> with the capability name
171I<capability>. For each capability of that name supported by the provider it
172will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
173capability. It will also pass back the argument I<arg>. For more details about
174capabilities and what they can be used for please see
175L<provider-base(7)/CAPABILTIIES>.
176
177=head1 RETURN VALUES
178
179OSSL_PROVIDER_set_default_search_path(), OSSL_PROVIDER_add(),
180OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and
181OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error.
182
183OSSL_PROVIDER_get0_default_search_path() returns a pointer to a path on success,
184or NULL on error or if the path has not previously been set.
185
186OSSL_PROVIDER_load() and OSSL_PROVIDER_try_load() return a pointer to a
187provider object on success, or NULL on error.
188
189OSSL_PROVIDER_do_all() returns 1 if the callback I<cb> returns 1 for every
190provider it is called with, or 0 if any provider callback invocation returns 0;
191callback processing stops at the first callback invocation on a provider
192that returns 0.
193
194OSSL_PROVIDER_available() returns 1 if the named provider is available,
195otherwise 0.
196
197OSSL_PROVIDER_gettable_params() returns a pointer to an array
198of constant L<OSSL_PARAM(3)>, or NULL if none is provided.
199
200OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error.
201
202OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
203error.
204
205OSSL_PROVIDER_self_test() returns 1 if the self tests pass, or 0 on error.
206
207=head1 EXAMPLES
208
209This demonstrates how to load the provider module "foo" and ask for
210its build information.
211
212 #include <openssl/params.h>
213 #include <openssl/provider.h>
214 #include <openssl/err.h>
215
216 OSSL_PROVIDER *prov = NULL;
217 const char *build = NULL;
218 OSSL_PARAM request[] = {
219     { "buildinfo", OSSL_PARAM_UTF8_PTR, &build, 0, 0 },
220     { NULL, 0, NULL, 0, 0 }
221 };
222
223 if ((prov = OSSL_PROVIDER_load(NULL, "foo")) != NULL
224     && OSSL_PROVIDER_get_params(prov, request))
225     printf("Provider 'foo' buildinfo: %s\n", build);
226 else
227     ERR_print_errors_fp(stderr);
228
229=head1 SEE ALSO
230
231L<openssl-core.h(7)>, L<OSSL_LIB_CTX(3)>, L<provider(7)>
232
233=head1 HISTORY
234
235The type and functions described here were added in OpenSSL 3.0.
236
237The I<OSSL_PROVIDER_load_ex> and I<OSSL_PROVIDER_try_load_ex> functions were
238added in OpenSSL 3.2.
239
240=head1 COPYRIGHT
241
242Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
243
244Licensed under the Apache License 2.0 (the "License").  You may not use
245this file except in compliance with the License.  You can obtain a copy
246in the file LICENSE in the source distribution or at
247L<https://www.openssl.org/source/license.html>.
248
249=cut
250