diff --git a/apps/build.info b/apps/build.info index 8bfcec65d0..146e9009f5 100644 --- a/apps/build.info +++ b/apps/build.info @@ -18,7 +18,7 @@ $OPENSSLSRC=\ pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c \ s_client.c s_server.c s_time.c sess_id.c smime.c speed.c \ spkac.c verify.c version.c x509.c rehash.c storeutl.c \ - list.c info.c provider.c fipsinstall.c + list.c info.c fipsinstall.c IF[{- !$disabled{'des'} -}] $OPENSSLSRC=$OPENSSLSRC pkcs12.c ENDIF diff --git a/apps/provider.c b/apps/provider.c deleted file mode 100644 index f1374a365c..0000000000 --- a/apps/provider.c +++ /dev/null @@ -1,382 +0,0 @@ -/* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include - -#include "apps.h" -#include "app_params.h" -#include "progs.h" -#include "names.h" -#include -#include -#include -#include -#include -#include - -#ifdef __TANDEM -# include /* memset */ -#endif - -typedef enum OPTION_choice { - OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, - OPT_V = 100, OPT_VV, OPT_VVV -} OPTION_CHOICE; - -const OPTIONS provider_options[] = { - {OPT_HELP_STR, 1, '-', "Usage: %s [options] [provider...]\n"}, - - OPT_SECTION("General"), - {"help", OPT_HELP, '-', "Display this summary"}, - - OPT_SECTION("Output"), - {"v", OPT_V, '-', "List the algorithm names of specified provider"}, - {"vv", OPT_VV, '-', "List the algorithm names of specified providers,"}, - {OPT_MORE_STR, 0, '-', "categorised by operation type"}, - {"vvv", OPT_VVV, '-', "List the algorithm names of specified provider"}, - {OPT_MORE_STR, 0, '-', "one at a time, and list all known parameters"}, - - OPT_PARAMETERS(), - {"provider", 0, 0, "Provider(s) to load"}, - {NULL} -}; - -typedef struct info_st INFO; -typedef struct meta_st META; - -struct info_st { - void (*collect_names_fn)(void *method, STACK_OF(OPENSSL_CSTRING) *names); - void *method; - const OSSL_PARAM *gettable_params; - const OSSL_PARAM *settable_params; - const OSSL_PARAM *gettable_ctx_params; - const OSSL_PARAM *settable_ctx_params; - const OSSL_PARAM *gen_settable_params; -}; - -struct meta_st { - int first; /* For prints */ - int total; - int indent; - int subindent; - int verbose; - const char *label; - OSSL_PROVIDER *prov; - void (*fn)(META *meta, INFO *info); -}; - -static void collect_cipher_names(void *method, - STACK_OF(OPENSSL_CSTRING) *names) -{ - EVP_CIPHER_names_do_all(method, collect_names, names); -} - -static void collect_digest_names(void *method, - STACK_OF(OPENSSL_CSTRING) *names) -{ - EVP_MD_names_do_all(method, collect_names, names); -} - -static void collect_mac_names(void *method, - STACK_OF(OPENSSL_CSTRING) *names) -{ - EVP_MAC_names_do_all(method, collect_names, names); -} - -static void collect_keymgmt_names(void *method, - STACK_OF(OPENSSL_CSTRING) *names) -{ - EVP_KEYMGMT_names_do_all(method, collect_names, names); -} - -static void collect_keyexch_names(void *method, - STACK_OF(OPENSSL_CSTRING) *names) -{ - EVP_KEYEXCH_names_do_all(method, collect_names, names); -} - -static void collect_signature_names(void *method, - STACK_OF(OPENSSL_CSTRING) *names) -{ - EVP_SIGNATURE_names_do_all(method, collect_names, names); -} - -static void print_method_names(BIO *out, INFO *info) -{ - STACK_OF(OPENSSL_CSTRING) *names = sk_OPENSSL_CSTRING_new(name_cmp); - - info->collect_names_fn(info->method, names); - print_names(out, names); - sk_OPENSSL_CSTRING_free(names); -} - -static void print_caps(META *meta, INFO *info) -{ - switch (meta->verbose) { - case 1: - if (!meta->first) - BIO_printf(bio_out, "; "); - print_method_names(bio_out, info); - break; - case 2: - if (meta->first) { - if (meta->total > 0) - BIO_printf(bio_out, "\n"); - BIO_printf(bio_out, "%*s%ss:", meta->indent, "", meta->label); - } - BIO_printf(bio_out, " "); - print_method_names(bio_out, info); - break; - case 3: - default: - BIO_printf(bio_out, "%*s%s ", meta->indent, "", meta->label); - print_method_names(bio_out, info); - BIO_printf(bio_out, "\n"); - print_param_types("settable keygen parameters", - info->gen_settable_params, meta->subindent); - print_param_types("settable algorithm parameters", - info->settable_params, meta->subindent); - print_param_types("retrievable algorithm parameters", - info->gettable_params, meta->subindent); - print_param_types("settable operation parameters", - info->settable_ctx_params, meta->subindent); - print_param_types("retrievable operation parameters", - info->gettable_ctx_params, meta->subindent); - break; - } - meta->first = 0; -} - -static void do_method(void *method, - void (*collect_names_fn)(void *method, - STACK_OF(OPENSSL_CSTRING) *names), - const OSSL_PARAM *gettable_params, - const OSSL_PARAM *gettable_ctx_params, - const OSSL_PARAM *settable_ctx_params, - META *meta) -{ - INFO info; - - memset(&info, 0, sizeof(info)); - info.collect_names_fn = collect_names_fn; - info.method = method; - info.gettable_params = gettable_params; - info.gettable_ctx_params = gettable_ctx_params; - info.settable_ctx_params = settable_ctx_params; - meta->fn(meta, &info); - meta->total++; -} - -static void do_keymgmt_method(void *method, - void (*collect_names_fn)(void *method, - STACK_OF(OPENSSL_CSTRING) - *names), - const OSSL_PARAM *gettable_params, - const OSSL_PARAM *settable_params, - const OSSL_PARAM *gen_settable_params, - META *meta) -{ - INFO info; - - memset(&info, 0, sizeof(info)); - info.collect_names_fn = collect_names_fn; - info.method = method; - info.gettable_params = gettable_params; - info.settable_params = settable_params; - info.gen_settable_params = gen_settable_params; - meta->fn(meta, &info); - meta->total++; -} - -static void do_cipher(EVP_CIPHER *cipher, void *meta) -{ - do_method(cipher, collect_cipher_names, - EVP_CIPHER_gettable_params(cipher), - EVP_CIPHER_gettable_ctx_params(cipher), - EVP_CIPHER_settable_ctx_params(cipher), - meta); -} - -static void do_digest(EVP_MD *digest, void *meta) -{ - do_method(digest, collect_digest_names, - EVP_MD_gettable_params(digest), - EVP_MD_gettable_ctx_params(digest), - EVP_MD_settable_ctx_params(digest), - meta); -} - -static void do_mac(EVP_MAC *mac, void *meta) -{ - do_method(mac, collect_mac_names, - EVP_MAC_gettable_params(mac), - EVP_MAC_gettable_ctx_params(mac), - EVP_MAC_settable_ctx_params(mac), - meta); -} - -static void do_keymgmt(EVP_KEYMGMT *keymgmt, void *meta) -{ - do_keymgmt_method(keymgmt, collect_keymgmt_names, - EVP_KEYMGMT_gettable_params(keymgmt), - EVP_KEYMGMT_settable_params(keymgmt), - EVP_KEYMGMT_gen_settable_params(keymgmt), - meta); -} - -static void do_keyexch(EVP_KEYEXCH *keyexch, void *meta) -{ - do_method(keyexch, collect_keyexch_names, - NULL, - EVP_KEYEXCH_gettable_ctx_params(keyexch), - EVP_KEYEXCH_settable_ctx_params(keyexch), - meta); -} - -static void do_signature(EVP_SIGNATURE *signature, void *meta) -{ - do_method(signature, collect_signature_names, - NULL, - EVP_SIGNATURE_gettable_ctx_params(signature), - EVP_SIGNATURE_settable_ctx_params(signature), - meta); -} - -int provider_main(int argc, char **argv) -{ - int ret = 1, i; - int verbose = 0; - STACK_OF(OPENSSL_CSTRING) *providers = sk_OPENSSL_CSTRING_new_null(); - OPTION_CHOICE o; - char *prog; - - prog = opt_init(argc, argv, provider_options); - while ((o = opt_next()) != OPT_EOF) { - switch (o) { - default: /* Catching OPT_ERR & covering OPT_EOF which isn't possible */ - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - case OPT_HELP: - opt_help(provider_options); - ret = 0; - goto end; - case OPT_VVV: - case OPT_VV: - case OPT_V: - /* Convert to an integer from one to four. */ - i = (int)(o - OPT_V) + 1; - if (verbose < i) - verbose = i; - break; - } - } - - /* Allow any trailing parameters as provider names. */ - argc = opt_num_rest(); - argv = opt_rest(); - for ( ; *argv; argv++) { - /* This isn't necessary since -- is supported. */ - if (**argv == '-') { - BIO_printf(bio_err, "%s: Cannot mix flags and provider names.