Annotation of src/usr.bin/openssl/engine.c, Revision 1.5
1.5 ! jsing 1: /* $OpenBSD: engine.c,v 1.4 2015/07/16 15:24:41 beck Exp $ */
1.1 jsing 2: /* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
3: * project 2000.
4: */
5: /* ====================================================================
6: * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7: *
8: * Redistribution and use in source and binary forms, with or without
9: * modification, are permitted provided that the following conditions
10: * are met:
11: *
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: *
15: * 2. Redistributions in binary form must reproduce the above copyright
16: * notice, this list of conditions and the following disclaimer in
17: * the documentation and/or other materials provided with the
18: * distribution.
19: *
20: * 3. All advertising materials mentioning features or use of this
21: * software must display the following acknowledgment:
22: * "This product includes software developed by the OpenSSL Project
23: * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24: *
25: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26: * endorse or promote products derived from this software without
27: * prior written permission. For written permission, please contact
28: * licensing@OpenSSL.org.
29: *
30: * 5. Products derived from this software may not be called "OpenSSL"
31: * nor may "OpenSSL" appear in their names without prior written
32: * permission of the OpenSSL Project.
33: *
34: * 6. Redistributions of any form whatsoever must retain the following
35: * acknowledgment:
36: * "This product includes software developed by the OpenSSL Project
37: * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38: *
39: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50: * OF THE POSSIBILITY OF SUCH DAMAGE.
51: * ====================================================================
52: *
53: * This product includes cryptographic software written by Eric Young
54: * (eay@cryptsoft.com). This product includes software written by Tim
55: * Hudson (tjh@cryptsoft.com).
56: *
57: */
58:
59: #include <stdio.h>
60: #include <stdlib.h>
61: #include <string.h>
62:
63: #include "apps.h"
64:
65: #ifndef OPENSSL_NO_ENGINE
66: #include <openssl/engine.h>
67: #include <openssl/err.h>
68: #include <openssl/ssl.h>
69:
70: static const char *engine_usage[] = {
71: "usage: engine opts [engine ...]\n",
72: " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
73: " -vv will additionally display each command's description\n",
74: " -vvv will also add the input flags for each command\n",
75: " -vvvv will also show internal input flags\n",
76: " -c - for each engine, also list the capabilities\n",
77: " -t[t] - for each engine, check that they are really available\n",
78: " -tt will display error trace for unavailable engines\n",
79: " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
80: " to load it (if -t is used)\n",
81: " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
82: " (only used if -t is also provided)\n",
83: " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
84: " line, or all supported ENGINEs if none are specified.\n",
85: " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
86: " argument \"/lib/libdriver.so\".\n",
87: NULL
88: };
89:
90: static void
91: identity(char *ptr)
92: {
93: return;
94: }
95:
96: static int
97: append_buf(char **buf, const char *s, int *size, int step)
98: {
99: if (*buf == NULL) {
100: *size = step;
101: *buf = malloc(*size);
102: if (*buf == NULL)
103: return 0;
104: **buf = '\0';
105: }
106:
107: if (strlen(*buf) + strlen(s) >= (unsigned int) *size) {
108: *size += step;
109: *buf = realloc(*buf, *size);
110: }
111: if (*buf == NULL)
112: return 0;
113:
114: if (**buf != '\0')
115: strlcat(*buf, ", ", *size);
116: strlcat(*buf, s, *size);
117:
118: return 1;
119: }
120:
121: static int
122: util_flags(BIO * bio_out, unsigned int flags, const char *indent)
123: {
124: int started = 0, err = 0;
125: /* Indent before displaying input flags */
126: BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
127: if (flags == 0) {
128: BIO_printf(bio_out, "<no flags>\n");
129: return 1;
130: }
131: /*
132: * If the object is internal, mark it in a way that shows instead of
133: * having it part of all the other flags, even if it really is.
134: */
135: if (flags & ENGINE_CMD_FLAG_INTERNAL) {
136: BIO_printf(bio_out, "[Internal] ");
137: }
138: if (flags & ENGINE_CMD_FLAG_NUMERIC) {
139: BIO_printf(bio_out, "NUMERIC");
140: started = 1;
141: }
142: /*
143: * Now we check that no combinations of the mutually exclusive
144: * NUMERIC, STRING, and NO_INPUT flags have been used. Future flags
145: * that can be OR'd together with these would need to added after
146: * these to preserve the testing logic.
147: */
148: if (flags & ENGINE_CMD_FLAG_STRING) {
149: if (started) {
150: BIO_printf(bio_out, "|");
151: err = 1;
152: }
153: BIO_printf(bio_out, "STRING");
154: started = 1;
155: }
156: if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
157: if (started) {
158: BIO_printf(bio_out, "|");
159: err = 1;
160: }
161: BIO_printf(bio_out, "NO_INPUT");
162: started = 1;
163: }
164: /* Check for unknown flags */
165: flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
166: ~ENGINE_CMD_FLAG_STRING &
167: ~ENGINE_CMD_FLAG_NO_INPUT &
168: ~ENGINE_CMD_FLAG_INTERNAL;
169: if (flags) {
170: if (started)
171: BIO_printf(bio_out, "|");
172: BIO_printf(bio_out, "<0x%04X>", flags);
173: }
174: if (err)
175: BIO_printf(bio_out, " <illegal flags!>");
176: BIO_printf(bio_out, "\n");
177: return 1;
178: }
179:
180: static int
181: util_verbose(ENGINE * e, int verbose, BIO * bio_out, const char *indent)
182: {
183: static const int line_wrap = 78;
184: int num;
185: int ret = 0;
186: char *name = NULL;
187: char *desc = NULL;
188: int flags;
189: int xpos = 0;
190: STACK_OF(OPENSSL_STRING) * cmds = NULL;
191: if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
192: ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
193: 0, NULL, NULL)) <= 0)) {
194: return 1;
195: }
196: cmds = sk_OPENSSL_STRING_new_null();
197:
198: if (!cmds)
199: goto err;
200: do {
201: int len;
202: /* Get the command input flags */
203: if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
204: NULL, NULL)) < 0)
205: goto err;
206: if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
207: /* Get the command name */
208: if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
209: NULL, NULL)) <= 0)
210: goto err;
211: if ((name = malloc(len + 1)) == NULL)
212: goto err;
213: if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
214: NULL) <= 0)
215: goto err;
216: /* Get the command description */
217: if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
218: NULL, NULL)) < 0)
219: goto err;
220: if (len > 0) {
221: if ((desc = malloc(len + 1)) == NULL)
222: goto err;
223: if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
224: NULL) <= 0)
225: goto err;
226: }
227: /* Now decide on the output */
228: if (xpos == 0)
229: /* Do an indent */
230: xpos = BIO_puts(bio_out, indent);
231: else
232: /* Otherwise prepend a ", " */
233: xpos += BIO_printf(bio_out, ", ");
234: if (verbose == 1) {
235: /* We're just listing names, comma-delimited */
236: if ((xpos > (int) strlen(indent)) &&
237: (xpos + (int) strlen(name) > line_wrap)) {
238: BIO_printf(bio_out, "\n");
239: xpos = BIO_puts(bio_out, indent);
240: }
241: xpos += BIO_printf(bio_out, "%s", name);
242: } else {
243: /* We're listing names plus descriptions */
244: BIO_printf(bio_out, "%s: %s\n", name,
245: (desc == NULL) ? "<no description>" : desc);
246: /* ... and sometimes input flags */
247: if ((verbose >= 3) && !util_flags(bio_out, flags,
248: indent))
249: goto err;
250: xpos = 0;
251: }
252: }
253: free(name);
254: name = NULL;
255: free(desc);
256: desc = NULL;
257:
258: /* Move to the next command */
259: num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
260: num, NULL, NULL);
261: } while (num > 0);
262: if (xpos > 0)
263: BIO_printf(bio_out, "\n");
264: ret = 1;
265: err:
266: if (cmds)
267: sk_OPENSSL_STRING_pop_free(cmds, identity);
268: free(name);
269: free(desc);
270: return ret;
271: }
272:
273: static void
274: util_do_cmds(ENGINE * e, STACK_OF(OPENSSL_STRING) * cmds,
275: BIO * bio_out, const char *indent)
276: {
277: int loop, res, num = sk_OPENSSL_STRING_num(cmds);
278:
279: if (num < 0) {
280: BIO_printf(bio_out, "[Error]: internal stack error\n");
281: return;
282: }
283: for (loop = 0; loop < num; loop++) {
284: char buf[256];
285: const char *cmd, *arg;
286: cmd = sk_OPENSSL_STRING_value(cmds, loop);
287: res = 1; /* assume success */
288: /* Check if this command has no ":arg" */
289: if ((arg = strstr(cmd, ":")) == NULL) {
290: if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
291: res = 0;
292: } else {
293: if ((int) (arg - cmd) > 254) {
294: BIO_printf(bio_out, "[Error]: command name too long\n");
295: return;
296: }
297: memcpy(buf, cmd, (int) (arg - cmd));
298: buf[arg - cmd] = '\0';
299: arg++; /* Move past the ":" */
300: /* Call the command with the argument */
301: if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
302: res = 0;
303: }
304: if (res)
305: BIO_printf(bio_out, "[Success]: %s\n", cmd);
306: else {
307: BIO_printf(bio_out, "[Failure]: %s\n", cmd);
308: ERR_print_errors(bio_out);
309: }
310: }
311: }
312:
313: int
314: engine_main(int argc, char **argv)
315: {
316: int ret = 1, i;
317: const char **pp;
318: int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
319: ENGINE *e;
320: STACK_OF(OPENSSL_STRING) * engines = sk_OPENSSL_STRING_new_null();
321: STACK_OF(OPENSSL_STRING) * pre_cmds = sk_OPENSSL_STRING_new_null();
322: STACK_OF(OPENSSL_STRING) * post_cmds = sk_OPENSSL_STRING_new_null();
323: int badops = 1;
324: BIO *bio_out = NULL;
325: const char *indent = " ";
326:
327: bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
328:
329: argc--;
330: argv++;
331: while (argc >= 1) {
332: if (strncmp(*argv, "-v", 2) == 0) {
333: if (strspn(*argv + 1, "v") < strlen(*argv + 1))
334: goto skip_arg_loop;
335: if ((verbose = strlen(*argv + 1)) > 4)
336: goto skip_arg_loop;
337: } else if (strcmp(*argv, "-c") == 0)
338: list_cap = 1;
339: else if (strncmp(*argv, "-t", 2) == 0) {
340: test_avail = 1;
341: if (strspn(*argv + 1, "t") < strlen(*argv + 1))
342: goto skip_arg_loop;
343: if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
344: goto skip_arg_loop;
345: } else if (strcmp(*argv, "-pre") == 0) {
346: argc--;
347: argv++;
348: if (argc == 0)
349: goto skip_arg_loop;
350: sk_OPENSSL_STRING_push(pre_cmds, *argv);
351: } else if (strcmp(*argv, "-post") == 0) {
352: argc--;
353: argv++;
354: if (argc == 0)
355: goto skip_arg_loop;
356: sk_OPENSSL_STRING_push(post_cmds, *argv);
357: } else if ((strncmp(*argv, "-h", 2) == 0) ||
358: (strcmp(*argv, "-?") == 0))
359: goto skip_arg_loop;
360: else
361: sk_OPENSSL_STRING_push(engines, *argv);
362: argc--;
363: argv++;
364: }
365: /* Looks like everything went OK */
366: badops = 0;
367: skip_arg_loop:
368:
369: if (badops) {
370: for (pp = engine_usage; (*pp != NULL); pp++)
371: BIO_printf(bio_err, "%s", *pp);
372: goto end;
373: }
374: if (sk_OPENSSL_STRING_num(engines) == 0) {
375: for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
