Add a way for the application to get OpenSSL configuration data

OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for display, but if all you really want is the directory itself, you were forced to parsed the string. This introduces a new function to get diverse configuration data from the library, OPENSSL_info(). This works the same way as OpenSSL_version(), but has its own series of types, currently including: OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR OPENSSL_INFO_MODULES_DIR returns MODULESDIR OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator OPENSSL_INFO_LIST_SEPARATOR returns list separator For scripting purposes, this also adds the command 'openssl info'. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from #8709)
openssl · Apr 23, 2019 · 0109e03 · 0109e03
1 parent 47ca833
commit 0109e03
Show file tree

Hide file tree

Showing 12 changed files with 296 additions and 4 deletions.
diff --git a/CHANGES b/CHANGES
@@ -9,6 +9,11 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such
+     as default directories.  Also added the command 'openssl info'
+     for scripting purposes.
+     [Richard Levitte]
+
   *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been
      deprecated. These undocumented functions were never integrated into the EVP
      layer and implement the AES Infinite Garble Extension (IGE) mode and AES

diff --git a/NEWS b/NEWS
@@ -7,6 +7,7 @@
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
 
+      o Add OPENSSL_info() and 'openssl info' to get built-in data.
       o Add support for enabling instrumentation through trace and debug
         output.
       o Changed our version number scheme and set the next major release to

diff --git a/apps/build.info b/apps/build.info
@@ -5,7 +5,8 @@
           genpkey.c genrsa.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c
           pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c
           rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c
-          spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
+          spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c
+          info.c);
    our @apps_lib_src =
        ( qw(apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c
             bf_prefix.c),

diff --git a/apps/info.c b/apps/info.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "apps.h"
+#include "progs.h"
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP,
+    OPT_LISTSEP
+} OPTION_CHOICE;
+
+const OPTIONS info_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"},
+    {"c", OPT_CONFIGDIR, '-', "Default configuration file directory"},
+    {"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"},
+    {"e", OPT_ENGINESDIR, '-', "Default engine module directory"},
+    {"modulesdir", OPT_ENGINESDIR, '-',
+     "Default module directory (other than engine modules)"},
+    {"m", OPT_ENGINESDIR, '-',
+     "Default module directory (other than engine modules)"},
+    {"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"},
+    {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"},
+    {"listsep", OPT_LISTSEP, '-', "List separator character"},
+    {NULL}
+};
+
+int info_main(int argc, char **argv)
+{
+    int ret = 1, dirty = 0, type = 0;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, info_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(info_options);
+            ret = 0;
+            goto end;
+        case OPT_CONFIGDIR:
+            type = OPENSSL_INFO_CONFIG_DIR;
+            dirty++;
+            break;
+        case OPT_ENGINESDIR:
+            type = OPENSSL_INFO_ENGINES_DIR;
+            dirty++;
+            break;
+        case OPT_MODULESDIR:
+            type = OPENSSL_INFO_MODULES_DIR;
+            dirty++;
+            break;
+        case OPT_DSOEXT:
+            type = OPENSSL_INFO_DSO_EXTENSION;
+            dirty++;
+            break;
+        case OPT_DIRNAMESEP:
+            type = OPENSSL_INFO_DIR_FILENAME_SEPARATOR;
+            dirty++;
+            break;
+        case OPT_LISTSEP:
+            type = OPENSSL_INFO_LIST_SEPARATOR;
+            dirty++;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "%s: Extra parameters given.\n", prog);
+        goto opthelp;
+    }
+    if (dirty > 1) {
+        BIO_printf(bio_err, "%s: Only one item allowed\n", prog);
+        goto opthelp;
+    }
+    if (dirty == 0) {
+        BIO_printf(bio_err, "%s: No items chosen\n", prog);
+        goto opthelp;
+    }
+
+    BIO_printf(bio_out, "%s\n", OPENSSL_info(type));
+    ret = 0;
+ end:
+    return ret;
+}
diff --git a/apps/progs.pl b/apps/progs.pl
@@ -51,6 +51,9 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/lhash.h>
+#include "opt.h"
+
 typedef enum FUNC_TYPE {
     FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
     FT_md_alg, FT_cipher_alg

diff --git a/crypto/build.info b/crypto/build.info
@@ -14,7 +14,7 @@ SOURCE[../libcrypto]=provider_core.c provider_predefined.c provider_conf.c \
 
 # Central utilities
 SOURCE[../libcrypto]=\
-        cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+        cryptlib.c mem.c mem_dbg.c cversion.c info.c ex_data.c cpt_err.c \
         ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \
         threads_pthread.c threads_win.c threads_none.c getenv.c \
         o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \

diff --git a/crypto/info.c b/crypto/info.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/crypto.h>
+#include "internal/dso_conf.h"
+#include "e_os.h"
+
+const char *OPENSSL_info(int t)
+{
+    switch (t) {
+    case OPENSSL_INFO_CONFIG_DIR:
+        return OPENSSLDIR;
+    case OPENSSL_INFO_ENGINES_DIR:
+        return ENGINESDIR;
+    case OPENSSL_INFO_MODULES_DIR:
+        return MODULESDIR;
+    case OPENSSL_INFO_DSO_EXTENSION:
+        return DSO_EXTENSION;
+    case OPENSSL_INFO_DIR_FILENAME_SEPARATOR:
+#if defined(_WIN32)
+        return "\\";
+#elif defined(__VMS)
+        return "";
+#else  /* Assume POSIX */
+        return "/";
+#endif
+    case OPENSSL_INFO_LIST_SEPARATOR:
+        {
+            static const char list_sep[] = { LIST_SEPARATOR_CHAR, '\0' };
+            return list_sep;
+        }
+    default:
+        break;
+    }
+    /* Not an error */
+    return NULL;
+}
diff --git a/doc/man1/info.pod b/doc/man1/info.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+openssl-info,
+info - print OpenSSL built-in information
+
+=head1 SYNOPSIS
+
+B<openssl info>
+[B<-help>]
+[B<-configdir> | B<-c>]
+[B<-enginesdir> | B<-e>]
+[B<-modulesdir> | B<-m>]
+[B<-dsoext>]
+[B<-dirfilesep>]
+[B<-listsep]>
+
+=head1 DESCRIPTION
+
+This command is used to print out information about OpenSSL.
+The information is written exactly as it is with no extra text, which
+makes useful for scripts.
+
+As a consequence, only one item may be chosen for each run of this
+command.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-help>
+
+Print out a usage message.
+
+=item B<-configdir>, B<-c>
+
+Outputs the default directory for OpenSSL configuration files.
+
+=item B<-enginesdir>, B<-e>
+
+Outputs the default directory for OpenSSL engine modules.
+
+=item B<-modulesdir>, B<-m>
+
+Outputs the default directory for OpenSSL dynamically loadable modules
+other than engine modules.
+
+=item B<-dsoext>
+
+Outputs the DSO extension OpenSSL uses.
+
+=item B<-dirnamesep>
+
+Outputs the separator character between a directory specification and
+a file name.
+Note that on some operating systems, this is not the same as the
+separator between directory elements.
+
+=item B<-listsep>
+
+Outputs the OpenSSL list separator character.
+This is typically used to construct C<$PATH> (C<%PATH%> on Windows)
+style lists.
+
+=back
+
+=head1 HISTORY
+
+The B<openssl info> command was added in OpenSSL 3.0.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
@@ -167,6 +167,10 @@ Generation of Private Key or Parameters.
 
 Generation of RSA Private Key. Superseded by L<genpkey(1)>.
 
+=item B<info>
+
+Display diverse information built into the OpenSSL libraries.
+
 =item B<mac>
 
 Message Authentication Code Calculation.

diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod
@@ -8,8 +8,8 @@ OPENSSL_VERSION_PRE_RELEASE_STR, OPENSSL_VERSION_BUILD_METADATA_STR,
 OPENSSL_VERSION_TEXT,
 OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch,
 OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version,
-OPENSSL_VERSION_NUMBER, OpenSSL_version_num
-- get OpenSSL version number
+OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info
+- get OpenSSL version number and other information
 
 =head1 SYNOPSIS
 
@@ -37,6 +37,8 @@ OPENSSL_VERSION_NUMBER, OpenSSL_version_num
 
  const char *OpenSSL_version(int t);
 
+ const char *OPENSSL_info(int t);
+
 Deprecated:
 
  /* from openssl/opensslv.h */
@@ -127,6 +129,47 @@ if available or "ENGINESDIR: N/A" otherwise.
 
 For an unknown B<t>, the text "not available" is returned.
 
+OPENSSL_info() also returns different strings depending on B<t>:
+
+=over 4
+
+=item OPENSSL_INFO_CONFIG_DIR
+
+The configured C<OPENSSLDIR>, which is the default location for
+OpenSSL configuration files.
+
+=item OPENSSL_INFO_ENGINES_DIR
+
+The configured C<ENGINESDIR>, which is the default location for
+OpenSSL engines.
+
+=item OPENSSL_INFO_MODULES_DIR
+
+The configured C<MODULESDIR>, which is the default location for
+dynamically loadable OpenSSL modules other than engines.
+
+=item OPENSSL_INFO_DSO_EXTENSION
+
+The configured dynamically loadable module extension.
+
+=item OPENSSL_INFO_DIR_FILENAME_SEPARATOR
+
+The separator between a directory specification and a file name.
+Note that on some operating systems, this is not the same as the
+separator between directory elements.
+
+=item OPENSSL_INFO_LIST_SEPARATOR
+
+The OpenSSL list separator.
+This is typically used in strings that are lists of items, such as the
+value of the environment variable C<$PATH> on Unix (where the
+separator is ":") or C<%PATH%> on Windows (where the separator is
+";").
+
+=back
+
+For an unknown B<t>, NULL is returned.
+
 =head1 BACKWARD COMPATIBILITY
 
 For compatibility, some older macros and functions are retained or

diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
@@ -165,6 +165,18 @@ const char *OpenSSL_version(int type);
 # define OPENSSL_FULL_VERSION_STRING    7
 # define OPENSSL_MODULES_DIR            8
 
+const char *OPENSSL_info(int type);
+/*
+ * The series starts at 1001 to avoid confusion with the OpenSSL_version
+ * types.
+ */
+# define OPENSSL_INFO_CONFIG_DIR                1001
+# define OPENSSL_INFO_ENGINES_DIR               1002
+# define OPENSSL_INFO_MODULES_DIR               1003
+# define OPENSSL_INFO_DSO_EXTENSION             1004
+# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR    1005
+# define OPENSSL_INFO_LIST_SEPARATOR            1006
+
 int OPENSSL_issetugid(void);
 
 typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,

diff --git a/util/libcrypto.num b/util/libcrypto.num
@@ -4799,3 +4799,4 @@ EC_GROUP_check_named_curve              4746	3_0_0	EXIST::FUNCTION:EC
 EVP_CIPHER_upref                        4747	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_fetch                        4748	3_0_0	EXIST::FUNCTION:
 EVP_CIPHER_mode                         4749	3_0_0	EXIST::FUNCTION:
+OPENSSL_info                            4750	3_0_0	EXIST::FUNCTION: