From 323c47532ea7fc79d5e28a0fa58ea0cc4d5196b8 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 27 Jan 2023 14:31:45 +0100 Subject: [PATCH] APPS/{storeutl,gendsa}: give error on extra arguments, improve doc Point out that options must be given before the final file/URI arg. Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/20156) --- apps/lib/opt.c | 9 +++++++-- doc/man1/openssl-gendsa.pod.in | 2 ++ doc/man1/openssl-storeutl.pod.in | 6 ++++-- test/recipes/15-test_gendsa.t | 10 +++++++++- test/recipes/90-test_store.t | 10 +++++++++- 5 files changed, 31 insertions(+), 6 deletions(-) diff --git a/apps/lib/opt.c b/apps/lib/opt.c index df9152d77b3..338a5a8674b 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -1054,8 +1054,13 @@ int opt_check_rest_arg(const char *expected) opt_printf_stderr("%s: Missing argument: %s\n", prog, expected); return 0; } - if (expected != NULL) - return 1; + if (expected != NULL) { + opt = argv[opt_index + 1]; + if (opt == NULL || *opt == '\0') + return 1; + opt_printf_stderr("%s: Extra argument after %s: \"%s\"\n", prog, expected, opt); + return 0; + } if (opt_unknown() == NULL) opt_printf_stderr("%s: Extra option: \"%s\"\n", prog, opt); else diff --git a/doc/man1/openssl-gendsa.pod.in b/doc/man1/openssl-gendsa.pod.in index f9352b72bee..41b5a6fbef8 100644 --- a/doc/man1/openssl-gendsa.pod.in +++ b/doc/man1/openssl-gendsa.pod.in @@ -58,6 +58,8 @@ These options encrypt the private key with specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used. +Note that all options must be given before the I argument. + =item B<-verbose> Print extra details about the operations being performed. diff --git a/doc/man1/openssl-storeutl.pod.in b/doc/man1/openssl-storeutl.pod.in index 80dc7e36c8f..554e1a687b8 100644 --- a/doc/man1/openssl-storeutl.pod.in +++ b/doc/man1/openssl-storeutl.pod.in @@ -28,12 +28,12 @@ B B [B<-fingerprint> I] [B<-I>] {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} -I ... +I =head1 DESCRIPTION This command can be used to display the contents (after -decryption as the case may be) fetched from the given URIs. +decryption as the case may be) fetched from the given URI. =head1 OPTIONS @@ -76,6 +76,8 @@ Only select the certificates, keys or CRLs from the given URI. However, if this URI would return a set of names (URIs), those are always returned. +Note that all options must be given before the I argument. + =item B<-subject> I Search for an object having the subject name I. diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t index b495b08bda5..00423ce12fa 100644 --- a/test/recipes/15-test_gendsa.t +++ b/test/recipes/15-test_gendsa.t @@ -28,7 +28,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => ($no_fips ? 0 : 2) # FIPS related tests - + 11; + + 13; ok(run(app([ 'openssl', 'genpkey', '-genparam', '-algorithm', 'DSA', @@ -107,6 +107,14 @@ ok(!run(app([ 'openssl', 'genpkey', '-algorithm', 'DSA'])), "genpkey DSA with no params should fail"); +ok(run(app(["openssl", "gendsa", "-verbose", + 'dsagen.pem'])), + "gendsa with -verbose option and dsagen parameter"); + +ok(!run(app(["openssl", "gendsa", + 'dsagen.pem', "-verbose"])), + "gendsa with extra parameter (at end) should fail"); + unless ($no_fips) { my $provconf = srctop_file("test", "fips-and-base.cnf"); my $provpath = bldtop_dir("providers"); diff --git a/test/recipes/90-test_store.t b/test/recipes/90-test_store.t index 3af8178e890..c0bf1d1bb0a 100644 --- a/test/recipes/90-test_store.t +++ b/test/recipes/90-test_store.t @@ -106,7 +106,7 @@ push @methods, [ @prov_method ]; push @methods, [qw(-engine loader_attic)] unless disabled('loadereng'); -my $n = scalar @methods +my $n = 2 + scalar @methods * ( (3 * scalar @noexist_files) + (6 * scalar @src_files) + (2 * scalar @data_files) @@ -131,6 +131,14 @@ plan skip_all => "No plan" if $n == 0; plan tests => $n; +my $test_x509 = srctop_file('test', 'testx509.pem'); + +ok(run(app(["openssl", "storeutl", "-crls", $test_x509])), + "storeutil with -crls option"); + +ok(!run(app(["openssl", "storeutl", $test_x509, "-crls"])), + "storeutil with extra parameter (at end) should fail"); + indir "store_$$" => sub { if ($do_test_ossltest_store) { # ossltest loads PEM files, with names prefixed with 'ot:'. -- 2.47.2