1 /*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * This file is also used by the test suite. Do not #include "apps.h".
12 */
13 #include "opt.h"
14 #include "fmt.h"
15 #include "app_libctx.h"
16 #include "internal/nelem.h"
17 #include "internal/numbers.h"
18 #include <string.h>
19 #if !defined(OPENSSL_SYS_MSDOS)
20 # include <unistd.h>
21 #endif
22
23 #include <stdlib.h>
24 #include <errno.h>
25 #include <ctype.h>
26 #include <limits.h>
27 #include <openssl/err.h>
28 #include <openssl/bio.h>
29 #include <openssl/x509v3.h>
30
31 #define MAX_OPT_HELP_WIDTH 30
32 const char OPT_HELP_STR[] = "-H";
33 const char OPT_MORE_STR[] = "-M";
34 const char OPT_SECTION_STR[] = "-S";
35 const char OPT_PARAM_STR[] = "-P";
36
37 /* Our state */
38 static char **argv;
39 static int argc;
40 static int opt_index;
41 static char *arg;
42 static char *flag;
43 static char *dunno;
44 static const char *unknown_name;
45 static const OPTIONS *unknown;
46 static const OPTIONS *opts;
47 static char prog[40];
48
49 /*
50 * Return the simple name of the program; removing various platform gunk.
51 */
52 #if defined(OPENSSL_SYS_WIN32)
53
opt_path_end(const char * filename)54 const char *opt_path_end(const char *filename)
55 {
56 const char *p;
57
58 /* find the last '/', '\' or ':' */
59 for (p = filename + strlen(filename); --p > filename; )
60 if (*p == '/' || *p == '\\' || *p == ':') {
61 p++;
62 break;
63 }
64 return p;
65 }
66
opt_progname(const char * argv0)67 char *opt_progname(const char *argv0)
68 {
69 size_t i, n;
70 const char *p;
71 char *q;
72
73 p = opt_path_end(argv0);
74
75 /* Strip off trailing nonsense. */
76 n = strlen(p);
77 if (n > 4 &&
78 (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
79 n -= 4;
80
81 /* Copy over the name, in lowercase. */
82 if (n > sizeof(prog) - 1)
83 n = sizeof(prog) - 1;
84 for (q = prog, i = 0; i < n; i++, p++)
85 *q++ = tolower((unsigned char)*p);
86 *q = '\0';
87 return prog;
88 }
89
90 #elif defined(OPENSSL_SYS_VMS)
91
opt_path_end(const char * filename)92 const char *opt_path_end(const char *filename)
93 {
94 const char *p;
95
96 /* Find last special character sys:[foo.bar]openssl */
97 for (p = filename + strlen(filename); --p > filename;)
98 if (*p == ':' || *p == ']' || *p == '>') {
99 p++;
100 break;
101 }
102 return p;
103 }
104
opt_progname(const char * argv0)105 char *opt_progname(const char *argv0)
106 {
107 const char *p, *q;
108
109 /* Find last special character sys:[foo.bar]openssl */
110 p = opt_path_end(argv0);
111 q = strrchr(p, '.');
112 if (prog != p)
113 strncpy(prog, p, sizeof(prog) - 1);
114 prog[sizeof(prog) - 1] = '\0';
115 if (q != NULL && q - p < sizeof(prog))
116 prog[q - p] = '\0';
117 return prog;
118 }
119
120 #else
121
opt_path_end(const char * filename)122 const char *opt_path_end(const char *filename)
123 {
124 const char *p;
125
126 /* Could use strchr, but this is like the ones above. */
127 for (p = filename + strlen(filename); --p > filename;)
128 if (*p == '/') {
129 p++;
130 break;
131 }
132 return p;
133 }
134
opt_progname(const char * argv0)135 char *opt_progname(const char *argv0)
136 {
137 const char *p;
138
139 p = opt_path_end(argv0);
140 if (prog != p)
141 strncpy(prog, p, sizeof(prog) - 1);
142 prog[sizeof(prog) - 1] = '\0';
143 return prog;
144 }
145 #endif
146
opt_appname(const char * argv0)147 char *opt_appname(const char *argv0)
148 {
149 size_t len = strlen(prog);
150
151 if (argv0 != NULL)
152 BIO_snprintf(prog + len, sizeof(prog) - len - 1, " %s", argv0);
153 return prog;
154 }
155
opt_getprog(void)156 char *opt_getprog(void)
157 {
158 return prog;
159 }
160
161 /* Set up the arg parsing. */
opt_init(int ac,char ** av,const OPTIONS * o)162 char *opt_init(int ac, char **av, const OPTIONS *o)
163 {
164 /* Store state. */
165 argc = ac;
166 argv = av;
167 opt_begin();
168 opts = o;
169 unknown = NULL;
170 /* Make sure prog name is set for usage output */
171 (void)opt_progname(argv[0]);
172
173 /* Check all options up until the PARAM marker (if present) */
174 for (; o->name != NULL && o->name != OPT_PARAM_STR; ++o) {
175 #ifndef NDEBUG
176 const OPTIONS *next;
177 int duplicated, i;
178 #endif
179
180 if (o->name == OPT_HELP_STR
181 || o->name == OPT_MORE_STR
182 || o->name == OPT_SECTION_STR)
183 continue;
184 #ifndef NDEBUG
185 i = o->valtype;
186
187 /* Make sure options are legit. */
188 OPENSSL_assert(o->name[0] != '-');
189 if (o->valtype == '.')
190 OPENSSL_assert(o->retval == OPT_PARAM);
191 else
192 OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM);
193 switch (i) {
194 case 0: case '-': case '.':
195 case '/': case '<': case '>': case 'E': case 'F':
196 case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
197 case 'u': case 'c': case ':': case 'N': case 'A':
198 break;
199 default:
200 OPENSSL_assert(0);
201 }
202
203 /* Make sure there are no duplicates. */
204 for (next = o + 1; next->name; ++next) {
205 /*
206 * Some compilers inline strcmp and the assert string is too long.
207 */
208 duplicated = next->retval != OPT_DUP
209 && strcmp(o->name, next->name) == 0;
210 if (duplicated) {
211 opt_printf_stderr("%s: Internal error: duplicate option %s\n",
212 prog, o->name);
213 OPENSSL_assert(!duplicated);
214 }
215 }
216 #endif
217 if (o->name[0] == '\0') {
218 OPENSSL_assert(unknown_name != NULL);
219 OPENSSL_assert(unknown == NULL);
220 unknown = o;
221 OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
222 }
223 }
224 return prog;
225 }
226
227 static OPT_PAIR formats[] = {
228 {"pem", OPT_FMT_PEM},
229 {"der", OPT_FMT_DER},
230 {"b64", OPT_FMT_B64},
231 {"pkcs12", OPT_FMT_PKCS12},
232 {"smime", OPT_FMT_SMIME},
233 {"engine", OPT_FMT_ENGINE},
234 {"msblob", OPT_FMT_MSBLOB},
235 {"nss", OPT_FMT_NSS},
236 {"text", OPT_FMT_TEXT},
237 {"http", OPT_FMT_HTTP},
238 {"pvk", OPT_FMT_PVK},
239 {NULL}
240 };
241
opt_set_unknown_name(const char * name)242 void opt_set_unknown_name(const char *name)
243 {
244 unknown_name = name;
245 }
246
247 /* Print an error message about a failed format parse. */
opt_format_error(const char * s,unsigned long flags)248 static int opt_format_error(const char *s, unsigned long flags)
249 {
250 OPT_PAIR *ap;
251
252 opt_printf_stderr("%s: Bad format \"%s\"; must be one of: ", prog, s);
253 for (ap = formats; ap->name; ap++)
254 if (flags & ap->retval)
255 opt_printf_stderr(" %s", ap->name);
256 opt_printf_stderr("\n");
257
258 return 0;
259 }
260
261 /* Parse a format string, put it into *result; return 0 on failure, else 1. */
opt_format(const char * s,unsigned long flags,int * result)262 int opt_format(const char *s, unsigned long flags, int *result)
263 {
264 switch (*s) {
265 default:
266 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
267 return 0;
268 case 'B':
269 case 'b':
270 if (s[1] == '\0'
271 || strcmp(s, "B64") == 0 || strcmp(s, "b64") == 0
272 || strcmp(s, "BASE64") == 0 || strcmp(s, "base64") == 0 ) {
273 if ((flags & OPT_FMT_B64) == 0)
274 return opt_format_error(s, flags);
275 *result = FORMAT_BASE64;
276 } else {
277 return 0;
278 }
279 break;
280 case 'D':
281 case 'd':
282 if ((flags & OPT_FMT_DER) == 0)
283 return opt_format_error(s, flags);
284 *result = FORMAT_ASN1;
285 break;
286 case 'T':
287 case 't':
288 if ((flags & OPT_FMT_TEXT) == 0)
289 return opt_format_error(s, flags);
290 *result = FORMAT_TEXT;
291 break;
292 case 'N':
293 case 'n':
294 if ((flags & OPT_FMT_NSS) == 0)
295 return opt_format_error(s, flags);
296 if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
297 return opt_format_error(s, flags);
298 *result = FORMAT_NSS;
299 break;
300 case 'S':
301 case 's':
302 if ((flags & OPT_FMT_SMIME) == 0)
303 return opt_format_error(s, flags);
304 *result = FORMAT_SMIME;
305 break;
306 case 'M':
307 case 'm':
308 if ((flags & OPT_FMT_MSBLOB) == 0)
309 return opt_format_error(s, flags);
310 *result = FORMAT_MSBLOB;
311 break;
312 case 'E':
313 case 'e':
314 if ((flags & OPT_FMT_ENGINE) == 0)
315 return opt_format_error(s, flags);
316 *result = FORMAT_ENGINE;
317 break;
318 case 'H':
319 case 'h':
320 if ((flags & OPT_FMT_HTTP) == 0)
321 return opt_format_error(s, flags);
322 *result = FORMAT_HTTP;
323 break;
324 case '1':
325 if ((flags & OPT_FMT_PKCS12) == 0)
326 return opt_format_error(s, flags);
327 *result = FORMAT_PKCS12;
328 break;
329 case 'P':
330 case 'p':
331 if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
332 if ((flags & OPT_FMT_PEM) == 0)
333 return opt_format_error(s, flags);
334 *result = FORMAT_PEM;
335 } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
336 if ((flags & OPT_FMT_PVK) == 0)
337 return opt_format_error(s, flags);
338 *result = FORMAT_PVK;
339 } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
340 || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
341 if ((flags & OPT_FMT_PKCS12) == 0)
342 return opt_format_error(s, flags);
343 *result = FORMAT_PKCS12;
344 } else {
345 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
346 return 0;
347 }
348 break;
349 }
350 return 1;
351 }
352
353 /* Return string representing the given format. */
format2str(int format)354 static const char *format2str(int format)
355 {
356 switch (format) {
357 default:
358 return "(undefined)";
359 case FORMAT_PEM:
360 return "PEM";
361 case FORMAT_ASN1:
362 return "DER";
363 case FORMAT_TEXT:
364 return "TEXT";
365 case FORMAT_NSS:
366 return "NSS";
367 case FORMAT_SMIME:
368 return "SMIME";
369 case FORMAT_MSBLOB:
370 return "MSBLOB";
371 case FORMAT_ENGINE:
372 return "ENGINE";
373 case FORMAT_HTTP:
374 return "HTTP";
375 case FORMAT_PKCS12:
376 return "P12";
377 case FORMAT_PVK:
378 return "PVK";
379 }
380 }
381
382 /* Print an error message about unsuitable/unsupported format requested. */
print_format_error(int format,unsigned long flags)383 void print_format_error(int format, unsigned long flags)
384 {
385 (void)opt_format_error(format2str(format), flags);
386 }
387
388 /*
389 * Parse a cipher name, put it in *cipherp after freeing what was there, if
390 * cipherp is not NULL. Return 0 on failure, else 1.
391 */
opt_cipher_silent(const char * name,EVP_CIPHER ** cipherp)392 int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp)
393 {
394 EVP_CIPHER *c;
395
396 ERR_set_mark();
397 if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name,
398 app_get0_propq())) != NULL
399 || (opt_legacy_okay()
400 && (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) {
401 ERR_pop_to_mark();
402 if (cipherp != NULL) {
403 EVP_CIPHER_free(*cipherp);
404 *cipherp = c;
405 } else {
406 EVP_CIPHER_free(c);
407 }
408 return 1;
409 }
410 ERR_clear_last_mark();
411 return 0;
412 }
413
opt_cipher_any(const char * name,EVP_CIPHER ** cipherp)414 int opt_cipher_any(const char *name, EVP_CIPHER **cipherp)
415 {
416 int ret;
417
418 if (name == NULL)
419 return 1;
420 if ((ret = opt_cipher_silent(name, cipherp)) == 0)
421 opt_printf_stderr("%s: Unknown option or cipher: %s\n", prog, name);
422 return ret;
423 }
424
opt_cipher(const char * name,EVP_CIPHER ** cipherp)425 int opt_cipher(const char *name, EVP_CIPHER **cipherp)
426 {
427 int mode, ret = 0;
428 unsigned long int flags;
429 EVP_CIPHER *c = NULL;
430
431 if (name == NULL)
432 return 1;
433 if (opt_cipher_any(name, &c)) {
434 mode = EVP_CIPHER_get_mode(c);
435 flags = EVP_CIPHER_get_flags(c);
436 if (mode == EVP_CIPH_XTS_MODE) {
437 opt_printf_stderr("%s XTS ciphers not supported\n", prog);
438 } else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
439 opt_printf_stderr("%s: AEAD ciphers not supported\n", prog);
440 } else if ((flags & EVP_CIPH_FLAG_ENC_THEN_MAC) != 0) {
441 opt_printf_stderr("%s: ENC-then-MAC cipher not supported\n", prog);
442 } else {
443 ret = 1;
444 if (cipherp != NULL)
445 *cipherp = c;
446 }
447 }
448 return ret;
449 }
450
451 /*
452 * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
453 */
opt_md_silent(const char * name,EVP_MD ** mdp)454 int opt_md_silent(const char *name, EVP_MD **mdp)
455 {
456 EVP_MD *md;
457
458 ERR_set_mark();
459 if ((md = EVP_MD_fetch(app_get0_libctx(), name, app_get0_propq())) != NULL
460 || (opt_legacy_okay()
461 && (md = (EVP_MD *)EVP_get_digestbyname(name)) != NULL)) {
462 ERR_pop_to_mark();
463 if (mdp != NULL) {
464 EVP_MD_free(*mdp);
465 *mdp = md;
466 } else {
467 EVP_MD_free(md);
468 }
469 return 1;
470 }
471 ERR_clear_last_mark();
472 return 0;
473 }
474
opt_md(const char * name,EVP_MD ** mdp)475 int opt_md(const char *name, EVP_MD **mdp)
476 {
477 int ret;
478
479 if (name == NULL)
480 return 1;
481 if ((ret = opt_md_silent(name, mdp)) == 0)
482 opt_printf_stderr("%s: Unknown option or message digest: %s\n",
483 prog, name);
484 return ret;
485 }
486
opt_check_md(const char * name)487 int opt_check_md(const char *name)
488 {
489 if (opt_md(name, NULL))
490 return 1;
491 ERR_clear_error();
492 return 0;
493 }
494
495 /* Look through a list of name/value pairs. */
opt_pair(const char * name,const OPT_PAIR * pairs,int * result)496 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
497 {
498 const OPT_PAIR *pp;
499
500 for (pp = pairs; pp->name; pp++)
501 if (strcmp(pp->name, name) == 0) {
502 *result = pp->retval;
503 return 1;
504 }
505 opt_printf_stderr("%s: Value must be one of:\n", prog);
506 for (pp = pairs; pp->name; pp++)
507 opt_printf_stderr("\t%s\n", pp->name);
508 return 0;
509 }
510
511 /* Look through a list of valid names */
opt_string(const char * name,const char ** options)512 int opt_string(const char *name, const char **options)
513 {
514 const char **p;
515
516 for (p = options; *p != NULL; p++)
517 if (strcmp(*p, name) == 0)
518 return 1;
519 opt_printf_stderr("%s: Value must be one of:\n", prog);
520 for (p = options; *p != NULL; p++)
521 opt_printf_stderr("\t%s\n", *p);
522 return 0;
523 }
524
525 /* Parse an int, put it into *result; return 0 on failure, else 1. */
opt_int(const char * value,int * result)526 int opt_int(const char *value, int *result)
527 {
528 long l;
529
530 if (!opt_long(value, &l))
531 return 0;
532 *result = (int)l;
533 if (*result != l) {
534 opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
535 prog, value);
536 return 0;
537 }
538 return 1;
539 }
540
541 /* Parse and return an integer, assuming range has been checked before. */
opt_int_arg(void)542 int opt_int_arg(void)
543 {
544 int result = -1;
545
546 (void)opt_int(arg, &result);
547 return result;
548 }
549
opt_number_error(const char * v)550 static void opt_number_error(const char *v)
551 {
552 size_t i = 0;
553 struct strstr_pair_st {
554 char *prefix;
555 char *name;
556 } b[] = {
557 {"0x", "a hexadecimal"},
558 {"0X", "a hexadecimal"},
559 {"0", "an octal"}
560 };
561
562 for (i = 0; i < OSSL_NELEM(b); i++) {
563 if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
564 opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
565 prog, v, b[i].name);
566 return;
567 }
568 }
569 opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
570 return;
571 }
572
573 /* Parse a long, put it into *result; return 0 on failure, else 1. */
opt_long(const char * value,long * result)574 int opt_long(const char *value, long *result)
575 {
576 int oerrno = errno;
577 long l;
578 char *endp;
579
580 errno = 0;
581 l = strtol(value, &endp, 0);
582 if (*endp
583 || endp == value
584 || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
585 || (l == 0 && errno != 0)) {
586 opt_number_error(value);
587 errno = oerrno;
588 return 0;
589 }
590 *result = l;
591 errno = oerrno;
592 return 1;
593 }
594
595 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
596 defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
597 !defined(OPENSSL_NO_INTTYPES_H)
598
599 /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
opt_intmax(const char * value,ossl_intmax_t * result)600 int opt_intmax(const char *value, ossl_intmax_t *result)
601 {
602 int oerrno = errno;
603 intmax_t m;
604 char *endp;
605
606 errno = 0;
607 m = strtoimax(value, &endp, 0);
608 if (*endp
609 || endp == value
610 || ((m == INTMAX_MAX || m == INTMAX_MIN)
611 && errno == ERANGE)
612 || (m == 0 && errno != 0)) {
613 opt_number_error(value);
614 errno = oerrno;
615 return 0;
616 }
617 /* Ensure that the value in |m| is never too big for |*result| */
618 if (sizeof(m) > sizeof(*result)
619 && (m < OSSL_INTMAX_MIN || m > OSSL_INTMAX_MAX)) {
620 opt_number_error(value);
621 return 0;
622 }
623 *result = (ossl_intmax_t)m;
624 errno = oerrno;
625 return 1;
626 }
627
628 /* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
opt_uintmax(const char * value,ossl_uintmax_t * result)629 int opt_uintmax(const char *value, ossl_uintmax_t *result)
630 {
631 int oerrno = errno;
632 uintmax_t m;
633 char *endp;
634
635 errno = 0;
636 m = strtoumax(value, &endp, 0);
637 if (*endp
638 || endp == value
639 || (m == UINTMAX_MAX && errno == ERANGE)
640 || (m == 0 && errno != 0)) {
641 opt_number_error(value);
