[openssl] master update

Richard Levitte levitte at openssl.org
Tue Apr 23 13:53:20 UTC 2019


The branch master has been updated
       via  0109e030db9207a47e195b4c3a3b13e9017f0ed2 (commit)
       via  47ca8338358b01ef429a3801ce6173f7a0791674 (commit)
      from  71ef78d71f638c7de893c635ee9b0fd16247c762 (commit)


- Log -----------------------------------------------------------------
commit 0109e030db9207a47e195b4c3a3b13e9017f0ed2
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Apr 9 14:39:54 2019 +0200

    Add a way for the application to get OpenSSL configuration data
    
    OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for
    display, but if all you really want is the directory itself, you were
    forced to parsed the string.
    
    This introduces a new function to get diverse configuration data from
    the library, OPENSSL_info().  This works the same way as
    OpenSSL_version(), but has its own series of types, currently
    including:
    
    OPENSSL_INFO_CONFIG_DIR         returns OPENSSLDIR
    OPENSSL_INFO_ENGINES_DIR        returns ENGINESDIR
    OPENSSL_INFO_MODULES_DIR        returns MODULESDIR
    OPENSSL_INFO_DSO_EXTENSION      returns DSO_EXTENSION
    
    OPENSSL_INFO_DIR_FILENAME_SEPARATOR     returns directory/filename separator
    OPENSSL_INFO_LIST_SEPARATOR             returns list separator
    
    For scripting purposes, this also adds the command 'openssl info'.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8709)

commit 47ca8338358b01ef429a3801ce6173f7a0791674
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Apr 9 14:33:29 2019 +0200

    Add the possibility to display and use MODULESDIR
    
    This adds the flag OPENSSL_MODULES_DIR for OpenSSL_version(), and the
    flag '-m' for 'openssl version'.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    (Merged from https://github.com/openssl/openssl/pull/8709)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES                      |  5 +++
 NEWS                         |  1 +
 apps/build.info              |  3 +-
 apps/info.c                  | 97 ++++++++++++++++++++++++++++++++++++++++++++
 apps/progs.pl                |  3 ++
 apps/version.c               | 13 ++++--
 crypto/build.info            |  2 +-
 crypto/cversion.c            |  6 +++
 crypto/info.c                | 44 ++++++++++++++++++++
 doc/man1/info.pod            | 81 ++++++++++++++++++++++++++++++++++++
 doc/man1/openssl.pod         |  4 ++
 doc/man3/OpenSSL_version.pod | 47 ++++++++++++++++++++-
 include/openssl/crypto.h     | 13 ++++++
 util/libcrypto.num           |  1 +
 14 files changed, 313 insertions(+), 7 deletions(-)
 create mode 100644 apps/info.c
 create mode 100644 crypto/info.c
 create mode 100644 doc/man1/info.pod

diff --git a/CHANGES b/CHANGES
index 164787c..d0e2d3a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,11 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such
+     as default directories.  Also added the command 'openssl info'
+     for scripting purposes.
+     [Richard Levitte]
+
   *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been
      deprecated. These undocumented functions were never integrated into the EVP
      layer and implement the AES Infinite Garble Extension (IGE) mode and AES
diff --git a/NEWS b/NEWS
index 3c38c78..0800b76 100644
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,7 @@
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
 
+      o Add OPENSSL_info() and 'openssl info' to get built-in data.
       o Add support for enabling instrumentation through trace and debug
         output.
       o Changed our version number scheme and set the next major release to
diff --git a/apps/build.info b/apps/build.info
index ad14038..30847a0 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -5,7 +5,8 @@
           genpkey.c genrsa.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c
           pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c
           rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c
-          spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
+          spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c
+          info.c);
    our @apps_lib_src =
        ( qw(apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c
             bf_prefix.c),
diff --git a/apps/info.c b/apps/info.c
new file mode 100644
index 0000000..aa019ad
--- /dev/null
+++ b/apps/info.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "apps.h"
+#include "progs.h"
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP,
+    OPT_LISTSEP
+} OPTION_CHOICE;
+
+const OPTIONS info_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"},
+    {"c", OPT_CONFIGDIR, '-', "Default configuration file directory"},
+    {"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"},
+    {"e", OPT_ENGINESDIR, '-', "Default engine module directory"},
+    {"modulesdir", OPT_ENGINESDIR, '-',
+     "Default module directory (other than engine modules)"},
+    {"m", OPT_ENGINESDIR, '-',
+     "Default module directory (other than engine modules)"},
+    {"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"},
+    {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"},
+    {"listsep", OPT_LISTSEP, '-', "List separator character"},
+    {NULL}
+};
+
+int info_main(int argc, char **argv)
+{
+    int ret = 1, dirty = 0, type = 0;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, info_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(info_options);
+            ret = 0;
+            goto end;
+        case OPT_CONFIGDIR:
+            type = OPENSSL_INFO_CONFIG_DIR;
+            dirty++;
+            break;
+        case OPT_ENGINESDIR:
+            type = OPENSSL_INFO_ENGINES_DIR;
+            dirty++;
+            break;
+        case OPT_MODULESDIR:
+            type = OPENSSL_INFO_MODULES_DIR;
+            dirty++;
+            break;
+        case OPT_DSOEXT:
+            type = OPENSSL_INFO_DSO_EXTENSION;
+            dirty++;
+            break;
+        case OPT_DIRNAMESEP:
+            type = OPENSSL_INFO_DIR_FILENAME_SEPARATOR;
+            dirty++;
+            break;
+        case OPT_LISTSEP:
+            type = OPENSSL_INFO_LIST_SEPARATOR;
+            dirty++;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "%s: Extra parameters given.\n", prog);
+        goto opthelp;
+    }
+    if (dirty > 1) {
+        BIO_printf(bio_err, "%s: Only one item allowed\n", prog);
+        goto opthelp;
+    }
+    if (dirty == 0) {
+        BIO_printf(bio_err, "%s: No items chosen\n", prog);
+        goto opthelp;
+    }
+
+    BIO_printf(bio_out, "%s\n", OPENSSL_info(type));
+    ret = 0;
+ end:
+    return ret;
+}
diff --git a/apps/progs.pl b/apps/progs.pl
index ab1a729..3aec756 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -51,6 +51,9 @@ print <<"EOF";
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/lhash.h>
+#include "opt.h"
+
 typedef enum FUNC_TYPE {
     FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
     FT_md_alg, FT_cipher_alg
diff --git a/apps/version.c b/apps/version.c
index f9d280c..279aeff 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -33,7 +33,7 @@
 
 typedef enum OPTION_choice {
     OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
-    OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R
+    OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R
 } OPTION_CHOICE;
 
 const OPTIONS version_options[] = {
@@ -42,6 +42,7 @@ const OPTIONS version_options[] = {
     {"b", OPT_B, '-', "Show build date"},
     {"d", OPT_D, '-', "Show configuration directory"},
     {"e", OPT_E, '-', "Show engines directory"},
+    {"m", OPT_M, '-', "Show modules directory"},
     {"f", OPT_F, '-', "Show compiler flags used"},
     {"o", OPT_O, '-', "Show some internal datatype options"},
     {"p", OPT_P, '-', "Show target build platform"},
@@ -64,7 +65,7 @@ int version_main(int argc, char **argv)
 {
     int ret = 1, dirty = 0, seed = 0;
     int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
-    int engdir = 0;
+    int engdir = 0, moddir = 0;
     char *prog;
     OPTION_CHOICE o;
 
@@ -89,6 +90,9 @@ opthelp:
         case OPT_E:
             dirty = engdir = 1;
             break;
+        case OPT_M:
+            dirty = moddir = 1;
+            break;
         case OPT_F:
             dirty = cflags = 1;
             break;
@@ -105,7 +109,8 @@ opthelp:
             dirty = version = 1;
             break;
         case OPT_A:
-            seed = options = cflags = version = date = platform = dir = engdir
+            seed = options = cflags = version = date = platform
+                = dir = engdir = moddir
                 = 1;
             break;
         }
@@ -155,6 +160,8 @@ opthelp:
         printf("%s\n", OpenSSL_version(OPENSSL_DIR));
     if (engdir)
         printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
+    if (moddir)
+        printf("%s\n", OpenSSL_version(OPENSSL_MODULES_DIR));
     if (seed) {
         printf("Seeding source:");
 #ifdef OPENSSL_RAND_SEED_RTDSC
diff --git a/crypto/build.info b/crypto/build.info
index 77dcffb..30dcf8c 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -14,7 +14,7 @@ SOURCE[../libcrypto]=provider_core.c provider_predefined.c provider_conf.c \
 
 # Central utilities
 SOURCE[../libcrypto]=\
-        cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+        cryptlib.c mem.c mem_dbg.c cversion.c info.c ex_data.c cpt_err.c \
         ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
         threads_pthread.c threads_win.c threads_none.c getenv.c \
         o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \
diff --git a/crypto/cversion.c b/crypto/cversion.c
index db25fd6..aef84e9 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -70,6 +70,12 @@ const char *OpenSSL_version(int t)
 #else
         return "ENGINESDIR: N/A";
 #endif
+    case OPENSSL_MODULES_DIR:
+#ifdef MODULESDIR
+        return "MODULESDIR: \"" MODULESDIR "\"";
+#else
+        return "MODULESDIR: N/A";
+#endif
     }
     return "not available";
 }
diff --git a/crypto/info.c b/crypto/info.c
new file mode 100644
index 0000000..5a929dd
--- /dev/null
+++ b/crypto/info.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/crypto.h>
+#include "internal/dso_conf.h"
+#include "e_os.h"
+
+const char *OPENSSL_info(int t)
+{
+    switch (t) {
+    case OPENSSL_INFO_CONFIG_DIR:
+        return OPENSSLDIR;
+    case OPENSSL_INFO_ENGINES_DIR:
+        return ENGINESDIR;
+    case OPENSSL_INFO_MODULES_DIR:
+        return MODULESDIR;
+    case OPENSSL_INFO_DSO_EXTENSION:
+        return DSO_EXTENSION;
+    case OPENSSL_INFO_DIR_FILENAME_SEPARATOR:
+#if defined(_WIN32)
+        return "\\";
+#elif defined(__VMS)
+        return "";
+#else  /* Assume POSIX */
+        return "/";
+#endif
+    case OPENSSL_INFO_LIST_SEPARATOR:
+        {
+            static const char list_sep[] = { LIST_SEPARATOR_CHAR, '\0' };
+            return list_sep;
+        }
+    default:
+        break;
+    }
+    /* Not an error */
+    return NULL;
+}
diff --git a/doc/man1/info.pod b/doc/man1/info.pod
new file mode 100644
index 0000000..6eddf0f
--- /dev/null
+++ b/doc/man1/info.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+openssl-info,
+info - print OpenSSL built-in information
+
+=head1 SYNOPSIS
+
+B<openssl info>
+[B<-help>]
+[B<-configdir> | B<-c>]
+[B<-enginesdir> | B<-e>]
+[B<-modulesdir> | B<-m>]
+[B<-dsoext>]
+[B<-dirfilesep>]
+[B<-listsep]>
+
+=head1 DESCRIPTION
+
+This command is used to print out information about OpenSSL.
+The information is written exactly as it is with no extra text, which
+makes useful for scripts.
+
+As a consequence, only one item may be chosen for each run of this
+command.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-configdir>, B<-c>
+
+Outputs the default directory for OpenSSL configuration files.
+
+=item B<-enginesdir>, B<-e>
+
+Outputs the default directory for OpenSSL engine modules.
+
+=item B<-modulesdir>, B<-m>
+
+Outputs the default directory for OpenSSL dynamically loadable modules
+other than engine modules.
+
+=item B<-dsoext>
+
+Outputs the DSO extension OpenSSL uses.
+
+=item B<-dirnamesep>
+
+Outputs the separator character between a directory specification and
+a file name.
+Note that on some operating systems, this is not the same as the
+separator between directory elements.
+
+=item B<-listsep>
+
+Outputs the OpenSSL list separator character.
+This is typically used to construct C<$PATH> (C<%PATH%> on Windows)
+style lists.
+
+=back
+
+=head1 HISTORY
+
+The B<openssl info> command was added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 5f6f8d3..e41c76a 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -167,6 +167,10 @@ Generation of Private Key or Parameters.
 
 Generation of RSA Private Key. Superseded by L<genpkey(1)>.
 
+=item B<info>
+
+Display diverse information built into the OpenSSL libraries.
+
 =item B<mac>
 
 Message Authentication Code Calculation.
diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod
index 679273e..c1ced64 100644
--- a/doc/man3/OpenSSL_version.pod
+++ b/doc/man3/OpenSSL_version.pod
@@ -8,8 +8,8 @@ OPENSSL_VERSION_PRE_RELEASE_STR, OPENSSL_VERSION_BUILD_METADATA_STR,
 OPENSSL_VERSION_TEXT,
 OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch,
 OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version,
-OPENSSL_VERSION_NUMBER, OpenSSL_version_num
-- get OpenSSL version number
+OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info
+- get OpenSSL version number and other information
 
 =head1 SYNOPSIS
 
@@ -37,6 +37,8 @@ OPENSSL_VERSION_NUMBER, OpenSSL_version_num
 
  const char *OpenSSL_version(int t);
 
+ const char *OPENSSL_info(int t);
+
 Deprecated:
 
  /* from openssl/opensslv.h */
@@ -127,6 +129,47 @@ if available or "ENGINESDIR: N/A" otherwise.
 
 For an unknown B<t>, the text "not available" is returned.
 
+OPENSSL_info() also returns different strings depending on B<t>:
+
+=over 4
+
+=item OPENSSL_INFO_CONFIG_DIR
+
+The configured C<OPENSSLDIR>, which is the default location for
+OpenSSL configuration files.
+
+=item OPENSSL_INFO_ENGINES_DIR
+
+The configured C<ENGINESDIR>, which is the default location for
+OpenSSL engines.
+
+=item OPENSSL_INFO_MODULES_DIR
+
+The configured C<MODULESDIR>, which is the default location for
+dynamically loadable OpenSSL modules other than engines.
+
+=item OPENSSL_INFO_DSO_EXTENSION
+
+The configured dynamically loadable module extension.
+
+=item OPENSSL_INFO_DIR_FILENAME_SEPARATOR
+
+The separator between a directory specification and a file name.
+Note that on some operating systems, this is not the same as the
+separator between directory elements.
+
+=item OPENSSL_INFO_LIST_SEPARATOR
+
+The OpenSSL list separator.
+This is typically used in strings that are lists of items, such as the
+value of the environment variable C<$PATH> on Unix (where the
+separator is ":") or C<%PATH%> on Windows (where the separator is
+";").
+
+=back
+
+For an unknown B<t>, NULL is returned.
+
 =head1 BACKWARD COMPATIBILITY
 
 For compatibility, some older macros and functions are retained or
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index deb369e..a7e78e4 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -163,6 +163,19 @@ const char *OpenSSL_version(int type);
 # define OPENSSL_ENGINES_DIR            5
 # define OPENSSL_VERSION_STRING         6
 # define OPENSSL_FULL_VERSION_STRING    7
+# define OPENSSL_MODULES_DIR            8
+
+const char *OPENSSL_info(int type);
+/*
+ * The series starts at 1001 to avoid confusion with the OpenSSL_version
+ * types.
+ */
+# define OPENSSL_INFO_CONFIG_DIR                1001
+# define OPENSSL_INFO_ENGINES_DIR               1002
+# define OPENSSL_INFO_MODULES_DIR               1003
+# define OPENSSL_INFO_DSO_EXTENSION             1004
+# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR    1005
+# define OPENSSL_INFO_LIST_SEPARATOR            1006
 
 int OPENSSL_issetugid(void);
 
diff --git a/util/libcrypto.num b/util/libcrypto.num
index b9be349..8259ddb 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4799,3 +4799,4 @@ EC_GROUP_check_named_curve              4746	3_0_0	EXIST::FUNCTION:EC
 EVP_CIPHER_upref                        4747	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_fetch                        4748	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_mode                         4749	3_0_0	EXIST::FUNCTION:
+OPENSSL_info                            4750	3_0_0	EXIST::FUNCTION:


More information about the openssl-commits mailing list