\n", - prog); - BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); - goto end; - } - sk_OPENSSL_CSTRING_push(providers, *argv); - } - - ret = 0; - for (i = 0; i < sk_OPENSSL_CSTRING_num(providers); i++) { - const char *name = sk_OPENSSL_CSTRING_value(providers, i); - OSSL_PROVIDER *prov = OSSL_PROVIDER_load(NULL, name); - - if (prov != NULL) { - BIO_printf(bio_out, verbose == 0 ? "%s\n" : "[ %s ]\n", name); - - if (verbose > 0) { - META data; - - data.total = 0; - data.first = 1; - data.verbose = verbose; - data.prov = prov; - data.fn = print_caps; - - switch (verbose) { - case 1: - BIO_printf(bio_out, " "); - break; - case 2: - data.indent = 4; - break; - case 3: - default: - data.indent = 4; - data.subindent = 10; - break; - } - - if (verbose > 1) { - data.first = 1; - data.label = "Cipher"; - } - EVP_CIPHER_do_all_provided(NULL, do_cipher, &data); - if (verbose > 1) { - data.first = 1; - data.label = "Digest"; - } - EVP_MD_do_all_provided(NULL, do_digest, &data); - if (verbose > 1) { - data.first = 1; - data.label = "MAC"; - } - EVP_MAC_do_all_provided(NULL, do_mac, &data); - - if (verbose > 1) { - data.first = 1; - data.label = "Key manager"; - } - EVP_KEYMGMT_do_all_provided(NULL, do_keymgmt, &data); - if (verbose > 1) { - data.first = 1; - data.label = "Key exchange"; - } - EVP_KEYEXCH_do_all_provided(NULL, do_keyexch, &data); - if (verbose > 1) { - data.first = 1; - data.label = "Signature"; - } - EVP_SIGNATURE_do_all_provided(NULL, do_signature, &data); - - switch (verbose) { - default: - break; - case 2: - case 1: - BIO_printf(bio_out, "\n"); - break; - } - } - OSSL_PROVIDER_unload(prov); - } else { - ERR_print_errors(bio_err); - ret = 1; - /* - * Just because one provider module failed, there's no reason to - * stop, if there are more to try. - */ - } - } - - end: - - ERR_print_errors(bio_err); - sk_OPENSSL_CSTRING_free(providers); - return ret; -} diff --git a/doc/man1/build.info b/doc/man1/build.info index 5b0b4eb6fd..40df5d360e 100644 --- a/doc/man1/build.info +++ b/doc/man1/build.info @@ -35,7 +35,6 @@ DEPEND[]= \ openssl-pkey.pod \ openssl-pkeyutl.pod \ openssl-prime.pod \ - openssl-provider.pod \ openssl-rand.pod \ openssl-rehash.pod \ openssl-req.pod \ @@ -90,7 +89,6 @@ DEPEND[openssl-pkeyparam.pod]=../perlvars.pm DEPEND[openssl-pkey.pod]=../perlvars.pm DEPEND[openssl-pkeyutl.pod]=../perlvars.pm DEPEND[openssl-prime.pod]=../perlvars.pm -DEPEND[openssl-provider.pod]=../perlvars.pm DEPEND[openssl-rand.pod]=../perlvars.pm DEPEND[openssl-rehash.pod]=../perlvars.pm DEPEND[openssl-req.pod]=../perlvars.pm @@ -145,7 +143,6 @@ GENERATE[openssl-pkeyparam.pod]=openssl-pkeyparam.pod.in GENERATE[openssl-pkey.pod]=openssl-pkey.pod.in GENERATE[openssl-pkeyutl.pod]=openssl-pkeyutl.pod.in GENERATE[openssl-prime.pod]=openssl-prime.pod.in -GENERATE[openssl-provider.pod]=openssl-provider.pod.in GENERATE[openssl-rand.pod]=openssl-rand.pod.in GENERATE[openssl-rehash.pod]=openssl-rehash.pod.in GENERATE[openssl-req.pod]=openssl-req.pod.in diff --git a/doc/man1/openssl-provider.pod.in b/doc/man1/openssl-provider.pod.in deleted file mode 100644 index b8d056584d..0000000000 --- a/doc/man1/openssl-provider.pod.in +++ /dev/null @@ -1,63 +0,0 @@ -=pod -{- OpenSSL::safe::output_do_not_edit_headers(); -} - -=head1 NAME - -openssl-provider - load and query providers - -=head1 SYNOPSIS - -B -[B<-help>] -[B<-v>] -[B<-vv>] -[B<-vvv>] -[I ...] - -=head1 DESCRIPTION - -This command is used to query the capabilities of the -specified I's. - -=head1 OPTIONS - -=over 4 - -=item B<-help> - -Print out a usage message. - -=item B<-v> B<-vv> B<-vvv> - -Provides information about each specified provider. -The first flag lists the names of all algorithms each provider -implements; the second lists them by category; the third adds -information on what parameters each of them can handle. - -=back - -=head1 ENVIRONMENT - -=over 4 - -=item B - -The path to the modules directory, where one can expect provider -modules to be located. - -=back - -=head1 SEE ALSO - -L - -=head1 COPYRIGHT - -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 3ae273b5bf..723ed0e2f1 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -232,10 +232,6 @@ Public key algorithm cryptographic operation command. Compute prime numbers. -=item B - -Load and query providers. - =item B Generate pseudo-random bytes. @@ -764,26 +760,6 @@ This file can be used in a subsequent command invocation. =back -=head2 Provider Options - -With the move to provider based cryptographic operations in OpenSSL 3.0, -options were added to allow specific providers or sets of providers to be used. - -=over 4 - -=item B<-provider> I - -Use the provider identified by I and use all the methods it -implements (algorithms, key storage, etc.). This option can be specified -multiple time to load more than one provider. - -=item B<-provider-path> I - -Specify the search I that is used to locate provider modules. The format -of I varies depending on the operating system being used. - -=back - =head2 Extended Verification Options Sometimes there may be more than one certificate chain leading to an @@ -1281,7 +1257,7 @@ in L. The OpenSSL library can be take some configuration parameters from the environment. Some of these variables are listed below. For information -about specific commands, see L, L, +about specific commands, see L, L, and L. For information about the use of environment variables in configuration, diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index 788f5dff81..8e131affb7 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -49,7 +49,6 @@ See L. =item B Specifies the directory from which cryptographic providers are loaded. -See L. =item B diff --git a/test/recipes/20-test_provider.t b/test/recipes/20-test_provider.t deleted file mode 100644 index 6713653214..0000000000 --- a/test/recipes/20-test_provider.t +++ /dev/null @@ -1,62 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the Apache License 2.0 (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -use strict; -use warnings; - -use OpenSSL::Test; - -setup("test_provider"); - -plan tests => 9; - - SKIP: { - skip "No default provider?", 6 - unless ok(run(app([qw(openssl provider default)])), - "try running 'openssl provider default'"); - - my $prev = 2; # The amount of lines from -v - my @checks = qw( -v -vv -vvv ); - my %op = ( -v => '==', - -vv => '>', - -vvv => '>' ); - my $i = 0; - - foreach (@checks) { - my @cmd = ('openssl', 'provider', $_, 'default'); - my @lines = ( map { (my $x = $_) =~ s|\R$||; $x } - run(app([@cmd]), capture => 1) ); - - my $curr = scalar @lines; - my $cmp = "$curr $op{$_} $prev"; - - ok(eval $cmp, - "'openssl provider $_ default' line count $op{$_} $prev"); - ok($lines[0] eq '[ default ]', - "'openssl provider -v default' first line is '[ default ]'"); - - $prev = $curr; - } -} - - SKIP: { - skip "No null provider?", 1 - unless ok(run(app([qw(openssl provider null)])), - "try running 'openssl provider null'"); - - my @cmd = ('openssl', 'provider', '-vvv', 'null'); - my @lines = ( map { (my $x = $_) =~ s|\R$||; $x } - run(app([@cmd]), capture => 1) ); - - my $curr = scalar @lines; - my $cmp = "$curr == 1"; - ok(eval $cmp, - "'openssl provider $_ default' line count == 1"); -} - diff --git a/util/libcrypto.num b/util/libcrypto.num index de15e23080..db4a1aab2d 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5302,3 +5302,7 @@ OSSL_ENCODER_CTX_set_cleanup ? 3_0_0 EXIST::FUNCTION: OSSL_ENCODER_CTX_set_passphrase_cb ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_typenames_do_all ? 3_0_0 EXIST::FUNCTION: OSSL_DECODER_INSTANCE_get_input_type ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_ASYM_CIPHER_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_gettable_ctx_params ? 3_0_0 EXIST::FUNCTION: +EVP_KEM_settable_ctx_params ? 3_0_0 EXIST::FUNCTION: