wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Updated test command line parsing to support commmon commands

Browse source 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6975)
This commit is contained in:
Shane Lontis 2018-08-16 12:36:01 +10:00 committed by Richard Levitte
parent 9d5560331d
commit a43ce58f55
46 changed files with 1401 additions and 875 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

270
apps/apps.c
View file

@ -54,9 +54,6 @@ typedef struct {
unsigned long mask;
} NAME_EX_TBL;
static UI_METHOD *ui_method = NULL;
static const UI_METHOD *ui_fallback_method = NULL;
static int set_table_opts(unsigned long *flags, const char *arg,
const NAME_EX_TBL * in_tbl);
static int set_multi_opts(unsigned long *flags, const char *arg,
@ -173,179 +170,12 @@ int dump_cert_text(BIO *out, X509 *x)
return 0;
}
static int ui_open(UI *ui)
{
int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
if (opener)
return opener(ui);
return 1;
}
static int ui_read(UI *ui, UI_STRING *uis)
{
int (*reader)(UI *ui, UI_STRING *uis) = NULL;
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
case UIT_PROMPT:
case UIT_VERIFY:
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
if (password && password[0] != '\0') {
UI_set_result(ui, uis, password);
return 1;
}
}
break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
case UIT_ERROR:
break;
}
}
reader = UI_method_get_reader(ui_fallback_method);
if (reader)
return reader(ui, uis);
return 1;
}
static int ui_write(UI *ui, UI_STRING *uis)
{
int (*writer)(UI *ui, UI_STRING *uis) = NULL;
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
case UIT_PROMPT:
case UIT_VERIFY:
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
if (password && password[0] != '\0')
return 1;
}
break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
case UIT_ERROR:
break;
}
}
writer = UI_method_get_writer(ui_fallback_method);
if (writer)
return writer(ui, uis);
return 1;
}
static int ui_close(UI *ui)
{
int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
if (closer)
return closer(ui);
return 1;
}
int setup_ui_method(void)
{
ui_fallback_method = UI_null();
#ifndef OPENSSL_NO_UI_CONSOLE
ui_fallback_method = UI_OpenSSL();
#endif
ui_method = UI_create_method("OpenSSL application user interface");
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
UI_method_set_writer(ui_method, ui_write);
UI_method_set_closer(ui_method, ui_close);
return 0;
}
void destroy_ui_method(void)
{
if (ui_method) {
UI_destroy_method(ui_method);
ui_method = NULL;
}
}
const UI_METHOD *get_ui_method(void)
{
return ui_method;
}
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data)
{
int res = 0;
UI *ui;
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
const char *prompt_info = NULL;
char *prompt;
if ((ui = UI_new_method(ui_method)) == NULL)
return 0;
if (cb_data != NULL && cb_data->prompt_info != NULL)
prompt_info = cb_data->prompt_info;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (prompt == NULL) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
return 0;
}
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
/* We know that there is no previous user data to return to us */
(void)UI_add_user_data(ui, cb_data);
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = app_malloc(bufsiz, "password buffer");
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
PW_MIN_LENGTH, bufsiz - 1, buf);
}
if (ok >= 0)
do {
ok = UI_process(ui);
} while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
OPENSSL_clear_free(buff, (unsigned int)bufsiz);
if (ok >= 0)
res = strlen(buf);
if (ok == -1) {
BIO_printf(bio_err, "User interface error\n");
ERR_print_errors(bio_err);
OPENSSL_cleanse(buf, (unsigned int)bufsiz);
res = 0;
}
if (ok == -2) {
BIO_printf(bio_err, "aborted!\n");
OPENSSL_cleanse(buf, (unsigned int)bufsiz);
res = 0;
}
UI_free(ui);
OPENSSL_free(prompt);
return res;
}
int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata)
{
return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata);
}
static char *app_get_pass(const char *arg, int keepbio);
int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
@ -725,7 +555,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
} else {
#ifndef OPENSSL_NO_ENGINE
if (ENGINE_init(e)) {
pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
pkey = ENGINE_load_private_key(e, file,
(UI_METHOD *)get_ui_method(),
&cb_data);
ENGINE_finish(e);
}
if (pkey == NULL) {
@ -792,7 +624,8 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
BIO_printf(bio_err, "no engine specified\n");
} else {
#ifndef OPENSSL_NO_ENGINE
pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
pkey = ENGINE_load_public_key(e, file, (UI_METHOD *)get_ui_method(),
&cb_data);
if (pkey == NULL) {
BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
ERR_print_errors(bio_err);
@ -1295,7 +1128,8 @@ ENGINE *setup_engine(const char *engine, int debug)
if (debug) {
ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
}
ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, (void *)get_ui_method(),
0, 1);
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
BIO_printf(bio_err, "can't use that engine\n");
ERR_print_errors(bio_err);
@ -2321,56 +2155,10 @@ int app_access(const char* name, int flag)
#endif
}
/* app_isdir section */
#ifdef _WIN32
int app_isdir(const char *name)
{
DWORD attr;
# if defined(UNICODE) || defined(_UNICODE)
size_t i, len_0 = strlen(name) + 1;
WCHAR tempname[MAX_PATH];
if (len_0 > MAX_PATH)
return -1;
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
# endif
for (i = 0; i < len_0; i++)
tempname[i] = (WCHAR)name[i];
attr = GetFileAttributes(tempname);
# else
attr = GetFileAttributes(name);
# endif
if (attr == INVALID_FILE_ATTRIBUTES)
return -1;
return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
return opt_isdir(name);
}
#else
# include <sys/stat.h>
# ifndef S_ISDIR
# if defined(_S_IFMT) && defined(_S_IFDIR)
# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
# else
# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
# endif
# endif
int app_isdir(const char *name)
{
# if defined(S_ISDIR)
struct stat st;
if (stat(name, &st) == 0)
return S_ISDIR(st.st_mode);
else
return -1;
# else
return -1;
# endif
}
#endif
/* raw_read|write section */
#if defined(__VMS)
@ -2443,21 +2231,16 @@ int raw_write_stdout(const void *buf, int siz)
#endif
/*
* Centralized handling if input and output files with format specification
* Centralized handling of input and output files with format specification
* The format is meant to show what the input and output is supposed to be,
* and is therefore a show of intent more than anything else. However, it
* does impact behavior on some platform, such as differentiating between
* does impact behavior on some platforms, such as differentiating between
* text and binary input/output on non-Unix platforms
*/
static int istext(int format)
{
return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
}
BIO *dup_bio_in(int format)
{
return BIO_new_fp(stdin,
BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
}
static BIO_METHOD *prefix_method = NULL;
@ -2465,15 +2248,15 @@ static BIO_METHOD *prefix_method = NULL;
BIO *dup_bio_out(int format)
{
BIO *b = BIO_new_fp(stdout,
BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
void *prefix = NULL;
#ifdef OPENSSL_SYS_VMS
if (istext(format))
if (FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
if (FMT_istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
if (prefix_method == NULL)
prefix_method = apps_bf_prefix();
b = BIO_push(BIO_new(prefix_method), b);
@ -2486,9 +2269,9 @@ BIO *dup_bio_out(int format)
BIO *dup_bio_err(int format)
{
BIO *b = BIO_new_fp(stderr,
BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0));
#ifdef OPENSSL_SYS_VMS
if (istext(format))
if (FMT_istext(format))
b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
#endif
return b;
@ -2525,11 +2308,11 @@ static const char *modestr(char mode, int format)
switch (mode) {
case 'a':
return istext(format) ? "a" : "ab";
return FMT_istext(format) ? "a" : "ab";
case 'r':
return istext(format) ? "r" : "rb";
return FMT_istext(format) ? "r" : "rb";
case 'w':
return istext(format) ? "w" : "wb";
return FMT_istext(format) ? "w" : "wb";
}
/* The assert above should make sure we never reach this point */
return NULL;
@ -2567,7 +2350,7 @@ BIO *bio_open_owner(const char *filename, int format, int private)
#ifdef O_TRUNC
mode |= O_TRUNC;
#endif
textmode = istext(format);
textmode = FMT_istext(format);
if (!textmode) {
#ifdef O_BINARY
mode |= O_BINARY;
@ -2746,3 +2529,14 @@ void make_uppercase(char *string)
for (i = 0; string[i] != '\0'; i++)
string[i] = toupper((unsigned char)string[i]);
}
int opt_printf_stderr(const char *fmt, ...)
{
va_list ap;
int ret;
va_start(ap, fmt);
ret = BIO_vprintf(bio_err, fmt, ap);
va_end(ap);
return ret;
}

362
apps/apps.h
View file

@ -29,6 +29,9 @@
# include <openssl/engine.h>
# include <openssl/ocsp.h>
# include <signal.h>
# include "apps_ui.h"
# include "opt.h"
# include "fmt.h"
# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
# define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
@ -88,330 +91,6 @@ void corrupt_signature(const ASN1_STRING *signature);
int set_cert_times(X509 *x, const char *startdate, const char *enddate,
int days);
/*
* Common verification options.
*/
# define OPT_V_ENUM \
OPT_V__FIRST=2000, \
OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
OPT_V__LAST
# define OPT_V_OPTIONS \
{ "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
{ "purpose", OPT_V_PURPOSE, 's', \
"certificate chain purpose"}, \
{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
{ "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
"chain depth limit" }, \
{ "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
"chain authentication security level" }, \
{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
"expected peer hostname" }, \
{ "verify_email", OPT_V_VERIFY_EMAIL, 's', \
"expected peer email" }, \
{ "verify_ip", OPT_V_VERIFY_IP, 's', \
"expected peer IP address" }, \
{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
"permit unhandled critical extensions"}, \
{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
{ "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
"set policy variable require-explicit-policy"}, \
{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
"set policy variable inhibit-any-policy"}, \
{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
"set policy variable inhibit-policy-mapping"}, \
{ "x509_strict", OPT_V_X509_STRICT, '-', \
"disable certificate compatibility work-arounds"}, \
{ "extended_crl", OPT_V_EXTENDED_CRL, '-', \
"enable extended CRL features"}, \
{ "use_deltas", OPT_V_USE_DELTAS, '-', \
"use delta CRLs"}, \
{ "policy_print", OPT_V_POLICY_PRINT, '-', \
"print policy processing diagnostics"}, \
{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
"check root CA self-signatures"}, \
{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
"search trust store first (default)" }, \
{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
{ "suiteB_128", OPT_V_SUITEB_128, '-', \
"Suite B 128-bit mode allowing 192-bit algorithms"}, \
{ "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
"accept chains anchored by intermediate trust-store CAs"}, \
{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
# define OPT_V_CASES \
OPT_V__FIRST: case OPT_V__LAST: break; \
case OPT_V_POLICY: \
case OPT_V_PURPOSE: \
case OPT_V_VERIFY_NAME: \
case OPT_V_VERIFY_DEPTH: \
case OPT_V_VERIFY_AUTH_LEVEL: \
case OPT_V_ATTIME: \
case OPT_V_VERIFY_HOSTNAME: \
case OPT_V_VERIFY_EMAIL: \
case OPT_V_VERIFY_IP: \
case OPT_V_IGNORE_CRITICAL: \
case OPT_V_ISSUER_CHECKS: \
case OPT_V_CRL_CHECK: \
case OPT_V_CRL_CHECK_ALL: \
case OPT_V_POLICY_CHECK: \
case OPT_V_EXPLICIT_POLICY: \
case OPT_V_INHIBIT_ANY: \
case OPT_V_INHIBIT_MAP: \
case OPT_V_X509_STRICT: \
case OPT_V_EXTENDED_CRL: \
case OPT_V_USE_DELTAS: \
case OPT_V_POLICY_PRINT: \
case OPT_V_CHECK_SS_SIG: \
case OPT_V_TRUSTED_FIRST: \
case OPT_V_SUITEB_128_ONLY: \
case OPT_V_SUITEB_128: \
case OPT_V_SUITEB_192: \
case OPT_V_PARTIAL_CHAIN: \
case OPT_V_NO_ALT_CHAINS: \
case OPT_V_NO_CHECK_TIME: \
case OPT_V_ALLOW_PROXY_CERTS
/*
* Common "extended validation" options.
*/
# define OPT_X_ENUM \
OPT_X__FIRST=1000, \
OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
OPT_X_CERTFORM, OPT_X_KEYFORM, \
OPT_X__LAST
# define OPT_X_OPTIONS \
{ "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
{ "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
{ "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
{ "xchain_build", OPT_X_CHAIN_BUILD, '-', \
"build certificate chain for the extended certificates"}, \
{ "xcertform", OPT_X_CERTFORM, 'F', \
"format of Extended certificate (PEM or DER) PEM default " }, \
{ "xkeyform", OPT_X_KEYFORM, 'F', \
"format of Extended certificate's key (PEM or DER) PEM default"}
# define OPT_X_CASES \
OPT_X__FIRST: case OPT_X__LAST: break; \
case OPT_X_KEY: \
case OPT_X_CERT: \
case OPT_X_CHAIN: \
case OPT_X_CHAIN_BUILD: \
case OPT_X_CERTFORM: \
case OPT_X_KEYFORM
/*
* Common SSL options.
* Any changes here must be coordinated with ../ssl/ssl_conf.c
*/
# define OPT_S_ENUM \
OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
OPT_S_PRIORITIZE_CHACHA, \
OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
{"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
{"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
{"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
{"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
{"no_ticket", OPT_S_NOTICKET, '-', \
"Disable use of TLS session tickets"}, \
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
"Enable use of legacy renegotiation (dangerous)"}, \
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
"Disable all renegotiation."}, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
"Allow initial connection to servers that don't support RI"}, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
"Disallow session resumption on renegotiation"}, \
{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
"Disallow initial connection to servers that don't support RI"}, \
{"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
"In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
{"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
"Prioritize ChaCha ciphers when preferred by clients"}, \
{"strict", OPT_S_STRICT, '-', \
"Enforce strict certificate checks as per TLS standard"}, \
{"sigalgs", OPT_S_SIGALGS, 's', \
"Signature algorithms to support (colon-separated list)" }, \
{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
"Signature algorithms to support for client certificate" \
" authentication (colon-separated list)" }, \
{"groups", OPT_S_GROUPS, 's', \
"Groups to advertise (colon-separated list)" }, \
{"curves", OPT_S_CURVES, 's', \
"Groups to advertise (colon-separated list)" }, \
{"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"record_padding", OPT_S_RECORD_PADDING, 's', \
"Block size to pad TLS 1.3 records to."}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"}, \
{"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
"Disable TLSv1.3 middlebox compat mode" }
# define OPT_S_CASES \
OPT_S__FIRST: case OPT_S__LAST: break; \
case OPT_S_NOSSL3: \
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
case OPT_S_NOTLS1_3: \
case OPT_S_BUGS: \
case OPT_S_NO_COMP: \
case OPT_S_COMP: \
case OPT_S_NOTICKET: \
case OPT_S_SERVERPREF: \
case OPT_S_LEGACYRENEG: \
case OPT_S_LEGACYCONN: \
case OPT_S_ONRESUMP: \
case OPT_S_NOLEGACYCONN: \
case OPT_S_ALLOW_NO_DHE_KEX: \
case OPT_S_PRIORITIZE_CHACHA: \
case OPT_S_STRICT: \
case OPT_S_SIGALGS: \
case OPT_S_CLIENTSIGALGS: \
case OPT_S_GROUPS: \
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_CIPHERSUITES: \
case OPT_S_RECORD_PADDING: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_DEBUGBROKE: \
case OPT_S_NO_MIDDLEBOX
#define IS_NO_PROT_FLAG(o) \
(o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
* Random state options.
*/
# define OPT_R_ENUM \
OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
# define OPT_R_OPTIONS \
{"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
# define OPT_R_CASES \
OPT_R__FIRST: case OPT_R__LAST: break; \
case OPT_R_RAND: case OPT_R_WRITERAND
/*
* Option parsing.
*/
extern const char OPT_HELP_STR[];
extern const char OPT_MORE_STR[];
typedef struct options_st {
const char *name;
int retval;
/*
* value type: - no value (also the value zero), n number, p positive
* number, u unsigned, l long, s string, < input file, > output file,
* f any format, F der/pem format, E der/pem/engine format identifier.
* l, n and u include zero; p does not.
*/
int valtype;
const char *helpstr;
} OPTIONS;
/*
* A string/int pairing; widely use for option value lookup, hence the
* name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
* the "generic" name STRINT_PAIR.
*/
typedef struct string_int_pair_st {
const char *name;
int retval;
} OPT_PAIR, STRINT_PAIR;
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
# define OPT_FMT_PEMDER (1L << 1)
# define OPT_FMT_PKCS12 (1L << 2)
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
# define OPT_FMT_PVK (1L << 10)
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
char *opt_init(int ac, char **av, const OPTIONS * o);
int opt_next(void);
int opt_format(const char *s, unsigned long flags, int *result);
int opt_int(const char *arg, int *result);
int opt_ulong(const char *arg, unsigned long *result);
int opt_long(const char *arg, long *result);
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
int opt_imax(const char *arg, intmax_t *result);
int opt_umax(const char *arg, uintmax_t *result);
#else
# define opt_imax opt_long
# define opt_umax opt_ulong
# define intmax_t long
# define uintmax_t unsigned long
#endif
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);
char *opt_flag(void);
char *opt_unknown(void);
char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
void opt_help(const OPTIONS * list);
int opt_format_error(const char *s, unsigned long flags);
typedef struct args_st {
int size;
int argc;
@ -430,20 +109,8 @@ char **copy_argv(int *argc, char *argv[]);
*/
void win32_utf8argv(int *argc, char **argv[]);
# define PW_MIN_LENGTH 4
typedef struct pw_cb_data {
const void *password;
const char *prompt_info;
} PW_CB_DATA;
/* We need both wrap and the "real" function because libcrypto uses both. */
int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
const UI_METHOD *get_ui_method(void);
int chopup_args(ARGS *arg, char *buf);
# ifdef HEADER_X509_H
@ -573,29 +240,6 @@ void print_cert_checks(BIO *bio, X509 *x,
void store_setup_crl_download(X509_STORE *st);
/* See OPT_FMT_xxx, above. */
/* On some platforms, it's important to distinguish between text and binary
* files. On some, there might even be specific file formats for different
* contents. The FORMAT_xxx macros are meant to express an intent with the
* file being read or created.
*/
# define B_FORMAT_TEXT 0x8000
# define FORMAT_UNDEF 0
# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
# define FORMAT_BINARY 2 /* Generic binary */
# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
# define FORMAT_ASN1 4 /* ASN.1/DER */
# define FORMAT_PEM (5 | B_FORMAT_TEXT)
# define FORMAT_PKCS12 6
# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
# define FORMAT_ENGINE 8 /* Not really a file format */
# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define FORMAT_PVK 12 /* MS PVK file format */
# define FORMAT_HTTP 13 /* Download using HTTP */
# define FORMAT_NSS 14 /* NSS keylog format */
# define EXT_COPY_NONE 0
# define EXT_COPY_ADD 1
# define EXT_COPY_ALL 2

197
apps/apps_ui.c Normal file
View file

@ -0,0 +1,197 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/err.h>
#include <openssl/ui.h>
#include "apps_ui.h"
static UI_METHOD *ui_method = NULL;
static const UI_METHOD *ui_fallback_method = NULL;
static int ui_open(UI *ui)
{
int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
if (opener)
return opener(ui);
return 1;
}
static int ui_read(UI *ui, UI_STRING *uis)
{
int (*reader)(UI *ui, UI_STRING *uis) = NULL;
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
case UIT_PROMPT:
case UIT_VERIFY:
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
if (password && password[0] != '\0') {
UI_set_result(ui, uis, password);
return 1;
}
}
break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
case UIT_ERROR:
break;
}
}
reader = UI_method_get_reader(ui_fallback_method);
if (reader)
return reader(ui, uis);
return 1;
}
static int ui_write(UI *ui, UI_STRING *uis)
{
int (*writer)(UI *ui, UI_STRING *uis) = NULL;
if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
&& UI_get0_user_data(ui)) {
switch (UI_get_string_type(uis)) {
case UIT_PROMPT:
case UIT_VERIFY:
{
const char *password =
((PW_CB_DATA *)UI_get0_user_data(ui))->password;
if (password && password[0] != '\0')
return 1;
}
break;
case UIT_NONE:
case UIT_BOOLEAN:
case UIT_INFO:
case UIT_ERROR:
break;
}
}
writer = UI_method_get_writer(ui_fallback_method);
if (writer)
return writer(ui, uis);
return 1;
}
static int ui_close(UI *ui)
{
int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
if (closer)
return closer(ui);
return 1;
}
int setup_ui_method(void)
{
ui_fallback_method = UI_null();
#ifndef OPENSSL_NO_UI_CONSOLE
ui_fallback_method = UI_OpenSSL();
#endif
ui_method = UI_create_method("OpenSSL application user interface");
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
UI_method_set_writer(ui_method, ui_write);
UI_method_set_closer(ui_method, ui_close);
return 0;
}
void destroy_ui_method(void)
{
if (ui_method) {
UI_destroy_method(ui_method);
ui_method = NULL;
}
}
const UI_METHOD *get_ui_method(void)
{
return ui_method;
}
static void *ui_malloc(int sz, const char *what)
{
void *vp = OPENSSL_malloc(sz);
if (vp == NULL) {
BIO_printf(bio_err, "Could not allocate %d bytes for %s\n", sz, what);
ERR_print_errors(bio_err);
exit(1);
}
return vp;
}
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data)
{
int res = 0;
UI *ui;
int ok = 0;
char *buff = NULL;
int ui_flags = 0;
const char *prompt_info = NULL;
char *prompt;
if ((ui = UI_new_method(ui_method)) == NULL)
return 0;
if (cb_data != NULL && cb_data->prompt_info != NULL)
prompt_info = cb_data->prompt_info;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (prompt == NULL) {
BIO_printf(bio_err, "Out of memory\n");
UI_free(ui);
return 0;
}
ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
/* We know that there is no previous user data to return to us */
(void)UI_add_user_data(ui, cb_data);
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
PW_MIN_LENGTH, bufsiz - 1);
if (ok >= 0 && verify) {
buff = ui_malloc(bufsiz, "password buffer");
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
PW_MIN_LENGTH, bufsiz - 1, buf);
}
if (ok >= 0)
do {
ok = UI_process(ui);
} while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
OPENSSL_clear_free(buff, (unsigned int)bufsiz);
if (ok >= 0)
res = strlen(buf);
if (ok == -1) {
BIO_printf(bio_err, "User interface error\n");
ERR_print_errors(bio_err);
OPENSSL_cleanse(buf, (unsigned int)bufsiz);
res = 0;
}
if (ok == -2) {
BIO_printf(bio_err, "aborted!\n");
OPENSSL_cleanse(buf, (unsigned int)bufsiz);
res = 0;
}
UI_free(ui);
OPENSSL_free(prompt);
return res;
}

28
apps/apps_ui.h Normal file
View file

@ -0,0 +1,28 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_APPS_UI_H
# define HEADER_APPS_UI_H
# define PW_MIN_LENGTH 4
typedef struct pw_cb_data {
const void *password;
const char *prompt_info;
} PW_CB_DATA;
int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
int setup_ui_method(void);
void destroy_ui_method(void);
const UI_METHOD *get_ui_method(void);
extern BIO *bio_err;
#endif

3
apps/build.info
View file

@ -7,7 +7,8 @@
s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c
srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c);
our @apps_lib_src =
( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c),
( qw(apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c
bf_prefix.c),
split(/\s+/, $target{apps_aux_src}) );
our @apps_init_src = split(/\s+/, $target{apps_init_src});
"" -}

15
apps/fmt.c Normal file
View file

@ -0,0 +1,15 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "fmt.h"
int FMT_istext(int format)
{
return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
}

44
apps/fmt.h Normal file
View file

@ -0,0 +1,44 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* Options are shared by apps (see apps.h) and the test system
* (see test/testutil.h').
* In order to remove the dependency between apps and options, the following
* shared fields have been moved into this file.
*/
#ifndef HEADER_FMT_H
#define HEADER_FMT_H
/* On some platforms, it's important to distinguish between text and binary
* files. On some, there might even be specific file formats for different
* contents. The FORMAT_xxx macros are meant to express an intent with the
* file being read or created.
*/
# define B_FORMAT_TEXT 0x8000
# define FORMAT_UNDEF 0
# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */
# define FORMAT_BINARY 2 /* Generic binary */
# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */
# define FORMAT_ASN1 4 /* ASN.1/DER */
# define FORMAT_PEM (5 | B_FORMAT_TEXT)
# define FORMAT_PKCS12 6
# define FORMAT_SMIME (7 | B_FORMAT_TEXT)
# define FORMAT_ENGINE 8 /* Not really a file format */
# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */
# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */
# define FORMAT_MSBLOB 11 /* MS Key blob format */
# define FORMAT_PVK 12 /* MS PVK file format */
# define FORMAT_HTTP 13 /* Download using HTTP */
# define FORMAT_NSS 14 /* NSS keylog format */
int FMT_istext(int format);
#endif /* HEADER_FMT_H_ */

