native-ossl 0.1.1

Native Rust idiomatic bindings to OpenSSL
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

//! `LibCtx` — `OSSL_LIB_CTX` wrapper and `Provider` — `OSSL_PROVIDER` wrapper.
//!
//! Most callers use the global default library context and never need this module.
//! Create an explicit context when:
//! - FIPS mode is required (load `"fips"` + `"base"` providers).
//! - Per-process isolation of algorithm state is needed.
//!
//! ## `Arc<LibCtx>` ownership
//!
//! OpenSSL does not expose `OSSL_LIB_CTX_up_ref`.  Rust manages the lifetime
//! via `Arc<LibCtx>`.  Algorithm descriptors that use an explicit context store
//! `Option<Arc<LibCtx>>` to extend its lifetime.

use crate::error::ErrorStack;
use native_ossl_sys as sys;

// ── LibCtx ────────────────────────────────────────────────────────────────────

/// An OpenSSL library context (`OSSL_LIB_CTX*`).
///
/// Wrap in `Arc<LibCtx>` before passing to algorithm descriptors; they will
/// clone the `Arc` to keep the context alive.
#[derive(Debug)]
pub struct LibCtx {
    ptr: *mut sys::OSSL_LIB_CTX,
    /// When `false` this `LibCtx` was created from an externally-owned pointer
    /// and must **not** call `OSSL_LIB_CTX_free` on drop.
    owned: bool,
}

impl LibCtx {
    /// Create a new, empty library context.
    ///
    /// No providers are loaded by default.  Call `load_provider` at least once
    /// before using algorithms.
    ///
    /// # Errors
    ///
    /// Returns `Err` if OpenSSL cannot allocate the context.
    pub fn new() -> Result<Self, ErrorStack> {
        let ptr = unsafe { sys::OSSL_LIB_CTX_new() };
        if ptr.is_null() {
            return Err(ErrorStack::drain());
        }
        Ok(LibCtx { ptr, owned: true })
    }

    /// Load a provider into this library context.
    ///
    /// Common provider names:
    /// - `c"default"` — standard algorithms.
    /// - `c"fips"` — FIPS 140-3 validated algorithms (requires OpenSSL FIPS module).
    /// - `c"base"` — must be loaded alongside `"fips"` for PEM/DER encoders.
    ///
    /// The returned `Provider` keeps the provider loaded until dropped.
    ///
    /// # Errors
    ///
    /// Returns `Err` if the provider cannot be loaded.
    pub fn load_provider(&self, name: &std::ffi::CStr) -> Result<Provider, ErrorStack> {
        let ptr = unsafe { sys::OSSL_PROVIDER_load(self.ptr, name.as_ptr()) };
        if ptr.is_null() {
            return Err(ErrorStack::drain());
        }
        Ok(Provider { ptr })
    }

    /// Return the raw `OSSL_LIB_CTX*` pointer.  Valid while `self` is alive.
    #[must_use]
    pub fn as_ptr(&self) -> *mut sys::OSSL_LIB_CTX {
        self.ptr
    }

    /// Wrap a raw `OSSL_LIB_CTX*` that is owned and managed externally.
    ///
    /// The resulting `LibCtx` will NOT call `OSSL_LIB_CTX_free` when dropped.
    /// Use this only when the raw pointer's lifetime is guaranteed to exceed the
    /// `LibCtx` (e.g. a context received from a FIPS provider callback).
    ///
    /// # Safety
    ///
    /// The caller must ensure that `ptr` is a valid, non-null `OSSL_LIB_CTX*`
    /// that remains valid for as long as the returned `LibCtx` is alive.
    pub unsafe fn from_raw_unowned(ptr: *mut sys::OSSL_LIB_CTX) -> Self {
        LibCtx { ptr, owned: false }
    }
}

impl Drop for LibCtx {
    fn drop(&mut self) {
        if self.owned {
            unsafe { sys::OSSL_LIB_CTX_free(self.ptr) };
        }
    }
}

// SAFETY: `OSSL_LIB_CTX` is designed to be shared across threads after setup.
unsafe impl Send for LibCtx {}
unsafe impl Sync for LibCtx {}

// ── Provider ──────────────────────────────────────────────────────────────────

/// A loaded OpenSSL provider (`OSSL_PROVIDER*`).
///
/// The provider remains loaded until this value is dropped.  Keep it alive for
/// the lifetime of any algorithm descriptors that use the associated `LibCtx`.
pub struct Provider {
    ptr: *mut sys::OSSL_PROVIDER,
}

impl Drop for Provider {
    fn drop(&mut self) {
        unsafe { sys::OSSL_PROVIDER_unload(self.ptr) };
    }
}

// SAFETY: `OSSL_PROVIDER*` is managed by the library context thread-safely.
unsafe impl Send for Provider {}
unsafe impl Sync for Provider {}

// ── Tests ─────────────────────────────────────────────────────────────────────

#[cfg(test)]
mod tests {
    use super::*;
    use std::sync::Arc;

    #[test]
    fn create_and_drop() {
        let ctx = LibCtx::new().unwrap();
        drop(ctx);
    }

    #[test]
    fn load_default_provider() {
        let ctx = LibCtx::new().unwrap();
        let _prov = ctx.load_provider(c"default").unwrap();
        // Provider unloaded when `_prov` drops.
    }

    #[test]
    fn arc_shared_context() {
        let ctx = Arc::new(LibCtx::new().unwrap());
        let _prov = ctx.load_provider(c"default").unwrap();
        let ctx2 = Arc::clone(&ctx);
        drop(ctx);
        // ctx2 keeps the context alive; prov is still valid.
        drop(ctx2);
    }
}