2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * This file is also used by the test suite. Do not #include "apps.h".
15 #include "internal/nelem.h"
17 #if !defined(OPENSSL_SYS_MSDOS)
18 # include OPENSSL_UNISTD
25 #include <openssl/bio.h>
26 #include <openssl/x509v3.h>
28 #define MAX_OPT_HELP_WIDTH 30
29 const char OPT_HELP_STR[] = "--";
30 const char OPT_MORE_STR[] = "---";
39 static const OPTIONS *unknown;
40 static const OPTIONS *opts;
44 * Return the simple name of the program; removing various platform gunk.
46 #if defined(OPENSSL_SYS_WIN32)
47 char *opt_progname(const char *argv0)
53 /* find the last '/', '\' or ':' */
54 for (p = argv0 + strlen(argv0); --p > argv0;)
55 if (*p == '/' || *p == '\\' || *p == ':') {
60 /* Strip off trailing nonsense. */
63 (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
66 /* Copy over the name, in lowercase. */
67 if (n > sizeof(prog) - 1)
69 for (q = prog, i = 0; i < n; i++, p++)
70 *q++ = tolower((unsigned char)*p);
75 #elif defined(OPENSSL_SYS_VMS)
77 char *opt_progname(const char *argv0)
81 /* Find last special character sys:[foo.bar]openssl */
82 for (p = argv0 + strlen(argv0); --p > argv0;)
83 if (*p == ':' || *p == ']' || *p == '>') {
89 strncpy(prog, p, sizeof(prog) - 1);
90 prog[sizeof(prog) - 1] = '\0';
91 if (q != NULL && q - p < sizeof(prog))
98 char *opt_progname(const char *argv0)
102 /* Could use strchr, but this is like the ones above. */
103 for (p = argv0 + strlen(argv0); --p > argv0;)
108 strncpy(prog, p, sizeof(prog) - 1);
109 prog[sizeof(prog) - 1] = '\0';
114 char *opt_getprog(void)
119 /* Set up the arg parsing. */
120 char *opt_init(int ac, char **av, const OPTIONS *o)
130 for (; o->name; ++o) {
136 if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
141 /* Make sure options are legit. */
142 OPENSSL_assert(o->name[0] != '-');
143 OPENSSL_assert(o->retval > 0);
145 case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
146 case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
153 /* Make sure there are no duplicates. */
154 for (next = o + 1; next->name; ++next) {
156 * Some compilers inline strcmp and the assert string is too long.
158 duplicated = strcmp(o->name, next->name) == 0;
159 OPENSSL_assert(!duplicated);
162 if (o->name[0] == '\0') {
163 OPENSSL_assert(unknown == NULL);
165 OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
171 static OPT_PAIR formats[] = {
172 {"PEM/DER", OPT_FMT_PEMDER},
173 {"pkcs12", OPT_FMT_PKCS12},
174 {"smime", OPT_FMT_SMIME},
175 {"engine", OPT_FMT_ENGINE},
176 {"msblob", OPT_FMT_MSBLOB},
177 {"nss", OPT_FMT_NSS},
178 {"text", OPT_FMT_TEXT},
179 {"http", OPT_FMT_HTTP},
180 {"pvk", OPT_FMT_PVK},
184 /* Print an error message about a failed format parse. */
185 int opt_format_error(const char *s, unsigned long flags)
189 if (flags == OPT_FMT_PEMDER) {
190 opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
193 opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
195 for (ap = formats; ap->name; ap++)
196 if (flags & ap->retval)
197 opt_printf_stderr(" %s\n", ap->name);
202 /* Parse a format string, put it into *result; return 0 on failure, else 1. */
203 int opt_format(const char *s, unsigned long flags, int *result)
210 if ((flags & OPT_FMT_PEMDER) == 0)
211 return opt_format_error(s, flags);
212 *result = FORMAT_ASN1;
216 if ((flags & OPT_FMT_TEXT) == 0)
217 return opt_format_error(s, flags);
218 *result = FORMAT_TEXT;
222 if ((flags & OPT_FMT_NSS) == 0)
223 return opt_format_error(s, flags);
224 if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
225 return opt_format_error(s, flags);
226 *result = FORMAT_NSS;
230 if ((flags & OPT_FMT_SMIME) == 0)
231 return opt_format_error(s, flags);
232 *result = FORMAT_SMIME;
236 if ((flags & OPT_FMT_MSBLOB) == 0)
237 return opt_format_error(s, flags);
238 *result = FORMAT_MSBLOB;
242 if ((flags & OPT_FMT_ENGINE) == 0)
243 return opt_format_error(s, flags);
244 *result = FORMAT_ENGINE;
248 if ((flags & OPT_FMT_HTTP) == 0)
249 return opt_format_error(s, flags);
250 *result = FORMAT_HTTP;
253 if ((flags & OPT_FMT_PKCS12) == 0)
254 return opt_format_error(s, flags);
255 *result = FORMAT_PKCS12;
259 if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
260 if ((flags & OPT_FMT_PEMDER) == 0)
261 return opt_format_error(s, flags);
262 *result = FORMAT_PEM;
263 } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
264 if ((flags & OPT_FMT_PVK) == 0)
265 return opt_format_error(s, flags);
266 *result = FORMAT_PVK;
267 } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
268 || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
269 if ((flags & OPT_FMT_PKCS12) == 0)
270 return opt_format_error(s, flags);
271 *result = FORMAT_PKCS12;
280 /* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
281 int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
283 *cipherp = EVP_get_cipherbyname(name);
284 if (*cipherp != NULL)
286 opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
291 * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
293 int opt_md(const char *name, const EVP_MD **mdp)
295 *mdp = EVP_get_digestbyname(name);
298 opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
302 /* Look through a list of name/value pairs. */
303 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
307 for (pp = pairs; pp->name; pp++)
308 if (strcmp(pp->name, name) == 0) {
309 *result = pp->retval;
312 opt_printf_stderr("%s: Value must be one of:\n", prog);
313 for (pp = pairs; pp->name; pp++)
314 opt_printf_stderr("\t%s\n", pp->name);
318 /* Parse an int, put it into *result; return 0 on failure, else 1. */
319 int opt_int(const char *value, int *result)
323 if (!opt_long(value, &l))
327 opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
334 static void opt_number_error(const char *v)
337 struct strstr_pair_st {
341 {"0x", "a hexadecimal"},
342 {"0X", "a hexadecimal"},
346 for (i = 0; i < OSSL_NELEM(b); i++) {
347 if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
348 opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
353 opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
357 /* Parse a long, put it into *result; return 0 on failure, else 1. */
358 int opt_long(const char *value, long *result)
365 l = strtol(value, &endp, 0);
368 || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
369 || (l == 0 && errno != 0)) {
370 opt_number_error(value);
379 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
380 defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
381 !defined(OPENSSL_NO_INTTYPES_H)
383 /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
384 int opt_imax(const char *value, intmax_t *result)
391 m = strtoimax(value, &endp, 0);
394 || ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
395 || (m == 0 && errno != 0)) {
396 opt_number_error(value);
405 /* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
406 int opt_umax(const char *value, uintmax_t *result)
413 m = strtoumax(value, &endp, 0);
416 || (m == UINTMAX_MAX && errno == ERANGE)
417 || (m == 0 && errno != 0)) {
418 opt_number_error(value);
429 * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
431 int opt_ulong(const char *value, unsigned long *result)
438 l = strtoul(value, &endptr, 0);
441 || ((l == ULONG_MAX) && errno == ERANGE)
442 || (l == 0 && errno != 0)) {
443 opt_number_error(value);
453 * We pass opt as an int but cast it to "enum range" so that all the
454 * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
455 * in gcc do the right thing.
457 enum range { OPT_V_ENUM };
459 int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
465 const X509_VERIFY_PARAM *vtmp;
467 OPENSSL_assert(vpm != NULL);
468 OPENSSL_assert(opt > OPT_V__FIRST);
469 OPENSSL_assert(opt < OPT_V__LAST);
471 switch ((enum range)opt) {
476 otmp = OBJ_txt2obj(opt_arg(), 0);
478 opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
481 X509_VERIFY_PARAM_add0_policy(vpm, otmp);
484 /* purpose name -> purpose index */
485 i = X509_PURPOSE_get_by_sname(opt_arg());
487 opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
491 /* purpose index -> purpose object */
492 xptmp = X509_PURPOSE_get0(i);
494 /* purpose object -> purpose value */
495 i = X509_PURPOSE_get_id(xptmp);
497 if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
498 opt_printf_stderr("%s: Internal error setting purpose %s\n",
503 case OPT_V_VERIFY_NAME:
504 vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
506 opt_printf_stderr("%s: Invalid verify name %s\n",
510 X509_VERIFY_PARAM_set1(vpm, vtmp);
512 case OPT_V_VERIFY_DEPTH:
515 X509_VERIFY_PARAM_set_depth(vpm, i);
517 case OPT_V_VERIFY_AUTH_LEVEL:
520 X509_VERIFY_PARAM_set_auth_level(vpm, i);
523 if (!opt_imax(opt_arg(), &t))
525 if (t != (time_t)t) {
526 opt_printf_stderr("%s: epoch time out of range %s\n",
530 X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
532 case OPT_V_VERIFY_HOSTNAME:
533 if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
536 case OPT_V_VERIFY_EMAIL:
537 if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
540 case OPT_V_VERIFY_IP:
541 if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
544 case OPT_V_IGNORE_CRITICAL:
545 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
547 case OPT_V_ISSUER_CHECKS:
548 /* NOP, deprecated */
550 case OPT_V_CRL_CHECK:
551 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
553 case OPT_V_CRL_CHECK_ALL:
554 X509_VERIFY_PARAM_set_flags(vpm,
555 X509_V_FLAG_CRL_CHECK |
556 X509_V_FLAG_CRL_CHECK_ALL);
558 case OPT_V_POLICY_CHECK:
559 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
561 case OPT_V_EXPLICIT_POLICY:
562 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
564 case OPT_V_INHIBIT_ANY:
565 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
567 case OPT_V_INHIBIT_MAP:
568 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
570 case OPT_V_X509_STRICT:
571 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
573 case OPT_V_EXTENDED_CRL:
574 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
576 case OPT_V_USE_DELTAS:
577 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
579 case OPT_V_POLICY_PRINT:
580 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
582 case OPT_V_CHECK_SS_SIG:
583 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
585 case OPT_V_TRUSTED_FIRST:
586 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
588 case OPT_V_SUITEB_128_ONLY:
589 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
591 case OPT_V_SUITEB_128:
592 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
594 case OPT_V_SUITEB_192:
595 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
597 case OPT_V_PARTIAL_CHAIN:
598 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
600 case OPT_V_NO_ALT_CHAINS:
601 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
603 case OPT_V_NO_CHECK_TIME:
604 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
606 case OPT_V_ALLOW_PROXY_CERTS:
607 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
622 * Parse the next flag (and value if specified), return 0 if done, -1 on
623 * error, otherwise the flag's retval.
633 ossl_uintmax_t umval;
635 /* Look at current arg; at end of the list? */
641 /* If word doesn't start with a -, we're done. */
645 /* Hit "--" ? We're done. */
647 if (strcmp(p, "--") == 0)
650 /* Allow -nnn and --nnn */
655 /* If we have --flag=foo, snip it off */
656 if ((arg = strchr(p, '=')) != NULL)
658 for (o = opts; o->name; ++o) {
659 /* If not this option, move on to the next one. */
660 if (strcmp(p, o->name) != 0)
663 /* If it doesn't take a value, make sure none was given. */
664 if (o->valtype == 0 || o->valtype == '-') {
666 opt_printf_stderr("%s: Option -%s does not take a value\n",
673 /* Want a value; get the next param if =foo not used. */
675 if (argv[opt_index] == NULL) {
676 opt_printf_stderr("%s: Option -%s needs a value\n",
680 arg = argv[opt_index++];
683 /* Syntax-check value. */
684 switch (o->valtype) {
690 if (opt_isdir(arg) > 0)
692 opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
702 if (!opt_int(arg, &ival)
703 || (o->valtype == 'p' && ival <= 0)) {
704 opt_printf_stderr("%s: Non-positive number \"%s\" for -%s\n",
710 if (!opt_imax(arg, &imval)) {
711 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
717 if (!opt_umax(arg, &umval)) {
718 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
724 if (!opt_long(arg, &lval)) {
725 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
731 if (!opt_ulong(arg, &ulval)) {
732 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
742 o->valtype == 'c' ? OPT_FMT_PDS :
743 o->valtype == 'E' ? OPT_FMT_PDE :
744 o->valtype == 'F' ? OPT_FMT_PEMDER
745 : OPT_FMT_ANY, &ival))
747 opt_printf_stderr("%s: Invalid format \"%s\" for -%s\n",
752 /* Return the flag value. */
755 if (unknown != NULL) {
757 return unknown->retval;
759 opt_printf_stderr("%s: Option unknown option -%s\n", prog, p);
763 /* Return the most recent flag parameter. */
769 /* Return the most recent flag. */
775 /* Return the unknown option. */
776 char *opt_unknown(void)
781 /* Return the rest of the arguments after parsing flags. */
782 char **opt_rest(void)
784 return &argv[opt_index];
787 /* How many items in remaining args? */
788 int opt_num_rest(void)
793 for (pp = opt_rest(); *pp; pp++, i++)
798 /* Return a string describing the parameter type. */
799 static const char *valtype2param(const OPTIONS *o)
801 switch (o->valtype) {
822 return "PEM|DER|ENGINE";
835 void opt_help(const OPTIONS *list)
845 /* Starts with its own help message? */
846 standard_prolog = list[0].name != OPT_HELP_STR;
848 /* Find the widest help. */
849 for (o = list; o->name; o++) {
850 if (o->name == OPT_MORE_STR)
852 i = 2 + (int)strlen(o->name);
853 if (o->valtype != '-')
854 i += 1 + strlen(valtype2param(o));
855 if (i < MAX_OPT_HELP_WIDTH && i > width)
857 OPENSSL_assert(i < (int)sizeof(start));
861 opt_printf_stderr("Usage: %s [options]\nValid options are:\n", prog);
863 /* Now let's print. */
864 for (o = list; o->name; o++) {
865 help = o->helpstr ? o->helpstr : "(No additional info)";
866 if (o->name == OPT_HELP_STR) {
867 opt_printf_stderr(help, prog);
872 memset(start, ' ', sizeof(start) - 1);
873 start[sizeof(start) - 1] = '\0';
875 if (o->name == OPT_MORE_STR) {
876 /* Continuation of previous line; pad and print. */
878 opt_printf_stderr("%s %s\n", start, help);
882 /* Build up the "-flag [param]" part. */
887 p += strlen(strcpy(p, o->name));
890 if (o->valtype != '-') {
892 p += strlen(strcpy(p, valtype2param(o)));
895 if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
897 opt_printf_stderr("%s\n", start);
898 memset(start, ' ', sizeof(start));
901 opt_printf_stderr("%s %s\n", start, help);
905 /* opt_isdir section */
907 # include <windows.h>
908 int opt_isdir(const char *name)
911 # if defined(UNICODE) || defined(_UNICODE)
912 size_t i, len_0 = strlen(name) + 1;
913 WCHAR tempname[MAX_PATH];
915 if (len_0 > MAX_PATH)
918 # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
919 if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
921 for (i = 0; i < len_0; i++)
922 tempname[i] = (WCHAR)name[i];
924 attr = GetFileAttributes(tempname);
926 attr = GetFileAttributes(name);
928 if (attr == INVALID_FILE_ATTRIBUTES)
930 return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
933 # include <sys/stat.h>
935 # if defined(_S_IFMT) && defined(_S_IFDIR)
936 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
938 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
942 int opt_isdir(const char *name)
944 # if defined(S_ISDIR)
947 if (stat(name, &st) == 0)
948 return S_ISDIR(st.st_mode);