Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)

Standard preamble:
========================================================================
..

..

.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "PROVIDER-STOREMGMT 7" For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
provider-storemgmt - The OSSL_STORE library <-> provider functions Header "SYNOPSIS" .Vb 1 #include <openssl/core_dispatch.h> \& /* * None of these are actual functions, but are displayed like this for * the function signatures for functions that are offered as function * pointers in OSSL_DISPATCH arrays. */ \& void *OSSL_FUNC_store_open(void *provctx, const char *uri); void *OSSL_FUNC_store_attach(void *provctx, OSSL_CORE_BIO *bio); const OSSL_PARAM *store_settable_ctx_params(void *provctx); int OSSL_FUNC_store_set_ctx_params(void *loaderctx, const OSSL_PARAM[]); int OSSL_FUNC_store_load(void *loaderctx, OSSL_CALLBACK *object_cb, void *object_cbarg, OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg); int OSSL_FUNC_store_eof(void *loaderctx); int OSSL_FUNC_store_close(void *loaderctx); \& int OSSL_FUNC_store_export_object (void *loaderctx, const void *objref, size_t objref_sz, OSSL_CALLBACK *export_cb, void *export_cbarg); .Ve Header "DESCRIPTION" The \s-1STORE\s0 operation is the provider side of the ossl_store\|(7) \s-1API.\s0

The primary responsibility of the \s-1STORE\s0 operation is to load all sorts of objects from a container indicated by \s-1URI.\s0 These objects are given to the OpenSSL library in provider-native object abstraction form (see \fBprovider-object\|(7)). The OpenSSL library is then responsible for passing on that abstraction to suitable provided functions.

Examples of functions that the OpenSSL library can pass the abstraction to include OSSL_FUNC_keymgmt_load() (provider-keymgmt\|(7)), \fBOSSL_FUNC_store_export_object() (which exports the object in parameterized form).

All \*(L"functions\*(R" mentioned here are passed as function pointers between \fIlibcrypto and the provider in \s-1OSSL_DISPATCH\s0\|(3) arrays via \s-1OSSL_ALGORITHM\s0\|(3) arrays that are returned by the provider's \fBprovider_query_operation() function (see \*(L"Provider Functions\*(R" in provider-base\|(7)).

All these \*(L"functions\*(R" have a corresponding function type definition named \fBOSSL_FUNC_{name}_fn, and a helper function to retrieve the function pointer from a \s-1OSSL_DISPATCH\s0\|(3) element named OSSL_get_{name}. For example, the \*(L"function\*(R" OSSL_FUNC_store_attach() has these:

.Vb 4 typedef void *(OSSL_FUNC_store_attach_fn)(void *provctx, OSSL_CORE_BIO * bio); static ossl_inline OSSL_FUNC_store_attach_fn OSSL_FUNC_store_attach(const OSSL_DISPATCH *opf); .Ve

\s-1OSSL_DISPATCH\s0\|(3) arrays are indexed by numbers that are provided as macros in openssl-core_dispatch.h\|(7), as follows:

.Vb 8 OSSL_FUNC_store_open OSSL_FUNC_STORE_OPEN OSSL_FUNC_store_attach OSSL_FUNC_STORE_ATTACH OSSL_FUNC_store_settable_ctx_params OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS OSSL_FUNC_store_set_ctx_params OSSL_FUNC_STORE_SET_CTX_PARAMS OSSL_FUNC_store_load OSSL_FUNC_STORE_LOAD OSSL_FUNC_store_eof OSSL_FUNC_STORE_EOF OSSL_FUNC_store_close OSSL_FUNC_STORE_CLOSE OSSL_FUNC_store_export_object OSSL_FUNC_STORE_EXPORT_OBJECT .Ve

Subsection "Functions" \fBOSSL_FUNC_store_open() should create a provider side context with data based on the input uri. The implementation is entirely responsible for the interpretation of the \s-1URI.\s0

\fBOSSL_FUNC_store_attach() should create a provider side context with the core \fB\s-1BIO\s0 bio attached. This is an alternative to using a \s-1URI\s0 to find storage, supporting OSSL_STORE_attach\|(3).

\fBOSSL_FUNC_store_settable_ctx_params() should return a constant array of descriptor \s-1OSSL_PARAM\s0\|(3), for parameters that OSSL_FUNC_store_set_ctx_params() can handle.

\fBOSSL_FUNC_store_set_ctx_params() should set additional parameters, such as what kind of data to expect, search criteria, and so on. More on those below, in \*(L"Load Parameters\*(R". Whether unrecognised parameters are an error or simply ignored is at the implementation's discretion. Passing \s-1NULL\s0 for params should return true.

\fBOSSL_FUNC_store_load() loads the next object from the \s-1URI\s0 opened by \fBOSSL_FUNC_store_open(), creates an object abstraction for it (see \fBprovider-object\|(7)), and calls object_cb with it as well as \fIobject_cbarg. object_cb will then interpret the object abstraction and do what it can to wrap it or decode it into an OpenSSL structure. In case a passphrase needs to be prompted to unlock an object, pw_cb should be called.

\fBOSSL_FUNC_store_eof() indicates if the end of the set of objects from the \s-1URI\s0 has been reached. When that happens, there's no point trying to do any further loading.

\fBOSSL_FUNC_store_close() frees the provider side context ctx.

When a provider-native object is created by a store manager it would be unsuitable for direct use with a foreign provider. The export function allows for exporting the object to that foreign provider if the foreign provider supports the type of the object and provides an import function.

\fBOSSL_FUNC_store_export_object() should export the object of size objref_sz referenced by objref as an \s-1OSSL_PARAM\s0\|(3) array and pass that to the \fIexport_cb as well as the given export_cbarg.

Subsection "Load Parameters" Item "expect (OSSL_STORE_PARAM_EXPECT) <integer>" Is a hint of what type of data the OpenSSL library expects to get. This is only useful for optimization, as the library will check that the object types match the expectation too. .Sp The number that can be given through this parameter is found in \fI<openssl/store.h>, with the macros having names starting with \f(CW\*(C`OSSL_STORE_INFO_\*(C'. These are further described in \*(L"\s-1SUPPORTED OBJECTS\*(R"\s0 in \s-1OSSL_STORE_INFO\s0\|(3). Item "subject (OSSL_STORE_PARAM_SUBJECT) <octet string>" Indicates that the caller wants to search for an object with the given subject associated. This can be used to select specific certificates by subject. .Sp The contents of the octet string is expected to be in \s-1DER\s0 form. Item "issuer (OSSL_STORE_PARAM_ISSUER) <octet string>" Indicates that the caller wants to search for an object with the given issuer associated. This can be used to select specific certificates by issuer. .Sp The contents of the octet string is expected to be in \s-1DER\s0 form. Item "serial (OSSL_STORE_PARAM_SERIAL) <integer>" Indicates that the caller wants to search for an object with the given serial number associated. Item "digest (OSSL_STORE_PARAM_DIGEST) <UTF8 string>"

0 Item "fingerprint (OSSL_STORE_PARAM_FINGERPRINT) <octet string>"

Indicates that the caller wants to search for an object with the given fingerprint, computed with the given digest. Item "alias (OSSL_STORE_PARAM_ALIAS) <UTF8 string>" Indicates that the caller wants to search for an object with the given alias (some call it a \*(L"friendly name\*(R"). Item "properties (OSSL_STORE_PARAM_PROPERTIES) <utf8 string" Property string to use when querying for algorithms such as the \s-1OSSL_DECODER\s0 decoder implementations. Item "input-type (OSSL_STORE_PARAM_INPUT_TYPE) <utf8 string" Type of the input format as a hint to use when decoding the objects in the store.

Several of these search criteria may be combined. For example, to search for a certificate by issuer+serial, both the \*(L"issuer\*(R" and the \*(L"serial\*(R" parameters will be given.

Header "SEE ALSO" \fBprovider\|(7) Header "HISTORY" The \s-1STORE\s0 interface was introduced in OpenSSL 3.0. Header "COPYRIGHT" Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.