642 errno = oerrno;
643 return 0;
644 }
645 /* Ensure that the value in |m| is never too big for |*result| */
646 if (sizeof(m) > sizeof(*result)
647 && m > OSSL_UINTMAX_MAX) {
648 opt_number_error(value);
649 return 0;
650 }
651 *result = (ossl_uintmax_t)m;
652 errno = oerrno;
653 return 1;
654 }
655 #else
656 /* Fallback implementations based on long */
opt_intmax(const char * value,ossl_intmax_t * result)657 int opt_intmax(const char *value, ossl_intmax_t *result)
658 {
659 long m;
660 int ret;
661
662 if ((ret = opt_long(value, &m)))
663 *result = m;
664 return ret;
665 }
666
opt_uintmax(const char * value,ossl_uintmax_t * result)667 int opt_uintmax(const char *value, ossl_uintmax_t *result)
668 {
669 unsigned long m;
670 int ret;
671
672 if ((ret = opt_ulong(value, &m)))
673 *result = m;
674 return ret;
675 }
676 #endif
677
678 /*
679 * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
680 */
opt_ulong(const char * value,unsigned long * result)681 int opt_ulong(const char *value, unsigned long *result)
682 {
683 int oerrno = errno;
684 char *endptr;
685 unsigned long l;
686
687 errno = 0;
688 l = strtoul(value, &endptr, 0);
689 if (*endptr
690 || endptr == value
691 || ((l == ULONG_MAX) && errno == ERANGE)
692 || (l == 0 && errno != 0)) {
693 opt_number_error(value);
694 errno = oerrno;
695 return 0;
696 }
697 *result = l;
698 errno = oerrno;
699 return 1;
700 }
701
702 /*
703 * We pass opt as an int but cast it to "enum range" so that all the
704 * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
705 * in gcc do the right thing.
706 */
707 enum range { OPT_V_ENUM };
708
opt_verify(int opt,X509_VERIFY_PARAM * vpm)709 int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
710 {
711 int i;
712 ossl_intmax_t t = 0;
713 ASN1_OBJECT *otmp;
714 X509_PURPOSE *xptmp;
715 const X509_VERIFY_PARAM *vtmp;
716
717 OPENSSL_assert(vpm != NULL);
718 OPENSSL_assert(opt > OPT_V__FIRST);
719 OPENSSL_assert(opt < OPT_V__LAST);
720
721 switch ((enum range)opt) {
722 case OPT_V__FIRST:
723 case OPT_V__LAST:
724 return 0;
725 case OPT_V_POLICY:
726 otmp = OBJ_txt2obj(opt_arg(), 0);
727 if (otmp == NULL) {
728 opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
729 return 0;
730 }
731 if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
732 ASN1_OBJECT_free(otmp);
733 opt_printf_stderr("%s: Internal error adding Policy %s\n",
734 prog, opt_arg());
735 return 0;
736 }
737 break;
738 case OPT_V_PURPOSE:
739 /* purpose name -> purpose index */
740 i = X509_PURPOSE_get_by_sname(opt_arg());
741 if (i < 0) {
742 opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
743 return 0;
744 }
745
746 /* purpose index -> purpose object */
747 xptmp = X509_PURPOSE_get0(i);
748
749 /* purpose object -> purpose value */
750 i = X509_PURPOSE_get_id(xptmp);
751
752 if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
753 opt_printf_stderr("%s: Internal error setting purpose %s\n",
754 prog, opt_arg());
755 return 0;
756 }
757 break;
758 case OPT_V_VERIFY_NAME:
759 vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
760 if (vtmp == NULL) {
761 opt_printf_stderr("%s: Invalid verify name %s\n",
762 prog, opt_arg());
763 return 0;
764 }
765 X509_VERIFY_PARAM_set1(vpm, vtmp);
766 break;
767 case OPT_V_VERIFY_DEPTH:
768 i = atoi(opt_arg());
769 if (i >= 0)
770 X509_VERIFY_PARAM_set_depth(vpm, i);
771 break;
772 case OPT_V_VERIFY_AUTH_LEVEL:
773 i = atoi(opt_arg());
774 if (i >= 0)
775 X509_VERIFY_PARAM_set_auth_level(vpm, i);
776 break;
777 case OPT_V_ATTIME:
778 if (!opt_intmax(opt_arg(), &t))
779 return 0;
780 if (t != (time_t)t) {
781 opt_printf_stderr("%s: epoch time out of range %s\n",
782 prog, opt_arg());
783 return 0;
784 }
785 X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
786 break;
787 case OPT_V_VERIFY_HOSTNAME:
788 if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
789 return 0;
790 break;
791 case OPT_V_VERIFY_EMAIL:
792 if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
793 return 0;
794 break;
795 case OPT_V_VERIFY_IP:
796 if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
797 return 0;
798 break;
799 case OPT_V_IGNORE_CRITICAL:
