mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove openssl provider app

Browse Source 
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
This commit is contained in:
Shane Lontis 2020-09-22 11:40:46 +10:00
parent fc959d7171
commit fa9e541d49
8 changed files with 6 additions and 537 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/build.info
View File

@ -18,7 +18,7 @@ $OPENSSLSRC=\
pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
spkac.c verify.c version.c x509.c rehash.c storeutl.c \
list.c info.c provider.c fipsinstall.c
list.c info.c fipsinstall.c
IF[{- !$disabled{'des'} -}]
$OPENSSLSRC=$OPENSSLSRC pkcs12.c
ENDIF

382
apps/provider.c
View File

@ -1,382 +0,0 @@
/*
* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <openssl/opensslconf.h>
#include "apps.h"
#include "app_params.h"
#include "progs.h"
#include "names.h"
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/safestack.h>
#include <openssl/provider.h>
#include <openssl/core.h>
#include <openssl/core_dispatch.h>
#ifdef __TANDEM
# include <string.h> /* memset */
#endif
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_V = 100, OPT_VV, OPT_VVV
} OPTION_CHOICE;
const OPTIONS provider_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] [provider...]\n"},
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
OPT_SECTION("Output"),
{"v", OPT_V, '-', "List the algorithm names of specified provider"},
{"vv", OPT_VV, '-', "List the algorithm names of specified providers,"},
{OPT_MORE_STR, 0, '-', "categorised by operation type"},
{"vvv", OPT_VVV, '-', "List the algorithm names of specified provider"},
{OPT_MORE_STR, 0, '-', "one at a time, and list all known parameters"},
OPT_PARAMETERS(),
{"provider", 0, 0, "Provider(s) to load"},
{NULL}
};
typedef struct info_st INFO;
typedef struct meta_st META;
struct info_st {
void (*collect_names_fn)(void *method, STACK_OF(OPENSSL_CSTRING) *names);
void *method;
const OSSL_PARAM *gettable_params;
const OSSL_PARAM *settable_params;
const OSSL_PARAM *gettable_ctx_params;
const OSSL_PARAM *settable_ctx_params;
const OSSL_PARAM *gen_settable_params;
};
struct meta_st {
int first; /* For prints */
int total;
int indent;
int subindent;
int verbose;
const char *label;
OSSL_PROVIDER *prov;
void (*fn)(META *meta, INFO *info);
};
static void collect_cipher_names(void *method,
STACK_OF(OPENSSL_CSTRING) *names)
{
EVP_CIPHER_names_do_all(method, collect_names, names);
}
static void collect_digest_names(void *method,
STACK_OF(OPENSSL_CSTRING) *names)
{
EVP_MD_names_do_all(method, collect_names, names);
}
static void collect_mac_names(void *method,
STACK_OF(OPENSSL_CSTRING) *names)
{
EVP_MAC_names_do_all(method, collect_names, names);
}
static void collect_keymgmt_names(void *method,
STACK_OF(OPENSSL_CSTRING) *names)
{
EVP_KEYMGMT_names_do_all(method, collect_names, names);
}
static void collect_keyexch_names(void *method,
STACK_OF(OPENSSL_CSTRING) *names)
{
EVP_KEYEXCH_names_do_all(method, collect_names, names);
}
static void collect_signature_names(void *method,
STACK_OF(OPENSSL_CSTRING) *names)
{
EVP_SIGNATURE_names_do_all(method, collect_names, names);
}
static void print_method_names(BIO *out, INFO *info)
{
STACK_OF(OPENSSL_CSTRING) *names = sk_OPENSSL_CSTRING_new(name_cmp);
info->collect_names_fn(info->method, names);
print_names(out, names);
sk_OPENSSL_CSTRING_free(names);
}
static void print_caps(META *meta, INFO *info)
{
switch (meta->verbose) {
case 1:
if (!meta->first)
BIO_printf(bio_out, "; ");
print_method_names(bio_out, info);
break;
case 2:
if (meta->first) {
if (meta->total > 0)
BIO_printf(bio_out, "\n");
BIO_printf(bio_out, "%*s%ss:", meta->indent, "", meta->label);
}
BIO_printf(bio_out, " ");
print_method_names(bio_out, info);
break;
case 3:
default:
BIO_printf(bio_out, "%*s%s ", meta->indent, "", meta->label);
print_method_names(bio_out, info);
BIO_printf(bio_out, "\n");
print_param_types("settable keygen parameters",
info->gen_settable_params, meta->subindent);
print_param_types("settable algorithm parameters",
info->settable_params, meta->subindent);
print_param_types("retrievable algorithm parameters",
info->gettable_params, meta->subindent);
print_param_types("settable operation parameters",
info->settable_ctx_params, meta->subindent);
print_param_types("retrievable operation parameters",
info->gettable_ctx_params, meta->subindent);
break;
}
meta->first = 0;
}
static void do_method(void *method,
void (*collect_names_fn)(void *method,
STACK_OF(OPENSSL_CSTRING) *names),
const OSSL_PARAM *gettable_params,
const OSSL_PARAM *gettable_ctx_params,
const OSSL_PARAM *settable_ctx_params,
META *meta)
{
INFO info;
memset(&info, 0, sizeof(info));
info.collect_names_fn = collect_names_fn;
info.method = method;
info.gettable_params = gettable_params;
info.gettable_ctx_params = gettable_ctx_params;
info.settable_ctx_params = settable_ctx_params;
meta->fn(meta, &info);
meta->total++;
}
static void do_keymgmt_method(void *method,
void (*collect_names_fn)(void *method,
STACK_OF(OPENSSL_CSTRING)
*names),
const OSSL_PARAM *gettable_params,
const OSSL_PARAM *settable_params,
const OSSL_PARAM *gen_settable_params,
META *meta)
{
INFO info;
memset(&info, 0, sizeof(info));
info.collect_names_fn = collect_names_fn;
info.method = method;
info.gettable_params = gettable_params;
info.settable_params = settable_params;
info.gen_settable_params = gen_settable_params;
meta->fn(meta, &info);
meta->total++;
}
static void do_cipher(EVP_CIPHER *cipher, void *meta)
{
do_method(cipher, collect_cipher_names,
EVP_CIPHER_gettable_params(cipher),
EVP_CIPHER_gettable_ctx_params(cipher),
EVP_CIPHER_settable_ctx_params(cipher),
meta);
}
static void do_digest(EVP_MD *digest, void *meta)
{
do_method(digest, collect_digest_names,
EVP_MD_gettable_params(digest),
EVP_MD_gettable_ctx_params(digest),
EVP_MD_settable_ctx_params(digest),
meta);
}
static void do_mac(EVP_MAC *mac, void *meta)
{
do_method(mac, collect_mac_names,
EVP_MAC_gettable_params(mac),
EVP_MAC_gettable_ctx_params(mac),
EVP_MAC_settable_ctx_params(mac),
meta);
}
static void do_keymgmt(EVP_KEYMGMT *keymgmt, void *meta)
{
do_keymgmt_method(keymgmt, collect_keymgmt_names,
EVP_KEYMGMT_gettable_params(keymgmt),
EVP_KEYMGMT_settable_params(keymgmt),
EVP_KEYMGMT_gen_settable_params(keymgmt),
meta);
}
static void do_keyexch(EVP_KEYEXCH *keyexch, void *meta)
{
do_method(keyexch, collect_keyexch_names,
NULL,
EVP_KEYEXCH_gettable_ctx_params(keyexch),
EVP_KEYEXCH_settable_ctx_params(keyexch),
meta);
}
static void do_signature(EVP_SIGNATURE *signature, void *meta)
{
do_method(signature, collect_signature_names,
NULL,
EVP_SIGNATURE_gettable_ctx_params(signature),
EVP_SIGNATURE_settable_ctx_params(signature),
meta);
}
int provider_main(int argc, char **argv)
{
int ret = 1, i;
int verbose = 0;
STACK_OF(OPENSSL_CSTRING) *providers = sk_OPENSSL_CSTRING_new_null();
OPTION_CHOICE o;
char *prog;
prog = opt_init(argc, argv, provider_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
default: /* Catching OPT_ERR & covering OPT_EOF which isn't possible */
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
case OPT_HELP:
opt_help(provider_options);
ret = 0;
goto end;
case OPT_VVV:
case OPT_VV:
case OPT_V:
/* Convert to an integer from one to four. */
i = (int)(o - OPT_V) + 1;
if (verbose < i)
verbose = i;
break;
}
}
/* Allow any trailing parameters as provider names. */
argc = opt_num_rest();
argv = opt_rest();
for ( ; *argv; argv++) {
/* This isn't necessary since -- is supported. */
if (**argv == '-') {
BIO_printf(bio_err, "%s: Cannot mix flags and provider names.\n",
prog);
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
}
sk_OPENSSL_CSTRING_push(providers, *argv);
}
ret = 0;
for (i = 0; i < sk_OPENSSL_CSTRING_num(providers); i++) {
const char *name = sk_OPENSSL_CSTRING_value(providers, i);
OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, name);
if (prov != NULL) {
BIO_printf(bio_out, verbose == 0 ? "%s\n" : "[ %s ]\n", name);
if (verbose > 0) {
META data;
data.total = 0;
data.first = 1;
data.verbose = verbose;
data.prov = prov;
data.fn = print_caps;
switch (verbose) {
case 1:
BIO_printf(bio_out, " ");
break;
case 2:
data.indent = 4;
break;
case 3:
default:
data.indent = 4;
data.subindent = 10;
break;
}
if (verbose > 1) {
data.first = 1;
data.label = "Cipher";
}
EVP_CIPHER_do_all_provided(NULL, do_cipher, &data);
if (verbose > 1) {
data.first = 1;
data.label = "Digest";
}
EVP_MD_do_all_provided(NULL, do_digest, &data);
if (verbose > 1) {
data.first = 1;
data.label = "MAC";
}
EVP_MAC_do_all_provided(NULL, do_mac, &data);
if (verbose > 1) {
data.first = 1;
data.label = "Key manager";
}
EVP_KEYMGMT_do_all_provided(NULL, do_keymgmt, &data);
if (verbose > 1) {
data.first = 1;
data.label = "Key exchange";
}
EVP_KEYEXCH_do_all_provided(NULL, do_keyexch, &data);
if (verbose > 1) {
data.first = 1;
data.label = "Signature";
}
EVP_SIGNATURE_do_all_provided(NULL, do_signature, &data);
switch (verbose) {
default:
break;
case 2:
case 1:
BIO_printf(bio_out, "\n");
break;
}
}
OSSL_PROVIDER_unload(prov);
} else {
ERR_print_errors(bio_err);
ret = 1;
/*
* Just because one provider module failed, there's no reason to
* stop, if there are more to try.
*/
}
}
end:
ERR_print_errors(bio_err);
sk_OPENSSL_CSTRING_free(providers);
return ret;
}

3
doc/man1/build.info
View File

@ -35,7 +35,6 @@ DEPEND[]= \
openssl-pkey.pod \
openssl-pkeyutl.pod \
openssl-prime.pod \
openssl-provider.pod \
openssl-rand.pod \
openssl-rehash.pod \
openssl-req.pod \
@ -90,7 +89,6 @@ DEPEND[openssl-pkeyparam.pod]=../perlvars.pm
DEPEND[openssl-pkey.pod]=../perlvars.pm
DEPEND[openssl-pkeyutl.pod]=../perlvars.pm
DEPEND[openssl-prime.pod]=../perlvars.pm
DEPEND[openssl-provider.pod]=../perlvars.pm
DEPEND[openssl-rand.pod]=../perlvars.pm
DEPEND[openssl-rehash.pod]=../perlvars.pm
DEPEND[openssl-req.pod]=../perlvars.pm
@ -145,7 +143,6 @@ GENERATE[openssl-pkeyparam.pod]=openssl-pkeyparam.pod.in
GENERATE[openssl-pkey.pod]=openssl-pkey.pod.in
GENERATE[openssl-pkeyutl.pod]=openssl-pkeyutl.pod.in
GENERATE[openssl-prime.pod]=openssl-prime.pod.in
GENERATE[openssl-provider.pod]=openssl-provider.pod.in
GENERATE[openssl-rand.pod]=openssl-rand.pod.in
GENERATE[openssl-rehash.pod]=openssl-rehash.pod.in
GENERATE[openssl-req.pod]=openssl-req.pod.in

63
doc/man1/openssl-provider.pod.in
View File

@ -1,63 +0,0 @@
=pod
{- OpenSSL::safe::output_do_not_edit_headers(); -}
=head1 NAME
openssl-provider - load and query providers
=head1 SYNOPSIS
B<openssl provider>
[B<-help>]
[B<-v>]
[B<-vv>]
[B<-vvv>]
[I<provider> ...]
=head1 DESCRIPTION
This command is used to query the capabilities of the
specified I<provider>'s.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-v> B<-vv> B<-vvv>
Provides information about each specified provider.
The first flag lists the names of all algorithms each provider
implements; the second lists them by category; the third adds
information on what parameters each of them can handle.
=back
=head1 ENVIRONMENT
=over 4
=item B<OPENSSL_MODULES>
The path to the modules directory, where one can expect provider
modules to be located.
=back
=head1 SEE ALSO
L<config(5)>
=head1 COPYRIGHT
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

26
doc/man1/openssl.pod
View File

@ -232,10 +232,6 @@ Public key algorithm cryptographic operation command.
Compute prime numbers.
=item B<provider>
Load and query providers.
=item B<rand>
Generate pseudo-random bytes.
@ -764,26 +760,6 @@ This file can be used in a subsequent command invocation.
=back
=head2 Provider Options
With the move to provider based cryptographic operations in OpenSSL 3.0,
options were added to allow specific providers or sets of providers to be used.
=over 4
=item B<-provider> I<name>
Use the provider identified by I<name> and use all the methods it
implements (algorithms, key storage, etc.). This option can be specified
multiple time to load more than one provider.
=item B<-provider-path> I<path>
Specify the search I<path> that is used to locate provider modules. The format
of I<path> varies depending on the operating system being used.
=back
=head2 Extended Verification Options
Sometimes there may be more than one certificate chain leading to an
@ -1281,7 +1257,7 @@ in L<config(5)/Engine Configuration Module>.
The OpenSSL library can be take some configuration parameters from the
environment. Some of these variables are listed below. For information
about specific commands, see L<openssl-engine(1)>, L<openssl-provider(1)>,
about specific commands, see L<openssl-engine(1)>,
L<openssl-rehash(1)>, and L<tsget(1)>.
For information about the use of environment variables in configuration,

1
doc/man7/openssl-env.pod
View File

@ -49,7 +49,6 @@ See L<OPENSSL_malloc(3)>.
=item B<OPENSSL_MODULES>
Specifies the directory from which cryptographic providers are loaded.
See L<openssl-provider(1)>.
=item B<OPENSSL_WIN32_UTF8>

62
test/recipes/20-test_provider.t
View File

@ -1,62 +0,0 @@
#! /usr/bin/env perl
# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
use warnings;
use OpenSSL::Test;
setup("test_provider");
plan tests => 9;
SKIP: {
skip "No default provider?", 6
unless ok(run(app([qw(openssl provider default)])),
"try running 'openssl provider default'");
my $prev = 2; # The amount of lines from -v
my @checks = qw( -v -vv -vvv );
my %op = ( -v => '==',
-vv => '>',
-vvv => '>' );
my $i = 0;
foreach (@checks) {
my @cmd = ('openssl', 'provider', $_, 'default');
my @lines = ( map { (my $x = $_) =~ s|\R$||; $x }
run(app([@cmd]), capture => 1) );
my $curr = scalar @lines;
my $cmp = "$curr $op{$_} $prev";
ok(eval $cmp,
"'openssl provider $_ default' line count $op{$_} $prev");
ok($lines[0] eq '[ default ]',
"'openssl provider -v default' first line is '[ default ]'");
$prev = $curr;
}
}
SKIP: {
skip "No null provider?", 1
unless ok(run(app([qw(openssl provider null)])),
"try running 'openssl provider null'");
my @cmd = ('openssl', 'provider', '-vvv', 'null');
my @lines = ( map { (my $x = $_) =~ s|\R$||; $x }
run(app([@cmd]), capture => 1) );
my $curr = scalar @lines;
my $cmp = "$curr == 1";
ok(eval $cmp,
"'openssl provider $_ default' line count == 1");
}

4
util/libcrypto.num
View File

@ -5302,3 +5302,7 @@ OSSL_ENCODER_CTX_set_cleanup ? 3_0_0 EXIST::FUNCTION:
OSSL_ENCODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_typenames_do_all ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_INSTANCE_get_input_type ? 3_0_0 EXIST::FUNCTION:
EVP_ASYM_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION:
EVP_ASYM_CIPHER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION:
EVP_KEM_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION:
EVP_KEM_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: