openssl

mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00

History

Richard Levitte 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers The provider context structure is made to include the following information: - The core provider handle (first argument to the provider init function). This handle is meant to be used in all upcalls that need it. - A library context, used for any libcrypto calls that need it, done in the provider itself. Regarding the library context, that's generally only needed if the provider makes any libcrypto calls, i.e. is linked with libcrypto. That happens to be the case for all OpenSSL providers, but is applicable for other providers that use libcrypto internally as well. The normal thing to do for a provider init function is to create its own library context. For a provider that's meant to become a dynamically loadable module, this is what MUST be done. However, we do not do that in the default provider; it uses the library context associated with the core provider handle instead. This is permissible, although generally discouraged, as long as the provider in question is guaranteed to be built-in, into libcrypto or into the application that uses it. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11803)	2020-05-13 17:21:58 +01:00
..
prov	PROV: Add a proper provider context structure for OpenSSL providers	2020-05-13 17:21:58 +01:00

Richard Levitte 05aa8790ac PROV: Add a proper provider context structure for OpenSSL providers

The provider context structure is made to include the following information:

- The core provider handle (first argument to the provider init
  function).  This handle is meant to be used in all upcalls that need
  it.

- A library context, used for any libcrypto calls that need it, done in
  the provider itself.

Regarding the library context, that's generally only needed if the
provider makes any libcrypto calls, i.e. is linked with libcrypto.  That
happens to be the case for all OpenSSL providers, but is applicable for
other providers that use libcrypto internally as well.

The normal thing to do for a provider init function is to create its own
library context.  For a provider that's meant to become a dynamically
loadable module, this is what MUST be done.
However, we do not do that in the default provider; it uses the library
context associated with the core provider handle instead.  This is
permissible, although generally discouraged, as long as the provider in
question is guaranteed to be built-in, into libcrypto or into the
application that uses it.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11803)

2020-05-13 17:21:58 +01:00

prov

PROV: Add a proper provider context structure for OpenSSL providers

2020-05-13 17:21:58 +01:00