190
apps/opt.c
View file

@ -6,7 +6,13 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "apps.h"
/*
* This file is also used by the test suite. Do not #include "apps.h".
*/
#include "opt.h"
#include "fmt.h"
#include "internal/nelem.h"
#include <string.h>
#if !defined(OPENSSL_SYS_MSDOS)
# include OPENSSL_UNISTD
@ -116,7 +122,7 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
/* Store state. */
argc = ac;
argv = av;
opt_index = 1;
opt_begin();
opts = o;
opt_progname(av[0]);
unknown = NULL;
@ -133,15 +139,15 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
i = o->valtype;
/* Make sure options are legit. */
assert(o->name[0] != '-');
assert(o->retval > 0);
OPENSSL_assert(o->name[0] != '-');
OPENSSL_assert(o->retval > 0);
switch (i) {
case 0: case '-': case '/': case '<': case '>': case 'E': case 'F':
case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
case 'u': case 'c':
break;
default:
assert(0);
OPENSSL_assert(0);
}
/* Make sure there are no duplicates. */
@ -150,13 +156,13 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
* Some compilers inline strcmp and the assert string is too long.
*/
duplicated = strcmp(o->name, next->name) == 0;
assert(!duplicated);
OPENSSL_assert(!duplicated);
}
#endif
if (o->name[0] == '\0') {
assert(unknown == NULL);
OPENSSL_assert(unknown == NULL);
unknown = o;
assert(unknown->valtype == 0 || unknown->valtype == '-');
OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
}
}
return prog;
@ -181,14 +187,14 @@ int opt_format_error(const char *s, unsigned long flags)
OPT_PAIR *ap;
if (flags == OPT_FMT_PEMDER) {
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
prog, s);
opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n",
prog, s);
} else {
BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
prog, s);
opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n",
prog, s);
for (ap = formats; ap->name; ap++)
if (flags & ap->retval)
BIO_printf(bio_err, " %s\n", ap->name);
opt_printf_stderr(" %s\n", ap->name);
}
return 0;
}
@ -277,7 +283,7 @@ int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
*cipherp = EVP_get_cipherbyname(name);
if (*cipherp != NULL)
return 1;
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
return 0;
}
@ -289,7 +295,7 @@ int opt_md(const char *name, const EVP_MD **mdp)
*mdp = EVP_get_digestbyname(name);
if (*mdp != NULL)
return 1;
BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name);
return 0;
}
@ -303,9 +309,9 @@ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
*result = pp->retval;
return 1;
}
BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
opt_printf_stderr("%s: Value must be one of:\n", prog);
for (pp = pairs; pp->name; pp++)
BIO_printf(bio_err, "\t%s\n", pp->name);
opt_printf_stderr("\t%s\n", pp->name);
return 0;
}
@ -318,8 +324,8 @@ int opt_int(const char *value, int *result)
return 0;
*result = (int)l;
if (*result != l) {
BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n",
prog, value);
opt_printf_stderr("%s: Value \"%s\" outside integer range\n",
prog, value);
return 0;
}
return 1;
@ -339,13 +345,12 @@ static void opt_number_error(const char *v)
for (i = 0; i < OSSL_NELEM(b); i++) {
if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
BIO_printf(bio_err,
"%s: Can't parse \"%s\" as %s number\n",
prog, v, b[i].name);
opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n",
prog, v, b[i].name);
return;
}
}
BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v);
opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v);
return;
}
@ -458,9 +463,9 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
X509_PURPOSE *xptmp;
const X509_VERIFY_PARAM *vtmp;
assert(vpm != NULL);
assert(opt > OPT_V__FIRST);
assert(opt < OPT_V__LAST);
OPENSSL_assert(vpm != NULL);
OPENSSL_assert(opt > OPT_V__FIRST);
OPENSSL_assert(opt < OPT_V__LAST);
switch ((enum range)opt) {
case OPT_V__FIRST:
@ -469,7 +474,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
case OPT_V_POLICY:
otmp = OBJ_txt2obj(opt_arg(), 0);
if (otmp == NULL) {
BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_add0_policy(vpm, otmp);
@ -478,7 +483,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
/* purpose name -> purpose index */
i = X509_PURPOSE_get_by_sname(opt_arg());
if (i < 0) {
BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg());
return 0;
}
@ -489,17 +494,16 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
i = X509_PURPOSE_get_id(xptmp);
if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
BIO_printf(bio_err,
"%s: Internal error setting purpose %s\n",
prog, opt_arg());
opt_printf_stderr("%s: Internal error setting purpose %s\n",
prog, opt_arg());
return 0;
}
break;
case OPT_V_VERIFY_NAME:
vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
if (vtmp == NULL) {
BIO_printf(bio_err, "%s: Invalid verify name %s\n",
prog, opt_arg());
opt_printf_stderr("%s: Invalid verify name %s\n",
prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set1(vpm, vtmp);
@ -518,8 +522,8 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
if (!opt_imax(opt_arg(), &t))
return 0;
if (t != (time_t)t) {
BIO_printf(bio_err, "%s: epoch time out of range %s\n",
prog, opt_arg());
opt_printf_stderr("%s: epoch time out of range %s\n",
prog, opt_arg());
return 0;
}
X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
@ -606,6 +610,13 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
}
void opt_begin(void)
{
opt_index = 1;
arg = NULL;
flag = NULL;
}
/*
* Parse the next flag (and value if specified), return 0 if done, -1 on
* error, otherwise the flag's retval.
@ -651,8 +662,8 @@ int opt_next(void)
/* If it doesn't take a value, make sure none was given. */
if (o->valtype == 0 || o->valtype == '-') {
if (arg) {
BIO_printf(bio_err,
"%s: Option -%s does not take a value\n", prog, p);
opt_printf_stderr("%s: Option -%s does not take a value\n",
prog, p);
return -1;
}
return o->retval;
@ -661,8 +672,8 @@ int opt_next(void)
/* Want a value; get the next param if =foo not used. */
if (arg == NULL) {
if (argv[opt_index] == NULL) {
BIO_printf(bio_err,
"%s: Option -%s needs a value\n", prog, o->name);
opt_printf_stderr("%s: Option -%s needs a value\n",
prog, o->name);
return -1;
}
arg = argv[opt_index++];
@ -675,9 +686,9 @@ int opt_next(void)
/* Just a string. */
break;
case '/':
if (app_isdir(arg) > 0)
if (opt_isdir(arg) > 0)
break;
BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
opt_printf_stderr("%s: Not a directory: %s\n", prog, arg);
return -1;
case '<':
/* Input file. */
@ -689,41 +700,36 @@ int opt_next(void)
case 'n':
if (!opt_int(arg, &ival)
|| (o->valtype == 'p' && ival <= 0)) {
BIO_printf(bio_err,
"%s: Non-positive number \"%s\" for -%s\n",
prog, arg, o->name);
opt_printf_stderr("%s: Non-positive number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'M':
if (!opt_imax(arg, &imval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'U':
if (!opt_umax(arg, &umval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'l':
if (!opt_long(arg, &lval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
case 'u':
if (!opt_ulong(arg, &ulval)) {
BIO_printf(bio_err,
"%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
break;
@ -737,9 +743,8 @@ int opt_next(void)
o->valtype == 'F' ? OPT_FMT_PEMDER
: OPT_FMT_ANY, &ival))
break;
BIO_printf(bio_err,
"%s: Invalid format \"%s\" for -%s\n",
prog, arg, o->name);
opt_printf_stderr("%s: Invalid format \"%s\" for -%s\n",
prog, arg, o->name);
return -1;
}
@ -750,7 +755,7 @@ int opt_next(void)
dunno = p;
return unknown->retval;
}
BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
opt_printf_stderr("%s: Option unknown option -%s\n", prog, p);
return -1;
}
@ -848,18 +853,17 @@ void opt_help(const OPTIONS *list)
i += 1 + strlen(valtype2param(o));
if (i < MAX_OPT_HELP_WIDTH && i > width)
width = i;
assert(i < (int)sizeof(start));
OPENSSL_assert(i < (int)sizeof(start));
}
if (standard_prolog)
BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
prog);
opt_printf_stderr("Usage: %s [options]\nValid options are:\n", prog);
/* Now let's print. */
for (o = list; o->name; o++) {
help = o->helpstr ? o->helpstr : "(No additional info)";
if (o->name == OPT_HELP_STR) {
BIO_printf(bio_err, help, prog);
opt_printf_stderr(help, prog);
continue;
}
@ -870,7 +874,7 @@ void opt_help(const OPTIONS *list)
if (o->name == OPT_MORE_STR) {
/* Continuation of previous line; pad and print. */
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
opt_printf_stderr("%s %s\n", start, help);
continue;
}
@ -889,10 +893,62 @@ void opt_help(const OPTIONS *list)
*p = ' ';
if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
*p = '\0';
BIO_printf(bio_err, "%s\n", start);
opt_printf_stderr("%s\n", start);
memset(start, ' ', sizeof(start));
}
start[width] = '\0';
BIO_printf(bio_err, "%s %s\n", start, help);
opt_printf_stderr("%s %s\n", start, help);
}
}
/* opt_isdir section */
#ifdef _WIN32
# include <windows.h>
int opt_isdir(const char *name)
{
DWORD attr;
# if defined(UNICODE) || defined(_UNICODE)
size_t i, len_0 = strlen(name) + 1;
WCHAR tempname[MAX_PATH];
if (len_0 > MAX_PATH)
return -1;
# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
# endif
for (i = 0; i < len_0; i++)
tempname[i] = (WCHAR)name[i];
attr = GetFileAttributes(tempname);
# else
attr = GetFileAttributes(name);
# endif
if (attr == INVALID_FILE_ATTRIBUTES)
return -1;
return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
}
#else
# include <sys/stat.h>
# ifndef S_ISDIR
# if defined(_S_IFMT) && defined(_S_IFDIR)
# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
# else
# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
# endif
# endif
int opt_isdir(const char *name)
{
# if defined(S_ISDIR)
struct stat st;
if (stat(name, &st) == 0)
return S_ISDIR(st.st_mode);
else
return -1;
# else
return -1;
# endif
}
#endif

344
apps/opt.h Normal file
View file

@ -0,0 +1,344 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_OPT_H
#define HEADER_OPT_H
#include <sys/types.h>
#include <openssl/e_os2.h>
#include <openssl/ossl_typ.h>
#include <stdarg.h>
/*
* Common verification options.
*/
# define OPT_V_ENUM \
OPT_V__FIRST=2000, \
OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
OPT_V__LAST
# define OPT_V_OPTIONS \
{ "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
{ "purpose", OPT_V_PURPOSE, 's', \
"certificate chain purpose"}, \
{ "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
{ "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
"chain depth limit" }, \
{ "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
"chain authentication security level" }, \
{ "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
{ "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
"expected peer hostname" }, \
{ "verify_email", OPT_V_VERIFY_EMAIL, 's', \
"expected peer email" }, \
{ "verify_ip", OPT_V_VERIFY_IP, 's', \
"expected peer IP address" }, \
{ "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
"permit unhandled critical extensions"}, \
{ "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
{ "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
{ "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
{ "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
{ "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
"set policy variable require-explicit-policy"}, \
{ "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
"set policy variable inhibit-any-policy"}, \
{ "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
"set policy variable inhibit-policy-mapping"}, \
{ "x509_strict", OPT_V_X509_STRICT, '-', \
"disable certificate compatibility work-arounds"}, \
{ "extended_crl", OPT_V_EXTENDED_CRL, '-', \
"enable extended CRL features"}, \
{ "use_deltas", OPT_V_USE_DELTAS, '-', \
"use delta CRLs"}, \
{ "policy_print", OPT_V_POLICY_PRINT, '-', \
"print policy processing diagnostics"}, \
{ "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
"check root CA self-signatures"}, \
{ "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
"search trust store first (default)" }, \
{ "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
{ "suiteB_128", OPT_V_SUITEB_128, '-', \
"Suite B 128-bit mode allowing 192-bit algorithms"}, \
{ "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
{ "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
"accept chains anchored by intermediate trust-store CAs"}, \
{ "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
{ "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
{ "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
# define OPT_V_CASES \
OPT_V__FIRST: case OPT_V__LAST: break; \
case OPT_V_POLICY: \
case OPT_V_PURPOSE: \
case OPT_V_VERIFY_NAME: \
case OPT_V_VERIFY_DEPTH: \
case OPT_V_VERIFY_AUTH_LEVEL: \
case OPT_V_ATTIME: \
case OPT_V_VERIFY_HOSTNAME: \
case OPT_V_VERIFY_EMAIL: \
case OPT_V_VERIFY_IP: \
case OPT_V_IGNORE_CRITICAL: \
case OPT_V_ISSUER_CHECKS: \
case OPT_V_CRL_CHECK: \
case OPT_V_CRL_CHECK_ALL: \
case OPT_V_POLICY_CHECK: \
case OPT_V_EXPLICIT_POLICY: \
case OPT_V_INHIBIT_ANY: \
case OPT_V_INHIBIT_MAP: \
case OPT_V_X509_STRICT: \
case OPT_V_EXTENDED_CRL: \
case OPT_V_USE_DELTAS: \
case OPT_V_POLICY_PRINT: \
case OPT_V_CHECK_SS_SIG: \
case OPT_V_TRUSTED_FIRST: \
case OPT_V_SUITEB_128_ONLY: \
case OPT_V_SUITEB_128: \
case OPT_V_SUITEB_192: \
case OPT_V_PARTIAL_CHAIN: \
case OPT_V_NO_ALT_CHAINS: \
case OPT_V_NO_CHECK_TIME: \
case OPT_V_ALLOW_PROXY_CERTS
/*
* Common "extended validation" options.
*/
# define OPT_X_ENUM \
OPT_X__FIRST=1000, \
OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
OPT_X_CERTFORM, OPT_X_KEYFORM, \
OPT_X__LAST
# define OPT_X_OPTIONS \
{ "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
{ "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
{ "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
{ "xchain_build", OPT_X_CHAIN_BUILD, '-', \
"build certificate chain for the extended certificates"}, \
{ "xcertform", OPT_X_CERTFORM, 'F', \
"format of Extended certificate (PEM or DER) PEM default " }, \
{ "xkeyform", OPT_X_KEYFORM, 'F', \
"format of Extended certificate's key (PEM or DER) PEM default"}
# define OPT_X_CASES \
OPT_X__FIRST: case OPT_X__LAST: break; \
case OPT_X_KEY: \
case OPT_X_CERT: \
case OPT_X_CHAIN: \
case OPT_X_CHAIN_BUILD: \
case OPT_X_CERTFORM: \
case OPT_X_KEYFORM
/*
* Common SSL options.
* Any changes here must be coordinated with ../ssl/ssl_conf.c
*/
# define OPT_S_ENUM \
OPT_S__FIRST=3000, \
OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
OPT_S_PRIORITIZE_CHACHA, \
OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
OPT_S_MINPROTO, OPT_S_MAXPROTO, \
OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
# define OPT_S_OPTIONS \
{"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
{"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
{"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
{"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
{"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
{"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
{"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
{"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
{"no_ticket", OPT_S_NOTICKET, '-', \
"Disable use of TLS session tickets"}, \
{"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
{"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
"Enable use of legacy renegotiation (dangerous)"}, \
{"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
"Disable all renegotiation."}, \
{"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
"Allow initial connection to servers that don't support RI"}, \
{"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
"Disallow session resumption on renegotiation"}, \
{"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
"Disallow initial connection to servers that don't support RI"}, \
{"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
"In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
{"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
"Prioritize ChaCha ciphers when preferred by clients"}, \
{"strict", OPT_S_STRICT, '-', \
"Enforce strict certificate checks as per TLS standard"}, \
{"sigalgs", OPT_S_SIGALGS, 's', \
"Signature algorithms to support (colon-separated list)" }, \
{"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
"Signature algorithms to support for client certificate" \
" authentication (colon-separated list)" }, \
{"groups", OPT_S_GROUPS, 's', \
"Groups to advertise (colon-separated list)" }, \
{"curves", OPT_S_CURVES, 's', \
"Groups to advertise (colon-separated list)" }, \
{"named_curve", OPT_S_NAMEDCURVE, 's', \
"Elliptic curve used for ECDHE (server-side only)" }, \
{"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
{"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
{"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
{"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
{"record_padding", OPT_S_RECORD_PADDING, 's', \
"Block size to pad TLS 1.3 records to."}, \
{"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
"Perform all sorts of protocol violations for testing purposes"}, \
{"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
"Disable TLSv1.3 middlebox compat mode" }
# define OPT_S_CASES \
OPT_S__FIRST: case OPT_S__LAST: break; \
case OPT_S_NOSSL3: \
case OPT_S_NOTLS1: \
case OPT_S_NOTLS1_1: \
case OPT_S_NOTLS1_2: \
case OPT_S_NOTLS1_3: \
case OPT_S_BUGS: \
case OPT_S_NO_COMP: \
case OPT_S_COMP: \
case OPT_S_NOTICKET: \
case OPT_S_SERVERPREF: \
case OPT_S_LEGACYRENEG: \
case OPT_S_LEGACYCONN: \
case OPT_S_ONRESUMP: \
case OPT_S_NOLEGACYCONN: \
case OPT_S_ALLOW_NO_DHE_KEX: \
case OPT_S_PRIORITIZE_CHACHA: \
case OPT_S_STRICT: \
case OPT_S_SIGALGS: \
case OPT_S_CLIENTSIGALGS: \
case OPT_S_GROUPS: \
case OPT_S_CURVES: \
case OPT_S_NAMEDCURVE: \
case OPT_S_CIPHER: \
case OPT_S_CIPHERSUITES: \
case OPT_S_RECORD_PADDING: \
case OPT_S_NO_RENEGOTIATION: \
case OPT_S_MINPROTO: \
case OPT_S_MAXPROTO: \
case OPT_S_DEBUGBROKE: \
case OPT_S_NO_MIDDLEBOX
#define IS_NO_PROT_FLAG(o) \
(o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
|| o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
/*
* Random state options.
*/
# define OPT_R_ENUM \
OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
# define OPT_R_OPTIONS \
{"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
{"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
# define OPT_R_CASES \
OPT_R__FIRST: case OPT_R__LAST: break; \
case OPT_R_RAND: case OPT_R_WRITERAND
/*
* Option parsing.
*/
extern const char OPT_HELP_STR[];
extern const char OPT_MORE_STR[];
typedef struct options_st {
const char *name;
int retval;
/*
* value type: - no value (also the value zero), n number, p positive
* number, u unsigned, l long, s string, < input file, > output file,
* f any format, F der/pem format, E der/pem/engine format identifier.
* l, n and u include zero; p does not.
*/
int valtype;
const char *helpstr;
} OPTIONS;
/*
* A string/int pairing; widely use for option value lookup, hence the
* name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
* the "generic" name STRINT_PAIR.
*/
typedef struct string_int_pair_st {
const char *name;
int retval;
} OPT_PAIR, STRINT_PAIR;
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
# define OPT_FMT_PEMDER (1L << 1)
# define OPT_FMT_PKCS12 (1L << 2)
# define OPT_FMT_SMIME (1L << 3)
# define OPT_FMT_ENGINE (1L << 4)
# define OPT_FMT_MSBLOB (1L << 5)
/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */
# define OPT_FMT_NSS (1L << 7)
# define OPT_FMT_TEXT (1L << 8)
# define OPT_FMT_HTTP (1L << 9)
# define OPT_FMT_PVK (1L << 10)
# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME)
# define OPT_FMT_ANY ( \
OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
char *opt_progname(const char *argv0);
char *opt_getprog(void);
char *opt_init(int ac, char **av, const OPTIONS * o);
int opt_next(void);
void opt_begin(void);
int opt_format(const char *s, unsigned long flags, int *result);
int opt_int(const char *arg, int *result);
int opt_ulong(const char *arg, unsigned long *result);
int opt_long(const char *arg, long *result);
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
int opt_imax(const char *arg, intmax_t *result);
int opt_umax(const char *arg, uintmax_t *result);
#else
# define opt_imax opt_long
# define opt_umax opt_ulong
# define intmax_t long
# define uintmax_t unsigned long
#endif
int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
int opt_md(const char *name, const EVP_MD **mdp);
char *opt_arg(void);
char *opt_flag(void);
char *opt_unknown(void);
char **opt_rest(void);
int opt_num_rest(void);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
void opt_help(const OPTIONS * list);
int opt_format_error(const char *s, unsigned long flags);
int opt_isdir(const char *name);
int opt_printf_stderr(const char *fmt, ...);
#endif /* HEADER_OPT_H */

2
test/asynciotest.c
View file

@ -393,6 +393,8 @@ static int test_asyncio(int test)
return testresult;
}
OPT_TEST_DECLARE_USAGE("certname privkey\n")
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))

47
test/bftest.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -434,28 +434,53 @@ static int test_bf_ofb64(void)
}
#endif
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_PRINT,
OPT_TEST_ENUM
} OPTION_CHOICE;
const OPTIONS *test_get_options(void)
{
static const OPTIONS test_options[] = {
OPT_TEST_OPTIONS_DEFAULT_USAGE,
{ "print", OPT_PRINT, '-', "Output test tables instead of running tests"},
{ NULL }
};
return test_options;
}
int setup_tests(void)
{
#ifndef OPENSSL_NO_BF
OPTION_CHOICE o;
# ifdef CHARSET_EBCDIC
int n;
ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
for (n = 0; n < 2; n++) {
ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
}
# endif
if (test_get_argument(0) != NULL) {
print_test_data();
} else {
ADD_ALL_TESTS(test_bf_ecb_raw, 2);
ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS);
ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1);
ADD_TEST(test_bf_cbc);
ADD_TEST(test_bf_cfb64);
ADD_TEST(test_bf_ofb64);
while ((o = opt_next()) != OPT_EOF) {
switch(o) {
case OPT_PRINT:
print_test_data();
return 1;
case OPT_TEST_CASES:
break;
default:
return 0;
}
}
ADD_ALL_TESTS(test_bf_ecb_raw, 2);
ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS);
ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1);
ADD_TEST(test_bf_cbc);
ADD_TEST(test_bf_cfb64);
ADD_TEST(test_bf_ofb64);
#endif
return 1;
}

33
test/bioprinttest.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -252,10 +252,38 @@ static int test_big(void)
return 1;
}
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_PRINT,
OPT_TEST_ENUM
} OPTION_CHOICE;
const OPTIONS *test_get_options(void)
{
static const OPTIONS options[] = {
OPT_TEST_OPTIONS_DEFAULT_USAGE,
{ "expected", OPT_PRINT, '-', "Output values" },
{ NULL }
};
return options;
}
int setup_tests(void)
{
justprint = test_has_option("-expected");
OPTION_CHOICE o;
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_PRINT:
justprint = 1;
break;
case OPT_TEST_CASES:
break;
default:
return 0;
}
}
ADD_TEST(test_big);
ADD_ALL_TESTS(test_fp, nelem(pw_params));
@ -300,3 +328,4 @@ int test_flush_stderr(void)
{
return fflush(stderr);
}

11
test/bntest.c
View file

@ -2261,6 +2261,17 @@ static int run_file_tests(int i)
return c == 0;
}
const OPTIONS *test_get_options(void)
{
enum { OPT_TEST_ENUM };
static const OPTIONS test_options[] = {
OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"),
{ OPT_HELP_STR, 1, '-',
"file\tFile to run tests on. Normal tests are not run\n" },
{ NULL }
};
return test_options;
}
int setup_tests(void)
{

11
test/build.info
View file

@ -13,8 +13,9 @@ IF[{- !$disabled{tests} -}]
SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \
testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \
testutil/format_output.c testutil/tap_bio.c \
testutil/test_cleanup.c testutil/main.c testutil/init.c
INCLUDE[libtestutil.a]=../include
testutil/test_cleanup.c testutil/main.c testutil/init.c \
testutil/options.c testutil/test_options.c ../apps/opt.c
INCLUDE[libtestutil.a]=../include ..
DEPEND[libtestutil.a]=../libcrypto
PROGRAMS{noinst}=\
@ -398,11 +399,9 @@ IF[{- !$disabled{tests} -}]
DEPEND[cipher_overhead_test]=../libcrypto ../libssl libtestutil.a
ENDIF
SOURCE[uitest]=uitest.c \
{- rebase_files("../apps",
split(/\s+/, $target{apps_init_src})) -}
SOURCE[uitest]=uitest.c ../apps/apps_ui.c
INCLUDE[uitest]=.. ../include ../apps
DEPEND[uitest]=../apps/libapps.a ../libcrypto ../libssl libtestutil.a
DEPEND[uitest]=../libcrypto ../libssl libtestutil.a
SOURCE[cipherbytes_test]=cipherbytes_test.c
INCLUDE[cipherbytes_test]=../include

