[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Fri Sep 25 21:23:41 UTC 2020
The branch master has been updated
via fa9e541d49b812549d56c03852290a86aa1645ff (commit)
via fc959d7171c534b36c79791e5101ff4dc5edef96 (commit)
via 1c52bf3c046d3456ef044279afe082f0c428f479 (commit)
via 5a9500488d2e96a917c12b8041584129810bf62c (commit)
from d3edef83f5fa378237fcece038f9aff9f89f34cd (commit)
- Log -----------------------------------------------------------------
commit fa9e541d49b812549d56c03852290a86aa1645ff
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Sep 22 11:40:46 2020 +1000
Remove openssl provider app
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
commit fc959d7171c534b36c79791e5101ff4dc5edef96
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Sep 22 11:02:53 2020 +1000
Update openssl list to support new provider objects.
Added Keymanager, signatures, kem, asymciphers and keyexchange.
Added -select option so that specific algorithms are easier to view when using -verbose
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
commit 1c52bf3c046d3456ef044279afe082f0c428f479
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Sep 22 10:38:13 2020 +1000
Add EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params()
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
commit 5a9500488d2e96a917c12b8041584129810bf62c
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Tue Sep 22 10:36:50 2020 +1000
Add EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params()
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12943)
-----------------------------------------------------------------------
Summary of changes:
apps/build.info | 2 +-
apps/list.c | 501 ++++++++++++++++++++++++++++++++------
apps/provider.c | 382 -----------------------------
crypto/evp/asymcipher.c | 21 ++
crypto/evp/kem.c | 23 +-
doc/man1/build.info | 3 -
doc/man1/openssl-list.pod.in | 42 +++-
doc/man1/openssl-provider.pod.in | 63 -----
doc/man1/openssl.pod | 26 +-
doc/man3/EVP_ASYM_CIPHER_free.pod | 13 +-
doc/man3/EVP_KEM_free.pod | 13 +-
doc/man7/openssl-env.pod | 1 -
include/openssl/evp.h | 4 +
test/recipes/20-test_cli_fips.t | 21 +-
test/recipes/20-test_provider.t | 62 -----
util/libcrypto.num | 4 +
16 files changed, 561 insertions(+), 620 deletions(-)
delete mode 100644 apps/provider.c
delete mode 100644 doc/man1/openssl-provider.pod.in
delete mode 100644 test/recipes/20-test_provider.t
diff --git a/apps/build.info b/apps/build.info
index 8bfcec65d0..146e9009f5 100644
--- a/apps/build.info
+++ b/apps/build.info
@@ -18,7 +18,7 @@ $OPENSSLSRC=\
pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \
spkac.c verify.c version.c x509.c rehash.c storeutl.c \
- list.c info.c provider.c fipsinstall.c
+ list.c info.c fipsinstall.c
IF[{- !$disabled{'des'} -}]
$OPENSSLSRC=$OPENSSLSRC pkcs12.c
ENDIF
diff --git a/apps/list.c b/apps/list.c
index b2ddef9201..ec9e24dfb8 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -27,10 +27,15 @@
#include "names.h"
static int verbose = 0;
+static const char *select_name = NULL;
static void legacy_cipher_fn(const EVP_CIPHER *c,
const char *from, const char *to, void *arg)
{
+ if (select_name != NULL
+ && (c == NULL
+ || strcasecmp(select_name, EVP_CIPHER_name(c)) != 0))
+ return;
if (c != NULL) {
BIO_printf(arg, " %s\n", EVP_CIPHER_name(c));
} else {
@@ -80,18 +85,20 @@ static void list_ciphers(void)
sk_EVP_CIPHER_sort(ciphers);
for (i = 0; i < sk_EVP_CIPHER_num(ciphers); i++) {
const EVP_CIPHER *c = sk_EVP_CIPHER_value(ciphers, i);
- STACK_OF(OPENSSL_CSTRING) *names =
- sk_OPENSSL_CSTRING_new(name_cmp);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
- EVP_CIPHER_names_do_all(c, collect_names, names);
+ if (select_name != NULL && !EVP_CIPHER_is_a(c, select_name))
+ continue;
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_CIPHER_names_do_all(c, collect_names, names);
BIO_printf(bio_out, " ");
print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
BIO_printf(bio_out, " @ %s\n",
OSSL_PROVIDER_name(EVP_CIPHER_provider(c)));
- sk_OPENSSL_CSTRING_free(names);
-
if (verbose) {
print_param_types("retrievable algorithm parameters",
EVP_CIPHER_gettable_params(c), 4);
@@ -155,18 +162,19 @@ static void list_digests(void)
sk_EVP_MD_sort(digests);
for (i = 0; i < sk_EVP_MD_num(digests); i++) {
const EVP_MD *m = sk_EVP_MD_value(digests, i);
- STACK_OF(OPENSSL_CSTRING) *names =
- sk_OPENSSL_CSTRING_new(name_cmp);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
- EVP_MD_names_do_all(m, collect_names, names);
+ if (select_name != NULL && !EVP_MD_is_a(m, select_name))
+ continue;
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_MD_names_do_all(m, collect_names, names);
BIO_printf(bio_out, " ");
print_names(bio_out, names);
- BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_name(EVP_MD_provider(m)));
-
sk_OPENSSL_CSTRING_free(names);
+ BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_MD_provider(m)));
+
if (verbose) {
print_param_types("retrievable algorithm parameters",
EVP_MD_gettable_params(m), 4);
@@ -213,18 +221,19 @@ static void list_macs(void)
sk_EVP_MAC_sort(macs);
for (i = 0; i < sk_EVP_MAC_num(macs); i++) {
const EVP_MAC *m = sk_EVP_MAC_value(macs, i);
- STACK_OF(OPENSSL_CSTRING) *names =
- sk_OPENSSL_CSTRING_new(name_cmp);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
- EVP_MAC_names_do_all(m, collect_names, names);
+ if (select_name != NULL && !EVP_MAC_is_a(m, select_name))
+ continue;
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_MAC_names_do_all(m, collect_names, names);
BIO_printf(bio_out, " ");
print_names(bio_out, names);
- BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_name(EVP_MAC_provider(m)));
-
sk_OPENSSL_CSTRING_free(names);
+ BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_MAC_provider(m)));
+
if (verbose) {
print_param_types("retrievable algorithm parameters",
EVP_MAC_gettable_params(m), 4);
@@ -274,18 +283,19 @@ static void list_kdfs(void)
sk_EVP_KDF_sort(kdfs);
for (i = 0; i < sk_EVP_KDF_num(kdfs); i++) {
const EVP_KDF *k = sk_EVP_KDF_value(kdfs, i);
- STACK_OF(OPENSSL_CSTRING) *names =
- sk_OPENSSL_CSTRING_new(name_cmp);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
- EVP_KDF_names_do_all(k, collect_names, names);
+ if (select_name != NULL && !EVP_KDF_is_a(k, select_name))
+ continue;
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_KDF_names_do_all(k, collect_names, names);
BIO_printf(bio_out, " ");
print_names(bio_out, names);
- BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_name(EVP_KDF_provider(k)));
-
sk_OPENSSL_CSTRING_free(names);
+ BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_KDF_provider(k)));
+
if (verbose) {
print_param_types("retrievable algorithm parameters",
EVP_KDF_gettable_params(k), 4);
@@ -337,9 +347,11 @@ static void list_random_generators(void)
for (i = 0; i < sk_EVP_RAND_num(rands); i++) {
const EVP_RAND *m = sk_EVP_RAND_value(rands, i);
+ if (select_name != NULL
+ && strcasecmp(EVP_RAND_name(m), select_name) != 0)
+ continue;
BIO_printf(bio_out, " %s", EVP_RAND_name(m));
- BIO_printf(bio_out, " @ %s\n",
- OSSL_PROVIDER_name(EVP_RAND_provider(m)));
+ BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_RAND_provider(m)));
if (verbose) {
print_param_types("retrievable algorithm parameters",
@@ -460,19 +472,21 @@ static void list_encoders(void)
for (i = 0; i < sk_OSSL_ENCODER_num(encoders); i++) {
OSSL_ENCODER *k = sk_OSSL_ENCODER_value(encoders, i);
- STACK_OF(OPENSSL_CSTRING) *names =
- sk_OPENSSL_CSTRING_new(name_cmp);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
- OSSL_ENCODER_names_do_all(k, collect_names, names);
+ if (select_name != NULL && !OSSL_ENCODER_is_a(k, select_name))
+ continue;
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ OSSL_ENCODER_names_do_all(k, collect_names, names);
BIO_printf(bio_out, " ");
print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
BIO_printf(bio_out, " @ %s (%s)\n",
OSSL_PROVIDER_name(OSSL_ENCODER_provider(k)),
OSSL_ENCODER_properties(k));
- sk_OPENSSL_CSTRING_free(names);
-
if (verbose) {
print_param_types("settable operation parameters",
OSSL_ENCODER_settable_ctx_params(k), 4);
@@ -521,19 +535,21 @@ static void list_decoders(void)
for (i = 0; i < sk_OSSL_DECODER_num(decoders); i++) {
OSSL_DECODER *k = sk_OSSL_DECODER_value(decoders, i);
- STACK_OF(OPENSSL_CSTRING) *names =
- sk_OPENSSL_CSTRING_new(name_cmp);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
- OSSL_DECODER_names_do_all(k, collect_names, names);
+ if (select_name != NULL && !OSSL_DECODER_is_a(k, select_name))
+ continue;
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ OSSL_DECODER_names_do_all(k, collect_names, names);
BIO_printf(bio_out, " ");
print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
BIO_printf(bio_out, " @ %s (%s)\n",
OSSL_PROVIDER_name(OSSL_DECODER_provider(k)),
OSSL_DECODER_properties(k));
- sk_OPENSSL_CSTRING_free(names);
-
if (verbose) {
print_param_types("settable operation parameters",
OSSL_DECODER_settable_ctx_params(k), 4);
@@ -542,6 +558,290 @@ static void list_decoders(void)
sk_OSSL_DECODER_pop_free(decoders, OSSL_DECODER_free);
}
+DEFINE_STACK_OF(EVP_KEYMGMT)
+static int keymanager_cmp(const EVP_KEYMGMT * const *a,
+ const EVP_KEYMGMT * const *b)
+{
+ int ret = EVP_KEYMGMT_number(*a) - EVP_KEYMGMT_number(*b);
+
+ if (ret == 0)
+ ret = strcmp(OSSL_PROVIDER_name(EVP_KEYMGMT_provider(*a)),
+ OSSL_PROVIDER_name(EVP_KEYMGMT_provider(*b)));
+ return ret;
+}
+
+static void collect_keymanagers(EVP_KEYMGMT *km, void *stack)
+{
+ STACK_OF(EVP_KEYMGMT) *km_stack = stack;
+
+ sk_EVP_KEYMGMT_push(km_stack, km);
+ EVP_KEYMGMT_up_ref(km);
+}
+
+static void list_keymanagers(void)
+{
+ int i;
+ STACK_OF(EVP_KEYMGMT) *km_stack = sk_EVP_KEYMGMT_new(keymanager_cmp);
+
+ EVP_KEYMGMT_do_all_provided(NULL, collect_keymanagers, km_stack);
+ sk_EVP_KEYMGMT_sort(km_stack);
+
+ for (i = 0; i < sk_EVP_KEYMGMT_num(km_stack); i++) {
+ EVP_KEYMGMT *k = sk_EVP_KEYMGMT_value(km_stack, i);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
+
+ if (select_name != NULL && !EVP_KEYMGMT_is_a(k, select_name))
+ continue;
+
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_KEYMGMT_names_do_all(k, collect_names, names);
+ BIO_printf(bio_out, " ");
+ print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
+ BIO_printf(bio_out, " @ %s\n",
+ OSSL_PROVIDER_name(EVP_KEYMGMT_provider(k)));
+
+ if (verbose) {
+ print_param_types("settable key generation parameters",
+ EVP_KEYMGMT_gen_settable_params(k), 4);
+ print_param_types("settable operation parameters",
+ EVP_KEYMGMT_settable_params(k), 4);
+ print_param_types("retrievable operation parameters",
+ EVP_KEYMGMT_gettable_params(k), 4);
+ }
+ }
+ sk_EVP_KEYMGMT_pop_free(km_stack, EVP_KEYMGMT_free);
+}
+
+DEFINE_STACK_OF(EVP_SIGNATURE)
+static int signature_cmp(const EVP_SIGNATURE * const *a,
+ const EVP_SIGNATURE * const *b)
+{
+ int ret = EVP_SIGNATURE_number(*a) - EVP_SIGNATURE_number(*b);
+
+ if (ret == 0)
+ ret = strcmp(OSSL_PROVIDER_name(EVP_SIGNATURE_provider(*a)),
+ OSSL_PROVIDER_name(EVP_SIGNATURE_provider(*b)));
+ return ret;
+}
+
+static void collect_signatures(EVP_SIGNATURE *km, void *stack)
+{
+ STACK_OF(EVP_SIGNATURE) *km_stack = stack;
+
+ sk_EVP_SIGNATURE_push(km_stack, km);
+ EVP_SIGNATURE_up_ref(km);
+}
+
+static void list_signatures(void)
+{
+ int i, count = 0;
+ STACK_OF(EVP_SIGNATURE) *sig_stack = sk_EVP_SIGNATURE_new(signature_cmp);
+
+ EVP_SIGNATURE_do_all_provided(NULL, collect_signatures, sig_stack);
+ sk_EVP_SIGNATURE_sort(sig_stack);
+
+ for (i = 0; i < sk_EVP_SIGNATURE_num(sig_stack); i++) {
+ EVP_SIGNATURE *k = sk_EVP_SIGNATURE_value(sig_stack, i);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
+
+ if (select_name != NULL && !EVP_SIGNATURE_is_a(k, select_name))
+ continue;
+
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_SIGNATURE_names_do_all(k, collect_names, names);
+ count++;
+ BIO_printf(bio_out, " ");
+ print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
+ BIO_printf(bio_out, " @ %s\n",
+ OSSL_PROVIDER_name(EVP_SIGNATURE_provider(k)));
+
+ if (verbose) {
+ print_param_types("settable operation parameters",
+ EVP_SIGNATURE_settable_ctx_params(k), 4);
+ print_param_types("retrievable operation parameters",
+ EVP_SIGNATURE_gettable_ctx_params(k), 4);
+ }
+ }
+ sk_EVP_SIGNATURE_pop_free(sig_stack, EVP_SIGNATURE_free);
+ if (count == 0)
+ BIO_printf(bio_out, " -\n");
+}
+
+DEFINE_STACK_OF(EVP_KEM)
+static int kem_cmp(const EVP_KEM * const *a,
+ const EVP_KEM * const *b)
+{
+ int ret = EVP_KEM_number(*a) - EVP_KEM_number(*b);
+
+ if (ret == 0)
+ ret = strcmp(OSSL_PROVIDER_name(EVP_KEM_provider(*a)),
+ OSSL_PROVIDER_name(EVP_KEM_provider(*b)));
+ return ret;
+}
+
+static void collect_kem(EVP_KEM *km, void *stack)
+{
+ STACK_OF(EVP_KEM) *km_stack = stack;
+
+ sk_EVP_KEM_push(km_stack, km);
+ EVP_KEM_up_ref(km);
+}
+
+static void list_kems(void)
+{
+ int i, count = 0;
+ STACK_OF(EVP_KEM) *kem_stack = sk_EVP_KEM_new(kem_cmp);
+
+ EVP_KEM_do_all_provided(NULL, collect_kem, kem_stack);
+ sk_EVP_KEM_sort(kem_stack);
+
+ for (i = 0; i < sk_EVP_KEM_num(kem_stack); i++) {
+ EVP_KEM *k = sk_EVP_KEM_value(kem_stack, i);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
+
+ if (select_name != NULL && !EVP_KEM_is_a(k, select_name))
+ continue;
+
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_KEM_names_do_all(k, collect_names, names);
+ count++;
+ BIO_printf(bio_out, " ");
+ print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
+ BIO_printf(bio_out, " @ %s\n", OSSL_PROVIDER_name(EVP_KEM_provider(k)));
+
+ if (verbose) {
+ print_param_types("settable operation parameters",
+ EVP_KEM_settable_ctx_params(k), 4);
+ print_param_types("retrievable operation parameters",
+ EVP_KEM_gettable_ctx_params(k), 4);
+ }
+ }
+ sk_EVP_KEM_pop_free(kem_stack, EVP_KEM_free);
+ if (count == 0)
+ BIO_printf(bio_out, " -\n");
+}
+
+DEFINE_STACK_OF(EVP_ASYM_CIPHER)
+static int asymcipher_cmp(const EVP_ASYM_CIPHER * const *a,
+ const EVP_ASYM_CIPHER * const *b)
+{
+ int ret = EVP_ASYM_CIPHER_number(*a) - EVP_ASYM_CIPHER_number(*b);
+
+ if (ret == 0)
+ ret = strcmp(OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(*a)),
+ OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(*b)));
+ return ret;
+}
+
+static void collect_asymciph(EVP_ASYM_CIPHER *km, void *stack)
+{
+ STACK_OF(EVP_ASYM_CIPHER) *km_stack = stack;
+
+ sk_EVP_ASYM_CIPHER_push(km_stack, km);
+ EVP_ASYM_CIPHER_up_ref(km);
+}
+
+static void list_asymciphers(void)
+{
+ int i, count = 0;
+ STACK_OF(EVP_ASYM_CIPHER) *asymciph_stack =
+ sk_EVP_ASYM_CIPHER_new(asymcipher_cmp);
+
+ EVP_ASYM_CIPHER_do_all_provided(NULL, collect_asymciph, asymciph_stack);
+ sk_EVP_ASYM_CIPHER_sort(asymciph_stack);
+
+ for (i = 0; i < sk_EVP_ASYM_CIPHER_num(asymciph_stack); i++) {
+ EVP_ASYM_CIPHER *k = sk_EVP_ASYM_CIPHER_value(asymciph_stack, i);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
+
+ if (select_name != NULL && !EVP_ASYM_CIPHER_is_a(k, select_name))
+ continue;
+
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_ASYM_CIPHER_names_do_all(k, collect_names, names);
+ count++;
+ BIO_printf(bio_out, " ");
+ print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
+ BIO_printf(bio_out, " @ %s\n",
+ OSSL_PROVIDER_name(EVP_ASYM_CIPHER_provider(k)));
+
+ if (verbose) {
+ print_param_types("settable operation parameters",
+ EVP_ASYM_CIPHER_settable_ctx_params(k), 4);
+ print_param_types("retrievable operation parameters",
+ EVP_ASYM_CIPHER_gettable_ctx_params(k), 4);
+ }
+ }
+ sk_EVP_ASYM_CIPHER_pop_free(asymciph_stack, EVP_ASYM_CIPHER_free);
+ if (count == 0)
+ BIO_printf(bio_out, " -\n");
+}
+
+DEFINE_STACK_OF(EVP_KEYEXCH)
+static int kex_cmp(const EVP_KEYEXCH * const *a,
+ const EVP_KEYEXCH * const *b)
+{
+ int ret = EVP_KEYEXCH_number(*a) - EVP_KEYEXCH_number(*b);
+
+ if (ret == 0)
+ ret = strcmp(OSSL_PROVIDER_name(EVP_KEYEXCH_provider(*a)),
+ OSSL_PROVIDER_name(EVP_KEYEXCH_provider(*b)));
+ return ret;
+}
+
+static void collect_kex(EVP_KEYEXCH *ke, void *stack)
+{
+ STACK_OF(EVP_KEYEXCH) *kex_stack = stack;
+
+ sk_EVP_KEYEXCH_push(kex_stack, ke);
+ EVP_KEYEXCH_up_ref(ke);
+}
+
+static void list_keyexchanges(void)
+{
+ int i, count = 0;
+ STACK_OF(EVP_KEYEXCH) *kex_stack = sk_EVP_KEYEXCH_new(kex_cmp);
+
+ EVP_KEYEXCH_do_all_provided(NULL, collect_kex, kex_stack);
+ sk_EVP_KEYEXCH_sort(kex_stack);
+
+ for (i = 0; i < sk_EVP_KEYEXCH_num(kex_stack); i++) {
+ EVP_KEYEXCH *k = sk_EVP_KEYEXCH_value(kex_stack, i);
+ STACK_OF(OPENSSL_CSTRING) *names = NULL;
+
+ if (select_name != NULL && !EVP_KEYEXCH_is_a(k, select_name))
+ continue;
+
+ names = sk_OPENSSL_CSTRING_new(name_cmp);
+ EVP_KEYEXCH_names_do_all(k, collect_names, names);
+ count++;
+ BIO_printf(bio_out, " ");
+ print_names(bio_out, names);
+ sk_OPENSSL_CSTRING_free(names);
+
+ BIO_printf(bio_out, " @ %s\n",
+ OSSL_PROVIDER_name(EVP_KEYEXCH_provider(k)));
+
+ if (verbose) {
+ print_param_types("settable operation parameters",
+ EVP_KEYEXCH_settable_ctx_params(k), 4);
+ print_param_types("retrievable operation parameters",
+ EVP_KEYEXCH_gettable_ctx_params(k), 4);
+ }
+ }
+ sk_EVP_KEYEXCH_pop_free(kex_stack, EVP_KEYEXCH_free);
+ if (count == 0)
+ BIO_printf(bio_out, " -\n");
+}
+
static void list_missing_help(void)
{
const FUNCTION *fp;
@@ -673,50 +973,69 @@ static void list_type(FUNC_TYPE ft, int one)
static void list_pkey(void)
{
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int i;
- for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
- const EVP_PKEY_ASN1_METHOD *ameth;
- int pkey_id, pkey_base_id, pkey_flags;
- const char *pinfo, *pem_str;
- ameth = EVP_PKEY_asn1_get0(i);
- EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
- &pinfo, &pem_str, ameth);
- if (pkey_flags & ASN1_PKEY_ALIAS) {
- BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id));
- BIO_printf(bio_out, "\tAlias for: %s\n",
- OBJ_nid2ln(pkey_base_id));
- } else {
- BIO_printf(bio_out, "Name: %s\n", pinfo);
- BIO_printf(bio_out, "\tType: %s Algorithm\n",
- pkey_flags & ASN1_PKEY_DYNAMIC ?
- "External" : "Builtin");
- BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
- if (pem_str == NULL)
- pem_str = "(none)";
- BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
+ if (select_name == NULL) {
+ BIO_printf(bio_out, "Legacy:\n");
+ for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ int pkey_id, pkey_base_id, pkey_flags;
+ const char *pinfo, *pem_str;
+ ameth = EVP_PKEY_asn1_get0(i);
+ EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
+ &pinfo, &pem_str, ameth);
+ if (pkey_flags & ASN1_PKEY_ALIAS) {
+ BIO_printf(bio_out, " Name: %s\n", OBJ_nid2ln(pkey_id));
+ BIO_printf(bio_out, "\tAlias for: %s\n",
+ OBJ_nid2ln(pkey_base_id));
+ } else {
+ BIO_printf(bio_out, " Name: %s\n", pinfo);
+ BIO_printf(bio_out, "\tType: %s Algorithm\n",
+ pkey_flags & ASN1_PKEY_DYNAMIC ?
+ "External" : "Builtin");
+ BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
+ if (pem_str == NULL)
+ pem_str = "(none)";
+ BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
+ }
}
-
}
+#endif
+ BIO_printf(bio_out, "Provided:\n");
+ BIO_printf(bio_out, " Key Managers:\n");
+ list_keymanagers();
}
-#ifndef OPENSSL_NO_DEPRECATED_3_0
static void list_pkey_meth(void)
{
+#ifndef OPENSSL_NO_DEPRECATED_3_0
size_t i;
size_t meth_count = EVP_PKEY_meth_get_count();
- for (i = 0; i < meth_count; i++) {
- const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
- int pkey_id, pkey_flags;
+ if (select_name == NULL) {
+ BIO_printf(bio_out, "Legacy:\n");
+ for (i = 0; i < meth_count; i++) {
+ const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
+ int pkey_id, pkey_flags;
- EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
- BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id));
- BIO_printf(bio_out, "\tType: %s Algorithm\n",
- pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
+ EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
+ BIO_printf(bio_out, " %s\n", OBJ_nid2ln(pkey_id));
+ BIO_printf(bio_out, "\tType: %s Algorithm\n",
+ pkey_flags & ASN1_PKEY_DYNAMIC ? "External" : "Builtin");
+ }
}
-}
#endif
+ BIO_printf(bio_out, "Provided:\n");
+ BIO_printf(bio_out, " Encryption:\n");
+ list_asymciphers();
+ BIO_printf(bio_out, " Key Exchange:\n");
+ list_keyexchanges();
+ BIO_printf(bio_out, " Signatures:\n");
+ list_signatures();
+ BIO_printf(bio_out, " Key encapsulation:\n");
+ list_kems();
+}
#ifndef OPENSSL_NO_DEPRECATED_3_0
static void list_engines(void)
@@ -889,8 +1208,9 @@ typedef enum HELPLIST_CHOICE {
OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED,
OPT_KDF_ALGORITHMS, OPT_RANDOM_INSTANCES, OPT_RANDOM_GENERATORS,
- OPT_ENCODERS, OPT_DECODERS,
- OPT_MISSING_HELP, OPT_OBJECTS,
+ OPT_ENCODERS, OPT_DECODERS, OPT_KEYMANAGERS, OPT_KEYEXCHANGE_ALGORITHMS,
+ OPT_KEM_ALGORITHMS, OPT_SIGNATURE_ALGORITHMS, OPT_ASYM_CIPHER_ALGORITHMS,
+ OPT_MISSING_HELP, OPT_OBJECTS, OPT_SELECT_NAME,
#ifndef OPENSSL_NO_DEPRECATED_3_0
OPT_ENGINES,
#endif
@@ -905,6 +1225,7 @@ const OPTIONS list_options[] = {
OPT_SECTION("Output"),
{"1", OPT_ONE, '-', "List in one column"},
{"verbose", OPT_VERBOSE, '-', "Verbose listing"},
+ {"select", OPT_SELECT_NAME, 's', "Select a single algorithm"},
{"commands", OPT_COMMANDS, '-', "List of standard commands"},
{"standard-commands", OPT_COMMANDS, '-', "List of standard commands"},
{"digest-commands", OPT_DIGEST_COMMANDS, '-',
@@ -924,11 +1245,20 @@ const OPTIONS list_options[] = {
"List of cipher algorithms"},
{"encoders", OPT_ENCODERS, '-', "List of encoding methods" },
{"decoders", OPT_DECODERS, '-', "List of decoding methods" },
+ {"key-managers", OPT_KEYMANAGERS, '-', "List of key managers" },
+ {"key-exchange-algorithms", OPT_KEYEXCHANGE_ALGORITHMS, '-',
+ "List of key exchange algorithms" },
+ {"kem-algorithms", OPT_KEM_ALGORITHMS, '-',
+ "List of key encapsulation mechanism algorithms" },
+ {"signature-algorithms", OPT_SIGNATURE_ALGORITHMS, '-',
+ "List of signature algorithms" },
+ { "asymcipher-algorithms", OPT_ASYM_CIPHER_ALGORITHMS, '-',
+ "List of asymmetric cipher algorithms" },
{"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
"List of public key algorithms"},
-#ifndef OPENSSL_NO_DEPRECATED_3_0
{"public-key-methods", OPT_PK_METHOD, '-',
"List of public key methods"},
+#ifndef OPENSSL_NO_DEPRECATED_3_0
{"engines", OPT_ENGINES, '-',
"List of loaded engines"},
#endif
@@ -961,6 +1291,11 @@ int list_main(int argc, char **argv)
unsigned int cipher_algorithms:1;
unsigned int encoder_algorithms:1;
unsigned int decoder_algorithms:1;
+ unsigned int keymanager_algorithms:1;
+ unsigned int signature_algorithms:1;
+ unsigned int keyexchange_algorithms:1;
+ unsigned int kem_algorithms:1;
+ unsigned int asym_cipher_algorithms:1;
unsigned int pk_algorithms:1;
unsigned int pk_method:1;
#ifndef OPENSSL_NO_DEPRECATED_3_0
@@ -1021,6 +1356,21 @@ opthelp:
case OPT_DECODERS:
todo.decoder_algorithms = 1;
break;
+ case OPT_KEYMANAGERS:
+ todo.keymanager_algorithms = 1;
+ break;
+ case OPT_SIGNATURE_ALGORITHMS:
+ todo.signature_algorithms = 1;
+ break;
+ case OPT_KEYEXCHANGE_ALGORITHMS:
+ todo.keyexchange_algorithms = 1;
+ break;
+ case OPT_KEM_ALGORITHMS:
+ todo.kem_algorithms = 1;
+ break;
+ case OPT_ASYM_CIPHER_ALGORITHMS:
+ todo.asym_cipher_algorithms = 1;
+ break;
case OPT_PK_ALGORITHMS:
todo.pk_algorithms = 1;
break;
@@ -1047,6 +1397,9 @@ opthelp:
case OPT_VERBOSE:
verbose = 1;
break;
+ case OPT_SELECT_NAME:
+ select_name = opt_arg();
+ break;
case OPT_PROV_CASES:
if (!opt_provider(o))
return 1;
@@ -1081,11 +1434,21 @@ opthelp:
list_encoders();
if (todo.decoder_algorithms)
list_decoders();
+ if (todo.keymanager_algorithms)
+ list_keymanagers();
+ if (todo.signature_algorithms)
+ list_signatures();
+ if (todo.asym_cipher_algorithms)
+ list_asymciphers();
+ if (todo.keyexchange_algorithms)
+ list_keyexchanges();
+ if (todo.kem_algorithms)
+ list_kems();
if (todo.pk_algorithms)
list_pkey();
-#ifndef OPENSSL_NO_DEPRECATED_3_0
if (todo.pk_method)
list_pkey_meth();
+#ifndef OPENSSL_NO_DEPRECATED_3_0
if (todo.engines)
list_engines();
#endif
diff --git a/apps/provider.c b/apps/provider.c
deleted file mode 100644
index f1374a365c..0000000000
--- a/apps/provider.c
+++ /dev/null
@@ -1,382 +0,0 @@
-/*
- * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/opensslconf.h>
-
-#include "apps.h"
-#include "app_params.h"
-#include "progs.h"
-#include "names.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/safestack.h>
-#include <openssl/provider.h>
-#include <openssl/core.h>
-#include <openssl/core_dispatch.h>
-
-#ifdef __TANDEM
-# include <string.h> /* memset */
-#endif
-
-typedef enum OPTION_choice {
- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
- OPT_V = 100, OPT_VV, OPT_VVV
-} OPTION_CHOICE;
-
-const OPTIONS provider_options[] = {
- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [provider...]\n"},
-
- OPT_SECTION("General"),
- {"help", OPT_HELP, '-', "Display this summary"},
-
- OPT_SECTION("Output"),
- {"v", OPT_V, '-', "List the algorithm names of specified provider"},
- {"vv", OPT_VV, '-', "List the algorithm names of specified providers,"},
- {OPT_MORE_STR, 0, '-', "categorised by operation type"},
- {"vvv", OPT_VVV, '-', "List the algorithm names of specified provider"},
- {OPT_MORE_STR, 0, '-', "one at a time, and list all known parameters"},
-
- OPT_PARAMETERS(),
- {"provider", 0, 0, "Provider(s) to load"},
- {NULL}
-};
-
-typedef struct info_st INFO;
-typedef struct meta_st META;
-
-struct info_st {
- void (*collect_names_fn)(void *method, STACK_OF(OPENSSL_CSTRING) *names);
- void *method;
- const OSSL_PARAM *gettable_params;
- const OSSL_PARAM *settable_params;
- const OSSL_PARAM *gettable_ctx_params;
- const OSSL_PARAM *settable_ctx_params;
- const OSSL_PARAM *gen_settable_params;
-};
-
-struct meta_st {
- int first; /* For prints */
- int total;
- int indent;
- int subindent;
- int verbose;
- const char *label;
- OSSL_PROVIDER *prov;
- void (*fn)(META *meta, INFO *info);
-};
-
-static void collect_cipher_names(void *method,
- STACK_OF(OPENSSL_CSTRING) *names)
-{
- EVP_CIPHER_names_do_all(method, collect_names, names);
-}
-
-static void collect_digest_names(void *method,
- STACK_OF(OPENSSL_CSTRING) *names)
-{
- EVP_MD_names_do_all(method, collect_names, names);
-}
-
-static void collect_mac_names(void *method,
- STACK_OF(OPENSSL_CSTRING) *names)
-{
- EVP_MAC_names_do_all(method, collect_names, names);
-}
-
-static void collect_keymgmt_names(void *method,
- STACK_OF(OPENSSL_CSTRING) *names)
-{
- EVP_KEYMGMT_names_do_all(method, collect_names, names);
-}
-
-static void collect_keyexch_names(void *method,
- STACK_OF(OPENSSL_CSTRING) *names)
-{
- EVP_KEYEXCH_names_do_all(method, collect_names, names);
-}
-
-static void collect_signature_names(void *method,
- STACK_OF(OPENSSL_CSTRING) *names)
-{
- EVP_SIGNATURE_names_do_all(method, collect_names, names);
-}
-
-static void print_method_names(BIO *out, INFO *info)
-{
- STACK_OF(OPENSSL_CSTRING) *names = sk_OPENSSL_CSTRING_new(name_cmp);
-
- info->collect_names_fn(info->method, names);
- print_names(out, names);
- sk_OPENSSL_CSTRING_free(names);
-}
-
-static void print_caps(META *meta, INFO *info)
-{
- switch (meta->verbose) {
- case 1:
- if (!meta->first)
- BIO_printf(bio_out, "; ");
- print_method_names(bio_out, info);
- break;
- case 2:
- if (meta->first) {
- if (meta->total > 0)
- BIO_printf(bio_out, "\n");
- BIO_printf(bio_out, "%*s%ss:", meta->indent, "", meta->label);
- }
- BIO_printf(bio_out, " ");
- print_method_names(bio_out, info);
- break;
- case 3:
- default:
- BIO_printf(bio_out, "%*s%s ", meta->indent, "", meta->label);
- print_method_names(bio_out, info);
- BIO_printf(bio_out, "\n");
- print_param_types("settable keygen parameters",
- info->gen_settable_params, meta->subindent);
- print_param_types("settable algorithm parameters",
- info->settable_params, meta->subindent);
- print_param_types("retrievable algorithm parameters",
- info->gettable_params, meta->subindent);
- print_param_types("settable operation parameters",
- info->settable_ctx_params, meta->subindent);
- print_param_types("retrievable operation parameters",
- info->gettable_ctx_params, meta->subindent);
- break;
- }
- meta->first = 0;
-}
-
-static void do_method(void *method,
- void (*collect_names_fn)(void *method,
- STACK_OF(OPENSSL_CSTRING) *names),
- const OSSL_PARAM *gettable_params,
- const OSSL_PARAM *gettable_ctx_params,
- const OSSL_PARAM *settable_ctx_params,
- META *meta)
-{
- INFO info;
-
- memset(&info, 0, sizeof(info));
- info.collect_names_fn = collect_names_fn;
- info.method = method;
- info.gettable_params = gettable_params;
- info.gettable_ctx_params = gettable_ctx_params;
- info.settable_ctx_params = settable_ctx_params;
- meta->fn(meta, &info);
- meta->total++;
-}
-
-static void do_keymgmt_method(void *method,
- void (*collect_names_fn)(void *method,
- STACK_OF(OPENSSL_CSTRING)
- *names),
- const OSSL_PARAM *gettable_params,
- const OSSL_PARAM *settable_params,
- const OSSL_PARAM *gen_settable_params,
- META *meta)
-{
- INFO info;
-
- memset(&info, 0, sizeof(info));
- info.collect_names_fn = collect_names_fn;
- info.method = method;
- info.gettable_params = gettable_params;
- info.settable_params = settable_params;
- info.gen_settable_params = gen_settable_params;
- meta->fn(meta, &info);
- meta->total++;
-}
-
-static void do_cipher(EVP_CIPHER *cipher, void *meta)
-{
- do_method(cipher, collect_cipher_names,
- EVP_CIPHER_gettable_params(cipher),
- EVP_CIPHER_gettable_ctx_params(cipher),
- EVP_CIPHER_settable_ctx_params(cipher),
- meta);
-}
-
-static void do_digest(EVP_MD *digest, void *meta)
-{
- do_method(digest, collect_digest_names,
- EVP_MD_gettable_params(digest),
- EVP_MD_gettable_ctx_params(digest),
- EVP_MD_settable_ctx_params(digest),
- meta);
-}
-
-static void do_mac(EVP_MAC *mac, void *meta)
-{
- do_method(mac, collect_mac_names,
- EVP_MAC_gettable_params(mac),
- EVP_MAC_gettable_ctx_params(mac),
- EVP_MAC_settable_ctx_params(mac),
- meta);
-}
-
-static void do_keymgmt(EVP_KEYMGMT *keymgmt, void *meta)
-{
- do_keymgmt_method(keymgmt, collect_keymgmt_names,
- EVP_KEYMGMT_gettable_params(keymgmt),
- EVP_KEYMGMT_settable_params(keymgmt),
- EVP_KEYMGMT_gen_settable_params(keymgmt),
- meta);
-}
-
-static void do_keyexch(EVP_KEYEXCH *keyexch, void *meta)
-{
- do_method(keyexch, collect_keyexch_names,
- NULL,
- EVP_KEYEXCH_gettable_ctx_params(keyexch),
- EVP_KEYEXCH_settable_ctx_params(keyexch),
- meta);
-}
-
-static void do_signature(EVP_SIGNATURE *signature, void *meta)
-{
- do_method(signature, collect_signature_names,
- NULL,
- EVP_SIGNATURE_gettable_ctx_params(signature),
- EVP_SIGNATURE_settable_ctx_params(signature),
- meta);
-}
-
-int provider_main(int argc, char **argv)
-{
- int ret = 1, i;
- int verbose = 0;
- STACK_OF(OPENSSL_CSTRING) *providers = sk_OPENSSL_CSTRING_new_null();
- OPTION_CHOICE o;
- char *prog;
-
- prog = opt_init(argc, argv, provider_options);
- while ((o = opt_next()) != OPT_EOF) {
- switch (o) {
- default: /* Catching OPT_ERR & covering OPT_EOF which isn't possible */
- BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
- goto end;
- case OPT_HELP:
- opt_help(provider_options);
- ret = 0;
- goto end;
- case OPT_VVV:
- case OPT_VV:
- case OPT_V:
- /* Convert to an integer from one to four. */
- i = (int)(o - OPT_V) + 1;
- if (verbose < i)
- verbose = i;
- break;
- }
- }
-
- /* Allow any trailing parameters as provider names. */
- argc = opt_num_rest();
- argv = opt_rest();
- for ( ; *argv; argv++) {
- /* This isn't necessary since -- is supported. */
- if (**argv == '-') {
- BIO_printf(bio_err, "%s: Cannot mix flags and provider names.\n",
- prog);
- BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
- goto end;
- }
- sk_OPENSSL_CSTRING_push(providers, *argv);
- }
-
- ret = 0;
- for (i = 0; i < sk_OPENSSL_CSTRING_num(providers); i++) {
- const char *name = sk_OPENSSL_CSTRING_value(providers, i);
- OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, name);
-
- if (prov != NULL) {
- BIO_printf(bio_out, verbose == 0 ? "%s\n" : "[ %s ]\n", name);
-
- if (verbose > 0) {
- META data;
-
- data.total = 0;
- data.first = 1;
- data.verbose = verbose;
- data.prov = prov;
- data.fn = print_caps;
-
- switch (verbose) {
- case 1:
- BIO_printf(bio_out, " ");
- break;
- case 2:
- data.indent = 4;
- break;
- case 3:
- default:
- data.indent = 4;
- data.subindent = 10;
- break;
- }
-
- if (verbose > 1) {
- data.first = 1;
- data.label = "Cipher";
- }
- EVP_CIPHER_do_all_provided(NULL, do_cipher, &data);
- if (verbose > 1) {
- data.first = 1;
- data.label = "Digest";
- }
- EVP_MD_do_all_provided(NULL, do_digest, &data);
- if (verbose > 1) {
- data.first = 1;
- data.label = "MAC";
- }
- EVP_MAC_do_all_provided(NULL, do_mac, &data);
-
- if (verbose > 1) {
- data.first = 1;
- data.label = "Key manager";
- }
- EVP_KEYMGMT_do_all_provided(NULL, do_keymgmt, &data);
- if (verbose > 1) {
- data.first = 1;
- data.label = "Key exchange";
- }
- EVP_KEYEXCH_do_all_provided(NULL, do_keyexch, &data);
- if (verbose > 1) {
- data.first = 1;
- data.label = "Signature";
- }
- EVP_SIGNATURE_do_all_provided(NULL, do_signature, &data);
-
- switch (verbose) {
- default:
- break;
- case 2:
- case 1:
- BIO_printf(bio_out, "\n");
- break;
- }
- }
- OSSL_PROVIDER_unload(prov);
- } else {
- ERR_print_errors(bio_err);
- ret = 1;
- /*
- * Just because one provider module failed, there's no reason to
- * stop, if there are more to try.
- */
- }
- }
-
- end:
-
- ERR_print_errors(bio_err);
- sk_OPENSSL_CSTRING_free(providers);
- return ret;
-}
diff --git a/crypto/evp/asymcipher.c b/crypto/evp/asymcipher.c
index 2ecad8b77c..a80398782c 100644
--- a/crypto/evp/asymcipher.c
+++ b/crypto/evp/asymcipher.c
@@ -444,3 +444,24 @@ void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
evp_names_do_all(cipher->prov, cipher->name_id, fn, data);
}
+const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip)
+{
+ void *provctx;
+
+ if (cip == NULL || cip->gettable_ctx_params == NULL)
+ return NULL;
+
+ provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip));
+ return cip->gettable_ctx_params(provctx);
+}
+
+const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip)
+{
+ void *provctx;
+
+ if (cip == NULL || cip->settable_ctx_params == NULL)
+ return NULL;
+
+ provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_provider(cip));
+ return cip->settable_ctx_params(provctx);
+}
diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c
index 6f0424075a..5b13f0130a 100644
--- a/crypto/evp/kem.c
+++ b/crypto/evp/kem.c
@@ -349,7 +349,6 @@ void EVP_KEM_do_all_provided(OPENSSL_CTX *libctx,
(void (*)(void *))EVP_KEM_free);
}
-
void EVP_KEM_names_do_all(const EVP_KEM *kem,
void (*fn)(const char *name, void *data),
void *data)
@@ -357,3 +356,25 @@ void EVP_KEM_names_do_all(const EVP_KEM *kem,
if (kem->prov != NULL)
evp_names_do_all(kem->prov, kem->name_id, fn, data);
}
+
+const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem)
+{
+ void *provctx;
+
+ if (kem == NULL || kem->gettable_ctx_params == NULL)
+ return NULL;
+
+ provctx = ossl_provider_ctx(EVP_KEM_provider(kem));
+ return kem->gettable_ctx_params(provctx);
+}
+
+const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem)
+{
+ void *provctx;
+
+ if (kem == NULL || kem->settable_ctx_params == NULL)
+ return NULL;
+
+ provctx = ossl_provider_ctx(EVP_KEM_provider(kem));
+ return kem->settable_ctx_params(provctx);
+}
diff --git a/doc/man1/build.info b/doc/man1/build.info
index 5b0b4eb6fd..40df5d360e 100644
--- a/doc/man1/build.info
+++ b/doc/man1/build.info
@@ -35,7 +35,6 @@ DEPEND[]= \
openssl-pkey.pod \
openssl-pkeyutl.pod \
openssl-prime.pod \
- openssl-provider.pod \
openssl-rand.pod \
openssl-rehash.pod \
openssl-req.pod \
@@ -90,7 +89,6 @@ DEPEND[openssl-pkeyparam.pod]=../perlvars.pm
DEPEND[openssl-pkey.pod]=../perlvars.pm
DEPEND[openssl-pkeyutl.pod]=../perlvars.pm
DEPEND[openssl-prime.pod]=../perlvars.pm
-DEPEND[openssl-provider.pod]=../perlvars.pm
DEPEND[openssl-rand.pod]=../perlvars.pm
DEPEND[openssl-rehash.pod]=../perlvars.pm
DEPEND[openssl-req.pod]=../perlvars.pm
@@ -145,7 +143,6 @@ GENERATE[openssl-pkeyparam.pod]=openssl-pkeyparam.pod.in
GENERATE[openssl-pkey.pod]=openssl-pkey.pod.in
GENERATE[openssl-pkeyutl.pod]=openssl-pkeyutl.pod.in
GENERATE[openssl-prime.pod]=openssl-prime.pod.in
-GENERATE[openssl-provider.pod]=openssl-provider.pod.in
GENERATE[openssl-rand.pod]=openssl-rand.pod.in
GENERATE[openssl-rehash.pod]=openssl-rehash.pod.in
GENERATE[openssl-req.pod]=openssl-req.pod.in
diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in
index 26680849a2..3493fad843 100644
--- a/doc/man1/openssl-list.pod.in
+++ b/doc/man1/openssl-list.pod.in
@@ -10,6 +10,7 @@ openssl-list - list algorithms and features
B<openssl list>
[B<-help>]
[B<-verbose>]
+[B<-select> I<name>]
[B<-1>]
[B<-commands>]
[B<-digest-commands>]
@@ -21,10 +22,15 @@ B<openssl list>
[B<-cipher-algorithms>]
[B<-encoders>]
[B<-decoders>]
+[B<-key-managers>]
+[B<-key-exchange-algorithms>]
+[B<-kem-algorithms>]
+[B<-signature-algorithms>]
+[B<-asymcipher-algorithms>]
[B<-public-key-algorithms>]
+[B<-public-key-methods>]
{- output_off() if $disabled{"deprecated-3.0"}; ""
--}[B<-public-key-methods>]
-[B<-engines>]
+-}[B<-engines>]
{- output_on() if $disabled{"deprecated-3.0"}; ""
-}[B<-disabled>]
[B<-objects>]
@@ -49,6 +55,10 @@ Display a usage message.
