1
/*
2
 * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9

10
/* We need to use some engine deprecated APIs */
11
#define OPENSSL_SUPPRESS_DEPRECATED
12

13
#include <openssl/opensslconf.h>
14

15
#include "apps.h"
16
#include "progs.h"
17
#include <stdio.h>
18
#include <stdlib.h>
19
#include <string.h>
20
#include <openssl/err.h>
21
#include <openssl/engine.h>
22
#include <openssl/ssl.h>
23
#include <openssl/store.h>
24

25
typedef enum OPTION_choice {
26
    OPT_COMMON,
27
    OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
28
    OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
29
} OPTION_CHOICE;
30

31
const OPTIONS engine_options[] = {
32
    {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
33

34
    OPT_SECTION("General"),
35
    {"help", OPT_HELP, '-', "Display this summary"},
36
    {"t", OPT_T, '-', "Check that specified engine is available"},
37
    {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
38
    {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
39

40
    OPT_SECTION("Output"),
41
    {"v", OPT_V, '-', "List 'control commands' For each specified engine"},
42
    {"vv", OPT_VV, '-', "Also display each command's description"},
43
    {"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
44
    {"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
45
    {"c", OPT_C, '-', "List the capabilities of specified engine"},
46
    {"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
47
    {OPT_MORE_STR, OPT_EOF, 1,
48
     "Commands are like \"SO_PATH:/lib/libdriver.so\""},
49

50
    OPT_PARAMETERS(),
51
    {"engine", 0, 0, "ID of engine(s) to load"},
52
    {NULL}
53
};
54

55
static int append_buf(char **buf, int *size, const char *s)
56
{
57
    const int expand = 256;
58
    int len = strlen(s) + 1;
59
    char *p = *buf;
60

61
    if (p == NULL) {
62
        *size = ((len + expand - 1) / expand) * expand;
63
        p = *buf = app_malloc(*size, "engine buffer");
64
    } else {
65
        const int blen = strlen(p);
66

67
        if (blen > 0)
68
            len += 2 + blen;
69

70
        if (len > *size) {
71
            *size = ((len + expand - 1) / expand) * expand;
72
            p = OPENSSL_realloc(p, *size);
73
            if (p == NULL) {
74
                OPENSSL_free(*buf);
75
                *buf = NULL;
76
                return 0;
77
            }
78
            *buf = p;
79
        }
80

81
        if (blen > 0) {
82
            p += blen;
83
            *p++ = ',';
84
            *p++ = ' ';
85
        }
86
    }
87

88
    strcpy(p, s);
89
    return 1;
90
}
91

92
static int util_flags(BIO *out, unsigned int flags, const char *indent)
93
{
94
    int started = 0, err = 0;
95
    /* Indent before displaying input flags */
96
    BIO_printf(out, "%s%s(input flags): ", indent, indent);
97
    if (flags == 0) {
98
        BIO_printf(out, "<no flags>\n");
99
        return 1;
100
    }
101
    /*
102
     * If the object is internal, mark it in a way that shows instead of
103
     * having it part of all the other flags, even if it really is.
104
     */
105
    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
106
        BIO_printf(out, "[Internal] ");
107
    }
108

109
    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
110
        BIO_printf(out, "NUMERIC");
111
        started = 1;
112
    }
113
    /*
114
     * Now we check that no combinations of the mutually exclusive NUMERIC,
115
     * STRING, and NO_INPUT flags have been used. Future flags that can be
116
     * OR'd together with these would need to added after these to preserve
117
     * the testing logic.
118
     */
119
    if (flags & ENGINE_CMD_FLAG_STRING) {
120
        if (started) {
121
            BIO_printf(out, "|");
122
            err = 1;
123
        }
124
        BIO_printf(out, "STRING");
125
        started = 1;
126
    }
127
    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
128
        if (started) {
129
            BIO_printf(out, "|");
130
            err = 1;
131
        }
132
        BIO_printf(out, "NO_INPUT");
133
        started = 1;
134
    }
135
    /* Check for unknown flags */
136
    flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
137
        ~ENGINE_CMD_FLAG_STRING &
138
        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
139
    if (flags) {
140
        if (started)
141
            BIO_printf(out, "|");
142
        BIO_printf(out, "<0x%04X>", flags);
143
    }
144
    if (err)
145
        BIO_printf(out, "  <illegal flags!>");
146
    BIO_printf(out, "\n");
147
    return 1;
148
}
149

150
static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
151
{
152
    static const int line_wrap = 78;
153
    int num;
154
    int ret = 0;
155
    char *name = NULL;
156
    char *desc = NULL;
157
    int flags;
158
    int xpos = 0;
159
    STACK_OF(OPENSSL_STRING) *cmds = NULL;
160
    if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
161
        ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
162
                            0, NULL, NULL)) <= 0)) {
163
        return 1;
164
    }
165

166
    cmds = sk_OPENSSL_STRING_new_null();
167
    if (cmds == NULL)
168
        goto err;
169

170
    do {
171
        int len;
172
        /* Get the command input flags */
173
        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
174
                                 NULL, NULL)) < 0)
175
            goto err;
176
        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
177
            /* Get the command name */
178
            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
179
                                   NULL, NULL)) <= 0)
180
                goto err;
181
            name = app_malloc(len + 1, "name buffer");
182
            if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
183
                            NULL) <= 0)
184
                goto err;
185
            /* Get the command description */
186
            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
187
                                   NULL, NULL)) < 0)
188
                goto err;
189
            if (len > 0) {
190
                desc = app_malloc(len + 1, "description buffer");
191
                if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
192
                                NULL) <= 0)
193
                    goto err;
194
            }
195
            /* Now decide on the output */
196
            if (xpos == 0)
197
                /* Do an indent */
198
                xpos = BIO_puts(out, indent);
199
            else
200
                /* Otherwise prepend a ", " */
201
                xpos += BIO_printf(out, ", ");
202
            if (verbose == 1) {
203
                /*
204
                 * We're just listing names, comma-delimited
205
                 */
206
                if ((xpos > (int)strlen(indent)) &&
207
                    (xpos + (int)strlen(name) > line_wrap)) {
208
                    BIO_printf(out, "\n");
209
                    xpos = BIO_puts(out, indent);
210
                }
211
                xpos += BIO_printf(out, "%s", name);
212
            } else {
213
                /* We're listing names plus descriptions */
214
                BIO_printf(out, "%s: %s\n", name,
215
                           (desc == NULL) ? "<no description>" : desc);
216
                /* ... and sometimes input flags */
217
                if ((verbose >= 3) && !util_flags(out, flags, indent))
218
                    goto err;
219
                xpos = 0;
220
            }
221
        }
222
        OPENSSL_free(name);
223
        name = NULL;
224
        OPENSSL_free(desc);
225
        desc = NULL;
226
        /* Move to the next command */
227
        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
228
    } while (num > 0);
229
    if (xpos > 0)
230
        BIO_printf(out, "\n");
231
    ret = 1;
232
 err:
233
    sk_OPENSSL_STRING_free(cmds);
234
    OPENSSL_free(name);
235
    OPENSSL_free(desc);
236
    return ret;
237
}
238

239
static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
240
                         BIO *out, const char *indent)
241
{
242
    int loop, res, num = sk_OPENSSL_STRING_num(cmds);
243

244
    if (num < 0) {
245
        BIO_printf(out, "[Error]: internal stack error\n");
246
        return;
247
    }
248
    for (loop = 0; loop < num; loop++) {
249
        char buf[256];
250
        const char *cmd, *arg;
251
        cmd = sk_OPENSSL_STRING_value(cmds, loop);
252
        res = 1;                /* assume success */
253
        /* Check if this command has no ":arg" */
254
        if ((arg = strchr(cmd, ':')) == NULL) {
255
            if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
256
                res = 0;
257
        } else {
258
            if ((int)(arg - cmd) > 254) {
259
                BIO_printf(out, "[Error]: command name too long\n");
260
                return;
261
            }
262
            memcpy(buf, cmd, (int)(arg - cmd));
263
            buf[arg - cmd] = '\0';
264
            arg++;              /* Move past the ":" */
265
            /* Call the command with the argument */
266
            if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
267
                res = 0;
268
        }
269
        if (res) {
270
            BIO_printf(out, "[Success]: %s\n", cmd);
271
        } else {
272
            BIO_printf(out, "[Failure]: %s\n", cmd);
273
            ERR_print_errors(out);
274
        }
275
    }
276
}
277

278
struct util_store_cap_data {
279
    ENGINE *engine;
280
    char **cap_buf;
281
    int *cap_size;
282
    int ok;
283
};
284
static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
285
{
286
    struct util_store_cap_data *ctx = arg;
287

288
    if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
289
        char buf[256];
290
        BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
291
                     OSSL_STORE_LOADER_get0_scheme(loader));
292
        if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
293
            ctx->ok = 0;
294
    }
295
}
296

297
int engine_main(int argc, char **argv)
298
{
299
    int ret = 1, i;
300
    int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
301
    ENGINE *e;
302
    STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
303
    STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
304
    STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
305
    BIO *out;
306
    const char *indent = "     ";
307
    OPTION_CHOICE o;
308
    char *prog;
309
    char *argv1;
310

311
    out = dup_bio_out(FORMAT_TEXT);
312
    if (engines == NULL || pre_cmds == NULL || post_cmds == NULL)
313
        goto end;
314

315
    /* Remember the original command name, parse/skip any leading engine
316
     * names, and then setup to parse the rest of the line as flags. */
317
    prog = argv[0];
318
    while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
319
        if (!sk_OPENSSL_CSTRING_push(engines, argv1))
320
            goto end;
321
        argc--;
322
        argv++;
323
    }
324
    argv[0] = prog;
325
    opt_init(argc, argv, engine_options);
326

327
    while ((o = opt_next()) != OPT_EOF) {
328
        switch (o) {
329
        case OPT_EOF:
330
        case OPT_ERR:
331
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
332
            goto end;
333
        case OPT_HELP:
334
            opt_help(engine_options);
335
            ret = 0;
336
            goto end;
337
        case OPT_VVVV:
338
        case OPT_VVV:
339
        case OPT_VV:
340
        case OPT_V:
341
            /* Convert to an integer from one to four. */
342
            i = (int)(o - OPT_V) + 1;
343
            if (verbose < i)
344
                verbose = i;
345
            break;
346
        case OPT_C:
347
            list_cap = 1;
348
            break;
349
        case OPT_TT:
350
            test_avail_noise++;
351
            /* fall through */
352
        case OPT_T:
353
            test_avail++;
354
            break;
355
        case OPT_PRE:
356
            if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
357
                goto end;
358
            break;
359
        case OPT_POST:
360
            if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
361
                goto end;
362
            break;
363
        }
364
    }
365

366
    /* Any remaining arguments are engine names. */
367
    argc = opt_num_rest();
368
    argv = opt_rest();
369
    for ( ; *argv; argv++) {
370
        if (**argv == '-') {
371
            BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
372
                       prog);
373
            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
374
            goto end;
375
        }
376
        if (!sk_OPENSSL_CSTRING_push(engines, *argv))
377
            goto end;
378
    }
379

380
    if (sk_OPENSSL_CSTRING_num(engines) == 0) {
381
        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
382
            if (!sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e)))
383
                goto end;
384
        }
385
    }
386

387
    ret = 0;
388
    for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
389
        const char *id = sk_OPENSSL_CSTRING_value(engines, i);
390
        if ((e = ENGINE_by_id(id)) != NULL) {
391
            const char *name = ENGINE_get_name(e);
392
            /*
393
             * Do "id" first, then "name". Easier to auto-parse.
394
             */
395
            BIO_printf(out, "(%s) %s\n", id, name);
396
            util_do_cmds(e, pre_cmds, out, indent);
397
            if (strcmp(ENGINE_get_id(e), id) != 0) {
398
                BIO_printf(out, "Loaded: (%s) %s\n",
399
                           ENGINE_get_id(e), ENGINE_get_name(e));
400
            }
401
            if (list_cap) {
402
                int cap_size = 256;
403
                char *cap_buf = NULL;
404
                int k, n;
405
                const int *nids;
406
                ENGINE_CIPHERS_PTR fn_c;
407
                ENGINE_DIGESTS_PTR fn_d;
408
                ENGINE_PKEY_METHS_PTR fn_pk;
409

410
                if (ENGINE_get_RSA(e) != NULL
411
                    && !append_buf(&cap_buf, &cap_size, "RSA"))
412
                    goto end;
413
                if (ENGINE_get_EC(e) != NULL
414
                    && !append_buf(&cap_buf, &cap_size, "EC"))
415
                    goto end;
416
                if (ENGINE_get_DSA(e) != NULL
417
                    && !append_buf(&cap_buf, &cap_size, "DSA"))
418
                    goto end;
419
                if (ENGINE_get_DH(e) != NULL
420
                    && !append_buf(&cap_buf, &cap_size, "DH"))
421
                    goto end;
422
                if (ENGINE_get_RAND(e) != NULL
423
                    && !append_buf(&cap_buf, &cap_size, "RAND"))
424
                    goto end;
425

426
                fn_c = ENGINE_get_ciphers(e);
427
                if (fn_c == NULL)
428
                    goto skip_ciphers;
429
                n = fn_c(e, NULL, &nids, 0);
430
                for (k = 0; k < n; ++k)
431
                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
432
                        goto end;
433

434
 skip_ciphers:
435
                fn_d = ENGINE_get_digests(e);
436
                if (fn_d == NULL)
437
                    goto skip_digests;
438
                n = fn_d(e, NULL, &nids, 0);
439
                for (k = 0; k < n; ++k)
440
                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
441
                        goto end;
442

443
 skip_digests:
444
                fn_pk = ENGINE_get_pkey_meths(e);
445
                if (fn_pk == NULL)
446
                    goto skip_pmeths;
447
                n = fn_pk(e, NULL, &nids, 0);
448
                for (k = 0; k < n; ++k)
449
                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
450
                        goto end;
451
 skip_pmeths:
452
                {
453
                    struct util_store_cap_data store_ctx;
454

455
                    store_ctx.engine = e;
456
                    store_ctx.cap_buf = &cap_buf;
457
                    store_ctx.cap_size = &cap_size;
458
                    store_ctx.ok = 1;
459

460
                    OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
461
                    if (!store_ctx.ok)
462
                        goto end;
463
                }
464
                if (cap_buf != NULL && (*cap_buf != '\0'))
465
                    BIO_printf(out, " [%s]\n", cap_buf);
466

467
                OPENSSL_free(cap_buf);
468
            }
469
            if (test_avail) {
470
                BIO_printf(out, "%s", indent);
471
                if (ENGINE_init(e)) {
472
                    BIO_printf(out, "[ available ]\n");
473
                    util_do_cmds(e, post_cmds, out, indent);
474
                    ENGINE_finish(e);
475
                } else {
476
                    BIO_printf(out, "[ unavailable ]\n");
477
                    if (test_avail_noise)
478
                        ERR_print_errors_fp(stdout);
479
                    ERR_clear_error();
480
                }
481
            }
482
            if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
483
                goto end;
484
            ENGINE_free(e);
485
        } else {
486
            ERR_print_errors(bio_err);
487
            /* because exit codes above 127 have special meaning on Unix */
488
            if (++ret > 127)
489
                ret = 127;
490
        }
491
    }
492

493
 end:
494

495
    ERR_print_errors(bio_err);
496
    sk_OPENSSL_CSTRING_free(engines);
497
    sk_OPENSSL_STRING_free(pre_cmds);
498
    sk_OPENSSL_STRING_free(post_cmds);
499
    BIO_free_all(out);
500
    return ret;
501
}
502

503