1 /*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * This file is also used by the test suite. Do not #include "apps.h".
12 */
13 #include "opt.h"
14 #include "fmt.h"
15 #include "app_libctx.h"
16 #include "internal/nelem.h"
17 #include "internal/numbers.h"
18 #include <string.h>
19 #if !defined(OPENSSL_SYS_MSDOS)
20 # include <unistd.h>
21 #endif
22
23 #include <stdlib.h>
24 #include <errno.h>
25 #include <ctype.h>
26 #include <limits.h>
27 #include <openssl/err.h>
28 #include <openssl/bio.h>
29 #include <openssl/x509v3.h>
30
31 #define MAX_OPT_HELP_WIDTH 30
32 const char OPT_HELP_STR[] = "-H";
33 const char OPT_MORE_STR[] = "-M";
34 const char OPT_SECTION_STR[] = "-S";
35 const char OPT_PARAM_STR[] = "-P";
36
37 /* Our state */
38 static char **argv;
39 static int argc;
40 static int opt_index;
41 static char *arg;
42 static char *flag;
43 static char *dunno;
44 static const char *unknown_name;
45 static const OPTIONS *unknown;
46 static const OPTIONS *opts;
47 static char prog[40];
48
49 /*
50 * Return the simple name of the program; removing various platform gunk.
51 */
52 #if defined(OPENSSL_SYS_WIN32)
53
opt_path_end(const char * filename)54 const char *opt_path_end(const char *filename)
55 {
56 const char *p;
57
58 /* find the last '/', '\' or ':' */
59 for (p = filename + strlen(filename); --p > filename; )
60 if (*p == '/' || *p == '\\' || *p == ':') {
61 p++;
62 break;
63 }
64 return p;
65 }
66
opt_progname(const char * argv0)67 char *opt_progname(const char *argv0)
68 {
69 size_t i, n;
70 const char *p;
71 char *q;
72
73 p = opt_path_end(argv0);
74
75 /* Strip off trailing nonsense. */
76 n = strlen(p);
77 if (n > 4 &&
78 (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
79 n -= 4;
80
81 /* Copy over the name, in lowercase. */
82 if (n > sizeof(prog) - 1)
83 n = sizeof(prog) - 1;
84 for (q = prog, i = 0; i < n; i++, p++)
85 *q++ = tolower((unsigned char)*p);
86 *q = '\0';
87 return prog;
88 }
89
90 #elif defined(OPENSSL_SYS_VMS)
91
opt_path_end(const char * filename)92 const char *opt_path_end(const char *filename)
93 {
94 const char *p;
95
96 /* Find last special character sys:[foo.bar]openssl */
97 for (p = filename + strlen(filename); --p > filename;)
98 if (*p == ':' || *p == ']' || *p == '>') {
99 p++;
100 break;
101 }
102 return p;
103 }
104
opt_progname(const char * argv0)105 char *opt_progname(const char *argv0)
106 {
107 const char *p, *q;
108
109 /* Find last special character sys:[foo.bar]openssl */
110 p = opt_path_end(argv0);
111 q = strrchr(p, '.');
112 if (prog != p)
113 strncpy(prog, p, sizeof(prog) - 1);
114 prog[sizeof(prog) - 1] = '\0';
115 if (q != NULL && q - p < sizeof(prog))
116 prog[q - p] = '\0';
117 return prog;
118 }
119
120 #else
121
opt_path_end(const char * filename)122 const char *opt_path_end(const char *filename)
123 {
124 const char *p;
125
126 /* Could use strchr, but this is like the ones above. */
127 for (p = filename + strlen(filename); --p > filename;)
128 if (*p == '/') {
129 p++;
130 break;
131 }
132 return p;
133 }
134
opt_progname(const char * argv0)135 char *opt_progname(const char *argv0)
136 {
137 const char *p;
138
139 p = opt_path_end(argv0);
140 if (prog != p)
141 strncpy(prog, p, sizeof(prog) - 1);
142 prog[sizeof(prog) - 1] = '\0';
143 return prog;
144 }
145 #endif
146
opt_appname(const char * argv0)147 char *opt_appname(const char *argv0)
148 {
149 size_t len = strlen(prog);
150
151 if (argv0 != NULL)
152 BIO_snprintf(prog + len, sizeof(prog) - len - 1, " %s", argv0);
153 return prog;
154 }
155
opt_getprog(void)156 char *opt_getprog(void)
157 {
158 return prog;
159 }
160
161 /* Set up the arg parsing. */
opt_init(int ac,char ** av,const OPTIONS * o)162 char *opt_init(int ac, char **av, const OPTIONS *o)
163 {
164 /* Store state. */
165 argc = ac;
166 argv = av;
167 opt_begin();
168 opts = o;
169 unknown = NULL;
170 /* Make sure prog name is set for usage output */
171 (void)opt_progname(argv[0]);
172
173 /* Check all options up until the PARAM marker (if present) */
174 for (; o->name != NULL && o->name != OPT_PARAM_STR; ++o) {
175 #ifndef NDEBUG
176 const OPTIONS *next;
177 int duplicated, i;
178 #endif
179
180 if (o->name == OPT_HELP_STR
181 || o->name == OPT_MORE_STR
182 || o->name == OPT_SECTION_STR)
183 continue;
184 #ifndef NDEBUG
185 i = o->valtype;
186
187 /* Make sure options are legit. */
188 OPENSSL_assert(o->name[0] != '-');
189 if (o->valtype == '.')
190 OPENSSL_assert(o->retval == OPT_PARAM);
191 else
192 OPENSSL_assert(o->retval == OPT_DUP || o->retval > OPT_PARAM);
193 switch (i) {
194 case 0: case '-': case '.':
195 case '/': case '<': case '>': case 'E': case 'F':
196 case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
197 case 'u': case 'c': case ':': case 'N': case 'A':
198 break;
199 default:
200 OPENSSL_assert(0);
201 }
202
203 /* Make sure there are no duplicates. */
204 for (next = o + 1; next->name; ++next) {
205 /*
206 * Some compilers inline strcmp and the assert string is too long.
207 */
208 duplicated = next->retval != OPT_DUP
209 && strcmp(o->name, next->name) == 0;
210 if (duplicated) {
211 opt_printf_stderr("%s: Internal error: duplicate option %s\n",
212 prog, o->name);
213 OPENSSL_assert(!duplicated);
214 }
215 }
216 #endif
217 if (o->name[0] == '\0') {
218 OPENSSL_assert(unknown_name != NULL);
219 OPENSSL_assert(unknown == NULL);
220 unknown = o;
221 OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
222 }
223 }
224 return prog;
225 }
226
227 static OPT_PAIR formats[] = {
228 {"pem", OPT_FMT_PEM},
229 {"der", OPT_FMT_DER},
230 {"b64", OPT_FMT_B64},
231 {"pkcs12", OPT_FMT_PKCS12},
232 {"smime", OPT_FMT_SMIME},
233 {"engine", OPT_FMT_ENGINE},
234 {"msblob", OPT_FMT_MSBLOB},
235 {"nss", OPT_FMT_NSS},
236 {"text", OPT_FMT_TEXT},
237 {"http", OPT_FMT_HTTP},
238 {"pvk", OPT_FMT_PVK},
239 {NULL}
240 };
241
opt_set_unknown_name(const char * name)242 void opt_set_unknown_name(const char *name)
243 {
244 unknown_name = name;
245 }
246
247 /* Print an error message about a failed format parse. */
opt_format_error(const char * s,unsigned long flags)248 static int opt_format_error(const char *s, unsigned long flags)
249 {
250 OPT_PAIR *ap;
251
252 opt_printf_stderr("%s: Bad format \"%s\"; must be one of: ", prog, s);
253 for (ap = formats; ap->name; ap++)
254 if (flags & ap->retval)
255 opt_printf_stderr(" %s", ap->name);
256 opt_printf_stderr("\n");
257
258 return 0;
259 }
260
261 /* Parse a format string, put it into *result; return 0 on failure, else 1. */
opt_format(const char * s,unsigned long flags,int * result)262 int opt_format(const char *s, unsigned long flags, int *result)
263 {
264 switch (*s) {
265 default:
266 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
267 return 0;
268 case 'B':
269 case 'b':
270 if (s[1] == '\0'
271 || strcmp(s, "B64") == 0 || strcmp(s, "b64") == 0
272 || strcmp(s, "BASE64") == 0 || strcmp(s, "base64") == 0 ) {
273 if ((flags & OPT_FMT_B64) == 0)
274 return opt_format_error(s, flags);
275 *result = FORMAT_BASE64;
276 } else {
277 return 0;
278 }
279 break;
280 case 'D':
281 case 'd':
282 if ((flags & OPT_FMT_DER) == 0)
283 return opt_format_error(s, flags);
284 *result = FORMAT_ASN1;
285 break;
286 case 'T':
287 case 't':
288 if ((flags & OPT_FMT_TEXT) == 0)
289 return opt_format_error(s, flags);
290 *result = FORMAT_TEXT;
291 break;
292 case 'N':
293 case 'n':
294 if ((flags & OPT_FMT_NSS) == 0)
295 return opt_format_error(s, flags);
296 if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
297 return opt_format_error(s, flags);
298 *result = FORMAT_NSS;
299 break;
300 case 'S':
301 case 's':
302 if ((flags & OPT_FMT_SMIME) == 0)
303 return opt_format_error(s, flags);
304 *result = FORMAT_SMIME;
305 break;
306 case 'M':
307 case 'm':
308 if ((flags & OPT_FMT_MSBLOB) == 0)
309 return opt_format_error(s, flags);
310 *result = FORMAT_MSBLOB;
311 break;
312 case 'E':
313 case 'e':
314 if ((flags & OPT_FMT_ENGINE) == 0)
315 return opt_format_error(s, flags);
316 *result = FORMAT_ENGINE;
317 break;
318 case 'H':
319 case 'h':
320 if ((flags & OPT_FMT_HTTP) == 0)
321 return opt_format_error(s, flags);
322 *result = FORMAT_HTTP;
323 break;
324 case '1':
325 if ((flags & OPT_FMT_PKCS12) == 0)
326 return opt_format_error(s, flags);
327 *result = FORMAT_PKCS12;
328 break;
329 case 'P':
330 case 'p':
331 if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
332 if ((flags & OPT_FMT_PEM) == 0)
333 return opt_format_error(s, flags);
334 *result = FORMAT_PEM;
335 } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
336 if ((flags & OPT_FMT_PVK) == 0)
337 return opt_format_error(s, flags);
338 *result = FORMAT_PVK;
339 } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
340 || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
341 if ((flags & OPT_FMT_PKCS12) == 0)
342 return opt_format_error(s, flags);
343 *result = FORMAT_PKCS12;
344 } else {
345 opt_printf_stderr("%s: Bad format \"%s\"\n", prog, s);
346 return 0;
347 }
348 break;
349 }
350 return 1;
351 }
352
353 /* Return string representing the given format. */
format2str(int format)354 static const char *format2str(int format)
355 {
356 switch (format) {
357 default:
358 return "(undefined)";
359 case FORMAT_PEM:
360 return "PEM";
361 case FORMAT_ASN1:
362 return "DER";
363 case FORMAT_TEXT:
364 return "TEXT";
365 case FORMAT_NSS:
366 return "NSS";
367 case FORMAT_SMIME:
368 return "SMIME";
369 case FORMAT_MSBLOB:
370 return "MSBLOB";
371 case FORMAT_ENGINE:
372 return "ENGINE";
373 case FORMAT_HTTP:
374 return "HTTP";
375 case FORMAT_PKCS12:
376 return "P12";
377 case FORMAT_PVK:
378 return "PVK";
379 }
380 }
381
382 /* Print an error message about unsuitable/unsupported format requested. */
print_format_error(int format,unsigned long flags)383 void print_format_error(int format, unsigned long flags)
384 {
385 (void)opt_format_error(format2str(format), flags);
386 }
387
388 /*
389 * Parse a cipher name, put it in *cipherp after freeing what was there, if
390 * cipherp is not NULL. Return 0 on failure, else 1.
391 */
opt_cipher_silent(const char * name,EVP_CIPHER ** cipherp)392 int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp)
393 {
394 EVP_CIPHER *c;
395
396 ERR_set_mark();
397 if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name,
398 app_get0_propq())) != NULL
399 || (opt_legacy_okay()
400 && (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) {
401 ERR_pop_to_mark();
402 if (cipherp != NULL) {
403 EVP_CIPHER_free(*cipherp);
404 *cipherp = c;
405 } else {
406 EVP_CIPHER_free(c);
407 }
408 return 1;
409 }
410 ERR_clear_last_mark();
411 return 0;
412 }
413
opt_cipher_any(const char * name,EVP_CIPHER ** cipherp)414 int opt_cipher_any(const char *name, EVP_CIPHER **cipherp)
415 {
416 int ret;
417
418 if (name == NULL)
419 return 1;
420 if ((ret = opt_cipher_silent(name, cipherp)) == 0)
421 opt_printf_stderr("%s: Unknown option or cipher: %s\n", prog, name);
422 return ret;
423 }
424
opt_cipher(const char * name,EVP_CIPHER ** cipherp)425 int opt_cipher(const char *name, EVP_CIPHER **cipherp)
426 {
427 int mode, ret = 0;
428 unsigned long int flags;
429 EVP_CIPHER *c = NULL;
430
431 if (name == NULL)
432 return 1;
433 if (opt_cipher_any(name, &c)) {
434 mode = EVP_CIPHER_get_mode(c);
435 flags = EVP_CIPHER_get_flags(c);
436 if (mode == EVP_CIPH_XTS_MODE) {
437 opt_printf_stderr("%s XTS ciphers not supported\n", prog);
438 } else if ((flags & EVP_CIPH_FLAG_AEAD_CIPHER) != 0) {
439 opt_printf_stderr("%s: AEAD ciphers not supported\n", prog);
440 } else {
441 ret = 1;
442 if (cipherp != NULL)
443 *cipherp = c;
444 }
445 }
446 return ret;
447 }
448
449 /*
450 * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
451 */
opt_md_silent(const char * name,EVP_MD ** mdp)452 int opt_md_silent(const char *name, EVP_MD **mdp)
453 {
454 EVP_MD *md;
455
456 ERR_set_mark();
457 if ((md = EVP_MD_fetch(app_get0_libctx(), name, app_get0_propq())) != NULL
458 || (opt_legacy_okay()
459 && (md = (EVP_MD *)EVP_get_digestbyname(name)) != NULL)) {
460 ERR_pop_to_mark();
461 if (mdp != NULL) {
462 EVP_MD_free(*mdp);
463 *mdp = md;
464 } else {
465 EVP_MD_free(md);
466 }
467 return 1;
468 }
469 ERR_clear_last_mark();
470 return 0;
471 }
472
opt_md(const char * name,EVP_MD ** mdp)473 int opt_md(const char *name, EVP_MD **mdp)
474 {
475 int ret;
476
477 if (name == NULL)
478 return 1;
479 if ((ret = opt_md_silent(name, mdp)) == 0)
480 opt_printf_stderr("%s: Unknown option or message digest: %s\n",
481 prog, name);
482 return ret;
483 }
484
opt_check_md(const char * name)485 int opt_check_md(const char *name)
486 {
487 if (opt_md(name, NULL))
488 return 1;
489 ERR_clear_error();
490 return 0;
491 }
492
493 /* Look through a list of name/value pairs. */
opt_pair(const char * name,const OPT_PAIR * pairs,int * result)494 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
495 {
496 const OPT_PAIR *pp;
497
498 for (pp = pairs; pp->name; pp++)
499 if (strcmp(pp->name, name) == 0) {
500 *result = pp->retval;
501 return 1;
502 }
503 opt_printf_stderr("%s: Value must be one of:\n", prog);
504 for (pp = pairs; pp->name; pp++)
505 opt_printf_stderr("\t%s\n", pp->name);
506 return 0;
507 }
508
509 /* Look through a list of valid names */
opt_string(const char * name,const char ** options)510 int opt_string(const char *name, const char **options)
511 {
512 const char **p;
513
514 for (p = options; *p != NULL; p++)
515 if (strcmp(*p, name) == 0)
516 return 1;
517 opt_printf_stderr("%s: Value must be one of:\n", prog);
518 for (p = options; *p != NULL; p++)
519 opt_printf_stderr("\t%s\n", *p);
520 return 0;
521 }
522
523 /* Parse an int, put it into *result; return 0 on failure, else 1. */
opt_int(const char * value,int * result)524 int opt_int(const char *value, int *result)
525 {
526 long l;
527
528 if (!opt_long(value, &l))
529 return 0;
530 *result = (int)l;
531 if (*result != l) {
532 opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
533 prog, value);
534 return 0;
535 }
536 return 1;
537 }
538
539 /* Parse and return an integer, assuming range has been checked before. */
opt_int_arg(void)540 int opt_int_arg(void)
541 {
542 int result = -1;
543
544 (void)opt_int(arg, &result);
545 return result;
546 }
547
opt_number_error(const char * v)548 static void opt_number_error(const char *v)
549 {
550 size_t i = 0;
551 struct strstr_pair_st {
552 char *prefix;
553 char *name;
554 } b[] = {
555 {"0x", "a hexadecimal"},
556 {"0X", "a hexadecimal"},
557 {"0", "an octal"}
558 };
559
560 for (i = 0; i < OSSL_NELEM(b); i++) {
561 if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
562 opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
563 prog, v, b[i].name);
564 return;
565 }
566 }
567 opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
568 return;
569 }
570
571 /* Parse a long, put it into *result; return 0 on failure, else 1. */
opt_long(const char * value,long * result)572 int opt_long(const char *value, long *result)
573 {
574 int oerrno = errno;
575 long l;
576 char *endp;
577
578 errno = 0;
579 l = strtol(value, &endp, 0);
580 if (*endp
581 || endp == value
582 || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
583 || (l == 0 && errno != 0)) {
584 opt_number_error(value);
585 errno = oerrno;
586 return 0;
587 }
588 *result = l;
589 errno = oerrno;
590 return 1;
591 }
592
593 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
594 defined(INTMAX_MAX) && defined(UINTMAX_MAX) && \
595 !defined(OPENSSL_NO_INTTYPES_H)
596
597 /* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
opt_intmax(const char * value,ossl_intmax_t * result)598 int opt_intmax(const char *value, ossl_intmax_t *result)
599 {
600 int oerrno = errno;
601 intmax_t m;
602 char *endp;
603
604 errno = 0;
605 m = strtoimax(value, &endp, 0);
606 if (*endp
607 || endp == value
608 || ((m == INTMAX_MAX || m == INTMAX_MIN)
609 && errno == ERANGE)
610 || (m == 0 && errno != 0)) {
611 opt_number_error(value);
612 errno = oerrno;
613 return 0;
614 }
615 /* Ensure that the value in |m| is never too big for |*result| */
616 if (sizeof(m) > sizeof(*result)
617 && (m < OSSL_INTMAX_MIN || m > OSSL_INTMAX_MAX)) {
618 opt_number_error(value);
619 return 0;
620 }
621 *result = (ossl_intmax_t)m;
622 errno = oerrno;
623 return 1;
624 }
625
626 /* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
opt_uintmax(const char * value,ossl_uintmax_t * result)627 int opt_uintmax(const char *value, ossl_uintmax_t *result)
628 {
629 int oerrno = errno;
630 uintmax_t m;
631 char *endp;
632
633 errno = 0;
634 m = strtoumax(value, &endp, 0);
635 if (*endp
636 || endp == value
637 || (m == UINTMAX_MAX && errno == ERANGE)
638 || (m == 0 && errno != 0)) {
639 opt_number_error(value);
640 errno = oerrno;
641 return 0;
642 }
643 /* Ensure that the value in |m| is never too big for |*result| */
644 if (sizeof(m) > sizeof(*result)
645 && m > OSSL_UINTMAX_MAX) {
646 opt_number_error(value);
647 return 0;
648 }
649 *result = (ossl_uintmax_t)m;
650 errno = oerrno;
651 return 1;
652 }
653 #else
654 /* Fallback implementations based on long */
opt_intmax(const char * value,ossl_intmax_t * result)655 int opt_intmax(const char *value, ossl_intmax_t *result)
656 {
657 long m;
658 int ret;
659
660 if ((ret = opt_long(value, &m)))
661 *result = m;
662 return ret;
663 }
664
opt_uintmax(const char * value,ossl_uintmax_t * result)665 int opt_uintmax(const char *value, ossl_uintmax_t *result)
666 {
667 unsigned long m;
668 int ret;
669
670 if ((ret = opt_ulong(value, &m)))
671 *result = m;
672 return ret;
673 }
674 #endif
675
676 /*
677 * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
678 */
opt_ulong(const char * value,unsigned long * result)679 int opt_ulong(const char *value, unsigned long *result)
680 {
681 int oerrno = errno;
682 char *endptr;
683 unsigned long l;
684
685 errno = 0;
686 l = strtoul(value, &endptr, 0);
687 if (*endptr
688 || endptr == value
689 || ((l == ULONG_MAX) && errno == ERANGE)
690 || (l == 0 && errno != 0)) {
691 opt_number_error(value);
692 errno = oerrno;
693 return 0;
694 }
695 *result = l;
696 errno = oerrno;
697 return 1;
698 }
699
700 /*
701 * We pass opt as an int but cast it to "enum range" so that all the
702 * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
703 * in gcc do the right thing.
704 */
705 enum range { OPT_V_ENUM };
706
opt_verify(int opt,X509_VERIFY_PARAM * vpm)707 int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
708 {
709 int i;
710 ossl_intmax_t t = 0;
711 ASN1_OBJECT *otmp;
712 X509_PURPOSE *xptmp;
713 const X509_VERIFY_PARAM *vtmp;
714
715 OPENSSL_assert(vpm != NULL);
716 OPENSSL_assert(opt > OPT_V__FIRST);
717 OPENSSL_assert(opt < OPT_V__LAST);
718
719 switch ((enum range)opt) {
720 case OPT_V__FIRST:
721 case OPT_V__LAST:
722 return 0;
723 case OPT_V_POLICY:
724 otmp = OBJ_txt2obj(opt_arg(), 0);
725 if (otmp == NULL) {
726 opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
727 return 0;
728 }
729 if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) {
730 ASN1_OBJECT_free(otmp);
731 opt_printf_stderr("%s: Internal error adding Policy %s\n",
732 prog, opt_arg());
733 return 0;
734 }
735 break;
736 case OPT_V_PURPOSE:
737 /* purpose name -> purpose index */
738 i = X509_PURPOSE_get_by_sname(opt_arg());
739 if (i < 0) {
740 opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
741 return 0;
742 }
743
744 /* purpose index -> purpose object */
745 xptmp = X509_PURPOSE_get0(i);
746
747 /* purpose object -> purpose value */
748 i = X509_PURPOSE_get_id(xptmp);
749
750 if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
751 opt_printf_stderr("%s: Internal error setting purpose %s\n",
752 prog, opt_arg());
753 return 0;
754 }
755 break;
756 case OPT_V_VERIFY_NAME:
757 vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
758 if (vtmp == NULL) {
759 opt_printf_stderr("%s: Invalid verify name %s\n",
760 prog, opt_arg());
761 return 0;
762 }
763 X509_VERIFY_PARAM_set1(vpm, vtmp);
764 break;
765 case OPT_V_VERIFY_DEPTH:
766 i = atoi(opt_arg());
767 if (i >= 0)
768 X509_VERIFY_PARAM_set_depth(vpm, i);
769 break;
770 case OPT_V_VERIFY_AUTH_LEVEL:
771 i = atoi(opt_arg());
772 if (i >= 0)
773 X509_VERIFY_PARAM_set_auth_level(vpm, i);
774 break;
775 case OPT_V_ATTIME:
776 if (!opt_intmax(opt_arg(), &t))
777 return 0;
778 if (t != (time_t)t) {
779 opt_printf_stderr("%s: epoch time out of range %s\n",
780 prog, opt_arg());
781 return 0;
782 }
783 X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
784 break;
785 case OPT_V_VERIFY_HOSTNAME:
786 if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
787 return 0;
788 break;
789 case OPT_V_VERIFY_EMAIL:
790 if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
791 return 0;
792 break;
793 case OPT_V_VERIFY_IP:
794 if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
795 return 0;
796 break;
797 case OPT_V_IGNORE_CRITICAL:
798 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
799 break;
800 case OPT_V_ISSUER_CHECKS:
801 /* NOP, deprecated */
802 break;
803 case OPT_V_CRL_CHECK:
804 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
805 break;
806 case OPT_V_CRL_CHECK_ALL:
807 X509_VERIFY_PARAM_set_flags(vpm,
808 X509_V_FLAG_CRL_CHECK |
809 X509_V_FLAG_CRL_CHECK_ALL);
810 break;
811 case OPT_V_POLICY_CHECK:
812 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
813 break;
814 case OPT_V_EXPLICIT_POLICY:
815 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
816 break;
817 case OPT_V_INHIBIT_ANY:
818 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
819 break;
820 case OPT_V_INHIBIT_MAP:
821 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
822 break;
823 case OPT_V_X509_STRICT:
824 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
825 break;
826 case OPT_V_EXTENDED_CRL:
827 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
828 break;
829 case OPT_V_USE_DELTAS:
830 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
831 break;
832 case OPT_V_POLICY_PRINT:
833 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
834 break;
835 case OPT_V_CHECK_SS_SIG:
836 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
837 break;
838 case OPT_V_TRUSTED_FIRST:
839 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
840 break;
841 case OPT_V_SUITEB_128_ONLY:
842 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
843 break;
844 case OPT_V_SUITEB_128:
845 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
846 break;
847 case OPT_V_SUITEB_192:
848 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
849 break;
850 case OPT_V_PARTIAL_CHAIN:
851 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
852 break;
853 case OPT_V_NO_ALT_CHAINS:
854 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
855 break;
856 case OPT_V_NO_CHECK_TIME:
857 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
858 break;
859 case OPT_V_ALLOW_PROXY_CERTS:
860 X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
861 break;
862 }
863 return 1;
864
865 }
866
opt_begin(void)867 void opt_begin(void)
868 {
869 opt_index = 1;
870 arg = NULL;
871 flag = NULL;
872 }
873
874 /*
875 * Parse the next flag (and value if specified), return 0 if done, -1 on
876 * error, otherwise the flag's retval.
877 */
opt_next(void)878 int opt_next(void)
879 {
880 char *p;
881 const OPTIONS *o;
882 int ival;
883 long lval;
884 unsigned long ulval;
885 ossl_intmax_t imval;
886 ossl_uintmax_t umval;
887
888 /* Look at current arg; at end of the list? */
889 arg = NULL;
890 p = argv[opt_index];
891 if (p == NULL)
892 return 0;
893
894 /* If word doesn't start with a -, we're done. */
895 if (*p != '-')
896 return 0;
897
898 /* Hit "--" ? We're done. */
899 opt_index++;
900 if (strcmp(p, "--") == 0)
901 return 0;
902
903 /* Allow -nnn and --nnn */
904 if (*++p == '-')
905 p++;
906 flag = p - 1;
907
908 /* If we have --flag=foo, snip it off */
909 if ((arg = strchr(p, '=')) != NULL)
910 *arg++ = '\0';
911 for (o = opts; o->name; ++o) {
912 /* If not this option, move on to the next one. */
913 if (!(strcmp(p, "h") == 0 && strcmp(o->name, "help") == 0)
914 && strcmp(p, o->name) != 0)
915 continue;
916
917 /* If it doesn't take a value, make sure none was given. */
918 if (o->valtype == 0 || o->valtype == '-') {
919 if (arg) {
920 opt_printf_stderr("%s: Option -%s does not take a value\n",
921 prog, p);
922 return -1;
923 }
924 return o->retval;
925 }
926
927 /* Want a value; get the next param if =foo not used. */
928 if (arg == NULL) {
929 if (argv[opt_index] == NULL) {
930 opt_printf_stderr("%s: Option -%s needs a value\n",
931 prog, o->name);
932 return -1;
933 }
934 arg = argv[opt_index++];
935 }
936
937 /* Syntax-check value. */
938 switch (o->valtype) {
939 default:
940 case 's':
941 case ':':
942 /* Just a string. */
943 break;
944 case '.':
945 /* Parameters */
946 break;
947 case '/':
948 if (opt_isdir(arg) > 0)
949 break;
950 opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
951 return -1;
952 case '<':
953 /* Input file. */
954 break;
955 case '>':
956 /* Output file. */
957 break;
958 case 'p':
959 case 'n':
960 case 'N':
961 if (!opt_int(arg, &ival))
962 return -1;
963 if (o->valtype == 'p' && ival <= 0) {
964 opt_printf_stderr("%s: Non-positive number \"%s\" for option -%s\n",
965 prog, arg, o->name);
966 return -1;
967 }
968 if (o->valtype == 'N' && ival < 0) {
969 opt_printf_stderr("%s: Negative number \"%s\" for option -%s\n",
970 prog, arg, o->name);
971 return -1;
972 }
973 break;
974 case 'M':
975 if (!opt_intmax(arg, &imval))
976 return -1;
977 break;
978 case 'U':
979 if (!opt_uintmax(arg, &umval))
980 return -1;
981 break;
982 case 'l':
983 if (!opt_long(arg, &lval))
984 return -1;
985 break;
986 case 'u':
987 if (!opt_ulong(arg, &ulval))
988 return -1;
989 break;
990 case 'c':
991 case 'E':
992 case 'F':
993 case 'f':
994 case 'A':
995 case 'a':
996 if (opt_format(arg,
997 o->valtype == 'c' ? OPT_FMT_PDS :
998 o->valtype == 'E' ? OPT_FMT_PDE :
999 o->valtype == 'F' ? OPT_FMT_PEMDER :
1000 o->valtype == 'A' ? OPT_FMT_ASN1 :
1001 OPT_FMT_ANY, &ival))
1002 break;
1003 opt_printf_stderr("%s: Invalid format \"%s\" for option -%s\n",
1004 prog, arg, o->name);
1005 return -1;
1006 }
1007
1008 /* Return the flag value. */
1009 return o->retval;
1010 }
1011 if (unknown != NULL) {
1012 if (dunno != NULL) {
1013 opt_printf_stderr("%s: Multiple %s or unknown options: -%s and -%s\n",
1014 prog, unknown_name, dunno, p);
1015 return -1;
1016 }
1017 dunno = p;
1018 return unknown->retval;
1019 }
1020 opt_printf_stderr("%s: Unknown option: -%s\n", prog, p);
1021 return -1;
1022 }
1023
1024 /* Return the most recent flag parameter. */
opt_arg(void)1025 char *opt_arg(void)
1026 {
1027 return arg;
1028 }
1029
1030 /* Return the most recent flag (option name including the preceding '-'). */
opt_flag(void)1031 char *opt_flag(void)
1032 {
1033 return flag;
1034 }
1035
1036 /* Return the unknown option. */
opt_unknown(void)1037 char *opt_unknown(void)
1038 {
1039 return dunno;
1040 }
1041
1042 /* Reset the unknown option; needed by ocsp to allow multiple digest options. */
reset_unknown(void)1043 void reset_unknown(void)
1044 {
1045 dunno = NULL;
1046 }
1047
1048 /* Return the rest of the arguments after parsing flags. */
opt_rest(void)1049 char **opt_rest(void)
1050 {
1051 return &argv[opt_index];
1052 }
1053
1054 /* How many items in remaining args? */
opt_num_rest(void)1055 int opt_num_rest(void)
1056 {
1057 int i = 0;
1058 char **pp;
1059
1060 for (pp = opt_rest(); *pp; pp++, i++)
1061 continue;
1062 return i;
1063 }
1064
opt_check_rest_arg(const char * expected)1065 int opt_check_rest_arg(const char *expected)
1066 {
1067 char *opt = *opt_rest();
1068
1069 if (opt == NULL || *opt == '\0') {
1070 if (expected == NULL)
1071 return 1;
1072 opt_printf_stderr("%s: Missing argument: %s\n", prog, expected);
1073 return 0;
1074 }
1075 if (expected != NULL) {
1076 opt = argv[opt_index + 1];
1077 if (opt == NULL || *opt == '\0')
1078 return 1;
1079 opt_printf_stderr("%s: Extra argument after %s: \"%s\"\n", prog, expected, opt);
1080 return 0;
1081 }
1082 if (opt_unknown() == NULL)
1083 opt_printf_stderr("%s: Extra option: \"%s\"\n", prog, opt);
1084 else
1085 opt_printf_stderr("%s: Extra (unknown) options: \"%s\" \"%s\"\n",
1086 prog, opt_unknown(), opt);
1087 return 0;
1088 }
1089
1090 /* Return a string describing the parameter type. */
valtype2param(const OPTIONS * o)1091 static const char *valtype2param(const OPTIONS *o)
1092 {
1093 switch (o->valtype) {
1094 case 0:
1095 case '-':
1096 return "";
1097 case ':':
1098 return "uri";
1099 case 's':
1100 return "val";
1101 case '/':
1102 return "dir";
1103 case '<':
1104 return "infile";
1105 case '>':
1106 return "outfile";
1107 case 'p':
1108 return "+int";
1109 case 'n':
1110 return "int";
1111 case 'l':
1112 return "long";
1113 case 'u':
1114 return "ulong";
1115 case 'E':
1116 return "PEM|DER|ENGINE";
1117 case 'F':
1118 return "PEM|DER";
1119 case 'f':
1120 return "format";
1121 case 'M':
1122 return "intmax";
1123 case 'N':
1124 return "nonneg";
1125 case 'U':
1126 return "uintmax";
1127 }
1128 return "parm";
1129 }
1130
opt_print(const OPTIONS * o,int doingparams,int width)1131 static void opt_print(const OPTIONS *o, int doingparams, int width)
1132 {
1133 const char* help;
1134 char start[80 + 1];
1135 int linelen, printlen;
1136
1137 /* Avoid OOB if width is beyond the buffer size of start */
1138 if (width >= (int)sizeof(start))
1139 width = (int)sizeof(start) - 1;
1140
1141 help = o->helpstr ? o->helpstr : "(No additional info)";
1142 if (o->name == OPT_HELP_STR) {
1143 opt_printf_stderr(help, prog);
1144 return;
1145 } else if (o->name == OPT_SECTION_STR) {
1146 opt_printf_stderr("\n");
1147 opt_printf_stderr(help, prog);
1148 return;
1149 } else if (o->name == OPT_PARAM_STR) {
1150 opt_printf_stderr("\nParameters:\n");
1151 return;
1152 }
1153
1154 /* Pad out prefix */
1155 memset(start, ' ', sizeof(start) - 1);
1156 start[sizeof(start) - 1] = '\0';
1157
1158 if (o->name == OPT_MORE_STR) {
1159 /* Continuation of previous line; pad and print. */
1160 start[width] = '\0';
1161 opt_printf_stderr("%s %s\n", start, help);
1162 return;
1163 }
1164
1165 /* Build up the "-flag [param]" part. */
1166 linelen = 0;
1167
1168 printlen = opt_printf_stderr(" %s", !doingparams ? "-" : "");
1169 linelen += (printlen > 0) ? printlen : MAX_OPT_HELP_WIDTH;
1170
1171 printlen = opt_printf_stderr("%s" , o->name[0] ? o->name : "*");
1172 linelen += (printlen > 0) ? printlen : MAX_OPT_HELP_WIDTH;
1173
1174 if (o->valtype != '-') {
1175 printlen = opt_printf_stderr(" %s" , valtype2param(o));
1176 linelen += (printlen > 0) ? printlen : MAX_OPT_HELP_WIDTH;
1177 }
1178
1179 if (linelen >= MAX_OPT_HELP_WIDTH || linelen > width) {
1180 opt_printf_stderr("%s", "\n");
1181 memset(start, ' ', sizeof(start));
1182 linelen = 0;
1183 }
1184
1185 width -= linelen;
1186
1187 start[width] = '\0';
1188 opt_printf_stderr("%s %s\n", start, help);
1189 }
1190
opt_help(const OPTIONS * list)1191 void opt_help(const OPTIONS *list)
1192 {
1193 const OPTIONS *o;
1194 int i, sawparams = 0, width = 5;
1195 int standard_prolog;
1196
1197 /* Starts with its own help message? */
1198 standard_prolog = list[0].name != OPT_HELP_STR;
1199
1200 /* Find the widest help. */
1201 for (o = list; o->name; o++) {
1202 if (o->name == OPT_MORE_STR)
1203 continue;
1204
1205 i = 2 + (int)strlen(o->name);
1206 if (o->valtype != '-')
1207 i += 1 + strlen(valtype2param(o));
1208
1209 if (i > width)
1210 width = i;
1211 }
1212
1213 if (width > MAX_OPT_HELP_WIDTH)
1214 width = MAX_OPT_HELP_WIDTH;
1215
1216 if (standard_prolog) {
1217 opt_printf_stderr("Usage: %s [options]\n", prog);
1218 if (list[0].name != OPT_SECTION_STR)
1219 opt_printf_stderr("Valid options are:\n", prog);
1220 }
1221
1222 /* Now let's print. */
1223 for (o = list; o->name; o++) {
1224 if (o->name == OPT_PARAM_STR)
1225 sawparams = 1;
1226 opt_print(o, sawparams, width);
1227 }
1228 }
1229
1230 /* opt_isdir section */
1231 #ifdef _WIN32
1232 # include <windows.h>
opt_isdir(const char * name)1233 int opt_isdir(const char *name)
1234 {
1235 DWORD attr;
1236 # if defined(UNICODE) || defined(_UNICODE)
1237 size_t i, len_0 = strlen(name) + 1;
1238 WCHAR tempname[MAX_PATH];
1239
1240 if (len_0 > MAX_PATH)
1241 return -1;
1242
1243 # if !defined(_WIN32_WCE) || _WIN32_WCE>=101
1244 if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
1245 # endif
1246 for (i = 0; i < len_0; i++)
1247 tempname[i] = (WCHAR)name[i];
1248
1249 attr = GetFileAttributes(tempname);
1250 # else
1251 attr = GetFileAttributes(name);
1252 # endif
1253 if (attr == INVALID_FILE_ATTRIBUTES)
1254 return -1;
1255 return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
1256 }
1257 #else
1258 # include <sys/stat.h>
1259 # ifndef S_ISDIR
1260 # if defined(_S_IFMT) && defined(_S_IFDIR)
1261 # define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
1262 # else
1263 # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
1264 # endif
1265 # endif
1266
opt_isdir(const char * name)1267 int opt_isdir(const char *name)
1268 {
1269 # if defined(S_ISDIR)
1270 struct stat st;
1271
1272 if (stat(name, &st) == 0)
1273 return S_ISDIR(st.st_mode);
1274 else
1275 return -1;
1276 # else
1277 return -1;
1278 # endif
1279 }
1280 #endif
1281
