unsigned long mask;
} NAME_EX_TBL;
-static UI_METHOD *ui_method = NULL;
-static const UI_METHOD *ui_fallback_method = NULL;
-
static int set_table_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);
static int set_multi_opts(unsigned long *flags, const char *arg,
return 0;
}
-static int ui_open(UI *ui)
-{
- int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
-
- if (opener)
- return opener(ui);
- return 1;
-}
-
-static int ui_read(UI *ui, UI_STRING *uis)
-{
- int (*reader)(UI *ui, UI_STRING *uis) = NULL;
-
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui)) {
- switch (UI_get_string_type(uis)) {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0') {
- UI_set_result(ui, uis, password);
- return 1;
- }
- }
- break;
- case UIT_NONE:
- case UIT_BOOLEAN:
- case UIT_INFO:
- case UIT_ERROR:
- break;
- }
- }
-
- reader = UI_method_get_reader(ui_fallback_method);
- if (reader)
- return reader(ui, uis);
- return 1;
-}
-
-static int ui_write(UI *ui, UI_STRING *uis)
-{
- int (*writer)(UI *ui, UI_STRING *uis) = NULL;
-
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui)) {
- switch (UI_get_string_type(uis)) {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0')
- return 1;
- }
- break;
- case UIT_NONE:
- case UIT_BOOLEAN:
- case UIT_INFO:
- case UIT_ERROR:
- break;
- }
- }
-
- writer = UI_method_get_writer(ui_fallback_method);
- if (writer)
- return writer(ui, uis);
- return 1;
-}
-
-static int ui_close(UI *ui)
-{
- int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
-
- if (closer)
- return closer(ui);
- return 1;
-}
-
-int setup_ui_method(void)
-{
- ui_fallback_method = UI_null();
-#ifndef OPENSSL_NO_UI_CONSOLE
- ui_fallback_method = UI_OpenSSL();
-#endif
- ui_method = UI_create_method("OpenSSL application user interface");
- UI_method_set_opener(ui_method, ui_open);
- UI_method_set_reader(ui_method, ui_read);
- UI_method_set_writer(ui_method, ui_write);
- UI_method_set_closer(ui_method, ui_close);
- return 0;
-}
-
-void destroy_ui_method(void)
-{
- if (ui_method) {
- UI_destroy_method(ui_method);
- ui_method = NULL;
- }
-}
-
-const UI_METHOD *get_ui_method(void)
-{
- return ui_method;
-}
-
-int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data)
-{
- int res = 0;
- UI *ui;
- int ok = 0;
- char *buff = NULL;
- int ui_flags = 0;
- const char *prompt_info = NULL;
- char *prompt;
-
- if ((ui = UI_new_method(ui_method)) == NULL)
- return 0;
-
- if (cb_data != NULL && cb_data->prompt_info != NULL)
- prompt_info = cb_data->prompt_info;
- prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
- if (prompt == NULL) {
- BIO_printf(bio_err, "Out of memory\n");
- UI_free(ui);
- return 0;
- }
-
- ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
- /* We know that there is no previous user data to return to us */
- (void)UI_add_user_data(ui, cb_data);
-
- ok = UI_add_input_string(ui, prompt, ui_flags, buf,
- PW_MIN_LENGTH, bufsiz - 1);
-
- if (ok >= 0 && verify) {
- buff = app_malloc(bufsiz, "password buffer");
- ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
- PW_MIN_LENGTH, bufsiz - 1, buf);
- }
- if (ok >= 0)
- do {
- ok = UI_process(ui);
- } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
- OPENSSL_clear_free(buff, (unsigned int)bufsiz);
-
- if (ok >= 0)
- res = strlen(buf);
- if (ok == -1) {
- BIO_printf(bio_err, "User interface error\n");
- ERR_print_errors(bio_err);
- OPENSSL_cleanse(buf, (unsigned int)bufsiz);
- res = 0;
- }
- if (ok == -2) {
- BIO_printf(bio_err, "aborted!\n");
- OPENSSL_cleanse(buf, (unsigned int)bufsiz);
- res = 0;
- }
- UI_free(ui);
- OPENSSL_free(prompt);
- return res;
-}
-
int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
{
return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata);
}
+
static char *app_get_pass(const char *arg, int keepbio);
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
} else {
#ifndef OPENSSL_NO_ENGINE
if (ENGINE_init(e)) {
- pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+ pkey = ENGINE_load_private_key(e, file,
+ (UI_METHOD *)get_ui_method(),
+ &cb_data);
ENGINE_finish(e);
}
if (pkey == NULL) {
BIO_printf(bio_err, "no engine specified\n");
} else {
#ifndef OPENSSL_NO_ENGINE
- pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+ pkey = ENGINE_load_public_key(e, file, (UI_METHOD *)get_ui_method(),
+ &cb_data);
if (pkey == NULL) {
BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(bio_err);
if (debug) {
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
}
- ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+ ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, (void *)get_ui_method(),
+ 0, 1);
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
BIO_printf(bio_err, "can't use that engine\n");
ERR_print_errors(bio_err);
#endif
}
-/* app_isdir section */
-#ifdef _WIN32
int app_isdir(const char *name)
{
- DWORD attr;
-# if defined(UNICODE) || defined(_UNICODE)
- size_t i, len_0 = strlen(name) + 1;
- WCHAR tempname[MAX_PATH];
-
- if (len_0 > MAX_PATH)
- return -1;
-
-# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
- if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
-# endif
- for (i = 0; i < len_0; i++)
- tempname[i] = (WCHAR)name[i];
-
- attr = GetFileAttributes(tempname);
-# else
- attr = GetFileAttributes(name);
-# endif
- if (attr == INVALID_FILE_ATTRIBUTES)
- return -1;
- return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
+ return opt_isdir(name);
}
-#else
-# include <sys/stat.h>
-# ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
-# else
-# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
-# endif
-# endif
-
-int app_isdir(const char *name)
-{
-# if defined(S_ISDIR)
- struct stat st;
-
- if (stat(name, &st) == 0)
- return S_ISDIR(st.st_mode);
- else
- return -1;
-# else
- return -1;
-# endif
-}
-#endif
/* raw_read|write section */
#if defined(__VMS)
#endif
/*
- * Centralized handling if input and output files with format specification
+ * Centralized handling of input and output files with format specification
* The format is meant to show what the input and output is supposed to be,
* and is therefore a show of intent more than anything else. However, it
- * does impact behavior on some platform, such as differentiating between
+ * does impact behavior on some platforms, such as differentiating between
* text and binary input/output on non-Unix platforms
*/
-static int istext(int format)
-{
- return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
-}
-
BIO *dup_bio_in(int format)
{
return BIO_new_fp(stdin,
- BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+ BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
}
static BIO_METHOD *prefix_method = NULL;
BIO *dup_bio_out(int format)
{
BIO *b = BIO_new_fp(stdout,
- BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+ BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
void *prefix = NULL;
#ifdef OPENSSL_SYS_VMS
- if (istext(format))
+ if (FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
- if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
+ if (FMT_istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
if (prefix_method == NULL)
prefix_method = apps_bf_prefix();
b = BIO_push(BIO_new(prefix_method), b);
BIO *dup_bio_err(int format)
{
BIO *b = BIO_new_fp(stderr,
- BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+ BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
#ifdef OPENSSL_SYS_VMS
- if (istext(format))
+ if (FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
return b;
switch (mode) {
case 'a':
- return istext(format) ? "a" : "ab";
+ return FMT_istext(format) ? "a" : "ab";
case 'r':
- return istext(format) ? "r" : "rb";
+ return FMT_istext(format) ? "r" : "rb";
case 'w':
- return istext(format) ? "w" : "wb";
+ return FMT_istext(format) ? "w" : "wb";
}
/* The assert above should make sure we never reach this point */
return NULL;
#ifdef O_TRUNC
mode |= O_TRUNC;
#endif
- textmode = istext(format);
+ textmode = FMT_istext(format);
if (!textmode) {
#ifdef O_BINARY
mode |= O_BINARY;
for (i = 0; string[i] != '\0'; i++)
string[i] = toupper((unsigned char)string[i]);
}
+
+int opt_printf_stderr(const char *fmt, ...)
+{
+ va_list ap;
+ int ret;
+
+ va_start(ap, fmt);
+ ret = BIO_vprintf(bio_err, fmt, ap);
+ va_end(ap);
+ return ret;
+}
# include <openssl/engine.h>
# include <openssl/ocsp.h>
# include <signal.h>
+# include "apps_ui.h"
+# include "opt.h"
+# include "fmt.h"
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
int days);
-/*
- * Common verification options.