800 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
801 break;
802 case OPT_V_ISSUER_CHECKS:
803 /* NOP, deprecated */
804 break;
805 case OPT_V_CRL_CHECK:
806 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
807 break;
808 case OPT_V_CRL_CHECK_ALL:
809 X509_VERIFY_PARAM_set_flags(vpm,
810 X509_V_FLAG_CRL_CHECK |
811 X509_V_FLAG_CRL_CHECK_ALL);
812 break;
813 case OPT_V_POLICY_CHECK:
814 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
815 break;
816 case OPT_V_EXPLICIT_POLICY:
817 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
818 break;
819 case OPT_V_INHIBIT_ANY:
820 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
821 break;
822 case OPT_V_INHIBIT_MAP:
823 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
824 break;
825 case OPT_V_X509_STRICT:
826 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
827 break;
828 case OPT_V_EXTENDED_CRL:
829 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
830 break;
831 case OPT_V_USE_DELTAS:
832 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
833 break;
834 case OPT_V_POLICY_PRINT:
835 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
836 break;
837 case OPT_V_CHECK_SS_SIG:
838 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
839 break;
840 case OPT_V_TRUSTED_FIRST:
841 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
842 break;
843 case OPT_V_SUITEB_128_ONLY:
844 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
845 break;
846 case OPT_V_SUITEB_128:
847 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
848 break;
849 case OPT_V_SUITEB_192:
850 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
851 break;
852 case OPT_V_PARTIAL_CHAIN:
853 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
854 break;
855 case OPT_V_NO_ALT_CHAINS:
856 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
857 break;
858 case OPT_V_NO_CHECK_TIME:
859 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
860 break;
861 case OPT_V_ALLOW_PROXY_CERTS:
862 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
863 break;
864 }
865 return 1;
866
867 }
868
opt_begin(void)869 void opt_begin(void)
870 {
871 opt_index = 1;
872 arg = NULL;
873 flag = NULL;
874 }
875
876 /*
877 * Parse the next flag (and value if specified), return 0 if done, -1 on
878 * error, otherwise the flag's retval.
879 */
opt_next(void)880 int opt_next(void)
881 {
882 char *p;
883 const OPTIONS *o;
884 int ival;
885 long lval;
886 unsigned long ulval;
887 ossl_intmax_t imval;
888 ossl_uintmax_t umval;
889
890 /* Look at current arg; at end of the list? */
891 arg = NULL;
892 p = argv[opt_index];
893 if (p == NULL)
894 return 0;
895
896 /* If word doesn't start with a -, we're done. */
897 if (*p != '-')
898 return 0;
899
900 /* Hit "--" ? We're done. */
901 opt_index++;
902 if (strcmp(p, "--") == 0)
903 return 0;
904
905 /* Allow -nnn and --nnn */
906 if (*++p == '-')
907 p++;
908 flag = p - 1;
909
910 /* If we have --flag=foo, snip it off */
911 if ((arg = strchr(p, '=')) != NULL)
912 *arg++ = '\0';
913 for (o = opts; o->name; ++o) {
914 /* If not this option, move on to the next one. */
915 if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0)
916 && strcmp(p, o->name) != 0)
917 continue;
918
919 /* If it doesn't take a value, make sure none was given. */
920 if (o->valtype == 0 || o->valtype == '-') {
921 if (arg) {
922 opt_printf_stderr("%s: Option -%s does not take a value\n",
923 prog, p);
924 return -1;
925 }
926 return o->retval;
927 }
928
929 /* Want a value; get the next param if =foo not used. */
930 if (arg == NULL) {
931 if (argv[opt_index] == NULL) {
932 opt_printf_stderr("%s: Option -%s needs a value\n",
933 prog, o->name);
934 return -1;
935 }
936 arg = argv[opt_index++];
937 }
938
939 /* Syntax-check value. */
940 switch (o->valtype) {
941 default:
942 case 's':
943 case ':':
944 /* Just a string. */
945 break;
946 case '.':
947 /* Parameters */
948 break;
949 case '/':
950 if (opt_isdir(arg) > 0)
951 break;
952 opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
953 return -1;
954 case '<':
955 /* Input file. */
956 break;
957 case '>':
958 /* Output file. */
959 break;
960 case 'p':
961 case 'n':
962 case 'N':
963 if (!opt_int(arg, &ival))
964 return -1;
965 if (o->valtype == 'p' && ival <= 0) {
966 opt_printf_stderr("%s: Non-positive number \"%s\" for option -%s\n",
967 prog, arg, o->name);
968 return -1;
969 }
970 if (o->valtype == 'N' && ival < 0) {
971 opt_printf_stderr("%s: Negative number \"%s\" for option -%s\n",
972 prog, arg, o->name);
973 return -1;
974 }
975 break;
976 case 'M':
977 if (!opt_intmax(arg, &imval))
978 return -1;
979 break;
980 case 'U':
981 if (!opt_uintmax(arg, &umval))
982 return -1;
983 break;
984 case 'l':
985 if (!opt_long(arg, &lval))
986 return -1;
987 break;
988 case 'u':
989 if (!opt_ulong(arg, &ulval))
990 return -1;
991 break;
992 case 'c':
993 case 'E':
994 case 'F':
995 case 'f':
996 case 'A':
997 case 'a':
998 if (opt_format(arg,
999 o->valtype == 'c' ? OPT_FMT_PDS :
1000 o->valtype == 'E' ? OPT_FMT_PDE :
1001 o->valtype == 'F' ? OPT_FMT_PEMDER :
1002 o->valtype == 'A' ? OPT_FMT_ASN1 :
1003 OPT_FMT_ANY, &ival))
1004 break;
1005 opt_printf_stderr("%s: Invalid format \"%s\" for option -%s\n",
1006 prog, arg, o->name);
1007 return -1;
1008 }
1009
1010 /* Return the flag value. */
1011 return o->retval;
1012 }
1013 if (unknown != NULL) {
1014 if (dunno != NULL) {
1015 opt_printf_stderr("%s: Multiple %s or unknown options: -%s and -%s\n",
1016 prog, unknown_name, dunno, p);
1017 return -1;
1018 }
1019 dunno = p;
1020 return unknown->retval;
1021 }
1022 opt_printf_stderr("%s: Unknown option: -%s\n", prog, p);
1023 return -1;
1024 }
1025
1026 /* Return the most recent flag parameter. */
opt_arg(void)1027 char *opt_arg(void)
1028 {
1029 return arg;
1030 }
1031
1032 /* Return the most recent flag (option name including the preceding '-'). */
opt_flag(void)1033 char *opt_flag(void)
1034 {
1035 return flag;
1036 }
1037
1038 /* Return the unknown option. */
opt_unknown(void)1039 char *opt_unknown(void)
1040 {
1041 return dunno;
1042 }
1043
1044 /* Reset the unknown option; needed by ocsp to allow multiple digest options. */
reset_unknown(void)1045 void reset_unknown(void)
1046 {
1047 dunno = NULL;
1048 }
1049
1050 /* Return the rest of the arguments after parsing flags. */
opt_rest(void)1051 char **opt_rest(void)
1052 {
1053 return &argv[opt_index];
1054 }
1055
1056 /* How many items in remaining args? */
opt_num_rest(void)1057 int opt_num_rest(void)
1058 {
1059 int i = 0;
1060 char **pp;
1061
1062 for (pp = opt_rest(); *pp; pp++, i++)
1063 continue;
1064 return i;
1065 }
1066
opt_check_rest_arg(const char * expected)1067 int opt_check_rest_arg(const char *expected)
1068 {
1069 char *opt = *opt_rest();
1070
1071 if (opt == NULL || *opt == '\0') {
1072 if (expected == NULL)
1073 return 1;
1074 opt_printf_stderr("%s: Missing argument: %s\n", prog, expected);
1075 return 0;
1076 }
1077 if (expected != NULL) {
1078 opt = argv[opt_index + 1];
1079 if (opt == NULL || *opt == '\0')
1080 return 1;
1081 opt_printf_stderr("%s: Extra argument after %s: \"%s\"\n", prog, expected, opt);
1082 return 0;
1083 }
1084 if (opt_unknown() == NULL)
1085 opt_printf_stderr("%s: Extra option: \"%s\"\n", prog, opt);
1086 else
1087 opt_printf_stderr("%s: Extra (unknown) options: \"%s\" \"%s\"\n",
1088 prog, opt_unknown(), opt);
1089 return 0;
1090 }
1091
1092 /* Return a string describing the parameter type. */
valtype2param(const OPTIONS * o)1093 static const char *valtype2param(const OPTIONS *o)
1094 {
1095 switch (o->valtype) {
1096 case 0:
1097 case '-':
1098 return "";
1099 case ':':
1100 return "uri";
1101 case 's':
1102 return "val";
1103 case '/':
1104 return "dir";
1105 case '<':
1106 return "infile";
1107 case '>':
1108 return "outfile";
1109 case 'p':
1110 return "+int";
1111 case 'n':
1112 return "int";
1113 case 'l':
1114 return "long";
1115 case 'u':
1116 return "ulong";
1117 case 'E':
1118 return "PEM|DER|ENGINE";
1119 case 'F':
1120 return "PEM|DER";
1121 case 'f':
1122 return "format";
1123 case 'M':
1124 return "intmax";
1125 case 'N':
1126 return "nonneg";
1127 case 'U':
1128 return "uintmax";
1129 }
1130 return "parm";
1131 }
1132
opt_print(const OPTIONS * o,int doingparams,int width)1133 static void opt_print(const OPTIONS *o, int doingparams, int width)
1134 {
1135 const char* help;
1136 char start[80 + 1];
1137 int linelen, printlen;
1138
1139 /* Avoid OOB if width is beyond the buffer size of start */
1140 if (width >= (int)sizeof(start))
1141 width = (int)sizeof(start) - 1;
1142
1143 help = o->helpstr ? o->helpstr : "(No additional info)";
1144 if (o->name == OPT_HELP_STR) {
1145 opt_printf_stderr(help, prog);
1146 return;
1147 } else if (o->name == OPT_SECTION_STR) {
1148 opt_printf_stderr("\n");
1149 opt_printf_stderr(help, prog);
1150 return;
1151 } else if (o->name == OPT_PARAM_STR) {
1152 opt_printf_stderr("\nParameters:\n");
1153 return;
1154 }
1155
1156 /* Pad out prefix */
1157 memset(start, ' ', sizeof(start) - 1);
1158 start[sizeof(start) - 1] = '\0';
1159
1160 if (o->name == OPT_MORE_STR) {
1161 /* Continuation of previous line; pad and print. */
1162 start[width] = '\0';
1163 opt_printf_stderr("%s %s\n", start, help);
1164 return;
1165 }
1166
1167 /* Build up the "-flag [param]" part. */
1168 linelen = 0;
1169
1170 printlen = opt_printf_stderr(" %s", !doingparams ? "-" : "");
1171 linelen += (printlen > 0) ? printlen : MAX_OPT_HELP_WIDTH;
1172
1173 printlen = opt_printf_stderr("%s" , o->name[0] ? o->name : "*");
1174 linelen += (printlen > 0) ? printlen : MAX_OPT_HELP_WIDTH;
1175
1176 if (o->valtype != '-') {
1177 printlen = opt_printf_stderr(" %s" , valtype2param(o));
1178 linelen += (printlen > 0) ? printlen : MAX_OPT_HELP_WIDTH;
1179 }
1180
1181 if (linelen >= MAX_OPT_HELP_WIDTH || linelen > width) {
1182 opt_printf_stderr("%s", "\n");
1183 memset(start, ' ', sizeof(start));
1184 linelen = 0;
1185 }
1186
1187 width -= linelen;
1188
1189 start[width] = '\0';
1190 opt_printf_stderr("%s %s\n", start, help);
1191 }
1192
opt_help(const OPTIONS * list)1193 void opt_help(const OPTIONS *list)
1194 {
1195 const OPTIONS *o;
1196 int i, sawparams = 0, width = 5;
1197 int standard_prolog;
1198
1199 /* Starts with its own help message? */
1200 standard_prolog = list[0].name != OPT_HELP_STR;
1201
1202 /* Find the widest help. */
1203 for (o = list; o->name; o++) {
1204 if (o->name == OPT_MORE_STR)
1205 continue;
1206
1207 i = 2 + (int)strlen(o->name);
1208 if (o->valtype != '-')
1209 i += 1 + (int)strlen(valtype2param(o));
1210
1211 if (i > width)
1212 width = i;
1213 }
1214
1215 if (width > MAX_OPT_HELP_WIDTH)
1216 width = MAX_OPT_HELP_WIDTH;
1217
1218 if (standard_prolog) {
1219 opt_printf_stderr("Usage: %s [options]\n", prog);
1220 if (list[0].name != OPT_SECTION_STR)
1221 opt_printf_stderr("Valid options are:\n", prog);
1222 }
1223
1224 /* Now let's print. */
1225 for (o = list; o->name; o++) {
1226 if (o->name == OPT_PARAM_STR)
1227 sawparams = 1;
1228 opt_print(o, sawparams, width);
1229 }
1230 }
1231
1232 /* opt_isdir section */
1233 #ifdef _WIN32
1234 # include <windows.h>
opt_isdir(const char * name)1235 int opt_isdir(const char *name)
1236 {
1237 DWORD attr;
1238 # if defined(UNICODE) || defined(_UNICODE)
1239 size_t i, len_0 = strlen(name) + 1;
1240 WCHAR tempname[MAX_PATH];
1241
1242 if (len_0 > MAX_PATH)
1243 return -1;
1244
1245 # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
1246 if (!MultiByteToWideChar(CP_ACP, 0, name, (int)len_0, tempname, MAX_PATH))
1247 # endif
1248 for (i = 0; i < len_0; i++)
1249 tempname[i] = (WCHAR)name[i];
1250
1251 attr = GetFileAttributes(tempname);
1252 # else
1253 attr = GetFileAttributes(name);
1254 # endif
1255 if (attr == INVALID_FILE_ATTRIBUTES)
1256 return -1;
1257 return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1258 }
1259 #else
1260 # include <sys/stat.h>
1261 # ifndef S_ISDIR
1262 # if defined(_S_IFMT) && defined(_S_IFDIR)
1263 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
1264 # else
1265 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
1266 # endif
1267 # endif
1268
opt_isdir(const char * name)1269 int opt_isdir(const char *name)
1270 {
1271 # if defined(S_ISDIR)
1272 struct stat st;
1273
1274 if (stat(name, &st) == 0)
1275 return S_ISDIR(st.st_mode);
1276 else
1277 return -1;
1278 # else
1279 return -1;
1280 # endif
1281 }
1282 #endif
1283