summaryrefslogtreecommitdiffstats
path: root/apps/provider.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2019-08-26 22:09:27 +0200
committerRichard Levitte <levitte@openssl.org>2019-08-28 10:33:45 +0200
commit18d307e98ebfe6d376ab039a73dc285190b717a0 (patch)
tree5f078553c6a9c57709fb7707e383b7c428c6ddaf /apps/provider.c
parentMove print_param_types() to libapps, and give it indent argument (diff)
downloadopenssl-18d307e98ebfe6d376ab039a73dc285190b717a0.tar.xz
openssl-18d307e98ebfe6d376ab039a73dc285190b717a0.zip
openssl provider: New sub-command, for provider discovery
This command is somewhat similar to 'openssl engine', but displays what it can about the given providers. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9697)
Diffstat (limited to 'apps/provider.c')
-rw-r--r--apps/provider.c288
1 files changed, 288 insertions, 0 deletions
diff --git a/apps/provider.c b/apps/provider.c
new file mode 100644
index 0000000000..33f194c332
--- /dev/null
+++ b/apps/provider.c
@@ -0,0 +1,288 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include "apps.h"
+#include "app_params.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/safestack.h>
+#include <openssl/provider.h>
+#include <openssl/core.h>
+#include <openssl/core_numbers.h>
+
+typedef enum OPTION_choice {
+ OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+ OPT_V = 100, OPT_VV, OPT_VVV
+} OPTION_CHOICE;
+
+const OPTIONS provider_options[] = {
+ {OPT_HELP_STR, 1, '-', "Usage: %s [options] provider...\n"},
+ {OPT_HELP_STR, 1, '-', " provider... Providers to load\n"},
+ {"help", OPT_HELP, '-', "Display this summary"},
+ {"v", OPT_V, '-', "List the algorithm names of specified provider"},
+ {"vv", OPT_VV, '-', "List the algorithm names of specified providers,"},
+ {OPT_MORE_STR, 0, '-', "categorised by operation type"},
+ {"vvv", OPT_VVV, '-', "List the algorithm names of specified provider"},
+ {OPT_MORE_STR, 0, '-', "one at a time, and list all known parameters"},
+ {NULL}
+};
+
+typedef struct info_st INFO;
+typedef struct meta_st META;
+
+struct info_st {
+ const char *name;
+ void *method;
+ const OSSL_PARAM *gettable_params;
+ const OSSL_PARAM *gettable_ctx_params;
+ const OSSL_PARAM *settable_ctx_params;
+};
+
+struct meta_st {
+ int first; /* For prints */
+ int total;
+ int indent;
+ int subindent;
+ int verbose;
+ const char *label;
+ OSSL_PROVIDER *prov;
+ void (*fn)(META *meta, INFO *info);
+};
+
+static void print_caps(META *meta, INFO *info)
+{
+ switch (meta->verbose) {
+ case 1:
+ BIO_printf(bio_out, meta->first ? "%s" : " %s", info->name);
+ break;
+ case 2:
+ if (meta->first) {
+ if (meta->total > 0)
+ BIO_printf(bio_out, "\n");
+ BIO_printf(bio_out, "%*s%ss:", meta->indent, " ", meta->label);
+ }
+ BIO_printf(bio_out, " %s", info->name);
+ break;
+ case 3:
+ default:
+ BIO_printf(bio_out, "%*s%s %s\n", meta->indent, " ", meta->label,
+ info->name);
+ print_param_types("retrievable algorithm parameters",
+ info->gettable_params, meta->subindent);
+ print_param_types("retrievable operation parameters",
+ info->gettable_ctx_params, meta->subindent);
+ print_param_types("settable operation parameters",
+ info->settable_ctx_params, meta->subindent);
+ break;
+ }
+ meta->first = 0;
+}
+
+static void do_method(void *method, const char *name,
+ const OSSL_PARAM *gettable_params,
+ const OSSL_PARAM *gettable_ctx_params,
+ const OSSL_PARAM *settable_ctx_params,
+ META *meta)
+{
+ INFO info;
+
+ info.name = name;
+ info.method = method;
+ info.gettable_params = gettable_params;
+ info.gettable_ctx_params = gettable_ctx_params;
+ info.settable_ctx_params = settable_ctx_params;
+ meta->fn(meta, &info);
+ meta->total++;
+}
+
+static void do_cipher(EVP_CIPHER *cipher, void *meta)
+{
+ do_method(cipher, EVP_CIPHER_name(cipher),
+ EVP_CIPHER_gettable_params(cipher),
+ EVP_CIPHER_CTX_gettable_params(cipher),
+ EVP_CIPHER_CTX_settable_params(cipher),
+ meta);
+}
+
+static void do_digest(EVP_MD *digest, void *meta)
+{
+ do_method(digest, EVP_MD_name(digest),
+ EVP_MD_gettable_params(digest),
+ EVP_MD_CTX_gettable_params(digest),
+ EVP_MD_CTX_settable_params(digest),
+ meta);
+}
+
+static void do_mac(EVP_MAC *mac, void *meta)
+{
+ do_method(mac, EVP_MAC_name(mac),
+ EVP_MAC_gettable_params(mac),
+ EVP_MAC_CTX_gettable_params(mac),
+ EVP_MAC_CTX_settable_params(mac),
+ meta);
+}
+
+/*
+ * TODO(3.0) Enable when KEYMGMT and KEYEXCH have gettables and settables
+ */
+#if 0
+static void do_keymgmt(EVP_KEYMGMT *keymgmt, void *meta)
+{
+ do_method(keymgmt, EVP_KEYMGMT_name(keymgmt),
+ EVP_KEYMGMT_gettable_params(keymgmt),
+ EVP_KEYMGMT_gettable_ctx_params(keymgmt),
+ EVP_KEYMGMT_settable_ctx_params(keymgmt),
+ meta);
+}
+
+static void do_keyexch(EVP_KEYEXCH *keyexch, void *meta)
+{
+ do_method(keyexch, EVP_KEYEXCH_name(keyexch),
+ EVP_KEYEXCH_gettable_params(keyexch),
+ EVP_KEYEXCH_gettable_ctx_params(keyexch),
+ EVP_KEYEXCH_settable_ctx_params(keyexch),
+ meta);
+}
+#endif
+
+int provider_main(int argc, char **argv)
+{
+ int ret = 1, i;
+ int verbose = 0;
+ STACK_OF(OPENSSL_CSTRING) *providers = sk_OPENSSL_CSTRING_new_null();
+ OPTION_CHOICE o;
+ char *prog;
+
+ prog = opt_init(argc, argv, provider_options);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_EOF:
+ case OPT_ERR:
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ case OPT_HELP:
+ opt_help(provider_options);
+ ret = 0;
+ goto end;
+ case OPT_VVV:
+ case OPT_VV:
+ case OPT_V:
+ /* Convert to an integer from one to four. */
+ i = (int)(o - OPT_V) + 1;
+ if (verbose < i)
+ verbose = i;
+ break;
+ }
+ }
+
+ /* Allow any trailing parameters as provider names. */
+ argc = opt_num_rest();
+ argv = opt_rest();
+ for ( ; *argv; argv++) {
+ if (**argv == '-') {
+ BIO_printf(bio_err, "%s: Cannot mix flags and provider names.\n",
+ prog);
+ BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+ goto end;
+ }
+ sk_OPENSSL_CSTRING_push(providers, *argv);
+ }
+
+ ret = 0;
+ for (i = 0; i < sk_OPENSSL_CSTRING_num(providers); i++) {
+ const char *name = sk_OPENSSL_CSTRING_value(providers, i);
+ OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, name);
+
+ if (prov != NULL) {
+ BIO_printf(bio_out, verbose == 0 ? "%s\n" : "[ %s ]\n", name);
+
+ if (verbose > 0) {
+ META data;
+
+ data.total = 0;
+ data.first = 1;
+ data.verbose = verbose;
+ data.prov = prov;
+ data.fn = print_caps;
+
+ switch (verbose) {
+ case 1:
+ BIO_printf(bio_out, " ");
+ break;
+ case 2:
+ data.indent = 4;
+ break;
+ case 3:
+ default:
+ data.indent = 4;
+ data.subindent = 10;
+ break;
+ }
+
+ if (verbose > 1) {
+ data.first = 1;
+ data.label = "Cipher";
+ }
+ EVP_CIPHER_do_all_ex(NULL, do_cipher, &data);
+ if (verbose > 1) {
+ data.first = 1;
+ data.label = "Digest";
+ }
+ EVP_MD_do_all_ex(NULL, do_digest, &data);
+ if (verbose > 1) {
+ data.first = 1;
+ data.label = "MAC";
+ }
+ EVP_MAC_do_all_ex(NULL, do_mac, &data);
+
+/*
+ * TODO(3.0) Enable when KEYMGMT and KEYEXCH have do_all_ex functions
+ */
+#if 0
+ if (verbose > 1) {
+ data.first = 1;
+ data.label = "Key manager";
+ }
+ EVP_KEYMGMT_do_all_ex(NULL, do_keymgmt, &data);
+ if (verbose > 1) {
+ data.first = 1;
+ data.label = "Key exchange";
+ }
+ EVP_KEYEXCH_do_all_ex(NULL, do_keyexch, &data);
+#endif
+
+ switch (verbose) {
+ default:
+ break;
+ case 2:
+ case 1:
+ BIO_printf(bio_out, "\n");
+ break;
+ }
+ }
+ OSSL_PROVIDER_unload(prov);
+ } else {
+ ERR_print_errors(bio_err);
+ ret = 1;
+ /*
+ * Just because one provider module failed, there's no reason to
+ * stop, if there are more to try.
+ */
+ }
+ }
+
+ end:
+
+ ERR_print_errors(bio_err);
+ sk_OPENSSL_CSTRING_free(providers);
+ return ret;
+}