2019-07-18 18:23:23 +08:00
|
|
|
=pod
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
provider - OpenSSL operation implementation providers
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2019-09-29 23:10:59 +08:00
|
|
|
=for openssl generic
|
2019-07-18 18:23:23 +08:00
|
|
|
|
|
|
|
#include <openssl/provider.h>
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
=head2 General
|
|
|
|
|
|
|
|
A I<provider>, in OpenSSL terms, is a unit of code that provides one
|
|
|
|
or more implementations for various operations for diverse algorithms
|
|
|
|
that one might want to perform.
|
|
|
|
|
|
|
|
An I<operation> is something one wants to do, such as encryption and
|
|
|
|
decryption, key derivation, MAC calculation, signing and verification,
|
|
|
|
etc.
|
|
|
|
|
|
|
|
An I<algorithm> is a named method to perform an operation.
|
|
|
|
Very often, the algorithms revolve around cryptographic operations,
|
|
|
|
but may also revolve around other types of operation, such as managing
|
|
|
|
certain types of objects.
|
|
|
|
|
|
|
|
=head2 Provider
|
|
|
|
|
|
|
|
I<NOTE: This section is mostly interesting for provider authors.>
|
|
|
|
|
|
|
|
A I<provider> offers an initialization function, as a set of base
|
|
|
|
functions in the form of an B<OSSL_DISPATCH> array, and by extension,
|
|
|
|
a set of B<OSSL_ALGORITHM>s (see L<openssl-core.h(7)>).
|
|
|
|
It may be a dynamically loadable module, or may be built-in, in
|
|
|
|
OpenSSL libraries or in the application.
|
|
|
|
If it's a dynamically loadable module, the initialization function
|
|
|
|
must be named C<OSSL_provider_init> and must be exported.
|
|
|
|
If it's built-in, the initialization function may have any name.
|
|
|
|
|
|
|
|
The initialization function must have the following signature:
|
|
|
|
|
|
|
|
int NAME(const OSSL_PROVIDER *provider,
|
|
|
|
const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,
|
|
|
|
void **provctx);
|
|
|
|
|
|
|
|
I<provider> is the OpenSSL library object for the provider, and works
|
|
|
|
as a handle for everything the OpenSSL libraries need to know about
|
|
|
|
the provider.
|
|
|
|
For the provider itself, it may hold some interesting information,
|
|
|
|
and is also passed to some of the functions given in the dispatch
|
|
|
|
array I<in>.
|
|
|
|
|
|
|
|
I<in> is a dispatch array of base functions offered by the OpenSSL
|
|
|
|
libraries, and the available functions are further described in
|
|
|
|
L<provider-base(7)>.
|
|
|
|
|
|
|
|
I<*out> must be assigned a dispatch array of base functions that the
|
|
|
|
provider offers to the OpenSSL libraries.
|
|
|
|
The functions that may be offered are further described in
|
|
|
|
L<provider-base(7)>, and they are the central means of communication
|
|
|
|
between the OpenSSL libraries and the provider.
|
|
|
|
|
|
|
|
I<*provctx> should be assigned a provider specific context to allow
|
|
|
|
the provider multiple simultaneous uses.
|
|
|
|
This pointer will be passed to various operation functions offered by
|
|
|
|
the provider.
|
|
|
|
|
|
|
|
One of the functions the provider offers to the OpenSSL libraries is
|
|
|
|
the central mechanism for the OpenSSL libraries to get access to
|
|
|
|
operation implementations for diverse algorithms.
|
|
|
|
Its referred to with the number B<OSSL_FUNC_PROVIDER_QUERY_OPERATION>
|
|
|
|
and has the following signature:
|
|
|
|
|
|
|
|
const OSSL_ALGORITHM *provider_query_operation(void *provctx,
|
|
|
|
int operation_id,
|
|
|
|
const int *no_store);
|
|
|
|
|
|
|
|
I<provctx> is the provider specific context that was passed back by
|
|
|
|
the initialization function.
|
|
|
|
|
|
|
|
I<operation_id> is an operation identity (see L</Operations> below).
|
|
|
|
|
|
|
|
I<no_store> is a flag back to the OpenSSL libraries which, when
|
2019-09-28 01:17:09 +08:00
|
|
|
nonzero, signifies that the OpenSSL libraries will not store a
|
2019-07-18 18:23:23 +08:00
|
|
|
reference to the returned data in their internal store of
|
|
|
|
implementations.
|
|
|
|
|
|
|
|
The returned B<OSSL_ALGORITHM> is the foundation of any OpenSSL
|
|
|
|
library API that uses providers for their implementation, most
|
|
|
|
commonly in the I<fetching> type of functions
|
|
|
|
(see L</Fetching algorithms> below).
|
|
|
|
|
|
|
|
=head2 Operations
|
|
|
|
|
|
|
|
I<NOTE: This section is mostly interesting for provider authors.>
|
|
|
|
|
|
|
|
Operations are referred to with numbers, via macros with names
|
|
|
|
starting with C<OSSL_OP_>.
|
|
|
|
|
|
|
|
With each operation comes a set of defined function types that a
|
|
|
|
provider may or may not offer, depending on its needs.
|
|
|
|
|
|
|
|
Currently available operations are:
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item Digests
|
|
|
|
|
|
|
|
In the OpenSSL libraries, the corresponding method object is
|
|
|
|
B<EVP_MD>.
|
|
|
|
The number for this operation is B<OSSL_OP_DIGEST>.
|
|
|
|
The functions the provider can offer are described in
|
|
|
|
L<provider-digest(7)>
|
|
|
|
|
|
|
|
=item Symmetric ciphers
|
|
|
|
|
|
|
|
In the OpenSSL libraries, the corresponding method object is
|
|
|
|
B<EVP_CIPHER>.
|
|
|
|
The number for this operation is B<OSSL_OP_CIPHER>.
|
|
|
|
The functions the provider can offer are described in
|
|
|
|
L<provider-cipher(7)>
|
|
|
|
|
|
|
|
=item Message Authentication Code (MAC)
|
|
|
|
|
|
|
|
In the OpenSSL libraries, the corresponding method object is
|
|
|
|
B<EVP_MAC>.
|
|
|
|
The number for this operation is B<OSSL_OP_MAC>.
|
|
|
|
The functions the provider can offer are described in
|
|
|
|
L<provider-mac(7)>
|
|
|
|
|
|
|
|
=item Key Derivation Function (KDF)
|
|
|
|
|
|
|
|
In the OpenSSL libraries, the corresponding method object is
|
|
|
|
B<EVP_KDF>.
|
|
|
|
The number for this operation is B<OSSL_OP_KDF>.
|
|
|
|
The functions the provider can offer are described in
|
|
|
|
L<provider-kdf(7)>
|
|
|
|
|
|
|
|
=item Key Exchange
|
|
|
|
|
|
|
|
In the OpenSSL libraries, the corresponding method object is
|
2019-09-27 19:26:22 +08:00
|
|
|
B<EVP_KEYEXCH>.
|
2019-07-18 18:23:23 +08:00
|
|
|
The number for this operation is B<OSSL_OP_KEYEXCH>.
|
|
|
|
The functions the provider can offer are described in
|
|
|
|
L<provider-keyexch(7)>
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head2 Fetching algorithms
|
|
|
|
|
|
|
|
=head3 Explicit fetch
|
|
|
|
|
|
|
|
I<NOTE: This section is mostly interesting to OpenSSL users.>
|
|
|
|
|
|
|
|
Users of the OpenSSL libraries never query the provider directly for
|
|
|
|
its diverse implementations and dispatch tables.
|
|
|
|
Instead, the diverse OpenSSL APIs often have fetching functions that
|
|
|
|
do the work, and they return an appropriate method object back to the
|
|
|
|
user.
|
|
|
|
These functions usually have the name C<APINAME_fetch>, where
|
|
|
|
C<APINAME> is the name of the API, for example L<EVP_MD_fetch(3)>.
|
|
|
|
|
|
|
|
These fetching functions follow a fairly common pattern, where three
|
|
|
|
arguments are passed:
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item The library context
|
|
|
|
|
|
|
|
See L<OPENSSL_CTX(3)> for a more detailed description.
|
|
|
|
This may be NULL to signify the default (global) library context, or a
|
|
|
|
context created by the user.
|
|
|
|
Only providers loaded in this library context (see
|
|
|
|
L<OSSL_PROVIDER_load(3)>) will be considered by the fetching
|
|
|
|
function.
|
|
|
|
|
|
|
|
=item An identifier
|
|
|
|
|
|
|
|
This is most commonly an algorithm name (this is the case for all EVP
|
|
|
|
methods), but may also be called something else.
|
|
|
|
|
|
|
|
=for comment For example, an OSSL_STORE implementation would use the
|
|
|
|
URI scheme as an identifier.
|
|
|
|
|
|
|
|
=item A property query string
|
|
|
|
|
|
|
|
See L<property(7)> for a more detailed description.
|
|
|
|
This is used to select more exactly which providers will get to offer
|
|
|
|
an implementation.
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
The method object that is fetched can then be used with diverse other
|
|
|
|
functions that use them, for example L<EVP_DigestInit_ex(3)>.
|
|
|
|
|
2019-08-16 20:34:16 +08:00
|
|
|
=head3 Implicit fetch
|
2019-07-18 18:23:23 +08:00
|
|
|
|
|
|
|
I<NOTE: This section is mostly interesting to OpenSSL users.>
|
|
|
|
|
|
|
|
OpenSSL has a number of functions that return a method object with no
|
|
|
|
associated implementation, such as L<EVP_sha256(3)>,
|
|
|
|
L<EVP_blake2b512(3)> or L<EVP_aes_128_cbc(3)>, which are present for
|
|
|
|
compatibility with OpenSSL before version 3.0.
|
|
|
|
|
|
|
|
When they are used with functions like L<EVP_DigestInit_ex(3)> or
|
|
|
|
L<EVP_CipherInit_ex(3)>, the actual implementation to be used is
|
|
|
|
fetched implicitly using default search criteria.
|
|
|
|
|
|
|
|
Implicit fetching can also occur with functions such as
|
|
|
|
L<EVP_PKEY_CTX_derive_init_ex(3)> where a NULL algorithm parameter is
|
|
|
|
supplied.
|
|
|
|
In this case an algorithm implementation is implicitly fetched using
|
|
|
|
default search criteria and an algorithm name that is consistent with
|
|
|
|
the type of EVP_PKEY being used.
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
=head3 Algorithm naming
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
Algorithm names are case insensitive. Any particular algorithm can have multiple
|
|
|
|
aliases associated with it. The canonical OpenSSL naming scheme follows this
|
|
|
|
format:
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
ALGNAME[VERSION?][-SUBNAME[VERSION?]?][-SIZE?][-MODE?]
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
VERSION is only present if there are multiple versions of an algorithm (e.g.
|
|
|
|
MD2, MD4, MD5). It may be omitted if there is only one version.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
SUBNAME may be present where multiple algorithms are combined together,
|
|
|
|
e.g. MD5-SHA1.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
SIZE is only present if multiple versions of an algorithm exist with different
|
|
|
|
sizes (e.g. AES-128-CBC, AES-256-CBC)
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
MODE is only present where applicable.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
Other aliases may exist for example where standards bodies or common practice
|
|
|
|
use alternative names or names that OpenSSL has used historically.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
=head1 OPENSSL PROVIDERS
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
OpenSSL comes with a set of providers.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
The algorithms available in each of these providers may vary due to build time
|
|
|
|
configuration options. The L<openssl-list(1)> command can be used to list the
|
|
|
|
currently available algorithms.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
The names of the algorithms shown from L<openssl-list(1)> can be used as an
|
|
|
|
algorithm identifier to the appropriate fetching function.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
=head2 Default provider
|
|
|
|
|
|
|
|
The default provider is built in as part of the F<libcrypto> library.
|
|
|
|
Should it be needed (if other providers are loaded and offer
|
|
|
|
implementations of the same algorithms), the property "default=yes"
|
|
|
|
can be used as a search criterion for these implementations.
|
2019-07-18 18:23:23 +08:00
|
|
|
|
|
|
|
=head2 FIPS provider
|
|
|
|
|
|
|
|
The FIPS provider is a dynamically loadable module, and must therefore
|
|
|
|
be loaded explicitly, either in code or through OpenSSL configuration
|
|
|
|
(see L<config(5)>).
|
|
|
|
Should it be needed (if other providers are loaded and offer
|
|
|
|
implementations of the same algorithms), the property "fips=yes" can
|
|
|
|
be used as a search criterion for these implementations.
|
|
|
|
|
|
|
|
=head2 Legacy provider
|
|
|
|
|
|
|
|
The legacy provider is a dynamically loadable module, and must therefore
|
|
|
|
be loaded explicitly, either in code or through OpenSSL configuration
|
|
|
|
(see L<config(5)>).
|
|
|
|
Should it be needed (if other providers are loaded and offer
|
|
|
|
implementations of the same algorithms), the property "legacy=yes" can be
|
|
|
|
used as a search criterion for these implementations.
|
|
|
|
|
|
|
|
=head1 EXAMPLES
|
|
|
|
|
|
|
|
=head2 Fetching
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
Fetch any available implementation of SHA2-256 in the default context:
|
2019-07-18 18:23:23 +08:00
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", NULL);
|
2019-07-18 18:23:23 +08:00
|
|
|
...
|
|
|
|
EVP_MD_meth_free(md);
|
|
|
|
|
|
|
|
Fetch any available implementation of AES-128-CBC in the default context:
|
|
|
|
|
|
|
|
EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "AES-128-CBC", NULL);
|
|
|
|
...
|
|
|
|
EVP_CIPHER_meth_free(cipher);
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
Fetch an implementation of SHA2-256 from the default provider in the default
|
2019-07-18 18:23:23 +08:00
|
|
|
context:
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "default=yes");
|
2019-07-18 18:23:23 +08:00
|
|
|
...
|
|
|
|
EVP_MD_meth_free(md);
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
Fetch an implementation of SHA2-256 that is not from the default provider in the
|
2019-07-18 18:23:23 +08:00
|
|
|
default context:
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
EVP_MD *md = EVP_MD_fetch(NULL, "SHA2-256", "default=no");
|
2019-07-18 18:23:23 +08:00
|
|
|
...
|
|
|
|
EVP_MD_meth_free(md);
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
Fetch an implementation of SHA2-256 from the default provider in the specified
|
2019-07-18 18:23:23 +08:00
|
|
|
context:
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
EVP_MD *md = EVP_MD_fetch(ctx, "SHA2-256", "default=yes");
|
2019-07-18 18:23:23 +08:00
|
|
|
...
|
|
|
|
EVP_MD_meth_free(md);
|
|
|
|
|
|
|
|
Load the legacy provider into the default context and then fetch an
|
2019-10-04 19:46:33 +08:00
|
|
|
implementation of WHIRLPOOL from it:
|
2019-07-18 18:23:23 +08:00
|
|
|
|
|
|
|
/* This only needs to be done once - usually at application start up */
|
|
|
|
OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
|
|
|
|
|
2019-10-04 19:46:33 +08:00
|
|
|
EVP_MD *md = EVP_MD_fetch(NULL, "WHIRLPOOL", "legacy=yes");
|
2019-07-18 18:23:23 +08:00
|
|
|
...
|
|
|
|
EVP_MD_meth_free(md);
|
|
|
|
|
|
|
|
Note that in the above example the property string "legacy=yes" is optional
|
|
|
|
since, assuming no other providers have been loaded, the only implementation of
|
|
|
|
the "whirlpool" algorithm is in the "legacy" provider. Also note that the
|
|
|
|
default provider should be explicitly loaded if it is required in addition to
|
|
|
|
other providers:
|
|
|
|
|
|
|
|
/* This only needs to be done once - usually at application start up */
|
|
|
|
OSSL_PROVIDER *legacy = OSSL_PROVIDER_load(NULL, "legacy");
|
|
|
|
OSSL_PROVIDER *default = OSSL_PROVIDER_load(NULL, "default");
|
|
|
|
|
|
|
|
EVP_MD *md_whirlpool = EVP_MD_fetch(NULL, "whirlpool", NULL);
|
2019-10-04 19:46:33 +08:00
|
|
|
EVP_MD *md_sha256 = EVP_MD_fetch(NULL, "SHA2-256", NULL);
|
2019-07-18 18:23:23 +08:00
|
|
|
...
|
|
|
|
EVP_MD_meth_free(md_whirlpool);
|
|
|
|
EVP_MD_meth_free(md_sha256);
|
|
|
|
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<EVP_DigestInit_ex(3)>, L<EVP_EncryptInit_ex(3)>,
|
|
|
|
L<EVP_PKEY_derive_init_ex(3)>,
|
|
|
|
L<OPENSSL_CTX(3)>,
|
|
|
|
L<EVP_set_default_properties(3)>,
|
|
|
|
L<EVP_MD_fetch(3)>,
|
|
|
|
L<EVP_CIPHER_fetch(3)>,
|
|
|
|
L<EVP_KEYMGMT_fetch(3)>,
|
|
|
|
L<openssl-core.h(7)>,
|
|
|
|
L<provider-base(7)>,
|
|
|
|
L<provider-digest(7)>,
|
|
|
|
L<provider-cipher(7)>,
|
|
|
|
L<provider-keyexch(7)>
|
|
|
|
|
|
|
|
=head1 HISTORY
|
|
|
|
|
|
|
|
The concept of providers and everything surrounding them was
|
|
|
|
introduced in OpenSSL 3.0.
|
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
|
|
Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
=cut
|