summaryrefslogtreecommitdiff
path: root/src/usr.bin/openssl/engine.c
diff options
context:
space:
mode:
authorbcook <>2015-09-11 14:30:23 +0000
committerbcook <>2015-09-11 14:30:23 +0000
commite2fad4e6bdd4e404b3f4c186de52078738af2271 (patch)
treecc1109842924cab95a77b6863b32de51b6d4f960 /src/usr.bin/openssl/engine.c
parent7cea1ef22b79637be449efa70b99c6deaf74ef10 (diff)
downloadopenbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.gz
openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.bz2
openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.zip
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has no way to use the engine command or parameters at all. ok jsing@
Diffstat (limited to 'src/usr.bin/openssl/engine.c')
-rw-r--r--src/usr.bin/openssl/engine.c493
1 files changed, 0 insertions, 493 deletions
diff --git a/src/usr.bin/openssl/engine.c b/src/usr.bin/openssl/engine.c
deleted file mode 100644
index 0dc3043887..0000000000
--- a/src/usr.bin/openssl/engine.c
+++ /dev/null
@@ -1,493 +0,0 @@
1/* $OpenBSD: engine.c,v 1.5 2015/08/22 16:36:05 jsing Exp $ */
2/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include "apps.h"
64
65#ifndef OPENSSL_NO_ENGINE
66#include <openssl/engine.h>
67#include <openssl/err.h>
68#include <openssl/ssl.h>
69
70static const char *engine_usage[] = {
71 "usage: engine opts [engine ...]\n",
72 " -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
73 " -vv will additionally display each command's description\n",
74 " -vvv will also add the input flags for each command\n",
75 " -vvvv will also show internal input flags\n",
76 " -c - for each engine, also list the capabilities\n",
77 " -t[t] - for each engine, check that they are really available\n",
78 " -tt will display error trace for unavailable engines\n",
79 " -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
80 " to load it (if -t is used)\n",
81 " -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
82 " (only used if -t is also provided)\n",
83 " NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
84 " line, or all supported ENGINEs if none are specified.\n",
85 " Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
86 " argument \"/lib/libdriver.so\".\n",
87 NULL
88};
89
90static void
91identity(char *ptr)
92{
93 return;
94}
95
96static int
97append_buf(char **buf, const char *s, int *size, int step)
98{
99 if (*buf == NULL) {
100 *size = step;
101 *buf = malloc(*size);
102 if (*buf == NULL)
103 return 0;
104 **buf = '\0';
105 }
106
107 if (strlen(*buf) + strlen(s) >= (unsigned int) *size) {
108 *size += step;
109 *buf = realloc(*buf, *size);
110 }
111 if (*buf == NULL)
112 return 0;
113
114 if (**buf != '\0')
115 strlcat(*buf, ", ", *size);
116 strlcat(*buf, s, *size);
117
118 return 1;
119}
120
121static int
122util_flags(BIO * bio_out, unsigned int flags, const char *indent)
123{
124 int started = 0, err = 0;
125 /* Indent before displaying input flags */
126 BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
127 if (flags == 0) {
128 BIO_printf(bio_out, "<no flags>\n");
129 return 1;
130 }
131 /*
132 * If the object is internal, mark it in a way that shows instead of
133 * having it part of all the other flags, even if it really is.
134 */
135 if (flags & ENGINE_CMD_FLAG_INTERNAL) {
136 BIO_printf(bio_out, "[Internal] ");
137 }
138 if (flags & ENGINE_CMD_FLAG_NUMERIC) {
139 BIO_printf(bio_out, "NUMERIC");
140 started = 1;
141 }
142 /*
143 * Now we check that no combinations of the mutually exclusive
144 * NUMERIC, STRING, and NO_INPUT flags have been used. Future flags
145 * that can be OR'd together with these would need to added after
146 * these to preserve the testing logic.
147 */
148 if (flags & ENGINE_CMD_FLAG_STRING) {
149 if (started) {
150 BIO_printf(bio_out, "|");
151 err = 1;
152 }
153 BIO_printf(bio_out, "STRING");
154 started = 1;
155 }
156 if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
157 if (started) {
158 BIO_printf(bio_out, "|");
159 err = 1;
160 }
161 BIO_printf(bio_out, "NO_INPUT");
162 started = 1;
163 }
164 /* Check for unknown flags */
165 flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
166 ~ENGINE_CMD_FLAG_STRING &
167 ~ENGINE_CMD_FLAG_NO_INPUT &
168 ~ENGINE_CMD_FLAG_INTERNAL;
169 if (flags) {
170 if (started)
171 BIO_printf(bio_out, "|");
172 BIO_printf(bio_out, "<0x%04X>", flags);
173 }
174 if (err)
175 BIO_printf(bio_out, " <illegal flags!>");
176 BIO_printf(bio_out, "\n");
177 return 1;
178}
179
180static int
181util_verbose(ENGINE * e, int verbose, BIO * bio_out, const char *indent)
182{
183 static const int line_wrap = 78;
184 int num;
185 int ret = 0;
186 char *name = NULL;
187 char *desc = NULL;
188 int flags;
189 int xpos = 0;
190 STACK_OF(OPENSSL_STRING) * cmds = NULL;
191 if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
192 ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
193 0, NULL, NULL)) <= 0)) {
194 return 1;
195 }
196 cmds = sk_OPENSSL_STRING_new_null();
197
198 if (!cmds)
199 goto err;
200 do {
201 int len;
202 /* Get the command input flags */
203 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
204 NULL, NULL)) < 0)
205 goto err;
206 if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
207 /* Get the command name */
208 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
209 NULL, NULL)) <= 0)
210 goto err;
211 if ((name = malloc(len + 1)) == NULL)
212 goto err;
213 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
214 NULL) <= 0)
215 goto err;
216 /* Get the command description */
217 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
218 NULL, NULL)) < 0)
219 goto err;
220 if (len > 0) {
221 if ((desc = malloc(len + 1)) == NULL)
222 goto err;
223 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
224 NULL) <= 0)
225 goto err;
226 }
227 /* Now decide on the output */
228 if (xpos == 0)
229 /* Do an indent */
230 xpos = BIO_puts(bio_out, indent);
231 else
232 /* Otherwise prepend a ", " */
233 xpos += BIO_printf(bio_out, ", ");
234 if (verbose == 1) {
235 /* We're just listing names, comma-delimited */
236 if ((xpos > (int) strlen(indent)) &&
237 (xpos + (int) strlen(name) > line_wrap)) {
238 BIO_printf(bio_out, "\n");
239 xpos = BIO_puts(bio_out, indent);
240 }
241 xpos += BIO_printf(bio_out, "%s", name);
242 } else {
243 /* We're listing names plus descriptions */
244 BIO_printf(bio_out, "%s: %s\n", name,
245 (desc == NULL) ? "<no description>" : desc);
246 /* ... and sometimes input flags */
247 if ((verbose >= 3) && !util_flags(bio_out, flags,
248 indent))
249 goto err;
250 xpos = 0;
251 }
252 }
253 free(name);
254 name = NULL;
255 free(desc);
256 desc = NULL;
257
258 /* Move to the next command */
259 num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
260 num, NULL, NULL);
261 } while (num > 0);
262 if (xpos > 0)
263 BIO_printf(bio_out, "\n");
264 ret = 1;
265err:
266 if (cmds)
267 sk_OPENSSL_STRING_pop_free(cmds, identity);
268 free(name);
269 free(desc);
270 return ret;
271}
272
273static void
274util_do_cmds(ENGINE * e, STACK_OF(OPENSSL_STRING) * cmds,
275 BIO * bio_out, const char *indent)
276{
277 int loop, res, num = sk_OPENSSL_STRING_num(cmds);
278
279 if (num < 0) {
280 BIO_printf(bio_out, "[Error]: internal stack error\n");
281 return;
282 }
283 for (loop = 0; loop < num; loop++) {
284 char buf[256];
285 const char *cmd, *arg;
286 cmd = sk_OPENSSL_STRING_value(cmds, loop);
287 res = 1; /* assume success */
288 /* Check if this command has no ":arg" */
289 if ((arg = strstr(cmd, ":")) == NULL) {
290 if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
291 res = 0;
292 } else {
293 if ((int) (arg - cmd) > 254) {
294 BIO_printf(bio_out, "[Error]: command name too long\n");
295 return;
296 }
297 memcpy(buf, cmd, (int) (arg - cmd));
298 buf[arg - cmd] = '\0';
299 arg++; /* Move past the ":" */
300 /* Call the command with the argument */
301 if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
302 res = 0;
303 }
304 if (res)
305 BIO_printf(bio_out, "[Success]: %s\n", cmd);
306 else {
307 BIO_printf(bio_out, "[Failure]: %s\n", cmd);
308 ERR_print_errors(bio_out);
309 }
310 }
311}
312
313int
314engine_main(int argc, char **argv)
315{
316 int ret = 1, i;
317 const char **pp;
318 int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
319 ENGINE *e;
320 STACK_OF(OPENSSL_STRING) * engines = sk_OPENSSL_STRING_new_null();
321 STACK_OF(OPENSSL_STRING) * pre_cmds = sk_OPENSSL_STRING_new_null();
322 STACK_OF(OPENSSL_STRING) * post_cmds = sk_OPENSSL_STRING_new_null();
323 int badops = 1;
324 BIO *bio_out = NULL;
325 const char *indent = " ";
326
327 bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
328
329 argc--;
330 argv++;
331 while (argc >= 1) {
332 if (strncmp(*argv, "-v", 2) == 0) {
333 if (strspn(*argv + 1, "v") < strlen(*argv + 1))
334 goto skip_arg_loop;
335 if ((verbose = strlen(*argv + 1)) > 4)
336 goto skip_arg_loop;
337 } else if (strcmp(*argv, "-c") == 0)
338 list_cap = 1;
339 else if (strncmp(*argv, "-t", 2) == 0) {
340 test_avail = 1;
341 if (strspn(*argv + 1, "t") < strlen(*argv + 1))
342 goto skip_arg_loop;
343 if ((test_avail_noise = strlen(*argv + 1) - 1) > 1)
344 goto skip_arg_loop;
345 } else if (strcmp(*argv, "-pre") == 0) {
346 argc--;
347 argv++;
348 if (argc == 0)
349 goto skip_arg_loop;
350 sk_OPENSSL_STRING_push(pre_cmds, *argv);
351 } else if (strcmp(*argv, "-post") == 0) {
352 argc--;
353 argv++;
354 if (argc == 0)
355 goto skip_arg_loop;
356 sk_OPENSSL_STRING_push(post_cmds, *argv);
357 } else if ((strncmp(*argv, "-h", 2) == 0) ||
358 (strcmp(*argv, "-?") == 0))
359 goto skip_arg_loop;
360 else
361 sk_OPENSSL_STRING_push(engines, *argv);
362 argc--;
363 argv++;
364 }
365 /* Looks like everything went OK */
366 badops = 0;
367skip_arg_loop:
368
369 if (badops) {
370 for (pp = engine_usage; (*pp != NULL); pp++)
371 BIO_printf(bio_err, "%s", *pp);
372 goto end;
373 }
374 if (sk_OPENSSL_STRING_num(engines) == 0) {
375 for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
376 sk_OPENSSL_STRING_push(engines, (char *) ENGINE_get_id(e));
377 }
378 }
379 for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
380 const char *id = sk_OPENSSL_STRING_value(engines, i);
381 if ((e = ENGINE_by_id(id)) != NULL) {
382 const char *name = ENGINE_get_name(e);
383 /* Do "id" first, then "name". Easier to auto-parse. */
384 BIO_printf(bio_out, "(%s) %s\n", id, name);
385 util_do_cmds(e, pre_cmds, bio_out, indent);
386 if (strcmp(ENGINE_get_id(e), id) != 0) {
387 BIO_printf(bio_out, "Loaded: (%s) %s\n",
388 ENGINE_get_id(e), ENGINE_get_name(e));
389 }
390 if (list_cap) {
391 int cap_size = 256;
392 char *cap_buf = NULL;
393 int k, n;
394 const int *nids;
395 ENGINE_CIPHERS_PTR fn_c;
396 ENGINE_DIGESTS_PTR fn_d;
397 ENGINE_PKEY_METHS_PTR fn_pk;
398
399 if (ENGINE_get_RSA(e) != NULL
400 && !append_buf(&cap_buf, "RSA",
401 &cap_size, 256))
402 goto end;
403 if (ENGINE_get_DSA(e) != NULL
404 && !append_buf(&cap_buf, "DSA",
405 &cap_size, 256))
406 goto end;
407 if (ENGINE_get_DH(e) != NULL
408 && !append_buf(&cap_buf, "DH",
409 &cap_size, 256))
410 goto end;
411 if (ENGINE_get_RAND(e) != NULL
412 && !append_buf(&cap_buf, "RAND",
413 &cap_size, 256))
414 goto end;
415
416 fn_c = ENGINE_get_ciphers(e);
417 if (!fn_c)
418 goto skip_ciphers;
419 n = fn_c(e, NULL, &nids, 0);
420 for (k = 0; k < n; ++k)
421 if (!append_buf(&cap_buf,
422 OBJ_nid2sn(nids[k]),
423 &cap_size, 256))
424 goto end;
425
426 skip_ciphers:
427 fn_d = ENGINE_get_digests(e);
428 if (!fn_d)
429 goto skip_digests;
430 n = fn_d(e, NULL, &nids, 0);
431 for (k = 0; k < n; ++k)
432 if (!append_buf(&cap_buf,
433 OBJ_nid2sn(nids[k]),
434 &cap_size, 256))
435 goto end;
436
437 skip_digests:
438 fn_pk = ENGINE_get_pkey_meths(e);
439 if (!fn_pk)
440 goto skip_pmeths;
441 n = fn_pk(e, NULL, &nids, 0);
442 for (k = 0; k < n; ++k)
443 if (!append_buf(&cap_buf,
444 OBJ_nid2sn(nids[k]),
445 &cap_size, 256))
446 goto end;
447 skip_pmeths:
448 if (cap_buf && (*cap_buf != '\0'))
449 BIO_printf(bio_out, " [%s]\n", cap_buf);
450
451 free(cap_buf);
452 }
453 if (test_avail) {
454 BIO_printf(bio_out, "%s", indent);
455 if (ENGINE_init(e)) {
456 BIO_printf(bio_out, "[ available ]\n");
457 util_do_cmds(e, post_cmds, bio_out, indent);
458 /*
459 * XXX hell lacks a place for people who write functions with
460 * XXX unusable return semantics.
461 */
462 if (ENGINE_finish(e) != 0 ||
463 ERR_GET_REASON(ERR_peek_last_error()) ==
464 ENGINE_R_FINISH_FAILED)
465 e = NULL;
466 } else {
467 BIO_printf(bio_out, "[ unavailable ]\n");
468 if (test_avail_noise)
469 ERR_print_errors_fp(stdout);
470 ERR_clear_error();
471 }
472 }
473 if ((verbose > 0) && e != NULL &&
474 !util_verbose(e, verbose, bio_out, indent))
475 goto end;
476 ENGINE_free(e);
477 } else
478 ERR_print_errors(bio_err);
479 }
480
481 ret = 0;
482end:
483
484 ERR_print_errors(bio_err);
485 sk_OPENSSL_STRING_pop_free(engines, identity);
486 sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
487 sk_OPENSSL_STRING_pop_free(post_cmds, identity);
488 if (bio_out != NULL)
489 BIO_free_all(bio_out);
490
491 return (ret);
492}
493#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 18:50:11 +0000