]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
846e33c7 | 2 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |
14c6d27d | 3 | * |
846e33c7 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
14c6d27d RL |
8 | */ |
9 | ||
effaf4de RS |
10 | #include <openssl/opensslconf.h> |
11 | #ifdef OPENSSL_NO_ENGINE | |
12 | NON_EMPTY_TRANSLATION_UNIT | |
13 | #else | |
14 | ||
15 | # include "apps.h" | |
16 | # include <stdio.h> | |
17 | # include <stdlib.h> | |
18 | # include <string.h> | |
19 | # include <openssl/err.h> | |
0f113f3e MC |
20 | # include <openssl/engine.h> |
21 | # include <openssl/ssl.h> | |
22 | ||
7e1b7485 RS |
23 | typedef enum OPTION_choice { |
24 | OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, | |
25 | OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST, | |
26 | OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV | |
27 | } OPTION_CHOICE; | |
28 | ||
44c83ebd | 29 | const OPTIONS engine_options[] = { |
0d1e003f RS |
30 | {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"}, |
31 | {OPT_HELP_STR, 1, '-', | |
32 | " engine... Engines to load\n"}, | |
7e1b7485 | 33 | {"help", OPT_HELP, '-', "Display this summary"}, |
0d1e003f | 34 | {"v", OPT_V, '-', "List 'control commands' For each specified engine"}, |
7e1b7485 | 35 | {"vv", OPT_VV, '-', "Also display each command's description"}, |
0d1e003f RS |
36 | {"vvv", OPT_VVV, '-', "Also add the input flags for each command"}, |
37 | {"vvvv", OPT_VVVV, '-', "Also show internal input flags"}, | |
38 | {"c", OPT_C, '-', "List the capabilities of specified engine"}, | |
39 | {"t", OPT_T, '-', "Check that specified engine is available"}, | |
7e1b7485 RS |
40 | {"tt", OPT_TT, '-', "Display error trace for unavailable engines"}, |
41 | {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"}, | |
42 | {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"}, | |
43 | {OPT_MORE_STR, OPT_EOF, 1, | |
44 | "Commands are like \"SO_PATH:/lib/libdriver.so\""}, | |
45 | {NULL} | |
14c6d27d RL |
46 | }; |
47 | ||
0d1e003f | 48 | static int append_buf(char **buf, int *size, const char *s) |
0f113f3e | 49 | { |
0f113f3e | 50 | if (*buf == NULL) { |
0d1e003f | 51 | *size = 256; |
68dc6824 | 52 | *buf = app_malloc(*size, "engine buffer"); |
0f113f3e MC |
53 | **buf = '\0'; |
54 | } | |
69e7805f | 55 | |
0f113f3e | 56 | if (strlen(*buf) + strlen(s) >= (unsigned int)*size) { |
7c0ef843 | 57 | char *tmp; |
0d1e003f | 58 | *size += 256; |
7c0ef843 DSH |
59 | tmp = OPENSSL_realloc(*buf, *size); |
60 | if (tmp == NULL) { | |
61 | OPENSSL_free(*buf); | |
62 | *buf = NULL; | |
63 | return 0; | |
64 | } | |
65 | *buf = tmp; | |
0f113f3e | 66 | } |
69e7805f | 67 | |
0f113f3e | 68 | if (**buf != '\0') |
7644a9ae RS |
69 | OPENSSL_strlcat(*buf, ", ", *size); |
70 | OPENSSL_strlcat(*buf, s, *size); | |
69e7805f | 71 | |
0f113f3e MC |
72 | return 1; |
73 | } | |
69e7805f | 74 | |
7e1b7485 | 75 | static int util_flags(BIO *out, unsigned int flags, const char *indent) |
0f113f3e MC |
76 | { |
77 | int started = 0, err = 0; | |
78 | /* Indent before displaying input flags */ | |
7e1b7485 | 79 | BIO_printf(out, "%s%s(input flags): ", indent, indent); |
0f113f3e | 80 | if (flags == 0) { |
7e1b7485 | 81 | BIO_printf(out, "<no flags>\n"); |
0f113f3e MC |
82 | return 1; |
83 | } | |
84 | /* | |
85 | * If the object is internal, mark it in a way that shows instead of | |
86 | * having it part of all the other flags, even if it really is. | |
87 | */ | |
88 | if (flags & ENGINE_CMD_FLAG_INTERNAL) { | |
7e1b7485 | 89 | BIO_printf(out, "[Internal] "); |
0f113f3e MC |
90 | } |
91 | ||
92 | if (flags & ENGINE_CMD_FLAG_NUMERIC) { | |
7e1b7485 | 93 | BIO_printf(out, "NUMERIC"); |
0f113f3e MC |
94 | started = 1; |
95 | } | |
96 | /* | |
97 | * Now we check that no combinations of the mutually exclusive NUMERIC, | |
98 | * STRING, and NO_INPUT flags have been used. Future flags that can be | |
99 | * OR'd together with these would need to added after these to preserve | |
100 | * the testing logic. | |
101 | */ | |
102 | if (flags & ENGINE_CMD_FLAG_STRING) { | |
103 | if (started) { | |
7e1b7485 | 104 | BIO_printf(out, "|"); |
0f113f3e MC |
105 | err = 1; |
106 | } | |
7e1b7485 | 107 | BIO_printf(out, "STRING"); |
0f113f3e MC |
108 | started = 1; |
109 | } | |
110 | if (flags & ENGINE_CMD_FLAG_NO_INPUT) { | |
111 | if (started) { | |
7e1b7485 | 112 | BIO_printf(out, "|"); |
0f113f3e MC |
113 | err = 1; |
114 | } | |
7e1b7485 | 115 | BIO_printf(out, "NO_INPUT"); |
0f113f3e MC |
116 | started = 1; |
117 | } | |
118 | /* Check for unknown flags */ | |
119 | flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & | |
120 | ~ENGINE_CMD_FLAG_STRING & | |
121 | ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL; | |
122 | if (flags) { | |
123 | if (started) | |
7e1b7485 RS |
124 | BIO_printf(out, "|"); |
125 | BIO_printf(out, "<0x%04X>", flags); | |
0f113f3e MC |
126 | } |
127 | if (err) | |
7e1b7485 RS |
128 | BIO_printf(out, " <illegal flags!>"); |
129 | BIO_printf(out, "\n"); | |
0f113f3e MC |
130 | return 1; |
131 | } | |
132 | ||
7e1b7485 | 133 | static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) |
0f113f3e MC |
134 | { |
135 | static const int line_wrap = 78; | |
136 | int num; | |
137 | int ret = 0; | |
138 | char *name = NULL; | |
139 | char *desc = NULL; | |
140 | int flags; | |
141 | int xpos = 0; | |
142 | STACK_OF(OPENSSL_STRING) *cmds = NULL; | |
143 | if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || | |
144 | ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, | |
145 | 0, NULL, NULL)) <= 0)) { | |
0f113f3e MC |
146 | return 1; |
147 | } | |
148 | ||
149 | cmds = sk_OPENSSL_STRING_new_null(); | |
0f113f3e MC |
150 | if (!cmds) |
151 | goto err; | |
7e1b7485 | 152 | |
0f113f3e MC |
153 | do { |
154 | int len; | |
155 | /* Get the command input flags */ | |
156 | if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, | |
157 | NULL, NULL)) < 0) | |
158 | goto err; | |
159 | if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { | |
160 | /* Get the command name */ | |
161 | if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, | |
162 | NULL, NULL)) <= 0) | |
163 | goto err; | |
68dc6824 | 164 | name = app_malloc(len + 1, "name buffer"); |
0f113f3e MC |
165 | if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, |
166 | NULL) <= 0) | |
167 | goto err; | |
168 | /* Get the command description */ | |
169 | if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, | |
170 | NULL, NULL)) < 0) | |
171 | goto err; | |
172 | if (len > 0) { | |
68dc6824 | 173 | desc = app_malloc(len + 1, "description buffer"); |
0f113f3e | 174 | if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, |
2cd3ad9b | 175 | NULL) <= 0) |
0f113f3e MC |
176 | goto err; |
177 | } | |
178 | /* Now decide on the output */ | |
179 | if (xpos == 0) | |
180 | /* Do an indent */ | |
7e1b7485 | 181 | xpos = BIO_puts(out, indent); |
0f113f3e MC |
182 | else |
183 | /* Otherwise prepend a ", " */ | |
7e1b7485 | 184 | xpos += BIO_printf(out, ", "); |
0f113f3e MC |
185 | if (verbose == 1) { |
186 | /* | |
187 | * We're just listing names, comma-delimited | |
188 | */ | |
189 | if ((xpos > (int)strlen(indent)) && | |
190 | (xpos + (int)strlen(name) > line_wrap)) { | |
7e1b7485 RS |
191 | BIO_printf(out, "\n"); |
192 | xpos = BIO_puts(out, indent); | |
0f113f3e | 193 | } |
7e1b7485 | 194 | xpos += BIO_printf(out, "%s", name); |
0f113f3e MC |
195 | } else { |
196 | /* We're listing names plus descriptions */ | |
7e1b7485 | 197 | BIO_printf(out, "%s: %s\n", name, |
0f113f3e MC |
198 | (desc == NULL) ? "<no description>" : desc); |
199 | /* ... and sometimes input flags */ | |
7e1b7485 | 200 | if ((verbose >= 3) && !util_flags(out, flags, indent)) |
0f113f3e MC |
201 | goto err; |
202 | xpos = 0; | |
203 | } | |
204 | } | |
205 | OPENSSL_free(name); | |
206 | name = NULL; | |
b548a1f1 RS |
207 | OPENSSL_free(desc); |
208 | desc = NULL; | |
0f113f3e MC |
209 | /* Move to the next command */ |
210 | num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL); | |
211 | } while (num > 0); | |
212 | if (xpos > 0) | |
7e1b7485 | 213 | BIO_printf(out, "\n"); |
0f113f3e MC |
214 | ret = 1; |
215 | err: | |
1dcb8ca2 | 216 | sk_OPENSSL_STRING_free(cmds); |
b548a1f1 RS |
217 | OPENSSL_free(name); |
218 | OPENSSL_free(desc); | |
0f113f3e MC |
219 | return ret; |
220 | } | |
f11bc840 | 221 | |
c869da88 | 222 | static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, |
7e1b7485 | 223 | BIO *out, const char *indent) |
0f113f3e MC |
224 | { |
225 | int loop, res, num = sk_OPENSSL_STRING_num(cmds); | |
226 | ||
227 | if (num < 0) { | |
7e1b7485 | 228 | BIO_printf(out, "[Error]: internal stack error\n"); |
0f113f3e MC |
229 | return; |
230 | } | |
231 | for (loop = 0; loop < num; loop++) { | |
232 | char buf[256]; | |
233 | const char *cmd, *arg; | |
234 | cmd = sk_OPENSSL_STRING_value(cmds, loop); | |
235 | res = 1; /* assume success */ | |
236 | /* Check if this command has no ":arg" */ | |
237 | if ((arg = strstr(cmd, ":")) == NULL) { | |
238 | if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) | |
239 | res = 0; | |
240 | } else { | |
241 | if ((int)(arg - cmd) > 254) { | |
7e1b7485 | 242 | BIO_printf(out, "[Error]: command name too long\n"); |
0f113f3e MC |
243 | return; |
244 | } | |
245 | memcpy(buf, cmd, (int)(arg - cmd)); | |
246 | buf[arg - cmd] = '\0'; | |
247 | arg++; /* Move past the ":" */ | |
248 | /* Call the command with the argument */ | |
249 | if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) | |
250 | res = 0; | |
251 | } | |
252 | if (res) | |
7e1b7485 | 253 | BIO_printf(out, "[Success]: %s\n", cmd); |
0f113f3e | 254 | else { |
7e1b7485 RS |
255 | BIO_printf(out, "[Failure]: %s\n", cmd); |
256 | ERR_print_errors(out); | |
0f113f3e MC |
257 | } |
258 | } | |
259 | } | |
f11bc840 | 260 | |
7e1b7485 | 261 | int engine_main(int argc, char **argv) |
0f113f3e MC |
262 | { |
263 | int ret = 1, i; | |
0f113f3e MC |
264 | int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0; |
265 | ENGINE *e; | |
1dcb8ca2 | 266 | STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null(); |
0f113f3e MC |
267 | STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); |
268 | STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); | |
7e1b7485 | 269 | BIO *out; |
0f113f3e | 270 | const char *indent = " "; |
7e1b7485 RS |
271 | OPTION_CHOICE o; |
272 | char *prog; | |
0d1e003f | 273 | char *argv1; |
0f113f3e | 274 | |
a60994df | 275 | out = dup_bio_out(FORMAT_TEXT); |
0d1e003f | 276 | if (engines == NULL || pre_cmds == NULL || post_cmds == NULL) |
0f113f3e | 277 | goto end; |
0d1e003f RS |
278 | |
279 | /* Remember the original command name, parse/skip any leading engine | |
280 | * names, and then setup to parse the rest of the line as flags. */ | |
281 | prog = argv[0]; | |
282 | while ((argv1 = argv[1]) != NULL && *argv1 != '-') { | |
1dcb8ca2 | 283 | sk_OPENSSL_CSTRING_push(engines, argv1); |
0d1e003f RS |
284 | argc--; |
285 | argv++; | |
286 | } | |
287 | argv[0] = prog; | |
288 | opt_init(argc, argv, engine_options); | |
289 | ||
7e1b7485 RS |
290 | while ((o = opt_next()) != OPT_EOF) { |
291 | switch (o) { | |
292 | case OPT_EOF: | |
293 | case OPT_ERR: | |
294 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
295 | goto end; | |
296 | case OPT_HELP: | |
297 | opt_help(engine_options); | |
298 | ret = 0; | |
299 | goto end; | |
300 | case OPT_VVVV: | |
301 | case OPT_VVV: | |
302 | case OPT_VV: | |
303 | case OPT_V: | |
304 | /* Convert to an integer from one to four. */ | |
305 | i = (int)(o - OPT_V) + 1; | |
306 | if (verbose < i) | |
307 | verbose = i; | |
308 | break; | |
309 | case OPT_C: | |
0f113f3e | 310 | list_cap = 1; |
7e1b7485 RS |
311 | break; |
312 | case OPT_TT: | |
313 | test_avail_noise++; | |
314 | case OPT_T: | |
315 | test_avail++; | |
316 | break; | |
317 | case OPT_PRE: | |
318 | sk_OPENSSL_STRING_push(pre_cmds, opt_arg()); | |
319 | break; | |
320 | case OPT_POST: | |
321 | sk_OPENSSL_STRING_push(post_cmds, opt_arg()); | |
322 | break; | |
323 | } | |
0f113f3e | 324 | } |
0d1e003f RS |
325 | |
326 | /* Allow any trailing parameters as engine names. */ | |
7e1b7485 RS |
327 | argc = opt_num_rest(); |
328 | argv = opt_rest(); | |
0d1e003f RS |
329 | for ( ; *argv; argv++) { |
330 | if (**argv == '-') { | |
331 | BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n", | |
332 | prog); | |
333 | BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); | |
334 | goto end; | |
335 | } | |
1dcb8ca2 | 336 | sk_OPENSSL_CSTRING_push(engines, *argv); |
0d1e003f | 337 | } |
0f113f3e | 338 | |
1dcb8ca2 | 339 | if (sk_OPENSSL_CSTRING_num(engines) == 0) { |
0f113f3e | 340 | for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { |
1dcb8ca2 | 341 | sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e)); |
0f113f3e MC |
342 | } |
343 | } | |
344 | ||
9e64457d | 345 | ret = 0; |
1dcb8ca2 MC |
346 | for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) { |
347 | const char *id = sk_OPENSSL_CSTRING_value(engines, i); | |
0f113f3e MC |
348 | if ((e = ENGINE_by_id(id)) != NULL) { |
349 | const char *name = ENGINE_get_name(e); | |
350 | /* | |
351 | * Do "id" first, then "name". Easier to auto-parse. | |
352 | */ | |
7e1b7485 RS |
353 | BIO_printf(out, "(%s) %s\n", id, name); |
354 | util_do_cmds(e, pre_cmds, out, indent); | |
0f113f3e | 355 | if (strcmp(ENGINE_get_id(e), id) != 0) { |
7e1b7485 | 356 | BIO_printf(out, "Loaded: (%s) %s\n", |
0f113f3e MC |
357 | ENGINE_get_id(e), ENGINE_get_name(e)); |
358 | } | |
359 | if (list_cap) { | |
360 | int cap_size = 256; | |
361 | char *cap_buf = NULL; | |
362 | int k, n; | |
363 | const int *nids; | |
364 | ENGINE_CIPHERS_PTR fn_c; | |
365 | ENGINE_DIGESTS_PTR fn_d; | |
366 | ENGINE_PKEY_METHS_PTR fn_pk; | |
367 | ||
368 | if (ENGINE_get_RSA(e) != NULL | |
0d1e003f | 369 | && !append_buf(&cap_buf, &cap_size, "RSA")) |
0f113f3e MC |
370 | goto end; |
371 | if (ENGINE_get_DSA(e) != NULL | |
0d1e003f | 372 | && !append_buf(&cap_buf, &cap_size, "DSA")) |
0f113f3e MC |
373 | goto end; |
374 | if (ENGINE_get_DH(e) != NULL | |
0d1e003f | 375 | && !append_buf(&cap_buf, &cap_size, "DH")) |
0f113f3e MC |
376 | goto end; |
377 | if (ENGINE_get_RAND(e) != NULL | |
0d1e003f | 378 | && !append_buf(&cap_buf, &cap_size, "RAND")) |
0f113f3e MC |
379 | goto end; |
380 | ||
381 | fn_c = ENGINE_get_ciphers(e); | |
382 | if (!fn_c) | |
383 | goto skip_ciphers; | |
384 | n = fn_c(e, NULL, &nids, 0); | |
385 | for (k = 0; k < n; ++k) | |
0d1e003f | 386 | if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) |
0f113f3e MC |
387 | goto end; |
388 | ||
389 | skip_ciphers: | |
390 | fn_d = ENGINE_get_digests(e); | |
391 | if (!fn_d) | |
392 | goto skip_digests; | |
393 | n = fn_d(e, NULL, &nids, 0); | |
394 | for (k = 0; k < n; ++k) | |
0d1e003f | 395 | if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) |
0f113f3e MC |
396 | goto end; |
397 | ||
398 | skip_digests: | |
399 | fn_pk = ENGINE_get_pkey_meths(e); | |
400 | if (!fn_pk) | |
401 | goto skip_pmeths; | |
402 | n = fn_pk(e, NULL, &nids, 0); | |
403 | for (k = 0; k < n; ++k) | |
0d1e003f | 404 | if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) |
0f113f3e MC |
405 | goto end; |
406 | skip_pmeths: | |
407 | if (cap_buf && (*cap_buf != '\0')) | |
7e1b7485 | 408 | BIO_printf(out, " [%s]\n", cap_buf); |
0f113f3e MC |
409 | |
410 | OPENSSL_free(cap_buf); | |
411 | } | |
412 | if (test_avail) { | |
7e1b7485 | 413 | BIO_printf(out, "%s", indent); |
0f113f3e | 414 | if (ENGINE_init(e)) { |
7e1b7485 RS |
415 | BIO_printf(out, "[ available ]\n"); |
416 | util_do_cmds(e, post_cmds, out, indent); | |
0f113f3e MC |
417 | ENGINE_finish(e); |
418 | } else { | |
7e1b7485 | 419 | BIO_printf(out, "[ unavailable ]\n"); |
0f113f3e MC |
420 | if (test_avail_noise) |
421 | ERR_print_errors_fp(stdout); | |
422 | ERR_clear_error(); | |
423 | } | |
424 | } | |
7e1b7485 | 425 | if ((verbose > 0) && !util_verbose(e, verbose, out, indent)) |
0f113f3e MC |
426 | goto end; |
427 | ENGINE_free(e); | |
9e64457d | 428 | } else { |
0f113f3e | 429 | ERR_print_errors(bio_err); |
9e64457d RL |
430 | /* because exit codes above 127 have special meaning on Unix */ |
431 | if (++ret > 127) | |
432 | ret = 127; | |
433 | } | |
0f113f3e MC |
434 | } |
435 | ||
0f113f3e MC |
436 | end: |
437 | ||
438 | ERR_print_errors(bio_err); | |
1dcb8ca2 MC |
439 | sk_OPENSSL_CSTRING_free(engines); |
440 | sk_OPENSSL_STRING_free(pre_cmds); | |
441 | sk_OPENSSL_STRING_free(post_cmds); | |
7e1b7485 RS |
442 | BIO_free_all(out); |
443 | return (ret); | |
0f113f3e | 444 | } |
0b13e9f0 | 445 | #endif |