You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
512 lines
17 KiB
512 lines
17 KiB
/* apps/engine.c */ |
|
/* |
|
* Written by Richard Levitte <richard@levitte.org> for the OpenSSL project |
|
* 2000. |
|
*/ |
|
/* ==================================================================== |
|
* Copyright (c) 2000 The OpenSSL Project. All rights reserved. |
|
* |
|
* Redistribution and use in source and binary forms, with or without |
|
* modification, are permitted provided that the following conditions |
|
* are met: |
|
* |
|
* 1. Redistributions of source code must retain the above copyright |
|
* notice, this list of conditions and the following disclaimer. |
|
* |
|
* 2. Redistributions in binary form must reproduce the above copyright |
|
* notice, this list of conditions and the following disclaimer in |
|
* the documentation and/or other materials provided with the |
|
* distribution. |
|
* |
|
* 3. All advertising materials mentioning features or use of this |
|
* software must display the following acknowledgment: |
|
* "This product includes software developed by the OpenSSL Project |
|
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
* |
|
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
* endorse or promote products derived from this software without |
|
* prior written permission. For written permission, please contact |
|
* licensing@OpenSSL.org. |
|
* |
|
* 5. Products derived from this software may not be called "OpenSSL" |
|
* nor may "OpenSSL" appear in their names without prior written |
|
* permission of the OpenSSL Project. |
|
* |
|
* 6. Redistributions of any form whatsoever must retain the following |
|
* acknowledgment: |
|
* "This product includes software developed by the OpenSSL Project |
|
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
* |
|
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
* OF THE POSSIBILITY OF SUCH DAMAGE. |
|
* ==================================================================== |
|
* |
|
* This product includes cryptographic software written by Eric Young |
|
* (eay@cryptsoft.com). This product includes software written by Tim |
|
* Hudson (tjh@cryptsoft.com). |
|
* |
|
*/ |
|
|
|
#include <stdio.h> |
|
#include <stdlib.h> |
|
#include <string.h> |
|
#ifdef OPENSSL_NO_STDIO |
|
# define APPS_WIN16 |
|
#endif |
|
#include "apps.h" |
|
#include <openssl/err.h> |
|
#ifndef OPENSSL_NO_ENGINE |
|
# include <openssl/engine.h> |
|
# include <openssl/ssl.h> |
|
|
|
# undef PROG |
|
# define PROG engine_main |
|
|
|
static const char *engine_usage[] = { |
|
"usage: engine opts [engine ...]\n", |
|
" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n", |
|
" -vv will additionally display each command's description\n", |
|
" -vvv will also add the input flags for each command\n", |
|
" -vvvv will also show internal input flags\n", |
|
" -c - for each engine, also list the capabilities\n", |
|
" -t[t] - for each engine, check that they are really available\n", |
|
" -tt will display error trace for unavailable engines\n", |
|
" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n", |
|
" to load it (if -t is used)\n", |
|
" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n", |
|
" (only used if -t is also provided)\n", |
|
" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n", |
|
" line, or all supported ENGINEs if none are specified.\n", |
|
" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n", |
|
" argument \"/lib/libdriver.so\".\n", |
|
NULL |
|
}; |
|
|
|
static void identity(char *ptr) |
|
{ |
|
return; |
|
} |
|
|
|
static int append_buf(char **buf, const char *s, int *size, int step) |
|
{ |
|
if (*buf == NULL) { |
|
