openssl-provider-shared: Add dynamic library support

This adds a new crate which helps in building a dynamic library
for the parsec provider.

Signed-off-by: Gowtham Suresh Kumar <[email protected]>

parsec-openssl-provider-shared/Cargo.toml

@@ -0,0 +1,20 @@
+[package]
+name = "parsec-openssl-provider-shared"
+version = "0.1.0"
+authors = ["Parsec Project Contributors"]
+description = "A parsec openssl provider dynamic library"
+license = "Apache-2.0"
+readme = "README.md"
+keywords = ["security", "service"]
+categories = ["cryptography", "hardware-support"]
+edition = "2021"
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+openssl-sys = "0.9.99"
+parsec-openssl-sys2 = { path = "../parsec-openssl-sys2" }
+parsec-openssl-provider = { path ="../parsec-openssl-provider" }
+parsec-openssl2 = { path = "../parsec-openssl2" }
+openssl-errors = "0.2.0"

parsec-openssl-provider-shared/src/catch.rs

@@ -0,0 +1,68 @@
+// Copyright (c) Microsoft. All rights reserved.
+
+/**
+MIT License
+
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE
+*/
+
+// The function has been copied from https://github.com/Azure/iot-identity-service/blob/91e0588/key/aziot-key-openssl-engine/src/lib.rs#L98
+// after getting the permission from the project maintainers. 
+
+/// Catches the error, if any, from evaluating the given callback and converts it to a unit sentinel.
+/// If an openssl error function reference is provided, it is used to push the error onto the openssl error stack.
+/// Otherwise, the error is logged to stderr.
+///
+/// Intended to be used at FFI boundaries, where a Rust error cannot pass through and must be converted to an integer, nullptr, etc.
+pub fn r#catch<T>(
+    function: Option<fn() -> openssl_errors::Function<super::Error>>,
+    f: impl FnOnce() -> Result<T, Box<dyn std::error::Error>>,
+) -> Result<T, ()> {
+    match f() {
+        Ok(value) => Ok(value),
+        Err(err) => {
+            // Technically, the order the errors should be put onto the openssl error stack is from root cause to top error.
+            // Unfortunately this is backwards from how Rust errors work, since they are top error to root cause.
+            //
+            // We could do it the right way by collect()ing into a Vec<&dyn Error> and iterating it backwards,
+            // but it seems too wasteful to be worth it. So just put them in the wrong order.
+
+            if let Some(function) = function {
+                openssl_errors::put_error!(function(), super::Error::MESSAGE, "{}", err);
+            } else {
+                eprintln!("[parsec-openssl-provider-shared] error: {}", err);
+            }
+
+            let mut source = err.source();
+            while let Some(err) = source {
+                if let Some(function) = function {
+                    openssl_errors::put_error!(function(), super::Error::MESSAGE, "{}", err);
+                } else {
+                    eprintln!("[parsec-openssl-provider-shared] caused by: {}", err);
+                }
+
+                source = err.source();
+            }
+
+            Err(())
+        }
+    }
+}

parsec-openssl-provider-shared/src/lib.rs

@@ -0,0 +1,43 @@
+// Copyright 2023 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use parsec_openssl2::*;
+use parsec_openssl_sys2::*;
+use parsec_openssl_provider::parsec_provider_provider_init;
+
+mod catch;
+use catch::r#catch;
+
+#[no_mangle]
+// The function name needs to be unique for dynamic libraries as the openssl core
+// looks for OSSL_provider_init symbol while loading the provider.
+unsafe extern "C" fn OSSL_provider_init(
+    handle: *const OSSL_CORE_HANDLE,
+    in_: *const OSSL_DISPATCH,
+    out: *mut *const OSSL_DISPATCH,
+    provctx: VOID_PTR_PTR,
+) -> ::std::os::raw::c_int {
+    let result = r#catch(Some(|| Error::PROVIDER_INIT), || {
+        parsec_provider_provider_init(handle, in_, out, provctx)?;
+
+        Ok(OPENSSL_SUCCESS)
+    });
+    match result {
+        Ok(result) => result,
+        Err(()) => OPENSSL_ERROR,
+    }
+}
+
+openssl_errors::openssl_errors! {
+    #[allow(clippy::empty_enum)]
+    library Error("parsec_openssl_provider_shared") {
+        functions {
+            PROVIDER_INIT("parsec_provider_init");
+        }
+
+        reasons {
+            MESSAGE("");
+        }
+    }
+}
+