provider.7ssl(7)

SECCIÓN: 7 - Miscelánea

PROVIDER(7SSL) OpenSSL PROVIDER(7SSL)

NAME

provider - OpenSSL operation implementation providers

SYNOPSIS

#include <openssl/provider.h>

DESCRIPTION

General

This page contains information useful to provider authors.

A provider, in OpenSSL terms, is a unit of code that provides one or

more implementations for various operations for diverse algorithms that

one might want to perform.

An operation is something one wants to do, such as encryption and

decryption, key derivation, MAC calculation, signing and verification,

etc.

An algorithm is a named method to perform an operation. Very often,

the algorithms revolve around cryptographic operations, but may also

revolve around other types of operation, such as managing certain types

of objects.

See crypto(7) for further details.

Provider

A provider offers an initialization function, as a set of base

functions in the form of an OSSL_DISPATCH(3) array, and by extension, a

set of OSSL_ALGORITHM(3)s (see openssl-core.h(7)). It may be a

dynamically loadable module, or may be built-in, in OpenSSL libraries

or in the application. If it's a dynamically loadable module, the

initialization function must be named "OSSL_provider_init" and must be

exported. If it's built-in, the initialization function may have any

name.

The initialization function must have the following signature:

int NAME(const OSSL_CORE_HANDLE *handle,

const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,

void **provctx);

handle is the OpenSSL library object for the provider, and works as a

handle for everything the OpenSSL libraries need to know about the

provider. For the provider itself, it is passed to some of the

functions given in the dispatch array in.

in is a dispatch array of base functions offered by the OpenSSL

libraries, and the available functions are further described in

provider-base(7).

*out must be assigned a dispatch array of base functions that the

provider offers to the OpenSSL libraries. The functions that may be

offered are further described in provider-base(7), and they are the

central means of communication between the OpenSSL libraries and the

provider.

*provctx should be assigned a provider specific context to allow the

provider multiple simultaneous uses. This pointer will be passed to

various operation functions offered by the provider.

Note that the provider will not be made available for applications to

use until the initialization function has completed and returned

successfully.

One of the functions the provider offers to the OpenSSL libraries is

the central mechanism for the OpenSSL libraries to get access to

operation implementations for diverse algorithms. Its referred to with

the number OSSL_FUNC_PROVIDER_QUERY_OPERATION and has the following

signature:

const OSSL_ALGORITHM *provider_query_operation(void *provctx,

int operation_id,

const int *no_store);

provctx is the provider specific context that was passed back by the

initialization function.

operation_id is an operation identity (see "Operations" below).

no_store is a flag back to the OpenSSL libraries which, when nonzero,

signifies that the OpenSSL libraries will not store a reference to the

returned data in their internal store of implementations.

The returned OSSL_ALGORITHM(3) is the foundation of any OpenSSL library

API that uses providers for their implementation, most commonly in the

fetching type of functions (see "ALGORITHM FETCHING" in crypto(7)).

Operations

Operations are referred to with numbers, via macros with names starting

with "OSSL_OP_".

With each operation comes a set of defined function types that a

provider may or may not offer, depending on its needs.

Currently available operations are:

Digests