*size = step; |
|
*buf = OPENSSL_malloc(*size); |
|
if (*buf == NULL) |
|
return 0; |
|
**buf = '\0'; |
|
} |
|
|
|
if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { |
|
*size += step; |
|
*buf = OPENSSL_realloc(*buf, *size); |
|
} |
|
|
|
if (*buf == NULL) |
|
return 0; |
|
|
|
if (**buf != '\0') |
|
BUF_strlcat(*buf, ", ", *size); |
|
BUF_strlcat(*buf, s, *size); |
|
|
|
return 1; |
|
} |
|
|
|
static int util_flags(BIO *bio_out, unsigned int flags, const char *indent) |
|
{ |
|
int started = 0, err = 0; |
|
/* Indent before displaying input flags */ |
|
BIO_printf(bio_out, "%s%s(input flags): ", indent, indent); |
|
if (flags == 0) { |
|
BIO_printf(bio_out, "<no flags>\n"); |
|
return 1; |
|
} |
|
/* |
|
* If the object is internal, mark it in a way that shows instead of |
|
* having it part of all the other flags, even if it really is. |
|
*/ |
|
if (flags & ENGINE_CMD_FLAG_INTERNAL) { |
|
BIO_printf(bio_out, "[Internal] "); |
|
} |
|
|
|
if (flags & ENGINE_CMD_FLAG_NUMERIC) { |
|
BIO_printf(bio_out, "NUMERIC"); |
|
started = 1; |
|
} |
|
/* |
|
* Now we check that no combinations of the mutually exclusive NUMERIC, |
|
* STRING, and NO_INPUT flags have been used. Future flags that can be |
|
* OR'd together with these would need to added after these to preserve |
|
* the testing logic. |
|
*/ |
|
if (flags & ENGINE_CMD_FLAG_STRING) { |
|
if (started) { |
|
BIO_printf(bio_out, "|"); |
|
err = 1; |
|
} |
|
BIO_printf(bio_out, "STRING"); |
|
started = 1; |
|
} |
|
if (flags & ENGINE_CMD_FLAG_NO_INPUT) { |
|
if (started) { |
|
BIO_printf(bio_out, "|"); |
|
err = 1; |
|
} |
|
BIO_printf(bio_out, "NO_INPUT"); |
|
started = 1; |
|
} |
|
/* Check for unknown flags */ |
|
flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & |
|
~ENGINE_CMD_FLAG_STRING & |
|
~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL; |
|
if (flags) { |
|
if (started) |
|
BIO_printf(bio_out, "|"); |
|
BIO_printf(bio_out, "<0x%04X>", flags); |
|
} |
|
if (err) |
|
BIO_printf(bio_out, " <illegal flags!>"); |
|
BIO_printf(bio_out, "\n"); |
|
return 1; |
|
} |
|
|
|
static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, |
|
const char *indent) |
|
{ |
|
static const int line_wrap = 78; |
|
int num; |
|
int ret = 0; |
|
char *name = NULL; |
|
char *desc = NULL; |
|
int flags; |
|
int xpos = 0; |
|
STACK_OF(OPENSSL_STRING) *cmds = NULL; |
|
if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || |
|
((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, |
|
0, NULL, NULL)) <= 0)) { |
|
# if 0 |
|
BIO_printf(bio_out, "%s<no control commands>\n", indent); |
|
# endif |
|
return 1; |
|
} |
|
|
|
cmds = sk_OPENSSL_STRING_new_null(); |
|
|
|
if (!cmds) |
|
goto err; |
|
do { |
|
int len; |
|
/* Get the command input flags */ |
|
if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, |
|
NULL, NULL)) < 0) |
|
goto err; |
|
if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { |
|
/* Get the command name */ |
|
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, |
|
NULL, NULL)) <= 0) |
|
goto err; |
|
if ((name = OPENSSL_malloc(len + 1)) == NULL) |
|
goto err; |
|
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, |
|
NULL) <= 0) |
|
goto err; |
|
/* Get the command description */ |
|
if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, |
|
NULL, NULL)) < 0) |
|
goto err; |
|
if (len > 0) { |
|
if ((desc = OPENSSL_malloc(len + 1)) == NULL) |
|
goto err; |
|
if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, |
|
NULL) <= 0) |
|
goto err; |
|
} |
|
/* Now decide on the output */ |
|
if (xpos == 0) |
|
/* Do an indent */ |
|
xpos = BIO_puts(bio_out, indent); |
|
else |
|
/* Otherwise prepend a ", " */ |
|
