VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/apps/lib/opt.c@ 106683

Last change on this file since 106683 was 104078, checked in by vboxsync, 12 months ago

openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 31.1 KB
Line 
1/*
2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * This file is also used by the test suite. Do not #include "apps.h".
12 */
13#include "opt.h"
14#include "fmt.h"
15#include "app_libctx.h"
16#include "internal/nelem.h"
17#include "internal/numbers.h"
18#include <string.h>
19#if !defined(OPENSSL_SYS_MSDOS)
20# include <unistd.h>
21#endif
22
23#include <stdlib.h>
24#include <errno.h>
25#include <ctype.h>
26#include <limits.h>
27#include <openssl/err.h>
28#include <openssl/bio.h>
29#include <openssl/x509v3.h>
30
31#define MAX_OPT_HELP_WIDTH 30
32const char OPT_HELP_STR[] = "-H";
33const char OPT_MORE_STR[] = "-M";
34const char OPT_SECTION_STR[] = "-S";
35const char OPT_PARAM_STR[] = "-P";
36
37/* Our state */
38static char **argv;
39static int argc;
40static int opt_index;
41static char *arg;
42static char *flag;
43static char *dunno;
44static const OPTIONS *unknown;
45static const OPTIONS *opts;
46static char prog[40];
47
48/*
49 * Return the simple name of the program; removing various platform gunk.
50 */
51#if defined(OPENSSL_SYS_WIN32)
52
53const char *opt_path_end(const char *filename)
54{
55 const char *p;
56
57 /* find the last '/', '\' or ':' */
58 for (p = filename + strlen(filename); --p > filename; )
59 if (*p == '/' || *p == '\\' || *p == ':') {
60 p++;
61 break;
62 }
63 return p;
64}
65
66char *opt_progname(const char *argv0)
67{
68 size_t i, n;
69 const char *p;
70 char *q;
71
72 p = opt_path_end(argv0);
73
74 /* Strip off trailing nonsense. */
75 n = strlen(p);
76 if (n > 4 &&
77 (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
78 n -= 4;
79
80 /* Copy over the name, in lowercase. */
81 if (n > sizeof(prog) - 1)
82 n = sizeof(prog) - 1;
83 for (q = prog, i = 0; i < n; i++, p++)
84 *q++ = tolower((unsigned char)*p);
85 *q = '\0';
86 return prog;
87}
88
89#elif defined(OPENSSL_SYS_VMS)
90
91const char *opt_path_end(const char *filename)
92{
93 const char *p;
94
95 /* Find last special character sys:[foo.bar]openssl */
96 for (p = filename + strlen(filename); --p > filename;)
97 if (*p == ':' || *p == ']' || *p == '>') {
98 p++;
99 break;
100 }
101 return p;
102}
103
104char *opt_progname(const char *argv0)
105{
106 const char *p, *q;
107
108 /* Find last special character sys:[foo.bar]openssl */
109 p = opt_path_end(argv0);
110 q = strrchr(p, '.');
111 if (prog != p)
112 strncpy(prog, p, sizeof(prog) - 1);
113 prog[sizeof(prog) - 1] = '\0';
114 if (q != NULL && q - p < sizeof(prog))
115 prog[q - p] = '\0';
116 return prog;
117}
118
119#else
120
121const char *opt_path_end(const char *filename)
122{
123 const char *p;
124
125 /* Could use strchr, but this is like the ones above. */
126 for (p = filename + strlen(filename); --p > filename;)
127 if (*p == '/') {
128 p++;
129 break;
130 }
131 return p;
132}
133
134char *opt_progname(const char *argv0)
135{
136 const char *p;
137
138 p = opt_path_end(argv0);
139 if (prog != p)
140 strncpy(prog, p, sizeof(prog) - 1);
141 prog[sizeof(prog) - 1] = '\0';
142 return prog;
143}
144#endif
145
146char *opt_appname(const char *argv0)
147{
148 size_t len = strlen(prog);
149
150 if (argv0 != NULL)
151 BIO_snprintf(prog + len, sizeof(prog) - len - 1, " %s", argv0);
152 return prog;
153}
154
155char *opt_getprog(void)
156{
157 return prog;
158}
159
160/* Set up the arg parsing. */
161char *opt_init(int ac, char **av, const OPTIONS *o)
162{
163 /* Store state. */
164 argc = ac;
165 argv = av;
166 opt_begin();
167 opts = o;
168 unknown = NULL;
169
170 /* Make sure prog name is set for usage output */
171 (void)opt_progname(argv[0]);
172
173 /* Check all options up until the PARAM marker (if present) */
174 for (; o->name != NULL && o->name != OPT_PARAM_STR; ++o) {
175#ifndef NDEBUG
176 const OPTIONS *next;
177 int duplicated, i;
178#endif
179
180 if (o->name == OPT_HELP_STR
181 || o->name == OPT_MORE_STR
182 || o->name == OPT_SECTION_STR)
183 continue;
184#ifndef NDEBUG
185 i = o->valtype;
186
187 /* Make sure options are legit. */
188 OPENSSL_assert(o->name[0] != '-');
189 if (o->valtype == '.')
190 OPENSSL_assert(o->retval == OPT_PARAM);
191 else
192 OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM);
193 switch (i) {
194 case 0: case '-': case '.':
195 case '/': case '<': case '>': case 'E': case 'F':
196 case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
197 case 'u': case 'c': case ':': case 'N':
198 break;
199 default:
200 OPENSSL_assert(0);
201 }
202
203 /* Make sure there are no duplicates. */
204 for (next = o + 1; next->name; ++next) {
205 /*
206 * Some compilers inline strcmp and the assert string is too long.
207 */
208 duplicated = next->retval != OPT_DUP
209 && strcmp(o->name, next->name) == 0;
210 if (duplicated) {
211 opt_printf_stderr("%s: Internal error: duplicate option %s\n",
212 prog, o->name);
213 OPENSSL_assert(!duplicated);
214 }
215 }
216#endif
217 if (o->name[0] == '\0') {
218 OPENSSL_assert(unknown == NULL);
219 unknown = o;
220 OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
221 }
222 }
223 return prog;
224}
225
226static OPT_PAIR formats[] = {
227 {"PEM/DER", OPT_FMT_PEMDER},
228 {"pkcs12", OPT_FMT_PKCS12},
229 {"smime", OPT_FMT_SMIME},
230 {"engine", OPT_FMT_ENGINE},
231 {"msblob", OPT_FMT_MSBLOB},
232 {"nss", OPT_FMT_NSS},
233 {"text", OPT_FMT_TEXT},
234 {"http", OPT_FMT_HTTP},
235 {"pvk", OPT_FMT_PVK},
236 {NULL}
237};
238
239/* Print an error message about a failed format parse. */
240static int opt_format_error(const char *s, unsigned long flags)
241{
242 OPT_PAIR *ap;
243
244 if (flags == OPT_FMT_PEMDER) {
245 opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
246 prog, s);
247 } else {
248 opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
249 prog, s);
250 for (ap = formats; ap->name; ap++)
251 if (flags & ap->retval)
252 opt_printf_stderr(" %s\n", ap->name);
253 }
254 return 0;
255}
256
257/* Parse a format string, put it into *result; return 0 on failure, else 1. */
258int opt_format(const char *s, unsigned long flags, int *result)
259{
260 switch (*s) {
261 default:
262 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
263 return 0;
264 case 'D':
265 case 'd':
266 if ((flags & OPT_FMT_PEMDER) == 0)
267 return opt_format_error(s, flags);
268 *result = FORMAT_ASN1;
269 break;
270 case 'T':
271 case 't':
272 if ((flags & OPT_FMT_TEXT) == 0)
273 return opt_format_error(s, flags);
274 *result = FORMAT_TEXT;
275 break;
276 case 'N':
277 case 'n':
278 if ((flags & OPT_FMT_NSS) == 0)
279 return opt_format_error(s, flags);
280 if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
281 return opt_format_error(s, flags);
282 *result = FORMAT_NSS;
283 break;
284 case 'S':
285 case 's':
286 if ((flags & OPT_FMT_SMIME) == 0)
287 return opt_format_error(s, flags);
288 *result = FORMAT_SMIME;
289 break;
290 case 'M':
291 case 'm':
292 if ((flags & OPT_FMT_MSBLOB) == 0)
293 return opt_format_error(s, flags);
294 *result = FORMAT_MSBLOB;
295 break;
296 case 'E':
297 case 'e':
298 if ((flags & OPT_FMT_ENGINE) == 0)
299 return opt_format_error(s, flags);
300 *result = FORMAT_ENGINE;
301 break;
302 case 'H':
303 case 'h':
304 if ((flags & OPT_FMT_HTTP) == 0)
305 return opt_format_error(s, flags);
306 *result = FORMAT_HTTP;
307 break;
308 case '1':
309 if ((flags & OPT_FMT_PKCS12) == 0)
310 return opt_format_error(s, flags);
311 *result = FORMAT_PKCS12;
312 break;
313 case 'P':
314 case 'p':
315 if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
316 if ((flags & OPT_FMT_PEMDER) == 0)
317 return opt_format_error(s, flags);
318 *result = FORMAT_PEM;
319 } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
320 if ((flags & OPT_FMT_PVK) == 0)
321 return opt_format_error(s, flags);
322 *result = FORMAT_PVK;
323 } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
324 || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
325 if ((flags & OPT_FMT_PKCS12) == 0)
326 return opt_format_error(s, flags);
327 *result = FORMAT_PKCS12;
328 } else {
329 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
330 return 0;
331 }
332 break;
333 }
334 return 1;
335}
336
337/* Return string representing the given format. */
338static const char *format2str(int format)
339{
340 switch (format) {
341 default:
342 return "(undefined)";
343 case FORMAT_PEM:
344 return "PEM";
345 case FORMAT_ASN1:
346 return "DER";
347 case FORMAT_TEXT:
348 return "TEXT";
349 case FORMAT_NSS:
350 return "NSS";
351 case FORMAT_SMIME:
352 return "SMIME";
353 case FORMAT_MSBLOB:
354 return "MSBLOB";
355 case FORMAT_ENGINE:
356 return "ENGINE";
357 case FORMAT_HTTP:
358 return "HTTP";
359 case FORMAT_PKCS12:
360 return "P12";
361 case FORMAT_PVK:
362 return "PVK";
363 }
364}
365
366/* Print an error message about unsuitable/unsupported format requested. */
367void print_format_error(int format, unsigned long flags)
368{
369 (void)opt_format_error(format2str(format), flags);
370}
371
372/*
373 * Parse a cipher name, put it in *cipherp after freeing what was there, if
374 * cipherp is not NULL. Return 0 on failure, else 1.
375 */
376int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp)
377{
378 EVP_CIPHER *c;
379
380 ERR_set_mark();
381 if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name,
382 app_get0_propq())) != NULL
383 || (opt_legacy_okay()
384 && (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) {
385 ERR_pop_to_mark();
386 if (cipherp != NULL) {
387 EVP_CIPHER_free(*cipherp);
388 *cipherp = c;
389 } else {
390 EVP_CIPHER_free(c);
391 }
392 return 1;
393 }
394 ERR_clear_last_mark();
395 return 0;
396}
397
398int opt_cipher_any(const char *name, EVP_CIPHER **cipherp)
399{
400 int ret;
401
402 if ((ret = opt_cipher_silent(name, cipherp)) == 0)
403 opt_printf_stderr("%s: Unknown cipher: %s\n", prog, name);
404 return ret;
405}
406
407int opt_cipher(const char *name, EVP_CIPHER **cipherp)
408{
409 int mode, ret = 0;
410 unsigned long int flags;
411 EVP_CIPHER *c = NULL;
412
413 if (opt_cipher_any(name, &c)) {
414 mode = EVP_CIPHER_get_mode(c);
415 flags = EVP_CIPHER_get_flags(c);
416 if (mode == EVP_CIPH_XTS_MODE) {
417 opt_printf_stderr("%s XTS ciphers not supported\n", prog);
418 } else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
419 opt_printf_stderr("%s: AEAD ciphers not supported\n", prog);
420 } else {
421 ret = 1;
422 if (cipherp != NULL)
423 *cipherp = c;
424 }
425 }
426 return ret;
427}
428
429/*
430 * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
431 */
432int opt_md_silent(const char *name, EVP_MD **mdp)
433{
434 EVP_MD *md;
435
436 ERR_set_mark();
437 if ((md = EVP_MD_fetch(app_get0_libctx(), name, app_get0_propq())) != NULL
438 || (opt_legacy_okay()
439 && (md = (EVP_MD *)EVP_get_digestbyname(name)) != NULL)) {
440 ERR_pop_to_mark();
441 if (mdp != NULL) {
442 EVP_MD_free(*mdp);
443 *mdp = md;
444 } else {
445 EVP_MD_free(md);
446 }
447 return 1;
448 }
449 ERR_clear_last_mark();
450 return 0;
451}
452
453int opt_md(const char *name, EVP_MD **mdp)
454{
455 int ret;
456
457 if ((ret = opt_md_silent(name, mdp)) == 0)
458 opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog,
459 name != NULL ? name : "\"\"");
460 return ret;
461}
462
463/* Look through a list of name/value pairs. */
464int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
465{
466 const OPT_PAIR *pp;
467
468 for (pp = pairs; pp->name; pp++)
469 if (strcmp(pp->name, name) == 0) {
470 *result = pp->retval;
471 return 1;
472 }
473 opt_printf_stderr("%s: Value must be one of:\n", prog);
474 for (pp = pairs; pp->name; pp++)
475 opt_printf_stderr("\t%s\n", pp->name);
476 return 0;
477}
478
479/* Look through a list of valid names */
480int opt_string(const char *name, const char **options)
481{
482 const char **p;
483
484 for (p = options; *p != NULL; p++)
485 if (strcmp(*p, name) == 0)
486 return 1;
487 opt_printf_stderr("%s: Value must be one of:\n", prog);
488 for (p = options; *p != NULL; p++)
489 opt_printf_stderr("\t%s\n", *p);
490 return 0;
491}
492
493/* Parse an int, put it into *result; return 0 on failure, else 1. */
494int opt_int(const char *value, int *result)
495{
496 long l;
497
498 if (!opt_long(value, &l))
499 return 0;
500 *result = (int)l;
501 if (*result != l) {
502 opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
503 prog, value);
504 return 0;
505 }
506 return 1;
507}
508
509/* Parse and return an integer, assuming range has been checked before. */
510int opt_int_arg(void)
511{
512 int result = -1;
513
514 (void)opt_int(arg, &result);
515 return result;
516}
517
518static void opt_number_error(const char *v)
519{
520 size_t i = 0;
521 struct strstr_pair_st {
522 char *prefix;
523 char *name;
524 } b[] = {
525 {"0x", "a hexadecimal"},
526 {"0X", "a hexadecimal"},
527 {"0", "an octal"}
528 };
529
530 for (i = 0; i < OSSL_NELEM(b); i++) {
531 if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
532 opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
533 prog, v, b[i].name);
534 return;
535 }
536 }
537 opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
538 return;
539}
540
541/* Parse a long, put it into *result; return 0 on failure, else 1. */
542int opt_long(const char *value, long *result)
543{
544 int oerrno = errno;
545 long l;
546 char *endp;
547
548 errno = 0;
549 l = strtol(value, &endp, 0);
550 if (*endp
551 || endp == value
552 || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
553 || (l == 0 && errno != 0)) {
554 opt_number_error(value);
555 errno = oerrno;
556 return 0;
557 }
558 *result = l;
559 errno = oerrno;
560 return 1;
561}
562
563#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
564 defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
565 !defined(OPENSSL_NO_INTTYPES_H)
566
567/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
568int opt_intmax(const char *value, ossl_intmax_t *result)
569{
570 int oerrno = errno;
571 intmax_t m;
572 char *endp;
573
574 errno = 0;
575 m = strtoimax(value, &endp, 0);
576 if (*endp
577 || endp == value
578 || ((m == INTMAX_MAX || m == INTMAX_MIN)
579 && errno == ERANGE)
580 || (m == 0 && errno != 0)) {
581 opt_number_error(value);
582 errno = oerrno;
583 return 0;
584 }
585 /* Ensure that the value in |m| is never too big for |*result| */
586 if (sizeof(m) > sizeof(*result)
587 && (m < OSSL_INTMAX_MIN || m > OSSL_INTMAX_MAX)) {
588 opt_number_error(value);
589 return 0;
590 }
591 *result = (ossl_intmax_t)m;
592 errno = oerrno;
593 return 1;
594}
595
596/* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
597int opt_uintmax(const char *value, ossl_uintmax_t *result)
598{
599 int oerrno = errno;
600 uintmax_t m;
601 char *endp;
602
603 errno = 0;
604 m = strtoumax(value, &endp, 0);
605 if (*endp
606 || endp == value
607 || (m == UINTMAX_MAX && errno == ERANGE)
608 || (m == 0 && errno != 0)) {
609 opt_number_error(value);
610 errno = oerrno;
611 return 0;
612 }
613 /* Ensure that the value in |m| is never too big for |*result| */
614 if (sizeof(m) > sizeof(*result)
615 && m > OSSL_UINTMAX_MAX) {
616 opt_number_error(value);
617 return 0;
618 }
619 *result = (ossl_intmax_t)m;
620 errno = oerrno;
621 return 1;
622}
623#else
624/* Fallback implementations based on long */
625int opt_intmax(const char *value, ossl_intmax_t *result)
626{
627 long m;
628 int ret;
629
630 if ((ret = opt_long(value, &m)))
631 *result = m;
632 return ret;
633}
634
635int opt_uintmax(const char *value, ossl_uintmax_t *result)
636{
637 unsigned long m;
638 int ret;
639
640 if ((ret = opt_ulong(value, &m)))
641 *result = m;
642 return ret;
643}
644#endif
645
646/*
647 * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
648 */
649int opt_ulong(const char *value, unsigned long *result)
650{
651 int oerrno = errno;
652 char *endptr;
653 unsigned long l;
654
655 errno = 0;
656 l = strtoul(value, &endptr, 0);
657 if (*endptr
658 || endptr == value
659 || ((l == ULONG_MAX) && errno == ERANGE)
660 || (l == 0 && errno != 0)) {
661 opt_number_error(value);
662 errno = oerrno;
663 return 0;
664 }
665 *result = l;
666 errno = oerrno;
667 return 1;
668}
669
670/*
671 * We pass opt as an int but cast it to "enum range" so that all the
672 * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
673 * in gcc do the right thing.
674 */
675enum range { OPT_V_ENUM };
676
677int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
678{
679 int i;
680 ossl_intmax_t t = 0;
681 ASN1_OBJECT *otmp;
682 X509_PURPOSE *xptmp;
683 const X509_VERIFY_PARAM *vtmp;
684
685 OPENSSL_assert(vpm != NULL);
686 OPENSSL_assert(opt > OPT_V__FIRST);
687 OPENSSL_assert(opt < OPT_V__LAST);
688
689 switch ((enum range)opt) {
690 case OPT_V__FIRST:
691 case OPT_V__LAST:
692 return 0;
693 case OPT_V_POLICY:
694 otmp = OBJ_txt2obj(opt_arg(), 0);
695 if (otmp == NULL) {
696 opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
697 return 0;
698 }
699 if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
700 ASN1_OBJECT_free(otmp);
701 opt_printf_stderr("%s: Internal error adding Policy %s\n",
702 prog, opt_arg());
703 return 0;
704 }
705 break;
706 case OPT_V_PURPOSE:
707 /* purpose name -> purpose index */
708 i = X509_PURPOSE_get_by_sname(opt_arg());
709 if (i < 0) {
710 opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
711 return 0;
712 }
713
714 /* purpose index -> purpose object */
715 xptmp = X509_PURPOSE_get0(i);
716
717 /* purpose object -> purpose value */
718 i = X509_PURPOSE_get_id(xptmp);
719
720 if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
721 opt_printf_stderr("%s: Internal error setting purpose %s\n",
722 prog, opt_arg());
723 return 0;
724 }
725 break;
726 case OPT_V_VERIFY_NAME:
727 vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
728 if (vtmp == NULL) {
729 opt_printf_stderr("%s: Invalid verify name %s\n",
730 prog, opt_arg());
731 return 0;
732 }
733 X509_VERIFY_PARAM_set1(vpm, vtmp);
734 break;
735 case OPT_V_VERIFY_DEPTH:
736 i = atoi(opt_arg());
737 if (i >= 0)
738 X509_VERIFY_PARAM_set_depth(vpm, i);
739 break;
740 case OPT_V_VERIFY_AUTH_LEVEL:
741 i = atoi(opt_arg());
742 if (i >= 0)
743 X509_VERIFY_PARAM_set_auth_level(vpm, i);
744 break;
745 case OPT_V_ATTIME:
746 if (!opt_intmax(opt_arg(), &t))
747 return 0;
748 if (t != (time_t)t) {
749 opt_printf_stderr("%s: epoch time out of range %s\n",
750 prog, opt_arg());
751 return 0;
752 }
753 X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
754 break;
755 case OPT_V_VERIFY_HOSTNAME:
756 if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
757 return 0;
758 break;
759 case OPT_V_VERIFY_EMAIL:
760 if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
761 return 0;
762 break;
763 case OPT_V_VERIFY_IP:
764 if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
765 return 0;
766 break;
767 case OPT_V_IGNORE_CRITICAL:
768 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
769 break;
770 case OPT_V_ISSUER_CHECKS:
771 /* NOP, deprecated */
772 break;
773 case OPT_V_CRL_CHECK:
774 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
775 break;
776 case OPT_V_CRL_CHECK_ALL:
777 X509_VERIFY_PARAM_set_flags(vpm,
778 X509_V_FLAG_CRL_CHECK |
779 X509_V_FLAG_CRL_CHECK_ALL);
780 break;
781 case OPT_V_POLICY_CHECK:
782 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
783 break;
784 case OPT_V_EXPLICIT_POLICY:
785 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
786 break;
787 case OPT_V_INHIBIT_ANY:
788 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
789 break;
790 case OPT_V_INHIBIT_MAP:
791 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
792 break;
793 case OPT_V_X509_STRICT:
794 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
795 break;
796 case OPT_V_EXTENDED_CRL:
797 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
798 break;
799 case OPT_V_USE_DELTAS:
800 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
801 break;
802 case OPT_V_POLICY_PRINT:
803 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
804 break;
805 case OPT_V_CHECK_SS_SIG:
806 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
807 break;
808 case OPT_V_TRUSTED_FIRST:
809 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
810 break;
811 case OPT_V_SUITEB_128_ONLY:
812 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
813 break;
814 case OPT_V_SUITEB_128:
815 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
816 break;
817 case OPT_V_SUITEB_192:
818 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
819 break;
820 case OPT_V_PARTIAL_CHAIN:
821 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
822 break;
823 case OPT_V_NO_ALT_CHAINS:
824 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
825 break;
826 case OPT_V_NO_CHECK_TIME:
827 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
828 break;
829 case OPT_V_ALLOW_PROXY_CERTS:
830 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
831 break;
832 }
833 return 1;
834
835}
836
837void opt_begin(void)
838{
839 opt_index = 1;
840 arg = NULL;
841 flag = NULL;
842}
843
844/*
845 * Parse the next flag (and value if specified), return 0 if done, -1 on
846 * error, otherwise the flag's retval.
847 */
848int opt_next(void)
849{
850 char *p;
851 const OPTIONS *o;
852 int ival;
853 long lval;
854 unsigned long ulval;
855 ossl_intmax_t imval;
856 ossl_uintmax_t umval;
857
858 /* Look at current arg; at end of the list? */
859 arg = NULL;
860 p = argv[opt_index];
861 if (p == NULL)
862 return 0;
863
864 /* If word doesn't start with a -, we're done. */
865 if (*p != '-')
866 return 0;
867
868 /* Hit "--" ? We're done. */
869 opt_index++;
870 if (strcmp(p, "--") == 0)
871 return 0;
872
873 /* Allow -nnn and --nnn */
874 if (*++p == '-')
875 p++;
876 flag = p - 1;
877
878 /* If we have --flag=foo, snip it off */
879 if ((arg = strchr(p, '=')) != NULL)
880 *arg++ = '\0';
881 for (o = opts; o->name; ++o) {
882 /* If not this option, move on to the next one. */
883 if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0)
884 && strcmp(p, o->name) != 0)
885 continue;
886
887 /* If it doesn't take a value, make sure none was given. */
888 if (o->valtype == 0 || o->valtype == '-') {
889 if (arg) {
890 opt_printf_stderr("%s: Option -%s does not take a value\n",
891 prog, p);
892 return -1;
893 }
894 return o->retval;
895 }
896
897 /* Want a value; get the next param if =foo not used. */
898 if (arg == NULL) {
899 if (argv[opt_index] == NULL) {
900 opt_printf_stderr("%s: Option -%s needs a value\n",
901 prog, o->name);
902 return -1;
903 }
904 arg = argv[opt_index++];
905 }
906
907 /* Syntax-check value. */
908 switch (o->valtype) {
909 default:
910 case 's':
911 case ':':
912 /* Just a string. */
913 break;
914 case '.':
915 /* Parameters */
916 break;
917 case '/':
918 if (opt_isdir(arg) > 0)
919 break;
920 opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
921 return -1;
922 case '<':
923 /* Input file. */
924 break;
925 case '>':
926 /* Output file. */
927 break;
928 case 'p':
929 case 'n':
930 case 'N':
931 if (!opt_int(arg, &ival))
932 return -1;
933 if (o->valtype == 'p' && ival <= 0) {
934 opt_printf_stderr("%s: Non-positive number \"%s\" for option -%s\n",
935 prog, arg, o->name);
936 return -1;
937 }
938 if (o->valtype == 'N' && ival < 0) {
939 opt_printf_stderr("%s: Negative number \"%s\" for option -%s\n",
940 prog, arg, o->name);
941 return -1;
942 }
943 break;
944 case 'M':
945 if (!opt_intmax(arg, &imval))
946 return -1;
947 break;
948 case 'U':
949 if (!opt_uintmax(arg, &umval))
950 return -1;
951 break;
952 case 'l':
953 if (!opt_long(arg, &lval))
954 return -1;
955 break;
956 case 'u':
957 if (!opt_ulong(arg, &ulval))
958 return -1;
959 break;
960 case 'c':
961 case 'E':
962 case 'F':
963 case 'f':
964 if (opt_format(arg,
965 o->valtype == 'c' ? OPT_FMT_PDS :
966 o->valtype == 'E' ? OPT_FMT_PDE :
967 o->valtype == 'F' ? OPT_FMT_PEMDER
968 : OPT_FMT_ANY, &ival))
969 break;
970 opt_printf_stderr("%s: Invalid format \"%s\" for option -%s\n",
971 prog, arg, o->name);
972 return -1;
973 }
974
975 /* Return the flag value. */
976 return o->retval;
977 }
978 if (unknown != NULL) {
979 dunno = p;
980 return unknown->retval;
981 }
982 opt_printf_stderr("%s: Unknown option: -%s\n", prog, p);
983 return -1;
984}
985
986/* Return the most recent flag parameter. */
987char *opt_arg(void)
988{
989 return arg;
990}
991
992/* Return the most recent flag (option name including the preceding '-'). */
993char *opt_flag(void)
994{
995 return flag;
996}
997
998/* Return the unknown option. */
999char *opt_unknown(void)
1000{
1001 return dunno;
1002}
1003
1004/* Return the rest of the arguments after parsing flags. */
1005char **opt_rest(void)
1006{
1007 return &argv[opt_index];
1008}
1009
1010/* How many items in remaining args? */
1011int opt_num_rest(void)
1012{
1013 int i = 0;
1014 char **pp;
1015
1016 for (pp = opt_rest(); *pp; pp++, i++)
1017 continue;
1018 return i;
1019}
1020
1021/* Return a string describing the parameter type. */
1022static const char *valtype2param(const OPTIONS *o)
1023{
1024 switch (o->valtype) {
1025 case 0:
1026 case '-':
1027 return "";
1028 case ':':
1029 return "uri";
1030 case 's':
1031 return "val";
1032 case '/':
1033 return "dir";
1034 case '<':
1035 return "infile";
1036 case '>':
1037 return "outfile";
1038 case 'p':
1039 return "+int";
1040 case 'n':
1041 return "int";
1042 case 'l':
1043 return "long";
1044 case 'u':
1045 return "ulong";
1046 case 'E':
1047 return "PEM|DER|ENGINE";
1048 case 'F':
1049 return "PEM|DER";
1050 case 'f':
1051 return "format";
1052 case 'M':
1053 return "intmax";
1054 case 'N':
1055 return "nonneg";
1056 case 'U':
1057 return "uintmax";
1058 }
1059 return "parm";
1060}
1061
1062static void opt_print(const OPTIONS *o, int doingparams, int width)
1063{
1064 const char* help;
1065 char start[80 + 1];
1066 char *p;
1067
1068 help = o->helpstr ? o->helpstr : "(No additional info)";
1069 if (o->name == OPT_HELP_STR) {
1070 opt_printf_stderr(help, prog);
1071 return;
1072 }
1073 if (o->name == OPT_SECTION_STR) {
1074 opt_printf_stderr("\n");
1075 opt_printf_stderr(help, prog);
1076 return;
1077 }
1078 if (o->name == OPT_PARAM_STR) {
1079 opt_printf_stderr("\nParameters:\n");
1080 return;
1081 }
1082
1083 /* Pad out prefix */
1084 memset(start, ' ', sizeof(start) - 1);
1085 start[sizeof(start) - 1] = '\0';
1086
1087 if (o->name == OPT_MORE_STR) {
1088 /* Continuation of previous line; pad and print. */
1089 start[width] = '\0';
1090 opt_printf_stderr("%s %s\n", start, help);
1091 return;
1092 }
1093
1094 /* Build up the "-flag [param]" part. */
1095 p = start;
1096 *p++ = ' ';
1097 if (!doingparams)
1098 *p++ = '-';
1099 if (o->name[0])
1100 p += strlen(strcpy(p, o->name));
1101 else
1102 *p++ = '*';
1103 if (o->valtype != '-') {
1104 *p++ = ' ';
1105 p += strlen(strcpy(p, valtype2param(o)));
1106 }
1107 *p = ' ';
1108 if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
1109 *p = '\0';
1110 opt_printf_stderr("%s\n", start);
1111 memset(start, ' ', sizeof(start));
1112 }
1113 start[width] = '\0';
1114 opt_printf_stderr("%s %s\n", start, help);
1115}
1116
1117void opt_help(const OPTIONS *list)
1118{
1119 const OPTIONS *o;
1120 int i, sawparams = 0, width = 5;
1121 int standard_prolog;
1122 char start[80 + 1];
1123
1124 /* Starts with its own help message? */
1125 standard_prolog = list[0].name != OPT_HELP_STR;
1126
1127 /* Find the widest help. */
1128 for (o = list; o->name; o++) {
1129 if (o->name == OPT_MORE_STR)
1130 continue;
1131 i = 2 + (int)strlen(o->name);
1132 if (o->valtype != '-')
1133 i += 1 + strlen(valtype2param(o));
1134 if (i < MAX_OPT_HELP_WIDTH && i > width)
1135 width = i;
1136 OPENSSL_assert(i < (int)sizeof(start));
1137 }
1138
1139 if (standard_prolog) {
1140 opt_printf_stderr("Usage: %s [options]\n", prog);
1141 if (list[0].name != OPT_SECTION_STR)
1142 opt_printf_stderr("Valid options are:\n", prog);
1143 }
1144
1145 /* Now let's print. */
1146 for (o = list; o->name; o++) {
1147 if (o->name == OPT_PARAM_STR)
1148 sawparams = 1;
1149 opt_print(o, sawparams, width);
1150 }
1151}
1152
1153/* opt_isdir section */
1154#ifdef _WIN32
1155# include <windows.h>
1156int opt_isdir(const char *name)
1157{
1158 DWORD attr;
1159# if defined(UNICODE) || defined(_UNICODE)
1160 size_t i, len_0 = strlen(name) + 1;
1161 WCHAR tempname[MAX_PATH];
1162
1163 if (len_0 > MAX_PATH)
1164 return -1;
1165
1166# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
1167 if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
1168# endif
1169 for (i = 0; i < len_0; i++)
1170 tempname[i] = (WCHAR)name[i];
1171
1172 attr = GetFileAttributes(tempname);
1173# else
1174 attr = GetFileAttributes(name);
1175# endif
1176 if (attr == INVALID_FILE_ATTRIBUTES)
1177 return -1;
1178 return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1179}
1180#else
1181# include <sys/stat.h>
1182# ifndef S_ISDIR
1183# if defined(_S_IFMT) && defined(_S_IFDIR)
1184# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
1185# else
1186# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
1187# endif
1188# endif
1189
1190int opt_isdir(const char *name)
1191{
1192# if defined(S_ISDIR)
1193 struct stat st;
1194
1195 if (stat(name, &st) == 0)
1196 return S_ISDIR(st.st_mode);
1197 else
1198 return -1;
1199# else
1200 return -1;
1201# endif
1202}
1203#endif
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette