]> git.ipfire.org Git - thirdparty/openssl.git/blob - apps/lib/opt.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
APPS: Improve diagnostics on missing/extra args and unknown cipher/digest
[thirdparty/openssl.git] / apps / lib / opt.c
1 /*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * This file is also used by the test suite. Do not #include "apps.h".
12 */
13 #include "opt.h"
14 #include "fmt.h"
15 #include "app_libctx.h"
16 #include "internal/nelem.h"
17 #include "internal/numbers.h"
18 #include <string.h>
19 #if !defined(OPENSSL_SYS_MSDOS)
20 # include <unistd.h>
21 #endif
22
23 #include <stdlib.h>
24 #include <errno.h>
25 #include <ctype.h>
26 #include <limits.h>
27 #include <openssl/err.h>
28 #include <openssl/bio.h>
29 #include <openssl/x509v3.h>
30
31 #define MAX_OPT_HELP_WIDTH 30
32 const char OPT_HELP_STR[] = "-H";
33 const char OPT_MORE_STR[] = "-M";
34 const char OPT_SECTION_STR[] = "-S";
35 const char OPT_PARAM_STR[] = "-P";
36
37 /* Our state */
38 static char **argv;
39 static int argc;
40 static int opt_index;
41 static char *arg;
42 static char *flag;
43 static char *dunno;
44 static const OPTIONS *unknown;
45 static const OPTIONS *opts;
46 static char prog[40];
47
48 /*
49 * Return the simple name of the program; removing various platform gunk.
50 */
51 #if defined(OPENSSL_SYS_WIN32)
52
53 const char *opt_path_end(const char *filename)
54 {
55 const char *p;
56
57 /* find the last '/', '\' or ':' */
58 for (p = filename + strlen(filename); --p > filename; )
59 if (*p == '/' || *p == '\\' || *p == ':') {
60 p++;
61 break;
62 }
63 return p;
64 }
65
66 char *opt_progname(const char *argv0)
67 {
68 size_t i, n;
69 const char *p;
70 char *q;
71
72 p = opt_path_end(argv0);
73
74 /* Strip off trailing nonsense. */
75 n = strlen(p);
76 if (n > 4 &&
77 (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
78 n -= 4;
79
80 /* Copy over the name, in lowercase. */
81 if (n > sizeof(prog) - 1)
82 n = sizeof(prog) - 1;
83 for (q = prog, i = 0; i < n; i++, p++)
84 *q++ = tolower((unsigned char)*p);
85 *q = '\0';
86 return prog;
87 }
88
89 #elif defined(OPENSSL_SYS_VMS)
90
91 const char *opt_path_end(const char *filename)
92 {
93 const char *p;
94
95 /* Find last special character sys:[foo.bar]openssl */
96 for (p = filename + strlen(filename); --p > filename;)
97 if (*p == ':' || *p == ']' || *p == '>') {
98 p++;
99 break;
100 }
101 return p;
102 }
103
104 char *opt_progname(const char *argv0)
105 {
106 const char *p, *q;
107
108 /* Find last special character sys:[foo.bar]openssl */
109 p = opt_path_end(argv0);
110 q = strrchr(p, '.');
111 if (prog != p)
112 strncpy(prog, p, sizeof(prog) - 1);
113 prog[sizeof(prog) - 1] = '\0';
114 if (q != NULL && q - p < sizeof(prog))
115 prog[q - p] = '\0';
116 return prog;
117 }
118
119 #else
120
121 const char *opt_path_end(const char *filename)
122 {
123 const char *p;
124
125 /* Could use strchr, but this is like the ones above. */
126 for (p = filename + strlen(filename); --p > filename;)
127 if (*p == '/') {
128 p++;
129 break;
130 }
131 return p;
132 }
133
134 char *opt_progname(const char *argv0)
135 {
136 const char *p;
137
138 p = opt_path_end(argv0);
139 if (prog != p)
140 strncpy(prog, p, sizeof(prog) - 1);
141 prog[sizeof(prog) - 1] = '\0';
142 return prog;
143 }
144 #endif
145
146 char *opt_appname(const char *argv0)
147 {
148 size_t len = strlen(prog);
149
150 if (argv0 != NULL)
151 BIO_snprintf(prog + len, sizeof(prog) - len - 1, " %s", argv0);
152 return prog;
153 }
154
155 char *opt_getprog(void)
156 {
157 return prog;
158 }
159
160 /* Set up the arg parsing. */
161 char *opt_init(int ac, char **av, const OPTIONS *o)
162 {
163 /* Store state. */
164 argc = ac;
165 argv = av;
166 opt_begin();
167 opts = o;
168 unknown = NULL;
169
170 /* Make sure prog name is set for usage output */
171 (void)opt_progname(argv[0]);
172
173 /* Check all options up until the PARAM marker (if present) */
174 for (; o->name != NULL && o->name != OPT_PARAM_STR; ++o) {
175 #ifndef NDEBUG
176 const OPTIONS *next;
177 int duplicated, i;
178 #endif
179
180 if (o->name == OPT_HELP_STR
181 || o->name == OPT_MORE_STR
182 || o->name == OPT_SECTION_STR)
183 continue;
184 #ifndef NDEBUG
185 i = o->valtype;
186
187 /* Make sure options are legit. */
188 OPENSSL_assert(o->name[0] != '-');
189 if (o->valtype == '.')
190 OPENSSL_assert(o->retval == OPT_PARAM);
191 else
192 OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM);
193 switch (i) {
194 case 0: case '-': case '.':
195 case '/': case '<': case '>': case 'E': case 'F':
196 case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
197 case 'u': case 'c': case ':': case 'N':
198 break;
199 default:
200 OPENSSL_assert(0);
201 }
202
203 /* Make sure there are no duplicates. */
204 for (next = o + 1; next->name; ++next) {
205 /*
206 * Some compilers inline strcmp and the assert string is too long.
207 */
208 duplicated = next->retval != OPT_DUP
209 && strcmp(o->name, next->name) == 0;
210 if (duplicated) {
211 opt_printf_stderr("%s: Internal error: duplicate option %s\n",
212 prog, o->name);
213 OPENSSL_assert(!duplicated);
214 }
215 }
216 #endif
217 if (o->name[0] == '\0') {
218 OPENSSL_assert(unknown == NULL);
219 unknown = o;
220 OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
221 }
222 }
223 return prog;
224 }
225
226 static OPT_PAIR formats[] = {
227 {"PEM/DER", OPT_FMT_PEMDER},
228 {"pkcs12", OPT_FMT_PKCS12},
229 {"smime", OPT_FMT_SMIME},
230 {"engine", OPT_FMT_ENGINE},
231 {"msblob", OPT_FMT_MSBLOB},
232 {"nss", OPT_FMT_NSS},
233 {"text", OPT_FMT_TEXT},
234 {"http", OPT_FMT_HTTP},
235 {"pvk", OPT_FMT_PVK},
236 {NULL}
237 };
238
239 /* Print an error message about a failed format parse. */
240 static int opt_format_error(const char *s, unsigned long flags)
241 {
242 OPT_PAIR *ap;
243
244 if (flags == OPT_FMT_PEMDER) {
245 opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
246 prog, s);
247 } else {
248 opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
249 prog, s);
250 for (ap = formats; ap->name; ap++)
251 if (flags & ap->retval)
252 opt_printf_stderr(" %s\n", ap->name);
253 }
254 return 0;
255 }
256
257 /* Parse a format string, put it into *result; return 0 on failure, else 1. */
258 int opt_format(const char *s, unsigned long flags, int *result)
259 {
260 switch (*s) {
261 default:
262 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
263 return 0;
264 case 'D':
265 case 'd':
266 if ((flags & OPT_FMT_PEMDER) == 0)
267 return opt_format_error(s, flags);
268 *result = FORMAT_ASN1;
269 break;
270 case 'T':
271 case 't':
272 if ((flags & OPT_FMT_TEXT) == 0)
273 return opt_format_error(s, flags);
274 *result = FORMAT_TEXT;
275 break;
276 case 'N':
277 case 'n':
278 if ((flags & OPT_FMT_NSS) == 0)
279 return opt_format_error(s, flags);
280 if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
281 return opt_format_error(s, flags);
282 *result = FORMAT_NSS;
283 break;
284 case 'S':
285 case 's':
286 if ((flags & OPT_FMT_SMIME) == 0)
287 return opt_format_error(s, flags);
288 *result = FORMAT_SMIME;
289 break;
290 case 'M':
291 case 'm':
292 if ((flags & OPT_FMT_MSBLOB) == 0)
293 return opt_format_error(s, flags);
294 *result = FORMAT_MSBLOB;
295 break;
296 case 'E':
297 case 'e':
298 if ((flags & OPT_FMT_ENGINE) == 0)
299 return opt_format_error(s, flags);
300 *result = FORMAT_ENGINE;
301 break;
302 case 'H':
303 case 'h':
304 if ((flags & OPT_FMT_HTTP) == 0)
305 return opt_format_error(s, flags);
306 *result = FORMAT_HTTP;
307 break;
308 case '1':
309 if ((flags & OPT_FMT_PKCS12) == 0)
310 return opt_format_error(s, flags);
311 *result = FORMAT_PKCS12;
312 break;
313 case 'P':
314 case 'p':
315 if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
316 if ((flags & OPT_FMT_PEMDER) == 0)
317 return opt_format_error(s, flags);
318 *result = FORMAT_PEM;
319 } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
320 if ((flags & OPT_FMT_PVK) == 0)
321 return opt_format_error(s, flags);
322 *result = FORMAT_PVK;
323 } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
324 || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
325 if ((flags & OPT_FMT_PKCS12) == 0)
326 return opt_format_error(s, flags);
327 *result = FORMAT_PKCS12;
328 } else {
329 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
330 return 0;
331 }
332 break;
333 }
334 return 1;
335 }
336
337 /* Return string representing the given format. */
338 static const char *format2str(int format)
339 {
340 switch (format) {
341 default:
342 return "(undefined)";
343 case FORMAT_PEM:
344 return "PEM";
345 case FORMAT_ASN1:
346 return "DER";
347 case FORMAT_TEXT:
348 return "TEXT";
349 case FORMAT_NSS:
350 return "NSS";
351 case FORMAT_SMIME:
352 return "SMIME";
353 case FORMAT_MSBLOB:
354 return "MSBLOB";
355 case FORMAT_ENGINE:
356 return "ENGINE";
357 case FORMAT_HTTP:
358 return "HTTP";
359 case FORMAT_PKCS12:
360 return "P12";
361 case FORMAT_PVK:
362 return "PVK";
363 }
364 }
365
366 /* Print an error message about unsuitable/unsupported format requested. */
367 void print_format_error(int format, unsigned long flags)
368 {
369 (void)opt_format_error(format2str(format), flags);
370 }
371
372 /*
373 * Parse a cipher name, put it in *cipherp after freeing what was there, if
374 * cipherp is not NULL. Return 0 on failure, else 1.
375 */
376 int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp)
377 {
378 EVP_CIPHER *c;
379
380 ERR_set_mark();
381 if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name,
382 app_get0_propq())) != NULL
383 || (opt_legacy_okay()
384 && (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) {
385 ERR_pop_to_mark();
386 if (cipherp != NULL) {
387 EVP_CIPHER_free(*cipherp);
388 *cipherp = c;
389 } else {
390 EVP_CIPHER_free(c);
391 }
392 return 1;
393 }
394 ERR_clear_last_mark();
395 return 0;
396 }
397
398 int opt_cipher_any(const char *name, EVP_CIPHER **cipherp)
399 {
400 int ret;
401
402 if (name == NULL)
403 return 1;
404 if ((ret = opt_cipher_silent(name, cipherp)) == 0)
405 opt_printf_stderr("%s: Unknown option or cipher: %s\n", prog, name);
406 return ret;
407 }
408
409 int opt_cipher(const char *name, EVP_CIPHER **cipherp)
410 {
411 int mode, ret = 0;
412 unsigned long int flags;
413 EVP_CIPHER *c = NULL;
414
415 if (name == NULL)
416 return 1;
417 if (opt_cipher_any(name, &c)) {
418 mode = EVP_CIPHER_get_mode(c);
419 flags = EVP_CIPHER_get_flags(c);
420 if (mode == EVP_CIPH_XTS_MODE) {
421 opt_printf_stderr("%s XTS ciphers not supported\n", prog);
422 } else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
423 opt_printf_stderr("%s: AEAD ciphers not supported\n", prog);
424 } else {
425 ret = 1;
426 if (cipherp != NULL)
427 *cipherp = c;
428 }
429 }
430 return ret;
431 }
432
433 /*
434 * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
435 */
436 int opt_md_silent(const char *name, EVP_MD **mdp)
437 {
438 EVP_MD *md;
439
440 ERR_set_mark();
441 if ((md = EVP_MD_fetch(app_get0_libctx(), name, app_get0_propq())) != NULL
442 || (opt_legacy_okay()
443 && (md = (EVP_MD *)EVP_get_digestbyname(name)) != NULL)) {
444 ERR_pop_to_mark();
445 if (mdp != NULL) {
446 EVP_MD_free(*mdp);
447 *mdp = md;
448 } else {
449 EVP_MD_free(md);
450 }
451 return 1;
452 }
453 ERR_clear_last_mark();
454 return 0;
455 }
456
457 int opt_md(const char *name, EVP_MD **mdp)
458 {
459 int ret;
460
461 if (name == NULL)
462 return 1;
463 if ((ret = opt_md_silent(name, mdp)) == 0)
464 opt_printf_stderr("%s: Unknown option or message digest: %s\n",
465 prog, name);
466 return ret;
467 }
468
469 int opt_check_md(const char *name)
470 {
471 if (opt_md(name, NULL))
472 return 1;
473 ERR_clear_error();
474 return 0;
475 }
476
477 /* Look through a list of name/value pairs. */
478 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
479 {
480 const OPT_PAIR *pp;
481
482 for (pp = pairs; pp->name; pp++)
483 if (strcmp(pp->name, name) == 0) {
484 *result = pp->retval;
485 return 1;
486 }
487 opt_printf_stderr("%s: Value must be one of:\n", prog);
488 for (pp = pairs; pp->name; pp++)
489 opt_printf_stderr("\t%s\n", pp->name);
490 return 0;
491 }
492
493 /* Look through a list of valid names */
494 int opt_string(const char *name, const char **options)
495 {
496 const char **p;
497
498 for (p = options; *p != NULL; p++)
499 if (strcmp(*p, name) == 0)
500 return 1;
501 opt_printf_stderr("%s: Value must be one of:\n", prog);
502 for (p = options; *p != NULL; p++)
503 opt_printf_stderr("\t%s\n", *p);
504 return 0;
505 }
506
507 /* Parse an int, put it into *result; return 0 on failure, else 1. */
508 int opt_int(const char *value, int *result)
509 {
510 long l;
511
512 if (!opt_long(value, &l))
513 return 0;
514 *result = (int)l;
515 if (*result != l) {
516 opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
517 prog, value);
518 return 0;
519 }
520 return 1;
521 }
522
523 /* Parse and return an integer, assuming range has been checked before. */
524 int opt_int_arg(void)
525 {
526 int result = -1;
527
528 (void)opt_int(arg, &result);
529 return result;
530 }
531
532 static void opt_number_error(const char *v)
533 {
534 size_t i = 0;
535 struct strstr_pair_st {
536 char *prefix;
537 char *name;
538 } b[] = {
539 {"0x", "a hexadecimal"},
540 {"0X", "a hexadecimal"},
541 {"0", "an octal"}
542 };
543
544 for (i = 0; i < OSSL_NELEM(b); i++) {
545 if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
546 opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
547 prog, v, b[i].name);
548 return;
549 }
550 }
551 opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
552 return;
553 }
554
555 /* Parse a long, put it into *result; return 0 on failure, else 1. */
556 int opt_long(const char *value, long *result)
557 {
558 int oerrno = errno;
559 long l;
560 char *endp;
561
562 errno = 0;
563 l = strtol(value, &endp, 0);
564 if (*endp
565 || endp == value
566 || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
567 || (l == 0 && errno != 0)) {
568 opt_number_error(value);
569 errno = oerrno;
570 return 0;
571 }
572 *result = l;
573 errno = oerrno;
574 return 1;
575 }
576
577 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
578 defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
579 !defined(OPENSSL_NO_INTTYPES_H)
580
581 /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
582 int opt_intmax(const char *value, ossl_intmax_t *result)
583 {
584 int oerrno = errno;
585 intmax_t m;
586 char *endp;
587
588 errno = 0;
589 m = strtoimax(value, &endp, 0);
590 if (*endp
591 || endp == value
592 || ((m == INTMAX_MAX || m == INTMAX_MIN)
593 && errno == ERANGE)
594 || (m == 0 && errno != 0)) {
595 opt_number_error(value);
596 errno = oerrno;
597 return 0;
598 }
599 /* Ensure that the value in |m| is never too big for |*result| */
600 if (sizeof(m) > sizeof(*result)
601 && (m < OSSL_INTMAX_MIN || m > OSSL_INTMAX_MAX)) {
602 opt_number_error(value);
603 return 0;
604 }
605 *result = (ossl_intmax_t)m;
606 errno = oerrno;
607 return 1;
608 }
609
610 /* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
611 int opt_uintmax(const char *value, ossl_uintmax_t *result)
612 {
613 int oerrno = errno;
614 uintmax_t m;
615 char *endp;
616
617 errno = 0;
618 m = strtoumax(value, &endp, 0);
619 if (*endp
620 || endp == value
621 || (m == UINTMAX_MAX && errno == ERANGE)
622 || (m == 0 && errno != 0)) {
623 opt_number_error(value);
624 errno = oerrno;
625 return 0;
626 }
627 /* Ensure that the value in |m| is never too big for |*result| */
628 if (sizeof(m) > sizeof(*result)
629 && m > OSSL_UINTMAX_MAX) {
630 opt_number_error(value);
631 return 0;
632 }
633 *result = (ossl_intmax_t)m;
634 errno = oerrno;
635 return 1;
636 }
637 #else
638 /* Fallback implementations based on long */
639 int opt_intmax(const char *value, ossl_intmax_t *result)
640 {
641 long m;
642 int ret;
643
644 if ((ret = opt_long(value, &m)))
645 *result = m;
646 return ret;
647 }
648
649 int opt_uintmax(const char *value, ossl_uintmax_t *result)
650 {
651 unsigned long m;
652 int ret;
653
654 if ((ret = opt_ulong(value, &m)))
655 *result = m;
656 return ret;
657 }
658 #endif
659
660 /*
661 * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
662 */
663 int opt_ulong(const char *value, unsigned long *result)
664 {
665 int oerrno = errno;
666 char *endptr;
667 unsigned long l;
668
669 errno = 0;
670 l = strtoul(value, &endptr, 0);
671 if (*endptr
672 || endptr == value
673 || ((l == ULONG_MAX) && errno == ERANGE)
674 || (l == 0 && errno != 0)) {
675 opt_number_error(value);
676 errno = oerrno;
677 return 0;
678 }
679 *result = l;
680 errno = oerrno;
681 return 1;
682 }
683
684 /*
685 * We pass opt as an int but cast it to "enum range" so that all the
686 * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
687 * in gcc do the right thing.
688 */
689 enum range { OPT_V_ENUM };
690
691 int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
692 {
693 int i;
694 ossl_intmax_t t = 0;
695 ASN1_OBJECT *otmp;
696 X509_PURPOSE *xptmp;
697 const X509_VERIFY_PARAM *vtmp;
698
699 OPENSSL_assert(vpm != NULL);
700 OPENSSL_assert(opt > OPT_V__FIRST);
701 OPENSSL_assert(opt < OPT_V__LAST);
702
703 switch ((enum range)opt) {
704 case OPT_V__FIRST:
705 case OPT_V__LAST:
706 return 0;
707 case OPT_V_POLICY:
708 otmp = OBJ_txt2obj(opt_arg(), 0);
709 if (otmp == NULL) {
710 opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
711 return 0;
712 }
713 X509_VERIFY_PARAM_add0_policy(vpm, otmp);
714 break;
715 case OPT_V_PURPOSE:
716 /* purpose name -> purpose index */
717 i = X509_PURPOSE_get_by_sname(opt_arg());
718 if (i < 0) {
719 opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
720 return 0;
721 }
722
723 /* purpose index -> purpose object */
724 xptmp = X509_PURPOSE_get0(i);
725
726 /* purpose object -> purpose value */
727 i = X509_PURPOSE_get_id(xptmp);
728
729 if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
730 opt_printf_stderr("%s: Internal error setting purpose %s\n",
731 prog, opt_arg());
732 return 0;
733 }
734 break;
735 case OPT_V_VERIFY_NAME:
736 vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
737 if (vtmp == NULL) {
738 opt_printf_stderr("%s: Invalid verify name %s\n",
739 prog, opt_arg());
740 return 0;
741 }
742 X509_VERIFY_PARAM_set1(vpm, vtmp);
743 break;
744 case OPT_V_VERIFY_DEPTH:
745 i = atoi(opt_arg());
746 if (i >= 0)
747 X509_VERIFY_PARAM_set_depth(vpm, i);
748 break;
749 case OPT_V_VERIFY_AUTH_LEVEL:
750 i = atoi(opt_arg());
751 if (i >= 0)
752 X509_VERIFY_PARAM_set_auth_level(vpm, i);
753 break;
754 case OPT_V_ATTIME:
755 if (!opt_intmax(opt_arg(), &t))
756 return 0;
757 if (t != (time_t)t) {
758 opt_printf_stderr("%s: epoch time out of range %s\n",
759 prog, opt_arg());
760 return 0;
761 }
762 X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
763 break;
764 case OPT_V_VERIFY_HOSTNAME:
765 if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
766 return 0;
767 break;
768 case OPT_V_VERIFY_EMAIL:
769 if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
770 return 0;
771 break;
772 case OPT_V_VERIFY_IP:
773 if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
774 return 0;
775 break;
776 case OPT_V_IGNORE_CRITICAL:
777 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
