diff options
| author | Rich Salz <rsalz@akamai.com> | 2014-07-10 23:59:41 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@akamai.com> | 2014-07-16 15:11:27 -0400 |
| commit | 2165790269a2a7fe3b2d18c40fd5de5729b42d72 (patch) | |
| tree | 29321b9f0ebe66a9e8b4833b2710a6b7abb490e4 | |
| parent | cf41260962158fd63c0142c26e0be2fa0b1db617 (diff) | |
| download | openssl-new-2165790269a2a7fe3b2d18c40fd5de5729b42d72.tar.gz | |
did pkcs and ts
| -rw-r--r-- | apps/TODO | 4 | ||||
| -rw-r--r-- | apps/openssl.c | 33 | ||||
| -rw-r--r-- | apps/pkcs12.c | 404 | ||||
| -rw-r--r-- | apps/ts.c | 365 |
4 files changed, 402 insertions, 404 deletions
@@ -43,8 +43,8 @@ X 738 srp.c - 758 s_socket.c 789 openssl.c 829 smime.c - 952 pkcs12.c - 1117 ts.c +X 952 pkcs12.c +X 1117 ts.c 1313 x509.c 1447 ocsp.c 1514 cms.c diff --git a/apps/openssl.c b/apps/openssl.c index f1c52b133c..f90e400f4e 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -320,29 +320,28 @@ void unbuffer(FILE* fp) BIO* bio_open_default(const char* filename, const char* mode) { - BIO* ret = NULL; + BIO* ret; if (filename) { ret = BIO_new_file(filename, mode); - if (ret == NULL) { - BIO_printf(bio_err, - "Can't open %s for %s, %s\n", - filename, - *mode == 'r' ? "reading" : "writing", - strerror(errno)); - ERR_print_errors(bio_err); - } + if (ret != NULL) + return ret; + BIO_printf(bio_err, + "Can't open %s for %s, %s\n", + filename, + *mode == 'r' ? "reading" : "writing", + strerror(errno)); } else { ret = *mode == 'r' ? dup_bio_in() : dup_bio_out(); - if (ret == NULL) { - BIO_printf(bio_err, - "Can't open %s, %s\n", - *mode == 'r' ? "stdin" : "stdout", - strerror(errno)); - ERR_print_errors(bio_err); - } + if (ret != NULL) + return ret; + BIO_printf(bio_err, + "Can't open %s, %s\n", + *mode == 'r' ? "stdin" : "stdout", + strerror(errno)); } - return ret; + ERR_print_errors(bio_err); + return NULL; } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index eedffb7b6f..f9ae8786a4 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -68,8 +68,6 @@ #include <openssl/pem.h> #include <openssl/pkcs12.h> -const EVP_CIPHER *enc; - #define NOKEYS 0x1 #define NOCERTS 0x2 @@ -78,10 +76,11 @@ const EVP_CIPHER *enc; #define CACERTS 0x10 int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain); -int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass); +int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass, const EVP_CIPHER* enc); int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass, - int passlen, int options, char *pempass); -int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass); + int passlen, int options, char *pempass, + const EVP_CIPHER* enc); +int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass, const EVP_CIPHER* enc); int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name); void hex_prin(BIO *out, unsigned char *buf, int len); int alg_print(BIO *x, X509_ALGOR *alg); @@ -146,187 +145,207 @@ const char* pkcs12_help[] = { NULL }; -int pkcs12_main(int argc, char **argv) -{ - ENGINE *e = NULL; - char *infile=NULL, *outfile=NULL, *keyname = NULL; - char *certfile=NULL; - BIO *in=NULL, *out = NULL; - char **args; - char *name = NULL; - char *csp_name = NULL; - int add_lmk = 0; - PKCS12 *p12 = NULL; - char pass[50], macpass[50]; - int export_cert = 0; - int options = 0; - int chain = 0; - int badarg = 0; - int iter = PKCS12_DEFAULT_ITER; - int maciter = PKCS12_DEFAULT_ITER; - int twopass = 0; - int keytype = 0; - int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC; - int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - int ret = 1; - int macver = 1; - int noprompt = 0; - STACK_OF(OPENSSL_STRING) *canames = NULL; - char *cpass = NULL, *mpass = NULL; - char *passargin = NULL, *passargout = NULL, *passarg = NULL; - char *passin = NULL, *passout = NULL; - char *inrand = NULL; - char *macalg = NULL; - char *CApath = NULL, *CAfile = NULL; -#ifndef OPENSSL_NO_ENGINE - char *engine=NULL; -#endif - +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS, + OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER, + OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER, + OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE, + OPT_RAND, OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME, + OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH, + OPT_CAFILE, OPT_ENGINE, +}; - enc = EVP_des_ede3_cbc(); - args = argv + 1; - - - while (*args) { - if (*args[0] == '-') { - if (!strcmp (*args, "-nokeys")) options |= NOKEYS; - else if (!strcmp (*args, "-keyex")) keytype = KEY_EX; - else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG; - else if (!strcmp (*args, "-nocerts")) options |= NOCERTS; - else if (!strcmp (*args, "-clcerts")) options |= CLCERTS; - else if (!strcmp (*args, "-cacerts")) options |= CACERTS; - else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS); - else if (!strcmp (*args, "-info")) options |= INFO; - else if (!strcmp (*args, "-chain")) chain = 1; - else if (!strcmp (*args, "-twopass")) twopass = 1; - else if (!strcmp (*args, "-nomacver")) macver = 0; - else if (!strcmp (*args, "-descert")) - cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - else if (!strcmp (*args, "-export")) export_cert = 1; - else if (!strcmp (*args, "-des")) enc=EVP_des_cbc(); - else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc(); -#ifndef OPENSSL_NO_IDEA - else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc(); -#endif -#ifndef OPENSSL_NO_SEED - else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc(); -#endif -#ifndef OPENSSL_NO_AES - else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc(); - else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc(); - else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc(); -#endif -#ifndef OPENSSL_NO_CAMELLIA - else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc(); - else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc(); - else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc(); -#endif - else if (!strcmp (*args, "-noiter")) iter = 1; - else if (!strcmp (*args, "-maciter")) - maciter = PKCS12_DEFAULT_ITER; - else if (!strcmp (*args, "-nomaciter")) - maciter = 1; - else if (!strcmp (*args, "-nomac")) - maciter = -1; - else if (!strcmp (*args, "-macalg")) - if (args[1]) { - args++; - macalg = *args; - } else badarg = 1; - else if (!strcmp (*args, "-nodes")) enc=NULL; - else if (!strcmp (*args, "-certpbe")) { - if (!set_pbe(bio_err, &cert_pbe, *++args)) - badarg = 1; - } else if (!strcmp (*args, "-keypbe")) { - if (!set_pbe(bio_err, &key_pbe, *++args)) - badarg = 1; - } else if (!strcmp (*args, "-rand")) { - if (args[1]) { - args++; - inrand = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-inkey")) { - if (args[1]) { - args++; - keyname = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-certfile")) { - if (args[1]) { - args++; - certfile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-name")) { - if (args[1]) { - args++; - name = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-LMK")) - add_lmk = 1; - else if (!strcmp (*args, "-CSP")) { - if (args[1]) { - args++; - csp_name = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-caname")) { - if (args[1]) { - args++; - if (!canames) canames = sk_OPENSSL_STRING_new_null(); - sk_OPENSSL_STRING_push(canames, *args); - } else badarg = 1; - } else if (!strcmp (*args, "-in")) { - if (args[1]) { - args++; - infile = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-out")) { - if (args[1]) { - args++; - outfile = *args; - } else badarg = 1; - } else if (!strcmp(*args,"-passin")) { - if (args[1]) { - args++; - passargin = *args; - } else badarg = 1; - } else if (!strcmp(*args,"-passout")) { - if (args[1]) { - args++; - passargout = *args; - } else badarg = 1; - } else if (!strcmp (*args, "-password")) { - if (args[1]) { - args++; - passarg = *args; - noprompt = 1; - } else badarg = 1; - } else if (!strcmp(*args,"-CApath")) { - if (args[1]) { - args++; - CApath = *args; - } else badarg = 1; - } else if (!strcmp(*args,"-CAfile")) { - if (args[1]) { - args++; - CAfile = *args; - } else badarg = 1; +static OPTIONS optionlist[] = { + { "", OPT_CIPHER, '-' }, + { "nokeys", OPT_NOKEYS, '-' }, + { "keyex", OPT_KEYEX, '-' }, + { "keysig", OPT_KEYSIG, '-' }, + { "nocerts", OPT_NOCERTS, '-' }, + { "clcerts", OPT_CLCERTS, '-' }, + { "cacerts", OPT_CACERTS, '-' }, + { "noout", OPT_NOOUT, '-' }, + { "info", OPT_INFO, '-' }, + { "chain", OPT_CHAIN, '-' }, + { "twopass", OPT_TWOPASS, '-' }, + { "nomacver", OPT_NOMACVER, '-' }, + { "descert", OPT_DESCERT, '-' }, + { "export", OPT_EXPORT, '-' }, + { "noiter", OPT_NOITER, '-' }, + { "maciter", OPT_MACITER, '-' }, + { "nomaciter", OPT_NOMACITER, '-' }, + { "nomac", OPT_NOMAC, '-' }, + { "LMK", OPT_LMK, '-' }, + { "nodes", OPT_NODES, '-' }, + { "macalg", OPT_MACALG, 's' }, + { "certpbe", OPT_CERTPBE, 's' }, + { "keypbe", OPT_KEYPBE, 's' }, + { "rand", OPT_RAND, 's' }, + { "inkey", OPT_INKEY, '<' }, + { "certfile", OPT_CERTFILE, '<' }, + { "name", OPT_NAME, 's' }, + { "CSP", OPT_CSP, 's' }, + { "caname", OPT_CANAME, 's' }, + { "in", OPT_IN, '<' }, + { "out", OPT_OUT, '>' }, + { "passin", OPT_PASSIN, 's' }, + { "passout", OPT_PASSOUT, 's' }, + { "password", OPT_PASSWORD, 's' }, + { "CApath", OPT_CAPATH, '/' }, + { "CAfile", OPT_CAFILE, '<' }, #ifndef OPENSSL_NO_ENGINE - } else if (!strcmp(*args,"-engine")) { - if (args[1]) { - args++; - engine = *args; - } else badarg = 1; + { "engine", OPT_ENGINE, 's' }, #endif - } else badarg = 1; - - } else badarg = 1; - args++; - } + { NULL } +}; - if (badarg) { - BIO_printf (bio_err, "Usage: pkcs12 [options]\n"); - BIO_printf (bio_err, "where options are\n"); - printhelp(pkcs12_help); - goto end; +int pkcs12_main(int argc, char **argv) +{ + char *infile=NULL, *outfile=NULL, *keyname=NULL, *certfile=NULL; + char *name=NULL, *csp_name=NULL; + char pass[50], macpass[50]; + int export_cert=0, options=0, chain=0, twopass=0, keytype=0; + int iter=PKCS12_DEFAULT_ITER, maciter=PKCS12_DEFAULT_ITER; + int cert_pbe=NID_pbe_WithSHA1And40BitRC2_CBC; + int key_pbe=NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + int ret=1, macver=1, noprompt=0, add_lmk=0; + char *passinarg=NULL, *passoutarg=NULL, *passarg=NULL; + char *passin=NULL, *passout=NULL, *inrand=NULL, *macalg=NULL; + char *cpass=NULL, *mpass=NULL, *CApath=NULL, *CAfile=NULL; + char *engine=NULL, *prog; + ENGINE *e=NULL; + BIO *in=NULL, *out=NULL; + PKCS12 *p12=NULL; + STACK_OF(OPENSSL_STRING) *canames=NULL; + const EVP_CIPHER *enc = EVP_des_ede3_cbc(); + enum options o; + + prog = opt_init(argc, argv, optionlist); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(pkcs12_help); + goto end; + case OPT_NOKEYS: + options |= NOKEYS; + break; + case OPT_KEYEX: + keytype = KEY_EX; + break; + case OPT_KEYSIG: + keytype = KEY_SIG; + break; + case OPT_NOCERTS: + options |= NOCERTS; + break; + case OPT_CLCERTS: + options |= CLCERTS; + break; + case OPT_CACERTS: + options |= CACERTS; + break; + case OPT_NOOUT: + options |= (NOKEYS|NOCERTS); + break; + case OPT_INFO: + options |= INFO; + break; + case OPT_CHAIN: + chain = 1; + break; + case OPT_TWOPASS: + twopass = 1; + break; + case OPT_NOMACVER: + macver = 0; + break; + case OPT_DESCERT: + cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + break; + case OPT_EXPORT: + export_cert = 1; + break; + case OPT_CIPHER: + if (!opt_cipher(opt_unknown(), &enc)) + goto err; + break; + case OPT_NOITER: + iter = 1; + break; + case OPT_MACITER: + maciter = PKCS12_DEFAULT_ITER; + break; + case OPT_NOMACITER: + maciter = 1; + break; + case OPT_NOMAC: + maciter = -1; + break; + case OPT_MACALG: + macalg = opt_arg(); + break; + case OPT_NODES: + enc=NULL; + break; + case OPT_CERTPBE: + if (!set_pbe(bio_err, &cert_pbe, opt_arg())) + goto err; + break; + case OPT_KEYPBE: + if (!set_pbe(bio_err, &key_pbe, opt_arg())) + goto err; + break; + case OPT_RAND: + inrand = opt_arg(); + break; + case OPT_INKEY: + keyname = opt_arg(); + break; + case OPT_CERTFILE: + certfile = opt_arg(); + break; + case OPT_NAME: + name = opt_arg(); + break; + case OPT_LMK: + add_lmk = 1; + break; + case OPT_CSP: + csp_name = opt_arg(); + break; + case OPT_CANAME: + if (canames == NULL) + canames = sk_OPENSSL_STRING_new_null(); + sk_OPENSSL_STRING_push(canames, opt_arg()); + break; + case OPT_IN: + infile = opt_arg(); + break; + case OPT_OUT: + outfile = opt_arg(); + break; + case OPT_PASSIN: + passinarg = opt_arg(); + break; + case OPT_PASSOUT: + passoutarg = opt_arg(); + break; + case OPT_PASSWORD: + passarg = opt_arg(); + break; + case OPT_CAPATH: + CApath = opt_arg(); + break; + case OPT_CAFILE: + CAfile = opt_arg(); + break; + case OPT_ENGINE: + engine = opt_arg(); + break; + } } #ifndef OPENSSL_NO_ENGINE @@ -334,11 +353,11 @@ int pkcs12_main(int argc, char **argv) #endif if(passarg) { - if(export_cert) passargout = passarg; - else passargin = passarg; + if(export_cert) passoutarg = passarg; + else passinarg = passarg; } - if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) { + if(!app_passwd(bio_err, passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); goto end; } @@ -574,7 +593,7 @@ int pkcs12_main(int argc, char **argv) BIO_printf (bio_err, "MAC verified OK\n"); } - if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) { + if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout, enc)) { BIO_printf(bio_err, "Error outputting keys and certificates\n"); ERR_print_errors (bio_err); goto end; @@ -592,7 +611,7 @@ int pkcs12_main(int argc, char **argv) } int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, - int passlen, int options, char *pempass) + int passlen, int options, char *pempass, const EVP_CIPHER* enc) { STACK_OF(PKCS7) *asafes = NULL; STACK_OF(PKCS12_SAFEBAG) *bags; @@ -617,7 +636,7 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, } else continue; if (!bags) goto err; if (!dump_certs_pkeys_bags (out, bags, pass, passlen, - options, pempass)) { + options, pempass, enc)) { sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free); goto err; } @@ -634,21 +653,22 @@ int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass, } int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, - char *pass, int passlen, int options, char *pempass) + char *pass, int passlen, int options, char *pempass, + const EVP_CIPHER * enc) { int i; for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) { if (!dump_certs_pkeys_bag (out, sk_PKCS12_SAFEBAG_value (bags, i), pass, passlen, - options, pempass)) + options, pempass, enc)) return 0; } return 1; } int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, - int passlen, int options, char *pempass) + int passlen, int options, char *pempass, const EVP_CIPHER* enc) { EVP_PKEY *pkey; PKCS8_PRIV_KEY_INFO *p8; @@ -705,7 +725,7 @@ int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass, if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n"); print_attribs (out, bag->attrib, "Bag Attributes"); return dump_certs_pkeys_bags (out, bag->value.safes, pass, - passlen, options, pempass); + passlen, options, pempass, enc); default: BIO_printf (bio_err, "Warning unsupported bag type: "); @@ -67,27 +67,6 @@ #include <openssl/ts.h> #include <openssl/bn.h> -const char* ts_help[] = { - "ts -query [-rand filefile%c...] [-config configfile] " - "[-data file_to_hash] [-digest digest_bytes]" - "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " - "[-policy object_id] [-no_nonce] [-cert] " - "[-in request.tsq] [-out request.tsq] [-text]", - "ts -reply [-config configfile] [-section tsa_section] " - "[-queryfile request.tsq] [-passin password] " - "[-signer tsa_cert.pem] [-inkey private_key.pem] " - "[-chain certs_file.pem] [-policy object_id] " - "[-in response.tsr] [-token_in] " - "[-out response.tsr] [-token_out] [-text] [-engine id]", - "ts -verify [-data file_to_hash] [-digest digest_bytes] " - "[-queryfile request.tsq] " - "-in response.tsr [-token_in] " - "-CApath ca_path -CAfile ca_file.pem " - "-untrusted cert_file.pem", - NULL -}; - - /* Length of the nonce of the request in bits (must be a multiple of 8). */ #define NONCE_LENGTH 64 @@ -134,171 +113,175 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, static X509_STORE *create_cert_store(char *ca_path, char *ca_file); static int verify_cb(int ok, X509_STORE_CTX *ctx); -/* Main function definition. */ + +const char* ts_help[] = { + "ts -query [-rand filefile%c...] [-config configfile] " + "[-data file_to_hash] [-digest digest_bytes]" + "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " + "[-policy object_id] [-no_nonce] [-cert] " + "[-in request.tsq] [-out request.tsq] [-text]", + "ts -reply [-config configfile] [-section tsa_section] " + "[-queryfile request.tsq] [-passin password] " + "[-signer tsa_cert.pem] [-inkey private_key.pem] " + "[-chain certs_file.pem] [-policy object_id] " + "[-in response.tsr] [-token_in] " + "[-out response.tsr] [-token_out] [-text] [-engine id]", + "ts -verify [-data file_to_hash] [-digest digest_bytes] " + "[-queryfile request.tsq] " + "-in response.tsr [-token_in] " + "-CApath ca_path -CAfile ca_file.pem " + "-untrusted cert_file.pem", + NULL +}; + +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA, + OPT_DIGEST, OPT_RAND, OPT_POLICY, OPT_NO_NONCE, OPT_CERT, + OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT, + OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER, + OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED, + OPT_MD, +}; + +static OPTIONS options[] = { +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's' }, +#endif + { "config", OPT_CONFIG, '<' }, + { "section", OPT_SECTION, 's' }, + { "query", OPT_QUERY, '-' }, + { "data", OPT_DATA, 's' }, + { "digest", OPT_DIGEST, 's' }, + { "rand", OPT_RAND, 's' }, + { "policy", OPT_POLICY, 's' }, + { "no_nonce", OPT_NO_NONCE, '-' }, + { "cert", OPT_CERT, '-' }, + { "in", OPT_IN, '<' }, + { "token_in", OPT_TOKEN_IN, '-' }, + { "out", OPT_OUT, '>' }, + { "token_out", OPT_TOKEN_OUT, '-' }, + { "text", OPT_TEXT, '-' }, + { "reply", OPT_REPLY, '-' }, + { "queryfile", OPT_QUERYFILE, '<' }, + { "passin", OPT_PASSIN, 's' }, + { "inkey", OPT_INKEY, '<' }, + { "signer", OPT_SIGNER, 's' }, + { "chain", OPT_CHAIN, 's' }, + { "verify", OPT_VERIFY, '-' }, + { "CApath", OPT_CAPATH, '/' }, + { "CAfile", OPT_CAFILE, '<' }, + { "untrusted", OPT_UNTRUSTED, '<' }, + { "", OPT_MD, '-' }, + { NULL } +}; + int ts_main(int argc, char **argv) { - int ret = 1; - char *configfile = NULL; - char *section = NULL; - CONF *conf = NULL; - enum mode { - CMD_NONE, CMD_QUERY, CMD_REPLY, CMD_VERIFY - } mode = CMD_NONE; - char *data = NULL; - char *digest = NULL; - const EVP_MD *md = NULL; - char *rnd = NULL; - char *policy = NULL; - int no_nonce = 0; - int cert = 0; - char *in = NULL; - char *out = NULL; - int text = 0; - char *queryfile = NULL; - char *passin = NULL; /* Password source. */ - char *password =NULL; /* Password itself. */ - char *inkey = NULL; - char *signer = NULL; - char *chain = NULL; - char *ca_path = NULL; - char *ca_file = NULL; - char *untrusted = NULL; - char *engine = NULL; - /* Input is ContentInfo instead of TimeStampResp. */ - int token_in = 0; - /* Output is ContentInfo instead of TimeStampResp. */ - int token_out = 0; - - for (argc--, argv++; argc > 0; argc--, argv++) - { - if (strcmp(*argv, "-config") == 0) - { - if (argc-- < 1) goto usage; - configfile = *++argv; - } - else if (strcmp(*argv, "-section") == 0) - { - if (argc-- < 1) goto usage; - section = *++argv; - } - else if (strcmp(*argv, "-query") == 0) - { - if (mode != CMD_NONE) goto usage; - mode = CMD_QUERY; - } - else if (strcmp(*argv, "-data") == 0) - { - if (argc-- < 1) goto usage; - data = *++argv; - } - else if (strcmp(*argv, "-digest") == 0) - { - if (argc-- < 1) goto usage; - digest = *++argv; - } - else if (strcmp(*argv, "-rand") == 0) - { - if (argc-- < 1) goto usage; - rnd = *++argv; - } - else if (strcmp(*argv, "-policy") == 0) - { - if (argc-- < 1) goto usage; - policy = *++argv; - } - else if (strcmp(*argv, "-no_nonce") == 0) - { + CONF *conf=NULL; + enum options mode = OPT_ERR; + char *data=NULL, *digest=NULL, *rnd=NULL, *policy=NULL; + const EVP_MD *md=NULL; + int ret=1, no_nonce=0, cert=0, text=0; + char *configfile=NULL, *section=NULL; + char *in=NULL, *out=NULL, *queryfile=NULL, *passin=NULL, *password=NULL; + char *inkey=NULL, *signer=NULL, *chain=NULL, *ca_path=NULL; + char *ca_file=NULL, *untrusted=NULL, *engine=NULL, * prog; + int token_in=0; /* Input is ContentInfo instead of TimeStampResp. */ + int token_out=0; /* Output is ContentInfo instead of TimeStampResp. */ + enum options o; + + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(ts_help); + goto end; + case OPT_CONFIG: + configfile = opt_arg(); + break; + case OPT_SECTION: + section = opt_arg(); + break; + case OPT_QUERY: + case OPT_REPLY: + case OPT_VERIFY: + if (mode != OPT_ERR) + goto err; + mode = o; + break; + case OPT_DATA: + data = opt_arg(); + break; + case OPT_DIGEST: + digest = opt_arg(); + break; + case OPT_RAND: + rnd = opt_arg(); + break; + case OPT_POLICY: + policy = opt_arg(); + break; + case OPT_NO_NONCE: no_nonce = 1; - } - else if (strcmp(*argv, "-cert") == 0) - { + break; + case OPT_CERT: cert = 1; - } - else if (strcmp(*argv, "-in") == 0) - { - if (argc-- < 1) goto usage; - in = *++argv; - } - else if (strcmp(*argv, "-token_in") == 0) - { + break; + case OPT_IN: + in = opt_arg(); + break; + case OPT_TOKEN_IN: token_in = 1; - } - else if (strcmp(*argv, "-out") == 0) - { - if (argc-- < 1) goto usage; - out = *++argv; - } - else if (strcmp(*argv, "-token_out") == 0) - { + break; + case OPT_OUT: + out = opt_arg(); + break; + case OPT_TOKEN_OUT: token_out = 1; - } - else if (strcmp(*argv, "-text") == 0) - { + break; + case OPT_TEXT: text = 1; - } - else if (strcmp(*argv, "-reply") == 0) - { - if (mode != CMD_NONE) goto usage; - mode = CMD_REPLY; - } - else if (strcmp(*argv, "-queryfile") == 0) - { - if (argc-- < 1) goto usage; - queryfile = *++argv; - } - else if (strcmp(*argv, "-passin") == 0) - { - if (argc-- < 1) goto usage; - passin = *++argv; - } - else if (strcmp(*argv, "-inkey") == 0) - { - if (argc-- < 1) goto usage; - inkey = *++argv; - } - else if (strcmp(*argv, "-signer") == 0) - { - if (argc-- < 1) goto usage; - signer = *++argv; - } - else if (strcmp(*argv, "-chain") == 0) - { - if (argc-- < 1) goto usage; - chain = *++argv; - } - else if (strcmp(*argv, "-verify") == 0) - { - if (mode != CMD_NONE) goto usage; - mode = CMD_VERIFY; - } - else if (strcmp(*argv, "-CApath") == 0) - { - if (argc-- < 1) goto usage; - ca_path = *++argv; - } - else if (strcmp(*argv, "-CAfile") == 0) - { - if (argc-- < 1) goto usage; - ca_file = *++argv; - } - else if (strcmp(*argv, "-untrusted") == 0) - { - if (argc-- < 1) goto usage; - untrusted = *++argv; - } - else if (strcmp(*argv, "-engine") == 0) - { - if (argc-- < 1) goto usage; - engine = *++argv; - } - else if (!opt_md(opt_unknown(), &md)) - goto usage; - else - goto usage; + break; + case OPT_QUERYFILE: + queryfile = opt_arg(); + break; + case OPT_PASSIN: + passin = opt_arg(); + break; + case OPT_INKEY: + inkey = opt_arg(); + break; + case OPT_SIGNER: + signer = opt_arg(); + break; + case OPT_CHAIN: + chain = opt_arg(); + break; + case OPT_CAPATH: + ca_path = opt_arg(); + break; + case OPT_CAFILE: + ca_file = opt_arg(); + break; + case OPT_UNTRUSTED: + untrusted = opt_arg(); + break; + case OPT_ENGINE: + engine = opt_arg(); + break; + case OPT_MD: + if (!opt_md(opt_unknown(), &md)) + goto err; + break; } + } /* Seed the random number generator if it is going to be used. */ - if (mode == CMD_QUERY && !no_nonce) + if (mode == OPT_QUERY && !no_nonce) { if (!app_RAND_load_file(NULL, bio_err, 1) && rnd == NULL) BIO_printf(bio_err, "warning, not much extra random " @@ -309,64 +292,60 @@ int ts_main(int argc, char **argv) } /* Get the password if required. */ - if(mode == CMD_REPLY && passin && + if(mode == OPT_REPLY && passin && !app_passwd(bio_err, passin, NULL, &password, NULL)) { BIO_printf(bio_err,"Error getting password.\n"); - goto cleanup; + goto end; } /* Check consistency of parameters and execute the appropriate function. */ switch (mode) { - case CMD_NONE: - goto usage; - case CMD_QUERY: + default: + case OPT_ERR: + goto err; + case OPT_QUERY: /* Data file and message imprint cannot be specified at the same time. */ ret = data != NULL && digest != NULL; - if (ret) goto usage; + if (ret) goto err; /* Load the config file for possible policy OIDs. */ conf = load_config_file(configfile); ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); break; - case CMD_REPLY: + case OPT_REPLY: conf = load_config_file(configfile); if (in == NULL) { ret = !(queryfile != NULL && conf != NULL && !token_in); - if (ret) goto usage; + if (ret) goto err; } else { /* 'in' and 'queryfile' are exclusive. */ ret = !(queryfile == NULL); - if (ret) goto usage; + if (ret) goto err; } ret = !reply_command(conf, section, engine, queryfile, password, inkey, signer, chain, policy, in, token_in, out, token_out, text); break; - case CMD_VERIFY: + case OPT_VERIFY: ret = !(((queryfile && !data && !digest) || (!queryfile && data && !digest) || (!queryfile && !data && digest)) && in != NULL); - if (ret) goto usage; + if (ret) goto err; ret = !verify_command(data, digest, queryfile, in, token_in, ca_path, ca_file, untrusted); } - goto cleanup; - - usage: - BIO_printf(bio_err, "usage:\n"); - printhelp(ts_help); - cleanup: + end: /* Clean up. */ app_RAND_write_file(NULL, bio_err); NCONF_free(conf); |