2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * This file is also used by the test suite. Do not #include "apps.h".
15 #include "internal/nelem.h"
17 #if !defined(OPENSSL_SYS_MSDOS)
18 # include OPENSSL_UNISTD
25 #include <openssl/bio.h>
26 #include <openssl/x509v3.h>
28 #define MAX_OPT_HELP_WIDTH 30
29 const char OPT_HELP_STR[] = "--";
30 const char OPT_MORE_STR[] = "---";
39 static const OPTIONS *unknown;
40 static const OPTIONS *opts;
44 * Return the simple name of the program; removing various platform gunk.
46 #if defined(OPENSSL_SYS_WIN32)
47 char *opt_progname(const char *argv0)
53 /* find the last '/', '\' or ':' */
54 for (p = argv0 + strlen(argv0); --p > argv0;)
55 if (*p == '/' || *p == '\\' || *p == ':') {
60 /* Strip off trailing nonsense. */
63 (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
66 /* Copy over the name, in lowercase. */
67 if (n > sizeof(prog) - 1)
69 for (q = prog, i = 0; i < n; i++, p++)
70 *q++ = tolower((unsigned char)*p);
75 #elif defined(OPENSSL_SYS_VMS)
77 char *opt_progname(const char *argv0)
81 /* Find last special character sys:[foo.bar]openssl */
82 for (p = argv0 + strlen(argv0); --p > argv0;)
83 if (*p == ':' || *p == ']' || *p == '>') {
89 strncpy(prog, p, sizeof(prog) - 1);
90 prog[sizeof(prog) - 1] = '\0';
91 if (q != NULL && q - p < sizeof(prog))
98 char *opt_progname(const char *argv0)
102 /* Could use strchr, but this is like the ones above. */
103 for (p = argv0 + strlen(argv0); --p > argv0;)
108 strncpy(prog, p, sizeof(prog) - 1);
109 prog[sizeof(prog) - 1] = '\0';
114 char *opt_getprog(void)
119 /* Set up the arg parsing. */
120 char *opt_init(int ac, char **av, const OPTIONS *o)
130 for (; o->name; ++o) {
136 if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
141 /* Make sure options are legit. */
142 OPENSSL_assert(o->name[0] != '-');
143 OPENSSL_assert(o->retval > 0);
145 case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
146 case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
153 /* Make sure there are no duplicates. */
154 for (next = o + 1; next->name; ++next) {
156 * Some compilers inline strcmp and the assert string is too long.
158 duplicated = strcmp(o->name, next->name) == 0;
159 OPENSSL_assert(!duplicated);
162 if (o->name[0] == '\0') {
163 OPENSSL_assert(unknown == NULL);
165 OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
171 static OPT_PAIR formats[] = {
172 {"PEM/DER", OPT_FMT_PEMDER},
173 {"pkcs12", OPT_FMT_PKCS12},
174 {"smime", OPT_FMT_SMIME},
175 {"engine", OPT_FMT_ENGINE},
176 {"msblob", OPT_FMT_MSBLOB},
177 {"nss", OPT_FMT_NSS},
178 {"text", OPT_FMT_TEXT},
179 {"http", OPT_FMT_HTTP},
180 {"pvk", OPT_FMT_PVK},
184 /* Print an error message about a failed format parse. */
185 int opt_format_error(const char *s, unsigned long flags)
189 if (flags == OPT_FMT_PEMDER) {
190 opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
193 opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
195 for (ap = formats; ap->name; ap++)
196 if (flags & ap->retval)
197 opt_printf_stderr(" %s\n", ap->name);
202 /* Parse a format string, put it into *result; return 0 on failure, else 1. */
203 int opt_format(const char *s, unsigned long flags, int *result)
210 if ((flags & OPT_FMT_PEMDER) == 0)
211 return opt_format_error(s, flags);
212 *result = FORMAT_ASN1;
216 if ((flags & OPT_FMT_TEXT) == 0)
217 return opt_format_error(s, flags);
218 *result = FORMAT_TEXT;
222 if ((flags & OPT_FMT_NSS) == 0)
223 return opt_format_error(s, flags);
224 if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
225 return opt_format_error(s, flags);
226 *result = FORMAT_NSS;
230 if ((flags & OPT_FMT_SMIME) == 0)
231 return opt_format_error(s, flags);
232 *result = FORMAT_SMIME;
236 if ((flags & OPT_FMT_MSBLOB) == 0)
237 return opt_format_error(s, flags);
238 *result = FORMAT_MSBLOB;
242 if ((flags & OPT_FMT_ENGINE) == 0)
243 return opt_format_error(s, flags);
244 *result = FORMAT_ENGINE;
248 if ((flags & OPT_FMT_HTTP) == 0)
249 return opt_format_error(s, flags);
250 *result = FORMAT_HTTP;
253 if ((flags & OPT_FMT_PKCS12) == 0)
254 return opt_format_error(s, flags);
255 *result = FORMAT_PKCS12;
259 if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
260 if ((flags & OPT_FMT_PEMDER) == 0)
261 return opt_format_error(s, flags);
262 *result = FORMAT_PEM;
263 } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
264 if ((flags & OPT_FMT_PVK) == 0)
265 return opt_format_error(s, flags);
266 *result = FORMAT_PVK;
267 } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
268 || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
269 if ((flags & OPT_FMT_PKCS12) == 0)
270 return opt_format_error(s, flags);
271 *result = FORMAT_PKCS12;
280 /* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
281 int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
283 *cipherp = EVP_get_cipherbyname(name);
284 if (*cipherp != NULL)
286 opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
291 * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
293 int opt_md(const char *name, const EVP_MD **mdp)
295 *mdp = EVP_get_digestbyname(name);
298 opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
302 /* Look through a list of name/value pairs. */
303 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
307 for (pp = pairs; pp->name; pp++)
308 if (strcmp(pp->name, name) == 0) {
309 *result = pp->retval;
312 opt_printf_stderr("%s: Value must be one of:\n", prog);
313 for (pp = pairs; pp->name; pp++)
314 opt_printf_stderr("\t%s\n", pp->name);
318 /* Parse an int, put it into *result; return 0 on failure, else 1. */
319 int opt_int(const char *value, int *result)
323 if (!opt_long(value, &l))
327 opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
334 static void opt_number_error(const char *v)
337 struct strstr_pair_st {
341 {"0x", "a hexadecimal"},
342 {"0X", "a hexadecimal"},
346 for (i = 0; i < OSSL_NELEM(b); i++) {
347 if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
348 opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
353 opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
357 /* Parse a long, put it into *result; return 0 on failure, else 1. */
358 int opt_long(const char *value, long *result)
365 l = strtol(value, &endp, 0);
368 || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
369 || (l == 0 && errno != 0)) {
370 opt_number_error(value);
379 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
380 defined(INTMAX_MAX) && defined(UINTMAX_MAX)
382 /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
383 int opt_imax(const char *value, intmax_t *result)
390 m = strtoimax(value, &endp, 0);
393 || ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
394 || (m == 0 && errno != 0)) {
395 opt_number_error(value);
404 /* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
405 int opt_umax(const char *value, uintmax_t *result)
412 m = strtoumax(value, &endp, 0);
415 || (m == UINTMAX_MAX && errno == ERANGE)
416 || (m == 0 && errno != 0)) {
417 opt_number_error(value);
428 * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
430 int opt_ulong(const char *value, unsigned long *result)
437 l = strtoul(value, &endptr, 0);
440 || ((l == ULONG_MAX) && errno == ERANGE)
441 || (l == 0 && errno != 0)) {
442 opt_number_error(value);
452 * We pass opt as an int but cast it to "enum range" so that all the
453 * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
454 * in gcc do the right thing.
456 enum range { OPT_V_ENUM };
458 int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
464 const X509_VERIFY_PARAM *vtmp;
466 OPENSSL_assert(vpm != NULL);
467 OPENSSL_assert(opt > OPT_V__FIRST);
468 OPENSSL_assert(opt < OPT_V__LAST);
470 switch ((enum range)opt) {
475 otmp = OBJ_txt2obj(opt_arg(), 0);
477 opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
480 X509_VERIFY_PARAM_add0_policy(vpm, otmp);
483 /* purpose name -> purpose index */
484 i = X509_PURPOSE_get_by_sname(opt_arg());
486 opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
490 /* purpose index -> purpose object */
491 xptmp = X509_PURPOSE_get0(i);
493 /* purpose object -> purpose value */
494 i = X509_PURPOSE_get_id(xptmp);
496 if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
497 opt_printf_stderr("%s: Internal error setting purpose %s\n",
502 case OPT_V_VERIFY_NAME:
503 vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
505 opt_printf_stderr("%s: Invalid verify name %s\n",
509 X509_VERIFY_PARAM_set1(vpm, vtmp);
511 case OPT_V_VERIFY_DEPTH:
514 X509_VERIFY_PARAM_set_depth(vpm, i);
516 case OPT_V_VERIFY_AUTH_LEVEL:
519 X509_VERIFY_PARAM_set_auth_level(vpm, i);
522 if (!opt_imax(opt_arg(), &t))
524 if (t != (time_t)t) {
525 opt_printf_stderr("%s: epoch time out of range %s\n",
529 X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
531 case OPT_V_VERIFY_HOSTNAME:
532 if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
535 case OPT_V_VERIFY_EMAIL:
536 if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
539 case OPT_V_VERIFY_IP:
540 if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
543 case OPT_V_IGNORE_CRITICAL:
544 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
546 case OPT_V_ISSUER_CHECKS:
547 /* NOP, deprecated */
549 case OPT_V_CRL_CHECK:
550 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
552 case OPT_V_CRL_CHECK_ALL:
553 X509_VERIFY_PARAM_set_flags(vpm,
554 X509_V_FLAG_CRL_CHECK |
555 X509_V_FLAG_CRL_CHECK_ALL);
557 case OPT_V_POLICY_CHECK:
558 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
560 case OPT_V_EXPLICIT_POLICY:
561 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
563 case OPT_V_INHIBIT_ANY:
564 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
566 case OPT_V_INHIBIT_MAP:
567 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
569 case OPT_V_X509_STRICT:
570 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
572 case OPT_V_EXTENDED_CRL:
573 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
575 case OPT_V_USE_DELTAS:
576 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
578 case OPT_V_POLICY_PRINT:
579 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
581 case OPT_V_CHECK_SS_SIG:
582 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
584 case OPT_V_TRUSTED_FIRST:
585 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
587 case OPT_V_SUITEB_128_ONLY:
588 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
590 case OPT_V_SUITEB_128:
591 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
593 case OPT_V_SUITEB_192:
594 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
596 case OPT_V_PARTIAL_CHAIN:
597 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
599 case OPT_V_NO_ALT_CHAINS:
600 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
602 case OPT_V_NO_CHECK_TIME:
603 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
605 case OPT_V_ALLOW_PROXY_CERTS:
606 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
621 * Parse the next flag (and value if specified), return 0 if done, -1 on
622 * error, otherwise the flag's retval.
632 ossl_uintmax_t umval;
634 /* Look at current arg; at end of the list? */
640 /* If word doesn't start with a -, we're done. */
644 /* Hit "--" ? We're done. */
646 if (strcmp(p, "--") == 0)
649 /* Allow -nnn and --nnn */
654 /* If we have --flag=foo, snip it off */
655 if ((arg = strchr(p, '=')) != NULL)
657 for (o = opts; o->name; ++o) {
658 /* If not this option, move on to the next one. */
659 if (strcmp(p, o->name) != 0)
662 /* If it doesn't take a value, make sure none was given. */
663 if (o->valtype == 0 || o->valtype == '-') {
665 opt_printf_stderr("%s: Option -%s does not take a value\n",
672 /* Want a value; get the next param if =foo not used. */
674 if (argv[opt_index] == NULL) {
675 opt_printf_stderr("%s: Option -%s needs a value\n",
679 arg = argv[opt_index++];
682 /* Syntax-check value. */
683 switch (o->valtype) {
689 if (opt_isdir(arg) > 0)
691 opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
701 if (!opt_int(arg, &ival)
702 || (o->valtype == 'p' && ival <= 0)) {
703 opt_printf_stderr("%s: Non-positive number \"%s\" for -%s\n",
709 if (!opt_imax(arg, &imval)) {
710 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
716 if (!opt_umax(arg, &umval)) {
717 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
723 if (!opt_long(arg, &lval)) {
724 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
730 if (!opt_ulong(arg, &ulval)) {
731 opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
741 o->valtype == 'c' ? OPT_FMT_PDS :
742 o->valtype == 'E' ? OPT_FMT_PDE :
743 o->valtype == 'F' ? OPT_FMT_PEMDER
744 : OPT_FMT_ANY, &ival))
746 opt_printf_stderr("%s: Invalid format \"%s\" for -%s\n",
751 /* Return the flag value. */
754 if (unknown != NULL) {
756 return unknown->retval;
758 opt_printf_stderr("%s: Option unknown option -%s\n", prog, p);
762 /* Return the most recent flag parameter. */
768 /* Return the most recent flag. */
774 /* Return the unknown option. */
775 char *opt_unknown(void)
780 /* Return the rest of the arguments after parsing flags. */
781 char **opt_rest(void)
783 return &argv[opt_index];
786 /* How many items in remaining args? */
787 int opt_num_rest(void)
792 for (pp = opt_rest(); *pp; pp++, i++)
797 /* Return a string describing the parameter type. */
798 static const char *valtype2param(const OPTIONS *o)
800 switch (o->valtype) {
821 return "PEM|DER|ENGINE";
834 void opt_help(const OPTIONS *list)
844 /* Starts with its own help message? */
845 standard_prolog = list[0].name != OPT_HELP_STR;
847 /* Find the widest help. */
848 for (o = list; o->name; o++) {
849 if (o->name == OPT_MORE_STR)
851 i = 2 + (int)strlen(o->name);
852 if (o->valtype != '-')
853 i += 1 + strlen(valtype2param(o));
854 if (i < MAX_OPT_HELP_WIDTH && i > width)
856 OPENSSL_assert(i < (int)sizeof(start));
860 opt_printf_stderr("Usage: %s [options]\nValid options are:\n", prog);
862 /* Now let's print. */
863 for (o = list; o->name; o++) {
864 help = o->helpstr ? o->helpstr : "(No additional info)";
865 if (o->name == OPT_HELP_STR) {
866 opt_printf_stderr(help, prog);
871 memset(start, ' ', sizeof(start) - 1);
872 start[sizeof(start) - 1] = '\0';
874 if (o->name == OPT_MORE_STR) {
875 /* Continuation of previous line; pad and print. */
877 opt_printf_stderr("%s %s\n", start, help);
881 /* Build up the "-flag [param]" part. */
886 p += strlen(strcpy(p, o->name));
889 if (o->valtype != '-') {
891 p += strlen(strcpy(p, valtype2param(o)));
894 if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
896 opt_printf_stderr("%s\n", start);
897 memset(start, ' ', sizeof(start));
900 opt_printf_stderr("%s %s\n", start, help);
904 /* opt_isdir section */
906 # include <windows.h>
907 int opt_isdir(const char *name)
910 # if defined(UNICODE) || defined(_UNICODE)
911 size_t i, len_0 = strlen(name) + 1;
912 WCHAR tempname[MAX_PATH];
914 if (len_0 > MAX_PATH)
917 # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
918 if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
920 for (i = 0; i < len_0; i++)
921 tempname[i] = (WCHAR)name[i];
923 attr = GetFileAttributes(tempname);
925 attr = GetFileAttributes(name);
927 if (attr == INVALID_FILE_ATTRIBUTES)
929 return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
932 # include <sys/stat.h>
934 # if defined(_S_IFMT) && defined(_S_IFDIR)
935 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
937 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
941 int opt_isdir(const char *name)
943 # if defined(S_ISDIR)
946 if (stat(name, &st) == 0)
947 return S_ISDIR(st.st_mode);