778 break;
779 case OPT_V_ISSUER_CHECKS:
780 /* NOP, deprecated */
781 break;
782 case OPT_V_CRL_CHECK:
783 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
784 break;
785 case OPT_V_CRL_CHECK_ALL:
786 X509_VERIFY_PARAM_set_flags(vpm,
787 X509_V_FLAG_CRL_CHECK |
788 X509_V_FLAG_CRL_CHECK_ALL);
789 break;
790 case OPT_V_POLICY_CHECK:
791 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
792 break;
793 case OPT_V_EXPLICIT_POLICY:
794 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
795 break;
796 case OPT_V_INHIBIT_ANY:
797 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
798 break;
799 case OPT_V_INHIBIT_MAP:
800 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
801 break;
802 case OPT_V_X509_STRICT:
803 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
804 break;
805 case OPT_V_EXTENDED_CRL:
806 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
807 break;
808 case OPT_V_USE_DELTAS:
809 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
810 break;
811 case OPT_V_POLICY_PRINT:
812 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
813 break;
814 case OPT_V_CHECK_SS_SIG:
815 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
816 break;
817 case OPT_V_TRUSTED_FIRST:
818 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
819 break;
820 case OPT_V_SUITEB_128_ONLY:
821 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
822 break;
823 case OPT_V_SUITEB_128:
824 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
825 break;
826 case OPT_V_SUITEB_192:
827 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
828 break;
829 case OPT_V_PARTIAL_CHAIN:
830 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
831 break;
832 case OPT_V_NO_ALT_CHAINS:
833 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
834 break;
835 case OPT_V_NO_CHECK_TIME:
836 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
837 break;
838 case OPT_V_ALLOW_PROXY_CERTS:
839 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
840 break;
841 }
842 return 1;
843
844 }
845
846 void opt_begin(void)
847 {
848 opt_index = 1;
849 arg = NULL;
850 flag = NULL;
851 }
852
853 /*
854 * Parse the next flag (and value if specified), return 0 if done, -1 on
855 * error, otherwise the flag's retval.
856 */
857 int opt_next(void)
858 {
859 char *p;
860 const OPTIONS *o;
861 int ival;
862 long lval;
863 unsigned long ulval;
864 ossl_intmax_t imval;
865 ossl_uintmax_t umval;
866
867 /* Look at current arg; at end of the list? */
868 arg = NULL;
869 p = argv[opt_index];
870 if (p == NULL)
871 return 0;
872
873 /* If word doesn't start with a -, we're done. */
874 if (*p != '-')
875 return 0;
876
877 /* Hit "--" ? We're done. */
878 opt_index++;
879 if (strcmp(p, "--") == 0)
880 return 0;
881
882 /* Allow -nnn and --nnn */
883 if (*++p == '-')
884 p++;
885 flag = p - 1;
886
887 /* If we have --flag=foo, snip it off */
888 if ((arg = strchr(p, '=')) != NULL)
889 *arg++ = '\0';
890 for (o = opts; o->name; ++o) {
891 /* If not this option, move on to the next one. */
892 if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0)
893 && strcmp(p, o->name) != 0)
894 continue;
895
896 /* If it doesn't take a value, make sure none was given. */
897 if (o->valtype == 0 || o->valtype == '-') {
898 if (arg) {
899 opt_printf_stderr("%s: Option -%s does not take a value\n",
900 prog, p);
901 return -1;
902 }
903 return o->retval;
904 }
905
906 /* Want a value; get the next param if =foo not used. */
907 if (arg == NULL) {
908 if (argv[opt_index] == NULL) {
909 opt_printf_stderr("%s: Option -%s needs a value\n",
910 prog, o->name);
911 return -1;
912 }
913 arg = argv[opt_index++];
914 }
915
916 /* Syntax-check value. */
917 switch (o->valtype) {
918 default:
919 case 's':
920 case ':':
921 /* Just a string. */
922 break;
923 case '.':
924 /* Parameters */
925 break;
926 case '/':
927 if (opt_isdir(arg) > 0)
928 break;
929 opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
930 return -1;
931 case '<':
932 /* Input file. */
933 break;
934 case '>':
935 /* Output file. */
936 break;
937 case 'p':
938 case 'n':
939 case 'N':
940 if (!opt_int(arg, &ival))
941 return -1;
942 if (o->valtype == 'p' && ival <= 0) {
943 opt_printf_stderr("%s: Non-positive number \"%s\" for option -%s\n",
944 prog, arg, o->name);
945 return -1;
946 }
947 if (o->valtype == 'N' && ival < 0) {
948 opt_printf_stderr("%s: Negative number \"%s\" for option -%s\n",
949 prog, arg, o->name);
950 return -1;
951 }
952 break;
953 case 'M':
954 if (!opt_intmax(arg, &imval))
955 return -1;
956 break;
957 case 'U':
958 if (!opt_uintmax(arg, &umval))
959 return -1;
960 break;
961 case 'l':
962 if (!opt_long(arg, &lval))
963 return -1;
964 break;
965 case 'u':
966 if (!opt_ulong(arg, &ulval))
967 return -1;
968 break;
969 case 'c':
970 case 'E':
971 case 'F':
972 case 'f':
973 if (opt_format(arg,
974 o->valtype == 'c' ? OPT_FMT_PDS :
975 o->valtype == 'E' ? OPT_FMT_PDE :
976 o->valtype == 'F' ? OPT_FMT_PEMDER
977 : OPT_FMT_ANY, &ival))
978 break;
979 opt_printf_stderr("%s: Invalid format \"%s\" for option -%s\n",
980 prog, arg, o->name);
981 return -1;
982 }
983
984 /* Return the flag value. */
985 return o->retval;
986 }
987 if (unknown != NULL) {
988 dunno = p;
989 return unknown->retval;
990 }
991 opt_printf_stderr("%s: Unknown option: -%s\n", prog, p);
992 return -1;
993 }
994
995 /* Return the most recent flag parameter. */
996 char *opt_arg(void)
997 {
998 return arg;
999 }
1000
1001 /* Return the most recent flag (option name including the preceding '-'). */
1002 char *opt_flag(void)
1003 {
1004 return flag;
1005 }
1006
1007 /* Return the unknown option. */
1008 char *opt_unknown(void)
1009 {
1010 return dunno;
1011 }
1012
1013 /* Return the rest of the arguments after parsing flags. */
1014 char **opt_rest(void)
1015 {
1016 return &argv[opt_index];
1017 }
1018
1019 /* How many items in remaining args? */
1020 int opt_num_rest(void)
1021 {
1022 int i = 0;
1023 char **pp;
1024
1025 for (pp = opt_rest(); *pp; pp++, i++)
1026 continue;
1027 return i;
1028 }
1029
1030 int opt_check_rest_arg(const char *expected)
1031 {
1032 char *opt = *opt_rest();
1033
1034 if (opt == NULL || *opt == '\0') {
1035 if (expected == NULL)
1036 return 1;
1037 opt_printf_stderr("%s: Missing argument: %s\n", prog, expected);
1038 return 0;
1039 } else if (expected != NULL) {
1040 return 1;
1041 }
1042 if (opt_unknown() == NULL)
1043 opt_printf_stderr("%s: Extra option: \"%s\"\n", prog, opt);
1044 else
1045 opt_printf_stderr("%s: Extra (unknown) options: \"%s\" \"%s\"\n",
1046 prog, opt_unknown(), opt != NULL ? opt : "");
1047 return 0;
1048 }
1049
1050 /* Return a string describing the parameter type. */
1051 static const char *valtype2param(const OPTIONS *o)
1052 {
1053 switch (o->valtype) {
1054 case 0:
1055 case '-':
1056 return "";
1057 case ':':
1058 return "uri";
1059 case 's':
1060 return "val";
1061 case '/':
1062 return "dir";
1063 case '<':
1064 return "infile";
1065 case '>':
1066 return "outfile";
1067 case 'p':
1068 return "+int";
1069 case 'n':
1070 return "int";
1071 case 'l':
1072 return "long";
1073 case 'u':
1074 return "ulong";
1075 case 'E':
1076 return "PEM|DER|ENGINE";
1077 case 'F':
1078 return "PEM|DER";
1079 case 'f':
1080 return "format";
1081 case 'M':
1082 return "intmax";
1083 case 'N':
1084 return "nonneg";
1085 case 'U':
1086 return "uintmax";
1087 }
1088 return "parm";
1089 }
