Skip unavailable digests and ciphers in -*-commands

Fixes #13594 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13669)
2020-12-11 03:15:09 +01:00 · 2020-12-11 03:15:09 +01:00 · a61fba5da6
parent cb75a155b6
commit a61fba5da6
3 changed files with 74 additions and 0 deletions
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@ -159,6 +159,8 @@ int finish_engine(ENGINE *e);
 char *make_engine_uri(ENGINE *e, const char *key_id, const char *desc);

 int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e);
+const EVP_MD *get_digest_from_engine(const char *name);
+const EVP_CIPHER *get_cipher_from_engine(const char *name);

 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
--- a/apps/lib/engine.c
+++ b/apps/lib/engine.c
@ -163,3 +163,31 @@ int get_legacy_pkey_id(OSSL_LIB_CTX *libctx, const char *algname, ENGINE *e)

    return pkey_id;
 }
+
+const EVP_MD *get_digest_from_engine(const char *name)
+{
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *eng;
+
+    eng = ENGINE_get_digest_engine(OBJ_sn2nid(name));
+    if (eng != NULL) {
+        ENGINE_finish(eng);
+        return EVP_get_digestbyname(name);
+    }
+#endif
+    return NULL;
+}
+
+const EVP_CIPHER *get_cipher_from_engine(const char *name)
+{
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *eng;
+
+    eng = ENGINE_get_cipher_engine(OBJ_sn2nid(name));
+    if (eng != NULL) {
+        ENGINE_finish(eng);
+        return EVP_get_cipherbyname(name);
+    }
+#endif
+    return NULL;
+}
--- a/apps/list.c
+++ b/apps/list.c
@ -945,6 +945,38 @@ static void list_options_for_command(const char *command)
    BIO_printf(bio_out, "- -\n");
 }

+static int is_md_available(const char *name)
+{
+    EVP_MD *md;
+
+    /* Look through providers' digests */
+    ERR_set_mark();
+    md = EVP_MD_fetch(NULL, name, NULL);
+    ERR_pop_to_mark();
+    if (md != NULL) {
+        EVP_MD_free(md);
+        return 1;
+    }
+
+    return (get_digest_from_engine(name) == NULL) ? 0 : 1;
+}
+
+static int is_cipher_available(const char *name)
+{
+    EVP_CIPHER *cipher;
+
+    /* Look through providers' ciphers */
+    ERR_set_mark();
+    cipher = EVP_CIPHER_fetch(NULL, name, NULL);
+    ERR_pop_to_mark();
+    if (cipher != NULL) {
+        EVP_CIPHER_free(cipher);
+        return 1;
+    }
+
+    return (get_cipher_from_engine(name) == NULL) ? 0 : 1;
+}
+
 static void list_type(FUNC_TYPE ft, int one)
 {
    FUNCTION *fp;
@ -958,6 +990,18 @@ static void list_type(FUNC_TYPE ft, int one)
    for (fp = functions; fp->name != NULL; fp++) {
        if (fp->type != ft)
            continue;
+        switch (ft) {
+        case FT_cipher:
+            if (!is_cipher_available(fp->name))
+                continue;
+            break;
+        case FT_md:
+            if (!is_md_available(fp->name))
+                continue;
+            break;
+        default:
+            break;
+        }
        if (one) {
            BIO_printf(bio_out, "%s\n", fp->name);
        } else {