2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * This file is also used by the test suite. Do not #include "apps.h".
15 #include "internal/nelem.h"
17 #if !defined(OPENSSL_SYS_MSDOS)
25 #include <openssl/bio.h>
26 #include <openssl/x509v3.h>
28 #define MAX_OPT_HELP_WIDTH 30
29 const char OPT_HELP_STR[] = "--";
30 const char OPT_MORE_STR[] = "---";
31 const char OPT_SECTION_STR[] = "----";
40 static const OPTIONS *unknown;
41 static const OPTIONS *opts;
45 * Return the simple name of the program; removing various platform gunk.
47 #if defined(OPENSSL_SYS_WIN32)
48 char *opt_progname(const char *argv0)
54 /* find the last '/', '\' or ':' */
55 for (p = argv0 + strlen(argv0); --p > argv0;)
56 if (*p == '/' || *p == '\\' || *p == ':') {
61 /* Strip off trailing nonsense. */
64 (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
67 /* Copy over the name, in lowercase. */
68 if (n > sizeof(prog) - 1)
70 for (q = prog, i = 0; i < n; i++, p++)
71 *q++ = tolower((unsigned char)*p);
76 #elif defined(OPENSSL_SYS_VMS)
78 char *opt_progname(const char *argv0)
82 /* Find last special character sys:[foo.bar]openssl */
83 for (p = argv0 + strlen(argv0); --p > argv0;)
84 if (*p == ':' || *p == ']' || *p == '>') {
90 strncpy(prog, p, sizeof(prog) - 1);
91 prog[sizeof(prog) - 1] = '\0';
92 if (q != NULL && q - p < sizeof(prog))
99 char *opt_progname(const char *argv0)
103 /* Could use strchr, but this is like the ones above. */
104 for (p = argv0 + strlen(argv0); --p > argv0;)
109 strncpy(prog, p, sizeof(prog) - 1);
110 prog[sizeof(prog) - 1] = '\0';
115 char *opt_getprog(void)
120 /* Set up the arg parsing. */
121 char *opt_init(int ac, char **av, const OPTIONS *o)
131 for (; o->name; ++o) {
137 if (o->name == OPT_HELP_STR
138 || o->name == OPT_MORE_STR
139 || o->name == OPT_SECTION_STR)
144 /* Make sure options are legit. */
145 OPENSSL_assert(o->name[0] != '-');
146 OPENSSL_assert(o->retval > 0);
148 case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
149 case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
150 case 'u': case 'c': case ':':
156 /* Make sure there are no duplicates. */
157 for (next = o + 1; next->name; ++next) {
159 * Some compilers inline strcmp and the assert string is too long.
161 duplicated = strcmp(o->name, next->name) == 0;
162 OPENSSL_assert(!duplicated);
165 if (o->name[0] == '\0') {
166 OPENSSL_assert(unknown == NULL);
168 OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
174 static OPT_PAIR formats[] = {
175 {"PEM/DER", OPT_FMT_PEMDER},
176 {"pkcs12", OPT_FMT_PKCS12},
177 {"smime", OPT_FMT_SMIME},
178 {"engine", OPT_FMT_ENGINE},
179 {"msblob", OPT_FMT_MSBLOB},
180 {"nss", OPT_FMT_NSS},
181 {"text", OPT_FMT_TEXT},
182 {"http", OPT_FMT_HTTP},
183 {"pvk", OPT_FMT_PVK},
187 /* Print an error message about a failed format parse. */
188 int opt_format_error(const char *s, unsigned long flags)
192 if (flags == OPT_FMT_PEMDER) {
193 opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
196 opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
198 for (ap = formats; ap->name; ap++)
199 if (flags & ap->retval)
200 opt_printf_stderr(" %s\n", ap->name);
205 /* Parse a format string, put it into *result; return 0 on failure, else 1. */
206 int opt_format(const char *s, unsigned long flags, int *result)
213 if ((flags & OPT_FMT_PEMDER) == 0)
214 return opt_format_error(s, flags);
215 *result = FORMAT_ASN1;
219 if ((flags & OPT_FMT_TEXT) == 0)
220 return opt_format_error(s, flags);
221 *result = FORMAT_TEXT;
225 if ((flags & OPT_FMT_NSS) == 0)
226 return opt_format_error(s, flags);
227 if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
228 return opt_format_error(s, flags);
229 *result = FORMAT_NSS;
233 if ((flags & OPT_FMT_SMIME) == 0)
234 return opt_format_error(s, flags);
235 *result = FORMAT_SMIME;
239 if ((flags & OPT_FMT_MSBLOB) == 0)
240 return opt_format_error(s, flags);
241 *result = FORMAT_MSBLOB;
245 if ((flags & OPT_FMT_ENGINE) == 0)
246 return opt_format_error(s, flags);
247 *result = FORMAT_ENGINE;
251 if ((flags & OPT_FMT_HTTP) == 0)
252 return opt_format_error(s, flags);
253 *result = FORMAT_HTTP;
256 if ((flags & OPT_FMT_PKCS12) == 0)
257 return opt_format_error(s, flags);
258 *result = FORMAT_PKCS12;
262 if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
263 if ((flags & OPT_FMT_PEMDER) == 0)
264 return opt_format_error(s, flags);
265 *result = FORMAT_PEM;
266 } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
267 if ((flags & OPT_FMT_PVK) == 0)
268 return opt_format_error(s, flags);
269 *result = FORMAT_PVK;
270 } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
271 || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
272 if ((flags & OPT_FMT_PKCS12) == 0)
273 return opt_format_error(s, flags);
274 *result = FORMAT_PKCS12;
283 /* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
284 int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
286 *cipherp = EVP_get_cipherbyname(name);
287 if (*cipherp != NULL)
289 opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
294 * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
296 int opt_md(const char *name, const EVP_MD **mdp)
298 *mdp = EVP_get_digestbyname(name);
301 opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
305 /* Look through a list of name/value pairs. */
306 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
310 for (pp = pairs; pp->name; pp++)
311 if (strcmp(pp->name, name) == 0) {
312 *result = pp->retval;
315 opt_printf_stderr("%s: Value must be one of:\n", prog);
316 for (pp = pairs; pp->name; pp++)
317 opt_printf_stderr("\t%s\n", pp->name);
321 /* Parse an int, put it into *result; return 0 on failure, else 1. */
322 int opt_int(const char *value, int *result)
326 if (!opt_long(value, &l))
330 opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
337 static void opt_number_error(const char *v)
340 struct strstr_pair_st {
344 {"0x", "a hexadecimal"},
345 {"0X", "a hexadecimal"},
349 for (i = 0; i < OSSL_NELEM(b); i++) {
350 if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
351 opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
356 opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
360 /* Parse a long, put it into *result; return 0 on failure, else 1. */
361 int opt_long(const char *value, long *result)
368 l = strtol(value, &endp, 0);
371 || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
372 || (l == 0 && errno != 0)) {
373 opt_number_error(value);
382 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
383 defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
384 !defined(OPENSSL_NO_INTTYPES_H)
386 /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
387 int opt_imax(const char *value, intmax_t *result)
394 m = strtoimax(value, &endp, 0);
397 || ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
398 || (m == 0 && errno != 0)) {
399 opt_number_error(value);
408 /* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
409 int opt_umax(const char *value, uintmax_t *result)
416 m = strtoumax(value, &endp, 0);
419 || (m == UINTMAX_MAX && errno == ERANGE)
420 || (m == 0 && errno != 0)) {
421 opt_number_error(value);
432 * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
434 int opt_ulong(const char *value, unsigned long *result)
441 l = strtoul(value, &endptr, 0);
444 || ((l == ULONG_MAX) && errno == ERANGE)
445 || (l == 0 && errno != 0)) {
446 opt_number_error(value);
456 * We pass opt as an int but cast it to "enum range" so that all the
457 * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
458 * in gcc do the right thing.
460 enum range { OPT_V_ENUM };
462 int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
468 const X509_VERIFY_PARAM *vtmp;
470 OPENSSL_assert(vpm != NULL);
471 OPENSSL_assert(opt > OPT_V__FIRST);
472 OPENSSL_assert(opt < OPT_V__LAST);
474 switch ((enum range)opt) {
479 otmp = OBJ_txt2obj(opt_arg(), 0);
481 opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
484 X509_VERIFY_PARAM_add0_policy(vpm, otmp);
487 /* purpose name -> purpose index */
488 i = X509_PURPOSE_get_by_sname(opt_arg());
490 opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
494 /* purpose index -> purpose object */
495 xptmp = X509_PURPOSE_get0(i);
497 /* purpose object -> purpose value */
498 i = X509_PURPOSE_get_id(xptmp);
500 if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
501 opt_printf_stderr("%s: Internal error setting purpose %s\n",
506 case OPT_V_VERIFY_NAME:
507 vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
509 opt_printf_stderr("%s: Invalid verify name %s\n",
513 X509_VERIFY_PARAM_set1(vpm, vtmp);
515 case OPT_V_VERIFY_DEPTH:
518 X509_VERIFY_PARAM_set_depth(vpm, i);
520 case OPT_V_VERIFY_AUTH_LEVEL:
523 X509_VERIFY_PARAM_set_auth_level(vpm, i);
526 if (!opt_imax(opt_arg(), &t))
528 if (t != (time_t)t) {
529 opt_printf_stderr("%s: epoch time out of range %s\n",
533 X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
535 case OPT_V_VERIFY_HOSTNAME:
536 if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
539 case OPT_V_VERIFY_EMAIL:
540 if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
543 case OPT_V_VERIFY_IP:
544 if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
547 case OPT_V_IGNORE_CRITICAL:
548 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
550 case OPT_V_ISSUER_CHECKS:
551 /* NOP, deprecated */
553 case OPT_V_CRL_CHECK:
554 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
556 case OPT_V_CRL_CHECK_ALL:
557 X509_VERIFY_PARAM_set_flags(vpm,
558 X509_V_FLAG_CRL_CHECK |
559 X509_V_FLAG_CRL_CHECK_ALL);
561 case OPT_V_POLICY_CHECK:
562 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
564 case OPT_V_EXPLICIT_POLICY:
565 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
567 case OPT_V_INHIBIT_ANY:
568 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
570 case OPT_V_INHIBIT_MAP:
571 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
573 case OPT_V_X509_STRICT:
574 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
576 case OPT_V_EXTENDED_CRL:
577 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
579 case OPT_V_USE_DELTAS:
580 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
582 case OPT_V_POLICY_PRINT:
583 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
585 case OPT_V_CHECK_SS_SIG:
586 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
588 case OPT_V_TRUSTED_FIRST:
589 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
591 case OPT_V_SUITEB_128_ONLY:
592 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
594 case OPT_V_SUITEB_128:
595 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
597 case OPT_V_SUITEB_192:
598 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
600 case OPT_V_PARTIAL_CHAIN:
601 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
603 case OPT_V_NO_ALT_CHAINS:
604 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
606 case OPT_V_NO_CHECK_TIME:
607 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
609 case OPT_V_ALLOW_PROXY_CERTS:
610 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
625 * Parse the next flag (and value if specified), return 0 if done, -1 on
626 * error, otherwise the flag's retval.
636 ossl_uintmax_t umval;
638 /* Look at current arg; at end of the list? */
644 /* If word doesn't start with a -, we're done. */
648 /* Hit "--" ? We're done. */
650 if (strcmp(p, "--") == 0)
653 /* Allow -nnn and --nnn */
658 /* If we have --flag=foo, snip it off */
659 if ((arg = strchr(p, '=')) != NULL)
661 for (o = opts; o->name; ++o) {
662 /* If not this option, move on to the next one. */
663 if (strcmp(p, o->name) != 0)
666 /* If it doesn't take a value, make sure none was given. */
667 if (o->valtype == 0 || o->valtype == '-') {
669 opt_printf_stderr("%s: Option -%s does not take a value\n",
676 /* Want a value; get the next param if =foo not used. */
678 if (argv[opt_index] == NULL) {
679 opt_printf_stderr("%s: Option -%s needs a value\n",
683 arg = argv[opt_index++];
686 /* Syntax-check value. */
687 switch (o->valtype) {
694 if (opt_isdir(arg) > 0)
696 opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
706 if (!opt_int(arg, &ival)
707 || (o->valtype == 'p' && ival <= 0)) {
708 opt_printf_stderr("%s: Non-positive number \"%s\" for -%s\n",
714 if (!opt_imax(arg, &imval)) {
715 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
721 if (!opt_umax(arg, &umval)) {
722 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
728 if (!opt_long(arg, &lval)) {
729 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
735 if (!opt_ulong(arg, &ulval)) {
736 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
746 o->valtype == 'c' ? OPT_FMT_PDS :
747 o->valtype == 'E' ? OPT_FMT_PDE :
748 o->valtype == 'F' ? OPT_FMT_PEMDER
749 : OPT_FMT_ANY, &ival))
751 opt_printf_stderr("%s: Invalid format \"%s\" for -%s\n",
756 /* Return the flag value. */
759 if (unknown != NULL) {
761 return unknown->retval;
763 opt_printf_stderr("%s: Option unknown option -%s\n", prog, p);
767 /* Return the most recent flag parameter. */
773 /* Return the most recent flag. */
779 /* Return the unknown option. */
780 char *opt_unknown(void)
785 /* Return the rest of the arguments after parsing flags. */
786 char **opt_rest(void)
788 return &argv[opt_index];
791 /* How many items in remaining args? */
792 int opt_num_rest(void)
797 for (pp = opt_rest(); *pp; pp++, i++)
802 /* Return a string describing the parameter type. */
803 static const char *valtype2param(const OPTIONS *o)
805 switch (o->valtype) {
828 return "PEM|DER|ENGINE";
841 void opt_print(const OPTIONS *o, int width)
847 help = o->helpstr ? o->helpstr : "(No additional info)";
848 if (o->name == OPT_HELP_STR) {
849 opt_printf_stderr(help, prog);
852 if (o->name == OPT_SECTION_STR) {
853 opt_printf_stderr("\n");
854 opt_printf_stderr(help, prog);
859 memset(start, ' ', sizeof(start) - 1);
860 start[sizeof(start) - 1] = '\0';
862 if (o->name == OPT_MORE_STR) {
863 /* Continuation of previous line; pad and print. */
865 opt_printf_stderr("%s %s\n", start, help);
869 /* Build up the "-flag [param]" part. */
874 p += strlen(strcpy(p, o->name));
877 if (o->valtype != '-') {
879 p += strlen(strcpy(p, valtype2param(o)));
882 if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
884 opt_printf_stderr("%s\n", start);
885 memset(start, ' ', sizeof(start));
888 opt_printf_stderr("%s %s\n", start, help);
891 void opt_help(const OPTIONS *list)
899 /* Starts with its own help message? */
900 standard_prolog = list[0].name != OPT_HELP_STR;
902 /* Find the widest help. */
903 for (o = list; o->name; o++) {
904 if (o->name == OPT_MORE_STR)
906 i = 2 + (int)strlen(o->name);
907 if (o->valtype != '-')
908 i += 1 + strlen(valtype2param(o));
909 if (i < MAX_OPT_HELP_WIDTH && i > width)
911 OPENSSL_assert(i < (int)sizeof(start));
914 if (standard_prolog) {
915 opt_printf_stderr("Usage: %s [options]\n", prog);
916 if (list[0].name != OPT_SECTION_STR)
917 opt_printf_stderr("Valid options are:\n", prog);
920 /* Now let's print. */
921 for (o = list; o->name; o++) {
926 /* opt_isdir section */
928 # include <windows.h>
929 int opt_isdir(const char *name)
932 # if defined(UNICODE) || defined(_UNICODE)
933 size_t i, len_0 = strlen(name) + 1;
934 WCHAR tempname[MAX_PATH];
936 if (len_0 > MAX_PATH)
939 # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
940 if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
942 for (i = 0; i < len_0; i++)
943 tempname[i] = (WCHAR)name[i];
945 attr = GetFileAttributes(tempname);
947 attr = GetFileAttributes(name);
949 if (attr == INVALID_FILE_ATTRIBUTES)
951 return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
954 # include <sys/stat.h>
956 # if defined(_S_IFMT) && defined(_S_IFDIR)
957 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
959 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
963 int opt_isdir(const char *name)
965 # if defined(S_ISDIR)
968 if (stat(name, &st) == 0)
969 return S_ISDIR(st.st_mode);