1 /* 2 * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some engine deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <openssl/opensslconf.h> 14 15 #include "apps.h" 16 #include "progs.h" 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <string.h> 20 #include <openssl/err.h> 21 #include <openssl/engine.h> 22 #include <openssl/ssl.h> 23 #include <openssl/store.h> 24 25 typedef enum OPTION_choice { 26 OPT_COMMON, 27 OPT_C, 28 OPT_T, 29 OPT_TT, 30 OPT_PRE, 31 OPT_POST, 32 OPT_V = 100, 33 OPT_VV, 34 OPT_VVV, 35 OPT_VVVV 36 } OPTION_CHOICE; 37 38 const OPTIONS engine_options[] = { 39 { OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n" }, 40 41 OPT_SECTION("General"), 42 { "help", OPT_HELP, '-', "Display this summary" }, 43 { "t", OPT_T, '-', "Check that specified engine is available" }, 44 { "pre", OPT_PRE, 's', "Run command against the ENGINE before loading it" }, 45 { "post", OPT_POST, 's', "Run command against the ENGINE after loading it" }, 46 47 OPT_SECTION("Output"), 48 { "v", OPT_V, '-', "List 'control commands' For each specified engine" }, 49 { "vv", OPT_VV, '-', "Also display each command's description" }, 50 { "vvv", OPT_VVV, '-', "Also add the input flags for each command" }, 51 { "vvvv", OPT_VVVV, '-', "Also show internal input flags" }, 52 { "c", OPT_C, '-', "List the capabilities of specified engine" }, 53 { "tt", OPT_TT, '-', "Display error trace for unavailable engines" }, 54 { OPT_MORE_STR, OPT_EOF, 1, 55 "Commands are like \"SO_PATH:/lib/libdriver.so\"" }, 56 57 OPT_PARAMETERS(), 58 { "engine", 0, 0, "ID of engine(s) to load" }, 59 { NULL } 60 }; 61 62 static int append_buf(char **buf, int *size, const char *s) 63 { 64 const int expand = 256; 65 int len = strlen(s) + 1; 66 char *p = *buf; 67 68 if (p == NULL) { 69 *size = ((len + expand - 1) / expand) * expand; 70 p = *buf = app_malloc(*size, "engine buffer"); 71 } else { 72 const int blen = strlen(p); 73 74 if (blen > 0) 75 len += 2 + blen; 76 77 if (len > *size) { 78 *size = ((len + expand - 1) / expand) * expand; 79 p = OPENSSL_realloc(p, *size); 80 if (p == NULL) { 81 OPENSSL_free(*buf); 82 *buf = NULL; 83 return 0; 84 } 85 *buf = p; 86 } 87 88 if (blen > 0) { 89 p += blen; 90 *p++ = ','; 91 *p++ = ' '; 92 } 93 } 94 95 strcpy(p, s); 96 return 1; 97 } 98 99 static int util_flags(BIO *out, unsigned int flags, const char *indent) 100 { 101 int started = 0, err = 0; 102 /* Indent before displaying input flags */ 103 BIO_printf(out, "%s%s(input flags): ", indent, indent); 104 if (flags == 0) { 105 BIO_printf(out, "<no flags>\n"); 106 return 1; 107 } 108 /* 109 * If the object is internal, mark it in a way that shows instead of 110 * having it part of all the other flags, even if it really is. 111 */ 112 if (flags & ENGINE_CMD_FLAG_INTERNAL) { 113 BIO_printf(out, "[Internal] "); 114 } 115 116 if (flags & ENGINE_CMD_FLAG_NUMERIC) { 117 BIO_printf(out, "NUMERIC"); 118 started = 1; 119 } 120 /* 121 * Now we check that no combinations of the mutually exclusive NUMERIC, 122 * STRING, and NO_INPUT flags have been used. Future flags that can be 123 * OR'd together with these would need to added after these to preserve 124 * the testing logic. 