- */
-# define OPT_V_ENUM \
- OPT_V__FIRST=2000, \
- OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
- OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
- OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
- OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
- OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
- OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
- OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
- OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
- OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
- OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
- OPT_V__LAST
-
-# define OPT_V_OPTIONS \
- { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
- { "purpose", OPT_V_PURPOSE, 's', \
- "certificate chain purpose"}, \
- { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
- { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
- "chain depth limit" }, \
- { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
- "chain authentication security level" }, \
- { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
- { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
- "expected peer hostname" }, \
- { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
- "expected peer email" }, \
- { "verify_ip", OPT_V_VERIFY_IP, 's', \
- "expected peer IP address" }, \
- { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
- "permit unhandled critical extensions"}, \
- { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
- { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
- { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
- { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
- { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
- "set policy variable require-explicit-policy"}, \
- { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
- "set policy variable inhibit-any-policy"}, \
- { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
- "set policy variable inhibit-policy-mapping"}, \
- { "x509_strict", OPT_V_X509_STRICT, '-', \
- "disable certificate compatibility work-arounds"}, \
- { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
- "enable extended CRL features"}, \
- { "use_deltas", OPT_V_USE_DELTAS, '-', \
- "use delta CRLs"}, \
- { "policy_print", OPT_V_POLICY_PRINT, '-', \
- "print policy processing diagnostics"}, \
- { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
- "check root CA self-signatures"}, \
- { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
- "search trust store first (default)" }, \
- { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
- { "suiteB_128", OPT_V_SUITEB_128, '-', \
- "Suite B 128-bit mode allowing 192-bit algorithms"}, \
- { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
- { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
- "accept chains anchored by intermediate trust-store CAs"}, \
- { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
- { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
- { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
-
-# define OPT_V_CASES \
- OPT_V__FIRST: case OPT_V__LAST: break; \
- case OPT_V_POLICY: \
- case OPT_V_PURPOSE: \
- case OPT_V_VERIFY_NAME: \
- case OPT_V_VERIFY_DEPTH: \
- case OPT_V_VERIFY_AUTH_LEVEL: \
- case OPT_V_ATTIME: \
- case OPT_V_VERIFY_HOSTNAME: \
- case OPT_V_VERIFY_EMAIL: \
- case OPT_V_VERIFY_IP: \
- case OPT_V_IGNORE_CRITICAL: \
- case OPT_V_ISSUER_CHECKS: \
- case OPT_V_CRL_CHECK: \
- case OPT_V_CRL_CHECK_ALL: \
- case OPT_V_POLICY_CHECK: \
- case OPT_V_EXPLICIT_POLICY: \
- case OPT_V_INHIBIT_ANY: \
- case OPT_V_INHIBIT_MAP: \
- case OPT_V_X509_STRICT: \
- case OPT_V_EXTENDED_CRL: \
- case OPT_V_USE_DELTAS: \
- case OPT_V_POLICY_PRINT: \
- case OPT_V_CHECK_SS_SIG: \
- case OPT_V_TRUSTED_FIRST: \
- case OPT_V_SUITEB_128_ONLY: \
- case OPT_V_SUITEB_128: \
- case OPT_V_SUITEB_192: \
- case OPT_V_PARTIAL_CHAIN: \
- case OPT_V_NO_ALT_CHAINS: \
- case OPT_V_NO_CHECK_TIME: \
- case OPT_V_ALLOW_PROXY_CERTS
-
-/*
- * Common "extended validation" options.
- */
-# define OPT_X_ENUM \
- OPT_X__FIRST=1000, \
- OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
- OPT_X_CERTFORM, OPT_X_KEYFORM, \
- OPT_X__LAST
-
-# define OPT_X_OPTIONS \
- { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
- { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
- { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
- { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
- "build certificate chain for the extended certificates"}, \
- { "xcertform", OPT_X_CERTFORM, 'F', \
- "format of Extended certificate (PEM or DER) PEM default " }, \
- { "xkeyform", OPT_X_KEYFORM, 'F', \
- "format of Extended certificate's key (PEM or DER) PEM default"}
-
-# define OPT_X_CASES \
- OPT_X__FIRST: case OPT_X__LAST: break; \
- case OPT_X_KEY: \
- case OPT_X_CERT: \
- case OPT_X_CHAIN: \
- case OPT_X_CHAIN_BUILD: \
- case OPT_X_CERTFORM: \
- case OPT_X_KEYFORM
-
-/*
- * Common SSL options.
- * Any changes here must be coordinated with ../ssl/ssl_conf.c
- */
-# define OPT_S_ENUM \
- OPT_S__FIRST=3000, \
- OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
- OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
- OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
- OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
- OPT_S_PRIORITIZE_CHACHA, \
- OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
- OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
- OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
- OPT_S_MINPROTO, OPT_S_MAXPROTO, \
- OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
-
-# define OPT_S_OPTIONS \
- {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
- {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
- {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
- {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
- {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
- {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
- {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
- {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
- {"no_ticket", OPT_S_NOTICKET, '-', \
- "Disable use of TLS session tickets"}, \
- {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
- {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
- "Enable use of legacy renegotiation (dangerous)"}, \
- {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
- "Disable all renegotiation."}, \
- {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
- "Allow initial connection to servers that don't support RI"}, \
- {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
- "Disallow session resumption on renegotiation"}, \
- {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
- "Disallow initial connection to servers that don't support RI"}, \
- {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
- "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
- {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
- "Prioritize ChaCha ciphers when preferred by clients"}, \
- {"strict", OPT_S_STRICT, '-', \
- "Enforce strict certificate checks as per TLS standard"}, \
- {"sigalgs", OPT_S_SIGALGS, 's', \
- "Signature algorithms to support (colon-separated list)" }, \
- {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
- "Signature algorithms to support for client certificate" \
- " authentication (colon-separated list)" }, \
- {"groups", OPT_S_GROUPS, 's', \
- "Groups to advertise (colon-separated list)" }, \
- {"curves", OPT_S_CURVES, 's', \
- "Groups to advertise (colon-separated list)" }, \
- {"named_curve", OPT_S_NAMEDCURVE, 's', \
- "Elliptic curve used for ECDHE (server-side only)" }, \
- {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
- {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
- {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
- {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
- {"record_padding", OPT_S_RECORD_PADDING, 's', \
- "Block size to pad TLS 1.3 records to."}, \
- {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
- "Perform all sorts of protocol violations for testing purposes"}, \
- {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
- "Disable TLSv1.3 middlebox compat mode" }
-
-# define OPT_S_CASES \
- OPT_S__FIRST: case OPT_S__LAST: break; \
- case OPT_S_NOSSL3: \
- case OPT_S_NOTLS1: \
- case OPT_S_NOTLS1_1: \
- case OPT_S_NOTLS1_2: \
- case OPT_S_NOTLS1_3: \
- case OPT_S_BUGS: \
- case OPT_S_NO_COMP: \
- case OPT_S_COMP: \
- case OPT_S_NOTICKET: \
- case OPT_S_SERVERPREF: \
- case OPT_S_LEGACYRENEG: \
- case OPT_S_LEGACYCONN: \
- case OPT_S_ONRESUMP: \
- case OPT_S_NOLEGACYCONN: \
- case OPT_S_ALLOW_NO_DHE_KEX: \
- case OPT_S_PRIORITIZE_CHACHA: \
- case OPT_S_STRICT: \
- case OPT_S_SIGALGS: \
- case OPT_S_CLIENTSIGALGS: \
- case OPT_S_GROUPS: \
- case OPT_S_CURVES: \
- case OPT_S_NAMEDCURVE: \
- case OPT_S_CIPHER: \
- case OPT_S_CIPHERSUITES: \
- case OPT_S_RECORD_PADDING: \
- case OPT_S_NO_RENEGOTIATION: \
- case OPT_S_MINPROTO: \
- case OPT_S_MAXPROTO: \
- case OPT_S_DEBUGBROKE: \
- case OPT_S_NO_MIDDLEBOX
-
-#define IS_NO_PROT_FLAG(o) \
- (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
- || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
-
-/*
- * Random state options.
- */
-# define OPT_R_ENUM \
- OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
-
-# define OPT_R_OPTIONS \
- {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
- {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
-
-# define OPT_R_CASES \
- OPT_R__FIRST: case OPT_R__LAST: break; \
- case OPT_R_RAND: case OPT_R_WRITERAND
-
-/*
- * Option parsing.
- */
-extern const char OPT_HELP_STR[];
-extern const char OPT_MORE_STR[];
-typedef struct options_st {
- const char *name;
- int retval;
- /*
- * value type: - no value (also the value zero), n number, p positive
- * number, u unsigned, l long, s string, < input file, > output file,
- * f any format, F der/pem format, E der/pem/engine format identifier.
- * l, n and u include zero; p does not.
- */
- int valtype;
- const char *helpstr;
-} OPTIONS;
-
-/*
- * A string/int pairing; widely use for option value lookup, hence the
- * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
- * the "generic" name STRINT_PAIR.
- */
-typedef struct string_int_pair_st {
- const char *name;
- int retval;
-} OPT_PAIR, STRINT_PAIR;
-
-/* Flags to pass into opt_format; see FORMAT_xxx, below. */
-# define OPT_FMT_PEMDER (1L << 1)
-# define OPT_FMT_PKCS12 (1L << 2)
-# define OPT_FMT_SMIME (1L << 3)
-# define OPT_FMT_ENGINE (1L << 4)
-# define OPT_FMT_MSBLOB (1L << 5)
-/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
-# define OPT_FMT_NSS (1L << 7)
-# define OPT_FMT_TEXT (1L << 8)
-# define OPT_FMT_HTTP (1L << 9)
-# define OPT_FMT_PVK (1L << 10)
-# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
-# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
-# define OPT_FMT_ANY ( \
- OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
- OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
- OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
-
-char *opt_progname(const char *argv0);
-char *opt_getprog(void);
-char *opt_init(int ac, char **av, const OPTIONS * o);
-int opt_next(void);
-int opt_format(const char *s, unsigned long flags, int *result);
-int opt_int(const char *arg, int *result);
-int opt_ulong(const char *arg, unsigned long *result);
-int opt_long(const char *arg, long *result);
-#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
- defined(INTMAX_MAX) && defined(UINTMAX_MAX)
-int opt_imax(const char *arg, intmax_t *result);
-int opt_umax(const char *arg, uintmax_t *result);
-#else
-# define opt_imax opt_long
-# define opt_umax opt_ulong
-# define intmax_t long
-# define uintmax_t unsigned long
-#endif
-int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
-int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
-int opt_md(const char *name, const EVP_MD **mdp);
-char *opt_arg(void);
-char *opt_flag(void);
-char *opt_unknown(void);
-char **opt_rest(void);
-int opt_num_rest(void);
-int opt_verify(int i, X509_VERIFY_PARAM *vpm);
-int opt_rand(int i);
-void opt_help(const OPTIONS * list);
-int opt_format_error(const char *s, unsigned long flags);
-
typedef struct args_st {
int size;
int argc;
*/
void win32_utf8argv(int *argc, char **argv[]);
-
-# define PW_MIN_LENGTH 4
-typedef struct pw_cb_data {
- const void *password;
- const char *prompt_info;
-} PW_CB_DATA;
-
/* We need both wrap and the "real" function because libcrypto uses both. */
int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);
-int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
-
-int setup_ui_method(void);
-void destroy_ui_method(void);
-const UI_METHOD *get_ui_method(void);
int chopup_args(ARGS *arg, char *buf);
# ifdef HEADER_X509_H
void store_setup_crl_download(X509_STORE *st);
-/* See OPT_FMT_xxx, above. */
-/* On some platforms, it's important to distinguish between text and binary
- * files. On some, there might even be specific file formats for different
- * contents. The FORMAT_xxx macros are meant to express an intent with the
- * file being read or created.
- */
-# define B_FORMAT_TEXT 0x8000
-# define FORMAT_UNDEF 0
-# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
-# define FORMAT_BINARY 2 /* Generic binary */
-# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
-# define FORMAT_ASN1 4 /* ASN.1/DER */
-# define FORMAT_PEM (5 | B_FORMAT_TEXT)
-# define FORMAT_PKCS12 6
-# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
-# define FORMAT_ENGINE 8 /* Not really a file format */
-# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */
-# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
-# define FORMAT_MSBLOB 11 /* MS Key blob format */
-# define FORMAT_PVK 12 /* MS PVK file format */
-# define FORMAT_HTTP 13 /* Download using HTTP */
-# define FORMAT_NSS 14 /* NSS keylog format */
-
# define EXT_COPY_NONE 0
# define EXT_COPY_ADD 1
# define EXT_COPY_ALL 2
--- /dev/null
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+#include "apps_ui.h"
+
+static UI_METHOD *ui_method = NULL;
+static const UI_METHOD *ui_fallback_method = NULL;
+
+
+static int ui_open(UI *ui)
+{
+ int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
+
+ if (opener)
+ return opener(ui);
+ return 1;
+}
+
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+ int (*reader)(UI *ui, UI_STRING *uis) = NULL;
+
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui)) {
+ switch (UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0') {
+ UI_set_result(ui, uis, password);
+ return 1;
+ }
+ }
+ break;
+ case UIT_NONE:
+ case UIT_BOOLEAN:
+ case UIT_INFO:
+ case UIT_ERROR:
+ break;
+ }
+ }
+
+ reader = UI_method_get_reader(ui_fallback_method);
+ if (reader)
+ return reader(ui, uis);
+ return 1;
+}
+
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+ int (*writer)(UI *ui, UI_STRING *uis) = NULL;
+
+ if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+ && UI_get0_user_data(ui)) {
+ switch (UI_get_string_type(uis)) {
+ case UIT_PROMPT:
+ case UIT_VERIFY:
+ {
+ const char *password =
+ ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+ if (password && password[0] != '\0')
+ return 1;
+ }
+ break;
+ case UIT_NONE:
+ case UIT_BOOLEAN:
+ case UIT_INFO:
+ case UIT_ERROR:
+ break;
+ }
+ }
+
+ writer = UI_method_get_writer(ui_fallback_method);
+ if (writer)
+ return writer(ui, uis);
+ return 1;
+}
+
+static int ui_close(UI *ui)
+{
+ int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
+
+ if (closer)
+ return closer(ui);
+ return 1;
+}
+
+int setup_ui_method(void)
+{
+ ui_fallback_method = UI_null();
+#ifndef OPENSSL_NO_UI_CONSOLE
+ ui_fallback_method = UI_OpenSSL();
+#endif
+ ui_method = UI_create_method("OpenSSL application user interface");
+ UI_method_set_opener(ui_method, ui_open);
+ UI_method_set_reader(ui_method, ui_read);
+ UI_method_set_writer(ui_method, ui_write);
+ UI_method_set_closer(ui_method, ui_close);
+ return 0;
+}
+
+void destroy_ui_method(void)
+{
+ if (ui_method) {
+ UI_destroy_method(ui_method);
+ ui_method = NULL;
+ }
+}
+
+const UI_METHOD *get_ui_method(void)
+{
+ return ui_method;
+}
+
+static void *ui_malloc(int sz, const char *what)
+{
+ void *vp = OPENSSL_malloc(sz);
+
+ if (vp == NULL) {
+ BIO_printf(bio_err, "Could not allocate %d bytes for %s\n", sz, what);
+ ERR_print_errors(bio_err);
+ exit(1);
+ }
+ return vp;
+}
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data)
+{
+ int res = 0;
+ UI *ui;
+ int ok = 0;
+ char *buff = NULL;
+ int ui_flags = 0;
+ const char *prompt_info = NULL;
+ char *prompt;
+
+ if ((ui = UI_new_method(ui_method)) == NULL)
+ return 0;
+
+ if (cb_data != NULL && cb_data->prompt_info != NULL)
+ prompt_info = cb_data->prompt_info;
+ prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+ if (prompt == NULL) {
+ BIO_printf(bio_err, "Out of memory\n");
+ UI_free(ui);
+ return 0;
+ }
+
+ ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+ UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+ /* We know that there is no previous user data to return to us */
+ (void)UI_add_user_data(ui, cb_data);
+
+ ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+ PW_MIN_LENGTH, bufsiz - 1);
+
+ if (ok >= 0 && verify) {
+ buff = ui_malloc(bufsiz, "password buffer");
+ ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+ PW_MIN_LENGTH, bufsiz - 1, buf);
+ }
+ if (ok >= 0)
+ do {
+ ok = UI_process(ui);
+ } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+ OPENSSL_clear_free(buff, (unsigned int)bufsiz);
+
+ if (ok >= 0)
+ res = strlen(buf);
+ if (ok == -1) {
+ BIO_printf(bio_err, "User interface error\n");
+ ERR_print_errors(bio_err);
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
+ }
+ if (ok == -2) {
+ BIO_printf(bio_err, "aborted!\n");
+ OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+ res = 0;
+ }
+ UI_free(ui);
+ OPENSSL_free(prompt);
+ return res;
+}
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_APPS_UI_H
+# define HEADER_APPS_UI_H
+
+
+# define PW_MIN_LENGTH 4
+typedef struct pw_cb_data {
+ const void *password;
+ const char *prompt_info;
+} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+const UI_METHOD *get_ui_method(void);
+
+extern BIO *bio_err;
+
+#endif
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
our @apps_lib_src =
- ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
+ ( qw(apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c
+ bf_prefix.c),
split(/\s+/, $target{apps_aux_src}) );
our @apps_init_src = split(/\s+/, $target{apps_init_src});
"" -}
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "fmt.h"
+
+int FMT_istext(int format)
+{
+ return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
+}
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Options are shared by apps (see apps.h) and the test system
+ * (see test/testutil.h').
+ * In order to remove the dependency between apps and options, the following
+ * shared fields have been moved into this file.
+ */
+
+#ifndef HEADER_FMT_H
+#define HEADER_FMT_H
+
+/* On some platforms, it's important to distinguish between text and binary
+ * files. On some, there might even be specific file formats for different
+ * contents. The FORMAT_xxx macros are meant to express an intent with the
+ * file being read or created.
+ */
+# define B_FORMAT_TEXT 0x8000
+# define FORMAT_UNDEF 0
+# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
+# define FORMAT_BINARY 2 /* Generic binary */
+# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
+# define FORMAT_ASN1 4 /* ASN.1/DER */
+# define FORMAT_PEM (5 | B_FORMAT_TEXT)
+# define FORMAT_PKCS12 6
+# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
+# define FORMAT_ENGINE 8 /* Not really a file format */
+# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */
+# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
+# define FORMAT_MSBLOB 11 /* MS Key blob format */
+# define FORMAT_PVK 12 /* MS PVK file format */
+# define FORMAT_HTTP 13 /* Download using HTTP */
+# define FORMAT_NSS 14 /* NSS keylog format */
+
+int FMT_istext(int format);
+
+#endif /* HEADER_FMT_H_ */
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
-#include "apps.h"
+
+/*
+ * This file is also used by the test suite. Do not #include "apps.h".
+ */
+#include "opt.h"
+#include "fmt.h"
+#include "internal/nelem.h"
#include <string.h>
#if !defined(OPENSSL_SYS_MSDOS)
# include OPENSSL_UNISTD
/* Store state. */
argc = ac;
argv = av;
- opt_index = 1;
+ opt_begin();
opts = o;
opt_progname(av[0]);
unknown = NULL;
i = o->valtype;
/* Make sure options are legit. */
- assert(o->name[0] != '-');
- assert(o->retval > 0);
+ OPENSSL_assert(o->name[0] != '-');
+ OPENSSL_assert(o->retval > 0);
switch (i) {
case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
case 'u': case 'c':
break;
default:
- assert(0);
+ OPENSSL_assert(0);
}
/* Make sure there are no duplicates. */
* Some compilers inline strcmp and the assert string is too long.
*/
duplicated = strcmp(o->name, next->name) == 0;
- assert(!duplicated);
+ OPENSSL_assert(!duplicated);
}
#endif
if (o->name[0] == '\0') {
- assert(unknown == NULL);
+ OPENSSL_assert(unknown == NULL);
unknown = o;
- assert(unknown->valtype == 0 || unknown->valtype == '-');
+ OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
}
}
return prog;
OPT_PAIR *ap;
if (flags == OPT_FMT_PEMDER) {
- BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
- prog, s);
+ opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
+ prog, s);
} else {
- BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
- prog, s);
+ opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
+ prog, s);
for (ap = formats; ap->name; ap++)
if (flags & ap->retval)
- BIO_printf(bio_err, " %s\n", ap->name);
+ opt_printf_stderr(" %s\n", ap->name);
}
return 0;
}
*cipherp = EVP_get_cipherbyname(name);
if (*cipherp != NULL)
return 1;
- BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
+ opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
return 0;
}
*mdp = EVP_get_digestbyname(name);
if (*mdp != NULL)
return 1;
- BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
+ opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
return 0;
}
*result = pp->retval;
return 1;
}
- BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
+ opt_printf_stderr("%s: Value must be one of:\n", prog);
for (pp = pairs; pp->name; pp++)
- BIO_printf(bio_err, "\t%s\n", pp->name);
+ opt_printf_stderr("\t%s\n", pp->name);
return 0;
}
return 0;
*result = (int)l;
if (*result != l) {
- BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n",
- prog, value);
+ opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
+ prog, value);
return 0;
}
return 1;
for (i = 0; i < OSSL_NELEM(b); i++) {
if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
- BIO_printf(bio_err,
- "%s: Can't parse \"%s\" as %s number\n",
- prog, v, b[i].name);
+ opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
+ prog, v, b[i].name);
return;
}
}
- BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v);
+ opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
return;
}
X509_PURPOSE *xptmp;
const X509_VERIFY_PARAM *vtmp;
- assert(vpm != NULL);
- assert(opt > OPT_V__FIRST);
- assert(opt < OPT_V__LAST);
+ OPENSSL_assert(vpm != NULL);
+ OPENSSL_assert(opt > OPT_V__FIRST);
+ OPENSSL_assert(opt < OPT_V__LAST);
switch ((enum range)opt) {
case OPT_V__FIRST:
case OPT_V_POLICY:
otmp = OBJ_txt2obj(opt_arg(), 0);
if (otmp == NULL) {
- BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
+ opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_add0_policy(vpm, otmp);
/* purpose name -> purpose index */
i = X509_PURPOSE_get_by_sname(opt_arg());
if (i < 0) {
- BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
+ opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
return 0;
}
i = X509_PURPOSE_get_id(xptmp);
if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
- BIO_printf(bio_err,
- "%s: Internal error setting purpose %s\n",
- prog, opt_arg());
+ opt_printf_stderr("%s: Internal error setting purpose %s\n",
+ prog, opt_arg());
return 0;
}
break;
case OPT_V_VERIFY_NAME:
vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
if (vtmp == NULL) {
- BIO_printf(bio_err, "%s: Invalid verify name %s\n",
- prog, opt_arg());
+ opt_printf_stderr("%s: Invalid verify name %s\n",
+ prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set1(vpm, vtmp);
if (!opt_imax(opt_arg(), &t))
return 0;
if (t != (time_t)t) {
- BIO_printf(bio_err, "%s: epoch time out of range %s\n",
- prog, opt_arg());
+ opt_printf_stderr("%s: epoch time out of range %s\n",
+ prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
}
+void opt_begin(void)
+{
+ opt_index = 1;
+ arg = NULL;
+ flag = NULL;
+}
+
/*
* Parse the next flag (and value if specified), return 0 if done, -1 on
* error, otherwise the flag's retval.
/* If it doesn't take a value, make sure none was given. */
if (o->valtype == 0 || o->valtype == '-') {
if (arg) {
- BIO_printf(bio_err,
- "%s: Option -%s does not take a value\n", prog, p);
+ opt_printf_stderr("%s: Option -%s does not take a value\n",
+ prog, p);
return -1;
}
return o->retval;
/* Want a value; get the next param if =foo not used. */
if (arg == NULL) {
if (argv[opt_index] == NULL) {
- BIO_printf(bio_err,
- "%s: Option -%s needs a value\n", prog, o->name);
+ opt_printf_stderr("%s: Option -%s needs a value\n",
+ prog, o->name);
return -1;
}
arg = argv[opt_index++];
/* Just a string. */
break;
case '/':
- if (app_isdir(arg) > 0)
+ if (opt_isdir(arg) > 0)
break;
- BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
+ opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
return -1;
case '<':
/* Input file. */
case 'n':
if (!opt_int(arg, &ival)
|| (o->valtype == 'p' && ival <= 0)) {
- BIO_printf(bio_err,
- "%s: Non-positive number \"%s\" for -%s\n",
- prog, arg, o->name);
+ opt_printf_stderr("%s: Non-positive number \"%s\" for -%s\n",
+ prog, arg, o->name);
return -1;
}
break;
case 'M':
if (!opt_imax(arg, &imval)) {
- BIO_printf(bio_err,
- "%s: Invalid number \"%s\" for -%s\n",
- prog, arg, o->name);
+ opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
+ prog, arg, o->name);
return -1;
}
break;
case 'U':
if (!opt_umax(arg, &umval)) {
- BIO_printf(bio_err,
- "%s: Invalid number \"%s\" for -%s\n",
- prog, arg, o->name);
+ opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
+ prog, arg, o->name);
return -1;
}
break;
case 'l':
if (!opt_long(arg, &lval)) {
- BIO_printf(bio_err,
- "%s: Invalid number \"%s\" for -%s\n",
- prog, arg, o->name);
+ opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
+ prog, arg, o->name);
return -1;
}
break;
case 'u':
if (!opt_ulong(arg, &ulval)) {
- BIO_printf(bio_err,
- "%s: Invalid number \"%s\" for -%s\n",
- prog, arg, o->name);
+ opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
+ prog, arg, o->name);
return -1;
}
break;
o->valtype == 'F' ? OPT_FMT_PEMDER
: OPT_FMT_ANY, &ival))
break;
- BIO_printf(bio_err,
- "%s: Invalid format \"%s\" for -%s\n",
- prog, arg, o->name);
+ opt_printf_stderr("%s: Invalid format \"%s\" for -%s\n",
+ prog, arg, o->name);
return -1;
}
dunno = p;
return unknown->retval;
}
- BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
+ opt_printf_stderr("%s: Option unknown option -%s\n", prog, p);
return -1;
}
i += 1 + strlen(valtype2param(o));
if (i < MAX_OPT_HELP_WIDTH && i > width)
width = i;
- assert(i < (int)sizeof(start));
+ OPENSSL_assert(i < (int)sizeof(start));
}
if (standard_prolog)
- BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
- prog);
+ opt_printf_stderr("Usage: %s [options]\nValid options are:\n", prog);
/* Now let's print. */
for (o = list; o->name; o++) {
help = o->helpstr ? o->helpstr : "(No additional info)";
if (o->name == OPT_HELP_STR) {
- BIO_printf(bio_err, help, prog);
+ opt_printf_stderr(help, prog);
continue;
}
if (o->name == OPT_MORE_STR) {
/* Continuation of previous line; pad and print. */
start[width] = '\0';
- BIO_printf(bio_err, "%s %s\n", start, help);
+ opt_printf_stderr("%s %s\n", start, help);
continue;
}
*p = ' ';
if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
*p = '\0';
- BIO_printf(bio_err, "%s\n", start);
+ opt_printf_stderr("%s\n", start);
memset(start, ' ', sizeof(start));
}
start[width] = '\0';
- BIO_printf(bio_err, "%s %s\n", start, help);
+ opt_printf_stderr("%s %s\n", start, help);
}
}
+
+/* opt_isdir section */
+#ifdef _WIN32
+# include <windows.h>
+int opt_isdir(const char *name)
+{
+ DWORD attr;
+# if defined(UNICODE) || defined(_UNICODE)
+ size_t i, len_0 = strlen(name) + 1;
+ WCHAR tempname[MAX_PATH];
+
+ if (len_0 > MAX_PATH)
+ return -1;
+
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+ if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
+# endif
+ for (i = 0; i < len_0; i++)
+ tempname[i] = (WCHAR)name[i];
+
+ attr = GetFileAttributes(tempname);
+# else
+ attr = GetFileAttributes(name);
+# endif
+ if (attr == INVALID_FILE_ATTRIBUTES)
+ return -1;
+ return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
+}
+#else
+# include <sys/stat.h>
+# ifndef S_ISDIR
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
+# else
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+# endif
+# endif
+
+int opt_isdir(const char *name)
+{
+# if defined(S_ISDIR)
+ struct stat st;
+
+ if (stat(name, &st) == 0)
+ return S_ISDIR(st.st_mode);
+ else
+ return -1;
+# else
+ return -1;
+# endif
+}
+#endif
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef HEADER_OPT_H
+#define HEADER_OPT_H
+
+#include <sys/types.h>
+#include <openssl/e_os2.h>
+#include <openssl/ossl_typ.h>
+#include <stdarg.h>
+
+/*
+ * Common verification options.
+ */
+# define OPT_V_ENUM \
+ OPT_V__FIRST=2000, \
+ OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
+ OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
+ OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
+ OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
+ OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
+ OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
+ OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
+ OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
+ OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
+ OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
+ OPT_V__LAST
+
+# define OPT_V_OPTIONS \
+ { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
+ { "purpose", OPT_V_PURPOSE, 's', \
+ "certificate chain purpose"}, \
+ { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
+ { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
+ "chain depth limit" }, \
+ { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
+ "chain authentication security level" }, \
+ { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
+ { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
+ "expected peer hostname" }, \
+ { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
+ "expected peer email" }, \
+ { "verify_ip", OPT_V_VERIFY_IP, 's', \
+ "expected peer IP address" }, \
+ { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
+ "permit unhandled critical extensions"}, \
+ { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
+ { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
+ { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
+ { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
+ { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
+ "set policy variable require-explicit-policy"}, \
+ { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
+ "set policy variable inhibit-any-policy"}, \
+ { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
+ "set policy variable inhibit-policy-mapping"}, \
+ { "x509_strict", OPT_V_X509_STRICT, '-', \
+ "disable certificate compatibility work-arounds"}, \
+ { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
+ "enable extended CRL features"}, \
+ { "use_deltas", OPT_V_USE_DELTAS, '-', \
+ "use delta CRLs"}, \
+ { "policy_print", OPT_V_POLICY_PRINT, '-', \
+ "print policy processing diagnostics"}, \
+ { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
+ "check root CA self-signatures"}, \
+ { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
+ "search trust store first (default)" }, \
+ { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
+ { "suiteB_128", OPT_V_SUITEB_128, '-', \
+ "Suite B 128-bit mode allowing 192-bit algorithms"}, \
+ { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
+ { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
+ "accept chains anchored by intermediate trust-store CAs"}, \
+ { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
+ { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
+ { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
+
+# define OPT_V_CASES \
+ OPT_V__FIRST: case OPT_V__LAST: break; \
+ case OPT_V_POLICY: \
+ case OPT_V_PURPOSE: \
+ case OPT_V_VERIFY_NAME: \
+ case OPT_V_VERIFY_DEPTH: \
+ case OPT_V_VERIFY_AUTH_LEVEL: \
+ case OPT_V_ATTIME: \
+ case OPT_V_VERIFY_HOSTNAME: \
+ case OPT_V_VERIFY_EMAIL: \
+ case OPT_V_VERIFY_IP: \
+ case OPT_V_IGNORE_CRITICAL: \
+ case OPT_V_ISSUER_CHECKS: \
+ case OPT_V_CRL_CHECK: \
+ case OPT_V_CRL_CHECK_ALL: \
+ case OPT_V_POLICY_CHECK: \
+ case OPT_V_EXPLICIT_POLICY: \
+ case OPT_V_INHIBIT_ANY: \
+ case OPT_V_INHIBIT_MAP: \
+ case OPT_V_X509_STRICT: \
+ case OPT_V_EXTENDED_CRL: \
+ case OPT_V_USE_DELTAS: \
+ case OPT_V_POLICY_PRINT: \
+ case OPT_V_CHECK_SS_SIG: \
+ case OPT_V_TRUSTED_FIRST: \
+ case OPT_V_SUITEB_128_ONLY: \
+ case OPT_V_SUITEB_128: \
+ case OPT_V_SUITEB_192: \
+ case OPT_V_PARTIAL_CHAIN: \
+ case OPT_V_NO_ALT_CHAINS: \
+ case OPT_V_NO_CHECK_TIME: \
+ case OPT_V_ALLOW_PROXY_CERTS
+
+/*
+ * Common "extended validation" options.
+ */
+# define OPT_X_ENUM \
+ OPT_X__FIRST=1000, \
+ OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
+ OPT_X_CERTFORM, OPT_X_KEYFORM, \
+ OPT_X__LAST
+
+# define OPT_X_OPTIONS \
+ { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
+ { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
+ { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
+ { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
+ "build certificate chain for the extended certificates"}, \
+ { "xcertform", OPT_X_CERTFORM, 'F', \
+ "format of Extended certificate (PEM or DER) PEM default " }, \
+ { "xkeyform", OPT_X_KEYFORM, 'F', \
+ "format of Extended certificate's key (PEM or DER) PEM default"}
+
+# define OPT_X_CASES \
+ OPT_X__FIRST: case OPT_X__LAST: break; \
+ case OPT_X_KEY: \
+ case OPT_X_CERT: \
+ case OPT_X_CHAIN: \
+ case OPT_X_CHAIN_BUILD: \
+ case OPT_X_CERTFORM: \
+ case OPT_X_KEYFORM
+
+/*
+ * Common SSL options.
+ * Any changes here must be coordinated with ../ssl/ssl_conf.c
+ */
+# define OPT_S_ENUM \
+ OPT_S__FIRST=3000, \
+ OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+ OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
+ OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
+ OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
+ OPT_S_PRIORITIZE_CHACHA, \
+ OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
+ OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
+ OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
+ OPT_S_MINPROTO, OPT_S_MAXPROTO, \
+ OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
+
+# define OPT_S_OPTIONS \
+ {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
+ {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
+ {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
+ {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
+ {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
+ {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
+ {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
+ {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
+ {"no_ticket", OPT_S_NOTICKET, '-', \
+ "Disable use of TLS session tickets"}, \
+ {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
+ {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
+ "Enable use of legacy renegotiation (dangerous)"}, \
+ {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
+ "Disable all renegotiation."}, \
+ {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
+ "Allow initial connection to servers that don't support RI"}, \
+ {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
+ "Disallow session resumption on renegotiation"}, \
+ {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
+ "Disallow initial connection to servers that don't support RI"}, \
+ {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
+ "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
+ {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
+ "Prioritize ChaCha ciphers when preferred by clients"}, \
+ {"strict", OPT_S_STRICT, '-', \
+ "Enforce strict certificate checks as per TLS standard"}, \
+ {"sigalgs", OPT_S_SIGALGS, 's', \
+ "Signature algorithms to support (colon-separated list)" }, \
+ {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
+ "Signature algorithms to support for client certificate" \
+ " authentication (colon-separated list)" }, \
+ {"groups", OPT_S_GROUPS, 's', \
+ "Groups to advertise (colon-separated list)" }, \
+ {"curves", OPT_S_CURVES, 's', \
+ "Groups to advertise (colon-separated list)" }, \
+ {"named_curve", OPT_S_NAMEDCURVE, 's', \
+ "Elliptic curve used for ECDHE (server-side only)" }, \
+ {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
+ {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
+ {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
+ {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
+ {"record_padding", OPT_S_RECORD_PADDING, 's', \
+ "Block size to pad TLS 1.3 records to."}, \
+ {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
+ "Perform all sorts of protocol violations for testing purposes"}, \
+ {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
+ "Disable TLSv1.3 middlebox compat mode" }
+
+# define OPT_S_CASES \
+ OPT_S__FIRST: case OPT_S__LAST: break; \
+ case OPT_S_NOSSL3: \
+ case OPT_S_NOTLS1: \
+ case OPT_S_NOTLS1_1: \
+ case OPT_S_NOTLS1_2: \
+ case OPT_S_NOTLS1_3: \
+ case OPT_S_BUGS: \
+ case OPT_S_NO_COMP: \
+ case OPT_S_COMP: \
+ case OPT_S_NOTICKET: \
+ case OPT_S_SERVERPREF: \
+ case OPT_S_LEGACYRENEG: \
+ case OPT_S_LEGACYCONN: \
+ case OPT_S_ONRESUMP: \
+ case OPT_S_NOLEGACYCONN: \
+ case OPT_S_ALLOW_NO_DHE_KEX: \
+ case OPT_S_PRIORITIZE_CHACHA: \
+ case OPT_S_STRICT: \
+ case OPT_S_SIGALGS: \
+ case OPT_S_CLIENTSIGALGS: \
+ case OPT_S_GROUPS: \
+ case OPT_S_CURVES: \
+ case OPT_S_NAMEDCURVE: \
+ case OPT_S_CIPHER: \
+ case OPT_S_CIPHERSUITES: \
+ case OPT_S_RECORD_PADDING: \
+ case OPT_S_NO_RENEGOTIATION: \
+ case OPT_S_MINPROTO: \
+ case OPT_S_MAXPROTO: \
+ case OPT_S_DEBUGBROKE: \
+ case OPT_S_NO_MIDDLEBOX
+
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+ || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
+
+/*
+ * Random state options.
+ */
+# define OPT_R_ENUM \
+ OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
+
+# define OPT_R_OPTIONS \
+ {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
+ {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
+
+# define OPT_R_CASES \
+ OPT_R__FIRST: case OPT_R__LAST: break; \
+ case OPT_R_RAND: case OPT_R_WRITERAND
+
+/*
+ * Option parsing.
+ */
+extern const char OPT_HELP_STR[];
+extern const char OPT_MORE_STR[];
+typedef struct options_st {
+ const char *name;
+ int retval;
+ /*
+ * value type: - no value (also the value zero), n number, p positive
+ * number, u unsigned, l long, s string, < input file, > output file,
+ * f any format, F der/pem format, E der/pem/engine format identifier.
+ * l, n and u include zero; p does not.
+ */
+ int valtype;
+ const char *helpstr;
+} OPTIONS;
+
+/*
+ * A string/int pairing; widely use for option value lookup, hence the
+ * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
+ * the "generic" name STRINT_PAIR.
+ */
+typedef struct string_int_pair_st {
+ const char *name;
+ int retval;
+} OPT_PAIR, STRINT_PAIR;
+
+/* Flags to pass into opt_format; see FORMAT_xxx, below. */
+# define OPT_FMT_PEMDER (1L << 1)
+# define OPT_FMT_PKCS12 (1L << 2)
+# define OPT_FMT_SMIME (1L << 3)
+# define OPT_FMT_ENGINE (1L << 4)
+# define OPT_FMT_MSBLOB (1L << 5)
+/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
+# define OPT_FMT_NSS (1L << 7)
+# define OPT_FMT_TEXT (1L << 8)
+# define OPT_FMT_HTTP (1L << 9)
+# define OPT_FMT_PVK (1L << 10)
+# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
+# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
+# define OPT_FMT_ANY ( \
+ OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
+ OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
+ OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
+
+char *opt_progname(const char *argv0);
+char *opt_getprog(void);
+char *opt_init(int ac, char **av, const OPTIONS * o);
+int opt_next(void);
+void opt_begin(void);
+int opt_format(const char *s, unsigned long flags, int *result);
+int opt_int(const char *arg, int *result);
+int opt_ulong(const char *arg, unsigned long *result);
+int opt_long(const char *arg, long *result);
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+ defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+int opt_imax(const char *arg, intmax_t *result);
+int opt_umax(const char *arg, uintmax_t *result);
+#else
+# define opt_imax opt_long
+# define opt_umax opt_ulong
+# define intmax_t long
+# define uintmax_t unsigned long
+#endif
+int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
+int opt_md(const char *name, const EVP_MD **mdp);
+char *opt_arg(void);
+char *opt_flag(void);
+char *opt_unknown(void);
+char **opt_rest(void);
+int opt_num_rest(void);
+int opt_verify(int i, X509_VERIFY_PARAM *vpm);
+int opt_rand(int i);
+void opt_help(const OPTIONS * list);
+int opt_format_error(const char *s, unsigned long flags);
+int opt_isdir(const char *name);
+int opt_printf_stderr(const char *fmt, ...);
+
+#endif /* HEADER_OPT_H */
return testresult;
}
+OPT_TEST_DECLARE_USAGE("certname privkey\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
}
#endif
+typedef enum OPTION_choice {
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_PRINT,
+ OPT_TEST_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS *test_get_options(void)
+{
+ static const OPTIONS test_options[] = {
+ OPT_TEST_OPTIONS_DEFAULT_USAGE,
+ { "print", OPT_PRINT, '-', "Output test tables instead of running tests"},
+ { NULL }
+ };
+ return test_options;
+}
+
int setup_tests(void)
{
#ifndef OPENSSL_NO_BF
+ OPTION_CHOICE o;
# ifdef CHARSET_EBCDIC
int n;
-
ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
for (n = 0; n < 2; n++) {
ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
}
# endif
- if (test_get_argument(0) != NULL) {
- print_test_data();
- } else {
- ADD_ALL_TESTS(test_bf_ecb_raw, 2);
- ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS);
- ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1);
- ADD_TEST(test_bf_cbc);
- ADD_TEST(test_bf_cfb64);
- ADD_TEST(test_bf_ofb64);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch(o) {
+ case OPT_PRINT:
+ print_test_data();
+ return 1;
+ case OPT_TEST_CASES:
+ break;
+ default:
+ return 0;
+ }
}
+
+ ADD_ALL_TESTS(test_bf_ecb_raw, 2);
+ ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS);
+ ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1);
+ ADD_TEST(test_bf_cbc);
+ ADD_TEST(test_bf_cfb64);
+ ADD_TEST(test_bf_ofb64);
#endif
return 1;
}
/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return 1;
}
+typedef enum OPTION_choice {
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_PRINT,
+ OPT_TEST_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS *test_get_options(void)
+{
+ static const OPTIONS options[] = {
+ OPT_TEST_OPTIONS_DEFAULT_USAGE,
+ { "expected", OPT_PRINT, '-', "Output values" },
+ { NULL }
+ };
+ return options;
+}
int setup_tests(void)
{
- justprint = test_has_option("-expected");
+ OPTION_CHOICE o;
+
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_PRINT:
+ justprint = 1;
+ break;
+ case OPT_TEST_CASES:
+ break;
+ default:
+ return 0;
+ }
+ }
ADD_TEST(test_big);
ADD_ALL_TESTS(test_fp, nelem(pw_params));
{
return fflush(stderr);
}
+
return c == 0;
}
+const OPTIONS *test_get_options(void)
+{
+ enum { OPT_TEST_ENUM };
+ static const OPTIONS test_options[] = {
+ OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
+ { OPT_HELP_STR, 1, '-',
+ "file\tFile to run tests on. Normal tests are not run\n" },
+ { NULL }
+ };
+ return test_options;
+}
int setup_tests(void)
{
SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \
testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \
testutil/format_output.c testutil/tap_bio.c \
- testutil/test_cleanup.c testutil/main.c testutil/init.c
- INCLUDE[libtestutil.a]=../include
+ testutil/test_cleanup.c testutil/main.c testutil/init.c \
+ testutil/options.c testutil/test_options.c ../apps/opt.c
+ INCLUDE[libtestutil.a]=../include ..
DEPEND[libtestutil.a]=../libcrypto
PROGRAMS{noinst}=\
DEPEND[cipher_overhead_test]=../libcrypto ../libssl libtestutil.a
ENDIF
- SOURCE[uitest]=uitest.c \
- {- rebase_files("../apps",
- split(/\s+/, $target{apps_init_src})) -}
+ SOURCE[uitest]=uitest.c ../apps/apps_ui.c
INCLUDE[uitest]=.. ../include ../apps
- DEPEND[uitest]=../apps/libapps.a ../libcrypto ../libssl libtestutil.a
+ DEPEND[uitest]=../libcrypto ../libssl libtestutil.a
SOURCE[cipherbytes_test]=cipherbytes_test.c
INCLUDE[cipherbytes_test]=../include
return testresult;
}
+OPT_TEST_DECLARE_USAGE("sessionfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(sessionfile = test_get_argument(0)))
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
#include <string.h>
#include <openssl/cms.h>
return testresult;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
char *certin = NULL, *privkeyin = NULL;
return 1;
}
+typedef enum OPTION_choice {
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_FAIL,
+ OPT_TEST_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS *test_get_options(void)
+{
+ static const OPTIONS test_options[] = {
+ OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"),
+ { "f", OPT_FAIL, '-', "A failure is expected" },
+ { NULL }
+ };
+ return test_options;
+}
+
int setup_tests(void)
{
const char *conf_file;
- const char *arg2;
+ OPTION_CHOICE o;
if (!TEST_ptr(conf = NCONF_new(NULL)))
return 0;
- conf_file = test_get_argument(0);
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_FAIL:
+ expect_failure = 1;
+ break;
+ case OPT_TEST_CASES:
+ break;
+ default:
+ return 0;
+ }
+ }
+ conf_file = test_get_argument(0);
if (!TEST_ptr(conf_file)
|| !TEST_ptr(in = BIO_new_file(conf_file, "r"))) {
TEST_note("Unable to open the file argument");
return 0;
}
- if ((arg2 = test_get_argument(1)) != NULL && *arg2 == 'f') {
- expect_failure = 1;
- }
-
/*
* For this test we need to chdir as we use relative
* path names in the config files.
return 1;
}
+typedef enum OPTION_choice {
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_PROGRESS,
+ OPT_SLOW,
+ OPT_TEST_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS *test_get_options(void)
+{
+ static const OPTIONS test_options[] = {
+ OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"),
+ { "f", OPT_SLOW, '-', "Enables a slow test" },
+ { "v", OPT_PROGRESS, '-',
+ "Enables verbose mode (prints progress dots)" },
+ { NULL }
+ };
+ return test_options;
+}
+
int setup_tests(void)
{
- /*
- * The test vectors contain one test which takes a very long time to run,
- * so we don't do that be default. Using the -f option will cause it to be
- * run.
- */
- if (test_has_option("-f"))
- max = 1000000;
-
- /* Print progress dots */
- if (test_has_option("-v"))
- verbose = 1;
+ OPTION_CHOICE o;
+
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_TEST_CASES:
+ break;
+ default:
+ return 0;
+ /*
+ * The test vectors contain one test which takes a very long time to run
+ * so we don't do that be default. Using the -f option will cause it to
+ * be run.
+ */
+ case OPT_SLOW:
+ max = 1000000;
+ break;
+ case OPT_PROGRESS:
+ verbose = 1; /* Print progress dots */
+ break;
+ }
+ }
ADD_TEST(test_x448);
ADD_TEST(test_ed448);
return ret;
}
+OPT_TEST_DECLARE_USAGE("item_name expected_error test_file.der\n")
+
/*
* Usage: d2i_test <name> <type> <file>, e.g.
* d2i_test generalname bad_generalname.der
if (!TEST_ptr(test_type_name = test_get_argument(0))
|| !TEST_ptr(expected_error_string = test_get_argument(1))
- || !TEST_ptr(test_file = test_get_argument(2))) {
- TEST_note("Usage: d2i_test item_name expected_error file.der");
+ || !TEST_ptr(test_file = test_get_argument(2)))
return 0;
- }
item_type = ASN1_ITEM_lookup(test_type_name);
return ret;
}
+OPT_TEST_DECLARE_USAGE("basedomain CAfile tlsafile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(basedomain = test_get_argument(0))
|| !TEST_ptr(CAfile = test_get_argument(1))
- || !TEST_ptr(tlsafile = test_get_argument(2))) {
- TEST_error("Usage error: danetest basedomain CAfile tlsafile");
+ || !TEST_ptr(tlsafile = test_get_argument(2)))
return 0;
- }
ADD_TEST(run_tlsatest);
return 1;
return testresult;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
#define NUM_REPEATS "1000000"
-static int64_t num_repeats;
+static intmax_t num_repeats;
static int print_mode = 0;
#ifndef OPENSSL_NO_EC
* point multiplication.
* Returns the X-coordinate of the end result or NULL on error.
*/
-static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, int64_t num)
+static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, intmax_t num)
{
BIGNUM *scalar = NULL;
- int64_t i;
+ intmax_t i;
if (!TEST_ptr(scalar = BN_new())
|| !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar,
}
#endif
-static int atoi64(const char *in, int64_t *result)
-{
- int64_t ret = 0;
-
- for ( ; *in != '\0'; in++) {
- char c = *in;
+typedef enum OPTION_choice {
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_NUM_REPEATS,
+ OPT_TEST_ENUM
+} OPTION_CHOICE;
- if (!isdigit((unsigned char)c))
- return 0;
- ret *= 10;
- ret += (c - '0');
- }
- *result = ret;
- return 1;
+const OPTIONS *test_get_options(void)
+{
+ static const OPTIONS test_options[] = {
+ OPT_TEST_OPTIONS_DEFAULT_USAGE,
+ { "num", OPT_NUM_REPEATS, 'M', "Number of repeats" },
+ { NULL }
+ };
+ return test_options;
}
/*
*/
int setup_tests(void)
{
- const char *p;
+ OPTION_CHOICE o;
- if (!atoi64(NUM_REPEATS, &num_repeats)) {
+ if (!opt_imax(NUM_REPEATS, &num_repeats)) {
TEST_error("Cannot parse " NUM_REPEATS);
return 0;
}
- /*
- * TODO(openssl-team): code under test/ should be able to reuse the option
- * parsing framework currently in apps/.
- */
- p = test_get_option_argument("-num");
- if (p != NULL) {
- if (!atoi64(p, &num_repeats)
- || num_repeats < 0)
- return 0;
- print_mode = 1;
+
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ case OPT_NUM_REPEATS:
+ if (!opt_imax(opt_arg(), &num_repeats)
+ || num_repeats < 0)
+ return 0;
+ print_mode = 1;
+ break;
+ case OPT_TEST_CASES:
+ break;
+ default:
+ case OPT_ERR:
+ return 0;
+ }
}
#ifndef OPENSSL_NO_EC
return c == 0;
}
+OPT_TEST_DECLARE_USAGE("file...\n")
+
int setup_tests(void)
{
size_t n = test_get_argument_count();
- if (n == 0) {
- TEST_error("Usage: %s file...", test_get_program_name());
+ if (n == 0)
return 0;
- }
ADD_ALL_TESTS(run_file_tests, n);
return 1;
return ret;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
return testresult;
}
+OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert1 = test_get_argument(0))
/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
}
#endif
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(certstr = test_get_argument(0))
ok(run(test(["conf_include_test", data_file("vms-includes-file.cnf")])),
"test file includes, VMS syntax");
}
-ok(run(test(["conf_include_test", data_file("includes-broken.cnf"), "f"])), "test broken includes");
+ok(run(test(["conf_include_test", "-f", data_file("includes-broken.cnf")])), "test broken includes");
return testresult;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
return ret;
}
+OPT_TEST_DECLARE_USAGE("conf_file\n")
+
int setup_tests(void)
{
long num_tests;
return 1;
}
+OPT_TEST_DECLARE_USAGE("conf_file\n")
+
int setup_tests(void)
{
if (!TEST_ptr(conf = NCONF_new(NULL)))
return 0;
/* argument should point to test/ssl_test_ctx_test.conf */
- if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) {
- TEST_note("Missing file argument");
+ if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0))
return 0;
- }
ADD_TEST(test_empty_configuration);
ADD_TEST(test_good_configuration);
return testresult;
}
+
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
return 1;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
char *cert, *pkey;
return testresult;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
int n;
if (!TEST_ptr(cert = test_get_argument(0))
- || !TEST_ptr(privkey = test_get_argument(1))) {
- TEST_note("Usage error: require cert and private key files");
+ || !TEST_ptr(privkey = test_get_argument(1)))
return 0;
- }
n = setup_cipher_list();
if (n > 0)
/*
- * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/err.h>
#include <openssl/e_os2.h>
#include <openssl/bn.h>
+#include "../apps/opt.h"
/*-
* Simple unit tests should implement setup_tests().
# define TEST_CASE_NAME __func__
# endif /* __STDC_VERSION__ */
+
+/* The default test enum which should be common to all tests */
+#define OPT_TEST_ENUM \
+ OPT_TEST_HELP = 500, \
+ OPT_TEST_LIST, \
+ OPT_TEST_SINGLE, \
+ OPT_TEST_ITERATION, \
+ OPT_TEST_INDENT, \
+ OPT_TEST_SEED
+
+/* The Default test OPTIONS common to all tests (without a usage string) */
+#define OPT_TEST_OPTIONS \
+ { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, \
+ { "help", OPT_TEST_HELP, '-', "Display this summary" }, \
+ { "list", OPT_TEST_LIST, '-', "Display the list of tests available" }, \
+ { "test", OPT_TEST_SINGLE, 's', "Run a single test by id or name" }, \
+ { "iter", OPT_TEST_ITERATION, 'n', "Run a single iteration of a test" }, \
+ { "indent", OPT_TEST_INDENT,'p', "Number of tabs added to output" }, \
+ { "seed", OPT_TEST_SEED, 'n', "Seed value to randomize tests with" }
+
+/* The Default test OPTIONS common to all tests starting with an additional usage string */
+#define OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage) \
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options] " usage }, \
+ OPT_TEST_OPTIONS
+
+/* The Default test OPTIONS common to all tests with an default usage string */
+#define OPT_TEST_OPTIONS_DEFAULT_USAGE \
+ { OPT_HELP_STR, 1, '-', "Usage: %s [options]\n" }, \
+ OPT_TEST_OPTIONS
+
+/*
+ * Optional Cases that need to be ignored by the test app when using opt_next(),
+ * (that are handled internally).
+ */
+#define OPT_TEST_CASES \
+ OPT_TEST_HELP: \
+ case OPT_TEST_LIST: \
+ case OPT_TEST_SINGLE: \
+ case OPT_TEST_ITERATION: \
+ case OPT_TEST_INDENT: \
+ case OPT_TEST_SEED
+
+/*
+ * Tests that use test_get_argument() that dont have any additional options
+ * (i.e- dont use opt_next()) can use this to set the usage string.
+ * It embeds test_get_options() which gives default command line options for
+ * the test system.
+ *
+ * Tests that need to use opt_next() need to specify
+ * (1) test_get_options() containing an options[] (Which should include either
+ * OPT_TEST_OPTIONS_DEFAULT_USAGE OR
+ * OPT_TEST_OPTIONS_WITH_EXTRA_USAGE).
+ * (2) An enum outside the test_get_options() which contains OPT_TEST_ENUM, as
+ * well as the additional options that need to be handled.
+ * (3) case OPT_TEST_CASES: break; inside the opt_next() handling code.
+ */
+#define OPT_TEST_DECLARE_USAGE(usage_str) \
+const OPTIONS *test_get_options(void) \
+{ \
+ enum { OPT_TEST_ENUM }; \
+ static const OPTIONS options[] = { \
+ OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage_str), \
+ { NULL } \
+ }; \
+ return options; \
+}
+
/*
- * Tests that need access to command line arguments should use the functions:
- * test_get_argument(int n) to get the nth argument, the first argument is
- * argument 0. This function returns NULL on error.
- * test_get_argument_count() to get the count of the arguments.
- * test_has_option(const char *) to check if the specified option was passed.
- * test_get_option_argument(const char *) to get an option which includes an
- * argument. NULL is returns if the option is not found.
- * const char *test_get_program_name(void) returns the name of the test program
- * being executed.
+ * Used to read non optional command line values that follow after the options.
+ * Returns NULL if there is no argument.
*/
-const char *test_get_program_name(void);
char *test_get_argument(size_t n);
+/* Return the number of additional non optional command line arguments */
size_t test_get_argument_count(void);
-int test_has_option(const char *option);
-const char *test_get_option_argument(const char *option);
/*
* Internal helpers. Test programs shouldn't use these directly, but should
int global_init(void);
int setup_tests(void);
void cleanup_tests(void);
+/*
+ * Used to supply test specific command line options,
+ * If non optional parameters are used, then the first entry in the OPTIONS[]
+ * should contain:
+ * { OPT_HELP_STR, 1, '-', "list of non optional commandline params\n"},
+ * The last entry should always be { NULL }.
+ *
+ * Run the test locally using './test/test_name -help' to check the usage.
+ */
+const OPTIONS *test_get_options(void);
/*
* Test assumption verification helpers.
# define strdup _strdup
#endif
+
/*
* Declares the structures needed to register each test case function.
*/
static TEST_INFO all_tests[1024];
static int num_tests = 0;
+static int show_list = 0;
+static int single_test = -1;
+static int single_iter = -1;
+static int level = 0;
static int seed = 0;
/*
- * A parameterised tests runs a loop of test cases.
+ * A parameterised test runs a loop of test cases.
* |num_test_cases| counts the total number of test cases
* across all tests.
*/
static int num_test_cases = 0;
+static int process_shared_options(void);
+
+
void add_test(const char *test_case_name, int (*test_fn) (void))
{
assert(num_tests != OSSL_NELEM(all_tests));
num_test_cases += num;
}
-static int level = 0;
-
int subtest_level(void)
{
return level;
return a;
}
-void setup_test_framework(void)
+static void set_seed(int s)
{
- char *TAP_levels = getenv("HARNESS_OSSL_LEVEL");
- char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER");
+ seed = s;
+ if (seed <= 0)
+ seed = (int)time(NULL);
+ test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed);
+ test_flush_stdout();
+ srand(seed);
+}
- level = TAP_levels != NULL ? 4 * atoi(TAP_levels) : 0;
- if (test_seed != NULL) {
- seed = atoi(test_seed);
- if (seed <= 0)
- seed = (int)time(NULL);
- test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed);
- test_flush_stdout();
- srand(seed);
- }
+int setup_test_framework(int argc, char *argv[])
+{
+ char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER");
+ char *TAP_levels = getenv("HARNESS_OSSL_LEVEL");
+
+ if (TAP_levels != NULL)
+ level = 4 * atoi(TAP_levels);
+ if (test_seed != NULL)
+ set_seed(atoi(test_seed));
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (should_report_leaks()) {
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
}
#endif
+ if (!opt_init(argc, argv, test_get_options()))
+ return 0;
+ return 1;
}
+
+/*
+ * This can only be called after setup() has run, since num_tests and
+ * all_tests[] are setup at this point
+ */
+static int check_single_test_params(char *name, char *testname, char *itname)
+{
+ if (name != NULL) {
+ int i;
+ for (i = 0; i < num_tests; ++i) {
+ if (strcmp(name, all_tests[i].test_case_name) == 0) {
+ single_test = 1 + i;
+ break;
+ }
+ }
+ if (i >= num_tests)
+ single_test = atoi(name);
+ }
+
+
+ /* if only iteration is specified, assume we want the first test */
+ if (single_test == -1 && single_iter != -1)
+ single_test = 1;
+
+ if (single_test != -1) {
+ if (single_test < 1 || single_test > num_tests) {
+ test_printf_stderr("Invalid -%s value "
+ "(Value must be a valid test name OR a value between %d..%d)\n",
+ testname, 1, num_tests);
+ return 0;
+ }
+ }
+ if (single_iter != -1) {
+ if (all_tests[single_test - 1].num == -1) {
+ test_printf_stderr("-%s option is not valid for test %d:%s\n",
+ itname,
+ single_test,
+ all_tests[single_test - 1].test_case_name);
+ return 0;
+ } else if (single_iter < 1
+ || single_iter > all_tests[single_test - 1].num) {
+ test_printf_stderr("Invalid -%s value for test %d:%s\t"
+ "(Value must be in the range %d..%d)\n",
+ itname, single_test,
+ all_tests[single_test - 1].test_case_name,
+ 1, all_tests[single_test - 1].num);
+ return 0;
+ }
+ }
+ return 1;
+}
+
+static int process_shared_options(void)
+{
+ OPTION_CHOICE_DEFAULT o;
+ int value;
+ int ret = -1;
+ char *flag_test = "";
+ char *flag_iter = "";
+ char *testname = NULL;
+
+ opt_begin();
+ while ((o = opt_next()) != OPT_EOF) {
+ switch (o) {
+ /* Ignore any test options at this level */
+ default:
+ break;
+ case OPT_ERR:
+ return ret;
+ case OPT_TEST_HELP:
+ opt_help(test_get_options());
+ return 0;
+ case OPT_TEST_LIST:
+ show_list = 1;
+ break;
+ case OPT_TEST_SINGLE:
+ flag_test = opt_flag();
+ testname = opt_arg();
+ break;
+ case OPT_TEST_ITERATION:
+ flag_iter = opt_flag();
+ if (!opt_int(opt_arg(), &single_iter))
+ goto end;
+ break;
+ case OPT_TEST_INDENT:
+ if (!opt_int(opt_arg(), &value))
+ goto end;
+ level = 4 * value;
+ break;
+ case OPT_TEST_SEED:
+ if (!opt_int(opt_arg(), &value))
+ goto end;
+ set_seed(value);
+ break;
+ }
+ }
+ if (!check_single_test_params(testname, flag_test, flag_iter))
+ goto end;
+ ret = 1;
+end:
+ return ret;
+}
+
+
int pulldown_test_framework(int ret)
{
set_test_title(NULL);
&& CRYPTO_mem_leaks_cb(openssl_error_cb, NULL) <= 0)
return EXIT_FAILURE;
#endif
-
return ret;
}
int ii, i, jj, j, jstep;
int permute[OSSL_NELEM(all_tests)];
+ i = process_shared_options();
+ if (i == 0)
+ return EXIT_SUCCESS;
+ if (i == -1)
+ return EXIT_FAILURE;
+
if (num_tests < 1) {
test_printf_stdout("%*s1..0 # Skipped: %s\n", level, "",
test_prog_name);
- } else {
+ } else if (show_list == 0 && single_test == -1) {
if (level > 0)
test_printf_stdout("%*s# Subtest: %s\n", level, "", test_prog_name);
test_printf_stdout("%*s1..%d\n", level, "", num_tests);
}
+
test_flush_stdout();
for (i = 0; i < num_tests; i++)
for (ii = 0; ii != num_tests; ++ii) {
i = permute[ii];
- if (all_tests[i].num == -1) {
+
+ if (single_test != -1 && ((i+1) != single_test)) {
+ continue;
+ }
+ else if (show_list) {
+ if (all_tests[i].num != -1) {
+ test_printf_stdout("%d - %s (%d..%d)\n", ii + 1,
+ all_tests[i].test_case_name, 1,
+ all_tests[i].num);
+ } else {
+ test_printf_stdout("%d - %s\n", ii + 1,
+ all_tests[i].test_case_name);
+ }
+ test_flush_stdout();
+ } else if (all_tests[i].num == -1) {
int ret = 0;
set_test_title(all_tests[i].test_case_name);
ret = all_tests[i].test_fn();
-
verdict = 1;
if (!ret) {
verdict = 0;
int num_failed_inner = 0;
level += 4;
- if (all_tests[i].subtest) {
+ if (all_tests[i].subtest && single_iter == -1) {
test_printf_stdout("%*s# Subtest: %s\n", level, "",
all_tests[i].test_case_name);
test_printf_stdout("%*s%d..%d\n", level, "", 1,
int ret;
j = (j + jstep) % all_tests[i].num;
+ if (single_iter != -1 && ((jj + 1) != single_iter))
+ continue;
set_test_title(NULL);
ret = all_tests[i].param_test_fn(j);
/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
*/
#include "../testutil.h"
-#include "internal/nelem.h"
#include "output.h"
#include "tu_local.h"
-#include <string.h>
-
-static size_t arg_count;
-static char **args;
-static unsigned char arg_used[1000];
-
-static void check_arg_usage(void)
-{
- size_t i, n = arg_count < OSSL_NELEM(arg_used) ? arg_count
- : OSSL_NELEM(arg_used);
-
- for (i = 0; i < n; i++)
- if (!arg_used[i+1])
- test_printf_stderr("Warning ignored command-line argument %zu: %s\n",
- i, args[i+1]);
- if (i < arg_count)
- test_printf_stderr("Warning arguments %zu and later unchecked\n", i);
-}
int main(int argc, char *argv[])
{
return ret;
}
- arg_count = argc - 1;
- args = argv;
-
- setup_test_framework();
+ if (!setup_test_framework(argc, argv))
+ goto end;
- if (setup_tests())
+ if (setup_tests()) {
ret = run_tests(argv[0]);
- cleanup_tests();
- check_arg_usage();
-
+ cleanup_tests();
+ opt_check_usage();
+ } else {
+ opt_help(test_get_options());
+ }
+end:
ret = pulldown_test_framework(ret);
test_close_streams();
return ret;
}
-
-const char *test_get_program_name(void)
-{
- return args[0];
-}
-
-char *test_get_argument(size_t n)
-{
- if (n > arg_count)
- return NULL;
- if (n + 1 < OSSL_NELEM(arg_used))
- arg_used[n + 1] = 1;
- return args[n + 1];
-}
-
-size_t test_get_argument_count(void)
-{
- return arg_count;
-}
-
-int test_has_option(const char *option)
-{
- size_t i;
-
- for (i = 1; i <= arg_count; i++)
- if (strcmp(args[i], option) == 0) {
- arg_used[i] = 1;
- return 1;
- }
- return 0;
-}
-
-const char *test_get_option_argument(const char *option)
-{
- size_t i, n = strlen(option);
-
- for (i = 1; i <= arg_count; i++)
- if (strncmp(args[i], option, n) == 0) {
- arg_used[i] = 1;
- if (args[i][n] == '\0' && i + 1 < arg_count) {
- arg_used[++i] = 1;
- return args[i];
- }
- return args[i] + n;
- }
- return NULL;
-}
-
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../testutil.h"
+#include "internal/nelem.h"
+#include "tu_local.h"
+#include "output.h"
+
+
+static int used[100] = { 0 };
+
+
+size_t test_get_argument_count(void)
+{
+ return opt_num_rest();
+}
+
+char *test_get_argument(size_t n)
+{
+ char **argv = opt_rest();
+
+ OPENSSL_assert(n < sizeof(used));
+ if ((int)n >= opt_num_rest() || argv == NULL)
+ return NULL;
+ used[n] = 1;
+ return argv[n];
+}
+
+void opt_check_usage(void)
+{
+ int i;
+ char **argv = opt_rest();
+ int n, arg_count = opt_num_rest();
+
+ if (arg_count > (int)OSSL_NELEM(used))
+ n = (int)OSSL_NELEM(used);
+ else
+ n = arg_count;
+ for (i = 0; i < n; i++) {
+ if (used[i] == 0)
+ test_printf_stderr("Warning ignored command-line argument %d: %s\n",
+ i, argv[i]);
+ }
+ if (i < arg_count)
+ test_printf_stderr("Warning arguments %d and later unchecked\n", i);
+}
+
+int opt_printf_stderr(const char *fmt, ...)
+{
+ va_list ap;
+ int ret;
+
+ va_start(ap, fmt);
+ ret = test_vprintf_stderr(fmt, ap);
+ va_end(ap);
+ return ret;
+}
+
--- /dev/null
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../testutil.h"
+#include "tu_local.h"
+
+/* An overridable list of command line options */
+const OPTIONS *test_get_options(void)
+{
+ static const OPTIONS default_options[] = {
+ OPT_TEST_OPTIONS_DEFAULT_USAGE,
+ { NULL }
+ };
+ return default_options;
+}
/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
const unsigned char *m1, size_t l1,
const unsigned char *m2, size_t l2);
-void setup_test_framework(void);
+__owur int setup_test_framework(int argc, char *argv[]);
__owur int pulldown_test_framework(int ret);
__owur int run_tests(const char *test_prog_name);
void set_test_title(const char *title);
+
+typedef enum OPTION_choice_default {
+ OPT_ERR = -1,
+ OPT_EOF = 0,
+ OPT_TEST_ENUM
+} OPTION_CHOICE_DEFAULT;
+void opt_check_usage(void);
+
return ret;
}
+OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
+
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))
/*
- * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/err.h>
-#include "apps.h"
+#include "apps_ui.h"
#include "testutil.h"
-/* apps/apps.c depend on these */
-char *default_config_file = NULL;
#include <openssl/ui.h>
/*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return ret;
}
+OPT_TEST_DECLARE_USAGE("cert.pem\n")
+
int setup_tests(void)
{
if (!TEST_ptr(infile = test_get_argument(0)))
return testresult;
}
+OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
+
int setup_tests(void)
{
if (!TEST_ptr(roots_f = test_get_argument(0))
|| !TEST_ptr(untrusted_f = test_get_argument(1))
- || !TEST_ptr(bad_f = test_get_argument(2))) {
- TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
+ || !TEST_ptr(bad_f = test_get_argument(2)))
return 0;
- }
ADD_TEST(test_alt_chains_cert_forgery);
ADD_TEST(test_store_ctx);
/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
return ret;
}
+const OPTIONS *test_get_options(void)
+{
+ enum { OPT_TEST_ENUM };
+ static const OPTIONS test_options[] = {
+ OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("certname key.pem type expected\n"),
+ { OPT_HELP_STR, 1, '-', "certname\tCertificate filename .pem/.req\n" },
+ { OPT_HELP_STR, 1, '-', "type\t\tvalue must be 'pem' or 'req'\n" },
+ { OPT_HELP_STR, 1, '-', "expected\tthe expected return value\n" },
+ { NULL }
+ };
+ return test_options;
+}
+
int setup_tests(void)
{
if (!TEST_ptr(c = test_get_argument(0))
|| !TEST_ptr(k = test_get_argument(1))
|| !TEST_ptr(t = test_get_argument(2))
|| !TEST_ptr(e = test_get_argument(3))) {
- TEST_note("usage: x509_check_cert_pkey cert.pem|cert.req"
- " key.pem cert|req <expected>");
return 0;
}
/*
- * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
return ret;
}
+OPT_TEST_DECLARE_USAGE("cert.pem...\n")
+
int setup_tests(void)
{
size_t n = test_get_argument_count();
- if (!TEST_int_gt(n, 0)) {
- TEST_note("usage: x509_dup_cert_test cert.pem...");
+ if (!TEST_int_gt(n, 0))
return 0;
- }
ADD_ALL_TESTS(test_509_dup_cert, n);
return 1;
return 0;
}
+OPT_TEST_DECLARE_USAGE("certfile...\n")
+
int setup_tests(void)
{
size_t n = test_get_argument_count();
-
- if (n == 0) {
- TEST_error("usage: %s certfile...", test_get_program_name());
+ if (n == 0)
return 0;
- }
ADD_ALL_TESTS(test_certs, (int)n);
return 1;
projects / oweals / openssl.git / commitdiff