From 5f603a280ca71b7136861b9bc408f37fd1c4e0d7 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Mon, 4 May 2020 15:28:15 +0100
Subject: [PATCH] Enable applications to directly call a provider's query
 operation

This is useful to get hold of the low-level dispatch tables. This could
be used to create a new provider based on an existing one.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11834)
---
 crypto/provider.c          |  9 +++++++++
 doc/man3/OSSL_PROVIDER.pod | 20 +++++++++++++++++++-
 include/openssl/provider.h |  4 ++++
 util/libcrypto.num         |  1 +
 4 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/crypto/provider.c b/crypto/provider.c
index 13438cefe3..6b029ecced 100644
--- a/crypto/provider.c
+++ b/crypto/provider.c
@@ -57,6 +57,15 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
     return ossl_provider_get_params(prov, params);
 }
 
+
+const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
+                                                    int operation_id,
+                                                    int *no_cache)
+{
+    return ossl_provider_query_operation(prov, operation_id, no_cache);
+}
+
+
 int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
                               OSSL_provider_init_fn *init_fn)
 {
diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod
index 93d6e1421c..177e2c2e83 100644
--- a/doc/man3/OSSL_PROVIDER.pod
+++ b/doc/man3/OSSL_PROVIDER.pod
@@ -6,7 +6,8 @@ OSSL_PROVIDER_set_default_search_path,
 OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_unload,
 OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
 OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
-OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines
+OSSL_PROVIDER_query_operation, OSSL_PROVIDER_add_builtin,
+OSSL_PROVIDER_name - provider routines
 
 =head1 SYNOPSIS
 
@@ -27,6 +28,10 @@ OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name - provider routines
  const OSSL_PARAM *OSSL_PROVIDER_gettable_params(OSSL_PROVIDER *prov);
  int OSSL_PROVIDER_get_params(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
 
+ const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
+                                                     int operation_id,
+                                                     int *no_cache);
+
  int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
                                ossl_provider_init_fn *init_fn);
 
@@ -82,6 +87,16 @@ The caller must prepare the B<OSSL_PARAM> array before calling this
 function, and the variables acting as buffers for this parameter array
 should be filled with data when it returns successfully.
 
+OSSL_PROVIDER_query_operation() calls the provider's I<query_operation>
+function (see L<provider(7)>), if the provider has one. It should return an
+array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
+NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
+applications should not need to call.
+
+If it is permissible to cache references to this array then I<*no_store> is set
+to 0 or 1 otherwise. If the array is not cacheable then it should be assumed to
+have a short lifetime.
+
 OSSL_PROVIDER_name() returns the name of the given provider.
 
 =head1 RETURN VALUES
@@ -101,6 +116,9 @@ of constant B<OSSL_PARAM>, or NULL if none is provided.
 
 OSSL_PROVIDER_get_params() returns 1 on success, or 0 on error.
 
+OSSL_PROVIDER_query_operation() returns an array of OSSL_ALGORITHM or NULL on
+error.
+
 =head1 EXAMPLES
 
 This demonstrates how to load the provider module "foo" and ask for
diff --git a/include/openssl/provider.h b/include/openssl/provider.h
index 6ce68b16e7..91b864e423 100644
--- a/include/openssl/provider.h
+++ b/include/openssl/provider.h
@@ -30,6 +30,10 @@ int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx,
 const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
 
+const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
+                                                    int operation_id,
+                                                    int *no_cache);
+
 /* Add a built in providers */
 int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *, const char *name,
                               OSSL_provider_init_fn *init_fn);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index fd0509172f..3ac1c1ca49 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5097,3 +5097,4 @@ EC_GROUP_get_field_type                 ?	3_0_0	EXIST::FUNCTION:EC
 X509_PUBKEY_eq                          ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_eq                             ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_parameters_eq                  ?	3_0_0	EXIST::FUNCTION:
+OSSL_PROVIDER_query_operation           ?	3_0_0	EXIST::FUNCTION:
-- 
2.25.1