summaryrefslogtreecommitdiff
path: root/doc/man7/provider-base.pod
Commit message (Collapse)AuthorAgeFilesLines
* Added a macro OSSL_DISPATCH_END as marker of the end of OSSL_DISPATCH arraysIrak Rigia2023-04-211-3/+3
| | | | | | | | | | | Also updated the corresponding documentations. Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
* Fix typo in base provider example codeHansHoogerwerf2023-03-031-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20411)
* first cut at sigalg loadingMichael Baentsch2023-02-241-0/+123
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
* Replace some boldened types with a corresponding man page linkRichard Levitte2022-12-081-13/+13
| | | | | | | | | | The types OSSL_DISPATCH, OSSL_ITEM, OSSL_ALGORITHM, OSSL_PARAM, OSSL_CALLBACK, and OSSL_PASSPHRASE_CALLBACK are described in their own manual page, so we change every mention of them to links to those pages. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19842)
* Fix for OSSL_PARAM sample code referencing OSSL_PARAM_UTF8_PTRMichael Baentsch2022-06-161-3/+3
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18490)
* doc: remove non-existent callbacksPauli2021-11-281-10/+1
| | | | | | | | | | These used to exist but were removed before release. Updating the documentation was missed. Fixes #17138 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17141)
* Permit no/empty digest in core_obj_add_sigidMichael Baentsch2021-10-221-2/+3
| | | | | | | | | Also add digest parameter documentation for add_sigid and permit NULL as digest name in the provider upcall. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16770)
* doc: OPENSSL_CORE_CTX should never be cast to OSSL_LIB_CTXTomas Mraz2021-10-111-3/+7
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16771)
* doc: Document that the OBJ creation functions are now thread safe.Pauli2021-09-251-2/+5
| | | | | | | | | | With the OBJ_ thread locking in place, these documentation changes are not required. This reverts commit 0218bcdd3feab456135207c140998305df73ab7b. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15713)
* doc: remove end of line whitespacePauli2021-09-221-1/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16641)
* Add a warning about locking in the child provider callback docsMatt Caswell2021-08-311-2/+4
| | | | | | | | | | The child provider callbacks can hold the store lock. In order to avoid deadlocks we require that the callback implementations don't themselves call functions that may aquire those locks. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16469)
* doc: document that config_diagnostics is sensible but involves riskPauli2021-07-301-0/+1
| | | | | | | | | | Also: - add this option to the sample configurations in the documentation. - note that it is a sensible choice when using FIPS via config Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16172)
* doc: update up call documentationPauli2021-06-261-1/+7
| | | | | | | Some of the BIO functions weren't included in the provider-base documentation. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15909)
* doc: Document that the OBJ creation functions don't lock.Pauli2021-06-241-0/+2
| | | | | | | | | | | Neither OBJ_create() nor OBJ_add_sigid() use locks. They are not thread safe. They can and will cause the other OBJ_ query functions to fail in mysterious ways if called concurrently with them. There is no problem calling multiple query functions concurrently. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15865)
* Add documentation for the newly added OBJ up callsMatt Caswell2021-06-161-3/+31
| | | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15681)
* doc: finish the provider child up call documentationPauli2021-06-161-1/+7
| | | | | | | | | | The bulk of the documentation was there but it wasn't quite complete. Fixes #15678 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15734)
* doc: update core_thread_start() documentationPauli2021-05-241-5/+7
| | | | | | | It is now passed an arugment to pass to the callback Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15278)
* Update documentation for global properties mirroringMatt Caswell2021-05-201-2/+7
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
* doc: document all functions in provider-base(7)Pauli2021-05-151-12/+16
| | | | | | | Fixes #13358 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15259)
* Update documentation following addition of OSSL_LIB_CTX_new_child()Matt Caswell2021-05-111-0/+54
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
* Unify parameter types in documentationTomas Mraz2021-05-071-9/+9
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15178)
* Small fixes and cleanups of provider API documentationTomas Mraz2021-04-091-1/+1
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14756)
* core: add up_ref callback for OSSL_CORE_BIOPauli2021-03-111-13/+15
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14419)
* provider: add an unquery function to allow providers to clean up.Pauli2021-02-241-0/+8
| | | | | | | | | | | Without this, a provider has no way to know that an application has finished with the array it returned earlier. A non-caching provider requires this information. Fixes #12974 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12974)
* Update copyright yearRichard Levitte2021-01-281-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
* Document the core_thread_start upcallMatt Caswell2021-01-141-1/+10
| | | | | | | The core_thread_start upcall previously had a placeholder in the docs. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13660)
* doc: Documentation changes for moving the entropy source out of the fips ↵Pauli2020-11-201-0/+36
| | | | | | | | provider Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/13226)
* Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx'Dr. Matthias St. Pierre2020-10-151-3/+3
| | | | | | | | | This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
* Define OSSL_CAPABILITY_TLS_GROUP_IS_KEMNicola Tuveri2020-10-141-7/+34
| | | | | | | | Note that with this commit the optional parameter is introduced, but libssl still ignores it. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13018)
* Add 'on demand self test' and status test to providersShane Lontis2020-08-091-0/+11
| | | | | | | | | | | | | | | The default and legacy providers currently return 1 for status and self test checks. Added test to show the 3 different stages the self test can be run (for installation, loading and on demand). For the fips provider: - If the on demand self test fails, then any subsequent fetches should also fail. To implement this the cached algorithms are flushed on failure. - getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11752)
* Fix typos and repeated wordsGustaf Neumann2020-07-051-2/+2
| | | | | | | | CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/12320)
* Make the naming scheme for dispatched functions more consistentDr. Matthias St. Pierre2020-06-241-28/+28
| | | | | | | | | | | | | | | | | | | | | | | | | The new naming scheme consistently usese the `OSSL_FUNC_` prefix for all functions which are dispatched between the core and providers. This change includes in particular all up- and downcalls, i.e., the dispatched functions passed from core to provider and vice versa. - OSSL_core_ -> OSSL_FUNC_core_ - OSSL_provider_ -> OSSL_FUNC_core_ For operations and their function dispatch tables, the following convention is used: Type | Name (evp_generic_fetch(3)) | ---------------------|-----------------------------------| operation | OSSL_OP_FOO | function id | OSSL_FUNC_FOO_FUNCTION_NAME | function "name" | OSSL_FUNC_foo_function_name | function typedef | OSSL_FUNC_foo_function_name_fn | function ptr getter | OSSL_FUNC_foo_function_name | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
* Rename <openssl/core_numbers.h> -> <openssl/core_dispatch.h>Dr. Matthias St. Pierre2020-06-241-5/+5
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12222)
* Add documentation about CapabilitiesMatt Caswell2020-06-191-0/+78
| | | | | | | | Document the OSSL_PROVIDER_get_capabilities() function as well as the provider side support for capabilities. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
* Update core_names.h fields and document most fields.Shane Lontis2020-05-261-8/+38
| | | | | | | | | | | | | | | Renamed some values in core_names i.e Some DH specific names were changed to use DH instead of FFC. Added some strings values related to RSA keys. Moved set_params related docs out of EVP_PKEY_CTX_ctrl.pod into its own file. Updated Keyexchange and signature code and docs. Moved some common DSA/DH docs into a shared EVP_PKEY-FFC.pod. Moved Ed25519.pod into EVP_SIGNATURE-ED25519.pod and reworked it. Added some usage examples. As a result of the usage examples the following change was also made: ec allows OSSL_PKEY_PARAM_USE_COFACTOR_ECDH as a settable gen parameter. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11610)
* Update documentation following changes of various typesMatt Caswell2020-05-161-20/+35
| | | | | | | | | The previous commit changed the types of various objects passed between the core and providers. Therefore the documentation needs to be updated to reflect that. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11758)
* Update copyright yearMatt Caswell2020-04-231-1/+1
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
* Add FIPS Self test kats for digestsShane Lontis2020-01-151-0/+3
| | | | | | | | | | | | | Added an API to optionally set a self test callback. The callback has the following 2 purposes (1) Output information about the KAT tests. (2) Allow the ability to corrupt one of the KAT's The fipsinstall program uses the API. Some KATS are not included in this PR since the required functionality did not yet exist in the provider. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10374)
* Deprecate most of debug-memoryRich Salz2019-12-141-2/+1
| | | | | | | | | | | | | | | | | | | | | Fixes #8322 The leak-checking (and backtrace option, on some platforms) provided by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered; only the "make malloc fail" capability remains. OpenSSL recommends using the compiler's leak-detection instead. The OPENSSL_DEBUG_MEMORY environment variable is no longer used. CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code. CRYPTO_mem_debug_{malloc,realloc,free}() have been removed. All of the above are now deprecated. Merge (now really small) mem_dbg.c into mem.c Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10572)
* Fix some typosVeres Lajos2019-12-111-2/+2
| | | | | | | | | | Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer> CLA: trivial Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10544)
* PROV BIO: add a BIO_vprintf() upcall, and a provider BIO libraryRichard Levitte2019-11-291-2/+3
| | | | | | | | | | | | The BIO_vprintf() will allow the provider to print any text, given a BIO supplied by libcrypto. Additionally, we add a provider library with functions to collect all the currently supplied BIO upcalls, as well as wrappers around those upcalls. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10394)
* Disable mem leak checking for the self test lockMatt Caswell2019-11-291-1/+2
| | | | | | | | | | | The fips self test lock is deallocated in platform specific ways that may occur after we do mem leak checking. If we don't know how to free it for a particular platform then we just leak it deliberately. So we temporarily disable the mem leak checking while we allocate the lock. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9939)
* Add fips module integrity checkShane Lontis2019-09-151-2/+2
| | | | | | | Add environment variable for setting CONF .include path Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9769)
* Add fips provider code for handling self test dataShane Lontis2019-08-191-0/+5
| | | | | | | | | | | More PR's related to self test will be derived from this PR. Note: the code removed in core_get_params() was causing a freeze since the fips module was being loaded from a config file, which then called core_get_params() which then tried to init the config fle again... Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9596)
* Rename provider and core get_param_types functionsRichard Levitte2019-08-151-11/+11
| | | | | | | | | | | | | | It was argued that names like SOMETHING_set_param_types were confusing, and a rename has been proposed to SOMETHING_settable_params, and by consequence, SOMETHING_get_param_types is renamed SOMETHING_gettable_params. This changes implements this change for the dispatched provider and core functions. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9591)
* Refactor provider support for reporting errorsRichard Levitte2019-07-311-17/+41
| | | | | | | | | | | | | | | The core now supplies its own versions of ERR_new(), ERR_set_debug() and ERR_vset_error(). This should suffice for a provider to have any OpenSSL compatible functionlity it desires. The main difference between the ERR functions and the core counterparts is that the core counterparts take an OSSL_PROVIDER parameter instead of the library number. That way, providers do not need to know what number they have been assigned, that information stays in the core. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9452)
* Documentation: add provider-base(7), describing the base functionsRichard Levitte2019-07-221-0/+464
The base functions are the first tables of function pointers that libcrypto and the provider pass to each other, thereby providing a baseline with which they can communicate further with each other. This also contains an example for a ficticious provider, providing an implement of a fictitious algorithm for a fictitious operation. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9409)
View Lorry Controller Status