2
test/clienthellotest.c
View file

@ -240,6 +240,8 @@ end:
return testresult;
}
OPT_TEST_DECLARE_USAGE("sessionfile\n")
int setup_tests(void)
{
if (!TEST_ptr(sessionfile = test_get_argument(0)))

11
test/cmsapitest.c
View file

@ -1,3 +1,12 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/cms.h>
@ -49,6 +58,8 @@ static int test_encrypt_decrypt(void)
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
char *certin = NULL, *privkeyin = NULL;

36
test/conf_include_test.c
View file

@ -178,26 +178,50 @@ static int test_check_overflow(void)
return 1;
}
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_FAIL,
OPT_TEST_ENUM
} OPTION_CHOICE;
const OPTIONS *test_get_options(void)
{
static const OPTIONS test_options[] = {
OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"),
{ "f", OPT_FAIL, '-', "A failure is expected" },
{ NULL }
};
return test_options;
}
int setup_tests(void)
{
const char *conf_file;
const char *arg2;
OPTION_CHOICE o;
if (!TEST_ptr(conf = NCONF_new(NULL)))
return 0;
conf_file = test_get_argument(0);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_FAIL:
expect_failure = 1;
break;
case OPT_TEST_CASES:
break;
default:
return 0;
}
}
conf_file = test_get_argument(0);
if (!TEST_ptr(conf_file)
|| !TEST_ptr(in = BIO_new_file(conf_file, "r"))) {
TEST_note("Unable to open the file argument");
return 0;
}
if ((arg2 = test_get_argument(1)) != NULL && *arg2 == 'f') {
expect_failure = 1;
}
/*
* For this test we need to chdir as we use relative
* path names in the config files.

50
test/curve448_internal_test.c
View file

@ -682,19 +682,49 @@ static int test_x448(void)
return 1;
}
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_PROGRESS,
OPT_SLOW,
OPT_TEST_ENUM
} OPTION_CHOICE;
const OPTIONS *test_get_options(void)
{
static const OPTIONS test_options[] = {
OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"),
{ "f", OPT_SLOW, '-', "Enables a slow test" },
{ "v", OPT_PROGRESS, '-',
"Enables verbose mode (prints progress dots)" },
{ NULL }
};
return test_options;
}
int setup_tests(void)
{
/*
* The test vectors contain one test which takes a very long time to run,
* so we don't do that be default. Using the -f option will cause it to be
* run.
*/
if (test_has_option("-f"))
max = 1000000;
OPTION_CHOICE o;
/* Print progress dots */
if (test_has_option("-v"))
verbose = 1;
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_TEST_CASES:
break;
default:
return 0;
/*
* The test vectors contain one test which takes a very long time to run
* so we don't do that be default. Using the -f option will cause it to
* be run.
*/
case OPT_SLOW:
max = 1000000;
break;
case OPT_PROGRESS:
verbose = 1; /* Print progress dots */
break;
}
}
ADD_TEST(test_x448);
ADD_TEST(test_ed448);

6
test/d2i_test.c
View file

@ -106,6 +106,8 @@ static int test_bad_asn1(void)
return ret;
}
OPT_TEST_DECLARE_USAGE("item_name expected_error test_file.der\n")
/*
* Usage: d2i_test <name> <type> <file>, e.g.
* d2i_test generalname bad_generalname.der
@ -127,10 +129,8 @@ int setup_tests(void)
if (!TEST_ptr(test_type_name = test_get_argument(0))
|| !TEST_ptr(expected_error_string = test_get_argument(1))
|| !TEST_ptr(test_file = test_get_argument(2))) {
TEST_note("Usage: d2i_test item_name expected_error file.der");
|| !TEST_ptr(test_file = test_get_argument(2)))
return 0;
}
item_type = ASN1_ITEM_lookup(test_type_name);

6
test/danetest.c
View file

@ -409,14 +409,14 @@ end:
return ret;
}
OPT_TEST_DECLARE_USAGE("basedomain CAfile tlsafile\n")
int setup_tests(void)
{
if (!TEST_ptr(basedomain = test_get_argument(0))
|| !TEST_ptr(CAfile = test_get_argument(1))
|| !TEST_ptr(tlsafile = test_get_argument(2))) {
TEST_error("Usage error: danetest basedomain CAfile tlsafile");
|| !TEST_ptr(tlsafile = test_get_argument(2)))
return 0;
}
ADD_TEST(run_tlsatest);
return 1;

2
test/dtlstest.c
View file

@ -328,6 +328,8 @@ static int test_dtls_duplicate_records(void)
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))

62
test/ecstresstest.c
View file

@ -18,7 +18,7 @@
#define NUM_REPEATS "1000000"
static int64_t num_repeats;
static intmax_t num_repeats;
static int print_mode = 0;
#ifndef OPENSSL_NO_EC
@ -39,10 +39,10 @@ static const char *kP256DefaultResult =
* point multiplication.
* Returns the X-coordinate of the end result or NULL on error.
*/
static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, int64_t num)
static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, intmax_t num)
{
BIGNUM *scalar = NULL;
int64_t i;
intmax_t i;
if (!TEST_ptr(scalar = BN_new())
|| !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar,
@ -101,20 +101,21 @@ err:
}
#endif
static int atoi64(const char *in, int64_t *result)
typedef enum OPTION_choice {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_NUM_REPEATS,
OPT_TEST_ENUM
} OPTION_CHOICE;
const OPTIONS *test_get_options(void)
{
int64_t ret = 0;
for ( ; *in != '\0'; in++) {
char c = *in;
if (!isdigit((unsigned char)c))
return 0;
ret *= 10;
ret += (c - '0');
}
*result = ret;
return 1;
static const OPTIONS test_options[] = {
OPT_TEST_OPTIONS_DEFAULT_USAGE,
{ "num", OPT_NUM_REPEATS, 'M', "Number of repeats" },
{ NULL }
};
return test_options;
}
/*
@ -124,22 +125,27 @@ static int atoi64(const char *in, int64_t *result)
*/
int setup_tests(void)
{
const char *p;
OPTION_CHOICE o;
if (!atoi64(NUM_REPEATS, &num_repeats)) {
if (!opt_imax(NUM_REPEATS, &num_repeats)) {
TEST_error("Cannot parse " NUM_REPEATS);
return 0;
}
/*
* TODO(openssl-team): code under test/ should be able to reuse the option
* parsing framework currently in apps/.
*/
p = test_get_option_argument("-num");
if (p != NULL) {
if (!atoi64(p, &num_repeats)
|| num_repeats < 0)
return 0;
print_mode = 1;
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_NUM_REPEATS:
if (!opt_imax(opt_arg(), &num_repeats)
|| num_repeats < 0)
return 0;
print_mode = 1;
break;
case OPT_TEST_CASES:
break;
default:
case OPT_ERR:
return 0;
}
}
#ifndef OPENSSL_NO_EC

6
test/evp_test.c
View file

@ -2901,14 +2901,14 @@ static int run_file_tests(int i)
return c == 0;
}
OPT_TEST_DECLARE_USAGE("file...\n")
int setup_tests(void)
{
size_t n = test_get_argument_count();
if (n == 0) {
TEST_error("Usage: %s file...", test_get_program_name());
if (n == 0)
return 0;
}
ADD_ALL_TESTS(run_file_tests, n);
return 1;

2
test/fatalerrtest.c
View file

@ -82,6 +82,8 @@ static int test_fatalerr(void)
return ret;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))

2
test/gosttest.c
View file

@ -78,6 +78,8 @@ static int test_tls13(int idx)
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n")
int setup_tests(void)
{
if (!TEST_ptr(cert1 = test_get_argument(0))

4
test/ocspapitest.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -133,6 +133,8 @@ static int test_resp_signer(void)
}
#endif
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
if (!TEST_ptr(certstr = test_get_argument(0))

2
test/recipes/90-test_includes.t
View file

@ -24,4 +24,4 @@ if ($^O eq "VMS") {
ok(run(test(["conf_include_test", data_file("vms-includes-file.cnf")])),
"test file includes, VMS syntax");
}
ok(run(test(["conf_include_test", data_file("includes-broken.cnf"), "f"])), "test broken includes");
ok(run(test(["conf_include_test", "-f", data_file("includes-broken.cnf")])), "test broken includes");

2
test/recordlentest.c
View file

@ -181,6 +181,8 @@ static int test_record_overflow(int idx)
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))

2
test/ssl_test.c
View file

@ -500,6 +500,8 @@ err:
return ret;
}
OPT_TEST_DECLARE_USAGE("conf_file\n")
int setup_tests(void)
{
long num_tests;

6
test/ssl_test_ctx_test.c
View file

@ -240,15 +240,15 @@ static int test_bad_configuration(int idx)
return 1;
}
OPT_TEST_DECLARE_USAGE("conf_file\n")
int setup_tests(void)
{
if (!TEST_ptr(conf = NCONF_new(NULL)))
return 0;
/* argument should point to test/ssl_test_ctx_test.conf */
if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) {
TEST_note("Missing file argument");
if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0))
return 0;
}
ADD_TEST(test_empty_configuration);
ADD_TEST(test_good_configuration);

3
test/sslapitest.c
View file

@ -6030,6 +6030,9 @@ static int test_ca_names(int tst)
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n")
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))

2
test/sslbuffertest.c
View file

@ -157,6 +157,8 @@ int global_init(void)
return 1;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
char *cert, *pkey;

6
test/sslcorrupttest.c
View file

@ -244,15 +244,15 @@ static int test_ssl_corrupt(int testidx)
return testresult;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
int n;
if (!TEST_ptr(cert = test_get_argument(0))
|| !TEST_ptr(privkey = test_get_argument(1))) {
TEST_note("Usage error: require cert and private key files");
|| !TEST_ptr(privkey = test_get_argument(1)))
return 0;
}
n = setup_cipher_list();
if (n > 0)

95
test/testutil.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -15,6 +15,7 @@
#include <openssl/err.h>
#include <openssl/e_os2.h>
#include <openssl/bn.h>
#include "../apps/opt.h"
/*-
* Simple unit tests should implement setup_tests().
@ -117,22 +118,80 @@
# define TEST_CASE_NAME __func__
# endif /* __STDC_VERSION__ */
/* The default test enum which should be common to all tests */
#define OPT_TEST_ENUM \
OPT_TEST_HELP = 500, \
OPT_TEST_LIST, \
OPT_TEST_SINGLE, \
OPT_TEST_ITERATION, \
OPT_TEST_INDENT, \
OPT_TEST_SEED
/* The Default test OPTIONS common to all tests (without a usage string) */
#define OPT_TEST_OPTIONS \
{ OPT_HELP_STR, 1, '-', "Valid options are:\n" }, \
{ "help", OPT_TEST_HELP, '-', "Display this summary" }, \
{ "list", OPT_TEST_LIST, '-', "Display the list of tests available" }, \
{ "test", OPT_TEST_SINGLE, 's', "Run a single test by id or name" }, \
{ "iter", OPT_TEST_ITERATION, 'n', "Run a single iteration of a test" }, \
{ "indent", OPT_TEST_INDENT,'p', "Number of tabs added to output" }, \
{ "seed", OPT_TEST_SEED, 'n', "Seed value to randomize tests with" }
/* The Default test OPTIONS common to all tests starting with an additional usage string */
#define OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage) \
{ OPT_HELP_STR, 1, '-', "Usage: %s [options] " usage }, \
OPT_TEST_OPTIONS
/* The Default test OPTIONS common to all tests with an default usage string */
#define OPT_TEST_OPTIONS_DEFAULT_USAGE \
{ OPT_HELP_STR, 1, '-', "Usage: %s [options]\n" }, \
OPT_TEST_OPTIONS
/*
* Tests that need access to command line arguments should use the functions:
* test_get_argument(int n) to get the nth argument, the first argument is
* argument 0. This function returns NULL on error.
* test_get_argument_count() to get the count of the arguments.
* test_has_option(const char *) to check if the specified option was passed.
* test_get_option_argument(const char *) to get an option which includes an
* argument. NULL is returns if the option is not found.
* const char *test_get_program_name(void) returns the name of the test program
* being executed.
* Optional Cases that need to be ignored by the test app when using opt_next(),
* (that are handled internally).
*/
#define OPT_TEST_CASES \
OPT_TEST_HELP: \
case OPT_TEST_LIST: \
case OPT_TEST_SINGLE: \
case OPT_TEST_ITERATION: \
case OPT_TEST_INDENT: \
case OPT_TEST_SEED
/*
* Tests that use test_get_argument() that dont have any additional options
* (i.e- dont use opt_next()) can use this to set the usage string.
* It embeds test_get_options() which gives default command line options for
* the test system.
*
* Tests that need to use opt_next() need to specify
* (1) test_get_options() containing an options[] (Which should include either
* OPT_TEST_OPTIONS_DEFAULT_USAGE OR
* OPT_TEST_OPTIONS_WITH_EXTRA_USAGE).
* (2) An enum outside the test_get_options() which contains OPT_TEST_ENUM, as
* well as the additional options that need to be handled.
* (3) case OPT_TEST_CASES: break; inside the opt_next() handling code.
*/
#define OPT_TEST_DECLARE_USAGE(usage_str) \
const OPTIONS *test_get_options(void) \
{ \
enum { OPT_TEST_ENUM }; \
static const OPTIONS options[] = { \
OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage_str), \
{ NULL } \
}; \
return options; \
}
/*
* Used to read non optional command line values that follow after the options.
* Returns NULL if there is no argument.
*/
const char *test_get_program_name(void);
char *test_get_argument(size_t n);
/* Return the number of additional non optional command line arguments */
size_t test_get_argument_count(void);
int test_has_option(const char *option);
const char *test_get_option_argument(const char *option);
/*
* Internal helpers. Test programs shouldn't use these directly, but should
@ -150,6 +209,16 @@ void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num,
int global_init(void);
int setup_tests(void);
void cleanup_tests(void);
/*
* Used to supply test specific command line options,
* If non optional parameters are used, then the first entry in the OPTIONS[]
* should contain:
* { OPT_HELP_STR, 1, '-', "list of non optional commandline params\n"},
* The last entry should always be { NULL }.
*
* Run the test locally using './test/test_name -help' to check the usage.
*/
const OPTIONS *test_get_options(void);
/*
* Test assumption verification helpers.

179
test/testutil/driver.c
View file

@ -21,6 +21,7 @@
# define strdup _strdup
#endif
/*
* Declares the structures needed to register each test case function.
*/
@ -36,14 +37,21 @@ typedef struct test_info {
static TEST_INFO all_tests[1024];
static int num_tests = 0;
static int show_list = 0;
static int single_test = -1;
static int single_iter = -1;
static int level = 0;
static int seed = 0;
/*
* A parameterised tests runs a loop of test cases.
* A parameterised test runs a loop of test cases.
* |num_test_cases| counts the total number of test cases
* across all tests.
*/
static int num_test_cases = 0;
static int process_shared_options(void);
void add_test(const char *test_case_name, int (*test_fn) (void))
{
assert(num_tests != OSSL_NELEM(all_tests));
@ -66,8 +74,6 @@ void add_all_tests(const char *test_case_name, int(*test_fn)(int idx),
num_test_cases += num;
}
static int level = 0;
int subtest_level(void)
{
return level;
@ -99,21 +105,26 @@ static int gcd(int a, int b)
return a;
}
void setup_test_framework(void)
static void set_seed(int s)
{
seed = s;
if (seed <= 0)
seed = (int)time(NULL);
test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed);
test_flush_stdout();
srand(seed);
}
int setup_test_framework(int argc, char *argv[])
{
char *TAP_levels = getenv("HARNESS_OSSL_LEVEL");
char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER");
char *TAP_levels = getenv("HARNESS_OSSL_LEVEL");
level = TAP_levels != NULL ? 4 * atoi(TAP_levels) : 0;
if (test_seed != NULL) {
seed = atoi(test_seed);
if (seed <= 0)
seed = (int)time(NULL);
test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed);
test_flush_stdout();
srand(seed);
}
if (TAP_levels != NULL)
level = 4 * atoi(TAP_levels);
if (test_seed != NULL)
set_seed(atoi(test_seed));
#ifndef OPENSSL_NO_CRYPTO_MDEBUG
if (should_report_leaks()) {
@ -121,8 +132,115 @@ void setup_test_framework(void)
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
}
#endif
if (!opt_init(argc, argv, test_get_options()))
return 0;
return 1;
}
/*
* This can only be called after setup() has run, since num_tests and
* all_tests[] are setup at this point
*/
static int check_single_test_params(char *name, char *testname, char *itname)
{
if (name != NULL) {
int i;
for (i = 0; i < num_tests; ++i) {
if (strcmp(name, all_tests[i].test_case_name) == 0) {
single_test = 1 + i;
break;
}
}
if (i >= num_tests)
single_test = atoi(name);
}
/* if only iteration is specified, assume we want the first test */
if (single_test == -1 && single_iter != -1)
single_test = 1;
if (single_test != -1) {
if (single_test < 1 || single_test > num_tests) {
test_printf_stderr("Invalid -%s value "
"(Value must be a valid test name OR a value between %d..%d)\n",
testname, 1, num_tests);
return 0;
}
}
if (single_iter != -1) {
if (all_tests[single_test - 1].num == -1) {
test_printf_stderr("-%s option is not valid for test %d:%s\n",
itname,
single_test,
all_tests[single_test - 1].test_case_name);
return 0;
} else if (single_iter < 1
|| single_iter > all_tests[single_test - 1].num) {
test_printf_stderr("Invalid -%s value for test %d:%s\t"
"(Value must be in the range %d..%d)\n",
itname, single_test,
all_tests[single_test - 1].test_case_name,
1, all_tests[single_test - 1].num);
return 0;
}
}
return 1;
}
static int process_shared_options(void)
{
OPTION_CHOICE_DEFAULT o;
int value;
int ret = -1;
char *flag_test = "";
char *flag_iter = "";
char *testname = NULL;
opt_begin();
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
/* Ignore any test options at this level */
default:
break;
case OPT_ERR:
return ret;
case OPT_TEST_HELP:
opt_help(test_get_options());
return 0;
case OPT_TEST_LIST:
show_list = 1;
break;
case OPT_TEST_SINGLE:
flag_test = opt_flag();
testname = opt_arg();
break;
case OPT_TEST_ITERATION:
flag_iter = opt_flag();
if (!opt_int(opt_arg(), &single_iter))
goto end;
break;
case OPT_TEST_INDENT:
if (!opt_int(opt_arg(), &value))
goto end;
level = 4 * value;
break;
case OPT_TEST_SEED:
if (!opt_int(opt_arg(), &value))
goto end;
set_seed(value);
break;
}
}
if (!check_single_test_params(testname, flag_test, flag_iter))
goto end;
ret = 1;
end:
return ret;
}
int pulldown_test_framework(int ret)
{
set_test_title(NULL);
@ -131,7 +249,6 @@ int pulldown_test_framework(int ret)
&& CRYPTO_mem_leaks_cb(openssl_error_cb, NULL) <= 0)
return EXIT_FAILURE;
#endif
return ret;
}
@ -176,14 +293,21 @@ int run_tests(const char *test_prog_name)
int ii, i, jj, j, jstep;
int permute[OSSL_NELEM(all_tests)];
i = process_shared_options();
if (i == 0)
return EXIT_SUCCESS;
if (i == -1)
return EXIT_FAILURE;
if (num_tests < 1) {
test_printf_stdout("%*s1..0 # Skipped: %s\n", level, "",
test_prog_name);
} else {
} else if (show_list == 0 && single_test == -1) {
if (level > 0)
test_printf_stdout("%*s# Subtest: %s\n", level, "", test_prog_name);
test_printf_stdout("%*s1..%d\n", level, "", num_tests);
}
test_flush_stdout();
for (i = 0; i < num_tests; i++)
@ -198,12 +322,25 @@ int run_tests(const char *test_prog_name)
for (ii = 0; ii != num_tests; ++ii) {
i = permute[ii];
if (all_tests[i].num == -1) {
if (single_test != -1 && ((i+1) != single_test)) {
continue;
}
else if (show_list) {
if (all_tests[i].num != -1) {
test_printf_stdout("%d - %s (%d..%d)\n", ii + 1,
all_tests[i].test_case_name, 1,
all_tests[i].num);
} else {
test_printf_stdout("%d - %s\n", ii + 1,
all_tests[i].test_case_name);
}
test_flush_stdout();
} else if (all_tests[i].num == -1) {
int ret = 0;
set_test_title(all_tests[i].test_case_name);
ret = all_tests[i].test_fn();
verdict = 1;
if (!ret) {
verdict = 0;
@ -215,7 +352,7 @@ int run_tests(const char *test_prog_name)
int num_failed_inner = 0;
level += 4;
if (all_tests[i].subtest) {
if (all_tests[i].subtest && single_iter == -1) {
test_printf_stdout("%*s# Subtest: %s\n", level, "",
all_tests[i].test_case_name);
test_printf_stdout("%*s%d..%d\n", level, "", 1,
@ -235,6 +372,8 @@ int run_tests(const char *test_prog_name)
int ret;
j = (j + jstep) % all_tests[i].num;
if (single_iter != -1 && ((jj + 1) != single_iter))
continue;
set_test_title(NULL);
ret = all_tests[i].param_test_fn(j);

86
test/testutil/main.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -8,28 +8,9 @@
*/
#include "../testutil.h"
#include "internal/nelem.h"
#include "output.h"
#include "tu_local.h"
#include <string.h>
static size_t arg_count;
static char **args;
static unsigned char arg_used[1000];
static void check_arg_usage(void)
{
size_t i, n = arg_count < OSSL_NELEM(arg_used) ? arg_count
: OSSL_NELEM(arg_used);
for (i = 0; i < n; i++)
if (!arg_used[i+1])
test_printf_stderr("Warning ignored command-line argument %zu: %s\n",
i, args[i+1]);
if (i < arg_count)
test_printf_stderr("Warning arguments %zu and later unchecked\n", i);
}
int main(int argc, char *argv[])
{
@ -42,65 +23,18 @@ int main(int argc, char *argv[])
return ret;
}
arg_count = argc - 1;
args = argv;
if (!setup_test_framework(argc, argv))
goto end;
setup_test_framework();
if (setup_tests())
if (setup_tests()) {
ret = run_tests(argv[0]);
cleanup_tests();
check_arg_usage();
cleanup_tests();
opt_check_usage();
} else {
opt_help(test_get_options());
}
end:
ret = pulldown_test_framework(ret);
test_close_streams();
return ret;
}
const char *test_get_program_name(void)
{
return args[0];
}
char *test_get_argument(size_t n)
{
if (n > arg_count)
return NULL;
if (n + 1 < OSSL_NELEM(arg_used))
arg_used[n + 1] = 1;
return args[n + 1];
}
size_t test_get_argument_count(void)
{
return arg_count;
}
int test_has_option(const char *option)
{
size_t i;
for (i = 1; i <= arg_count; i++)
if (strcmp(args[i], option) == 0) {
arg_used[i] = 1;
return 1;
}
return 0;
}
const char *test_get_option_argument(const char *option)
{
size_t i, n = strlen(option);
for (i = 1; i <= arg_count; i++)
if (strncmp(args[i], option, n) == 0) {
arg_used[i] = 1;
if (args[i][n] == '\0' && i + 1 < arg_count) {
arg_used[++i] = 1;
return args[i];
}
return args[i] + n;
}
return NULL;
}

64
test/testutil/options.c Normal file
View file

@ -0,0 +1,64 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
#include "internal/nelem.h"
#include "tu_local.h"
#include "output.h"
static int used[100] = { 0 };
size_t test_get_argument_count(void)
{
return opt_num_rest();
}
char *test_get_argument(size_t n)
{
char **argv = opt_rest();
OPENSSL_assert(n < sizeof(used));
if ((int)n >= opt_num_rest() || argv == NULL)
return NULL;
used[n] = 1;
return argv[n];
}
void opt_check_usage(void)
{
int i;
char **argv = opt_rest();
int n, arg_count = opt_num_rest();
if (arg_count > (int)OSSL_NELEM(used))
n = (int)OSSL_NELEM(used);
else
n = arg_count;
for (i = 0; i < n; i++) {
if (used[i] == 0)
test_printf_stderr("Warning ignored command-line argument %d: %s\n",
i, argv[i]);
}
if (i < arg_count)
test_printf_stderr("Warning arguments %d and later unchecked\n", i);
}
int opt_printf_stderr(const char *fmt, ...)
{
va_list ap;
int ret;
va_start(ap, fmt);
ret = test_vprintf_stderr(fmt, ap);
va_end(ap);
return ret;
}

21
test/testutil/test_options.c Normal file
View file

@ -0,0 +1,21 @@
/*
* Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include "../testutil.h"
#include "tu_local.h"
/* An overridable list of command line options */
const OPTIONS *test_get_options(void)
{
static const OPTIONS default_options[] = {
OPT_TEST_OPTIONS_DEFAULT_USAGE,
{ NULL }
};
return default_options;
}

12
test/testutil/tu_local.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -44,8 +44,16 @@ void test_fail_memory_message(const char *prefix, const char *file,
const unsigned char *m1, size_t l1,
const unsigned char *m2, size_t l2);
void setup_test_framework(void);
__owur int setup_test_framework(int argc, char *argv[]);
__owur int pulldown_test_framework(int ret);
__owur int run_tests(const char *test_prog_name);
void set_test_title(const char *title);
typedef enum OPTION_choice_default {
OPT_ERR = -1,
OPT_EOF = 0,
OPT_TEST_ENUM
} OPTION_CHOICE_DEFAULT;
void opt_check_usage(void);

2
test/tls13ccstest.c
View file

@ -481,6 +481,8 @@ static int test_tls13ccs(int tst)
return ret;
}
OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n")
int setup_tests(void)
{
if (!TEST_ptr(cert = test_get_argument(0))

6
test/uitest.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,11 +11,9 @@
#include <string.h>
#include <openssl/opensslconf.h>
#include <openssl/err.h>
#include "apps.h"
#include "apps_ui.h"
#include "testutil.h"
/* apps/apps.c depend on these */
char *default_config_file = NULL;
#include <openssl/ui.h>

4
test/v3ext.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -37,6 +37,8 @@ end:
return ret;
}
OPT_TEST_DECLARE_USAGE("cert.pem\n")
int setup_tests(void)
{
if (!TEST_ptr(infile = test_get_argument(0)))

6
test/verify_extra_test.c
View file

@ -175,14 +175,14 @@ static int test_store_ctx(void)
return testresult;
}
OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n")
int setup_tests(void)
{
if (!TEST_ptr(roots_f = test_get_argument(0))
|| !TEST_ptr(untrusted_f = test_get_argument(1))
|| !TEST_ptr(bad_f = test_get_argument(2))) {
TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n");
|| !TEST_ptr(bad_f = test_get_argument(2)))
return 0;
}
ADD_TEST(test_alt_chains_cert_forgery);
ADD_TEST(test_store_ctx);

17
test/x509_check_cert_pkey_test.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -106,14 +106,25 @@ failed:
return ret;
}
const OPTIONS *test_get_options(void)
{
enum { OPT_TEST_ENUM };
static const OPTIONS test_options[] = {
OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("certname key.pem type expected\n"),
{ OPT_HELP_STR, 1, '-', "certname\tCertificate filename .pem/.req\n" },
{ OPT_HELP_STR, 1, '-', "type\t\tvalue must be 'pem' or 'req'\n" },
{ OPT_HELP_STR, 1, '-', "expected\tthe expected return value\n" },
{ NULL }
};
return test_options;
}
int setup_tests(void)
{
if (!TEST_ptr(c = test_get_argument(0))
|| !TEST_ptr(k = test_get_argument(1))
|| !TEST_ptr(t = test_get_argument(2))
|| !TEST_ptr(e = test_get_argument(3))) {
TEST_note("usage: x509_check_cert_pkey cert.pem|cert.req"
" key.pem cert|req <expected>");
return 0;
}

8
test/x509_dup_cert_test.c
View file

@ -1,5 +1,5 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
@ -33,14 +33,14 @@ static int test_509_dup_cert(int n)
return ret;
}
OPT_TEST_DECLARE_USAGE("cert.pem...\n")
int setup_tests(void)
{
size_t n = test_get_argument_count();
if (!TEST_int_gt(n, 0)) {
TEST_note("usage: x509_dup_cert_test cert.pem...");
if (!TEST_int_gt(n, 0))
return 0;
}
ADD_ALL_TESTS(test_509_dup_cert, n);
return 1;

7
test/x509aux.c
View file

@ -161,14 +161,13 @@ static int test_certs(int num)
return 0;
}
OPT_TEST_DECLARE_USAGE("certfile...\n")
int setup_tests(void)
{
size_t n = test_get_argument_count();
if (n == 0) {
TEST_error("usage: %s certfile...", test_get_program_name());
if (n == 0)
return 0;
}
ADD_ALL_TESTS(test_certs, (int)n);
return 1;