376: sk_OPENSSL_STRING_push(engines, (char *) ENGINE_get_id(e));
377: }
378: }
379: for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
380: const char *id = sk_OPENSSL_STRING_value(engines, i);
381: if ((e = ENGINE_by_id(id)) != NULL) {
382: const char *name = ENGINE_get_name(e);
383: /* Do "id" first, then "name". Easier to auto-parse. */
384: BIO_printf(bio_out, "(%s) %s\n", id, name);
385: util_do_cmds(e, pre_cmds, bio_out, indent);
386: if (strcmp(ENGINE_get_id(e), id) != 0) {
387: BIO_printf(bio_out, "Loaded: (%s) %s\n",
388: ENGINE_get_id(e), ENGINE_get_name(e));
389: }
390: if (list_cap) {
391: int cap_size = 256;
392: char *cap_buf = NULL;
393: int k, n;
394: const int *nids;
395: ENGINE_CIPHERS_PTR fn_c;
396: ENGINE_DIGESTS_PTR fn_d;
397: ENGINE_PKEY_METHS_PTR fn_pk;
398:
399: if (ENGINE_get_RSA(e) != NULL
400: && !append_buf(&cap_buf, "RSA",
401: &cap_size, 256))
402: goto end;
403: if (ENGINE_get_DSA(e) != NULL
404: && !append_buf(&cap_buf, "DSA",
405: &cap_size, 256))
406: goto end;
407: if (ENGINE_get_DH(e) != NULL
408: && !append_buf(&cap_buf, "DH",
409: &cap_size, 256))
410: goto end;
411: if (ENGINE_get_RAND(e) != NULL
412: && !append_buf(&cap_buf, "RAND",
413: &cap_size, 256))
414: goto end;
415:
416: fn_c = ENGINE_get_ciphers(e);
417: if (!fn_c)
418: goto skip_ciphers;
419: n = fn_c(e, NULL, &nids, 0);
420: for (k = 0; k < n; ++k)
421: if (!append_buf(&cap_buf,
422: OBJ_nid2sn(nids[k]),
423: &cap_size, 256))
424: goto end;
425:
426: skip_ciphers:
427: fn_d = ENGINE_get_digests(e);
428: if (!fn_d)
429: goto skip_digests;
430: n = fn_d(e, NULL, &nids, 0);
431: for (k = 0; k < n; ++k)
432: if (!append_buf(&cap_buf,
433: OBJ_nid2sn(nids[k]),
434: &cap_size, 256))
435: goto end;
436:
437: skip_digests:
438: fn_pk = ENGINE_get_pkey_meths(e);
439: if (!fn_pk)
440: goto skip_pmeths;
441: n = fn_pk(e, NULL, &nids, 0);
442: for (k = 0; k < n; ++k)
443: if (!append_buf(&cap_buf,
444: OBJ_nid2sn(nids[k]),
445: &cap_size, 256))
446: goto end;
447: skip_pmeths:
448: if (cap_buf && (*cap_buf != '\0'))
449: BIO_printf(bio_out, " [%s]\n", cap_buf);
450:
451: free(cap_buf);
452: }
453: if (test_avail) {
454: BIO_printf(bio_out, "%s", indent);
455: if (ENGINE_init(e)) {
456: BIO_printf(bio_out, "[ available ]\n");
457: util_do_cmds(e, post_cmds, bio_out, indent);
1.4 beck 458: /*
459: * XXX hell lacks a place for people who write functions with
460: * XXX unusable return semantics.
461: */
462: if (ENGINE_finish(e) != 0 ||
463: ERR_GET_REASON(ERR_peek_last_error()) ==
464: ENGINE_R_FINISH_FAILED)
465: e = NULL;
1.1 jsing 466: } else {
467: BIO_printf(bio_out, "[ unavailable ]\n");
468: if (test_avail_noise)
469: ERR_print_errors_fp(stdout);
470: ERR_clear_error();
471: }
472: }
1.4 beck 473: if ((verbose > 0) && e != NULL &&
474: !util_verbose(e, verbose, bio_out, indent))
1.1 jsing 475: goto end;
476: ENGINE_free(e);
477: } else
478: ERR_print_errors(bio_err);
479: }
480:
481: ret = 0;
482: end:
483:
484: ERR_print_errors(bio_err);
485: sk_OPENSSL_STRING_pop_free(engines, identity);
486: sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
487: sk_OPENSSL_STRING_pop_free(post_cmds, identity);
488: if (bio_out != NULL)
489: BIO_free_all(bio_out);
490:
491: return (ret);
492: }
493: #endif