From 5b51f9d9875750f27f2fa8a75f22e0fcb9a6bec0 Mon Sep 17 00:00:00 2001 From: Lars Thorsen Date: Wed, 15 Aug 2018 12:26:44 +0200 Subject: Updated the engine load functionality - engine_load/3/4 can be called multiple times for same engine if it allows it (eg doesn't contain global data) - ensure_engine_loaded/2/3 is new functions that guarantees that the engine is just loaded once by adding it to OpenSSL internal engine list and check that before loading. - ensure_engine_unloaded/1/2 is new functions that is used to unload engines loaded with ensure_engine_loaded (remove it from OpenSSL internal engine list and then unload). - new utility functions engine_by_id/1, engine_add/1, engine_remove/1, engine_get_id/1 and engine_get_name/1 --- lib/crypto/c_src/crypto.c | 56 ++++++-- lib/crypto/doc/src/crypto.xml | 263 ++++++++++++++++++++++++++++++---- lib/crypto/doc/src/engine_load.xml | 31 +++- lib/crypto/src/crypto.erl | 174 +++++++++++++++++++---- lib/crypto/test/engine_SUITE.erl | 280 ++++++++++++++++++++++++++++++++----- 5 files changed, 694 insertions(+), 110 deletions(-) (limited to 'lib') diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c index 6e855939f7..6dd263adb2 100644 --- a/lib/crypto/c_src/crypto.c +++ b/lib/crypto/c_src/crypto.c @@ -1,7 +1,7 @@ /* * %CopyrightBegin% * - * Copyright Ericsson AB 2010-2017. All Rights Reserved. + * Copyright Ericsson AB 2010-2018. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -527,6 +527,7 @@ static ERL_NIF_TERM engine_remove_nif(ErlNifEnv* env, int argc, const ERL_NIF_TE static ERL_NIF_TERM engine_get_first_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM engine_get_next_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM engine_get_id_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); +static ERL_NIF_TERM engine_get_name_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); static ERL_NIF_TERM engine_get_all_methods_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]); /* helpers */ @@ -613,6 +614,7 @@ static ErlNifFunc nif_funcs[] = { {"engine_get_first_nif", 0, engine_get_first_nif}, {"engine_get_next_nif", 1, engine_get_next_nif}, {"engine_get_id_nif", 1, engine_get_id_nif}, + {"engine_get_name_nif", 1, engine_get_name_nif}, {"engine_get_all_methods_nif", 0, engine_get_all_methods_nif} }; @@ -1016,7 +1018,7 @@ static int initialize(ErlNifEnv* env, ERL_NIF_TERM load_info) */ return 0; } -#endif +#endif atom_true = enif_make_atom(env,"true"); atom_false = enif_make_atom(env,"false"); @@ -4727,7 +4729,7 @@ static ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM } else { /* non-evp rsa private decrypt */ i = RSA_private_decrypt(in_bin.size, in_bin.data, - out_bin.data, rsa, crypt_opt.rsa_padding); + out_bin.data, rsa, crypt_opt.rsa_padding); if (i > 0) { ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, i); enif_realloc_binary(&out_bin, i); @@ -4745,7 +4747,7 @@ static ERL_NIF_TERM pkey_crypt_nif(ErlNifEnv *env, int argc, const ERL_NIF_TERM } else { /* non-evp rsa public decrypt */ i = RSA_public_decrypt(in_bin.size, in_bin.data, - out_bin.data, rsa, crypt_opt.rsa_padding); + out_bin.data, rsa, crypt_opt.rsa_padding); if (i > 0) { ERL_VALGRIND_MAKE_MEM_DEFINED(out_bin.data, i); enif_realloc_binary(&out_bin, i); @@ -4863,7 +4865,7 @@ static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NI / * Example of result: { Curve = {Field, Prime, Point, Order, CoFactor} = - { + { Field = {prime_field,<<255,...,255>>}, Prime = {<<255,...,252>>, <<90,...,75>>, @@ -4876,9 +4878,9 @@ static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NI Key = <<151,...,62>> } or - { + { Curve = - {characteristic_two_field, + {characteristic_two_field, M, Basis = {tpbasis, _} | {ppbasis, k1, k2, k3} @@ -4891,7 +4893,7 @@ static ERL_NIF_TERM privkey_to_pubkey_nif(ErlNifEnv* env, int argc, const ERL_NI */ #endif } - + if (pkey) EVP_PKEY_free(pkey); return enif_make_badarg(env); } @@ -5072,7 +5074,7 @@ static ERL_NIF_TERM engine_ctrl_cmd_strings_nif(ErlNifEnv* env, int argc, const error: for(i = 0; cmds != NULL && cmds[i] != NULL; i++) - enif_free(cmds[i]); + enif_free(cmds[i]); enif_free(cmds); return ret; #else @@ -5390,7 +5392,7 @@ static ERL_NIF_TERM engine_get_id_nif(ErlNifEnv* env, int argc, const ERL_NIF_TE if (!engine_id) { enif_alloc_binary(0, &engine_id_bin); engine_id_bin.size = 0; - return enif_make_tuple2(env, atom_ok, enif_make_binary(env, &engine_id_bin)); + return enif_make_binary(env, &engine_id_bin); } size = strlen(engine_id); @@ -5398,7 +5400,39 @@ static ERL_NIF_TERM engine_get_id_nif(ErlNifEnv* env, int argc, const ERL_NIF_TE engine_id_bin.size = size; memcpy(engine_id_bin.data, engine_id, size); - return enif_make_tuple2(env, atom_ok, enif_make_binary(env, &engine_id_bin)); + return enif_make_binary(env, &engine_id_bin); +#else + return atom_notsup; +#endif +} + +static ERL_NIF_TERM engine_get_name_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]) +{/* (Engine) */ +#ifdef HAS_ENGINE_SUPPORT + ErlNifBinary engine_name_bin; + const char *engine_name; + int size; + struct engine_ctx *ctx; + + // Get Engine + if (!enif_get_resource(env, argv[0], engine_ctx_rtype, (void**)&ctx)) { + PRINTF_ERR0("engine_get_id_nif Leaved: Parameter not an engine resource object"); + return enif_make_badarg(env); + } + + engine_name = ENGINE_get_name(ctx->engine); + if (!engine_name) { + enif_alloc_binary(0, &engine_name_bin); + engine_name_bin.size = 0; + return enif_make_binary(env, &engine_name_bin); + } + + size = strlen(engine_name); + enif_alloc_binary(size, &engine_name_bin); + engine_name_bin.size = size; + memcpy(engine_name_bin.data, engine_name, size); + + return enif_make_binary(env, &engine_name_bin); #else return atom_notsup; #endif diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 464799b320..8eb414b9bf 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -4,7 +4,7 @@
- 19992017 + 19992018 Ericsson AB. All Rights Reserved. @@ -142,7 +142,7 @@ password => password()} engine_ref() = term() -

The result of a call to engine_load/3. +

The result of a call to for example engine_load/3.

key_id() = string() | binary() @@ -628,7 +628,7 @@

Fetches the corresponding public key from a private key stored in an Engine. The key must be of the type indicated by the Type parameter. -

+

@@ -953,8 +953,8 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[

Returns a list of all possible engine methods.

-

- May throw exception notsup in case there is +

+ May throw exception notsup in case there is no engine support in the underlying OpenSSL implementation.

@@ -970,18 +970,18 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[ EngineId = unicode:chardata() PreCmds, PostCmds = [{unicode:chardata(), unicode:chardata()}] - Result = {ok, Engine::term()} | {error, Reason::term()} + Result = {ok, Engine::engine_ref()} | {error, Reason::term()}

Loads the OpenSSL engine given by EngineId if it is available and then returns ok and - an engine handle. This function is the same as calling engine_load/4 with - EngineMethods set to a list of all the possible methods. An error tuple is + an engine handle. This function is the same as calling engine_load/4 with + EngineMethods set to a list of all the possible methods. An error tuple is returned if the engine can't be loaded.

The function throws a badarg if the parameters are in wrong format. - It may also throw the exception notsup in case there is + It may also throw the exception notsup in case there is no engine support in the underlying OpenSSL implementation.

@@ -998,7 +998,7 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[ EngineId = unicode:chardata() PreCmds, PostCmds = [{unicode:chardata(), unicode:chardata()}] EngineMethods = [engine_method_type()] - Result = {ok, Engine::term()} | {error, Reason::term()} + Result = {ok, Engine::engine_ref()} | {error, Reason::term()}

@@ -1007,7 +1007,7 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[

The function throws a badarg if the parameters are in wrong format. - It may also throw the exception notsup in case there is + It may also throw the exception notsup in case there is no engine support in the underlying OpenSSL implementation.

@@ -1021,17 +1021,17 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[ engine_unload(Engine) -> Result Dynamical load an encryption engine - Engine = term() + Engine = engine_ref() Result = ok | {error, Reason::term()}

- Unloads the OpenSSL engine given by EngineId. + Unloads the OpenSSL engine given by Engine. An error tuple is returned if the engine can't be unloaded.

The function throws a badarg if the parameter is in wrong format. - It may also throw the exception notsup in case there is + It may also throw the exception notsup in case there is no engine support in the underlying OpenSSL implementation.

@@ -1042,19 +1042,24 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[ - engine_list() -> Result - List the known engine ids + engine_by_id(EngineId) -> Result + Get a reference to an already loaded engine - Result = [EngineId::unicode:chardata()] + EngineID = unicode:chardata()engine_ref() + Result = {ok, Engine::engine_ref()} | {error, Reason::term()} -

List the id's of all engines in OpenSSL's internal list.

- It may also throw the exception notsup in case there is + Get a reference to an already loaded engine with EngineId. + An error tuple is returned if the engine can't be unloaded. +

+

+ The function throws a badarg if the parameter is in wrong format. + It may also throw the exception notsup in case there is no engine support in the underlying OpenSSL implementation.

- See also the chapter Engine Load + See also the chapter Engine Load in the User's Guide.

@@ -1064,7 +1069,7 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[ engine_ctrl_cmd_string(Engine, CmdName, CmdArg) -> Result Sends ctrl commands to an OpenSSL engine - Engine = term() + Engine = engine_ref() CmdName = unicode:chardata() CmdArg = unicode:chardata() Result = ok | {error, Reason::term()} @@ -1072,12 +1077,12 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[

Sends ctrl commands to the OpenSSL engine given by Engine. - This function is the same as calling engine_ctrl_cmd_string/4 with + This function is the same as calling engine_ctrl_cmd_string/4 with Optional set to false.

The function throws a badarg if the parameters are in wrong format. - It may also throw the exception notsup in case there is + It may also throw the exception notsup in case there is no engine support in the underlying OpenSSL implementation.

@@ -1087,7 +1092,7 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[ engine_ctrl_cmd_string(Engine, CmdName, CmdArg, Optional) -> Result Sends ctrl commands to an OpenSSL engine - Engine = term() + Engine = engine_ref() CmdName = unicode:chardata() CmdArg = unicode:chardata() Optional = boolean() @@ -1096,18 +1101,218 @@ _FloatValue = rand:uniform(). % [0.0; 1.0[

Sends ctrl commands to the OpenSSL engine given by Engine. - Optional is a boolean argument that can relax the semantics of the function. - If set to true it will only return failure if the ENGINE supported the given - command name but failed while executing it, if the ENGINE doesn't support the command - name it will simply return success without doing anything. In this case we assume + Optional is a boolean argument that can relax the semantics of the function. + If set to true it will only return failure if the ENGINE supported the given + command name but failed while executing it, if the ENGINE doesn't support the command + name it will simply return success without doing anything. In this case we assume the user is only supplying commands specific to the given ENGINE so we set this to false.

The function throws a badarg if the parameters are in wrong format. - It may also throw the exception notsup in case there is + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+
+ + + + engine_add(Engine) -> Result + Add engine to OpenSSL internal list + + Engine = engine_ref() + Result = ok | {error, Reason::term()} + + +

Add the engine to OpenSSL's internal list.

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+
+
+ + + engine_remove(Engine) -> Result + Remove engine to OpenSSL internal list + + Engine = engine_ref() + Result = ok | {error, Reason::term()} + + +

Remove the engine from OpenSSL's internal list.

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+
+
+ + + engine_get_id(Engine) -> EngineId + Fetch engine ID + + Engine = engine_ref() + EngineId = unicode:chardata() + + +

Return the ID for the engine, or an empty binary if there is no id set.

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+
+
+ + + engine_get_name(Engine) -> EngineName + Fetch engine name + + Engine = engine_ref() + EngineName = unicode:chardata() + + +

Return the name (eg a description) for the engine, or an empty binary if there is no name set.

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+
+
+ + + engine_list() -> Result + List the known engine ids + + Result = [EngineId::unicode:chardata()] + + +

List the id's of all engines in OpenSSL's internal list.

+

+ It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+

+ See also the chapter Engine Load + in the User's Guide. +

+

+ May throw exception notsup in case engine functionality is not supported by the underlying + OpenSSL implementation. +

+
+
+ + + ensure_engine_loaded(EngineId, LibPath) -> Result + Ensure encryption engine just loaded once + + EngineId = unicode:chardata() + LibPath = unicode:chardata() + Result = {ok, Engine::engine_ref()} | {error, Reason::term()} + + +

+ Loads the OpenSSL engine given by EngineId and the path to the dynamic library + implementing the engine. This function is the same as calling ensure_engine_loaded/3 with + EngineMethods set to a list of all the possible methods. An error tuple is + returned if the engine can't be loaded. +

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is no engine support in the underlying OpenSSL implementation.

+

+ See also the chapter Engine Load + in the User's Guide. +

+
+
+ + + ensure_engine_loaded(EngineId, LibPath, EngineMethods) -> Result + Ensure encryption engine just loaded once + + EngineId = unicode:chardata() + LibPath = unicode:chardata() + EngineMethods = [engine_method_type()] + Result = {ok, Engine::engine_ref()} | {error, Reason::term()} + + +

+ Loads the OpenSSL engine given by EngineId and the path to the dynamic library + implementing the engine. This function differs from the normal engine_load in that sense it + also add the engine id to the internal list in OpenSSL. Then in the following calls to the function + it just fetch the reference to the engine instead of loading it again. + An error tuple is returned if the engine can't be loaded. +

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+

+ See also the chapter Engine Load + in the User's Guide. +

+
+
+ + + ensure_engine_unloaded(Engine) -> Result + Unload an engine loaded with the ensure function + + Engine = engine_ref() + Result = ok | {error, Reason::term()} + + +

+ Unloads an engine loaded with the ensure_engine_loaded function. + It both removes the label from the OpenSSL internal engine list and unloads the engine. + This function is the same as calling ensure_engine_unloaded/2 with + EngineMethods set to a list of all the possible methods. An error tuple is + returned if the engine can't be unloaded. +

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+

+ See also the chapter Engine Load + in the User's Guide. +

+
+
+ + + ensure_engine_unloaded(Engine, EngineMethods) -> Result + Unload an engine loaded with the ensure function + + Engine = engine_ref() + EngineMethods = [engine_method_type()] + Result = ok | {error, Reason::term()} + + +

+ Unloads an engine loaded with the ensure_engine_loaded function. + It both removes the label from the OpenSSL internal engine list and unloads the engine. + An error tuple is returned if the engine can't be unloaded. +

+

+ The function throws a badarg if the parameters are in wrong format. + It may also throw the exception notsup in case there is + no engine support in the underlying OpenSSL implementation. +

+

+ See also the chapter Engine Load + in the User's Guide. +

diff --git a/lib/crypto/doc/src/engine_load.xml b/lib/crypto/doc/src/engine_load.xml index e5c3f5d561..3d0aa0c32a 100644 --- a/lib/crypto/doc/src/engine_load.xml +++ b/lib/crypto/doc/src/engine_load.xml @@ -42,6 +42,9 @@ operations. The hardware implementation usually offers improved performance over its software-based counterpart, which is known as cryptographic acceleration.

+ +

The file name requirement on the engine dynamic library can differ between SSL versions.

+
@@ -54,9 +57,6 @@ 1> {ok, Engine} = crypto:engine_load(<<"otp_test_engine">>, [], []). {ok, #Ref} - -

The file name requirement on the engine dynamic library can differ between SSL versions.

-
@@ -72,9 +72,6 @@ <<"LOAD">>], []). {ok, #Ref} - -

The dynamic engine is not supported in LibreSSL from version 2.2.1

-
@@ -99,6 +96,28 @@ engine_method_pkey_meths, engine_method_pkey_asn1_meths]. {ok, #Ref}
+
+ Load with the ensure loaded function +

+ This function makes sure the engine is loaded just once and the ID is added to the internal + engine list of OpenSSL. The following calls to the function will check if the ID is loaded + and then just get a new reference to the engine. +

+ + 5> {ok, Engine} = crypto:ensure_engine_loaded(<<"MD5">>, + <<"/some/path/otp_test_engine.so">>). + {ok, #Ref} +

+ To unload it use crypto:ensure_engine_unloaded/1 which removes the ID from the internal list + before unloading the engine. +

+ + 6> crypto:ensure_engine_unloaded(<<"MD5">>). + ok +
+ + +
List all engines currently loaded diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 1a1b4f98b5..0d85b94b57 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 1999-2017. All Rights Reserved. +%% Copyright Ericsson AB 1999-2018. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. @@ -51,9 +51,18 @@ engine_load/3, engine_load/4, engine_unload/1, + engine_by_id/1, engine_list/0, engine_ctrl_cmd_string/3, - engine_ctrl_cmd_string/4 + engine_ctrl_cmd_string/4, + engine_add/1, + engine_remove/1, + engine_get_id/1, + engine_get_name/1, + ensure_engine_loaded/2, + ensure_engine_loaded/3, + ensure_engine_unloaded/1, + ensure_engine_unloaded/2 ]). -export_type([engine_ref/0, @@ -444,7 +453,7 @@ sign(Algorithm, Type, Data, Key, Options) -> -type engine_key_ref() :: #{engine := engine_ref(), key_id := key_id(), password => password(), - term() => term() + term() => term() }. -type pk_algs() :: rsa | ecdsa | dss . @@ -604,7 +613,7 @@ compute_key(ecdh, Others, My, Curve) -> -type engine_method_type() :: engine_method_rsa | engine_method_dsa | engine_method_dh | engine_method_rand | engine_method_ecdh | engine_method_ecdsa | engine_method_ciphers | engine_method_digests | engine_method_store | - engine_method_pkey_meths | engine_method_pkey_asn1_meths | + engine_method_pkey_meths | engine_method_pkey_asn1_meths | engine_method_ec. -type engine_ref() :: term(). @@ -621,7 +630,8 @@ engine_get_all_methods() -> PreCmds::[{unicode:chardata(), unicode:chardata()}], PostCmds::[{unicode:chardata(), unicode:chardata()}]) -> {ok, Engine::engine_ref()} | {error, Reason::term()}. -engine_load(EngineId, PreCmds, PostCmds) when is_list(PreCmds), is_list(PostCmds) -> +engine_load(EngineId, PreCmds, PostCmds) when is_list(PreCmds), + is_list(PostCmds) -> engine_load(EngineId, PreCmds, PostCmds, engine_get_all_methods()). %%---------------------------------------------------------------------- @@ -638,28 +648,26 @@ engine_load(EngineId, PreCmds, PostCmds, EngineMethods) when is_list(PreCmds), ok = notsup_to_error(engine_load_dynamic_nif()), case notsup_to_error(engine_by_id_nif(ensure_bin_chardata(EngineId))) of {ok, Engine} -> - ok = engine_load_1(Engine, PreCmds, PostCmds, EngineMethods), - {ok, Engine}; + engine_load_1(Engine, PreCmds, PostCmds, EngineMethods); {error, Error1} -> {error, Error1} end catch - throw:Error2 -> - Error2 + throw:Error2 -> + Error2 end. engine_load_1(Engine, PreCmds, PostCmds, EngineMethods) -> try ok = engine_nif_wrapper(engine_ctrl_cmd_strings_nif(Engine, ensure_bin_cmds(PreCmds), 0)), - ok = engine_nif_wrapper(engine_add_nif(Engine)), ok = engine_nif_wrapper(engine_init_nif(Engine)), engine_load_2(Engine, PostCmds, EngineMethods), - ok + {ok, Engine} catch - throw:Error -> - %% The engine couldn't initialise, release the structural reference - ok = engine_free_nif(Engine), - throw(Error) + throw:Error -> + %% The engine couldn't initialise, release the structural reference + ok = engine_free_nif(Engine), + throw(Error) end. engine_load_2(Engine, PostCmds, EngineMethods) -> @@ -689,7 +697,6 @@ engine_unload(Engine, EngineMethods) -> try [ok = engine_nif_wrapper(engine_unregister_nif(Engine, engine_method_atom_to_int(Method))) || Method <- EngineMethods], - ok = engine_nif_wrapper(engine_remove_nif(Engine)), %% Release the functional reference from engine_init_nif ok = engine_nif_wrapper(engine_finish_nif(Engine)), %% Release the structural reference from engine_by_id_nif @@ -699,6 +706,41 @@ engine_unload(Engine, EngineMethods) -> Error end. +%%---------------------------------------------------------------------- +%% Function: engine_by_id/1 +%%---------------------------------------------------------------------- +engine_by_id(EngineId) -> + try + notsup_to_error(engine_by_id_nif(ensure_bin_chardata(EngineId))) + catch + throw:Error -> + Error + end. + +%%---------------------------------------------------------------------- +%% Function: engine_add/1 +%%---------------------------------------------------------------------- +engine_add(Engine) -> + notsup_to_error(engine_add_nif(Engine)). + +%%---------------------------------------------------------------------- +%% Function: engine_remove/1 +%%---------------------------------------------------------------------- +engine_remove(Engine) -> + notsup_to_error(engine_remove_nif(Engine)). + +%%---------------------------------------------------------------------- +%% Function: engine_get_id/1 +%%---------------------------------------------------------------------- +engine_get_id(Engine) -> + notsup_to_error(engine_get_id_nif(Engine)). + +%%---------------------------------------------------------------------- +%% Function: engine_get_name/1 +%%---------------------------------------------------------------------- +engine_get_name(Engine) -> + notsup_to_error(engine_get_name_nif(Engine)). + %%---------------------------------------------------------------------- %% Function: engine_list/0 %%---------------------------------------------------------------------- @@ -710,9 +752,9 @@ engine_list() -> []; {ok, Engine} -> case notsup_to_error(engine_get_id_nif(Engine)) of - {ok, <<>>} -> + <<>> -> engine_list(Engine, []); - {ok, EngineId} -> + EngineId -> engine_list(Engine, [EngineId]) end end. @@ -723,9 +765,9 @@ engine_list(Engine0, IdList) -> lists:reverse(IdList); {ok, Engine1} -> case notsup_to_error(engine_get_id_nif(Engine1)) of - {ok, <<>>} -> + <<>> -> engine_list(Engine1, IdList); - {ok, EngineId} -> + EngineId -> engine_list(Engine1, [EngineId |IdList]) end end. @@ -734,7 +776,7 @@ engine_list(Engine0, IdList) -> %% Function: engine_ctrl_cmd_string/3 %%---------------------------------------------------------------------- -spec engine_ctrl_cmd_string(Engine::term(), - CmdName::unicode:chardata(), + CmdName::unicode:chardata(), CmdArg::unicode:chardata()) -> ok | {error, Reason::term()}. engine_ctrl_cmd_string(Engine, CmdName, CmdArg) -> @@ -744,13 +786,13 @@ engine_ctrl_cmd_string(Engine, CmdName, CmdArg) -> %% Function: engine_ctrl_cmd_string/4 %%---------------------------------------------------------------------- -spec engine_ctrl_cmd_string(Engine::term(), - CmdName::unicode:chardata(), + CmdName::unicode:chardata(), CmdArg::unicode:chardata(), Optional::boolean()) -> ok | {error, Reason::term()}. engine_ctrl_cmd_string(Engine, CmdName, CmdArg, Optional) -> - case engine_ctrl_cmd_strings_nif(Engine, - ensure_bin_cmds([{CmdName, CmdArg}]), + case engine_ctrl_cmd_strings_nif(Engine, + ensure_bin_cmds([{CmdName, CmdArg}]), bool_to_int(Optional)) of ok -> ok; @@ -760,6 +802,82 @@ engine_ctrl_cmd_string(Engine, CmdName, CmdArg, Optional) -> {error, Error} end. +%%---------------------------------------------------------------------- +%% Function: ensure_engine_loaded/2 +%% Special version of load that only uses dynamic engine to load +%%---------------------------------------------------------------------- +ensure_engine_loaded(EngineId, LibPath) -> + ensure_engine_loaded(EngineId, LibPath, engine_get_all_methods()). + +%%---------------------------------------------------------------------- +%% Function: ensure_engine_loaded/3 +%% Special version of load that only uses dynamic engine to load +%%---------------------------------------------------------------------- +ensure_engine_loaded(EngineId, LibPath, EngineMethods) -> + try + List = crypto:engine_list(), + case lists:member(EngineId, List) of + true -> + notsup_to_error(engine_by_id_nif(ensure_bin_chardata(EngineId))); + false -> + ok = notsup_to_error(engine_load_dynamic_nif()), + case notsup_to_error(engine_by_id_nif(ensure_bin_chardata(<<"dynamic">>))) of + {ok, Engine} -> + PreCommands = [{<<"SO_PATH">>, ensure_bin_chardata(LibPath)}, + {<<"ID">>, ensure_bin_chardata(EngineId)}, + <<"LOAD">>], + ensure_engine_loaded_1(Engine, PreCommands, EngineMethods); + {error, Error1} -> + {error, Error1} + end + end + catch + throw:Error2 -> + Error2 + end. + +ensure_engine_loaded_1(Engine, PreCmds, Methods) -> + try + ok = engine_nif_wrapper(engine_ctrl_cmd_strings_nif(Engine, ensure_bin_cmds(PreCmds), 0)), + ok = engine_nif_wrapper(engine_add_nif(Engine)), + ok = engine_nif_wrapper(engine_init_nif(Engine)), + ensure_engine_loaded_2(Engine, Methods), + {ok, Engine} + catch + throw:Error -> + %% The engine couldn't initialise, release the structural reference + ok = engine_free_nif(Engine), + throw(Error) + end. + +ensure_engine_loaded_2(Engine, Methods) -> + try + [ok = engine_nif_wrapper(engine_register_nif(Engine, engine_method_atom_to_int(Method))) || + Method <- Methods], + ok + catch + throw:Error -> + %% The engine registration failed, release the functional reference + ok = engine_finish_nif(Engine), + throw(Error) + end. +%%---------------------------------------------------------------------- +%% Function: ensure_engine_unloaded/1 +%%---------------------------------------------------------------------- +ensure_engine_unloaded(Engine) -> + ensure_engine_unloaded(Engine, engine_get_all_methods()). + +%%---------------------------------------------------------------------- +%% Function: ensure_engine_unloaded/2 +%%---------------------------------------------------------------------- +ensure_engine_unloaded(Engine, EngineMethods) -> + case engine_remove(Engine) of + ok -> + engine_unload(Engine, EngineMethods); + {error, E} -> + {error, E} + end. + %%-------------------------------------------------------------------- %%% On load %%-------------------------------------------------------------------- @@ -827,7 +945,7 @@ path2bin(Path) when is_list(Path) -> max_bytes() -> ?MAX_BYTES_TO_NIF. -notsup_to_error(notsup) -> +notsup_to_error(notsup) -> erlang:error(notsup); notsup_to_error(Other) -> Other. @@ -1104,7 +1222,7 @@ privkey_to_pubkey(Alg, EngineMap) when Alg == rsa; Alg == dss; Alg == ecdsa -> error:notsup -> {error, notsup} end. - + privkey_to_pubkey_nif(_Alg, _EngineMap) -> ?nif_stub. @@ -1266,6 +1384,7 @@ engine_unregister_nif(_Engine, _EngineMethod) -> ?nif_stub. engine_get_first_nif() -> ?nif_stub. engine_get_next_nif(_Engine) -> ?nif_stub. engine_get_id_nif(_Engine) -> ?nif_stub. +engine_get_name_nif(_Engine) -> ?nif_stub. engine_get_all_methods_nif() -> ?nif_stub. %%-------------------------------------------------------------------- @@ -1323,7 +1442,7 @@ get_test_engine() -> Type = erlang:system_info(system_architecture), LibDir = filename:join([code:priv_dir(crypto), "lib"]), ArchDir = filename:join([LibDir, Type]), - case filelib:is_dir(ArchDir) of + case filelib:is_dir(ArchDir) of true -> check_otp_test_engine(ArchDir); false -> check_otp_test_engine(LibDir) end. @@ -1341,4 +1460,3 @@ check_otp_test_engine(LibDir) -> {error, notexist} end end. - diff --git a/lib/crypto/test/engine_SUITE.erl b/lib/crypto/test/engine_SUITE.erl index f410542f72..891eaff23b 100644 --- a/lib/crypto/test/engine_SUITE.erl +++ b/lib/crypto/test/engine_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2017-2017. All Rights Reserved. +%% Copyright Ericsson AB 2017-2018. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. @@ -39,6 +39,10 @@ all() -> get_all_possible_methods, engine_load_all_methods, engine_load_some_methods, + multiple_engine_load, + engine_list, + get_id_and_name, + engine_by_id, bad_arguments, unknown_engine, pre_command_fail_bad_value, @@ -46,6 +50,7 @@ all() -> failed_engine_init, ctrl_cmd_string, ctrl_cmd_string_optional, + ensure_load, {group, engine_stored_key} ]. @@ -95,7 +100,7 @@ init_per_group(engine_stored_key, Config) -> {error, notexist} -> {skip, "OTP Test engine not found"}; {error, notsup} -> - {skip, "Engine not supported on this OpenSSL version"}; + {skip, "Engine not supported on this SSL version"}; {error, bad_engine_id} -> {skip, "Dynamic Engine not supported"}; Other -> @@ -130,11 +135,12 @@ get_all_possible_methods() -> get_all_possible_methods(Config) when is_list(Config) -> try List = crypto:engine_get_all_methods(), + true = erlang:is_list(List), ct:log("crypto:engine_get_all_methods() -> ~p\n", [List]), ok catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} end. engine_load_all_methods()-> @@ -147,13 +153,12 @@ engine_load_all_methods(Config) when is_list(Config) -> {error, notexist} -> {skip, "OTP Test engine not found"}; {ok, Engine} -> - try + try Md5Hash1 = <<106,30,3,246,166,222,229,158,244,217,241,179,50,232,107,109>>, Md5Hash1 = crypto:hash(md5, "Don't panic"), Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, case crypto:engine_load(<<"dynamic">>, [{<<"SO_PATH">>, Engine}, - {<<"ID">>, <<"MD5">>}, <<"LOAD">>], []) of {ok, E} -> @@ -179,7 +184,7 @@ engine_load_all_methods(Config) when is_list(Config) -> end catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} end end. @@ -193,21 +198,20 @@ engine_load_some_methods(Config) when is_list(Config) -> {error, notexist} -> {skip, "OTP Test engine not found"}; {ok, Engine} -> - try + try Md5Hash1 = <<106,30,3,246,166,222,229,158,244,217,241,179,50,232,107,109>>, Md5Hash1 = crypto:hash(md5, "Don't panic"), Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, EngineMethods = crypto:engine_get_all_methods() -- - [engine_method_dh,engine_method_rand, + [engine_method_dh, engine_method_rand, engine_method_ciphers, engine_method_store, engine_method_pkey_meths, engine_method_pkey_asn1_meths], case crypto:engine_load(<<"dynamic">>, [{<<"SO_PATH">>, Engine}, - {<<"ID">>, <<"MD5">>}, <<"LOAD">>], [], EngineMethods) of - {ok, E} -> + {ok, E} -> case crypto:hash(md5, "Don't panic") of Md5Hash1 -> ct:fail(fail_to_load_engine_still_original); @@ -230,7 +234,168 @@ engine_load_some_methods(Config) when is_list(Config) -> end catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} + end + end. + +multiple_engine_load()-> + [{doc, "Use a dummy md5 engine that does not implement md5" + "but rather returns a static binary to test that crypto:engine_load " + "functions works when called multiple times."}]. + +multiple_engine_load(Config) when is_list(Config) -> + case crypto:get_test_engine() of + {error, notexist} -> + {skip, "OTP Test engine not found"}; + {ok, Engine} -> + try + Md5Hash1 = <<106,30,3,246,166,222,229,158,244,217,241,179,50,232,107,109>>, + Md5Hash1 = crypto:hash(md5, "Don't panic"), + Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, + case crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, Engine}, + <<"LOAD">>], + []) of + {ok, E} -> + {ok, E1} = crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, Engine}, + <<"LOAD">>], + []), + {ok, E2} = crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, Engine}, + <<"LOAD">>], + []), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_to_load_still_original_engine); + Md5Hash2 -> + ok; + _ -> + ct:fail(fail_to_load_engine) + end, + ok = crypto:engine_unload(E2), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_to_load_still_original_engine); + Md5Hash2 -> + ok; + _ -> + ct:fail(fail_to_load_engine) + end, + ok = crypto:engine_unload(E), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_to_load_still_original_engine); + Md5Hash2 -> + ok; + _ -> + ct:fail(fail_to_load_engine) + end, + ok = crypto:engine_unload(E1), + case crypto:hash(md5, "Don't panic") of + Md5Hash2 -> + ct:fail(fail_to_unload_still_test_engine); + Md5Hash1 -> + ok; + _ -> + ct:fail(fail_to_unload_engine) + end; + {error, bad_engine_id} -> + {skip, "Dynamic Engine not supported"} + end + catch + error:notsup -> + {skip, "Engine not supported on this SSL version"} + end + end. + +engine_list()-> + [{doc, "Test add and remove engine ID to the SSL internal engine list."}]. + +engine_list(Config) when is_list(Config) -> + case crypto:get_test_engine() of + {error, notexist} -> + {skip, "OTP Test engine not found"}; + {ok, Engine} -> + try + EngineList0 = crypto:engine_list(), + case crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, Engine}, + <<"LOAD">>], + []) of + {ok, E} -> + EngineList0 = crypto:engine_list(), + ok = crypto:engine_add(E), + [<<"MD5">>] = lists:subtract(crypto:engine_list(), EngineList0), + ok = crypto:engine_remove(E), + EngineList0 = crypto:engine_list(), + ok = crypto:engine_unload(E); + {error, bad_engine_id} -> + {skip, "Dynamic Engine not supported"} + end + catch + error:notsup -> + {skip, "Engine not supported on this SSL version"} + end + end. + +get_id_and_name()-> + [{doc, "Test fetching id and name from an engine."}]. + +get_id_and_name(Config) when is_list(Config) -> + case crypto:get_test_engine() of + {error, notexist} -> + {skip, "OTP Test engine not found"}; + {ok, Engine} -> + try + case crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, Engine}, + <<"LOAD">>], + []) of + {ok, E} -> + <<"MD5">> = crypto:engine_get_id(E), + <<"MD5 test engine">> = crypto:engine_get_name(E), + ok = crypto:engine_unload(E); + {error, bad_engine_id} -> + {skip, "Dynamic Engine not supported"} + end + catch + error:notsup -> + {skip, "Engine not supported on this SSL version"} + end + end. + +engine_by_id()-> + [{doc, "Test fetching a new reference the the engine when the" + "engine id is added to the SSL engine list."}]. + +engine_by_id(Config) when is_list(Config) -> + case crypto:get_test_engine() of + {error, notexist} -> + {skip, "OTP Test engine not found"}; + {ok, Engine} -> + try + case crypto:engine_load(<<"dynamic">>, + [{<<"SO_PATH">>, Engine}, + <<"LOAD">>], + []) of + {ok, E} -> + case crypto:engine_by_id(<<"MD5">>) of + {error,bad_engine_id} -> + ok; + {ok, _} -> + ct:fail(fail_engine_found) + end, + ok = crypto:engine_add(E), + {ok, _E1} = crypto:engine_by_id(<<"MD5">>), + ok = crypto:engine_remove(E), + ok = crypto:engine_unload(E); + {error, bad_engine_id} -> + {skip, "Dynamic Engine not supported"} + end + catch + error:notsup -> + {skip, "Engine not supported on this SSL version"} end end. @@ -244,7 +409,7 @@ bad_arguments(Config) when is_list(Config) -> {error, notexist} -> {skip, "OTP Test engine not found"}; {ok, Engine} -> - try + try try crypto:engine_load(fail_engine, [], []) catch @@ -274,7 +439,7 @@ bad_arguments(Config) when is_list(Config) -> end catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} end end. @@ -287,7 +452,7 @@ unknown_engine(Config) when is_list(Config) -> ok catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} end. pre_command_fail_bad_value() -> @@ -309,7 +474,7 @@ pre_command_fail_bad_value(Config) when is_list(Config) -> end catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} end. pre_command_fail_bad_key() -> @@ -332,9 +497,9 @@ pre_command_fail_bad_key(Config) when is_list(Config) -> {skip, "Dynamic Engine not supported"} end end - catch + catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} end. failed_engine_init()-> @@ -350,18 +515,20 @@ failed_engine_init(Config) when is_list(Config) -> [{<<"SO_PATH">>, Engine}, {<<"ID">>, <<"MD5">>}], []) of - {error, add_engine_failed} -> + {error, engine_init_failed} -> ok; {error, bad_engine_id} -> {skip, "Dynamic Engine not supported"} end end - catch + catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} + {skip, "Engine not supported on this SSL version"} end. +%%------------------------------------------------------------------------- +%% Test the optional flag in ctrl comands ctrl_cmd_string()-> [{doc, "Test that a not known optional ctrl comand do not fail"}]. ctrl_cmd_string(Config) when is_list(Config) -> @@ -375,22 +542,22 @@ ctrl_cmd_string(Config) when is_list(Config) -> {<<"ID">>, <<"MD5">>}, <<"LOAD">>], []) of - {ok, E} -> + {ok, E} -> case crypto:engine_ctrl_cmd_string(E, <<"TEST">>, <<"17">>) of ok -> ct:fail(fail_ctrl_cmd_should_fail); - {error,ctrl_cmd_failed} -> + {error,ctrl_cmd_failed} -> ok end, - ok = crypto:engine_unload(E); + ok = crypto:engine_unload(E); {error, bad_engine_id} -> {skip, "Dynamic Engine not supported"} end end - catch + catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} - end. + {skip, "Engine not supported on this SSL version"} + end. ctrl_cmd_string_optional()-> [{doc, "Test that a not known optional ctrl comand do not fail"}]. @@ -405,22 +572,63 @@ ctrl_cmd_string_optional(Config) when is_list(Config) -> {<<"ID">>, <<"MD5">>}, <<"LOAD">>], []) of - {ok, E} -> + {ok, E} -> case crypto:engine_ctrl_cmd_string(E, <<"TEST">>, <<"17">>, true) of ok -> ok; - _ -> + _ -> ct:fail(fail_ctrl_cmd_string) end, - ok = crypto:engine_unload(E); + ok = crypto:engine_unload(E); {error, bad_engine_id} -> {skip, "Dynamic Engine not supported"} end end - catch + catch error:notsup -> - {skip, "Engine not supported on this OpenSSL version"} - end. + {skip, "Engine not supported on this SSL version"} + end. + +ensure_load()-> + [{doc, "Test the special ensure load function."}]. + +ensure_load(Config) when is_list(Config) -> + case crypto:get_test_engine() of + {error, notexist} -> + {skip, "OTP Test engine not found"}; + {ok, Engine} -> + try + Md5Hash1 = <<106,30,3,246,166,222,229,158,244,217,241,179,50,232,107,109>>, + Md5Hash1 = crypto:hash(md5, "Don't panic"), + Md5Hash2 = <<0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15>>, + case crypto:ensure_engine_loaded(<<"MD5">>, Engine) of + {ok, E} -> + {ok, _E1} = crypto:ensure_engine_loaded(<<"MD5">>, Engine), + case crypto:hash(md5, "Don't panic") of + Md5Hash1 -> + ct:fail(fail_to_load_still_original_engine); + Md5Hash2 -> + ok; + _ -> + ct:fail(fail_to_load_engine) + end, + ok = crypto:ensure_engine_unloaded(E), + case crypto:hash(md5, "Don't panic") of + Md5Hash2 -> + ct:fail(fail_to_unload_still_test_engine); + Md5Hash1 -> + ok; + _ -> + ct:fail(fail_to_unload_engine) + end; + {error, bad_engine_id} -> + {skip, "Dynamic Engine not supported"} + end + catch + error:notsup -> + {skip, "Engine not supported on this SSL version"} + end + end. %%%---------------------------------------------------------------- %%% Pub/priv key storage tests. Thoose are for testing the crypto.erl @@ -465,7 +673,7 @@ sign_verify_rsa_pwd_bad_pwd(Config) -> _ -> {fail, "PWD prot pubkey sign succeded with no pwd!"} catch error:badarg -> ok - end. + end. priv_encrypt_pub_decrypt_rsa(Config) -> Priv = #{engine => engine_ref(Config), @@ -538,7 +746,7 @@ get_pub_from_priv_key_rsa_pwd_no_pwd(Config) -> {skip, "RSA not supported"}; {error, Error} -> {fail, {wrong_error,Error}}; - Pub -> + Pub -> ct:log("rsa Pub = ~p",[Pub]), {fail, "PWD prot pubkey fetch succeded although no pwd!"} end. @@ -554,7 +762,7 @@ get_pub_from_priv_key_rsa_pwd_bad_pwd(Config) -> {skip, "RSA not supported"}; {error, Error} -> {fail, {wrong_error,Error}}; - Pub -> + Pub -> ct:log("rsa Pub = ~p",[Pub]), {fail, "PWD prot pubkey fetch succeded with bad pwd!"} end. @@ -588,7 +796,7 @@ get_pub_from_priv_key_ecdsa(Config) -> ct:log("ecdsa Pub = ~p",[Pub]), sign_verify(ecdsa, sha, Priv, Pub) end. - + %%%================================================================ %%% Help for engine_stored_pub_priv_keys* test cases %%% -- cgit v1.2.3