125 */ 126 if (flags & ENGINE_CMD_FLAG_STRING) { 127 if (started) { 128 BIO_printf(out, "|"); 129 err = 1; 130 } 131 BIO_printf(out, "STRING"); 132 started = 1; 133 } 134 if (flags & ENGINE_CMD_FLAG_NO_INPUT) { 135 if (started) { 136 BIO_printf(out, "|"); 137 err = 1; 138 } 139 BIO_printf(out, "NO_INPUT"); 140 started = 1; 141 } 142 /* Check for unknown flags */ 143 flags = flags & ~ENGINE_CMD_FLAG_NUMERIC & ~ENGINE_CMD_FLAG_STRING & ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL; 144 if (flags) { 145 if (started) 146 BIO_printf(out, "|"); 147 BIO_printf(out, "<0x%04X>", flags); 148 } 149 if (err) 150 BIO_printf(out, " <illegal flags!>"); 151 BIO_printf(out, "\n"); 152 return 1; 153 } 154 155 static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) 156 { 157 static const int line_wrap = 78; 158 int num; 159 int ret = 0; 160 char *name = NULL; 161 char *desc = NULL; 162 int flags; 163 int xpos = 0; 164 STACK_OF(OPENSSL_STRING) *cmds = NULL; 165 if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, 0, NULL, NULL)) <= 0)) { 166 return 1; 167 } 168 169 cmds = sk_OPENSSL_STRING_new_null(); 170 if (cmds == NULL) 171 goto err; 172 173 do { 174 int len; 175 /* Get the command input flags */ 176 if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, 177 NULL, NULL)) 178 < 0) 179 goto err; 180 if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) { 181 /* Get the command name */ 182 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num, 183 NULL, NULL)) 184 <= 0) 185 goto err; 186 name = app_malloc(len + 1, "name buffer"); 187 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name, 188 NULL) 189 <= 0) 190 goto err; 191 /* Get the command description */ 192 if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num, 193 NULL, NULL)) 194 < 0) 195 goto err; 196 if (len > 0) { 197 desc = app_malloc(len + 1, "description buffer"); 198 if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc, 199 NULL) 200 <= 0) 201 goto err; 202 } 203 /* Now decide on the output */ 204 if (xpos == 0) 205 /* Do an indent */ 206 xpos = BIO_puts(out, indent); 207 else 208 /* Otherwise prepend a ", " */ 209 xpos += BIO_printf(out, ", "); 210 if (verbose == 1) { 211 /* 212 * We're just listing names, comma-delimited 213 */ 214 if ((xpos > (int)strlen(indent)) && (xpos + (int)strlen(name) > line_wrap)) { 215 BIO_printf(out, "\n"); 216 xpos = BIO_puts(out, indent); 217 } 218 xpos += BIO_printf(out, "%s", name); 219 } else { 220 /* We're listing names plus descriptions */ 221 BIO_printf(out, "%s: %s\n", name, 222 (desc == NULL) ? "<no description>" : desc); 223 /* ... and sometimes input flags */ 224 if ((verbose >= 3) && !util_flags(out, flags, indent)) 225 goto err; 226 xpos = 0; 227 } 228 } 229 OPENSSL_free(name); 230 name = NULL; 231 OPENSSL_free(desc); 232 desc = NULL; 233 /* Move to the next command */ 234 num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL); 235 } while (num > 0); 236 if (xpos > 0) 237 BIO_printf(out, "\n"); 238 ret = 1; 239 err: 240 sk_OPENSSL_STRING_free(cmds); 241 OPENSSL_free(name); 242 OPENSSL_free(desc); 243 return ret; 244 } 245 246 static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds, 247 BIO *out, const char *indent) 248 { 249 int loop, res, num = sk_OPENSSL_STRING_num(cmds); 250 251 if (num < 0) { 252 BIO_printf(out, "[Error]: internal stack error\n"); 253 return; 254 } 255 for (loop = 0; loop < num; loop++) { 256 char buf[256]; 257 const char *cmd, *arg; 258 cmd = sk_OPENSSL_STRING_value(cmds, loop); 259 res = 1; /* assume success */ 260 /* Check if this command has no ":arg" */ 261 if ((arg = strchr(cmd, ':')) == NULL) { 262 if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0)) 263 res = 0; 264 } else { 265 if ((int)(arg - cmd) > 254) { 266 BIO_printf(out, "[Error]: command name too long\n"); 267 return; 268 } 269 memcpy(buf, cmd, (int)(arg - cmd)); 270 buf[arg - cmd] = '\0'; 271 arg++; /* Move past the ":" */ 272 /* Call the command with the argument */ 273 if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0)) 274 res = 0; 275 } 276 if (res) { 277 BIO_printf(out, "[Success]: %s\n", cmd); 278 } else { 279 BIO_printf(out, "[Failure]: %s\n", cmd); 280 ERR_print_errors(out); 281 } 282 } 283 } 284 285 struct util_store_cap_data { 286 ENGINE *engine; 287 char **cap_buf; 288 int *cap_size; 289 int ok; 290 }; 291 static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg) 292 { 293 struct util_store_cap_data *ctx = arg; 294 295 if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) { 296 char buf[256]; 297 BIO_snprintf(buf, sizeof(buf), "STORE(%s)", 298 OSSL_STORE_LOADER_get0_scheme(loader)); 299 if (!append_buf(ctx->cap_buf, ctx->cap_size, buf)) 300 ctx->ok = 0; 301 } 302 } 303 304 int engine_main(int argc, char **argv) 305 { 306 int ret = 1, i; 307 int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0; 308 ENGINE *e; 309 STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null(); 310 STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null(); 311 STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null(); 312 BIO *out; 313 const char *indent = " "; 314 OPTION_CHOICE o; 315 char *prog; 316 char *argv1; 317 318 out = dup_bio_out(FORMAT_TEXT); 319 if (engines == NULL || pre_cmds == NULL || post_cmds == NULL) 320 goto end; 321 322 /* Remember the original command name, parse/skip any leading engine 323 * names, and then setup to parse the rest of the line as flags. */ 324 prog = argv[0]; 325 while ((argv1 = argv[1]) != NULL && *argv1 != '-') { 326 if (!sk_OPENSSL_CSTRING_push(engines, argv1)) 327 goto end; 328 argc--; 329 argv++; 330 } 331 argv[0] = prog; 332 opt_init(argc, argv, engine_options); 333 334 while ((o = opt_next()) != OPT_EOF) { 335 switch (o) { 336 case OPT_EOF: 337 case OPT_ERR: 338 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 339 goto end; 340 case OPT_HELP: 341 opt_help(engine_options); 342 ret = 0; 343 goto end; 344 case OPT_VVVV: 345 case OPT_VVV: 346 case OPT_VV: 347 case OPT_V: 348 /* Convert to an integer from one to four. */ 349 i = (int)(o - OPT_V) + 1; 350 if (verbose < i) 351 verbose = i; 352 break; 353 case OPT_C: 354 list_cap = 1; 355 break; 356 case OPT_TT: 357 test_avail_noise++; 358 /* fall through */ 359 case OPT_T: 360 test_avail++; 361 break; 362 case OPT_PRE: 363 if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0) 364 goto end; 365 break; 366 case OPT_POST: 367 if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0) 368 goto end; 369 break; 370 } 371 } 372 373 /* Any remaining arguments are engine names. */ 374 argc = opt_num_rest(); 375 argv = opt_rest(); 376 for (; *argv; argv++) { 377 if (**argv == '-') { 378 BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n", 379 prog); 380 BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); 381 goto end; 382 } 383 if (!sk_OPENSSL_CSTRING_push(engines, *argv)) 384 goto end; 385 } 386 387 if (sk_OPENSSL_CSTRING_num(engines) == 0) { 388 for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) { 389 if (!sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e))) 390 goto end; 391 } 392 } 393 394 ret = 0; 395 for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) { 396 const char *id = sk_OPENSSL_CSTRING_value(engines, i); 397 if ((e = ENGINE_by_id(id)) != NULL) { 398 const char *name = ENGINE_get_name(e); 399 /* 400 * Do "id" first, then "name". Easier to auto-parse. 401 */ 402 BIO_printf(out, "(%s) %s\n", id, name); 403 util_do_cmds(e, pre_cmds, out, indent); 404 if (strcmp(ENGINE_get_id(e), id) != 0) { 405 BIO_printf(out, "Loaded: (%s) %s\n", 406 ENGINE_get_id(e), ENGINE_get_name(e)); 407 } 408 if (list_cap) { 409 int cap_size = 256; 410 char *cap_buf = NULL; 411 int k, n; 412 const int *nids; 413 ENGINE_CIPHERS_PTR fn_c; 414 ENGINE_DIGESTS_PTR fn_d; 415 ENGINE_PKEY_METHS_PTR fn_pk; 416 417 if (ENGINE_get_RSA(e) != NULL 418 && !append_buf(&cap_buf, &cap_size, "RSA")) 419 goto end; 420 if (ENGINE_get_EC(e) != NULL 421 && !append_buf(&cap_buf, &cap_size, "EC")) 422 goto end; 423 if (ENGINE_get_DSA(e) != NULL 424 && !append_buf(&cap_buf, &cap_size, "DSA")) 425 goto end; 426 if (ENGINE_get_DH(e) != NULL 427 && !append_buf(&cap_buf, &cap_size, "DH")) 428 goto end; 429 if (ENGINE_get_RAND(e) != NULL 430 && !append_buf(&cap_buf, &cap_size, "RAND")) 431 goto end; 432 433 fn_c = ENGINE_get_ciphers(e); 434 if (fn_c == NULL) 435 goto skip_ciphers; 436 n = fn_c(e, NULL, &nids, 0); 437 for (k = 0; k < n; ++k) 438 if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) 439 goto end; 440 441 skip_ciphers: 442 fn_d = ENGINE_get_digests(e); 443 if (fn_d == NULL) 444 goto skip_digests; 445 n = fn_d(e, NULL, &nids, 0); 446 for (k = 0; k < n; ++k) 447 if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) 448 goto end; 449 450 skip_digests: 451 fn_pk = ENGINE_get_pkey_meths(e); 452 if (fn_pk == NULL) 453 goto skip_pmeths; 454 n = fn_pk(e, NULL, &nids, 0); 455 for (k = 0; k < n; ++k) 456 if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k]))) 457 goto end; 458 skip_pmeths: { 459 struct util_store_cap_data store_ctx; 460 461 store_ctx.engine = e; 462 store_ctx.cap_buf = &cap_buf; 463 store_ctx.cap_size = &cap_size; 464 store_ctx.ok = 1; 465 466 OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx); 467 if (!store_ctx.ok) 468 goto end; 469 } 470 if (cap_buf != NULL && (*cap_buf != '\0')) 471 BIO_printf(out, " [%s]\n", cap_buf); 472 473 OPENSSL_free(cap_buf); 474 } 475 if (test_avail) { 476 BIO_printf(out, "%s", indent); 477 if (ENGINE_init(e)) { 478 BIO_printf(out, "[ available ]\n"); 479 util_do_cmds(e, post_cmds, out, indent); 480 ENGINE_finish(e); 481 } else { 482 BIO_printf(out, "[ unavailable ]\n"); 483 if (test_avail_noise) 484 ERR_print_errors_fp(stdout); 485 ERR_clear_error(); 486 } 487 } 488 if ((verbose > 0) && !util_verbose(e, verbose, out, indent)) 489 goto end; 490 ENGINE_free(e); 491 } else { 492 ERR_print_errors(bio_err); 493 /* because exit codes above 127 have special meaning on Unix */ 494 if (++ret > 127) 495 ret = 127; 496 } 497 } 498 499 end: 500 501 ERR_print_errors(bio_err); 502 sk_OPENSSL_CSTRING_free(engines); 503 sk_OPENSSL_STRING_free(pre_cmds); 504 sk_OPENSSL_STRING_free(post_cmds); 505 BIO_free_all(out); 506 return ret; 507 } 508
Indexes created Sun Mar 01 05:31:48 UTC 2026