From: Richard Levitte Date: Tue, 9 Apr 2019 12:39:54 +0000 (+0200) Subject: Add a way for the application to get OpenSSL configuration data X-Git-Tag: openssl-3.0.0-alpha1~2136 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=0109e030db9207a47e195b4c3a3b13e9017f0ed2 Add a way for the application to get OpenSSL configuration data OpenSSL_version(OPENSSL_DIR) gives you a nicely formatted string for display, but if all you really want is the directory itself, you were forced to parsed the string. This introduces a new function to get diverse configuration data from the library, OPENSSL_info(). This works the same way as OpenSSL_version(), but has its own series of types, currently including: OPENSSL_INFO_CONFIG_DIR returns OPENSSLDIR OPENSSL_INFO_ENGINES_DIR returns ENGINESDIR OPENSSL_INFO_MODULES_DIR returns MODULESDIR OPENSSL_INFO_DSO_EXTENSION returns DSO_EXTENSION OPENSSL_INFO_DIR_FILENAME_SEPARATOR returns directory/filename separator OPENSSL_INFO_LIST_SEPARATOR returns list separator For scripting purposes, this also adds the command 'openssl info'. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/8709) --- diff --git a/CHANGES b/CHANGES index 164787c45d..d0e2d3a6c9 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,11 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such + as default directories. Also added the command 'openssl info' + for scripting purposes. + [Richard Levitte] + *) The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been deprecated. These undocumented functions were never integrated into the EVP layer and implement the AES Infinite Garble Extension (IGE) mode and AES diff --git a/NEWS b/NEWS index 3c38c782ad..0800b76b71 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,7 @@ Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development] + o Add OPENSSL_info() and 'openssl info' to get built-in data. o Add support for enabling instrumentation through trace and debug output. o Changed our version number scheme and set the next major release to diff --git a/apps/build.info b/apps/build.info index ad14038a5d..30847a013d 100644 --- a/apps/build.info +++ b/apps/build.info @@ -5,7 +5,8 @@ genpkey.c genrsa.c mac.c nseq.c ocsp.c passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c prime.c rand.c req.c rsa.c rsautl.c s_client.c s_server.c s_time.c sess_id.c smime.c speed.c - spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c); + spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c + info.c); our @apps_lib_src = ( qw(apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c bf_prefix.c), diff --git a/apps/info.c b/apps/info.c new file mode 100644 index 0000000000..aa019ad19e --- /dev/null +++ b/apps/info.c @@ -0,0 +1,97 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "apps.h" +#include "progs.h" + +typedef enum OPTION_choice { + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, + OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP, + OPT_LISTSEP +} OPTION_CHOICE; + +const OPTIONS info_options[] = { + {"help", OPT_HELP, '-', "Display this summary"}, + {"configdir", OPT_CONFIGDIR, '-', "Default configuration file directory"}, + {"c", OPT_CONFIGDIR, '-', "Default configuration file directory"}, + {"enginesdir", OPT_ENGINESDIR, '-', "Default engine module directory"}, + {"e", OPT_ENGINESDIR, '-', "Default engine module directory"}, + {"modulesdir", OPT_ENGINESDIR, '-', + "Default module directory (other than engine modules)"}, + {"m", OPT_ENGINESDIR, '-', + "Default module directory (other than engine modules)"}, + {"dsoext", OPT_DSOEXT, '-', "Configured extension for modules"}, + {"dirnamesep", OPT_DIRNAMESEP, '-', "Directory-filename separator"}, + {"listsep", OPT_LISTSEP, '-', "List separator character"}, + {NULL} +}; + +int info_main(int argc, char **argv) +{ + int ret = 1, dirty = 0, type = 0; + char *prog; + OPTION_CHOICE o; + + prog = opt_init(argc, argv, info_options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +opthelp: + BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); + goto end; + case OPT_HELP: + opt_help(info_options); + ret = 0; + goto end; + case OPT_CONFIGDIR: + type = OPENSSL_INFO_CONFIG_DIR; + dirty++; + break; + case OPT_ENGINESDIR: + type = OPENSSL_INFO_ENGINES_DIR; + dirty++; + break; + case OPT_MODULESDIR: + type = OPENSSL_INFO_MODULES_DIR; + dirty++; + break; + case OPT_DSOEXT: + type = OPENSSL_INFO_DSO_EXTENSION; + dirty++; + break; + case OPT_DIRNAMESEP: + type = OPENSSL_INFO_DIR_FILENAME_SEPARATOR; + dirty++; + break; + case OPT_LISTSEP: + type = OPENSSL_INFO_LIST_SEPARATOR; + dirty++; + break; + } + } + if (opt_num_rest() != 0) { + BIO_printf(bio_err, "%s: Extra parameters given.\n", prog); + goto opthelp; + } + if (dirty > 1) { + BIO_printf(bio_err, "%s: Only one item allowed\n", prog); + goto opthelp; + } + if (dirty == 0) { + BIO_printf(bio_err, "%s: No items chosen\n", prog); + goto opthelp; + } + + BIO_printf(bio_out, "%s\n", OPENSSL_info(type)); + ret = 0; + end: + return ret; +} diff --git a/apps/progs.pl b/apps/progs.pl index ab1a729fff..3aec7562cf 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -51,6 +51,9 @@ print <<"EOF"; * https://www.openssl.org/source/license.html */ +#include +#include "opt.h" + typedef enum FUNC_TYPE { FT_none, FT_general, FT_md, FT_cipher, FT_pkey, FT_md_alg, FT_cipher_alg diff --git a/crypto/build.info b/crypto/build.info index 77dcffb906..30dcf8c91e 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -14,7 +14,7 @@ SOURCE[../libcrypto]=provider_core.c provider_predefined.c provider_conf.c \ # Central utilities SOURCE[../libcrypto]=\ - cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \ + cryptlib.c mem.c mem_dbg.c cversion.c info.c ex_data.c cpt_err.c \ ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fopen.c ctype.c \ threads_pthread.c threads_win.c threads_none.c getenv.c \ o_init.c o_fips.c mem_sec.c init.c context.c sparse_array.c \ diff --git a/crypto/info.c b/crypto/info.c new file mode 100644 index 0000000000..5a929ddd03 --- /dev/null +++ b/crypto/info.c @@ -0,0 +1,44 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "internal/dso_conf.h" +#include "e_os.h" + +const char *OPENSSL_info(int t) +{ + switch (t) { + case OPENSSL_INFO_CONFIG_DIR: + return OPENSSLDIR; + case OPENSSL_INFO_ENGINES_DIR: + return ENGINESDIR; + case OPENSSL_INFO_MODULES_DIR: + return MODULESDIR; + case OPENSSL_INFO_DSO_EXTENSION: + return DSO_EXTENSION; + case OPENSSL_INFO_DIR_FILENAME_SEPARATOR: +#if defined(_WIN32) + return "\\"; +#elif defined(__VMS) + return ""; +#else /* Assume POSIX */ + return "/"; +#endif + case OPENSSL_INFO_LIST_SEPARATOR: + { + static const char list_sep[] = { LIST_SEPARATOR_CHAR, '\0' }; + return list_sep; + } + default: + break; + } + /* Not an error */ + return NULL; +} diff --git a/doc/man1/info.pod b/doc/man1/info.pod new file mode 100644 index 0000000000..6eddf0fa67 --- /dev/null +++ b/doc/man1/info.pod @@ -0,0 +1,81 @@ +=pod + +=head1 NAME + +openssl-info, +info - print OpenSSL built-in information + +=head1 SYNOPSIS + +B +[B<-help>] +[B<-configdir> | B<-c>] +[B<-enginesdir> | B<-e>] +[B<-modulesdir> | B<-m>] +[B<-dsoext>] +[B<-dirfilesep>] +[B<-listsep]> + +=head1 DESCRIPTION + +This command is used to print out information about OpenSSL. +The information is written exactly as it is with no extra text, which +makes useful for scripts. + +As a consequence, only one item may be chosen for each run of this +command. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print out a usage message. + +=item B<-configdir>, B<-c> + +Outputs the default directory for OpenSSL configuration files. + +=item B<-enginesdir>, B<-e> + +Outputs the default directory for OpenSSL engine modules. + +=item B<-modulesdir>, B<-m> + +Outputs the default directory for OpenSSL dynamically loadable modules +other than engine modules. + +=item B<-dsoext> + +Outputs the DSO extension OpenSSL uses. + +=item B<-dirnamesep> + +Outputs the separator character between a directory specification and +a file name. +Note that on some operating systems, this is not the same as the +separator between directory elements. + +=item B<-listsep> + +Outputs the OpenSSL list separator character. +This is typically used to construct C<$PATH> (C<%PATH%> on Windows) +style lists. + +=back + +=head1 HISTORY + +The B command was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 5f6f8d3bbf..e41c76a157 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -167,6 +167,10 @@ Generation of Private Key or Parameters. Generation of RSA Private Key. Superseded by L. +=item B + +Display diverse information built into the OpenSSL libraries. + =item B Message Authentication Code Calculation. diff --git a/doc/man3/OpenSSL_version.pod b/doc/man3/OpenSSL_version.pod index 679273e6f1..c1ced6434d 100644 --- a/doc/man3/OpenSSL_version.pod +++ b/doc/man3/OpenSSL_version.pod @@ -8,8 +8,8 @@ OPENSSL_VERSION_PRE_RELEASE_STR, OPENSSL_VERSION_BUILD_METADATA_STR, OPENSSL_VERSION_TEXT, OPENSSL_version_major, OPENSSL_version_minor, OPENSSL_version_patch, OPENSSL_version_pre_release, OPENSSL_version_build_metadata, OpenSSL_version, -OPENSSL_VERSION_NUMBER, OpenSSL_version_num -- get OpenSSL version number +OPENSSL_VERSION_NUMBER, OpenSSL_version_num, OPENSSL_info +- get OpenSSL version number and other information =head1 SYNOPSIS @@ -37,6 +37,8 @@ OPENSSL_VERSION_NUMBER, OpenSSL_version_num const char *OpenSSL_version(int t); + const char *OPENSSL_info(int t); + Deprecated: /* from openssl/opensslv.h */ @@ -127,6 +129,47 @@ if available or "ENGINESDIR: N/A" otherwise. For an unknown B, the text "not available" is returned. +OPENSSL_info() also returns different strings depending on B: + +=over 4 + +=item OPENSSL_INFO_CONFIG_DIR + +The configured C, which is the default location for +OpenSSL configuration files. + +=item OPENSSL_INFO_ENGINES_DIR + +The configured C, which is the default location for +OpenSSL engines. + +=item OPENSSL_INFO_MODULES_DIR + +The configured C, which is the default location for +dynamically loadable OpenSSL modules other than engines. + +=item OPENSSL_INFO_DSO_EXTENSION + +The configured dynamically loadable module extension. + +=item OPENSSL_INFO_DIR_FILENAME_SEPARATOR + +The separator between a directory specification and a file name. +Note that on some operating systems, this is not the same as the +separator between directory elements. + +=item OPENSSL_INFO_LIST_SEPARATOR + +The OpenSSL list separator. +This is typically used in strings that are lists of items, such as the +value of the environment variable C<$PATH> on Unix (where the +separator is ":") or C<%PATH%> on Windows (where the separator is +";"). + +=back + +For an unknown B, NULL is returned. + =head1 BACKWARD COMPATIBILITY For compatibility, some older macros and functions are retained or diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index 80786c8461..a7e78e4caf 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -165,6 +165,18 @@ const char *OpenSSL_version(int type); # define OPENSSL_FULL_VERSION_STRING 7 # define OPENSSL_MODULES_DIR 8 +const char *OPENSSL_info(int type); +/* + * The series starts at 1001 to avoid confusion with the OpenSSL_version + * types. + */ +# define OPENSSL_INFO_CONFIG_DIR 1001 +# define OPENSSL_INFO_ENGINES_DIR 1002 +# define OPENSSL_INFO_MODULES_DIR 1003 +# define OPENSSL_INFO_DSO_EXTENSION 1004 +# define OPENSSL_INFO_DIR_FILENAME_SEPARATOR 1005 +# define OPENSSL_INFO_LIST_SEPARATOR 1006 + int OPENSSL_issetugid(void); typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, diff --git a/util/libcrypto.num b/util/libcrypto.num index b9be3490ec..8259ddbb5e 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4799,3 +4799,4 @@ EC_GROUP_check_named_curve 4746 3_0_0 EXIST::FUNCTION:EC EVP_CIPHER_upref 4747 3_0_0 EXIST::FUNCTION: EVP_CIPHER_fetch 4748 3_0_0 EXIST::FUNCTION: EVP_CIPHER_mode 4749 3_0_0 EXIST::FUNCTION: +OPENSSL_info 4750 3_0_0 EXIST::FUNCTION: