Setup a NULL provider

Cargo.toml

@@ -0,0 +1,7 @@
+[workspace]
+members = [
+    "parsec-openssl-sys2",
+    "parsec-openssl2",
+    "parsec-openssl-provider",
+    "parsec-openssl-provider-shared",
+]

ci.sh

@@ -7,3 +7,26 @@ set -ex
 
 echo "OpenSSL version being used:"
 openssl version
+
+# Build parsec provider shared library
+pushd parsec-openssl-provider-shared/ &&
+cargo build
+popd
+
+# Try loading the build parsec provider 
+provider_load_result=$(openssl list -providers -provider-path ./target/debug/ -provider libparsec_openssl_provider_shared)
+echo $provider_load_result
+
+test_string='Providers:
+  libparsec_openssl_provider_shared
+    name: Parsec OpenSSL Provider
+    version: 0.1.0
+    status: active'
+
+if [[ $test_string == $provider_load_result ]]; then
+    echo "Parsec OpenSSL Provider loaded successfully!!!!"
+    exit 0;
+fi
+
+echo "Loaded Provider has unexpected parameters!!!!"
+exit 1

parsec-openssl-provider-shared/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "parsec-openssl-provider-shared"
+version = "0.1.0"
+authors = ["Parsec Project Contributors"]
+description = "A parsec openssl provider dynamic library"
+license = "Apache-2.0"
+readme = "README.md"
+keywords = ["security", "service"]
+categories = ["cryptography", "hardware-support"]
+edition = "2021"
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+parsec-openssl-provider = { path ="../parsec-openssl-provider" }

parsec-openssl-provider-shared/src/catch.rs

@@ -0,0 +1,70 @@
+// Copyright (c) Microsoft. All rights reserved.
+
+/**
+MIT License
+
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE
+*/
+
+// The function has been copied from https://github.com/Azure/iot-identity-service/blob/91e0588/key/aziot-key-openssl-engine/src/lib.rs#L98
+// after getting the permission from the project maintainers.
+
+/// Catches the error, if any, from evaluating the given callback and converts it to a unit sentinel.
+/// If an openssl error function reference is provided, it is used to push the error onto the openssl error stack.
+/// Otherwise, the error is logged to stderr.
+///
+/// Intended to be used at FFI boundaries, where a Rust error cannot pass through and must be converted to an integer, nullptr, etc.
+use parsec_openssl_provider::openssl_errors;
+
+pub fn r#catch<T>(
+    function: Option<fn() -> openssl_errors::Function<super::Error>>,
+    f: impl FnOnce() -> Result<T, Box<dyn std::error::Error>>,
+) -> Result<T, ()> {
+    match f() {
+        Ok(value) => Ok(value),
+        Err(err) => {
+            // Technically, the order the errors should be put onto the openssl error stack is from root cause to top error.
+            // Unfortunately this is backwards from how Rust errors work, since they are top error to root cause.
+            //
+            // We could do it the right way by collect()ing into a Vec<&dyn Error> and iterating it backwards,
+            // but it seems too wasteful to be worth it. So just put them in the wrong order.
+
+            if let Some(function) = function {
+                openssl_errors::put_error!(function(), super::Error::MESSAGE, "{}", err);
+            } else {
+                eprintln!("[parsec-openssl-provider-shared] error: {}", err);
+            }
+
+            let mut source = err.source();
+            while let Some(err) = source {
+                if let Some(function) = function {
+                    openssl_errors::put_error!(function(), super::Error::MESSAGE, "{}", err);
+                } else {
+                    eprintln!("[parsec-openssl-provider-shared] caused by: {}", err);
+                }
+
+                source = err.source();
+            }
+
+            Err(())
+        }
+    }
+}

parsec-openssl-provider-shared/src/lib.rs

@@ -0,0 +1,45 @@
+// Copyright 2023 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+
+use parsec_openssl_provider::{
+    openssl_errors, parsec_provider_provider_init,
+};
+
+use parsec_openssl_provider::parsec_openssl2::{OPENSSL_SUCCESS,OPENSSL_ERROR};
+use parsec_openssl_provider::parsec_openssl2::types::VOID_PTR_PTR;
+use parsec_openssl_provider::parsec_openssl2::openssl_binding::{OSSL_CORE_HANDLE, OSSL_DISPATCH};
+mod catch;
+use catch::r#catch;
+
+#[no_mangle]
+// The function name needs to be unique for dynamic libraries as the openssl core
+// looks for OSSL_provider_init symbol while loading the provider.
+unsafe extern "C" fn OSSL_provider_init(
+    handle: *const OSSL_CORE_HANDLE,
+    in_: *const OSSL_DISPATCH,
+    out: *mut *const OSSL_DISPATCH,
+    provctx: VOID_PTR_PTR,
+) -> ::std::os::raw::c_int {
+    let result = r#catch(Some(|| Error::PROVIDER_INIT), || {
+        parsec_provider_provider_init(handle, in_, out, provctx)?;
+
+        Ok(OPENSSL_SUCCESS)
+    });
+    match result {
+        Ok(result) => result,
+        Err(()) => OPENSSL_ERROR,
+    }
+}
+
+openssl_errors::openssl_errors! {
+    #[allow(clippy::empty_enum)]
+    library Error("parsec_openssl_provider_shared") {
+        functions {
+            PROVIDER_INIT("parsec_provider_init");
+        }
+
+        reasons {
+            MESSAGE("");
+        }
+    }
+}

parsec-openssl-provider/Cargo.toml

@@ -0,0 +1,15 @@
+[package]
+name = "parsec-openssl-provider"
+version = "0.1.0"
+authors = ["Parsec Project Contributors"]
+description = "A parsec openssl provider static library"
+license = "Apache-2.0"
+readme = "README.md"
+keywords = ["security", "service"]
+categories = ["cryptography", "hardware-support"]
+edition = "2021"
+
+[dependencies]
+parsec-openssl2 = { path = "../parsec-openssl2" }
+openssl-errors = "0.2.0"
+log = "0.4"

parsec-openssl-provider/src/catch.rs

@@ -0,0 +1,69 @@
+// Copyright (c) Microsoft. All rights reserved.
+
+/**
+MIT License
+
+Copyright (c) Microsoft Corporation. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE
+*/
+
+// The function has been copied from https://github.com/Azure/iot-identity-service/blob/91e0588/key/aziot-key-openssl-engine/src/lib.rs#L98
+// after getting the permission from the project maintainers.
+
+/// Catches the error, if any, from evaluating the given callback and converts it to a unit sentinel.
+/// If an openssl error function reference is provided, it is used to push the error onto the openssl error stack.
+/// Otherwise, the error is logged to stderr.
+///
+/// Intended to be used at FFI boundaries, where a Rust error cannot pass through and must be converted to an integer, nullptr, etc.
+
+pub fn r#catch<T>(
+    function: Option<fn() -> openssl_errors::Function<super::Error>>,
+    f: impl FnOnce() -> Result<T, Box<dyn std::error::Error>>,
+) -> Result<T, ()> {
+    match f() {
+        Ok(value) => Ok(value),
+        Err(err) => {
+            // Technically, the order the errors should be put onto the openssl error stack is from root cause to top error.
+            // Unfortunately this is backwards from how Rust errors work, since they are top error to root cause.
+            //
+            // We could do it the right way by collect()ing into a Vec<&dyn Error> and iterating it backwards,
+            // but it seems too wasteful to be worth it. So just put them in the wrong order.
+
+            if let Some(function) = function {
+                openssl_errors::put_error!(function(), crate::Error::MESSAGE, "{}", err);
+            } else {
+                log::error!("[parsec-openssl-provider] error: {}", err);
+            }
+
+            let mut source = err.source();
+            while let Some(err) = source {
+                if let Some(function) = function {
+                    openssl_errors::put_error!(function(), crate::Error::MESSAGE, "{}", err);
+                } else {
+                    log::error!("[parsec-openssl-provider] caused by: {}", err);
+                }
+
+                source = err.source();
+            }
+
+            Err(())
+        }
+    }
+}

parsec-openssl-provider/src/lib.rs

@@ -0,0 +1,77 @@
+// Copyright 2023 Contributors to the Parsec project.
+// SPDX-License-Identifier: Apache-2.0
+use std::mem;
+
+pub use openssl_errors;
+pub use parsec_openssl2;
+
+use parsec_openssl2::{openssl_binding, types};
+
+use openssl_binding::{
+    OSSL_CORE_HANDLE, OSSL_DISPATCH, OSSL_FUNC_PROVIDER_GETTABLE_PARAMS,
+    OSSL_FUNC_PROVIDER_GET_PARAMS, OSSL_FUNC_PROVIDER_QUERY_OPERATION,
+};
+
+mod provider;
+use provider::*;
+
+mod catch;
+use catch::r#catch;
+
+// The init function populates the dispatch table and returns a NULL pointer
+// to the provider context. This needs to be changed when key management and
+// crypto support is added to the provider.
+pub unsafe fn parsec_provider_provider_init(
+    _handle: *const OSSL_CORE_HANDLE,
+    _in_: *const OSSL_DISPATCH,
+    out: *mut *const OSSL_DISPATCH,
+    provctx: types::VOID_PTR_PTR,
+) -> Result<(), parsec_openssl2::Error> {
+    let parsec_provider_gettable_params_ptr: ProviderGettableParamsPtr =
+        parsec_provider_gettable_params;
+
+    let parsec_provider_get_params_ptr: ProviderGetParamsPtr = parsec_provider_get_params;
+
+    let parsec_provider_query_ptr: ProviderQueryPtr = parsec_provider_query;
+
+    static mut DISPATCH_TABLE: [OSSL_DISPATCH; 4] = [parsec_openssl2::ossl_dispatch!(); 4];
+    static RESULT_INIT: std::sync::Once = std::sync::Once::new();
+
+    RESULT_INIT.call_once(|| {
+        DISPATCH_TABLE = [
+            parsec_openssl2::ossl_dispatch!(
+                OSSL_FUNC_PROVIDER_GETTABLE_PARAMS,
+                parsec_provider_gettable_params_ptr
+            ),
+            parsec_openssl2::ossl_dispatch!(
+                OSSL_FUNC_PROVIDER_GET_PARAMS,
+                parsec_provider_get_params_ptr
+            ),
+            parsec_openssl2::ossl_dispatch!(
+                OSSL_FUNC_PROVIDER_QUERY_OPERATION,
+                parsec_provider_query_ptr
+            ),
+            parsec_openssl2::ossl_dispatch!(),
+        ];
+    });
+
+    *out = DISPATCH_TABLE.as_ptr();
+    *provctx = std::ptr::null_mut();
+
+    Ok(())
+}
+
+openssl_errors::openssl_errors! {
+    #[allow(clippy::empty_enum)]
+    library Error("parsec_openssl_provider") {
+        functions {
+            PROVIDER_GETTABLE_PARAMS("parsec_provider_gettable_params");
+            PROVIDER_GET_PARAMS("parsec_provider_get_params");
+            PROVIDER_QUERY("parsec_provider_query");
+        }
+
+        reasons {
+            MESSAGE("");
+        }
+    }
+}