diff --git a/apps/apps.c b/apps/apps.c index 39535e9e4f..44a90a338c 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -54,9 +54,6 @@ typedef struct { unsigned long mask; } NAME_EX_TBL; -static UI_METHOD *ui_method = NULL; -static const UI_METHOD *ui_fallback_method = NULL; - static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL * in_tbl); static int set_multi_opts(unsigned long *flags, const char *arg, @@ -173,179 +170,12 @@ int dump_cert_text(BIO *out, X509 *x) return 0; } -static int ui_open(UI *ui) -{ - int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method); - - if (opener) - return opener(ui); - return 1; -} - -static int ui_read(UI *ui, UI_STRING *uis) -{ - int (*reader)(UI *ui, UI_STRING *uis) = NULL; - - if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD - && UI_get0_user_data(ui)) { - switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - case UIT_VERIFY: - { - const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password && password[0] != '\0') { - UI_set_result(ui, uis, password); - return 1; - } - } - break; - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - break; - } - } - - reader = UI_method_get_reader(ui_fallback_method); - if (reader) - return reader(ui, uis); - return 1; -} - -static int ui_write(UI *ui, UI_STRING *uis) -{ - int (*writer)(UI *ui, UI_STRING *uis) = NULL; - - if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD - && UI_get0_user_data(ui)) { - switch (UI_get_string_type(uis)) { - case UIT_PROMPT: - case UIT_VERIFY: - { - const char *password = - ((PW_CB_DATA *)UI_get0_user_data(ui))->password; - if (password && password[0] != '\0') - return 1; - } - break; - case UIT_NONE: - case UIT_BOOLEAN: - case UIT_INFO: - case UIT_ERROR: - break; - } - } - - writer = UI_method_get_writer(ui_fallback_method); - if (writer) - return writer(ui, uis); - return 1; -} - -static int ui_close(UI *ui) -{ - int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method); - - if (closer) - return closer(ui); - return 1; -} - -int setup_ui_method(void) -{ - ui_fallback_method = UI_null(); -#ifndef OPENSSL_NO_UI_CONSOLE - ui_fallback_method = UI_OpenSSL(); -#endif - ui_method = UI_create_method("OpenSSL application user interface"); - UI_method_set_opener(ui_method, ui_open); - UI_method_set_reader(ui_method, ui_read); - UI_method_set_writer(ui_method, ui_write); - UI_method_set_closer(ui_method, ui_close); - return 0; -} - -void destroy_ui_method(void) -{ - if (ui_method) { - UI_destroy_method(ui_method); - ui_method = NULL; - } -} - -const UI_METHOD *get_ui_method(void) -{ - return ui_method; -} - -int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data) -{ - int res = 0; - UI *ui; - int ok = 0; - char *buff = NULL; - int ui_flags = 0; - const char *prompt_info = NULL; - char *prompt; - - if ((ui = UI_new_method(ui_method)) == NULL) - return 0; - - if (cb_data != NULL && cb_data->prompt_info != NULL) - prompt_info = cb_data->prompt_info; - prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); - if (prompt == NULL) { - BIO_printf(bio_err, "Out of memory\n"); - UI_free(ui); - return 0; - } - - ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; - UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); - - /* We know that there is no previous user data to return to us */ - (void)UI_add_user_data(ui, cb_data); - - ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); - - if (ok >= 0 && verify) { - buff = app_malloc(bufsiz, "password buffer"); - ok = UI_add_verify_string(ui, prompt, ui_flags, buff, - PW_MIN_LENGTH, bufsiz - 1, buf); - } - if (ok >= 0) - do { - ok = UI_process(ui); - } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - - OPENSSL_clear_free(buff, (unsigned int)bufsiz); - - if (ok >= 0) - res = strlen(buf); - if (ok == -1) { - BIO_printf(bio_err, "User interface error\n"); - ERR_print_errors(bio_err); - OPENSSL_cleanse(buf, (unsigned int)bufsiz); - res = 0; - } - if (ok == -2) { - BIO_printf(bio_err, "aborted!\n"); - OPENSSL_cleanse(buf, (unsigned int)bufsiz); - res = 0; - } - UI_free(ui); - OPENSSL_free(prompt); - return res; -} - int wrap_password_callback(char *buf, int bufsiz, int verify, void *userdata) { return password_callback(buf, bufsiz, verify, (PW_CB_DATA *)userdata); } + static char *app_get_pass(const char *arg, int keepbio); int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2) @@ -725,7 +555,9 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, } else { #ifndef OPENSSL_NO_ENGINE if (ENGINE_init(e)) { - pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data); + pkey = ENGINE_load_private_key(e, file, + (UI_METHOD *)get_ui_method(), + &cb_data); ENGINE_finish(e); } if (pkey == NULL) { @@ -792,7 +624,8 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, BIO_printf(bio_err, "no engine specified\n"); } else { #ifndef OPENSSL_NO_ENGINE - pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data); + pkey = ENGINE_load_public_key(e, file, (UI_METHOD *)get_ui_method(), + &cb_data); if (pkey == NULL) { BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip); ERR_print_errors(bio_err); @@ -1295,7 +1128,8 @@ ENGINE *setup_engine(const char *engine, int debug) if (debug) { ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0); } - ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1); + ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, (void *)get_ui_method(), + 0, 1); if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { BIO_printf(bio_err, "can't use that engine\n"); ERR_print_errors(bio_err); @@ -2321,56 +2155,10 @@ int app_access(const char* name, int flag) #endif } -/* app_isdir section */ -#ifdef _WIN32 int app_isdir(const char *name) { - DWORD attr; -# if defined(UNICODE) || defined(_UNICODE) - size_t i, len_0 = strlen(name) + 1; - WCHAR tempname[MAX_PATH]; - - if (len_0 > MAX_PATH) - return -1; - -# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 - if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH)) -# endif - for (i = 0; i < len_0; i++) - tempname[i] = (WCHAR)name[i]; - - attr = GetFileAttributes(tempname); -# else - attr = GetFileAttributes(name); -# endif - if (attr == INVALID_FILE_ATTRIBUTES) - return -1; - return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0); + return opt_isdir(name); } -#else -# include -# ifndef S_ISDIR -# if defined(_S_IFMT) && defined(_S_IFDIR) -# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) -# else -# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) -# endif -# endif - -int app_isdir(const char *name) -{ -# if defined(S_ISDIR) - struct stat st; - - if (stat(name, &st) == 0) - return S_ISDIR(st.st_mode); - else - return -1; -# else - return -1; -# endif -} -#endif /* raw_read|write section */ #if defined(__VMS) @@ -2443,21 +2231,16 @@ int raw_write_stdout(const void *buf, int siz) #endif /* - * Centralized handling if input and output files with format specification + * Centralized handling of input and output files with format specification * The format is meant to show what the input and output is supposed to be, * and is therefore a show of intent more than anything else. However, it - * does impact behavior on some platform, such as differentiating between + * does impact behavior on some platforms, such as differentiating between * text and binary input/output on non-Unix platforms */ -static int istext(int format) -{ - return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT; -} - BIO *dup_bio_in(int format) { return BIO_new_fp(stdin, - BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); } static BIO_METHOD *prefix_method = NULL; @@ -2465,15 +2248,15 @@ static BIO_METHOD *prefix_method = NULL; BIO *dup_bio_out(int format) { BIO *b = BIO_new_fp(stdout, - BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); void *prefix = NULL; #ifdef OPENSSL_SYS_VMS - if (istext(format)) + if (FMT_istext(format)) b = BIO_push(BIO_new(BIO_f_linebuffer()), b); #endif - if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) { + if (FMT_istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) { if (prefix_method == NULL) prefix_method = apps_bf_prefix(); b = BIO_push(BIO_new(prefix_method), b); @@ -2486,9 +2269,9 @@ BIO *dup_bio_out(int format) BIO *dup_bio_err(int format) { BIO *b = BIO_new_fp(stderr, - BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0)); + BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); #ifdef OPENSSL_SYS_VMS - if (istext(format)) + if (FMT_istext(format)) b = BIO_push(BIO_new(BIO_f_linebuffer()), b); #endif return b; @@ -2525,11 +2308,11 @@ static const char *modestr(char mode, int format) switch (mode) { case 'a': - return istext(format) ? "a" : "ab"; + return FMT_istext(format) ? "a" : "ab"; case 'r': - return istext(format) ? "r" : "rb"; + return FMT_istext(format) ? "r" : "rb"; case 'w': - return istext(format) ? "w" : "wb"; + return FMT_istext(format) ? "w" : "wb"; } /* The assert above should make sure we never reach this point */ return NULL; @@ -2567,7 +2350,7 @@ BIO *bio_open_owner(const char *filename, int format, int private) #ifdef O_TRUNC mode |= O_TRUNC; #endif - textmode = istext(format); + textmode = FMT_istext(format); if (!textmode) { #ifdef O_BINARY mode |= O_BINARY; @@ -2746,3 +2529,14 @@ void make_uppercase(char *string) for (i = 0; string[i] != '\0'; i++) string[i] = toupper((unsigned char)string[i]); } + +int opt_printf_stderr(const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = BIO_vprintf(bio_err, fmt, ap); + va_end(ap); + return ret; +} diff --git a/apps/apps.h b/apps/apps.h index 460188df30..da8eae2d87 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -29,6 +29,9 @@ # include # include # include +# include "apps_ui.h" +# include "opt.h" +# include "fmt.h" # if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) # define openssl_fdset(a,b) FD_SET((unsigned int)a, b) @@ -88,330 +91,6 @@ void corrupt_signature(const ASN1_STRING *signature); int set_cert_times(X509 *x, const char *startdate, const char *enddate, int days); -/* - * Common verification options. - */ -# define OPT_V_ENUM \ - OPT_V__FIRST=2000, \ - OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \ - OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \ - OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \ - OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \ - OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \ - OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \ - OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ - OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ - OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ - OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \ - OPT_V__LAST - -# define OPT_V_OPTIONS \ - { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \ - { "purpose", OPT_V_PURPOSE, 's', \ - "certificate chain purpose"}, \ - { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ - { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ - "chain depth limit" }, \ - { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ - "chain authentication security level" }, \ - { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ - { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ - "expected peer hostname" }, \ - { "verify_email", OPT_V_VERIFY_EMAIL, 's', \ - "expected peer email" }, \ - { "verify_ip", OPT_V_VERIFY_IP, 's', \ - "expected peer IP address" }, \ - { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \ - "permit unhandled critical extensions"}, \ - { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \ - { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \ - { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \ - { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \ - { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \ - "set policy variable require-explicit-policy"}, \ - { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \ - "set policy variable inhibit-any-policy"}, \ - { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \ - "set policy variable inhibit-policy-mapping"}, \ - { "x509_strict", OPT_V_X509_STRICT, '-', \ - "disable certificate compatibility work-arounds"}, \ - { "extended_crl", OPT_V_EXTENDED_CRL, '-', \ - "enable extended CRL features"}, \ - { "use_deltas", OPT_V_USE_DELTAS, '-', \ - "use delta CRLs"}, \ - { "policy_print", OPT_V_POLICY_PRINT, '-', \ - "print policy processing diagnostics"}, \ - { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \ - "check root CA self-signatures"}, \ - { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \ - "search trust store first (default)" }, \ - { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \ - { "suiteB_128", OPT_V_SUITEB_128, '-', \ - "Suite B 128-bit mode allowing 192-bit algorithms"}, \ - { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \ - { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \ - "accept chains anchored by intermediate trust-store CAs"}, \ - { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \ - { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \ - { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" } - -# define OPT_V_CASES \ - OPT_V__FIRST: case OPT_V__LAST: break; \ - case OPT_V_POLICY: \ - case OPT_V_PURPOSE: \ - case OPT_V_VERIFY_NAME: \ - case OPT_V_VERIFY_DEPTH: \ - case OPT_V_VERIFY_AUTH_LEVEL: \ - case OPT_V_ATTIME: \ - case OPT_V_VERIFY_HOSTNAME: \ - case OPT_V_VERIFY_EMAIL: \ - case OPT_V_VERIFY_IP: \ - case OPT_V_IGNORE_CRITICAL: \ - case OPT_V_ISSUER_CHECKS: \ - case OPT_V_CRL_CHECK: \ - case OPT_V_CRL_CHECK_ALL: \ - case OPT_V_POLICY_CHECK: \ - case OPT_V_EXPLICIT_POLICY: \ - case OPT_V_INHIBIT_ANY: \ - case OPT_V_INHIBIT_MAP: \ - case OPT_V_X509_STRICT: \ - case OPT_V_EXTENDED_CRL: \ - case OPT_V_USE_DELTAS: \ - case OPT_V_POLICY_PRINT: \ - case OPT_V_CHECK_SS_SIG: \ - case OPT_V_TRUSTED_FIRST: \ - case OPT_V_SUITEB_128_ONLY: \ - case OPT_V_SUITEB_128: \ - case OPT_V_SUITEB_192: \ - case OPT_V_PARTIAL_CHAIN: \ - case OPT_V_NO_ALT_CHAINS: \ - case OPT_V_NO_CHECK_TIME: \ - case OPT_V_ALLOW_PROXY_CERTS - -/* - * Common "extended validation" options. - */ -# define OPT_X_ENUM \ - OPT_X__FIRST=1000, \ - OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \ - OPT_X_CERTFORM, OPT_X_KEYFORM, \ - OPT_X__LAST - -# define OPT_X_OPTIONS \ - { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \ - { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \ - { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \ - { "xchain_build", OPT_X_CHAIN_BUILD, '-', \ - "build certificate chain for the extended certificates"}, \ - { "xcertform", OPT_X_CERTFORM, 'F', \ - "format of Extended certificate (PEM or DER) PEM default " }, \ - { "xkeyform", OPT_X_KEYFORM, 'F', \ - "format of Extended certificate's key (PEM or DER) PEM default"} - -# define OPT_X_CASES \ - OPT_X__FIRST: case OPT_X__LAST: break; \ - case OPT_X_KEY: \ - case OPT_X_CERT: \ - case OPT_X_CHAIN: \ - case OPT_X_CHAIN_BUILD: \ - case OPT_X_CERTFORM: \ - case OPT_X_KEYFORM - -/* - * Common SSL options. - * Any changes here must be coordinated with ../ssl/ssl_conf.c - */ -# define OPT_S_ENUM \ - OPT_S__FIRST=3000, \ - OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ - OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ - OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ - OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ - OPT_S_PRIORITIZE_CHACHA, \ - OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ - OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ - OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ - OPT_S_MINPROTO, OPT_S_MAXPROTO, \ - OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST - -# define OPT_S_OPTIONS \ - {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ - {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ - {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ - {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ - {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ - {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ - {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ - {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ - {"no_ticket", OPT_S_NOTICKET, '-', \ - "Disable use of TLS session tickets"}, \ - {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ - {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ - "Enable use of legacy renegotiation (dangerous)"}, \ - {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \ - "Disable all renegotiation."}, \ - {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \ - "Allow initial connection to servers that don't support RI"}, \ - {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ - "Disallow session resumption on renegotiation"}, \ - {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \ - "Disallow initial connection to servers that don't support RI"}, \ - {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \ - "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \ - {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \ - "Prioritize ChaCha ciphers when preferred by clients"}, \ - {"strict", OPT_S_STRICT, '-', \ - "Enforce strict certificate checks as per TLS standard"}, \ - {"sigalgs", OPT_S_SIGALGS, 's', \ - "Signature algorithms to support (colon-separated list)" }, \ - {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \ - "Signature algorithms to support for client certificate" \ - " authentication (colon-separated list)" }, \ - {"groups", OPT_S_GROUPS, 's', \ - "Groups to advertise (colon-separated list)" }, \ - {"curves", OPT_S_CURVES, 's', \ - "Groups to advertise (colon-separated list)" }, \ - {"named_curve", OPT_S_NAMEDCURVE, 's', \ - "Elliptic curve used for ECDHE (server-side only)" }, \ - {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \ - {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \ - {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ - {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ - {"record_padding", OPT_S_RECORD_PADDING, 's', \ - "Block size to pad TLS 1.3 records to."}, \ - {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ - "Perform all sorts of protocol violations for testing purposes"}, \ - {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ - "Disable TLSv1.3 middlebox compat mode" } - -# define OPT_S_CASES \ - OPT_S__FIRST: case OPT_S__LAST: break; \ - case OPT_S_NOSSL3: \ - case OPT_S_NOTLS1: \ - case OPT_S_NOTLS1_1: \ - case OPT_S_NOTLS1_2: \ - case OPT_S_NOTLS1_3: \ - case OPT_S_BUGS: \ - case OPT_S_NO_COMP: \ - case OPT_S_COMP: \ - case OPT_S_NOTICKET: \ - case OPT_S_SERVERPREF: \ - case OPT_S_LEGACYRENEG: \ - case OPT_S_LEGACYCONN: \ - case OPT_S_ONRESUMP: \ - case OPT_S_NOLEGACYCONN: \ - case OPT_S_ALLOW_NO_DHE_KEX: \ - case OPT_S_PRIORITIZE_CHACHA: \ - case OPT_S_STRICT: \ - case OPT_S_SIGALGS: \ - case OPT_S_CLIENTSIGALGS: \ - case OPT_S_GROUPS: \ - case OPT_S_CURVES: \ - case OPT_S_NAMEDCURVE: \ - case OPT_S_CIPHER: \ - case OPT_S_CIPHERSUITES: \ - case OPT_S_RECORD_PADDING: \ - case OPT_S_NO_RENEGOTIATION: \ - case OPT_S_MINPROTO: \ - case OPT_S_MAXPROTO: \ - case OPT_S_DEBUGBROKE: \ - case OPT_S_NO_MIDDLEBOX - -#define IS_NO_PROT_FLAG(o) \ - (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ - || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) - -/* - * Random state options. - */ -# define OPT_R_ENUM \ - OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST - -# define OPT_R_OPTIONS \ - {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \ - {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"} - -# define OPT_R_CASES \ - OPT_R__FIRST: case OPT_R__LAST: break; \ - case OPT_R_RAND: case OPT_R_WRITERAND - -/* - * Option parsing. - */ -extern const char OPT_HELP_STR[]; -extern const char OPT_MORE_STR[]; -typedef struct options_st { - const char *name; - int retval; - /* - * value type: - no value (also the value zero), n number, p positive - * number, u unsigned, l long, s string, < input file, > output file, - * f any format, F der/pem format, E der/pem/engine format identifier. - * l, n and u include zero; p does not. - */ - int valtype; - const char *helpstr; -} OPTIONS; - -/* - * A string/int pairing; widely use for option value lookup, hence the - * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use - * the "generic" name STRINT_PAIR. - */ -typedef struct string_int_pair_st { - const char *name; - int retval; -} OPT_PAIR, STRINT_PAIR; - -/* Flags to pass into opt_format; see FORMAT_xxx, below. */ -# define OPT_FMT_PEMDER (1L << 1) -# define OPT_FMT_PKCS12 (1L << 2) -# define OPT_FMT_SMIME (1L << 3) -# define OPT_FMT_ENGINE (1L << 4) -# define OPT_FMT_MSBLOB (1L << 5) -/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ -# define OPT_FMT_NSS (1L << 7) -# define OPT_FMT_TEXT (1L << 8) -# define OPT_FMT_HTTP (1L << 9) -# define OPT_FMT_PVK (1L << 10) -# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) -# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) -# define OPT_FMT_ANY ( \ - OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ - OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ - OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) - -char *opt_progname(const char *argv0); -char *opt_getprog(void); -char *opt_init(int ac, char **av, const OPTIONS * o); -int opt_next(void); -int opt_format(const char *s, unsigned long flags, int *result); -int opt_int(const char *arg, int *result); -int opt_ulong(const char *arg, unsigned long *result); -int opt_long(const char *arg, long *result); -#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ - defined(INTMAX_MAX) && defined(UINTMAX_MAX) -int opt_imax(const char *arg, intmax_t *result); -int opt_umax(const char *arg, uintmax_t *result); -#else -# define opt_imax opt_long -# define opt_umax opt_ulong -# define intmax_t long -# define uintmax_t unsigned long -#endif -int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result); -int opt_cipher(const char *name, const EVP_CIPHER **cipherp); -int opt_md(const char *name, const EVP_MD **mdp); -char *opt_arg(void); -char *opt_flag(void); -char *opt_unknown(void); -char **opt_rest(void); -int opt_num_rest(void); -int opt_verify(int i, X509_VERIFY_PARAM *vpm); -int opt_rand(int i); -void opt_help(const OPTIONS * list); -int opt_format_error(const char *s, unsigned long flags); - typedef struct args_st { int size; int argc; @@ -430,20 +109,8 @@ char **copy_argv(int *argc, char *argv[]); */ void win32_utf8argv(int *argc, char **argv[]); - -# define PW_MIN_LENGTH 4 -typedef struct pw_cb_data { - const void *password; - const char *prompt_info; -} PW_CB_DATA; - /* We need both wrap and the "real" function because libcrypto uses both. */ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data); -int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); - -int setup_ui_method(void); -void destroy_ui_method(void); -const UI_METHOD *get_ui_method(void); int chopup_args(ARGS *arg, char *buf); # ifdef HEADER_X509_H @@ -573,29 +240,6 @@ void print_cert_checks(BIO *bio, X509 *x, void store_setup_crl_download(X509_STORE *st); -/* See OPT_FMT_xxx, above. */ -/* On some platforms, it's important to distinguish between text and binary - * files. On some, there might even be specific file formats for different - * contents. The FORMAT_xxx macros are meant to express an intent with the - * file being read or created. - */ -# define B_FORMAT_TEXT 0x8000 -# define FORMAT_UNDEF 0 -# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */ -# define FORMAT_BINARY 2 /* Generic binary */ -# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */ -# define FORMAT_ASN1 4 /* ASN.1/DER */ -# define FORMAT_PEM (5 | B_FORMAT_TEXT) -# define FORMAT_PKCS12 6 -# define FORMAT_SMIME (7 | B_FORMAT_TEXT) -# define FORMAT_ENGINE 8 /* Not really a file format */ -# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */ -# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */ -# define FORMAT_MSBLOB 11 /* MS Key blob format */ -# define FORMAT_PVK 12 /* MS PVK file format */ -# define FORMAT_HTTP 13 /* Download using HTTP */ -# define FORMAT_NSS 14 /* NSS keylog format */ - # define EXT_COPY_NONE 0 # define EXT_COPY_ADD 1 # define EXT_COPY_ALL 2 diff --git a/apps/apps_ui.c b/apps/apps_ui.c new file mode 100644 index 0000000000..bcfe555478 --- /dev/null +++ b/apps/apps_ui.c @@ -0,0 +1,197 @@ +/* + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include "apps_ui.h" + +static UI_METHOD *ui_method = NULL; +static const UI_METHOD *ui_fallback_method = NULL; + + +static int ui_open(UI *ui) +{ + int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method); + + if (opener) + return opener(ui); + return 1; +} + +static int ui_read(UI *ui, UI_STRING *uis) +{ + int (*reader)(UI *ui, UI_STRING *uis) = NULL; + + if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD + && UI_get0_user_data(ui)) { + switch (UI_get_string_type(uis)) { + case UIT_PROMPT: + case UIT_VERIFY: + { + const char *password = + ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + if (password && password[0] != '\0') { + UI_set_result(ui, uis, password); + return 1; + } + } + break; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: + break; + } + } + + reader = UI_method_get_reader(ui_fallback_method); + if (reader) + return reader(ui, uis); + return 1; +} + +static int ui_write(UI *ui, UI_STRING *uis) +{ + int (*writer)(UI *ui, UI_STRING *uis) = NULL; + + if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD + && UI_get0_user_data(ui)) { + switch (UI_get_string_type(uis)) { + case UIT_PROMPT: + case UIT_VERIFY: + { + const char *password = + ((PW_CB_DATA *)UI_get0_user_data(ui))->password; + if (password && password[0] != '\0') + return 1; + } + break; + case UIT_NONE: + case UIT_BOOLEAN: + case UIT_INFO: + case UIT_ERROR: + break; + } + } + + writer = UI_method_get_writer(ui_fallback_method); + if (writer) + return writer(ui, uis); + return 1; +} + +static int ui_close(UI *ui) +{ + int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method); + + if (closer) + return closer(ui); + return 1; +} + +int setup_ui_method(void) +{ + ui_fallback_method = UI_null(); +#ifndef OPENSSL_NO_UI_CONSOLE + ui_fallback_method = UI_OpenSSL(); +#endif + ui_method = UI_create_method("OpenSSL application user interface"); + UI_method_set_opener(ui_method, ui_open); + UI_method_set_reader(ui_method, ui_read); + UI_method_set_writer(ui_method, ui_write); + UI_method_set_closer(ui_method, ui_close); + return 0; +} + +void destroy_ui_method(void) +{ + if (ui_method) { + UI_destroy_method(ui_method); + ui_method = NULL; + } +} + +const UI_METHOD *get_ui_method(void) +{ + return ui_method; +} + +static void *ui_malloc(int sz, const char *what) +{ + void *vp = OPENSSL_malloc(sz); + + if (vp == NULL) { + BIO_printf(bio_err, "Could not allocate %d bytes for %s\n", sz, what); + ERR_print_errors(bio_err); + exit(1); + } + return vp; +} + +int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data) +{ + int res = 0; + UI *ui; + int ok = 0; + char *buff = NULL; + int ui_flags = 0; + const char *prompt_info = NULL; + char *prompt; + + if ((ui = UI_new_method(ui_method)) == NULL) + return 0; + + if (cb_data != NULL && cb_data->prompt_info != NULL) + prompt_info = cb_data->prompt_info; + prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if (prompt == NULL) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + return 0; + } + + ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; + UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); + + /* We know that there is no previous user data to return to us */ + (void)UI_add_user_data(ui, cb_data); + + ok = UI_add_input_string(ui, prompt, ui_flags, buf, + PW_MIN_LENGTH, bufsiz - 1); + + if (ok >= 0 && verify) { + buff = ui_malloc(bufsiz, "password buffer"); + ok = UI_add_verify_string(ui, prompt, ui_flags, buff, + PW_MIN_LENGTH, bufsiz - 1, buf); + } + if (ok >= 0) + do { + ok = UI_process(ui); + } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); + + OPENSSL_clear_free(buff, (unsigned int)bufsiz); + + if (ok >= 0) + res = strlen(buf); + if (ok == -1) { + BIO_printf(bio_err, "User interface error\n"); + ERR_print_errors(bio_err); + OPENSSL_cleanse(buf, (unsigned int)bufsiz); + res = 0; + } + if (ok == -2) { + BIO_printf(bio_err, "aborted!\n"); + OPENSSL_cleanse(buf, (unsigned int)bufsiz); + res = 0; + } + UI_free(ui); + OPENSSL_free(prompt); + return res; +} diff --git a/apps/apps_ui.h b/apps/apps_ui.h new file mode 100644 index 0000000000..36e0864a08 --- /dev/null +++ b/apps/apps_ui.h @@ -0,0 +1,28 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_APPS_UI_H +# define HEADER_APPS_UI_H + + +# define PW_MIN_LENGTH 4 +typedef struct pw_cb_data { + const void *password; + const char *prompt_info; +} PW_CB_DATA; + +int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data); + +int setup_ui_method(void); +void destroy_ui_method(void); +const UI_METHOD *get_ui_method(void); + +extern BIO *bio_err; + +#endif diff --git a/apps/build.info b/apps/build.info index 0577f76c0a..7a5e8762db 100644 --- a/apps/build.info +++ b/apps/build.info @@ -7,7 +7,8 @@ s_client.c s_server.c s_time.c sess_id.c smime.c speed.c spkac.c srp.c ts.c verify.c version.c x509.c rehash.c storeutl.c); our @apps_lib_src = - ( qw(apps.c opt.c s_cb.c s_socket.c app_rand.c bf_prefix.c), + ( qw(apps.c apps_ui.c opt.c fmt.c s_cb.c s_socket.c app_rand.c + bf_prefix.c), split(/\s+/, $target{apps_aux_src}) ); our @apps_init_src = split(/\s+/, $target{apps_init_src}); "" -} diff --git a/apps/fmt.c b/apps/fmt.c new file mode 100644 index 0000000000..5cb4c041a8 --- /dev/null +++ b/apps/fmt.c @@ -0,0 +1,15 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "fmt.h" + +int FMT_istext(int format) +{ + return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT; +} diff --git a/apps/fmt.h b/apps/fmt.h new file mode 100644 index 0000000000..538a20a5cb --- /dev/null +++ b/apps/fmt.h @@ -0,0 +1,44 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Options are shared by apps (see apps.h) and the test system + * (see test/testutil.h'). + * In order to remove the dependency between apps and options, the following + * shared fields have been moved into this file. + */ + +#ifndef HEADER_FMT_H +#define HEADER_FMT_H + +/* On some platforms, it's important to distinguish between text and binary + * files. On some, there might even be specific file formats for different + * contents. The FORMAT_xxx macros are meant to express an intent with the + * file being read or created. + */ +# define B_FORMAT_TEXT 0x8000 +# define FORMAT_UNDEF 0 +# define FORMAT_TEXT (1 | B_FORMAT_TEXT) /* Generic text */ +# define FORMAT_BINARY 2 /* Generic binary */ +# define FORMAT_BASE64 (3 | B_FORMAT_TEXT) /* Base64 */ +# define FORMAT_ASN1 4 /* ASN.1/DER */ +# define FORMAT_PEM (5 | B_FORMAT_TEXT) +# define FORMAT_PKCS12 6 +# define FORMAT_SMIME (7 | B_FORMAT_TEXT) +# define FORMAT_ENGINE 8 /* Not really a file format */ +# define FORMAT_PEMRSA (9 | B_FORMAT_TEXT) /* PEM RSAPubicKey format */ +# define FORMAT_ASN1RSA 10 /* DER RSAPubicKey format */ +# define FORMAT_MSBLOB 11 /* MS Key blob format */ +# define FORMAT_PVK 12 /* MS PVK file format */ +# define FORMAT_HTTP 13 /* Download using HTTP */ +# define FORMAT_NSS 14 /* NSS keylog format */ + +int FMT_istext(int format); + +#endif /* HEADER_FMT_H_ */ diff --git a/apps/opt.c b/apps/opt.c index c6ccceebcf..439f271f53 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -6,7 +6,13 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#include "apps.h" + +/* + * This file is also used by the test suite. Do not #include "apps.h". + */ +#include "opt.h" +#include "fmt.h" +#include "internal/nelem.h" #include #if !defined(OPENSSL_SYS_MSDOS) # include OPENSSL_UNISTD @@ -116,7 +122,7 @@ char *opt_init(int ac, char **av, const OPTIONS *o) /* Store state. */ argc = ac; argv = av; - opt_index = 1; + opt_begin(); opts = o; opt_progname(av[0]); unknown = NULL; @@ -133,15 +139,15 @@ char *opt_init(int ac, char **av, const OPTIONS *o) i = o->valtype; /* Make sure options are legit. */ - assert(o->name[0] != '-'); - assert(o->retval > 0); + OPENSSL_assert(o->name[0] != '-'); + OPENSSL_assert(o->retval > 0); switch (i) { case 0: case '-': case '/': case '<': case '>': case 'E': case 'F': case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's': case 'u': case 'c': break; default: - assert(0); + OPENSSL_assert(0); } /* Make sure there are no duplicates. */ @@ -150,13 +156,13 @@ char *opt_init(int ac, char **av, const OPTIONS *o) * Some compilers inline strcmp and the assert string is too long. */ duplicated = strcmp(o->name, next->name) == 0; - assert(!duplicated); + OPENSSL_assert(!duplicated); } #endif if (o->name[0] == '\0') { - assert(unknown == NULL); + OPENSSL_assert(unknown == NULL); unknown = o; - assert(unknown->valtype == 0 || unknown->valtype == '-'); + OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-'); } } return prog; @@ -181,14 +187,14 @@ int opt_format_error(const char *s, unsigned long flags) OPT_PAIR *ap; if (flags == OPT_FMT_PEMDER) { - BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n", - prog, s); + opt_printf_stderr("%s: Bad format \"%s\"; must be pem or der\n", + prog, s); } else { - BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n", - prog, s); + opt_printf_stderr("%s: Bad format \"%s\"; must be one of:\n", + prog, s); for (ap = formats; ap->name; ap++) if (flags & ap->retval) - BIO_printf(bio_err, " %s\n", ap->name); + opt_printf_stderr(" %s\n", ap->name); } return 0; } @@ -277,7 +283,7 @@ int opt_cipher(const char *name, const EVP_CIPHER **cipherp) *cipherp = EVP_get_cipherbyname(name); if (*cipherp != NULL) return 1; - BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name); + opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name); return 0; } @@ -289,7 +295,7 @@ int opt_md(const char *name, const EVP_MD **mdp) *mdp = EVP_get_digestbyname(name); if (*mdp != NULL) return 1; - BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name); + opt_printf_stderr("%s: Unrecognized flag %s\n", prog, name); return 0; } @@ -303,9 +309,9 @@ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result) *result = pp->retval; return 1; } - BIO_printf(bio_err, "%s: Value must be one of:\n", prog); + opt_printf_stderr("%s: Value must be one of:\n", prog); for (pp = pairs; pp->name; pp++) - BIO_printf(bio_err, "\t%s\n", pp->name); + opt_printf_stderr("\t%s\n", pp->name); return 0; } @@ -318,8 +324,8 @@ int opt_int(const char *value, int *result) return 0; *result = (int)l; if (*result != l) { - BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n", - prog, value); + opt_printf_stderr("%s: Value \"%s\" outside integer range\n", + prog, value); return 0; } return 1; @@ -339,13 +345,12 @@ static void opt_number_error(const char *v) for (i = 0; i < OSSL_NELEM(b); i++) { if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) { - BIO_printf(bio_err, - "%s: Can't parse \"%s\" as %s number\n", - prog, v, b[i].name); + opt_printf_stderr("%s: Can't parse \"%s\" as %s number\n", + prog, v, b[i].name); return; } } - BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v); + opt_printf_stderr("%s: Can't parse \"%s\" as a number\n", prog, v); return; } @@ -458,9 +463,9 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm) X509_PURPOSE *xptmp; const X509_VERIFY_PARAM *vtmp; - assert(vpm != NULL); - assert(opt > OPT_V__FIRST); - assert(opt < OPT_V__LAST); + OPENSSL_assert(vpm != NULL); + OPENSSL_assert(opt > OPT_V__FIRST); + OPENSSL_assert(opt < OPT_V__LAST); switch ((enum range)opt) { case OPT_V__FIRST: @@ -469,7 +474,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm) case OPT_V_POLICY: otmp = OBJ_txt2obj(opt_arg(), 0); if (otmp == NULL) { - BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg()); + opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg()); return 0; } X509_VERIFY_PARAM_add0_policy(vpm, otmp); @@ -478,7 +483,7 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm) /* purpose name -> purpose index */ i = X509_PURPOSE_get_by_sname(opt_arg()); if (i < 0) { - BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg()); + opt_printf_stderr("%s: Invalid purpose %s\n", prog, opt_arg()); return 0; } @@ -489,17 +494,16 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm) i = X509_PURPOSE_get_id(xptmp); if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) { - BIO_printf(bio_err, - "%s: Internal error setting purpose %s\n", - prog, opt_arg()); + opt_printf_stderr("%s: Internal error setting purpose %s\n", + prog, opt_arg()); return 0; } break; case OPT_V_VERIFY_NAME: vtmp = X509_VERIFY_PARAM_lookup(opt_arg()); if (vtmp == NULL) { - BIO_printf(bio_err, "%s: Invalid verify name %s\n", - prog, opt_arg()); + opt_printf_stderr("%s: Invalid verify name %s\n", + prog, opt_arg()); return 0; } X509_VERIFY_PARAM_set1(vpm, vtmp); @@ -518,8 +522,8 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm) if (!opt_imax(opt_arg(), &t)) return 0; if (t != (time_t)t) { - BIO_printf(bio_err, "%s: epoch time out of range %s\n", - prog, opt_arg()); + opt_printf_stderr("%s: epoch time out of range %s\n", + prog, opt_arg()); return 0; } X509_VERIFY_PARAM_set_time(vpm, (time_t)t); @@ -606,6 +610,13 @@ int opt_verify(int opt, X509_VERIFY_PARAM *vpm) } +void opt_begin(void) +{ + opt_index = 1; + arg = NULL; + flag = NULL; +} + /* * Parse the next flag (and value if specified), return 0 if done, -1 on * error, otherwise the flag's retval. @@ -651,8 +662,8 @@ int opt_next(void) /* If it doesn't take a value, make sure none was given. */ if (o->valtype == 0 || o->valtype == '-') { if (arg) { - BIO_printf(bio_err, - "%s: Option -%s does not take a value\n", prog, p); + opt_printf_stderr("%s: Option -%s does not take a value\n", + prog, p); return -1; } return o->retval; @@ -661,8 +672,8 @@ int opt_next(void) /* Want a value; get the next param if =foo not used. */ if (arg == NULL) { if (argv[opt_index] == NULL) { - BIO_printf(bio_err, - "%s: Option -%s needs a value\n", prog, o->name); + opt_printf_stderr("%s: Option -%s needs a value\n", + prog, o->name); return -1; } arg = argv[opt_index++]; @@ -675,9 +686,9 @@ int opt_next(void) /* Just a string. */ break; case '/': - if (app_isdir(arg) > 0) + if (opt_isdir(arg) > 0) break; - BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg); + opt_printf_stderr("%s: Not a directory: %s\n", prog, arg); return -1; case '<': /* Input file. */ @@ -689,41 +700,36 @@ int opt_next(void) case 'n': if (!opt_int(arg, &ival) || (o->valtype == 'p' && ival <= 0)) { - BIO_printf(bio_err, - "%s: Non-positive number \"%s\" for -%s\n", - prog, arg, o->name); + opt_printf_stderr("%s: Non-positive number \"%s\" for -%s\n", + prog, arg, o->name); return -1; } break; case 'M': if (!opt_imax(arg, &imval)) { - BIO_printf(bio_err, - "%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", + prog, arg, o->name); return -1; } break; case 'U': if (!opt_umax(arg, &umval)) { - BIO_printf(bio_err, - "%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", + prog, arg, o->name); return -1; } break; case 'l': if (!opt_long(arg, &lval)) { - BIO_printf(bio_err, - "%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", + prog, arg, o->name); return -1; } break; case 'u': if (!opt_ulong(arg, &ulval)) { - BIO_printf(bio_err, - "%s: Invalid number \"%s\" for -%s\n", - prog, arg, o->name); + opt_printf_stderr("%s: Invalid number \"%s\" for -%s\n", + prog, arg, o->name); return -1; } break; @@ -737,9 +743,8 @@ int opt_next(void) o->valtype == 'F' ? OPT_FMT_PEMDER : OPT_FMT_ANY, &ival)) break; - BIO_printf(bio_err, - "%s: Invalid format \"%s\" for -%s\n", - prog, arg, o->name); + opt_printf_stderr("%s: Invalid format \"%s\" for -%s\n", + prog, arg, o->name); return -1; } @@ -750,7 +755,7 @@ int opt_next(void) dunno = p; return unknown->retval; } - BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p); + opt_printf_stderr("%s: Option unknown option -%s\n", prog, p); return -1; } @@ -848,18 +853,17 @@ void opt_help(const OPTIONS *list) i += 1 + strlen(valtype2param(o)); if (i < MAX_OPT_HELP_WIDTH && i > width) width = i; - assert(i < (int)sizeof(start)); + OPENSSL_assert(i < (int)sizeof(start)); } if (standard_prolog) - BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n", - prog); + opt_printf_stderr("Usage: %s [options]\nValid options are:\n", prog); /* Now let's print. */ for (o = list; o->name; o++) { help = o->helpstr ? o->helpstr : "(No additional info)"; if (o->name == OPT_HELP_STR) { - BIO_printf(bio_err, help, prog); + opt_printf_stderr(help, prog); continue; } @@ -870,7 +874,7 @@ void opt_help(const OPTIONS *list) if (o->name == OPT_MORE_STR) { /* Continuation of previous line; pad and print. */ start[width] = '\0'; - BIO_printf(bio_err, "%s %s\n", start, help); + opt_printf_stderr("%s %s\n", start, help); continue; } @@ -889,10 +893,62 @@ void opt_help(const OPTIONS *list) *p = ' '; if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) { *p = '\0'; - BIO_printf(bio_err, "%s\n", start); + opt_printf_stderr("%s\n", start); memset(start, ' ', sizeof(start)); } start[width] = '\0'; - BIO_printf(bio_err, "%s %s\n", start, help); + opt_printf_stderr("%s %s\n", start, help); } } + +/* opt_isdir section */ +#ifdef _WIN32 +# include +int opt_isdir(const char *name) +{ + DWORD attr; +# if defined(UNICODE) || defined(_UNICODE) + size_t i, len_0 = strlen(name) + 1; + WCHAR tempname[MAX_PATH]; + + if (len_0 > MAX_PATH) + return -1; + +# if !defined(_WIN32_WCE) || _WIN32_WCE>=101 + if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH)) +# endif + for (i = 0; i < len_0; i++) + tempname[i] = (WCHAR)name[i]; + + attr = GetFileAttributes(tempname); +# else + attr = GetFileAttributes(name); +# endif + if (attr == INVALID_FILE_ATTRIBUTES) + return -1; + return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0); +} +#else +# include +# ifndef S_ISDIR +# if defined(_S_IFMT) && defined(_S_IFDIR) +# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR) +# else +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +# endif +# endif + +int opt_isdir(const char *name) +{ +# if defined(S_ISDIR) + struct stat st; + + if (stat(name, &st) == 0) + return S_ISDIR(st.st_mode); + else + return -1; +# else + return -1; +# endif +} +#endif diff --git a/apps/opt.h b/apps/opt.h new file mode 100644 index 0000000000..ecfa06e0b4 --- /dev/null +++ b/apps/opt.h @@ -0,0 +1,344 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#ifndef HEADER_OPT_H +#define HEADER_OPT_H + +#include +#include +#include +#include + +/* + * Common verification options. + */ +# define OPT_V_ENUM \ + OPT_V__FIRST=2000, \ + OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \ + OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \ + OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \ + OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \ + OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \ + OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \ + OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ + OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ + OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ + OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \ + OPT_V__LAST + +# define OPT_V_OPTIONS \ + { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \ + { "purpose", OPT_V_PURPOSE, 's', \ + "certificate chain purpose"}, \ + { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ + { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ + "chain depth limit" }, \ + { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ + "chain authentication security level" }, \ + { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ + { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ + "expected peer hostname" }, \ + { "verify_email", OPT_V_VERIFY_EMAIL, 's', \ + "expected peer email" }, \ + { "verify_ip", OPT_V_VERIFY_IP, 's', \ + "expected peer IP address" }, \ + { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \ + "permit unhandled critical extensions"}, \ + { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \ + { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \ + { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \ + { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \ + { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \ + "set policy variable require-explicit-policy"}, \ + { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \ + "set policy variable inhibit-any-policy"}, \ + { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \ + "set policy variable inhibit-policy-mapping"}, \ + { "x509_strict", OPT_V_X509_STRICT, '-', \ + "disable certificate compatibility work-arounds"}, \ + { "extended_crl", OPT_V_EXTENDED_CRL, '-', \ + "enable extended CRL features"}, \ + { "use_deltas", OPT_V_USE_DELTAS, '-', \ + "use delta CRLs"}, \ + { "policy_print", OPT_V_POLICY_PRINT, '-', \ + "print policy processing diagnostics"}, \ + { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \ + "check root CA self-signatures"}, \ + { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \ + "search trust store first (default)" }, \ + { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \ + { "suiteB_128", OPT_V_SUITEB_128, '-', \ + "Suite B 128-bit mode allowing 192-bit algorithms"}, \ + { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \ + { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \ + "accept chains anchored by intermediate trust-store CAs"}, \ + { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \ + { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \ + { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" } + +# define OPT_V_CASES \ + OPT_V__FIRST: case OPT_V__LAST: break; \ + case OPT_V_POLICY: \ + case OPT_V_PURPOSE: \ + case OPT_V_VERIFY_NAME: \ + case OPT_V_VERIFY_DEPTH: \ + case OPT_V_VERIFY_AUTH_LEVEL: \ + case OPT_V_ATTIME: \ + case OPT_V_VERIFY_HOSTNAME: \ + case OPT_V_VERIFY_EMAIL: \ + case OPT_V_VERIFY_IP: \ + case OPT_V_IGNORE_CRITICAL: \ + case OPT_V_ISSUER_CHECKS: \ + case OPT_V_CRL_CHECK: \ + case OPT_V_CRL_CHECK_ALL: \ + case OPT_V_POLICY_CHECK: \ + case OPT_V_EXPLICIT_POLICY: \ + case OPT_V_INHIBIT_ANY: \ + case OPT_V_INHIBIT_MAP: \ + case OPT_V_X509_STRICT: \ + case OPT_V_EXTENDED_CRL: \ + case OPT_V_USE_DELTAS: \ + case OPT_V_POLICY_PRINT: \ + case OPT_V_CHECK_SS_SIG: \ + case OPT_V_TRUSTED_FIRST: \ + case OPT_V_SUITEB_128_ONLY: \ + case OPT_V_SUITEB_128: \ + case OPT_V_SUITEB_192: \ + case OPT_V_PARTIAL_CHAIN: \ + case OPT_V_NO_ALT_CHAINS: \ + case OPT_V_NO_CHECK_TIME: \ + case OPT_V_ALLOW_PROXY_CERTS + +/* + * Common "extended validation" options. + */ +# define OPT_X_ENUM \ + OPT_X__FIRST=1000, \ + OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \ + OPT_X_CERTFORM, OPT_X_KEYFORM, \ + OPT_X__LAST + +# define OPT_X_OPTIONS \ + { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \ + { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \ + { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \ + { "xchain_build", OPT_X_CHAIN_BUILD, '-', \ + "build certificate chain for the extended certificates"}, \ + { "xcertform", OPT_X_CERTFORM, 'F', \ + "format of Extended certificate (PEM or DER) PEM default " }, \ + { "xkeyform", OPT_X_KEYFORM, 'F', \ + "format of Extended certificate's key (PEM or DER) PEM default"} + +# define OPT_X_CASES \ + OPT_X__FIRST: case OPT_X__LAST: break; \ + case OPT_X_KEY: \ + case OPT_X_CERT: \ + case OPT_X_CHAIN: \ + case OPT_X_CHAIN_BUILD: \ + case OPT_X_CERTFORM: \ + case OPT_X_KEYFORM + +/* + * Common SSL options. + * Any changes here must be coordinated with ../ssl/ssl_conf.c + */ +# define OPT_S_ENUM \ + OPT_S__FIRST=3000, \ + OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ + OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ + OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \ + OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ + OPT_S_PRIORITIZE_CHACHA, \ + OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ + OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ + OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ + OPT_S_MINPROTO, OPT_S_MAXPROTO, \ + OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST + +# define OPT_S_OPTIONS \ + {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ + {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ + {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ + {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ + {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ + {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ + {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ + {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ + {"no_ticket", OPT_S_NOTICKET, '-', \ + "Disable use of TLS session tickets"}, \ + {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ + {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ + "Enable use of legacy renegotiation (dangerous)"}, \ + {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \ + "Disable all renegotiation."}, \ + {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \ + "Allow initial connection to servers that don't support RI"}, \ + {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ + "Disallow session resumption on renegotiation"}, \ + {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \ + "Disallow initial connection to servers that don't support RI"}, \ + {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \ + "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \ + {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \ + "Prioritize ChaCha ciphers when preferred by clients"}, \ + {"strict", OPT_S_STRICT, '-', \ + "Enforce strict certificate checks as per TLS standard"}, \ + {"sigalgs", OPT_S_SIGALGS, 's', \ + "Signature algorithms to support (colon-separated list)" }, \ + {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \ + "Signature algorithms to support for client certificate" \ + " authentication (colon-separated list)" }, \ + {"groups", OPT_S_GROUPS, 's', \ + "Groups to advertise (colon-separated list)" }, \ + {"curves", OPT_S_CURVES, 's', \ + "Groups to advertise (colon-separated list)" }, \ + {"named_curve", OPT_S_NAMEDCURVE, 's', \ + "Elliptic curve used for ECDHE (server-side only)" }, \ + {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \ + {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \ + {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ + {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ + {"record_padding", OPT_S_RECORD_PADDING, 's', \ + "Block size to pad TLS 1.3 records to."}, \ + {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ + "Perform all sorts of protocol violations for testing purposes"}, \ + {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ + "Disable TLSv1.3 middlebox compat mode" } + +# define OPT_S_CASES \ + OPT_S__FIRST: case OPT_S__LAST: break; \ + case OPT_S_NOSSL3: \ + case OPT_S_NOTLS1: \ + case OPT_S_NOTLS1_1: \ + case OPT_S_NOTLS1_2: \ + case OPT_S_NOTLS1_3: \ + case OPT_S_BUGS: \ + case OPT_S_NO_COMP: \ + case OPT_S_COMP: \ + case OPT_S_NOTICKET: \ + case OPT_S_SERVERPREF: \ + case OPT_S_LEGACYRENEG: \ + case OPT_S_LEGACYCONN: \ + case OPT_S_ONRESUMP: \ + case OPT_S_NOLEGACYCONN: \ + case OPT_S_ALLOW_NO_DHE_KEX: \ + case OPT_S_PRIORITIZE_CHACHA: \ + case OPT_S_STRICT: \ + case OPT_S_SIGALGS: \ + case OPT_S_CLIENTSIGALGS: \ + case OPT_S_GROUPS: \ + case OPT_S_CURVES: \ + case OPT_S_NAMEDCURVE: \ + case OPT_S_CIPHER: \ + case OPT_S_CIPHERSUITES: \ + case OPT_S_RECORD_PADDING: \ + case OPT_S_NO_RENEGOTIATION: \ + case OPT_S_MINPROTO: \ + case OPT_S_MAXPROTO: \ + case OPT_S_DEBUGBROKE: \ + case OPT_S_NO_MIDDLEBOX + +#define IS_NO_PROT_FLAG(o) \ + (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ + || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) + +/* + * Random state options. + */ +# define OPT_R_ENUM \ + OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST + +# define OPT_R_OPTIONS \ + {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \ + {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"} + +# define OPT_R_CASES \ + OPT_R__FIRST: case OPT_R__LAST: break; \ + case OPT_R_RAND: case OPT_R_WRITERAND + +/* + * Option parsing. + */ +extern const char OPT_HELP_STR[]; +extern const char OPT_MORE_STR[]; +typedef struct options_st { + const char *name; + int retval; + /* + * value type: - no value (also the value zero), n number, p positive + * number, u unsigned, l long, s string, < input file, > output file, + * f any format, F der/pem format, E der/pem/engine format identifier. + * l, n and u include zero; p does not. + */ + int valtype; + const char *helpstr; +} OPTIONS; + +/* + * A string/int pairing; widely use for option value lookup, hence the + * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use + * the "generic" name STRINT_PAIR. + */ +typedef struct string_int_pair_st { + const char *name; + int retval; +} OPT_PAIR, STRINT_PAIR; + +/* Flags to pass into opt_format; see FORMAT_xxx, below. */ +# define OPT_FMT_PEMDER (1L << 1) +# define OPT_FMT_PKCS12 (1L << 2) +# define OPT_FMT_SMIME (1L << 3) +# define OPT_FMT_ENGINE (1L << 4) +# define OPT_FMT_MSBLOB (1L << 5) +/* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ +# define OPT_FMT_NSS (1L << 7) +# define OPT_FMT_TEXT (1L << 8) +# define OPT_FMT_HTTP (1L << 9) +# define OPT_FMT_PVK (1L << 10) +# define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) +# define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) +# define OPT_FMT_ANY ( \ + OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ + OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ + OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) + +char *opt_progname(const char *argv0); +char *opt_getprog(void); +char *opt_init(int ac, char **av, const OPTIONS * o); +int opt_next(void); +void opt_begin(void); +int opt_format(const char *s, unsigned long flags, int *result); +int opt_int(const char *arg, int *result); +int opt_ulong(const char *arg, unsigned long *result); +int opt_long(const char *arg, long *result); +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) +int opt_imax(const char *arg, intmax_t *result); +int opt_umax(const char *arg, uintmax_t *result); +#else +# define opt_imax opt_long +# define opt_umax opt_ulong +# define intmax_t long +# define uintmax_t unsigned long +#endif +int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result); +int opt_cipher(const char *name, const EVP_CIPHER **cipherp); +int opt_md(const char *name, const EVP_MD **mdp); +char *opt_arg(void); +char *opt_flag(void); +char *opt_unknown(void); +char **opt_rest(void); +int opt_num_rest(void); +int opt_verify(int i, X509_VERIFY_PARAM *vpm); +int opt_rand(int i); +void opt_help(const OPTIONS * list); +int opt_format_error(const char *s, unsigned long flags); +int opt_isdir(const char *name); +int opt_printf_stderr(const char *fmt, ...); + +#endif /* HEADER_OPT_H */ diff --git a/test/asynciotest.c b/test/asynciotest.c index 1085b4af22..3bba098ad7 100644 --- a/test/asynciotest.c +++ b/test/asynciotest.c @@ -393,6 +393,8 @@ static int test_asyncio(int test) return testresult; } +OPT_TEST_DECLARE_USAGE("certname privkey\n") + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) diff --git a/test/bftest.c b/test/bftest.c index 2f9b29387b..5b489251c0 100644 --- a/test/bftest.c +++ b/test/bftest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -434,28 +434,53 @@ static int test_bf_ofb64(void) } #endif +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_PRINT, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "print", OPT_PRINT, '-', "Output test tables instead of running tests"}, + { NULL } + }; + return test_options; +} + int setup_tests(void) { #ifndef OPENSSL_NO_BF + OPTION_CHOICE o; # ifdef CHARSET_EBCDIC int n; - ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data)); for (n = 0; n < 2; n++) { ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n])); } # endif - if (test_get_argument(0) != NULL) { - print_test_data(); - } else { - ADD_ALL_TESTS(test_bf_ecb_raw, 2); - ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS); - ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1); - ADD_TEST(test_bf_cbc); - ADD_TEST(test_bf_cfb64); - ADD_TEST(test_bf_ofb64); + while ((o = opt_next()) != OPT_EOF) { + switch(o) { + case OPT_PRINT: + print_test_data(); + return 1; + case OPT_TEST_CASES: + break; + default: + return 0; + } } + + ADD_ALL_TESTS(test_bf_ecb_raw, 2); + ADD_ALL_TESTS(test_bf_ecb, NUM_TESTS); + ADD_ALL_TESTS(test_bf_set_key, KEY_TEST_NUM-1); + ADD_TEST(test_bf_cbc); + ADD_TEST(test_bf_cfb64); + ADD_TEST(test_bf_ofb64); #endif return 1; } diff --git a/test/bioprinttest.c b/test/bioprinttest.c index aa06039e7b..97151cdf10 100644 --- a/test/bioprinttest.c +++ b/test/bioprinttest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -252,10 +252,38 @@ static int test_big(void) return 1; } +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_PRINT, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "expected", OPT_PRINT, '-', "Output values" }, + { NULL } + }; + return options; +} int setup_tests(void) { - justprint = test_has_option("-expected"); + OPTION_CHOICE o; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_PRINT: + justprint = 1; + break; + case OPT_TEST_CASES: + break; + default: + return 0; + } + } ADD_TEST(test_big); ADD_ALL_TESTS(test_fp, nelem(pw_params)); @@ -300,3 +328,4 @@ int test_flush_stderr(void) { return fflush(stderr); } + diff --git a/test/bntest.c b/test/bntest.c index d042a3e2ba..e4b71e269d 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -2261,6 +2261,17 @@ static int run_file_tests(int i) return c == 0; } +const OPTIONS *test_get_options(void) +{ + enum { OPT_TEST_ENUM }; + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("[file...]\n"), + { OPT_HELP_STR, 1, '-', + "file\tFile to run tests on. Normal tests are not run\n" }, + { NULL } + }; + return test_options; +} int setup_tests(void) { diff --git a/test/build.info b/test/build.info index 0ac2fa76a9..4c29beb2db 100644 --- a/test/build.info +++ b/test/build.info @@ -13,8 +13,9 @@ IF[{- !$disabled{tests} -}] SOURCE[libtestutil.a]=testutil/basic_output.c testutil/output_helpers.c \ testutil/driver.c testutil/tests.c testutil/cb.c testutil/stanza.c \ testutil/format_output.c testutil/tap_bio.c \ - testutil/test_cleanup.c testutil/main.c testutil/init.c - INCLUDE[libtestutil.a]=../include + testutil/test_cleanup.c testutil/main.c testutil/init.c \ + testutil/options.c testutil/test_options.c ../apps/opt.c + INCLUDE[libtestutil.a]=../include .. DEPEND[libtestutil.a]=../libcrypto PROGRAMS{noinst}=\ @@ -398,11 +399,9 @@ IF[{- !$disabled{tests} -}] DEPEND[cipher_overhead_test]=../libcrypto ../libssl libtestutil.a ENDIF - SOURCE[uitest]=uitest.c \ - {- rebase_files("../apps", - split(/\s+/, $target{apps_init_src})) -} + SOURCE[uitest]=uitest.c ../apps/apps_ui.c INCLUDE[uitest]=.. ../include ../apps - DEPEND[uitest]=../apps/libapps.a ../libcrypto ../libssl libtestutil.a + DEPEND[uitest]=../libcrypto ../libssl libtestutil.a SOURCE[cipherbytes_test]=cipherbytes_test.c INCLUDE[cipherbytes_test]=../include diff --git a/test/clienthellotest.c b/test/clienthellotest.c index 6c7783158f..2c1110b13f 100644 --- a/test/clienthellotest.c +++ b/test/clienthellotest.c @@ -240,6 +240,8 @@ end: return testresult; } +OPT_TEST_DECLARE_USAGE("sessionfile\n") + int setup_tests(void) { if (!TEST_ptr(sessionfile = test_get_argument(0))) diff --git a/test/cmsapitest.c b/test/cmsapitest.c index a79ae8c043..2ea8af58b3 100644 --- a/test/cmsapitest.c +++ b/test/cmsapitest.c @@ -1,3 +1,12 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + #include #include @@ -49,6 +58,8 @@ static int test_encrypt_decrypt(void) return testresult; } +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { char *certin = NULL, *privkeyin = NULL; diff --git a/test/conf_include_test.c b/test/conf_include_test.c index 16939ed49e..ba40aa1b2d 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -178,26 +178,50 @@ static int test_check_overflow(void) return 1; } +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_FAIL, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"), + { "f", OPT_FAIL, '-', "A failure is expected" }, + { NULL } + }; + return test_options; +} + int setup_tests(void) { const char *conf_file; - const char *arg2; + OPTION_CHOICE o; if (!TEST_ptr(conf = NCONF_new(NULL))) return 0; - conf_file = test_get_argument(0); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_FAIL: + expect_failure = 1; + break; + case OPT_TEST_CASES: + break; + default: + return 0; + } + } + conf_file = test_get_argument(0); if (!TEST_ptr(conf_file) || !TEST_ptr(in = BIO_new_file(conf_file, "r"))) { TEST_note("Unable to open the file argument"); return 0; } - if ((arg2 = test_get_argument(1)) != NULL && *arg2 == 'f') { - expect_failure = 1; - } - /* * For this test we need to chdir as we use relative * path names in the config files. diff --git a/test/curve448_internal_test.c b/test/curve448_internal_test.c index 92332b3b54..85c0b0e880 100644 --- a/test/curve448_internal_test.c +++ b/test/curve448_internal_test.c @@ -682,19 +682,49 @@ static int test_x448(void) return 1; } +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_PROGRESS, + OPT_SLOW, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("conf_file\n"), + { "f", OPT_SLOW, '-', "Enables a slow test" }, + { "v", OPT_PROGRESS, '-', + "Enables verbose mode (prints progress dots)" }, + { NULL } + }; + return test_options; +} + int setup_tests(void) { - /* - * The test vectors contain one test which takes a very long time to run, - * so we don't do that be default. Using the -f option will cause it to be - * run. - */ - if (test_has_option("-f")) - max = 1000000; + OPTION_CHOICE o; - /* Print progress dots */ - if (test_has_option("-v")) - verbose = 1; + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_TEST_CASES: + break; + default: + return 0; + /* + * The test vectors contain one test which takes a very long time to run + * so we don't do that be default. Using the -f option will cause it to + * be run. + */ + case OPT_SLOW: + max = 1000000; + break; + case OPT_PROGRESS: + verbose = 1; /* Print progress dots */ + break; + } + } ADD_TEST(test_x448); ADD_TEST(test_ed448); diff --git a/test/d2i_test.c b/test/d2i_test.c index 13f6c0ca22..3ce38485bd 100644 --- a/test/d2i_test.c +++ b/test/d2i_test.c @@ -106,6 +106,8 @@ static int test_bad_asn1(void) return ret; } +OPT_TEST_DECLARE_USAGE("item_name expected_error test_file.der\n") + /* * Usage: d2i_test , e.g. * d2i_test generalname bad_generalname.der @@ -127,10 +129,8 @@ int setup_tests(void) if (!TEST_ptr(test_type_name = test_get_argument(0)) || !TEST_ptr(expected_error_string = test_get_argument(1)) - || !TEST_ptr(test_file = test_get_argument(2))) { - TEST_note("Usage: d2i_test item_name expected_error file.der"); + || !TEST_ptr(test_file = test_get_argument(2))) return 0; - } item_type = ASN1_ITEM_lookup(test_type_name); diff --git a/test/danetest.c b/test/danetest.c index 049661854e..26745f908e 100644 --- a/test/danetest.c +++ b/test/danetest.c @@ -409,14 +409,14 @@ end: return ret; } +OPT_TEST_DECLARE_USAGE("basedomain CAfile tlsafile\n") + int setup_tests(void) { if (!TEST_ptr(basedomain = test_get_argument(0)) || !TEST_ptr(CAfile = test_get_argument(1)) - || !TEST_ptr(tlsafile = test_get_argument(2))) { - TEST_error("Usage error: danetest basedomain CAfile tlsafile"); + || !TEST_ptr(tlsafile = test_get_argument(2))) return 0; - } ADD_TEST(run_tlsatest); return 1; diff --git a/test/dtlstest.c b/test/dtlstest.c index d196fb55dc..98a23f858c 100644 --- a/test/dtlstest.c +++ b/test/dtlstest.c @@ -328,6 +328,8 @@ static int test_dtls_duplicate_records(void) return testresult; } +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) diff --git a/test/ecstresstest.c b/test/ecstresstest.c index 8cb43e6a42..a589103f65 100644 --- a/test/ecstresstest.c +++ b/test/ecstresstest.c @@ -18,7 +18,7 @@ #define NUM_REPEATS "1000000" -static int64_t num_repeats; +static intmax_t num_repeats; static int print_mode = 0; #ifndef OPENSSL_NO_EC @@ -39,10 +39,10 @@ static const char *kP256DefaultResult = * point multiplication. * Returns the X-coordinate of the end result or NULL on error. */ -static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, int64_t num) +static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, intmax_t num) { BIGNUM *scalar = NULL; - int64_t i; + intmax_t i; if (!TEST_ptr(scalar = BN_new()) || !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar, @@ -101,20 +101,21 @@ err: } #endif -static int atoi64(const char *in, int64_t *result) +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_NUM_REPEATS, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) { - int64_t ret = 0; - - for ( ; *in != '\0'; in++) { - char c = *in; - - if (!isdigit((unsigned char)c)) - return 0; - ret *= 10; - ret += (c - '0'); - } - *result = ret; - return 1; + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "num", OPT_NUM_REPEATS, 'M', "Number of repeats" }, + { NULL } + }; + return test_options; } /* @@ -124,22 +125,27 @@ static int atoi64(const char *in, int64_t *result) */ int setup_tests(void) { - const char *p; + OPTION_CHOICE o; - if (!atoi64(NUM_REPEATS, &num_repeats)) { + if (!opt_imax(NUM_REPEATS, &num_repeats)) { TEST_error("Cannot parse " NUM_REPEATS); return 0; } - /* - * TODO(openssl-team): code under test/ should be able to reuse the option - * parsing framework currently in apps/. - */ - p = test_get_option_argument("-num"); - if (p != NULL) { - if (!atoi64(p, &num_repeats) - || num_repeats < 0) - return 0; - print_mode = 1; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_NUM_REPEATS: + if (!opt_imax(opt_arg(), &num_repeats) + || num_repeats < 0) + return 0; + print_mode = 1; + break; + case OPT_TEST_CASES: + break; + default: + case OPT_ERR: + return 0; + } } #ifndef OPENSSL_NO_EC diff --git a/test/evp_test.c b/test/evp_test.c index 932b03c68b..49d254dc2b 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -2901,14 +2901,14 @@ static int run_file_tests(int i) return c == 0; } +OPT_TEST_DECLARE_USAGE("file...\n") + int setup_tests(void) { size_t n = test_get_argument_count(); - if (n == 0) { - TEST_error("Usage: %s file...", test_get_program_name()); + if (n == 0) return 0; - } ADD_ALL_TESTS(run_file_tests, n); return 1; diff --git a/test/fatalerrtest.c b/test/fatalerrtest.c index 329191449d..0f18c1b67b 100644 --- a/test/fatalerrtest.c +++ b/test/fatalerrtest.c @@ -82,6 +82,8 @@ static int test_fatalerr(void) return ret; } +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) diff --git a/test/gosttest.c b/test/gosttest.c index 398effa0a3..a03521d8a3 100644 --- a/test/gosttest.c +++ b/test/gosttest.c @@ -78,6 +78,8 @@ static int test_tls13(int idx) return testresult; } +OPT_TEST_DECLARE_USAGE("certfile1 privkeyfile1 certfile2 privkeyfile2\n") + int setup_tests(void) { if (!TEST_ptr(cert1 = test_get_argument(0)) diff --git a/test/ocspapitest.c b/test/ocspapitest.c index 5525f9250a..03b88e064b 100644 --- a/test/ocspapitest.c +++ b/test/ocspapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -133,6 +133,8 @@ static int test_resp_signer(void) } #endif +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { if (!TEST_ptr(certstr = test_get_argument(0)) diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t index c6a86fc009..301f6c1560 100644 --- a/test/recipes/90-test_includes.t +++ b/test/recipes/90-test_includes.t @@ -24,4 +24,4 @@ if ($^O eq "VMS") { ok(run(test(["conf_include_test", data_file("vms-includes-file.cnf")])), "test file includes, VMS syntax"); } -ok(run(test(["conf_include_test", data_file("includes-broken.cnf"), "f"])), "test broken includes"); +ok(run(test(["conf_include_test", "-f", data_file("includes-broken.cnf")])), "test broken includes"); diff --git a/test/recordlentest.c b/test/recordlentest.c index a73e443684..9be354bea8 100644 --- a/test/recordlentest.c +++ b/test/recordlentest.c @@ -181,6 +181,8 @@ static int test_record_overflow(int idx) return testresult; } +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) diff --git a/test/ssl_test.c b/test/ssl_test.c index 4f82bf7256..e54e841827 100644 --- a/test/ssl_test.c +++ b/test/ssl_test.c @@ -500,6 +500,8 @@ err: return ret; } +OPT_TEST_DECLARE_USAGE("conf_file\n") + int setup_tests(void) { long num_tests; diff --git a/test/ssl_test_ctx_test.c b/test/ssl_test_ctx_test.c index fef6166f5f..5f54d1ef24 100644 --- a/test/ssl_test_ctx_test.c +++ b/test/ssl_test_ctx_test.c @@ -240,15 +240,15 @@ static int test_bad_configuration(int idx) return 1; } +OPT_TEST_DECLARE_USAGE("conf_file\n") + int setup_tests(void) { if (!TEST_ptr(conf = NCONF_new(NULL))) return 0; /* argument should point to test/ssl_test_ctx_test.conf */ - if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) { - TEST_note("Missing file argument"); + if (!TEST_int_gt(NCONF_load(conf, test_get_argument(0), NULL), 0)) return 0; - } ADD_TEST(test_empty_configuration); ADD_TEST(test_good_configuration); diff --git a/test/sslapitest.c b/test/sslapitest.c index 69520d7404..6b44c160b1 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -6030,6 +6030,9 @@ static int test_ca_names(int tst) return testresult; } + +OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile\n") + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) diff --git a/test/sslbuffertest.c b/test/sslbuffertest.c index 0ee7bdbabf..9a5ec2b958 100644 --- a/test/sslbuffertest.c +++ b/test/sslbuffertest.c @@ -157,6 +157,8 @@ int global_init(void) return 1; } +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { char *cert, *pkey; diff --git a/test/sslcorrupttest.c b/test/sslcorrupttest.c index 1ca899db88..bffccc86d2 100644 --- a/test/sslcorrupttest.c +++ b/test/sslcorrupttest.c @@ -244,15 +244,15 @@ static int test_ssl_corrupt(int testidx) return testresult; } +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { int n; if (!TEST_ptr(cert = test_get_argument(0)) - || !TEST_ptr(privkey = test_get_argument(1))) { - TEST_note("Usage error: require cert and private key files"); + || !TEST_ptr(privkey = test_get_argument(1))) return 0; - } n = setup_cipher_list(); if (n > 0) diff --git a/test/testutil.h b/test/testutil.h index 10a4b6a78f..9e08a42e5e 100644 --- a/test/testutil.h +++ b/test/testutil.h @@ -1,5 +1,5 @@ /* - * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ #include #include #include +#include "../apps/opt.h" /*- * Simple unit tests should implement setup_tests(). @@ -117,22 +118,80 @@ # define TEST_CASE_NAME __func__ # endif /* __STDC_VERSION__ */ + +/* The default test enum which should be common to all tests */ +#define OPT_TEST_ENUM \ + OPT_TEST_HELP = 500, \ + OPT_TEST_LIST, \ + OPT_TEST_SINGLE, \ + OPT_TEST_ITERATION, \ + OPT_TEST_INDENT, \ + OPT_TEST_SEED + +/* The Default test OPTIONS common to all tests (without a usage string) */ +#define OPT_TEST_OPTIONS \ + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, \ + { "help", OPT_TEST_HELP, '-', "Display this summary" }, \ + { "list", OPT_TEST_LIST, '-', "Display the list of tests available" }, \ + { "test", OPT_TEST_SINGLE, 's', "Run a single test by id or name" }, \ + { "iter", OPT_TEST_ITERATION, 'n', "Run a single iteration of a test" }, \ + { "indent", OPT_TEST_INDENT,'p', "Number of tabs added to output" }, \ + { "seed", OPT_TEST_SEED, 'n', "Seed value to randomize tests with" } + +/* The Default test OPTIONS common to all tests starting with an additional usage string */ +#define OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage) \ + { OPT_HELP_STR, 1, '-', "Usage: %s [options] " usage }, \ + OPT_TEST_OPTIONS + +/* The Default test OPTIONS common to all tests with an default usage string */ +#define OPT_TEST_OPTIONS_DEFAULT_USAGE \ + { OPT_HELP_STR, 1, '-', "Usage: %s [options]\n" }, \ + OPT_TEST_OPTIONS + /* - * Tests that need access to command line arguments should use the functions: - * test_get_argument(int n) to get the nth argument, the first argument is - * argument 0. This function returns NULL on error. - * test_get_argument_count() to get the count of the arguments. - * test_has_option(const char *) to check if the specified option was passed. - * test_get_option_argument(const char *) to get an option which includes an - * argument. NULL is returns if the option is not found. - * const char *test_get_program_name(void) returns the name of the test program - * being executed. + * Optional Cases that need to be ignored by the test app when using opt_next(), + * (that are handled internally). + */ +#define OPT_TEST_CASES \ + OPT_TEST_HELP: \ + case OPT_TEST_LIST: \ + case OPT_TEST_SINGLE: \ + case OPT_TEST_ITERATION: \ + case OPT_TEST_INDENT: \ + case OPT_TEST_SEED + +/* + * Tests that use test_get_argument() that dont have any additional options + * (i.e- dont use opt_next()) can use this to set the usage string. + * It embeds test_get_options() which gives default command line options for + * the test system. + * + * Tests that need to use opt_next() need to specify + * (1) test_get_options() containing an options[] (Which should include either + * OPT_TEST_OPTIONS_DEFAULT_USAGE OR + * OPT_TEST_OPTIONS_WITH_EXTRA_USAGE). + * (2) An enum outside the test_get_options() which contains OPT_TEST_ENUM, as + * well as the additional options that need to be handled. + * (3) case OPT_TEST_CASES: break; inside the opt_next() handling code. + */ +#define OPT_TEST_DECLARE_USAGE(usage_str) \ +const OPTIONS *test_get_options(void) \ +{ \ + enum { OPT_TEST_ENUM }; \ + static const OPTIONS options[] = { \ + OPT_TEST_OPTIONS_WITH_EXTRA_USAGE(usage_str), \ + { NULL } \ + }; \ + return options; \ +} + +/* + * Used to read non optional command line values that follow after the options. + * Returns NULL if there is no argument. */ -const char *test_get_program_name(void); char *test_get_argument(size_t n); +/* Return the number of additional non optional command line arguments */ size_t test_get_argument_count(void); -int test_has_option(const char *option); -const char *test_get_option_argument(const char *option); /* * Internal helpers. Test programs shouldn't use these directly, but should @@ -150,6 +209,16 @@ void add_all_tests(const char *test_case_name, int (*test_fn)(int idx), int num, int global_init(void); int setup_tests(void); void cleanup_tests(void); +/* + * Used to supply test specific command line options, + * If non optional parameters are used, then the first entry in the OPTIONS[] + * should contain: + * { OPT_HELP_STR, 1, '-', "list of non optional commandline params\n"}, + * The last entry should always be { NULL }. + * + * Run the test locally using './test/test_name -help' to check the usage. + */ +const OPTIONS *test_get_options(void); /* * Test assumption verification helpers. diff --git a/test/testutil/driver.c b/test/testutil/driver.c index 3e80a7cb9c..df62625fc0 100644 --- a/test/testutil/driver.c +++ b/test/testutil/driver.c @@ -21,6 +21,7 @@ # define strdup _strdup #endif + /* * Declares the structures needed to register each test case function. */ @@ -36,14 +37,21 @@ typedef struct test_info { static TEST_INFO all_tests[1024]; static int num_tests = 0; +static int show_list = 0; +static int single_test = -1; +static int single_iter = -1; +static int level = 0; static int seed = 0; /* - * A parameterised tests runs a loop of test cases. + * A parameterised test runs a loop of test cases. * |num_test_cases| counts the total number of test cases * across all tests. */ static int num_test_cases = 0; +static int process_shared_options(void); + + void add_test(const char *test_case_name, int (*test_fn) (void)) { assert(num_tests != OSSL_NELEM(all_tests)); @@ -66,8 +74,6 @@ void add_all_tests(const char *test_case_name, int(*test_fn)(int idx), num_test_cases += num; } -static int level = 0; - int subtest_level(void) { return level; @@ -99,21 +105,26 @@ static int gcd(int a, int b) return a; } -void setup_test_framework(void) +static void set_seed(int s) +{ + seed = s; + if (seed <= 0) + seed = (int)time(NULL); + test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed); + test_flush_stdout(); + srand(seed); +} + + +int setup_test_framework(int argc, char *argv[]) { - char *TAP_levels = getenv("HARNESS_OSSL_LEVEL"); char *test_seed = getenv("OPENSSL_TEST_RAND_ORDER"); + char *TAP_levels = getenv("HARNESS_OSSL_LEVEL"); - level = TAP_levels != NULL ? 4 * atoi(TAP_levels) : 0; - - if (test_seed != NULL) { - seed = atoi(test_seed); - if (seed <= 0) - seed = (int)time(NULL); - test_printf_stdout("%*s# RAND SEED %d\n", subtest_level(), "", seed); - test_flush_stdout(); - srand(seed); - } + if (TAP_levels != NULL) + level = 4 * atoi(TAP_levels); + if (test_seed != NULL) + set_seed(atoi(test_seed)); #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (should_report_leaks()) { @@ -121,8 +132,115 @@ void setup_test_framework(void) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); } #endif + if (!opt_init(argc, argv, test_get_options())) + return 0; + return 1; } + +/* + * This can only be called after setup() has run, since num_tests and + * all_tests[] are setup at this point + */ +static int check_single_test_params(char *name, char *testname, char *itname) +{ + if (name != NULL) { + int i; + for (i = 0; i < num_tests; ++i) { + if (strcmp(name, all_tests[i].test_case_name) == 0) { + single_test = 1 + i; + break; + } + } + if (i >= num_tests) + single_test = atoi(name); + } + + + /* if only iteration is specified, assume we want the first test */ + if (single_test == -1 && single_iter != -1) + single_test = 1; + + if (single_test != -1) { + if (single_test < 1 || single_test > num_tests) { + test_printf_stderr("Invalid -%s value " + "(Value must be a valid test name OR a value between %d..%d)\n", + testname, 1, num_tests); + return 0; + } + } + if (single_iter != -1) { + if (all_tests[single_test - 1].num == -1) { + test_printf_stderr("-%s option is not valid for test %d:%s\n", + itname, + single_test, + all_tests[single_test - 1].test_case_name); + return 0; + } else if (single_iter < 1 + || single_iter > all_tests[single_test - 1].num) { + test_printf_stderr("Invalid -%s value for test %d:%s\t" + "(Value must be in the range %d..%d)\n", + itname, single_test, + all_tests[single_test - 1].test_case_name, + 1, all_tests[single_test - 1].num); + return 0; + } + } + return 1; +} + +static int process_shared_options(void) +{ + OPTION_CHOICE_DEFAULT o; + int value; + int ret = -1; + char *flag_test = ""; + char *flag_iter = ""; + char *testname = NULL; + + opt_begin(); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + /* Ignore any test options at this level */ + default: + break; + case OPT_ERR: + return ret; + case OPT_TEST_HELP: + opt_help(test_get_options()); + return 0; + case OPT_TEST_LIST: + show_list = 1; + break; + case OPT_TEST_SINGLE: + flag_test = opt_flag(); + testname = opt_arg(); + break; + case OPT_TEST_ITERATION: + flag_iter = opt_flag(); + if (!opt_int(opt_arg(), &single_iter)) + goto end; + break; + case OPT_TEST_INDENT: + if (!opt_int(opt_arg(), &value)) + goto end; + level = 4 * value; + break; + case OPT_TEST_SEED: + if (!opt_int(opt_arg(), &value)) + goto end; + set_seed(value); + break; + } + } + if (!check_single_test_params(testname, flag_test, flag_iter)) + goto end; + ret = 1; +end: + return ret; +} + + int pulldown_test_framework(int ret) { set_test_title(NULL); @@ -131,7 +249,6 @@ int pulldown_test_framework(int ret) && CRYPTO_mem_leaks_cb(openssl_error_cb, NULL) <= 0) return EXIT_FAILURE; #endif - return ret; } @@ -176,14 +293,21 @@ int run_tests(const char *test_prog_name) int ii, i, jj, j, jstep; int permute[OSSL_NELEM(all_tests)]; + i = process_shared_options(); + if (i == 0) + return EXIT_SUCCESS; + if (i == -1) + return EXIT_FAILURE; + if (num_tests < 1) { test_printf_stdout("%*s1..0 # Skipped: %s\n", level, "", test_prog_name); - } else { + } else if (show_list == 0 && single_test == -1) { if (level > 0) test_printf_stdout("%*s# Subtest: %s\n", level, "", test_prog_name); test_printf_stdout("%*s1..%d\n", level, "", num_tests); } + test_flush_stdout(); for (i = 0; i < num_tests; i++) @@ -198,12 +322,25 @@ int run_tests(const char *test_prog_name) for (ii = 0; ii != num_tests; ++ii) { i = permute[ii]; - if (all_tests[i].num == -1) { + + if (single_test != -1 && ((i+1) != single_test)) { + continue; + } + else if (show_list) { + if (all_tests[i].num != -1) { + test_printf_stdout("%d - %s (%d..%d)\n", ii + 1, + all_tests[i].test_case_name, 1, + all_tests[i].num); + } else { + test_printf_stdout("%d - %s\n", ii + 1, + all_tests[i].test_case_name); + } + test_flush_stdout(); + } else if (all_tests[i].num == -1) { int ret = 0; set_test_title(all_tests[i].test_case_name); ret = all_tests[i].test_fn(); - verdict = 1; if (!ret) { verdict = 0; @@ -215,7 +352,7 @@ int run_tests(const char *test_prog_name) int num_failed_inner = 0; level += 4; - if (all_tests[i].subtest) { + if (all_tests[i].subtest && single_iter == -1) { test_printf_stdout("%*s# Subtest: %s\n", level, "", all_tests[i].test_case_name); test_printf_stdout("%*s%d..%d\n", level, "", 1, @@ -235,6 +372,8 @@ int run_tests(const char *test_prog_name) int ret; j = (j + jstep) % all_tests[i].num; + if (single_iter != -1 && ((jj + 1) != single_iter)) + continue; set_test_title(NULL); ret = all_tests[i].param_test_fn(j); diff --git a/test/testutil/main.c b/test/testutil/main.c index 8b30ac60ec..6716750a30 100644 --- a/test/testutil/main.c +++ b/test/testutil/main.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,28 +8,9 @@ */ #include "../testutil.h" -#include "internal/nelem.h" #include "output.h" #include "tu_local.h" -#include - -static size_t arg_count; -static char **args; -static unsigned char arg_used[1000]; - -static void check_arg_usage(void) -{ - size_t i, n = arg_count < OSSL_NELEM(arg_used) ? arg_count - : OSSL_NELEM(arg_used); - - for (i = 0; i < n; i++) - if (!arg_used[i+1]) - test_printf_stderr("Warning ignored command-line argument %zu: %s\n", - i, args[i+1]); - if (i < arg_count) - test_printf_stderr("Warning arguments %zu and later unchecked\n", i); -} int main(int argc, char *argv[]) { @@ -42,65 +23,18 @@ int main(int argc, char *argv[]) return ret; } - arg_count = argc - 1; - args = argv; + if (!setup_test_framework(argc, argv)) + goto end; - setup_test_framework(); - - if (setup_tests()) + if (setup_tests()) { ret = run_tests(argv[0]); - cleanup_tests(); - check_arg_usage(); - + cleanup_tests(); + opt_check_usage(); + } else { + opt_help(test_get_options()); + } +end: ret = pulldown_test_framework(ret); test_close_streams(); return ret; } - -const char *test_get_program_name(void) -{ - return args[0]; -} - -char *test_get_argument(size_t n) -{ - if (n > arg_count) - return NULL; - if (n + 1 < OSSL_NELEM(arg_used)) - arg_used[n + 1] = 1; - return args[n + 1]; -} - -size_t test_get_argument_count(void) -{ - return arg_count; -} - -int test_has_option(const char *option) -{ - size_t i; - - for (i = 1; i <= arg_count; i++) - if (strcmp(args[i], option) == 0) { - arg_used[i] = 1; - return 1; - } - return 0; -} - -const char *test_get_option_argument(const char *option) -{ - size_t i, n = strlen(option); - - for (i = 1; i <= arg_count; i++) - if (strncmp(args[i], option, n) == 0) { - arg_used[i] = 1; - if (args[i][n] == '\0' && i + 1 < arg_count) { - arg_used[++i] = 1; - return args[i]; - } - return args[i] + n; - } - return NULL; -} - diff --git a/test/testutil/options.c b/test/testutil/options.c new file mode 100644 index 0000000000..9a32d1fb94 --- /dev/null +++ b/test/testutil/options.c @@ -0,0 +1,64 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" +#include "internal/nelem.h" +#include "tu_local.h" +#include "output.h" + + +static int used[100] = { 0 }; + + +size_t test_get_argument_count(void) +{ + return opt_num_rest(); +} + +char *test_get_argument(size_t n) +{ + char **argv = opt_rest(); + + OPENSSL_assert(n < sizeof(used)); + if ((int)n >= opt_num_rest() || argv == NULL) + return NULL; + used[n] = 1; + return argv[n]; +} + +void opt_check_usage(void) +{ + int i; + char **argv = opt_rest(); + int n, arg_count = opt_num_rest(); + + if (arg_count > (int)OSSL_NELEM(used)) + n = (int)OSSL_NELEM(used); + else + n = arg_count; + for (i = 0; i < n; i++) { + if (used[i] == 0) + test_printf_stderr("Warning ignored command-line argument %d: %s\n", + i, argv[i]); + } + if (i < arg_count) + test_printf_stderr("Warning arguments %d and later unchecked\n", i); +} + +int opt_printf_stderr(const char *fmt, ...) +{ + va_list ap; + int ret; + + va_start(ap, fmt); + ret = test_vprintf_stderr(fmt, ap); + va_end(ap); + return ret; +} + diff --git a/test/testutil/test_options.c b/test/testutil/test_options.c new file mode 100644 index 0000000000..99e6d2940a --- /dev/null +++ b/test/testutil/test_options.c @@ -0,0 +1,21 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "../testutil.h" +#include "tu_local.h" + +/* An overridable list of command line options */ +const OPTIONS *test_get_options(void) +{ + static const OPTIONS default_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { NULL } + }; + return default_options; +} diff --git a/test/testutil/tu_local.h b/test/testutil/tu_local.h index 98cfae657e..049d7b1bc2 100644 --- a/test/testutil/tu_local.h +++ b/test/testutil/tu_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,8 +44,16 @@ void test_fail_memory_message(const char *prefix, const char *file, const unsigned char *m1, size_t l1, const unsigned char *m2, size_t l2); -void setup_test_framework(void); +__owur int setup_test_framework(int argc, char *argv[]); __owur int pulldown_test_framework(int ret); __owur int run_tests(const char *test_prog_name); void set_test_title(const char *title); + +typedef enum OPTION_choice_default { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_TEST_ENUM +} OPTION_CHOICE_DEFAULT; +void opt_check_usage(void); + diff --git a/test/tls13ccstest.c b/test/tls13ccstest.c index 521a992c1d..d89354c142 100644 --- a/test/tls13ccstest.c +++ b/test/tls13ccstest.c @@ -481,6 +481,8 @@ static int test_tls13ccs(int tst) return ret; } +OPT_TEST_DECLARE_USAGE("certfile privkeyfile\n") + int setup_tests(void) { if (!TEST_ptr(cert = test_get_argument(0)) diff --git a/test/uitest.c b/test/uitest.c index ba40f52dcd..289f32b6b0 100644 --- a/test/uitest.c +++ b/test/uitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,11 +11,9 @@ #include #include #include -#include "apps.h" +#include "apps_ui.h" #include "testutil.h" -/* apps/apps.c depend on these */ -char *default_config_file = NULL; #include diff --git a/test/v3ext.c b/test/v3ext.c index 80e81e5756..2c8ac6bb20 100644 --- a/test/v3ext.c +++ b/test/v3ext.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,8 @@ end: return ret; } +OPT_TEST_DECLARE_USAGE("cert.pem\n") + int setup_tests(void) { if (!TEST_ptr(infile = test_get_argument(0))) diff --git a/test/verify_extra_test.c b/test/verify_extra_test.c index 25212ddb52..468de62092 100644 --- a/test/verify_extra_test.c +++ b/test/verify_extra_test.c @@ -175,14 +175,14 @@ static int test_store_ctx(void) return testresult; } +OPT_TEST_DECLARE_USAGE("roots.pem untrusted.pem bad.pem\n") + int setup_tests(void) { if (!TEST_ptr(roots_f = test_get_argument(0)) || !TEST_ptr(untrusted_f = test_get_argument(1)) - || !TEST_ptr(bad_f = test_get_argument(2))) { - TEST_error("usage: verify_extra_test roots.pem untrusted.pem bad.pem\n"); + || !TEST_ptr(bad_f = test_get_argument(2))) return 0; - } ADD_TEST(test_alt_chains_cert_forgery); ADD_TEST(test_store_ctx); diff --git a/test/x509_check_cert_pkey_test.c b/test/x509_check_cert_pkey_test.c index 92a7777054..434054f8e4 100644 --- a/test/x509_check_cert_pkey_test.c +++ b/test/x509_check_cert_pkey_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -106,14 +106,25 @@ failed: return ret; } +const OPTIONS *test_get_options(void) +{ + enum { OPT_TEST_ENUM }; + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_WITH_EXTRA_USAGE("certname key.pem type expected\n"), + { OPT_HELP_STR, 1, '-', "certname\tCertificate filename .pem/.req\n" }, + { OPT_HELP_STR, 1, '-', "type\t\tvalue must be 'pem' or 'req'\n" }, + { OPT_HELP_STR, 1, '-', "expected\tthe expected return value\n" }, + { NULL } + }; + return test_options; +} + int setup_tests(void) { if (!TEST_ptr(c = test_get_argument(0)) || !TEST_ptr(k = test_get_argument(1)) || !TEST_ptr(t = test_get_argument(2)) || !TEST_ptr(e = test_get_argument(3))) { - TEST_note("usage: x509_check_cert_pkey cert.pem|cert.req" - " key.pem cert|req "); return 0; } diff --git a/test/x509_dup_cert_test.c b/test/x509_dup_cert_test.c index 6f766b9d6e..ebea488b10 100644 --- a/test/x509_dup_cert_test.c +++ b/test/x509_dup_cert_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -33,14 +33,14 @@ static int test_509_dup_cert(int n) return ret; } +OPT_TEST_DECLARE_USAGE("cert.pem...\n") + int setup_tests(void) { size_t n = test_get_argument_count(); - if (!TEST_int_gt(n, 0)) { - TEST_note("usage: x509_dup_cert_test cert.pem..."); + if (!TEST_int_gt(n, 0)) return 0; - } ADD_ALL_TESTS(test_509_dup_cert, n); return 1; diff --git a/test/x509aux.c b/test/x509aux.c index 4488aa68ca..ec2618d780 100644 --- a/test/x509aux.c +++ b/test/x509aux.c @@ -161,14 +161,13 @@ static int test_certs(int num) return 0; } +OPT_TEST_DECLARE_USAGE("certfile...\n") + int setup_tests(void) { size_t n = test_get_argument_count(); - - if (n == 0) { - TEST_error("usage: %s certfile...", test_get_program_name()); + if (n == 0) return 0; - } ADD_ALL_TESTS(test_certs, (int)n); return 1;