1090
1091 static void opt_print(const OPTIONS *o, int doingparams, int width)
1092 {
1093 const char* help;
1094 char start[80 + 1];
1095 char *p;
1096
1097 help = o->helpstr ? o->helpstr : "(No additional info)";
1098 if (o->name == OPT_HELP_STR) {
1099 opt_printf_stderr(help, prog);
1100 return;
1101 }
1102 if (o->name == OPT_SECTION_STR) {
1103 opt_printf_stderr("\n");
1104 opt_printf_stderr(help, prog);
1105 return;
1106 }
1107 if (o->name == OPT_PARAM_STR) {
1108 opt_printf_stderr("\nParameters:\n");
1109 return;
1110 }
1111
1112 /* Pad out prefix */
1113 memset(start, ' ', sizeof(start) - 1);
1114 start[sizeof(start) - 1] = '\0';
1115
1116 if (o->name == OPT_MORE_STR) {
1117 /* Continuation of previous line; pad and print. */
1118 start[width] = '\0';
1119 opt_printf_stderr("%s %s\n", start, help);
1120 return;
1121 }
1122
1123 /* Build up the "-flag [param]" part. */
1124 p = start;
1125 *p++ = ' ';
1126 if (!doingparams)
1127 *p++ = '-';
1128 if (o->name[0])
1129 p += strlen(strcpy(p, o->name));
1130 else
1131 *p++ = '*';
1132 if (o->valtype != '-') {
1133 *p++ = ' ';
1134 p += strlen(strcpy(p, valtype2param(o)));
1135 }
1136 *p = ' ';
1137 if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
1138 *p = '\0';
1139 opt_printf_stderr("%s\n", start);
1140 memset(start, ' ', sizeof(start));
1141 }
1142 start[width] = '\0';
1143 opt_printf_stderr("%s %s\n", start, help);
1144 }
1145
1146 void opt_help(const OPTIONS *list)
1147 {
1148 const OPTIONS *o;
1149 int i, sawparams = 0, width = 5;
1150 int standard_prolog;
1151 char start[80 + 1];
1152
1153 /* Starts with its own help message? */
1154 standard_prolog = list[0].name != OPT_HELP_STR;
1155
1156 /* Find the widest help. */
1157 for (o = list; o->name; o++) {
1158 if (o->name == OPT_MORE_STR)
1159 continue;
1160 i = 2 + (int)strlen(o->name);
1161 if (o->valtype != '-')
1162 i += 1 + strlen(valtype2param(o));
1163 if (i < MAX_OPT_HELP_WIDTH && i > width)
1164 width = i;
1165 OPENSSL_assert(i < (int)sizeof(start));
1166 }
1167
1168 if (standard_prolog) {
1169 opt_printf_stderr("Usage: %s [options]\n", prog);
1170 if (list[0].name != OPT_SECTION_STR)
1171 opt_printf_stderr("Valid options are:\n", prog);
1172 }
1173
1174 /* Now let's print. */
1175 for (o = list; o->name; o++) {
1176 if (o->name == OPT_PARAM_STR)
1177 sawparams = 1;
1178 opt_print(o, sawparams, width);
1179 }
1180 }
1181
1182 /* opt_isdir section */
1183 #ifdef _WIN32
1184 # include <windows.h>
1185 int opt_isdir(const char *name)
1186 {
1187 DWORD attr;
1188 # if defined(UNICODE) || defined(_UNICODE)
1189 size_t i, len_0 = strlen(name) + 1;
1190 WCHAR tempname[MAX_PATH];
1191
1192 if (len_0 > MAX_PATH)
1193 return -1;
1194
1195 # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
1196 if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
1197 # endif
1198 for (i = 0; i < len_0; i++)
1199 tempname[i] = (WCHAR)name[i];
1200
1201 attr = GetFileAttributes(tempname);
1202 # else
1203 attr = GetFileAttributes(name);
1204 # endif
1205 if (attr == INVALID_FILE_ATTRIBUTES)
1206 return -1;
1207 return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1208 }
1209 #else
1210 # include <sys/stat.h>
1211 # ifndef S_ISDIR
1212 # if defined(_S_IFMT) && defined(_S_IFDIR)
1213 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
1214 # else
1215 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
1216 # endif
1217 # endif
1218
1219 int opt_isdir(const char *name)
1220 {
1221 # if defined(S_ISDIR)
1222 struct stat st;
1223
1224 if (stat(name, &st) == 0)
1225 return S_ISDIR(st.st_mode);
1226 else
1227 return -1;
1228 # else
1229 return -1;
1230 # endif
1231 }
1232 #endif
A mirror of the official openssl repository