Add the OSSL_PROVIDER_get_capabilities() API function

Provide a function to applications to query the capabilities that a
provider can perform.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11914)

diff --git a/crypto/provider.c b/crypto/provider.c
index 02002a5f95202c2ef1656b473670e7e7cdfa7eeb..8646aef771e4630e8a4e2eba7e35d334399b18ad 100644 (file)
--- a/crypto/provider.c
+++ b/crypto/provider.c
@@ -57,7 +57,6 @@ int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
     return ossl_provider_get_params(prov, params);
 }
 
-
 const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
                                                     int operation_id,
                                                     int *no_cache)
@@ -70,6 +69,14 @@ void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov)
     return ossl_provider_prov_ctx(prov);
 }
 
+int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
+                                   const char *capability,
+                                   OSSL_CALLBACK *cb,
+                                   void *arg)
+{
+    return ossl_provider_get_capabilities(prov, capability, cb, arg);
+}
+
 int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
                               OSSL_provider_init_fn *init_fn)
 {

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index f7af51a297421eff537f5fe65a495499a7000df0..cfaa09ff7b661ae36efb356d598c74948f1672da 100644 (file)
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -70,6 +70,7 @@ struct ossl_provider_st {
     OSSL_provider_teardown_fn *teardown;
     OSSL_provider_gettable_params_fn *gettable_params;
     OSSL_provider_get_params_fn *get_params;
+    OSSL_provider_get_capabilities_fn *get_capabilities;
     OSSL_provider_query_operation_fn *query_operation;
 
     /*
@@ -543,6 +544,10 @@ static int provider_activate(OSSL_PROVIDER *prov)
             prov->get_params =
                 OSSL_get_provider_get_params(provider_dispatch);
             break;
+        case OSSL_FUNC_PROVIDER_GET_CAPABILITIES:
+            prov->get_capabilities =
+                OSSL_get_provider_get_capabilities(provider_dispatch);
+            break;
         case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
             prov->query_operation =
                 OSSL_get_provider_query_operation(provider_dispatch);
@@ -820,6 +825,15 @@ int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
         ? 0 : prov->get_params(prov->provctx, params);
 }
 
+int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
+                                   const char *capability,
+                                   OSSL_CALLBACK *cb,
+                                   void *arg)
+{
+    return prov->get_capabilities == NULL
+        ? 0 : prov->get_capabilities(prov->provctx, capability, cb, arg);
+}
+
 
 const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
                                                     int operation_id,

diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod
index 7bc5a386692b362e9ff99d784e6fd6a73469ad4c..6a43c68beaf7e5d6dd1e48ce5b7d5d9a87929b5b 100644 (file)
--- a/doc/internal/man3/ossl_provider_new.pod
+++ b/doc/internal/man3/ossl_provider_new.pod
@@ -14,7 +14,8 @@ ossl_provider_module_name, ossl_provider_module_path,
 ossl_provider_library_context,
 ossl_provider_teardown, ossl_provider_gettable_params,
 ossl_provider_get_params, ossl_provider_query_operation,
-ossl_provider_set_operation_bit, ossl_provider_test_operation_bit
+ossl_provider_set_operation_bit, ossl_provider_test_operation_bit,
+ossl_provider_get_capabilities
 - internal provider routines
 
 =head1 SYNOPSIS
@@ -60,6 +61,10 @@ ossl_provider_set_operation_bit, ossl_provider_test_operation_bit
  void ossl_provider_teardown(const OSSL_PROVIDER *prov);
  const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov);
  int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
+ int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
+                                   const char *capability,
+                                   OSSL_CALLBACK *cb,
+                                   void *arg);
  const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
                                                      int operation_id,
                                                      int *no_cache);
@@ -208,6 +213,12 @@ responder.
 It should treat the given I<OSSL_PARAM> array as described in
 L<OSSL_PARAM(3)>.
 
+ossl_provider_get_capabilities() calls the provider's I<get_capabilities> function,
+if the provider has one. It provides the name of the I<capability> and a
+callback I<cb> parameter to call for each capability that has a matching name in
+the provider. The callback gets passed OSSL_PARAM details about the capability as
+well as the caller supplied argument I<arg>.
+
 ossl_provider_query_operation() calls the provider's
 I<query_operation> function, if the provider has one.
 It should return an array of I<OSSL_ALGORITHM> for the given
@@ -285,6 +296,10 @@ If this function isn't available in the provider, 0 is returned.
 ossl_provider_set_operation_bit() and ossl_provider_test_operation_bit()
 return 1 on success, or 0 on error.
 
+ossl_provider_get_capabilities() returns 1 on success, or 0 on error.
+If this function isn't available in the provider or the provider does not
+support the requested capability then 0 is returned.
+
 =head1 SEE ALSO
 
 L<OSSL_PROVIDER(3)>, L<provider(7)>, L<openssl(1)>

diff --git a/include/internal/provider.h b/include/internal/provider.h
index d7c0926a0bb8b5c79d70eb9577a54948165ba64c..3bfc1542839d9b6eb993d06487d0e53db4d5df7b 100644 (file)
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -71,6 +71,10 @@ OPENSSL_CTX *ossl_provider_library_context(const OSSL_PROVIDER *prov);
 void ossl_provider_teardown(const OSSL_PROVIDER *prov);
 const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov);
 int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
+int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov,
+                                   const char *capability,
+                                   OSSL_CALLBACK *cb,
+                                   void *arg);
 const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
                                                     int operation_id,
                                                     int *no_cache);

diff --git a/include/openssl/provider.h b/include/openssl/provider.h
index e9a14086757940e77ca0936ffdab298bbafcdcf7..cb5fc9f8bfce36e60fe5ff66a1b64cbb3d4a9bca 100644 (file)
--- a/include/openssl/provider.h
+++ b/include/openssl/provider.h
@@ -29,6 +29,10 @@ int OSSL_PROVIDER_do_all(OPENSSL_CTX *ctx,
 
 const OSSL_PARAM *OSSL_PROVIDER_gettable_params(const OSSL_PROVIDER *prov);
 int OSSL_PROVIDER_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]);
+int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
+                                   const char *capability,
+                                   OSSL_CALLBACK *cb,
+                                   void *arg);
 
 const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
                                                     int operation_id,

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 230126ff55cd881b2e492edd8d8d57e1ad1bdec9..a92dccef61a8b31b02b1b1bba4750bda4f6e37a5 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5099,3 +5099,4 @@ EVP_PKEY_eq                             ? 3_0_0   EXIST::FUNCTION:
 EVP_PKEY_parameters_eq                  ?      3_0_0   EXIST::FUNCTION:
 OSSL_PROVIDER_query_operation           ?      3_0_0   EXIST::FUNCTION:
 OSSL_PROVIDER_get0_provider_ctx         ?      3_0_0   EXIST::FUNCTION:
+OSSL_PROVIDER_get_capabilities          ?      3_0_0   EXIST::FUNCTION: