[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Fri Oct 16 00:34:30 UTC 2020
The branch master has been updated
via f4bd510503071e20472032dc9d053810a1937e95 (commit)
via 994a924b3c28780b2a7ba8662a9544abcdfab8b0 (commit)
from e8dca211b4bb0261bc4d2adfd2782fd171bd6cfb (commit)
- Log -----------------------------------------------------------------
commit f4bd510503071e20472032dc9d053810a1937e95
Author: Pauli <paul.dale at oracle.com>
Date: Wed Oct 7 12:19:04 2020 +1000
list: add a -provider-info option.
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13084)
commit 994a924b3c28780b2a7ba8662a9544abcdfab8b0
Author: Pauli <paul.dale at oracle.com>
Date: Wed Oct 7 12:18:36 2020 +1000
null prov: fix gettable param array type.
Reviewed-by: Nicola Tuveri <nic.tuv at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13084)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 6 ++++
apps/list.c | 75 ++++++++++++++++++++++++++++++++++++++++++++
doc/man1/openssl-list.pod.in | 9 ++++++
providers/nullprov.c | 14 ++++-----
4 files changed, 97 insertions(+), 7 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 4114ce96cf..e7f4992cf1 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -28,6 +28,12 @@ OpenSSL 3.0
*Jordan Montgomery*
+ * Added new option for 'openssl list', '-providers', which will display the
+ list of loaded providers, their names, version and status. It optionally
+ displays their gettable parameters.
+
+ *Paul Dale*
+
* Deprecated EVP_PKEY_set_alias_type(). This function was previously
needed as a workaround to recognise SM2 keys. With OpenSSL 3.0, this key
type is internally recognised so the workaround is no longer needed.
diff --git a/apps/list.c b/apps/list.c
index ec9e24dfb8..20973298a8 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1037,6 +1037,72 @@ static void list_pkey_meth(void)
list_kems();
}
+DEFINE_STACK_OF(OSSL_PROVIDER)
+static int provider_cmp(const OSSL_PROVIDER * const *a,
+ const OSSL_PROVIDER * const *b)
+{
+ return strcmp(OSSL_PROVIDER_name(*a), OSSL_PROVIDER_name(*b));
+}
+
+static int collect_providers(OSSL_PROVIDER *provider, void *stack)
+{
+ STACK_OF(OSSL_PROVIDER) *provider_stack = stack;
+
+ sk_OSSL_PROVIDER_push(provider_stack, provider);
+ return 1;
+}
+
+static void list_provider_info(void)
+{
+ STACK_OF(OSSL_PROVIDER) *providers = sk_OSSL_PROVIDER_new(provider_cmp);
+ OSSL_PARAM params[5];
+ char *name, *version, *buildinfo;
+ int status;
+ int i;
+
+ if (providers == NULL) {
+ BIO_printf(bio_err, "ERROR: Memory allocation\n");
+ return;
+ }
+ BIO_printf(bio_out, "Providers:\n");
+ OSSL_PROVIDER_do_all(NULL, &collect_providers, providers);
+ sk_OSSL_PROVIDER_sort(providers);
+ for (i = 0; i < sk_OSSL_PROVIDER_num(providers); i++) {
+ const OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(providers, i);
+
+ /* Query the "known" information parameters, the order matches below */
+ params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME,
+ &name, 0);
+ params[1] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION,
+ &version, 0);
+ params[2] = OSSL_PARAM_construct_int(OSSL_PROV_PARAM_STATUS, &status);
+ params[3] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_BUILDINFO,
+ &buildinfo, 0);
+ params[4] = OSSL_PARAM_construct_end();
+ OSSL_PARAM_set_all_unmodified(params);
+ if (!OSSL_PROVIDER_get_params(prov, params)) {
+ BIO_printf(bio_err, "ERROR: Unable to query provider parameters\n");
+ return;
+ }
+
+ /* Print out the provider information, the params order matches above */
+ BIO_printf(bio_out, " %s\n", OSSL_PROVIDER_name(prov));
+ if (OSSL_PARAM_modified(params))
+ BIO_printf(bio_out, " name: %s\n", name);
+ if (OSSL_PARAM_modified(params + 1))
+ BIO_printf(bio_out, " version: %s\n", version);
+ if (OSSL_PARAM_modified(params + 2))
+ BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in");
+ if (verbose) {
+ if (OSSL_PARAM_modified(params + 3))
+ BIO_printf(bio_out, " build info: %s\n", buildinfo);
+ print_param_types("gettable provider parameters",
+ OSSL_PROVIDER_gettable_params(prov), 4);
+ }
+ }
+ sk_OSSL_PROVIDER_free(providers);
+}
+
#ifndef OPENSSL_NO_DEPRECATED_3_0
static void list_engines(void)
{
@@ -1210,6 +1276,7 @@ typedef enum HELPLIST_CHOICE {
OPT_KDF_ALGORITHMS, OPT_RANDOM_INSTANCES, OPT_RANDOM_GENERATORS,
OPT_ENCODERS, OPT_DECODERS, OPT_KEYMANAGERS, OPT_KEYEXCHANGE_ALGORITHMS,
OPT_KEM_ALGORITHMS, OPT_SIGNATURE_ALGORITHMS, OPT_ASYM_CIPHER_ALGORITHMS,
+ OPT_PROVIDER_INFO,
OPT_MISSING_HELP, OPT_OBJECTS, OPT_SELECT_NAME,
#ifndef OPENSSL_NO_DEPRECATED_3_0
OPT_ENGINES,
@@ -1258,6 +1325,8 @@ const OPTIONS list_options[] = {
"List of public key algorithms"},
{"public-key-methods", OPT_PK_METHOD, '-',
"List of public key methods"},
+ {"providers", OPT_PROVIDER_INFO, '-',
+ "List of provider information"},
#ifndef OPENSSL_NO_DEPRECATED_3_0
{"engines", OPT_ENGINES, '-',
"List of loaded engines"},
@@ -1298,6 +1367,7 @@ int list_main(int argc, char **argv)
unsigned int asym_cipher_algorithms:1;
unsigned int pk_algorithms:1;
unsigned int pk_method:1;
+ unsigned int provider_info:1;
#ifndef OPENSSL_NO_DEPRECATED_3_0
unsigned int engines:1;
#endif
@@ -1377,6 +1447,9 @@ opthelp:
case OPT_PK_METHOD:
todo.pk_method = 1;
break;
+ case OPT_PROVIDER_INFO:
+ todo.provider_info = 1;
+ break;
#ifndef OPENSSL_NO_DEPRECATED_3_0
case OPT_ENGINES:
todo.engines = 1;
@@ -1448,6 +1521,8 @@ opthelp:
list_pkey();
if (todo.pk_method)
list_pkey_meth();
+ if (todo.provider_info)
+ list_provider_info();
#ifndef OPENSSL_NO_DEPRECATED_3_0
if (todo.engines)
list_engines();
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 3493fad843..45e58da870 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -29,6 +29,7 @@ B<openssl list>
[B<-asymcipher-algorithms>]
[B<-public-key-algorithms>]
[B<-public-key-methods>]
+[B<-providers>]
{- output_off() if $disabled{"deprecated-3.0"}; ""
-}[B<-engines>]
{- output_on() if $disabled{"deprecated-3.0"}; ""
@@ -143,6 +144,14 @@ Display a list of signature algorithms.
Display a list of asymmetric cipher algorithms.
+=item B<-providers>
+
+Display a list of all loaded providers with their names, version and status.
+
+In verbose mode, the full version and all provider parameters will additionally
+be displayed.
+
+
=item B<-engines>
This option is deprecated.
diff --git a/providers/nullprov.c b/providers/nullprov.c
index 537c90b78f..d5b4c05d93 100644
--- a/providers/nullprov.c
+++ b/providers/nullprov.c
@@ -19,15 +19,15 @@
OSSL_provider_init_fn ossl_null_provider_init;
/* Parameters we provide to the core */
-static const OSSL_ITEM null_param_types[] = {
- { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME },
- { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION },
- { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO },
- { OSSL_PARAM_INTEGER, OSSL_PROV_PARAM_STATUS },
- { 0, NULL }
+static const OSSL_PARAM null_param_types[] = {
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_STATUS, OSSL_PARAM_INTEGER, NULL, 0),
+ OSSL_PARAM_END
};
-static const OSSL_ITEM *null_gettable_params(const OSSL_PROVIDER *prov)
+static const OSSL_PARAM *null_gettable_params(const OSSL_PROVIDER *prov)
{
return null_param_types;
}
More information about the openssl-commits
mailing list