Displays extra information.
The options below where verbosity applies say a bit more about what that means.
+=item B<-select> I<name>
+
+Only list algorithms that match this name.
+
=item B<-1>
List the commands, digest-commands, or cipher-commands in a single column.
@@ -106,13 +116,32 @@ information on what parameters each implementation supports.
Display a list of public key algorithms, with each algorithm as
a block of multiple lines, all but the first are indented.
-{- output_off() if $disabled{"deprecated-3.0"}; "" -}
+The options B<key-exchange-algorithms>, B<kem-algorithms>,
+B<signature-algorithms>, and B<asymcipher-algorithms> will display similar info.
=item B<-public-key-methods>
-This option is deprecated.
+Display a list of public key methods.
+
+=item B<-key-managers>
+
+Display a list of key managers.
+
+=item B<-key-exchange-algorithms>
+
+Display a list of key exchange algorithms.
+
+=item B<-kem-algorithms>
+
+Display a list of key encapsulation algorithms.
+
+=item B<-signature-algorithms>
+
+Display a list of signature algorithms.
+
+=item B<-asymcipher-algorithms>
-Display a list of public key method OIDs.
+Display a list of asymmetric cipher algorithms.
=item B<-engines>
@@ -172,8 +201,7 @@ In both cases, C<bar> is the name of the provider.
=head1 HISTORY
-The B<-engines> and B<-public-key-methods> options were deprecated in
-OpenSSL 3.0.
+The B<-engines> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
diff --git a/doc/man1/openssl-provider.pod.in b/doc/man1/openssl-provider.pod.in
deleted file mode 100644
index b8d056584d..0000000000
--- a/doc/man1/openssl-provider.pod.in
+++ /dev/null
@@ -1,63 +0,0 @@
-=pod
-{- OpenSSL::safe::output_do_not_edit_headers(); -}
-
-=head1 NAME
-
-openssl-provider - load and query providers
-
-=head1 SYNOPSIS
-
-B<openssl provider>
-[B<-help>]
-[B<-v>]
-[B<-vv>]
-[B<-vvv>]
-[I<provider> ...]
-
-=head1 DESCRIPTION
-
-This command is used to query the capabilities of the
-specified I<provider>'s.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-help>
-
-Print out a usage message.
-
-=item B<-v> B<-vv> B<-vvv>
-
-Provides information about each specified provider.
-The first flag lists the names of all algorithms each provider
-implements; the second lists them by category; the third adds
-information on what parameters each of them can handle.
-
-=back
-
-=head1 ENVIRONMENT
-
-=over 4
-
-=item B<OPENSSL_MODULES>
-
-The path to the modules directory, where one can expect provider
-modules to be located.
-
-=back
-
-=head1 SEE ALSO
-
-L<config(5)>
-
-=head1 COPYRIGHT
-
-Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
-
-Licensed under the Apache License 2.0 (the "License"). You may not use
-this file except in compliance with the License. You can obtain a copy
-in the file LICENSE in the source distribution or at
-L<https://www.openssl.org/source/license.html>.
-
-=cut
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 3ae273b5bf..723ed0e2f1 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -232,10 +232,6 @@ Public key algorithm cryptographic operation command.
Compute prime numbers.
-=item B<provider>
-
-Load and query providers.
-
=item B<rand>
Generate pseudo-random bytes.
@@ -764,26 +760,6 @@ This file can be used in a subsequent command invocation.
=back
-=head2 Provider Options
-
-With the move to provider based cryptographic operations in OpenSSL 3.0,
-options were added to allow specific providers or sets of providers to be used.
-
-=over 4
-
-=item B<-provider> I<name>
-
-Use the provider identified by I<name> and use all the methods it
-implements (algorithms, key storage, etc.). This option can be specified
-multiple time to load more than one provider.
-
-=item B<-provider-path> I<path>
-
-Specify the search I<path> that is used to locate provider modules. The format
-of I<path> varies depending on the operating system being used.
-
-=back
-
=head2 Extended Verification Options
Sometimes there may be more than one certificate chain leading to an
@@ -1281,7 +1257,7 @@ in L<config(5)/Engine Configuration Module>.
The OpenSSL library can be take some configuration parameters from the
environment. Some of these variables are listed below. For information
-about specific commands, see L<openssl-engine(1)>, L<openssl-provider(1)>,
+about specific commands, see L<openssl-engine(1)>,
L<openssl-rehash(1)>, and L<tsget(1)>.
For information about the use of environment variables in configuration,
diff --git a/doc/man3/EVP_ASYM_CIPHER_free.pod b/doc/man3/EVP_ASYM_CIPHER_free.pod
index d7f9991c26..5aef5aad0d 100644
--- a/doc/man3/EVP_ASYM_CIPHER_free.pod
+++ b/doc/man3/EVP_ASYM_CIPHER_free.pod
@@ -4,7 +4,8 @@
EVP_ASYM_CIPHER_fetch, EVP_ASYM_CIPHER_free, EVP_ASYM_CIPHER_up_ref,
EVP_ASYM_CIPHER_number, EVP_ASYM_CIPHER_is_a, EVP_ASYM_CIPHER_provider,
-EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all
+EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all,
+EVP_ASYM_CIPHER_gettable_ctx_params, EVP_ASYM_CIPHER_settable_ctx_params
- Functions to manage EVP_ASYM_CIPHER algorithm objects
=head1 SYNOPSIS
@@ -25,6 +26,8 @@ EVP_ASYM_CIPHER_do_all_provided, EVP_ASYM_CIPHER_names_do_all
void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
void (*fn)(const char *name, void *data),
void *data);
+ const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip);
+ const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip);
=head1 DESCRIPTION
@@ -61,6 +64,11 @@ I<cipher>.
EVP_ASYM_CIPHER_names_do_all() traverses all names for I<cipher>, and calls
I<fn> with each name and I<data>.
+EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params()
+return a constant B<OSSL_PARAM> array that describes the names and types of key
+parameters that can be retrieved or set by a key encryption algorithm using
+L<EVP_PKEY_CTX_get_params(3)> and L<EVP_PKEY_CTX_set_params(3)>.
+
=head1 RETURN VALUES
EVP_ASYM_CIPHER_fetch() returns a pointer to an B<EVP_ASYM_CIPHER> for success
@@ -68,6 +76,9 @@ or B<NULL> for failure.
EVP_ASYM_CIPHER_up_ref() returns 1 for success or 0 otherwise.
+EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params()
+return a constant B<OSSL_PARAM> array or NULL on error.
+
=head1 SEE ALSO
L<provider(7)/Fetching algorithms>, L<OSSL_PROVIDER(3)>
diff --git a/doc/man3/EVP_KEM_free.pod b/doc/man3/EVP_KEM_free.pod
index 0e3ca12ae3..de3bee951d 100644
--- a/doc/man3/EVP_KEM_free.pod
+++ b/doc/man3/EVP_KEM_free.pod
@@ -4,7 +4,8 @@
EVP_KEM_fetch, EVP_KEM_free, EVP_KEM_up_ref,
EVP_KEM_number, EVP_KEM_is_a, EVP_KEM_provider,
-EVP_KEM_do_all_provided, EVP_KEM_names_do_all
+EVP_KEM_do_all_provided, EVP_KEM_names_do_all,
+EVP_KEM_gettable_ctx_params, EVP_KEM_settable_ctx_params
- Functions to manage EVP_KEM algorithm objects
=head1 SYNOPSIS
@@ -22,6 +23,8 @@ EVP_KEM_do_all_provided, EVP_KEM_names_do_all
void (*fn)(EVP_KEM *kem, void *arg), void *arg);
void EVP_KEM_names_do_all(const EVP_KEM *kem,
void (*fn)(const char *name, void *data), void *data);
+ const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem);
+ const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem);
=head1 DESCRIPTION
@@ -55,6 +58,11 @@ EVP_KEM_number() returns the internal dynamic number assigned to I<kem>.
EVP_KEM_names_do_all() traverses all names for I<kem>, and calls I<fn> with
each name and I<data>.
+EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return
+a constant B<OSSL_PARAM> array that describes the names and types of key
+parameters that can be retrieved or set by a key encapsulation algorithm using
+L<EVP_PKEY_CTX_get_params(3)> and L<EVP_PKEY_CTX_set_params(3)>.
+
=head1 RETURN VALUES
EVP_KEM_fetch() returns a pointer to an B<EVP_KEM> for success or B<NULL> for
@@ -62,6 +70,9 @@ failure.
EVP_KEM_up_ref() returns 1 for success or 0 otherwise.
+EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return
+a constant B<OSSL_PARAM> array or NULL on error.
+
=head1 SEE ALSO
L<provider(7)/Fetching algorithms>, L<OSSL_PROVIDER(3)>
diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod
index 788f5dff81..8e131affb7 100644
--- a/doc/man7/openssl-env.pod
+++ b/doc/man7/openssl-env.pod
@@ -49,7 +49,6 @@ See L<OPENSSL_malloc(3)>.
=item B<OPENSSL_MODULES>
Specifies the directory from which cryptographic providers are loaded.
-See L<openssl-provider(1)>.
=item B<OPENSSL_WIN32_UTF8>
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 2948c2c542..f3936cd527 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1675,6 +1675,8 @@ void EVP_ASYM_CIPHER_do_all_provided(OPENSSL_CTX *libctx,
void EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
void (*fn)(const char *name, void *data),
void *data);
+const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *ciph);
+const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *ciph);
void EVP_KEM_free(EVP_KEM *wrap);
int EVP_KEM_up_ref(EVP_KEM *wrap);
@@ -1687,6 +1689,8 @@ void EVP_KEM_do_all_provided(OPENSSL_CTX *libctx,
void (*fn)(EVP_KEM *wrap, void *arg), void *arg);
void EVP_KEM_names_do_all(const EVP_KEM *wrap,
void (*fn)(const char *name, void *data), void *data);
+const OSSL_PARAM *EVP_KEM_gettable_ctx_params(const EVP_KEM *kem);
+const OSSL_PARAM *EVP_KEM_settable_ctx_params(const EVP_KEM *kem);
int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t
index 5977e2ccbb..2bd19722de 100644
--- a/test/recipes/20-test_cli_fips.t
+++ b/test/recipes/20-test_cli_fips.t
@@ -24,8 +24,7 @@ use lib bldtop_dir('.');
use platform;
plan skip_all => "Test only supported in a fips build" if disabled("fips");
-
-plan tests => 6;
+plan tests => 13;
my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
my $fipsconf = srctop_file("test", "fips-and-base.cnf");
@@ -46,8 +45,22 @@ ok(run(app(['openssl', 'fipsinstall', '-in', 'fipsmodule.cnf', '-module', $fipsm
$ENV{OPENSSL_CONF_INCLUDE} = abs2rel(curdir());
$ENV{OPENSSL_CONF} = $fipsconf;
-ok(run(app(['openssl', 'provider', '-v', 'fips'])),
- "provider listing");
+ok(run(app(['openssl', 'list', '-public-key-methods', '-verbose'])),
+ "provider listing of public key methods");
+ok(run(app(['openssl', 'list', '-public-key-algorithms', '-verbose'])),
+ "provider listing of public key algorithms");
+ok(run(app(['openssl', 'list', '-key-managers', '-verbose'])),
+ "provider listing of keymanagers");
+ok(run(app(['openssl', 'list', '-key-exchange-algorithms', '-verbose'])),
+ "provider listing of key exchange algorithms");
+ok(run(app(['openssl', 'list', '-kem-algorithms', '-verbose'])),
+ "provider listing of key encapsulation algorithms");
+ok(run(app(['openssl', 'list', '-signature-algorithms', '-verbose'])),
+ "provider listing of signature algorithms");
+ok(run(app(['openssl', 'list', '-asymcipher-algorithms', '-verbose'])),
+ "provider listing of encryption algorithms");
+ok(run(app(['openssl', 'list', '-key-managers', '-verbose', '-select', 'DSA' ])),
+ "provider listing of one item in the keymanager");
my $tsignverify_count = 8;
sub tsignverify {
diff --git a/test/recipes/20-test_provider.t b/test/recipes/20-test_provider.t
deleted file mode 100644
index 6713653214..0000000000
--- a/test/recipes/20-test_provider.t
+++ /dev/null
@@ -1,62 +0,0 @@
-#! /usr/bin/env perl
-# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the Apache License 2.0 (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-
-use strict;
-use warnings;
-
-use OpenSSL::Test;
-
-setup("test_provider");
-
-plan tests => 9;
-
- SKIP: {
- skip "No default provider?", 6
- unless ok(run(app([qw(openssl provider default)])),
- "try running 'openssl provider default'");
-
- my $prev = 2; # The amount of lines from -v
- my @checks = qw( -v -vv -vvv );
- my %op = ( -v => '==',
- -vv => '>',
- -vvv => '>' );
- my $i = 0;
-
- foreach (@checks) {
- my @cmd = ('openssl', 'provider', $_, 'default');
- my @lines = ( map { (my $x = $_) =~ s|\R$||; $x }
- run(app([@cmd]), capture => 1) );
-
- my $curr = scalar @lines;
- my $cmp = "$curr $op{$_} $prev";
-
- ok(eval $cmp,
- "'openssl provider $_ default' line count $op{$_} $prev");
- ok($lines[0] eq '[ default ]',
- "'openssl provider -v default' first line is '[ default ]'");
-
- $prev = $curr;
- }
-}
-
- SKIP: {
- skip "No null provider?", 1
- unless ok(run(app([qw(openssl provider null)])),
- "try running 'openssl provider null'");
-
- my @cmd = ('openssl', 'provider', '-vvv', 'null');
- my @lines = ( map { (my $x = $_) =~ s|\R$||; $x }
- run(app([@cmd]), capture => 1) );
-
- my $curr = scalar @lines;
- my $cmp = "$curr == 1";
- ok(eval $cmp,
- "'openssl provider $_ default' line count == 1");
-}
-
diff --git a/util/libcrypto.num b/util/libcrypto.num
index de15e23080..db4a1aab2d 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5302,3 +5302,7 @@ OSSL_ENCODER_CTX_set_cleanup ? 3_0_0 EXIST::FUNCTION:
OSSL_ENCODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_typenames_do_all ? 3_0_0 EXIST::FUNCTION:
OSSL_DECODER_INSTANCE_get_input_type ? 3_0_0 EXIST::FUNCTION:
+EVP_ASYM_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION:
+EVP_ASYM_CIPHER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION:
+EVP_KEM_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION:
+EVP_KEM_settable_ctx_params ? 3_0_0 EXIST::FUNCTION:
More information about the openssl-commits
mailing list