xpos += BIO_printf(bio_out, ", "); |
|
if (verbose == 1) { |
|
/* |
|
* We're just listing names, comma-delimited |
|
*/ |
|
if ((xpos > (int)strlen(indent)) && |
|
(xpos + (int)strlen(name) > line_wrap)) { |
|
BIO_printf(bio_out, "\n"); |
|
xpos = BIO_puts(bio_out, indent); |
|
} |
|
xpos += BIO_printf(bio_out, "%s", name); |
|
} else { |
|
/* We're listing names plus descriptions */ |
|
BIO_printf(bio_out, "%s: %s\n", name, |
|
(desc == NULL) ? "<no description>" : desc); |
|
/* ... and sometimes input flags */ |
|
if ((verbose >= 3) && !util_flags(bio_out, flags, indent)) |
|
goto err; |
|
xpos = 0; |
|
} |
|
} |
|
OPENSSL_free(name); |
|
name = NULL; |
|
if (desc) { |
|
OPENSSL_free(desc); |
|
desc = NULL; |
|
} |
|
/* Move to the next command */ |
|
num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL); |
|
} while (num > 0); |
|
if (xpos > 0) |
|
BIO_printf(bio_out, "\n"); |
|
ret = 1; |
|
err: |
|
if (cmds) |
|
sk_OPENSSL_STRING_pop_free(cmds, identity); |
|
if (name) |
|
OPENSSL_free(name); |
|
if (desc) |
|
OPENSSL_free(desc); |
|
return ret; |
|
} |
|
|
|
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, |
|
BIO *bio_out, const char *indent) |
|
{ |
|
int loop, res, num = sk_OPENSSL_STRING_num(cmds); |
|
|
|
if (num < 0) { |
|
BIO_printf(bio_out, "[Error]: internal stack error\n"); |
|
return; |
|
} |
|
for (loop = 0; loop < num; loop++) { |
|
char buf[256]; |
|
const char *cmd, *arg; |
|
cmd = sk_OPENSSL_STRING_value(cmds, loop); |
|
res = 1; /* assume success */ |
|
/* Check if this command has no ":arg" */ |
|
if ((arg = strstr(cmd, ":")) == NULL) { |
|
if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) |
|
res = 0; |
|
} else { |
|
if ((int)(arg - cmd) > 254) { |
|
BIO_printf(bio_out, "[Error]: command name too long\n"); |
|
return; |
|
} |
|
memcpy(buf, cmd, (int)(arg - cmd)); |
|
buf[arg - cmd] = '\0'; |
|
arg++; /* Move past the ":" */ |
|
/* Call the command with the argument */ |
|
if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) |
|
res = 0; |
|
} |
|
if (res) |
|
BIO_printf(bio_out, "[Success]: %s\n", cmd); |
|
else { |
|
BIO_printf(bio_out, "[Failure]: %s\n", cmd); |
|
ERR_print_errors(bio_out); |
|
} |
|
} |
|
} |
|
|
|
int MAIN(int, char **); |
|
|
|
int MAIN(int argc, char **argv) |
|
{ |
|
int ret = 1, i; |
|
const char **pp; |
|
int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0; |
|
ENGINE *e; |
|
STACK_OF(OPENSSL_STRING) *engines = sk_OPENSSL_STRING_new_null(); |
|
STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); |
|
STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); |
|
int badops = 1; |
|
BIO *bio_out = NULL; |
|
const char *indent = " "; |
|
|
|
apps_startup(); |
|
SSL_load_error_strings(); |
|
|
|
if (bio_err == NULL) |
|
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); |
|
|
|
if (!load_config(bio_err, NULL)) |
|
goto end; |
|
bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); |
|
# ifdef OPENSSL_SYS_VMS |
|
{ |
|
BIO *tmpbio = BIO_new(BIO_f_linebuffer()); |
|
bio_out = BIO_push(tmpbio, bio_out); |
|
} |
|
# endif |
|
|
|
argc--; |
|
argv++; |
|
while (argc >= 1) { |
|
if (strncmp(*argv, "-v", 2) == 0) { |
|
if (strspn(*argv + 1, "v") < strlen(*argv + 1)) |
|
goto skip_arg_loop; |
|
if ((verbose = strlen(*argv + 1)) > 4) |
|
goto skip_arg_loop; |
|
} else if (strcmp(*argv, "-c") == 0) |
|
list_cap = 1; |
|
else if (strncmp(*argv, "-t", 2) == 0) { |
|
test_avail = 1; |
|
if (strspn(*argv + 1, "t") < strlen(*argv + 1)) |
|
goto skip_arg_loop; |
|
if ((test_avail_noise = strlen(*argv + 1) - 1) > 1) |
|
goto skip_arg_loop; |
|
} else if (strcmp(*argv, "-pre") == 0) { |
|
argc--; |
|
argv++; |
|
if (argc == 0) |
|
goto skip_arg_loop; |
|
sk_OPENSSL_STRING_push(pre_cmds, *argv); |
|
} else if (strcmp(*argv, "-post") == 0) { |
|
argc--; |
|
argv++; |
|
if (argc == 0) |
|
goto skip_arg_loop; |
|
sk_OPENSSL_STRING_push(post_cmds, *argv); |
|
} else if ((strncmp(*argv, "-h", 2) == 0) || |
|
(strcmp(*argv, "-?") == 0)) |
|
goto skip_arg_loop; |
|
else |
|
sk_OPENSSL_STRING_push(engines, *argv); |
|
argc--; |
|
argv++; |
|
} |
|
/* Looks like everything went OK */ |
|
badops = 0; |
|
skip_arg_loop: |
|
|
|
if (badops) { |
|
for (pp = engine_usage; (*pp != NULL); pp++) |
|
BIO_printf(bio_err, "%s", *pp); |
|
goto end; |
|
} |
|
|
|
if (sk_OPENSSL_STRING_num(engines) == 0) { |
|
for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { |
|
sk_OPENSSL_STRING_push(engines, (char *)ENGINE_get_id(e)); |
|
} |
|
} |
|
|
|
for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) { |
|
const char *id = sk_OPENSSL_STRING_value(engines, i); |
|
if ((e = ENGINE_by_id(id)) != NULL) { |
|
const char *name = ENGINE_get_name(e); |
|
/* |
|
* Do "id" first, then "name". Easier to auto-parse. |
|
*/ |
|
BIO_printf(bio_out, "(%s) %s\n", id, name); |
|
util_do_cmds(e, pre_cmds, bio_out, indent); |
|
if (strcmp(ENGINE_get_id(e), id) != 0) { |
|
BIO_printf(bio_out, "Loaded: (%s) %s\n", |
|
ENGINE_get_id(e), ENGINE_get_name(e)); |
|
} |
|
if (list_cap) { |
|
int cap_size = 256; |
|
char *cap_buf = NULL; |
|
int k, n; |
|
const int *nids; |
|
ENGINE_CIPHERS_PTR fn_c; |
|
ENGINE_DIGESTS_PTR fn_d; |
|
ENGINE_PKEY_METHS_PTR fn_pk; |
|
|
|
if (ENGINE_get_RSA(e) != NULL |
|
&& !append_buf(&cap_buf, "RSA", &cap_size, 256)) |
|
goto end; |
|
if (ENGINE_get_DSA(e) != NULL |
|
&& !append_buf(&cap_buf, "DSA", &cap_size, 256)) |
|
goto end; |
|
if (ENGINE_get_DH(e) != NULL |
|
&& !append_buf(&cap_buf, "DH", &cap_size, 256)) |
|
goto end; |
|
if (ENGINE_get_RAND(e) != NULL |
|
&& !append_buf(&cap_buf, "RAND", &cap_size, 256)) |
|
goto end; |
|
|
|
fn_c = ENGINE_get_ciphers(e); |
|
if (!fn_c) |
|
goto skip_ciphers; |
|
n = fn_c(e, NULL, &nids, 0); |
|
for (k = 0; k < n; ++k) |
|
if (!append_buf(&cap_buf, |
|
OBJ_nid2sn(nids[k]), &cap_size, 256)) |
|
goto end; |
|
|
|
skip_ciphers: |
|
fn_d = ENGINE_get_digests(e); |
|
if (!fn_d) |
|
goto skip_digests; |
|
n = fn_d(e, NULL, &nids, 0); |
|
for (k = 0; k < n; ++k) |
|
if (!append_buf(&cap_buf, |
|
OBJ_nid2sn(nids[k]), &cap_size, 256)) |
|
goto end; |
|
|
|
skip_digests: |
|
fn_pk = ENGINE_get_pkey_meths(e); |
|
if (!fn_pk) |
|
goto skip_pmeths; |
|
n = fn_pk(e, NULL, &nids, 0); |
|
for (k = 0; k < n; ++k) |
|
if (!append_buf(&cap_buf, |
|
OBJ_nid2sn(nids[k]), &cap_size, 256)) |
|
goto end; |
|
skip_pmeths: |
|
if (cap_buf && (*cap_buf != '\0')) |
|
BIO_printf(bio_out, " [%s]\n", cap_buf); |
|
|
|
OPENSSL_free(cap_buf); |
|
} |
|
if (test_avail) { |
|
BIO_printf(bio_out, "%s", indent); |
|
if (ENGINE_init(e)) { |
|
BIO_printf(bio_out, "[ available ]\n"); |
|
util_do_cmds(e, post_cmds, bio_out, indent); |
|
ENGINE_finish(e); |
|
} else { |
|
BIO_printf(bio_out, "[ unavailable ]\n"); |
|
if (test_avail_noise) |
|
ERR_print_errors_fp(stdout); |
|
ERR_clear_error(); |
|
} |
|
} |
|
if ((verbose > 0) && !util_verbose(e, verbose, bio_out, indent)) |
|
goto end; |
|
ENGINE_free(e); |
|
} else |
|
ERR_print_errors(bio_err); |
|
} |
|
|
|
ret = 0; |
|
end: |
|
|
|
ERR_print_errors(bio_err); |
|
sk_OPENSSL_STRING_pop_free(engines, identity); |
|
sk_OPENSSL_STRING_pop_free(pre_cmds, identity); |
|
sk_OPENSSL_STRING_pop_free(post_cmds, identity); |
|
if (bio_out != NULL) |
|
BIO_free_all(bio_out); |
|
apps_shutdown(); |
|
OPENSSL_EXIT(ret); |
|
} |
|
#else |
|
|
|
# if PEDANTIC |
|
static void *dummy = &dummy; |
|
# endif |
|
|
|
#endif
|
|
|