diff options
| author | Rich Salz <rsalz@akamai.com> | 2014-07-14 18:02:59 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@akamai.com> | 2014-07-16 15:12:58 -0400 |
| commit | 77a2a0e1421521f04fecfd7c0d6297d74ffbf394 (patch) | |
| tree | 6b149b44feaddcb0118999a947da5b4003ac7812 | |
| parent | b15f5aa882b5c4a05e5df2c0d397b4f53909e5df (diff) | |
| download | openssl-new-77a2a0e1421521f04fecfd7c0d6297d74ffbf394.tar.gz | |
First batch of unified help/options
| -rw-r--r-- | apps/apps.h | 13 | ||||
| -rw-r--r-- | apps/asn1pars.c | 57 | ||||
| -rw-r--r-- | apps/ca.c | 121 | ||||
| -rw-r--r-- | apps/ciphers.c | 31 | ||||
| -rw-r--r-- | apps/cms.c | 176 | ||||
| -rw-r--r-- | apps/crl.c | 71 | ||||
| -rw-r--r-- | apps/crl2p7.c | 31 | ||||
| -rw-r--r-- | apps/dgst.c | 95 | ||||
| -rw-r--r-- | apps/dh.c | 43 | ||||
| -rw-r--r-- | apps/dhparam.c | 54 | ||||
| -rw-r--r-- | apps/dsa.c | 66 | ||||
| -rw-r--r-- | apps/dsaparam.c | 48 | ||||
| -rw-r--r-- | apps/ec.c | 85 | ||||
| -rw-r--r-- | apps/ecparam.c | 68 | ||||
| -rw-r--r-- | apps/enc.c | 117 | ||||
| -rw-r--r-- | apps/engine.c | 45 | ||||
| -rw-r--r-- | apps/errstr.c | 15 | ||||
| -rw-r--r-- | apps/gendh.c | 43 | ||||
| -rw-r--r-- | apps/gendsa.c | 69 | ||||
| -rw-r--r-- | apps/genpkey.c | 50 | ||||
| -rw-r--r-- | apps/genrsa.c | 87 | ||||
| -rw-r--r-- | apps/nseq.c | 25 | ||||
| -rw-r--r-- | apps/ocsp.c | 149 | ||||
| -rw-r--r-- | apps/openssl.c | 2 | ||||
| -rw-r--r-- | apps/opt.c | 160 | ||||
| -rw-r--r-- | apps/passwd.c | 49 | ||||
| -rw-r--r-- | apps/pkcs12.c | 139 | ||||
| -rw-r--r-- | apps/pkcs7.c | 40 | ||||
| -rw-r--r-- | apps/pkcs8.c | 63 | ||||
| -rw-r--r-- | apps/pkey.c | 56 | ||||
| -rw-r--r-- | apps/pkeyparam.c | 28 | ||||
| -rw-r--r-- | apps/pkeyutl.c | 68 | ||||
| -rw-r--r-- | apps/prime.c | 26 | ||||
| -rw-r--r-- | apps/progs.h | 346 | ||||
| -rw-r--r-- | apps/progs.pl | 18 | ||||
| -rw-r--r-- | apps/rand.c | 34 | ||||
| -rw-r--r-- | apps/req.c | 166 | ||||
| -rw-r--r-- | apps/rsa.c | 8 |
38 files changed, 1076 insertions, 1686 deletions
diff --git a/apps/apps.h b/apps/apps.h index ebf860d576..3e6d995407 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -126,7 +126,6 @@ #include <openssl/ocsp.h> #endif #include <openssl/ossl_typ.h> -#include "progs.h" #ifndef OPENSSL_SYS_NETWARE #include <signal.h> @@ -158,6 +157,10 @@ BIO* dup_bio_out(); BIO* bio_open_default(const char* filename, const char* mode); extern void unbuffer(FILE* fp); +/* Often used in calls to bio_open_default. */ +#define RB(xformat) ((xformat) == FORMAT_ASN1 ? "rb" : "r") +#define WB(xformat) ((xformat) == FORMAT_ASN1 ? "wb" : "w") + /* * Common verification options. */ @@ -290,8 +293,8 @@ extern void unbuffer(FILE* fp); /* * Option parsing. */ -extern char* OPT_HELP; -extern char* OPT_CONTINUE; +extern const char OPT_HELP_STR[]; +extern const char OPT_MORE_STR[]; typedef struct options_st { const char* name; int retval; @@ -330,10 +333,6 @@ extern int opt_verify(int i, X509_VERIFY_PARAM* vpm); extern void printhelp(const char**); extern void opt_help(const OPTIONS* list); - -#define RB(xformat) ((xformat) == FORMAT_ASN1 ? "rb" : "r") -#define WB(xformat) ((xformat) == FORMAT_ASN1 ? "wb" : "w") - typedef struct args_st { char **data; diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 22cd362f44..5f941bdd71 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -69,48 +69,29 @@ #include <openssl/x509.h> #include <openssl/pem.h> -const char *asn1parse_help[] = { - "-inform arg input format - one of DER PEM", - "-in arg input file", - "-out arg output file (output format is always DER", - "-noout arg don't produce any output", - "-offset arg offset into file", - "-length arg length of section in file", - "-i indent entries", - "-dump dump unknown data in hex form", - "-dlimit arg dump the first arg bytes of unknown data in hex form", - "-oid file file of extra oid definitions", - "-strparse offset", - " a series of these can be used to 'dig' into multiple", - " ASN1 blob wrappings", - "-genstr str string to generate ASN1 structure from", - "-genconf file file to generate ASN1 structure from", - "-strictpem do not attempt base64 decode outside PEM markers", - " (-inform will be ignored)", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT, OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT, OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "i", OPT_INDENT, 0 }, - { "noout", OPT_NOOUT, 0 }, - { "oid", OPT_OID, '<' }, - { "offset", OPT_OFFSET, 'p' }, - { "length", OPT_LENGTH, 'p' }, - { "dump", OPT_DUMP, 0 }, - { "dlimit", OPT_DLIMIT, 'p' }, - { "strparse", OPT_STRPARSE, 's' }, - { "genstr", OPT_GENSTR, 's' }, - { "genconf", OPT_GENCONF, 's' }, - { "strictpem", OPT_STRICTPEM, 0 }, +OPTIONS asn1parse_options[] = { + { "inform", OPT_INFORM, 'F', "input format - one of DER PEM" }, + { "in", OPT_IN, '<', "input file" }, + { "out", OPT_OUT, '>', "output file (output format is always DER)" }, + { "i", OPT_INDENT, 0, "entries" }, + { "noout", OPT_NOOUT, 0, "don't produce any output" }, + { "offset", OPT_OFFSET, 'p', "offset into file" }, + { "length", OPT_LENGTH, 'p', "length of section in file" }, + { "oid", OPT_OID, '<', "file of extra oid definitions" }, + { "dump", OPT_DUMP, 0, "unknown data in hex form" }, + { "dlimit", OPT_DLIMIT, 'p', "dump the first arg bytes of unknown data in hex form" }, + { "strparse", OPT_STRPARSE, 's', "offset; a series of these can be used to 'dig'" }, + { OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings" }, + { "genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from" }, + { "genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from" }, + { OPT_MORE_STR, 0, 0, "(-inform will be ignored)" }, + { "strictpem", OPT_STRICTPEM, 0, "do not attempt base64 decode outside PEM markers" }, { NULL } }; @@ -136,7 +117,7 @@ int asn1parse_main(int argc, char **argv) STACK_OF(OPENSSL_STRING) *osk=NULL; ASN1_TYPE *at=NULL; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, asn1parse_options); if ((osk=sk_OPENSSL_STRING_new_null()) == NULL) { @@ -149,7 +130,7 @@ int asn1parse_main(int argc, char **argv) case OPT_EOF: case OPT_ERR: BIO_printf(bio_err,"Valid options are:\n"); - printhelp(asn1parse_help); + opt_help(asn1parse_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); @@ -191,48 +191,6 @@ static char *section=NULL; static int preserve=0; static int msie_hack=0; -const char *ca_help[] = { - "-verbose - Talk a lot while doing things", - "-config file - A config file", - "-name arg - The particular CA definition to use", - "-gencrl - Generate a new CRL", - "-crldays days - Days is when the next CRL is due", - "-crlhours hours - Hours is when the next CRL is due", - "-startdate YYMMDDHHMMSSZ - certificate validity notBefore", - "-enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)", - "-days arg - number of days to certify the certificate for", - "-md arg - md to use, one of md2, md5, sha or sha1", - "-policy arg - The CA 'policy' to support", - "-keyfile arg - private key file", - "-keyform arg - private key file format (PEM or ENGINE)", - "-key arg - key to decode the private key if it is encrypted", - "-cert file - The CA certificate", - "-selfsign - sign a certificate with the key associated with it", - "-in file - The input PEM encoded certificate request(s)", - "-out file - Where to put the output file(s)", - "-outdir dir - Where to put output certificates", - "-infiles .... - The last argument, requests to process", - "-spkac file - File contains DN and signed public key and challenge", - "-ss_cert file - File contains a self signed cert to sign", - "-preserveDN - Don't re-order the DN", - "-noemailDN - Don't add the EMAIL field into certificate' subject", - "-batch - Don't ask questions", - "-msie_hack - msie modifications to handle all those universal strings", - "-revoke file - Revoke a certificate (given in file)", - "-subj arg - Use arg instead of request's subject", - "-utf8 - input characters are UTF8 (default ASCII)", - "-multivalue-rdn - enable support for multivalued RDNs", - "-extensions .. - Extension section (override value in config file)", - "-extfile file - Configuration file with X509v3 extensions to add", - "-crlexts .. - CRL extension section (override value in config file)", -#ifndef OPENSSL_NO_ENGINE - "-engine e - use engine e, possibly a hardware device.", -#endif - "-status serial - Shows certificate status given the serial number", - "-updatedb - Updates db for expired certificates", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8, @@ -246,51 +204,51 @@ enum options { OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE, }; -static OPTIONS options[] = { +OPTIONS ca_options[] = { #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - { "verbose", OPT_VERBOSE, '-' }, - { "config", OPT_CONFIG, 's' }, - { "name", OPT_NAME, 's' }, - { "subj", OPT_SUBJ, 's' }, - { "utf8", OPT_UTF8, '-' }, + { "verbose", OPT_VERBOSE, '-', "Verbose output during processing" }, + { "config", OPT_CONFIG, 's', "A config file" }, + { "name", OPT_NAME, 's', "The particular CA definition to use" }, + { "subj", OPT_SUBJ, 's', "Use arg instead of request's subject" }, + { "utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)" }, { "create_serial", OPT_CREATE_SERIAL, '-' }, - { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-' }, - { "startdate", OPT_STARTDATE, 's' }, - { "enddate", OPT_ENDDATE, 's' }, - { "days", OPT_DAYS, 'p' }, - { "md", OPT_MD, 's' }, - { "policy", OPT_POLICY, 's' }, - { "keyfile", OPT_KEYFILE, '<' }, - { "keyform", OPT_KEYFORM, 'F' }, + { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-', "Enable support for multivalued RDNs" }, + { "startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ" }, + { "enddate", OPT_ENDDATE, 's', "YYMMDDHHMMSSZ cert notAfter (overrides -days)" }, + { "days", OPT_DAYS, 'p', "Number of days to certify the cert for" }, + { "md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1" }, + { "policy", OPT_POLICY, 's', "The CA 'policy' to support" }, + { "keyfile", OPT_KEYFILE, '<', "Private key file" }, + { "keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)" }, { "passin", OPT_PASSIN, 's' }, - { "key", OPT_KEY, 's' }, - { "cert", OPT_CERT, '<' }, - { "selfsign", OPT_SELFSIGN, '-' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "outdir", OPT_OUTDIR, '/' }, + { "key", OPT_KEY, 's', "Key to decode the private key if it is encrypted" }, + { "cert", OPT_CERT, '<', "The CA cert" }, + { "selfsign", OPT_SELFSIGN, '-', "Sign a cert with the key associated with it" }, + { "in", OPT_IN, '<', "The input PEM encoded cert request(s)" }, + { "out", OPT_OUT, '>', "Where to put the output file(s)" }, + { "outdir", OPT_OUTDIR, '/', "Where to put output cert" }, { "sigopt", OPT_SIGOPT, 's' }, { "notext", OPT_NOTEXT, '-' }, - { "batch", OPT_BATCH, '-' }, - { "preserveDN", OPT_PRESERVEDN, '-' }, - { "noemailDN", OPT_NOEMAILDN, '-' }, - { "gencrl", OPT_GENCRL, '-' }, - { "msie_hack", OPT_MSIE_HACK, '-' }, - { "crldays", OPT_CRLDAYS, 'p' }, - { "crlhours", OPT_CRLHOURS, 'p' }, + { "batch", OPT_BATCH, '-', "Don't ask questions" }, + { "preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN" }, + { "noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field into cert' subject" }, + { "gencrl", OPT_GENCRL, '-', "Generate a new CRL" }, + { "msie_hack", OPT_MSIE_HACK, '-', "msie modifications to handle all those universal strings" }, + { "crldays", OPT_CRLDAYS, 'p', "Days is when the next CRL is due" }, + { "crlhours", OPT_CRLHOURS, 'p', "Hours is when the next CRL is due" }, { "crlsec", OPT_CRLSEC, 'p' }, - { "infiles", OPT_INFILES, 's' }, - { "ss_cert", OPT_SS_CERT, '<' }, - { "spkac", OPT_SPKAC, '<' }, - { "revoke", OPT_REVOKE, '<' }, + { "infiles", OPT_INFILES, 's', "The last argument, requests to process" }, + { "ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign" }, + { "spkac", OPT_SPKAC, '<', "File contains DN and signed public key and challenge" }, + { "revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)" }, { "valid", OPT_VALID, 's' }, - { "extensions", OPT_EXTENSIONS, 's' }, - { "extfile", OPT_EXTFILE, '<' }, - { "status", OPT_STATUS, 's' }, - { "updatedb", OPT_UPDATEDB, '-' }, - { "crlexts", OPT_CRLEXTS, 's' }, + { "extensions", OPT_EXTENSIONS, 's', "Extension section (override value in config file)" }, + { "extfile", OPT_EXTFILE, '<', "Configuration file with X509v3 extensions to add" }, + { "status", OPT_STATUS, 's', "Shows cert status given the serial number" }, + { "updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert" }, + { "crlexts", OPT_CRLEXTS, 's', "CRL extension section (override value in config file)" }, { "crl_reason", OPT_CRL_REASON, 's' }, { "crl_hold", OPT_CRL_HOLD, 's' }, { "crl_compromise", OPT_CRL_COMPROMISE, 's' }, @@ -341,13 +299,12 @@ int ca_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, ca_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(ca_help); + opt_help(ca_options); goto err; case OPT_IN: infile = opt_arg(); diff --git a/apps/ciphers.c b/apps/ciphers.c index b725e24c5a..7034f6454a 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -67,16 +67,6 @@ #include <openssl/ssl.h> -const char *ciphers_help[]={ - "-v verbose textual listing of the SSL/TLS ciphers in OpenSSL", - "-V even more verbose", - "-ssl2 SSL2 mode", - "-ssl3 SSL3 mode", - "-tls1 TLS1 mode", - NULL -}; - - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_V, OPT_UPPER_V, OPT_S, @@ -93,21 +83,21 @@ enum options { OPT_TLS1, #endif }; -static OPTIONS options[] = { - { "v", OPT_V, '-' }, - { "V", OPT_UPPER_V, '-' }, - { "s", OPT_S, '-' }, +OPTIONS ciphers_options[] = { + { "v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers" }, + { "V", OPT_UPPER_V, '-', "Even more verbose" }, + { "s", OPT_S, '-', "Only supported ciphers" }, #ifndef OPENSSL_NO_SSL_TRACE - { "stdname", OPT_STDNAME, '-' }, + { "stdname", OPT_STDNAME, '-', "Show standard cipher names" }, #endif #ifndef OPENSSL_NO_SSL2 - { "ssl2", OPT_SSL2, '-' }, + { "ssl2", OPT_SSL2, '-', "SSL2 mode" }, #endif #ifndef OPENSSL_NO_SSL3 - { "ssl3", OPT_SSL3, '-' }, + { "ssl3", OPT_SSL3, '-', "SSL3 mode" }, #endif #ifndef OPENSSL_NO_TLS1 - { "tls1", OPT_TLS1, '-' }, + { "tls1", OPT_TLS1, '-', "TLS1 mode" }, #endif { NULL } }; @@ -131,14 +121,13 @@ int ciphers_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, ciphers_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(ciphers_help); + opt_help(ciphers_options); goto end; case OPT_V: verbose = 1; diff --git a/apps/cms.c b/apps/cms.c index a916439c72..0510b63d9e 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -106,71 +106,8 @@ struct cms_key_param_st cms_key_param *next; }; -const char* cms_help[] = { - "-encrypt encrypt message", - "-decrypt decrypt encrypted message", - "-sign sign message", - "-verify verify signed message", - "-cmsout output CMS structure", -#ifndef OPENSSL_NO_DES - "-des3 encrypt with triple DES", - "-des encrypt with DES", -#endif -#ifndef OPENSSL_NO_SEED - "-seed encrypt with SEED", -#endif -#ifndef OPENSSL_NO_RC2 - "-rc2-40 encrypt with RC2-40 (default)", - "-rc2-64 encrypt with RC2-64", - "-rc2-128 encrypt with RC2-128", -#endif -#ifndef OPENSSL_NO_AES - "-aes128, -aes192, -aes256", - " encrypt PEM output with cbc aes", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "-camellia128, -camellia192, -camellia256", - " encrypt PEM output with cbc camellia", -#endif - "-nointern don't search certificates in message for signer", - "-nosigs don't verify message signature", - "-noverify don't verify signers certificate", - "-nocerts don't include signers certificate when signing", - "-nodetach use opaque signing", - "-noattr don't include any signed attributes", - "-binary don't translate message to text", - "-certfile file other certificates file", - "-certsout file certificate output file", - "-signer file signer certificate file", - "-recip file recipient certificate file for decryption", - "-keyid use subject key identifier", - "-in file input file", - "-inform arg input format SMIME (default), PEM or DER", - "-inkey file input private key (if not signer or recipient)", - "-keyform arg input private key format (PEM or ENGINE)", - "-keyopt nm:v set public key parameters", - "-out file output file", - "-outform arg output format SMIME (default), PEM or DER", - "-content file supply or override content for detached signature", - "-to addr to address", - "-from ad from address", - "-subject s subject", - "-text include or delete text MIME headers", - "-CApath dir trusted certificates directory", - "-CAfile file trusted certificates file", - "-trusted_first use locally trusted certificates first when building trust chain", - "-crl_check check revocation status of signer's certificate using CRLs", - "-crl_check_all check revocation status of signer's certificate chain using CRLs", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-passin arg input file pass phrase source", - "-rand file... load the file(s) into the random number generator", - NULL -}; - enum options { - OPT_ERR = -1, OPT_EOF = 0, + OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN, OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT, @@ -191,21 +128,24 @@ enum options { OPT_V_ENUM, }; -static OPTIONS options[] = { - OPT_V_OPTIONS, - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "encrypt", OPT_ENCRYPT, '-' }, - { "decrypt", OPT_DECRYPT, '-' }, - { "sign", OPT_SIGN, '-' }, +OPTIONS cms_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n" }, + { "cert.pem", 1, '-', "Recipient certs for encryption" }, + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, + { "help", OPT_HELP, '-', "This summary" }, + { "inform", OPT_INFORM, 'F', "Input format SMIME (default), PEM or DER" }, + { "outform", OPT_OUTFORM, 'F', "Output format SMIME (default), PEM or DER" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt message" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message" }, + { "sign", OPT_SIGN, '-', "Sign message" }, { "sign_receipt", OPT_SIGN_RECEIPT, '-' }, { "resign", OPT_RESIGN, '-' }, - { "verify", OPT_VERIFY, '-' }, + { "verify", OPT_VERIFY, '-', "Verify signed message" }, { "verify_retcode", OPT_VERIFY_RETCODE, '-' }, { "verify_receipt", OPT_VERIFY_RECEIPT, '<' }, - { "cmsout", OPT_CMSOUT, '-' }, + { "cmsout", OPT_CMSOUT, '-', "Output CMS structure" }, { "data_out", OPT_DATA_OUT, '-' }, { "data_create", OPT_DATA_CREATE, '-' }, { "digest_verify", OPT_DIGEST_VERIFY, '-' }, @@ -215,17 +155,17 @@ static OPTIONS options[] = { { "EncryptedData_decrypt", OPT_ED_DECRYPT, '-' }, { "EncryptedData_encrypt", OPT_ED_ENCRYPT, '-' }, { "debug_decrypt", OPT_DEBUG_DECRYPT, '-' }, - { "text", OPT_TEXT, '-' }, + { "text", OPT_TEXT, '-', "Include or delete text MIME headers" }, { "asciicrlf", OPT_ASCIICRLF, '-' }, - { "nointern", OPT_NOINTERN, '-' }, - { "noverify", OPT_NOVERIFY, '-' }, - { "nocerts", OPT_NOCERTS, '-' }, - { "noattr", OPT_NOATTR, '-' }, - { "nodetach", OPT_NODETACH, '-' }, + { "nointern", OPT_NOINTERN, '-', "Don't search certificates in message for signer" }, + { "noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate" }, + { "nocerts", OPT_NOCERTS, '-', "Don't include signers certificate when signing" }, + { "noattr", OPT_NOATTR, '-', "Don't include any signed attributes" }, + { "nodetach", OPT_NODETACH, '-', "Use opaque signing" }, { "nosmimecap", OPT_NOSMIMECAP, '-' }, - { "binary", OPT_BINARY, '-' }, - { "keyid", OPT_KEYID, '-' }, - { "nosigs", OPT_NOSIGS, '-' }, + { "binary", OPT_BINARY, '-', "Don't translate message to text" }, + { "keyid", OPT_KEYID, '-', "Use subject key identifier" }, + { "nosigs", OPT_NOSIGS, '-', "Don't verify message signature" }, { "no_content_verify", OPT_NO_CONTENT_VERIFY, '-' }, { "no_attr_verify", OPT_NO_ATTR_VERIFY, '-' }, { "stream", OPT_INDEF, '-' }, @@ -238,31 +178,27 @@ static OPTIONS options[] = { { "receipt_request_all", OPT_RR_ALL, '-' }, { "receipt_request_first", OPT_RR_FIRST, '-' }, { "rctform", OPT_RCTFORM, 'F' }, - { "certfile", OPT_CERTFILE, '<' }, - { "CAfile", OPT_CAFILE, '<' }, - { "CApath", OPT_CAPATH, '/' }, - { "in", OPT_IN, '<' }, - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "out", OPT_OUT, '>' }, - { "content", OPT_CONTENT, '<' }, + { "certfile", OPT_CERTFILE, '<', "Other certificates file" }, + { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" }, + { "CApath", OPT_CAPATH, '/', "trusted certificates directory" }, + { "content", OPT_CONTENT, '<', "Supply or override content for detached signature" }, { "print", OPT_PRINT, '-' }, { "secretkey", OPT_SECRETKEY, 's' }, { "secretkeyid", OPT_SECRETKEYID, 's' }, { "pwri_password", OPT_PWRI_PASSWORD, 's' }, { "econtent_type", OPT_ECONTENT_TYPE, 's' }, - { "rand", OPT_RAND, 's' }, - { "passin", OPT_PASSIN, 's' }, - { "to", OPT_TO, 's' }, - { "from", OPT_FROM, 's' }, - { "subject", OPT_SUBJECT, 's' }, - { "signer", OPT_SIGNER, 's' }, - { "recip", OPT_RECIP, '<' }, - { "certsout", OPT_CERTSOUT, '>' }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "to", OPT_TO, 's', "To address" }, + { "from", OPT_FROM, 's', "From address" }, + { "subject", OPT_SUBJECT, 's', "Subject" }, + { "signer", OPT_SIGNER, 's', "Signer certificate file" }, + { "recip", OPT_RECIP, '<', "Recipient cert file for decryption" }, + { "certsout", OPT_CERTSOUT, '>', "Certificate output file" }, { "md", OPT_MD, 's' }, - { "inkey", OPT_INKEY, '<' }, - { "keyform", OPT_KEYFORM, 'F' }, - { "keyopt", OPT_KEYOPT, 's' }, + { "inkey", OPT_INKEY, '<', "Input private key (if not signer or recipient)" }, + { "keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)" }, + { "keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs" }, { "receipt_request_from", OPT_RR_FROM, 's' }, { "receipt_request_to", OPT_RR_TO, 's' }, #ifndef OPENSSL_NO_AES @@ -271,9 +207,10 @@ static OPTIONS options[] = { { "aes256-wrap", OPT_AES256_WRAP, '-' }, #endif #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif - { "", OPT_CIPHER, '-' }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, + OPT_V_OPTIONS, { NULL }, }; @@ -300,7 +237,7 @@ int cms_main(int argc, char **argv) const EVP_CIPHER *cipher=NULL, *wrap_cipher=NULL; const EVP_MD *sign_md=NULL; const char *inmode="r", *outmode="w"; - int badarg=0, flags=CMS_DETACHED, noout=0, print=0; + int flags=CMS_DETACHED, noout=0, print=0; int informat=FORMAT_SMIME, outformat=FORMAT_SMIME; int need_rand=0, operation=0, ret=0, rr_print=0, rr_allorfirst=-1; int verify_retcode=0, rctformat=FORMAT_SMIME, keyform=FORMAT_PEM; @@ -314,13 +251,14 @@ int cms_main(int argc, char **argv) if ((vpm = X509_VERIFY_PARAM_new()) == NULL) return 1; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, cms_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(cms_help); + case OPT_HELP: +argerr: + opt_help(cms_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); @@ -583,7 +521,7 @@ int cms_main(int argc, char **argv) recipfile = opt_arg(); break; case OPT_CIPHER: - if (!opt_cipher(opt_arg(), &cipher)) + if (!opt_cipher(opt_unknown(), &cipher)) goto end; break; case OPT_KEYOPT: @@ -676,7 +614,7 @@ int cms_main(int argc, char **argv) if (!sksigners) { BIO_printf(bio_err, "No signer certificate specified\n"); - badarg = 1; + goto argerr; } signerfile = NULL; keyfile = NULL; @@ -688,7 +626,7 @@ int cms_main(int argc, char **argv) if (!recipfile && !keyfile && !secret_key && !pwri_pass) { BIO_printf(bio_err, "No recipient certificate or key specified\n"); - badarg = 1; + goto argerr; } } else if (operation == SMIME_ENCRYPT) @@ -696,22 +634,12 @@ int cms_main(int argc, char **argv) if (*argv == NULL && !secret_key && !pwri_pass && !encerts) { BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); - badarg = 1; + goto argerr; } need_rand = 1; } else if (!operation) - badarg = 1; - - if (badarg) - { - argerr: - BIO_printf (bio_err, "Usage cms [options] cert.pem ...\n"); - BIO_printf (bio_err, "where options are\n"); - printhelp(cms_help); - BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n"); - goto end; - } + goto argerr; #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); diff --git a/apps/crl.c b/apps/crl.c index 70bd30252d..c585f97aaf 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -66,28 +66,6 @@ #include <openssl/x509v3.h> #include <openssl/pem.h> - -const char *crl_help[]={ - "-inform arg input format - default PEM (DER or PEM)", - "-outform arg output format - default PEM", - "-text print out a text format version", - "-in arg input file - default stdin", - "-out arg output file - default stdout", - "-hash print hash value", -#ifndef OPENSSL_NO_MD5 - "-hash_old print old-style (MD5) hash value", -#endif - "-fingerprint print the crl fingerprint", - "-issuer print issuer DN", - "-lastupdate lastUpdate field", - "-nextupdate nextUpdate field", - "-crlnumber print CRL number", - "-noout no CRL output", - "-CAfile name verify CRL using certificates in file name", - "-CApath dir verify CRL using certificates in dir", - "-nameopt arg various certificate name options", -NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY, @@ -95,30 +73,34 @@ enum options { OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD, OPT_NOOUT, OPT_NAMEOPT, OPT_MD + }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "outform", OPT_OUTFORM, 'F' }, - { "out", OPT_OUT, '>' }, + +OPTIONS crl_options[] = { + { "inform", OPT_INFORM, 'F', "Input format; default PEM" }, + { "in", OPT_IN, '<', "Input file - default stdin" }, + { "outform", OPT_OUTFORM, 'F', "Output format - default PEM" }, + { "out", OPT_OUT, '>', "output file - default stdout" }, { "keyform", OPT_KEYFORM, 'F' }, { "key", OPT_KEY, '<' }, - { "issuer", OPT_ISSUER, '-' }, - { "lastupdate", OPT_LASTUPDATE, '-' }, - { "nextupdate", OPT_NEXTUPDATE, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "fingerprint", OPT_FINGERPRINT, '-' }, - { "crlnumber", OPT_CRLNUMBER, '-' }, + { "issuer", OPT_ISSUER, '-', "Print issuer DN" }, + { "lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field" }, + { "nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field" }, + { "noout", OPT_NOOUT, '-', "No CRL output" }, + { "fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint" }, + { "crlnumber", OPT_CRLNUMBER, '-', "Print CRL number" }, { "badsig", OPT_BADSIG, '-' }, { "gendelta", OPT_GENDELTA, '<' }, - { "CApath", OPT_CAPATH, '/' }, - { "CAfile", OPT_CAFILE, '<' }, + { "CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir" }, + { "CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name" }, { "verify", OPT_VERIFY, '-' }, - { "text", OPT_TEXT, '-' }, - { "hash", OPT_HASH, '-' }, - { "hash_old", OPT_HASH_OLD, '-' }, - { "nameopt", OPT_NAMEOPT, 's' }, - { "", OPT_MD, '-' }, + { "text", OPT_TEXT, '-', "Print out a text format version" }, + { "hash", OPT_HASH, '-', "Print hash value" }, +#ifndef OPENSSL_NO_MD5 + { "hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value" }, +#endif + { "nameopt", OPT_NAMEOPT, 's', "Various certificate name options" }, + { "", OPT_MD, '-', "Digest algorithm" }, { NULL } }; @@ -144,16 +126,15 @@ int crl_main(int argc, char **argv) X509_OBJECT xobj; EVP_PKEY *pkey; int i,do_ver = 0; - const EVP_MD *md_alg,*digest=EVP_sha1(); + const EVP_MD *digest=EVP_sha1(); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, crl_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(crl_help); + opt_help(crl_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); @@ -224,7 +205,7 @@ bad: goto bad; break; case OPT_MD: - if (!opt_md(opt_unknown(), &md_alg)) + if (!opt_md(opt_unknown(), &digest)) goto bad; } } diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 1b7bad7326..0272c9e974 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -73,28 +73,18 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile); -const char* crl2pkcs7_help[] = { - "-inform arg input format - DER or PEM", - "-outform arg output format - DER or PEM", - "-in arg input file", - "-out arg output file", - "-certfile arg certificates file of chain to a trusted CA", - " (can be used more than once)", - "-nocrl no crl to load, just certs from '-certfile'", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "nocrl", OPT_NOCRL, '-' }, - { "certfile", OPT_CERTFILE, 's' }, + +OPTIONS crl2pkcs7_options[] = { + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'" }, + { "certfile", OPT_CERTFILE, '<', "File of chain of certs to a trusted CA; can be repeated" }, { NULL } }; @@ -112,13 +102,12 @@ int crl2pkcs7_main(int argc, char **argv) int ret=1,nocrl=0; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, crl2pkcs7_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(crl2pkcs7_help); + opt_help(crl2pkcs7_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/dgst.c b/apps/dgst.c index ea601d9b09..b011efe4ff 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -76,29 +76,6 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, const char *sig_name, const char *md_name, const char *file,BIO *bmd); - -const char *dgst_help[] = { - "-c to output the digest with separating colons", - "-r to output the digest in coreutils format", - "-d to output debug info", - "-hex output as hex dump", - "-binary output in binary form", - "-sign file sign digest using private key in file", - "-verify file verify a signature using public key in file", - "-prverify file verify a signature using private key in file", - "-keyform arg key file format (PEM or ENGINE)", - "-out filename output to filename rather than stdout", - "-signature file signature to verify", - "-sigopt nm:v signature parameter", - "-hmac key create hashed MAC with key", - "-mac algorithm create MAC (not neccessarily HMAC)", - "-macopt nm:v MAC algorithm parameters or key", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, @@ -108,53 +85,35 @@ enum options { OPT_DIGEST, }; -static OPTIONS options[] = { - { "c", OPT_C, '-' }, - { "r", OPT_R, '-' }, +static OPTIONS dgst_options[] = { + { "c", OPT_C, '-', "Print the digest with separating colons" }, + { "r", OPT_R, '-', "Print the digest in coreutils format" }, { "rand", OPT_RAND, 's' }, - { "out", OPT_OUT, '>' }, - { "sign", OPT_SIGN, '<' }, + { "out", OPT_OUT, '>', "Output to filename rather than stdout" }, { "passin", OPT_PASSIN, 's' }, - { "verify", OPT_VERIFY, '<' }, - { "prverify", OPT_PRVERIFY, '<' }, - { "signature", OPT_SIGNATURE, '<' }, - { "keyform", OPT_KEYFORM, 'F', }, - { "engine", OPT_ENGINE, 's' }, + { "sign", OPT_SIGN, '<', "Sign digest using private key in file" }, + { "verify", OPT_VERIFY, '<', "Verify a signature using public key in file" }, + { "prverify", OPT_PRVERIFY, '<', "Verify a signature using private key in file" }, + { "signature", OPT_SIGNATURE, '<', "File with signature to verify" }, + { "keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, +#endif { "engine_impl", OPT_ENGINE_IMPL, '-' }, - { "hex", OPT_HEX, '-' }, - { "binary", OPT_BINARY, '-' }, - { "d", OPT_DEBUG, '-' }, + { "hex", OPT_HEX, '-', "Print as hex dump" }, + { "binary", OPT_BINARY, '-', "Print in binary form" }, + { "d", OPT_DEBUG, '-', "Print debug info" }, { "debug", OPT_DEBUG, '-' }, { "fips-fingerprint", OPT_FIPS_FINGERPRINT, '-' }, { "non-fips-allow", OPT_NON_FIPS_ALLOW, '-' }, - { "hmac", OPT_HMAC, 's' }, - { "mac", OPT_MAC, 's' }, - { "sigop", OPT_SIGOPT, 's' }, - { "macop", OPT_MACOPT, 's' }, - { "", OPT_DIGEST, '-' }, + { "hmac", OPT_HMAC, 's', "Create hashed MAC with key" }, + { "mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)" }, + { "sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form" }, + { "macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key" }, + { "", OPT_DIGEST, '-', "Any supported digest" }, { NULL } }; -static void list_md_fn(const EVP_MD *m, - const char *from, const char *to, void *arg) - { - const char *mname; - /* Skip aliases */ - if (!m) - return; - mname = OBJ_nid2ln(EVP_MD_type(m)); - /* Skip shortnames */ - if (strcmp(from, mname)) - return; - /* Skip clones */ - if (EVP_MD_flags(m) & EVP_MD_FLAG_PKEY_DIGEST) - return; - if (strchr(mname, ' ')) - mname= EVP_MD_name(m); - BIO_printf(arg, "-%-14s to use the %s message digest algorithm\n", - mname, mname); - } - int dgst_main(int argc, char **argv) { ENGINE *e=NULL, *impl=NULL; @@ -187,14 +146,13 @@ int dgst_main(int argc, char **argv) md=EVP_get_digestbyname(prog); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, dgst_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(dgst_help); + opt_help(dgst_options); goto end; case OPT_C: @@ -285,15 +243,6 @@ err: goto end; } - if ((argc > 0) && (argv[0][0] == '-')) /* bad option */ - { - BIO_printf(bio_err,"unknown option '%s'\n",*argv); - BIO_printf(bio_err,"options are\n"); - printhelp(dgst_help); - EVP_MD_do_all_sorted(list_md_fn, bio_err); - goto end; - } - #ifndef OPENSSL_NO_ENGINE if (engine_impl) impl = e; @@ -71,39 +71,27 @@ #include <openssl/x509.h> #include <openssl/pem.h> -const char* dh_help[] = { - " -inform arg input format - one of DER PEM", - " -outform arg output format - one of DER PEM", - " -in arg input file", - " -out arg output file", - " -check check the DH parameters", - " -text print a text form of the DH parameters", - " -C Output C code", - " -noout no output", -#ifndef OPENSSL_NO_ENGINE - " -engine e use engine e, possibly a hardware device.", -#endif - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_C, OPT_NOOUT }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "engine", OPT_ENGINE, 's' }, - { "check", OPT_CHECK, '-' }, - { "text", OPT_TEXT, '-' }, - { "C", OPT_C, '-' }, - { "noout", OPT_NOOUT, '-' }, + +OPTIONS dh_options[] = { + { "inform", OPT_INFORM, 'F', "Input format - one of DER PEM" }, + { "outform", OPT_OUTFORM, 'F', "Output format - one of DER PEM" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, +#endif + { "check", OPT_CHECK, '-', "Check the DH parameters" }, + { "text", OPT_TEXT, '-', "Print a text form of the DH parameters" }, + { "C", OPT_C, '-', "Output C code" }, + { "noout", OPT_NOOUT, '-', "Oo output" }, { NULL } }; - int dh_main(int argc, char **argv) { DH *dh=NULL; @@ -114,13 +102,12 @@ int dh_main(int argc, char **argv) char *engine=NULL; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, dh_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(dh_help); + opt_help(dh_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/dhparam.c b/apps/dhparam.c index e348ae8bb2..a584c9c705 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -132,26 +132,6 @@ static int dh_cb(int p, int n, BN_GENCB *cb); -const char* dhparam_help[] = { - "-inform arg input format, DER or PEM", - "-outform arg output format, DER or PEM", - "-in arg input file", - "-out arg output file", - "-check check the DH parameters", - "-text print a text form of the DH parameters", - "-C Output C code", - "-2 generate parameters using 2 as the generator value", - "-5 generate parameters using 5 as the generator value", - "-rand file... load the file(s) into the random number generator", -#ifndef OPENSSL_NO_DSA - "-dsaparam read or generate DSA parameters, convert to DH", -#endif -#ifndef OPENSSL_NO_ENGINE - " -engine e use engine e, possibly a hardware device.", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, @@ -159,23 +139,25 @@ enum options { OPT_RAND, OPT_DSAPARAM, OPT_C, OPT_2, OPT_5, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "check", OPT_CHECK, '-' }, - { "text", OPT_TEXT, '-' }, +OPTIONS dhparam_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n" }, + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format, DER or PEM" }, + { "outform", OPT_OUTFORM, 'F', "Output format, DER or PEM" }, + { "out", OPT_OUT, '>', "Output file" }, + { "check", OPT_CHECK, '-', "Check the DH parameters" }, + { "text", OPT_TEXT, '-', "Print a text form of the DH parameters" }, { "noout", OPT_NOOUT, '-' }, - { "rand", OPT_RAND, 's' }, - { "C", OPT_C, '-' }, - { "2", OPT_2, '-' }, - { "5", OPT_5, '-' }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "C", OPT_C, '-', "Print C code" }, + { "2", OPT_2, '-', "Generate parameters using 2 as the generator value" }, + { "5", OPT_5, '-', "Generate parameters using 5 as the generator value" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif #ifndef OPENSSL_NO_DSA - { "dsaparam", OPT_DSAPARAM, '-' }, + { "dsaparam", OPT_DSAPARAM, '-', "-dsaparam read or generate DSA parameters, convert to DH" }, #endif { NULL } }; @@ -192,14 +174,12 @@ int dhparam_main(int argc, char **argv) int dsaparam=0; char *engine=NULL; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, dhparam_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Usage: %s [flags] [numbits]", prog); - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(dhparam_help); + opt_help(dhparam_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/dsa.c b/apps/dsa.c index d7d01d084e..61d7b25a8f 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -72,64 +72,34 @@ #include <openssl/bn.h> -const char* dsa_help[] = { - "-inform arg input format - DER or PEM", - "-outform arg output format - DER or PEM", - "-in arg input file", - "-passin arg input file pass phrase source", - "-out arg output file", - "-passout arg output file pass phrase source", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-des encrypt PEM output with cbc des", - "-des3 encrypt PEM output with ede cbc des using 168 bit key", -#ifndef OPENSSL_NO_IDEA - "-idea encrypt PEM output with cbc idea", -#endif -#ifndef OPENSSL_NO_AES - "-aes128, -aes192, -aes256", - " encrypt PEM output with cbc aes", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "-camellia128, -camellia192, -camellia256", - " encrypt PEM output with cbc camellia", -#endif -#ifndef OPENSSL_NO_SEED - "-seed encrypt PEM output with cbc seed", -#endif - "-text print the key in text", - "-noout don't print key out", - "-modulus print the DSA public value", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE, OPT_PVK_STRONG, OPT_PVK_WEAK, OPT_PVK_NONE, OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN, - OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT, + OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT, OPT_HELP, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, + +OPTIONS dsa_options[] = { + { "help", OPT_HELP, '-', "This summary" }, + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, { "pvk-strong", OPT_PVK_STRONG, '-' }, { "pvk-weak", OPT_PVK_WEAK, '-' }, { "pvk-none", OPT_PVK_NONE, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "text", OPT_TEXT, '-' }, - { "modulus", OPT_MODULUS, '-' }, + { "noout", OPT_NOOUT, '-', "Don't print key out" }, + { "text", OPT_TEXT, '-', "Print the key in text" }, + { "modulus", OPT_MODULUS, '-', "Print the DSA public value" }, { "pubin", OPT_PUBIN, '-' }, { "pubout", OPT_PUBOUT, '-' }, - { "passin", OPT_PASSIN, 's' }, - { "passout", OPT_PASSOUT, 's' }, - { "", OPT_CIPHER, '-' }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "", OPT_CIPHER, '-', "Any supported CBC cipher" }, { NULL } }; @@ -151,13 +121,13 @@ int dsa_main(int argc, char **argv) int pvk_encr = 2; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, dsa_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(dsa_help); + case OPT_HELP: + opt_help(dsa_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/dsaparam.c b/apps/dsaparam.c index f3e382c0f9..a6648fcd60 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -91,25 +91,6 @@ static void timebomb_sigalarm(int foo) static int dsa_cb(int p, int n, BN_GENCB *cb); -const char* dsaparam_help[] = { - "-inform arg input format - DER or PEM", - "-outform arg output format - DER or PEM", - "-in arg input file", - "-out arg output file", - "-text print as text", - "-C Output C code", - "-noout no output", - "-genkey generate a DSA key", - "-rand files to use for random number input", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif -#ifdef GENCB_TEST - "-timebomb n interrupt keygen after <n> seconds", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, @@ -117,22 +98,22 @@ enum options { OPT_TIMEBOMB, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "text", OPT_TEXT, '-' }, - { "C", OPT_C, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "genkey", OPT_GENKEY, '-' }, - { "rand", OPT_RAND, 's' }, +OPTIONS dsaparam_options[] = { + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "in", OPT_IN, '<', "Input file" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "out", OPT_OUT, '>', "Output file" }, + { "text", OPT_TEXT, '-', "Print as text" }, + { "C", OPT_C, '-', "Output C code" }, + { "noout", OPT_NOOUT, '-', "No output" }, + { "genkey", OPT_GENKEY, '-', "Generate a DSA key" }, + { "rand", OPT_RAND, 's', "Files to use for random number input" }, { "non-fips-allow", OPT_NON_FIPS_ALLOW, '-' }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device" }, #endif #ifdef GENCB_TEST - { "timebomb", OPT_TIMEBOMB, 'p' }, + { "timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds" }, #endif { NULL } }; @@ -149,13 +130,12 @@ int dsaparam_main(int argc, char **argv) int timebomb=0; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, dsaparam_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(dsaparam_help); + opt_help(dsaparam_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); @@ -67,26 +67,17 @@ #include <openssl/evp.h> #include <openssl/pem.h> -const char* ec_help[] = { - "-inform arg input format - DER or PEM", - "-outform arg output format - DER or PEM", - "-in arg input file", - "-passin arg input file pass phrase source", - "-out arg output file", - "-passout arg output file pass phrase source", - "-engine e use engine e, possibly a hardware device.", - "-des encrypt PEM output, instead of 'des' every other ", - " cipher supported by OpenSSL can be used", - "-text print the key", - "-noout don't print key out", - "-param_out print the elliptic curve parameters", - "-conv_form arg specifies the point conversion form ", - " possible values: compressed", - " uncompressed (default) or hybrid", - "-param_enc arg specifies the way the ec parameters are encoded", - " in the asn1 der encoding", - " possible values: named_curve (default) or explicit", - NULL +static OPT_PAIR conv_forms[] = { + { "compressed", POINT_CONVERSION_COMPRESSED }, + { "uncompressed", POINT_CONVERSION_UNCOMPRESSED }, + { "hybrid", POINT_CONVERSION_HYBRID }, + { NULL } +}; + +static OPT_PAIR param_enc[] = { + { "named_curve", OPENSSL_EC_NAMED_CURVE }, + { "explicit", 0 }, + { NULL } }; enum options { @@ -95,24 +86,25 @@ enum options { OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, + +OPTIONS ec_options[] = { + { "in", OPT_IN, '<', "Input file" }, + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "noout", OPT_NOOUT, '-' }, - { "text", OPT_TEXT, '-' }, - { "param_out", OPT_PARAM_OUT, '-' }, + { "noout", OPT_NOOUT, '-', "Don't print key out" }, + { "text", OPT_TEXT, '-', "Print the key" }, + { "param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters" }, { "pubin", OPT_PUBIN, '-' }, { "pubout", OPT_PUBOUT, '-' }, - { "passin", OPT_PASSIN, 's' }, - { "passout", OPT_PASSOUT, 's' }, - { "param_enc", OPT_PARAM_ENC, 's' }, - { "conv_form", OPT_CONV_FORM, 's' }, - { "", OPT_CIPHER, '-' }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "param_enc", OPT_PARAM_ENC, 's', "Specifies the way the ec parameters are encoded" }, + { "conv_form", OPT_CONV_FORM, 's', "specifies the point conversion form " }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, { NULL } }; @@ -135,14 +127,13 @@ int ec_main(int argc, char **argv) int new_asn1_flag = 0; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, ec_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(ec_help); + opt_help(ec_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); @@ -184,24 +175,16 @@ bad: if (!opt_cipher(opt_unknown(), &enc)) goto bad; case OPT_CONV_FORM: - new_form = 1; - if (strcmp(*argv, "compressed") == 0) - form = POINT_CONVERSION_COMPRESSED; - else if (strcmp(*argv, "uncompressed") == 0) - form = POINT_CONVERSION_UNCOMPRESSED; - else if (strcmp(*argv, "hybrid") == 0) - form = POINT_CONVERSION_HYBRID; - else + if (!opt_pair(opt_arg(), conv_forms, &i)) goto bad; + new_form = 1; + form = i; break; case OPT_PARAM_ENC: - new_asn1_flag = 1; - if (strcmp(*argv, "named_curve") == 0) - asn1_flag = OPENSSL_EC_NAMED_CURVE; - else if (strcmp(*argv, "explicit") == 0) - asn1_flag = 0; - else + if (!opt_pair(opt_arg(), param_enc, &i)) goto bad; + new_asn1_flag = 1; + asn1_flag = i; break; } } diff --git a/apps/ecparam.c b/apps/ecparam.c index 5cc626324f..a191b3a17e 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -87,61 +87,42 @@ static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); -const char* ecparam_help[] = { - "-inform arg input format - default PEM (DER or PEM)", - "-outform arg output format - default PEM", - "-in arg input file - default stdin", - "-out arg output file - default stdout", - "-noout do not print the ec parameter", - "-text print the ec parameters in text form", - "-check validate the ec parameters", - "-C print a 'C' function creating the parameters", - "-name arg use the ec parameters with 'short name' name", - "-list_curves prints a list of all currently available curve 'short names'", - "-conv_form arg specifies the point conversion form ", - " possible values: compressed", - " uncompressed (default) or hybrid", - "-param_enc arg specifies the way the ec parameters are encoded", - " in the asn1 der encoding", - " possible values: named_curve (default) or explicit", - "-no_seed if 'explicit' parameters are chosen do not use the seed", - "-genkey generate ec key", - "-rand file files to use for random number input", - "-engine e use engine e, possibly a hardware device", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME, OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_RAND, OPT_ENGINE, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "text", OPT_TEXT, '-' }, - { "C", OPT_C, '-' }, - { "check", OPT_CHECK, '-' }, - { "list_curves", OPT_LIST_CURVES, '-' }, - { "no_seed", OPT_NO_SEED, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "name", OPT_NAME, 's' }, - { "conv_form", OPT_CONV_FORM, 's' }, - { "param_enc", OPT_PARAM_ENC, 's' }, - { "genkey", OPT_GENKEY, '-' }, - { "rand", OPT_RAND, 's' }, - { "engine", OPT_ENGINE, 's' }, + +OPTIONS ecparam_options[] = { + { "inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)" }, + { "outform", OPT_OUTFORM, 'F', "Output format - default PEM" }, + { "in", OPT_IN, '<', "Input file - default stdin" }, + { "out", OPT_OUT, '>', "Output file - default stdout" }, + { "text", OPT_TEXT, '-', "Print the ec parameters in text form" }, + { "C", OPT_C, '-', "Print a 'C' function creating the parameters" }, + { "check", OPT_CHECK, '-', "Validate the ec parameters" }, + { "list_curves", OPT_LIST_CURVES, '-', "Prints a list of all curve 'short names'" }, + { "no_seed", OPT_NO_SEED, '-', "If 'explicit' parameters are chosen do not use the seed" }, + { "noout", OPT_NOOUT, '-', "Do not print the ec parameter" }, + { "name", OPT_NAME, 's', "Use the ec parameters with specified 'short name'" }, + { "conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form " }, + { "param_enc", OPT_PARAM_ENC, 's', "Specifies the way the ec parameters are encoded" }, + { "genkey", OPT_GENKEY, '-', "Generate ec key" }, + { "rand", OPT_RAND, 's', "Files to use for random number input" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; + OPT_PAIR forms[] = { { "compressed", POINT_CONVERSION_COMPRESSED }, { "uncompressed", POINT_CONVERSION_UNCOMPRESSED }, { "hybrid", POINT_CONVERSION_HYBRID }, { NULL } }; + OPT_PAIR encodings[] = { { "named_curve", OPENSSL_EC_NAMED_CURVE }, { "explicit", 0 }, @@ -166,14 +147,13 @@ int ecparam_main(int argc, char **argv) unsigned char *buffer=NULL; enum options o; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, ecparam_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(ecparam_help); + opt_help(ecparam_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/enc.c b/apps/enc.c index 25fdca5ddf..9bbca2c5de 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -72,55 +72,13 @@ #endif #include <ctype.h> -const char* enc_help[] = { - "-in file input file", - "-out <file> output file" - "-pass arg phrase source", - "-e encrypt", - "-d decrypt", - "-a base64 encode/decode, depending on encryption flag", - "-base64 same as -a", - "-k pass passphrase", - "-kfile name read passphrase from file", - "-md digest use specified digest to create key from passphrase", - "-S salt salt, in hex", - "-iv iv IV in hex", - "-K iv same as -iv", - "-p print the iv/key", - "-P print the iv/key and exit", - "-bufsize n buffer size", - "-nopad disable standard block padding", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device", -#endif - NULL -}; - - -int set_hex(char *in,unsigned char *out,int size); - #undef SIZE #undef BSIZE #define SIZE (512) #define BSIZE (8*1024) -static void show_ciphers(const OBJ_NAME *name,void *bio_) - { - BIO *bio=bio_; - static int n; - - if(!islower((unsigned char)*name->name)) - return; - - BIO_printf(bio,"-%-25s",name->name); - if(++n == 3) - { - BIO_printf(bio,"\n"); - n=0; - } - else - BIO_printf(bio," "); - } +static int set_hex(char *in,unsigned char *out,int size); +static void show_ciphers(const OBJ_NAME *name,void *bio_); enum options { OPT_ERR = -1, OPT_EOF = 0, @@ -130,34 +88,38 @@ enum options { OPT_UPPER_S, OPT_IV, OPT_MD, OPT_NON_FIPS_ALLOW, OPT_CIPHER, }; -static OPTIONS options[] = { - { "e", OPT_E, '-' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "pass", OPT_PASS, 's' }, - { "engine", OPT_ENGINE, 's' }, - { "d", OPT_D, '-' }, - { "p", OPT_P, '-' }, +OPTIONS enc_options[] = { + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "pass", OPT_PASS, 's', "Passphrase source" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif + { "e", OPT_E, '-', "Encrypt" }, + { "d", OPT_D, '-', "Decrypt" }, + { "p", OPT_P, '-', "Print the iv/key" }, + { "P", OPT_UPPER_P, '-', "Print the iv/key and exit" }, { "v", OPT_V, '-' }, - { "nopad", OPT_NOPAD, '-' }, + { "nopad", OPT_NOPAD, '-', "Disable standard block padding" }, { "salt", OPT_SALT, '-' }, { "nosalt", OPT_NOSALT, '-' }, { "debug", OPT_DEBUG, '-' }, - { "P", OPT_UPPER_P, '-' }, { "A", OPT_UPPER_A, '-' }, - { "a", OPT_A, '-' }, - { "base64", OPT_A, '-' }, - { "z", OPT_Z, '-' }, - { "bufsize", OPT_BUFSIZE, 's' }, - { "k", OPT_K, 's' }, - { "kfile", OPT_KFILE, '<' }, - { "K", OPT_UPPER_K, '-' }, - { "S", OPT_UPPER_S, 's' }, - { "iv", OPT_IV, 's' }, - { "md", OPT_MD, 's' }, + { "a", OPT_A, '-', "base64 encode/decode, depending on encryption flag" }, + { "base64", OPT_A, '-', "Base64 output as a single line" }, +#ifdef ZLIB + { "z", OPT_Z, '-', "Use zlib as the 'encryption'" }, +#endif + { "bufsize", OPT_BUFSIZE, 's', "Buffer size" }, + { "k", OPT_K, 's', "Passphrase" }, + { "kfile", OPT_KFILE, '<', "Fead passphrase from file" }, + { "K", OPT_UPPER_K, '-', "Same as -iv" }, + { "S", OPT_UPPER_S, 's', "Salt, in hex" }, + { "iv", OPT_IV, 's', "IV in hex" }, + { "md", OPT_MD, 's', "Use specified digest to create key from passphrase" }, { "non-fips-allow", OPT_NON_FIPS_ALLOW, '-' }, + { "none", OPT_NONE, '-', "Any supported cipher" }, { "", OPT_CIPHER, '-' }, - { "none", OPT_NONE, '-' }, { NULL } }; @@ -204,14 +166,13 @@ int enc_main(int argc, char **argv) } } - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, enc_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(enc_help); + opt_help(enc_options); BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, @@ -640,7 +601,25 @@ end: return(ret); } -int set_hex(char *in, unsigned char *out, int size) +static void show_ciphers(const OBJ_NAME *name,void *bio_) + { + BIO *bio=bio_; + static int n; + + if(!islower((unsigned char)*name->name)) + return; + + BIO_printf(bio,"-%-25s",name->name); + if(++n == 3) + { + BIO_printf(bio,"\n"); + n=0; + } + else + BIO_printf(bio," "); + } + +static int set_hex(char *in, unsigned char *out, int size) { int i,n; unsigned char j; diff --git a/apps/engine.c b/apps/engine.c index 85afb3991c..d909ff2c46 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -70,40 +70,22 @@ #include <openssl/ssl.h> -const char *engine_help[] = { - "-v verbose mode; for each engine, list its 'control commands'", - "-vv also display each command's description", - "-vvv also add the input flags for each command", - "-vvvv also show internal input flags", - "-c for each engine, also list the capabilities", - "-t check that each engine is available", - "-tt display error trace for unavailable engines", - "-pre cmd runs command 'cmd' against the ENGINE before any attempts", - " to load it (if -t is used)", - "-post cmd runs command 'cmd' against the ENGINE after loading it", - " (only used if -t is also provided)", - "NB: -pre and -post will be applied to all ENGINEs supplied on the command", - "line, or all supported ENGINEs if none are specified.\n", - "Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with", - "argument \"/lib/libdriver.so\".", -NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_V, OPT_VV, OPT_VVV, OPT_VVVV, OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST, }; -static OPTIONS options[] = { - { "v", OPT_V, '-' }, - { "vv", OPT_VV, '-' }, - { "vvv", OPT_VVV, '-' }, - { "vvvv", OPT_VVVV, '-' }, - { "c", OPT_C, '-' }, - { "t", OPT_T, '-' }, - { "tt", OPT_TT, '-' }, - { "pre", OPT_PRE, 's' }, - { "post", OPT_POST, 's' }, +static OPTIONS engine_options[] = { + { "v", OPT_V, '-', "For each engine, list its 'control commands'" }, + { "vv", OPT_VV, '-', "Also display each command's description" }, + { "vvv", OPT_VVV, '-', "Also add the input flags for each command" }, + { "vvvv", OPT_VVVV, '-', "Also show internal input flags" }, + { "c", OPT_C, '-', "List the capabilities of each engine" }, + { "t", OPT_T, '-', "Check that each engine is available" }, + { "tt", OPT_TT, '-', "Display error trace for unavailable engines" }, + { "pre", OPT_PRE, 's', "Run command against the ENGINE before loading it" }, + { "post", OPT_POST, 's', "Runs command against the ENGINE after loading it" }, + { OPT_MORE_STR, OPT_EOF, 1, "Commands are like \"SO_PATH:/lib/libdriver.so\"'" }, { NULL } }; @@ -366,13 +348,12 @@ int engine_main(int argc, char **argv) char* prog; out=dup_bio_out(); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, engine_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(engine_help); + opt_help(engine_options); goto end; case OPT_VVVV: verbose++; diff --git a/apps/errstr.c b/apps/errstr.c index b84d4afa7b..7dbc866803 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -66,16 +66,14 @@ #include <openssl/ssl.h> -const char* errstr_help[] = { - "-stats print internal hashtable statistics (long!)", - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_STATS }; -static OPTIONS options[] = { - { "stats", OPT_STATS, '-' }, + +static OPTIONS errstr_options[] = { + { "stats", OPT_STATS, '-', + "Print internal hashtable statistics (long!)" }, { NULL } }; @@ -87,13 +85,12 @@ int errstr_main(int argc, char **argv) char* prog; unsigned long l; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, errstr_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(errstr_help); + opt_help(errstr_options); return 1; case OPT_STATS: lh_ERR_STRING_DATA_node_stats_bio( diff --git a/apps/gendh.c b/apps/gendh.c index 9f182bc9f7..dcc86ac2a8 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -82,26 +82,21 @@ static int dh_cb(int p, int n, BN_GENCB *cb); -const char* gendh_help[] = { - "-out file output the key to 'file", - "-2 use 2 as the generator value", - "-5 use 5 as the generator value", - "-rand file... load the file(s) into the random number generator", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_OUT, OPT_2, OPT_5, OPT_ENGINE, OPT_RAND }; -static OPTIONS options[] = { - { "out", OPT_OUT, '>' }, - { "2", OPT_2, '-' }, - { "5", OPT_5, '-' }, - { "engine", OPT_ENGINE, 's' }, - { "rand", OPT_RAND, 's' }, + +OPTIONS gendh_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [options] numbits\n" }, + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, + { "out", OPT_OUT, '>', "Output the key to specified file" }, + { "2", OPT_2, '-', "Use 2 as the generator value" }, + { "5", OPT_5, '-', "Use 5 as the generator value" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, { NULL } }; @@ -120,15 +115,13 @@ int gendh_main(int argc, char **argv) #endif BN_GENCB_set(&cb, dh_cb, bio_err); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, gendh_options); while ((i = opt_next()) != OPT_EOF) { switch (i) { - default: case OPT_EOF: - BIO_printf(bio_err,"%s: Unhandled flag %d\n", prog, i); case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(gendh_help); +err: + opt_help(gendh_options); goto end; case OPT_OUT: outfile = opt_arg(); @@ -149,12 +142,8 @@ int gendh_main(int argc, char **argv) } argv = opt_rest(); if (argv[0] != NULL && (sscanf(*argv,"%d",&num) == 0 || num < 0)) - { - BIO_printf(bio_err,"usage: gendh [args] [numbits]\n"); - printhelp(gendh_help); - goto end; - } - + goto err; + #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif diff --git a/apps/gendsa.c b/apps/gendsa.c index b1fbe5b35f..a9b776d7d2 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -72,35 +72,6 @@ #define DEFBITS 512 -const char* gendsa_help[] = { - "-out file - output the key to 'file'", -#ifndef OPENSSL_NO_DES - "-des - encrypt the generated key with DES in cbc mode", - "-des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)", -#endif -#ifndef OPENSSL_NO_SEED - "-seed encrypt PEM output with cbc seed", -#endif -#ifndef OPENSSL_NO_AES - "-aes128, -aes192, -aes256", - " encrypt PEM output with cbc aes", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "-camellia128, -camellia192, -camellia256", - " encrypt PEM output with cbc camellia", -#endif -#ifndef OPENSSL_NO_IDEA - "-idea - encrypt the generated key with IDEA in cbc mode", -#endif -#ifndef OPENSSL_NO_ENGINE - "-engine e - use engine e, possibly a hardware device.", -#endif - "-rand file... load the file(s) into the random number generator", - - NULL -}; - - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_RAND, @@ -120,30 +91,35 @@ enum options { OPT_CAMELLIA128, OPT_CAMELLIA192, OPT_CAMELLIA256, #endif }; -static OPTIONS options[] = { - { "out", OPT_OUT, '>' }, + +OPTIONS gendsa_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n" }, + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, + { "out", OPT_OUT, '>', "Output the key to the specified file" }, { "passout", OPT_PASSOUT, 's' }, - { "engine", OPT_ENGINE, 's' }, - { "rand", OPT_RAND, 's' }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif #ifndef OPENSSL_NO_DES - { "des", OPT_DES, '-' }, - { "des3", OPT_DES3, '-' }, + { "des", OPT_DES, '-', "Encrypt the output with CBC DES" }, + { "des3", OPT_DES3, '-', "Encrypt the output with CBC 3DES" }, #endif #ifndef OPENSSL_NO_IDEA - { "idea", OPT_IDEA, '-' }, + { "idea", OPT_IDEA, '-', "Encrypt the output with CBC IDEA" }, #endif #ifndef OPENSSL_NO_SEED - { "seed", OPT_SEED, '-' }, + { "seed", OPT_SEED, '-', "Encrypt key output with CBC seed" }, #endif #ifndef OPENSSL_NO_AES - { "aes128", OPT_AES128, '-' }, - { "aes192", OPT_AES192, '-' }, - { "aes256", OPT_AES256, '-' }, + { "aes128", OPT_AES128, '-', "Encrypt the output with CBC AES 128" }, + { "aes192", OPT_AES192, '-', "Encrypt the output with CBC AES 192" }, + { "aes256", OPT_AES256, '-', "Encrypt the output with CBC AES 256" }, #endif #ifndef OPENSSL_NO_CAMELLIA - { "camellia128", OPT_CAMELLIA128, '-' }, - { "camellia192", OPT_CAMELLIA192, '-' }, - { "camellia256", OPT_CAMELLIA256, '-' }, + { "camellia128", OPT_CAMELLIA128, '-', "Encrypt the output with CBC camellia 128" }, + { "camellia192", OPT_CAMELLIA192, '-', "Encrypt the output with CBC camellia 192" }, + { "camellia256", OPT_CAMELLIA256, '-', "Encrypt the output with CBC camellia 256" }, #endif { NULL } }; @@ -161,16 +137,13 @@ int gendsa_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, gendsa_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"usage: %s [args] dsaparam-file\n", - prog); - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(gendsa_help); + opt_help(gendsa_options); goto end; case OPT_OUT: outfile= opt_arg(); diff --git a/apps/genpkey.c b/apps/genpkey.c index adfcc6461f..e380164ec3 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -69,23 +69,6 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx, const char *file, ENGINE *e); static int genpkey_cb(EVP_PKEY_CTX *ctx); -const char* genpkey_help[] = { - "-out file output file", - "-outform X output format (DER or PEM)", - "-pass arg output file pass phrase source", - "-<cipher> use cipher <cipher> to encrypt the key", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-paramfile file parameters file", - "-algorithm alg the public key algorithm", - "-pkeyopt opt:value set the public key algorithm option <opt>", - " to value <value>", - "-genparam generate parameters, not key", - "-text print the in text", - "Order of options may be important! See the documentation.", - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, @@ -93,19 +76,20 @@ enum options { OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER, }; -static OPTIONS options[] = { +OPTIONS genpkey_options[] = { + { "out", OPT_OUT, '>', "Output file" }, + { "outform", OPT_OUTFORM, 'F', "output format (DER or PEM)" }, + { "pass", OPT_PASS, 's', "Output file pass phrase source" }, + { "paramfile", OPT_PARAMFILE, '<', "Parameters file" }, + { "algorithm", OPT_ALGORITHM, 's', "The public key algorithm" }, + { "pkeyopt", OPT_PKEYOPT, 's', "Set the public key algorithm option as opt:value" }, + { "genparam", OPT_GENPARAM, '-', "Generate parameters, not key" }, + { "text", OPT_TEXT, '-', "Print the in text" }, + { "", OPT_CIPHER, '-', "Cipher to use to encrypt the key" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - { "outform", OPT_OUTFORM, 'F' }, - { "out", OPT_OUT, '>' }, - { "pass", OPT_PASS, 's' }, - { "paramfile", OPT_PARAMFILE, '<' }, - { "algorithm", OPT_ALGORITHM, 's' }, - { "pkeyopt", OPT_PKEYOPT, 's' }, - { "genparam", OPT_GENPARAM, '-' }, - { "text", OPT_TEXT, '-' }, - { "", OPT_CIPHER, '-' }, + { OPT_HELP_STR, 1, 1, "Order of options may be important! See the documentation.\n" }, { NULL } }; @@ -121,14 +105,13 @@ int genpkey_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, genpkey_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(genpkey_help); + opt_help(genpkey_options); goto end; case OPT_OUTFORM: opt_format(opt_arg(), 1, &outformat); @@ -178,9 +161,8 @@ err: text=1; break; case OPT_CIPHER: - if (!opt_cipher(opt_arg(), &cipher)) - goto err; - if (do_param == 1) + if (!opt_cipher(opt_unknown(), &cipher) + || do_param == 1) goto err; } } diff --git a/apps/genrsa.c b/apps/genrsa.c index 5c5bd12dc9..f3043d4138 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -82,34 +82,6 @@ static int genrsa_cb(int p, int n, BN_GENCB *cb); -const char* genrsa_help[] = { - "-des encrypt the generated key with DES in cbc mode", - "-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)", -#ifndef OPENSSL_NO_IDEA - "-idea encrypt the generated key with IDEA in cbc mode", -#endif -#ifndef OPENSSL_NO_SEED - "-seed encrypt PEM output with cbc seed", -#endif -#ifndef OPENSSL_NO_AES - "-aes128, -aes192, -aes256", - " encrypt PEM output with cbc aes", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "-camellia128, -camellia192, -camellia256", - " encrypt PEM output with cbc camellia", -#endif - "-out file output the key to 'file", - "-passout arg output file pass phrase source", - "-f4 use F4 (0x10001) for the E value", - "-3 use 3 for the E value", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-rand file... load the file(s) into the random number generator", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_3, OPT_F4, OPT_NON_FIPS_ALLOW, OPT_ENGINE, @@ -130,45 +102,66 @@ enum options { OPT_CAMELLIA128, OPT_CAMELLIA192, OPT_CAMELLIA256, #endif }; -static OPTIONS options[] = { - { "3", OPT_3, '-' }, - { "F4", OPT_F4, '-' }, - { "f4", OPT_F4, '-' }, + +static OPTIONS genrsa_options[] = { + { "3", OPT_3, '-', "Use 3 for the E value" }, + { "F4", OPT_F4, '-', "Use F4 (0x10001) for the E value" }, + { "f4", OPT_F4, '-', "Use F4 (0x10001) for the E value" }, { "non-fips-allow", OPT_NON_FIPS_ALLOW, '-' }, - { "out", OPT_OUT, 's' }, - { "engine", OPT_ENGINE, 's' }, - { "rand", OPT_RAND, 's' }, - { "passout", OPT_PASSOUT, 's' }, + { "out", OPT_OUT, 's', "Output the key to specified file" }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif +#ifndef OPENSSL_NO_DES + { "des", OPT_DES, '-', "Encrypt the output with CBC DES" }, + { "des3", OPT_DES3, '-', "Encrypt the output with CBC 3DES" }, +#endif +#ifndef OPENSSL_NO_IDEA + { "idea", OPT_IDEA, '-', "Encrypt the output with CBC IDEA" }, +#endif +#ifndef OPENSSL_NO_SEED + { "seed", OPT_SEED, '-', "Encrypt key output with CBC seed" }, +#endif +#ifndef OPENSSL_NO_AES + { "aes128", OPT_AES128, '-', "Encrypt the output with CBC AES 128" }, + { "aes192", OPT_AES192, '-', "Encrypt the output with CBC AES 192" }, + { "aes256", OPT_AES256, '-', "Encrypt the output with CBC AES 256" }, +#endif +#ifndef OPENSSL_NO_CAMELLIA + { "camellia128", OPT_CAMELLIA128, '-', "Encrypt the output with CBC camellia 128" }, + { "camellia192", OPT_CAMELLIA192, '-', "Encrypt the output with CBC camellia 192" }, + { "camellia256", OPT_CAMELLIA256, '-', "Encrypt the output with CBC camellia 256" }, +#endif { NULL } }; int genrsa_main(int argc, char **argv) { BN_GENCB cb; - ENGINE *e = NULL; - int ret=1; - int non_fips_allow = 0,i,num=DEFBITS; - long l; + ENGINE *e=NULL; + BIGNUM *bn=BN_new(); + BIO *out=NULL; + RSA *rsa=NULL; const EVP_CIPHER *enc=NULL; + int ret=1, non_fips_allow=0, i, num=DEFBITS; + long l; unsigned long f4=RSA_F4; - char *outfile=NULL, *passoutarg = NULL, *passout = NULL; + char *outfile=NULL, *passoutarg=NULL, *passout=NULL; char *engine=NULL, *inrand=NULL, *prog; - BIO *out=NULL; - RSA *rsa = NULL; enum options o; - BIGNUM *bn = BN_new(); if(!bn) goto err; BN_GENCB_set(&cb, genrsa_cb, bio_err); - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, genrsa_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(genrsa_help); + opt_help(genrsa_options); goto err; case OPT_3: f4=3; diff --git a/apps/nseq.c b/apps/nseq.c index 18ddbe2ad1..14db4f5802 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -62,42 +62,35 @@ #include <openssl/pem.h> #include <openssl/err.h> -const char* nseq_help[] = { - "-in file input file", - "-out file output file", - "-toseq output NS Sequence file", - NULL -}; + enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_TOSEQ, OPT_IN, OPT_OUT }; -static OPTIONS options[] = { - { "toseq", OPT_TOSEQ, '-' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, + +static OPTIONS nseq_options[] = { + { "toseq", OPT_TOSEQ, '-', "Output NS Sequence file" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, { NULL } }; - int nseq_main(int argc, char **argv) { char *infile=NULL, *outfile=NULL; BIO *in=NULL, *out=NULL; - int toseq=0; X509 *x509=NULL; NETSCAPE_CERT_SEQUENCE *seq=NULL; enum options o; - int ret=1,i; + int toseq=0, ret=1,i; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, nseq_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(nseq_help); + opt_help(nseq_options); goto end; case OPT_TOSEQ: toseq=1; diff --git a/apps/ocsp.c b/apps/ocsp.c index 338be594c1..19ac64a636 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -119,57 +119,6 @@ static OCSP_RESPONSE *query_responder(BIO *err, BIO *cbio, const char *path, const STACK_OF(CONF_VALUE) *headers, OCSP_REQUEST *req, int req_timeout); -const char* ocsp_help[] = { - "-out file output filename", - "-issuer file issuer certificate", - "-cert file certificate to check", - "-serial n serial number to check", - "-signer file certificate to sign OCSP request with", - "-signkey file private key to sign OCSP request with", - "-sign_other file additional certificates to include in signed request", - "-no_certs don't include any certificates in signed request", - "-req_text print text form of request", - "-resp_text print text form of response", - "-text print text form of request and response", - "-reqout file write DER encoded OCSP request to ", - "-respout file write DER encoded OCSP reponse to ", - "-reqin file read DER encoded OCSP request from ", - "-respin file read DER encoded OCSP reponse from ", - "-nonce add OCSP nonce to request", - "-no_nonce don't add OCSP nonce to request", - "-url URL OCSP responder URL", - "-host host:n send OCSP request to host on port n", - "-path path to use in OCSP request", - "-CApath dir trusted certificates directory", - "-CAfile file trusted certificates file", - "-trusted_first use locally trusted CA's first when building trust chain", - "-VAfile file validator certificates file", - "-validity_period n maximum validity discrepancy in seconds", - "-status_age n maximum status age in seconds", - "-noverify don't verify response at all", - "-verify_other file additional certificates to search for signer", - "-trust_other don't verify additional certificates", - "-no_intern don't search certificates contained in response for signer", - "-no_signature_verify don't check signature on response", - "-no_cert_verify don't check signing certificate", - "-no_chain don't chain verify response", - "-no_cert_checks don't do additional checks on signing certificate", - "-port num port to run responder on", - "-index file certificate status index file", - "-CA file CA certificate", - "-rsigner file responder certificate to sign responses with", - "-rkey file responder key to sign responses with", - "-rother file other certificates to include in response", - "-resp_no_certs don't include any certificates in response", - "-nmin n number of minutes before next update", - "-ndays n number of days before next update", - "-resp_key_id identify reponse by signing certificate key ID", - "-nrequest n number of requests to accept (default unlimited)", - "-<dgst alg> use specified digest in the request", - NULL -}; - - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT, @@ -187,58 +136,58 @@ enum options { OPT_V_ENUM, }; -static OPTIONS options[] = { - OPT_V_OPTIONS, - { "out", OPT_OUTFILE, '>' }, +OPTIONS ocsp_options[] = { + { "out", OPT_OUTFILE, '>', "Output filename" }, { "timeout", OPT_TIMEOUT, 'p' }, - { "url", OPT_URL, 's' }, - { "host", OPT_HOST, 's' }, - { "port", OPT_PORT, 's' }, + { "url", OPT_URL, 's', "Responder URL" }, + { "host", OPT_HOST, 's', "host:prot top to connect to" }, + { "port", OPT_PORT, 'p', "Port to run responder on" }, { "ignore_err", OPT_IGNORE_ERR, '-' }, - { "noverify", OPT_NOVERIFY, '-' }, - { "nonce", OPT_NONCE, '-' }, - { "no_nonce", OPT_NO_NONCE, '-' }, - { "resp_no_certs", OPT_RESP_NO_CERTS, '-' }, - { "resp_key_id", OPT_RESP_KEY_ID, '-' }, - { "no_certs", OPT_NO_CERTS, '-' }, - { "no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-' }, - { "no_cert_verify", OPT_NO_CERT_VERIFY, '-' }, - { "no_chain", OPT_NO_CHAIN, '-' }, - { "no_cert_checks", OPT_NO_CERT_CHECKS, '-' }, + { "noverify", OPT_NOVERIFY, '-', "Don't verify response at all" }, + { "nonce", OPT_NONCE, '-', "Add OCSP nonce to request" }, + { "no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request" }, + { "resp_no_certs", OPT_RESP_NO_CERTS, '-', "Don't include any certificates in response" }, + { "resp_key_id", OPT_RESP_KEY_ID, '-', "Identify reponse by signing certificate key ID" }, + { "no_certs", OPT_NO_CERTS, '-', "Don't include any certificates in signed request" }, + { "no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-', "Don't check signature on response" }, + { "no_cert_verify", OPT_NO_CERT_VERIFY, '-', "Don't check signing certificate" }, + { "no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response" }, + { "no_cert_checks", OPT_NO_CERT_CHECKS, '-', "Don't do additional checks on signing certificate" }, { "no_explicit", OPT_NO_EXPLICIT, '-' }, - { "trust_other", OPT_TRUST_OTHER, '-' }, - { "no_intern", OPT_NO_INTERN, '-' }, + { "trust_other", OPT_TRUST_OTHER, '-', "Don't verify additional certificates" }, + { "no_intern", OPT_NO_INTERN, '-', "Don't search certificates contained in response for signer" }, { "badsig", OPT_BADSIG, '-' }, - { "text", OPT_TEXT, '-' }, - { "req_text", OPT_REQ_TEXT, '-' }, - { "resp_text", OPT_RESP_TEXT, '-' }, - { "reqin", OPT_REQIN, 's' }, - { "respin", OPT_RESPIN, 's' }, - { "signer", OPT_SIGNER, '<' }, - { "VAfile", OPT_VAFILE, '<' }, - { "sign_other", OPT_SIGN_OTHER, '<' }, - { "verify_other", OPT_VERIFY_OTHER, '<' }, - { "CAfile", OPT_CAFILE, '<' }, - { "CApath", OPT_CAPATH, '<' }, - { "validity_period", OPT_VALIDITY_PERIOD, 'u' }, - { "status_age", OPT_STATUS_AGE, 'p' }, - { "signkey", OPT_SIGNKEY, 's' }, - { "reqout", OPT_REQOUT, 's' }, - { "respout", OPT_RESPOUT, 's' }, - { "path", OPT_PATH, 's' }, - { "issuer", OPT_ISSUER, '<' }, - { "cert", OPT_CERT, '<' }, - { "serial", OPT_SERIAL, 's' }, - { "index", OPT_INDEX, ',' }, - { "CA", OPT_CA, ',' }, - { "nmin", OPT_NMIN, 'p' }, - { "nrequest", OPT_REQUEST, 'p' }, - { "ndays", OPT_NDAYS, 'p' }, - { "rsigner", OPT_RSIGNER, '<' }, - { "rkey", OPT_RKEY, '<' }, - { "rother", OPT_ROTHER, '<' }, + { "text", OPT_TEXT, '-', "Print text form of request and response" }, + { "req_text", OPT_REQ_TEXT, '-', "Print text form of request" }, + { "resp_text", OPT_RESP_TEXT, '-', "Print text form of response" }, + { "reqin", OPT_REQIN, 's', "File with the DER-encoded request" }, + { "respin", OPT_RESPIN, 's', "File with the DER-encoded response" }, + { "signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with" }, + { "VAfile", OPT_VAFILE, '<', "Validator certificates file" }, + { "sign_other", OPT_SIGN_OTHER, '<', "Additional certificates to include in signed request" }, + { "verify_other", OPT_VERIFY_OTHER, '<', "Additional certificates to search for signer" }, + { "CAfile", OPT_CAFILE, '<', "Trusted certificates file" }, + { "CApath", OPT_CAPATH, '<', "Trusted certificates directory" }, + { "validity_period", OPT_VALIDITY_PERIOD, 'u', "Maximum validity discrepancy in seconds" }, + { "status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds" }, + { "signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with" }, + { "reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request" }, + { "respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response" }, + { "path", OPT_PATH, 's', "Path to use in OCSP request" }, + { "issuer", OPT_ISSUER, '<', "Issuer certificate" }, + { "cert", OPT_CERT, '<', "Certificate to check" }, + { "serial", OPT_SERIAL, 's', "Nerial number to check" }, + { "index", OPT_INDEX, '<', "Certificate status index file" }, + { "CA", OPT_CA, '<', "CA certificate" }, + { "nmin", OPT_NMIN, 'p', "Number of minutes before next update" }, + { "nrequest", OPT_REQUEST, 'p', "Number of requests to accept (default unlimited)" }, + { "ndays", OPT_NDAYS, 'p', "Number of days before next update" }, + { "rsigner", OPT_RSIGNER, '<', "Sesponder certificate to sign responses with" }, + { "rkey", OPT_RKEY, '<', "Responder key to sign responses with" }, + { "rother", OPT_ROTHER, '<', "Other certificates to include in response" }, { "rmd", OPT_RMD, 's' }, - { "", OPT_MD, '-' }, + { "", OPT_MD, '-', "Any supported digest" }, + OPT_V_OPTIONS, { NULL } }; @@ -280,14 +229,14 @@ int ocsp_main(int argc, char **argv) if ((vpm = X509_VERIFY_PARAM_new()) == NULL) return 1; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, ocsp_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: BIO_printf(bio_err,"Valid options are:\n"); - printhelp(ocsp_help); + opt_help(ocsp_options); goto end; case OPT_OUTFILE: outfile = opt_arg(); diff --git a/apps/openssl.c b/apps/openssl.c index a870457575..6bb98ceca9 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -113,8 +113,8 @@ #include <stdio.h> #include <string.h> #include <stdlib.h> -#define APP_MAIN #include "apps.h" +#include "progs.h" #include <openssl/bio.h> #include <openssl/crypto.h> #include <openssl/rand.h> diff --git a/apps/opt.c b/apps/opt.c index da308156c4..b1cddb35b1 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -12,6 +12,10 @@ #include <ctype.h> #include <openssl/bio.h> +#define MAX_OPT_HELP_WIDTH 30 +const char OPT_HELP_STR[] = "--"; +const char OPT_MORE_STR[] = "---"; + /* Our state */ static char** argv; static int argc; @@ -110,16 +114,13 @@ char *opt_init(int ac, char** av, const OPTIONS* o) unknown = NULL; for ( ; o->name; ++o) { - const OPTIONS* next; - if (o->name[0] == '\0') { - assert(unknown == NULL); - unknown = o; - assert(unknown->valtype == 0 - || unknown->valtype == '-'); - } + if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR) + continue; #ifndef NDEBUG - /* Make sure options are legit. */ + const OPTIONS* next; int i = o->valtype; + + /* Make sure options are legit. */ assert(o->name[0] != '-'); assert(o->retval > 0); assert(i == 0 || i == '-' @@ -135,6 +136,12 @@ char *opt_init(int ac, char** av, const OPTIONS* o) assert(strcmp(o->name, next->name) != 0); } #endif + if (o->name[0] == '\0') { + assert(unknown == NULL); + unknown = o; + assert(unknown->valtype == 0 + || unknown->valtype == '-'); + } } return prog; } @@ -592,24 +599,138 @@ int opt_num_rest(void) return i; } +/* Return a string describing the parameter type. */ +static const char* valtype2param(const OPTIONS* o) +{ + switch (o->valtype) { + case '-': + return ""; + case 's': + return "val"; + case '/': + return "dir"; + case '<': + return "infile"; + case '>': + return "outfile"; + case 'p': + return "pnum"; + case 'n': + return "num"; + case 'u': + return "unum"; + case 'F': + return "der/pem"; + case 'f': + return "fmt"; + } + return "parm"; +} + + +void opt_help(const OPTIONS* list) +{ + const OPTIONS* o; + int i; + int standard_prolog = 1; + int width = 5; + char start[80 + 1]; + char *p; + const char *help; + + /* Starts with its own help message? */ + standard_prolog = list[0].name != OPT_HELP_STR; + + /* Find the widest help. */ + for (standard_prolog = 1, o = list; o->name; o++) { + if (o->name == OPT_MORE_STR) + continue; + i = 2 + (int)strlen(o->name); + if (o->valtype != '-') + i += 1 + strlen(valtype2param(o)); + if (i < MAX_OPT_HELP_WIDTH && i > width) + width = i; + assert(i < sizeof start); + } + + if (standard_prolog) + BIO_printf(bio_err, "Valid options are:\n"); + + /* Now let's print. */ + for (o = list; o->name; o++) { + help = o->helpstr ? o->helpstr : "(No additional info)"; + if (o->name == OPT_HELP_STR) { + BIO_printf(bio_err, help, prog); + continue; + } + + /* Pad out prefix */ + memset(start, ' ', sizeof start - 1); + start[sizeof start - 1] - '\0'; + + if (o->name == OPT_MORE_STR) { + /* Continuation of previous line; padd and print. */ + start[width] = '\0'; + BIO_printf(bio_err, "%s %s\n", start, help); + continue; + } + + /* Build up the "-flag [param]" part. */ + p = start; + *p++ = ' '; + *p++ = '-'; + if (o->name[0]) + p += strlen(strcpy(p, o->name)); + else + *p++ = '*'; + if (o->valtype != '-') { + *p++ = ' '; + p += strlen(strcpy(p, valtype2param(o))); + } + *p = ' '; + if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) { + *p = '\0'; + BIO_printf(bio_err, "%s\n", start); + memset(start, ' ', sizeof start); + } + start[width] = '\0'; + BIO_printf(bio_err, "%s %s\n", start, help); + } +} + #ifdef TEST +#include <sys/stat.h> + enum options { OPT_ERR=-1, OPT_EOF=0, OPT_NOTUSED, OPT_IN, OPT_INFORM, OPT_OUT, OPT_COUNT, OPT_U, OPT_FLAG, - OPT_STR }; + OPT_STR, OPT_HELP +}; static OPTIONS options[] = { - { "in", OPT_IN, '<' }, - { "inform", OPT_INFORM, 'f' }, - { "out", OPT_OUT, '>' }, - { "count", OPT_COUNT, 'p' }, - { "u", OPT_U, 'u' }, - { "flag", OPT_FLAG, 0 }, - { "str", OPT_STR, 's' }, + { OPT_HELP_STR, 1, '-', "Usage: %s flags\n" }, + { "in", OPT_IN, '<', "input file" }, + { OPT_MORE_STR, 1, '-', "more detail about input" }, + { "inform", OPT_INFORM, 'f', "input file format; defaults to pem" }, + { "out", OPT_OUT, '>', "output file" }, + { "count", OPT_COUNT, 'p', "a counter greater than zero" }, + { "u", OPT_U, 'u', "an unsigned number" }, + { "flag", OPT_FLAG, 0, "just some flag" }, + { "str", OPT_STR, 's', "the magic word" }, + { "help", OPT_HELP, '-', "get this output" }, + { "areallyverylongoption", OPT_HELP, '-', "long way for help" }, { NULL } }; BIO* bio_err; + +int app_isdir(const char *name) +{ + struct stat sb; + + return name != NULL && stat(name, &sb) >= 0 && S_ISDIR(sb.st_mode); +} + int main(int ac, char **av) { enum options c; @@ -620,9 +741,14 @@ int main(int ac, char **av) while ((c = opt_next()) != OPT_EOF) { switch (c) { + case OPT_NOTUSED: + case OPT_EOF: case OPT_ERR: - printf("Usage error"); + printf("Usage error; try -help."); return -1; + case OPT_HELP: + opt_help(options); + return 0; case OPT_IN: printf("in %s\n", opt_arg()); break; diff --git a/apps/passwd.c b/apps/passwd.c index 18e23af5da..2cad57f9ec 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -40,41 +40,28 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p, char *passwd, BIO *out, int quiet, int table, int reverse, size_t pw_maxlen, int usecrypt, int use1, int useapr1); -const char* passwd_help[] = { -#ifndef OPENSSL_NO_DES - "-crypt standard Unix password algorithm (default)", -#endif -#ifndef NO_MD5CRYPT_1 - "-1 MD5-based password algorithm", - "-apr1 MD5-based password algorithm, Apache variant", -#endif - "-salt string use provided salt", - "-in file read passwords from file", - "-stdin read passwords from stdin", - "-noverify never verify when reading password from terminal", - "-quiet no warnings", - "-table format output as table", - "-reverse switch table columns", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_IN, OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1, OPT_1, OPT_CRYPT, OPT_SALT, OPT_STDIN, }; -static OPTIONS options[] = { - { "in", OPT_IN, '<' }, - { "noverify", OPT_NOVERIFY, '-' }, - { "quiet", OPT_QUIET, '-' }, - { "table", OPT_TABLE, '-' }, - { "reverse", OPT_REVERSE, '-' }, - { "apr1", OPT_APR1, '-' }, - { "1", OPT_1, '-' }, - { "crypt", OPT_CRYPT, '-' }, - { "salt", OPT_SALT, 's' }, - { "stdin", OPT_STDIN, '-' }, + +OPTIONS passwd_options[] = { + { "in", OPT_IN, '<', "Pead passwords from file" }, + { "noverify", OPT_NOVERIFY, '-', "Never verify when reading password from terminal" }, + { "quiet", OPT_QUIET, '-', "No warnings" }, + { "table", OPT_TABLE, '-', "Format output as table" }, + { "reverse", OPT_REVERSE, '-', "Switch table columns" }, +#ifndef NO_MD5CRYPT_1 + { "apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant" }, + { "1", OPT_1, '-', "MD5-based password algorithm" }, +#endif +#ifndef OPENSSL_NO_DES + { "crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)" }, +#endif + { "salt", OPT_SALT, 's', "Use provided salt" }, + { "stdin", OPT_STDIN, '-', "Read passwords from stdin" }, { NULL } }; @@ -97,14 +84,14 @@ int passwd_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, passwd_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: BIO_printf(bio_err,"Valid options are:\n"); - printhelp(passwd_help); + opt_help(passwd_options); goto err; case OPT_IN: if (pw_source_defined) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index f9ae8786a4..75044b92da 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -87,64 +87,6 @@ int alg_print(BIO *x, X509_ALGOR *alg); int cert_load(BIO *in, STACK_OF(X509) *sk); static int set_pbe(BIO *err, int *ppbe, const char *str); -const char* pkcs12_help[] = { - "-export output PKCS12 file", - "-chain add certificate chain", - "-inkey file private key if not infile", - "-certfile f add all certs in f", - "-CApath arg PEM format directory of CA's", - "-CAfile arg PEM format file of CA's", - "-name name use name as friendly name", - "-caname name use name as CA friendly name (can be repeated)", - "-in infile input filename", - "-out outfile output filename", - "-noout don't output anything, just verify.", - "-nomacver don't verify MAC.", - "-nocerts don't output certificates.", - "-clcerts only output client certificates.", - "-cacerts only output CA certificates.", - "-nokeys don't output private keys.", - "-info give info about PKCS#12 structure.", - "-des encrypt private keys with DES", - "-des3 encrypt private keys with triple DES (default)", -#ifndef OPENSSL_NO_IDEA - "-idea encrypt private keys with idea", -#endif -#ifndef OPENSSL_NO_SEED - "-seed encrypt private keys with seed", -#endif -#ifndef OPENSSL_NO_AES - "-aes128, -aes192, -aes256", - " encrypt PEM output with cbc aes", -#endif -#ifndef OPENSSL_NO_CAMELLIA - "-camellia128, -camellia192, -camellia256", - " encrypt PEM output with cbc camellia", -#endif - "-nodes don't encrypt private keys", - "-noiter don't use encryption iteration", - "-nomaciter don't use MAC iteration", - "-maciter use MAC iteration", - "-nomac don't generate MAC", - "-twopass separate MAC, encryption passwords", - "-descert encrypt PKCS#12 certificates with 3DES (default RC2-40)", - "-certpbe alg specify certificate PBE algorithm (default RC2-40)", - "-keypbe alg specify private key PBE algorithm (default 3DES)", - "-macalg alg digest algorithm used in MAC (default SHA1)", - "-keyex set MS key exchange type", - "-keysig set MS key signature type", - "-password p set import/export password source", - "-passin p input file pass phrase source", - "-passout p output file pass phrase source", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-rand file... load the file(s) into the random number generator", - "-CSP name Microsoft CSP name", - "-LMK Add local machine keyset attribute to private key", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS, @@ -156,46 +98,46 @@ enum options { OPT_CAFILE, OPT_ENGINE, }; -static OPTIONS optionlist[] = { - { "", OPT_CIPHER, '-' }, - { "nokeys", OPT_NOKEYS, '-' }, - { "keyex", OPT_KEYEX, '-' }, - { "keysig", OPT_KEYSIG, '-' }, - { "nocerts", OPT_NOCERTS, '-' }, - { "clcerts", OPT_CLCERTS, '-' }, - { "cacerts", OPT_CACERTS, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "info", OPT_INFO, '-' }, - { "chain", OPT_CHAIN, '-' }, - { "twopass", OPT_TWOPASS, '-' }, - { "nomacver", OPT_NOMACVER, '-' }, - { "descert", OPT_DESCERT, '-' }, - { "export", OPT_EXPORT, '-' }, - { "noiter", OPT_NOITER, '-' }, - { "maciter", OPT_MACITER, '-' }, - { "nomaciter", OPT_NOMACITER, '-' }, - { "nomac", OPT_NOMAC, '-' }, - { "LMK", OPT_LMK, '-' }, - { "nodes", OPT_NODES, '-' }, - { "macalg", OPT_MACALG, 's' }, - { "certpbe", OPT_CERTPBE, 's' }, - { "keypbe", OPT_KEYPBE, 's' }, - { "rand", OPT_RAND, 's' }, - { "inkey", OPT_INKEY, '<' }, - { "certfile", OPT_CERTFILE, '<' }, - { "name", OPT_NAME, 's' }, - { "CSP", OPT_CSP, 's' }, - { "caname", OPT_CANAME, 's' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "passin", OPT_PASSIN, 's' }, - { "passout", OPT_PASSOUT, 's' }, - { "password", OPT_PASSWORD, 's' }, - { "CApath", OPT_CAPATH, '/' }, - { "CAfile", OPT_CAFILE, '<' }, +OPTIONS pkcs12_options[] = { + { "nokeys", OPT_NOKEYS, '-', "Don't output private keys" }, + { "keyex", OPT_KEYEX, '-', "Set MS key exchange type" }, + { "keysig", OPT_KEYSIG, '-', "Set MS key signature type" }, + { "nocerts", OPT_NOCERTS, '-', "Don't output certificates" }, + { "clcerts", OPT_CLCERTS, '-', "Only output client certificates" }, + { "cacerts", OPT_CACERTS, '-', "Only output CA certificates" }, + { "noout", OPT_NOOUT, '-', "Don't output anything, just verify" }, + { "info", OPT_INFO, '-', "Print info about PKCS#12 structure" }, + { "chain", OPT_CHAIN, '-', "Add certificate chain" }, + { "twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords" }, + { "nomacver", OPT_NOMACVER, '-', "-Don't verify MAC" }, + { "descert", OPT_DESCERT, '-', "Encrypt output with 3DES (default RC2-40)" }, + { "export", OPT_EXPORT, '-', "Output PKCS12 file" }, + { "noiter", OPT_NOITER, '-', "Don't use encryption iteration" }, + { "maciter", OPT_MACITER, '-', "Use MAC iteration" }, + { "nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration" }, + { "nomac", OPT_NOMAC, '-', "Don't generate MAC" }, + { "LMK", OPT_LMK, '-', "Add local machine keyset attribute to private key" }, + { "nodes", OPT_NODES, '-', "Don't encrypt private keys" }, + { "macalg", OPT_MACALG, 's', "Digest algorithm used in MAC (default SHA1)" }, + { "certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default RC2-40)" }, + { "keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)" }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "inkey", OPT_INKEY, '<', "Private key if not infile" }, + { "certfile", OPT_CERTFILE, '<', "Load certs from file" }, + { "name", OPT_NAME, 's', "Use name as friendly name" }, + { "CSP", OPT_CSP, 's', "Microsoft CSP name" }, + { "caname", OPT_CANAME, 's', "Use name as CA friendly name (can be repeated)" }, + { "in", OPT_IN, '<', "Input filename" }, + { "out", OPT_OUT, '>', "Output filename" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "password", OPT_PASSWORD, 's', "Set import/export password source" }, + { "CApath", OPT_CAPATH, '/', "PEM-format directory of CA's" }, + { "CAfile", OPT_CAFILE, '<', "PEM-format file of CA's" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif + { "", OPT_CIPHER, '-', "Any supported cipher" }, { NULL } }; @@ -220,14 +162,13 @@ int pkcs12_main(int argc, char **argv) const EVP_CIPHER *enc = EVP_des_ede3_cbc(); enum options o; - prog = opt_init(argc, argv, optionlist); + prog = opt_init(argc, argv, pkcs12_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(pkcs12_help); + opt_help(pkcs12_options); goto end; case OPT_NOKEYS: options |= NOKEYS; diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 7a2a4cbdbc..1dd16a6827 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -68,36 +68,24 @@ #include <openssl/pkcs7.h> #include <openssl/pem.h> - -const char* pkcs7_help[] = { - "-inform arg input format - DER or PEM", - "-outform arg output format - DER or PEM", - "-in arg input file", - "-out arg output file", - "-print_certs print any certs or crl in the input", - "-text print full details of certificates", - "-noout don't output encoded data", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT, OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "noout", OPT_NOOUT, '-' }, - { "text", OPT_TEXT, '-' }, + +OPTIONS pkcs7_options[] = { + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "in", OPT_IN, '<', "Input file" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "out", OPT_OUT, '>', "Output file" }, + { "noout", OPT_NOOUT, '-', "Don't output encoded data" }, + { "text", OPT_TEXT, '-', "Print full details of certificates" }, { "print", OPT_PRINT, '-' }, - { "print_certs", OPT_PRINT_CERTS, '-' }, - { "engine", OPT_ENGINE, 's' }, + { "print_certs", OPT_PRINT_CERTS, '-', "Print_certs print any certs or crl in the input" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; @@ -114,13 +102,13 @@ int pkcs7_main(int argc, char **argv) char *engine=NULL; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, pkcs7_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: BIO_printf(bio_err,"Valid options are:\n"); - printhelp(pkcs7_help); + opt_help(pkcs7_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 02f5bf1202..0d371da227 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -64,27 +64,6 @@ #include <openssl/evp.h> #include <openssl/pkcs12.h> -const char* pkcs8_help[] = { - "-in file input file", - "-inform X input format (DER or PEM)", - "-passin arg input file pass phrase source", - "-outform X output format (DER or PEM)", - "-out file output file", - "-passout arg output file pass phrase source", - "-topk8 output PKCS8 file", - "-nooct use (nonstandard) no octet format", - "-embed use (nonstandard) embedded DSA parameters format", - "-nsdb use (nonstandard) DSA Netscape DB format", - "-iter count use count as iteration count", - "-noiter use 1 as iteration count", - "-nocrypt use or expect unencrypted private key", - "-v2 alg use PKCS#5 v2.0 and cipher ", - "-v1 obj use PKCS#5 v1.5 and cipher ", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, @@ -92,26 +71,27 @@ enum options { OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED, OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, + +OPTIONS pkcs8_options[] = { + { "inform", OPT_INFORM, 'F', "Input format (DER or PEM)" }, + { "outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "topk8", OPT_TOPK8, '-', "Output PKCS8 file" }, + { "noiter", OPT_NOITER, '-', "Use 1 as iteration count" }, + { "nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key" }, + { "nooct", OPT_NOOCT, '-', "Use (nonstandard) no octet format" }, + { "nsdb", OPT_NSDB, '-', "Use (nonstandard) DSA Netscape DB format" }, + { "embed", OPT_EMBED, '-', "Use (nonstandard) embedded DSA parameters format" }, + { "v2", OPT_V2, 's', "Ase PKCS#5 v2.0 and cipher " }, + { "v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher " }, + { "v2prf", OPT_V2PRF, 's' }, + { "iter", OPT_ITER, 'p', "Specify the iteration count" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "topk8", OPT_TOPK8, '-' }, - { "noiter", OPT_NOITER, '-' }, - { "nocrypt", OPT_NOCRYPT, '-' }, - { "nooct", OPT_NOOCT, '-' }, - { "nsdb", OPT_NSDB, '-' }, - { "embed", OPT_EMBED, '-' }, - { "v2", OPT_V2, 's' }, - { "v1", OPT_V1, 's' }, - { "v2prf", OPT_V2PRF, 's' }, - { "iter", OPT_ITER, 'p' }, - { "passin", OPT_PASSIN, 's' }, - { "passout", OPT_PASSOUT, 's' }, { NULL } }; @@ -136,14 +116,13 @@ int pkcs8_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, pkcs8_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(pkcs8_help); + opt_help(pkcs8_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/pkey.c b/apps/pkey.c index 9066aafeba..7a3d7e64f0 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -62,50 +62,33 @@ #include <openssl/err.h> #include <openssl/evp.h> -const char* pkey_help[] = { - "-in file input file", - "-inform X input format (DER or PEM)", - "-passin arg input file pass phrase source", - "-outform X output format (DER or PEM)", - "-out file output file", - "-passout arg output file pass phrase source", - "-cipher cipher algorithm to use", - "-text output in plaintext as well", - "-text_pub only output public key components", - "-noout do not output the key", - "-pubin read public key from input (default is private key)", - "-pubout output public key, not private" -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB, OPT_TEXT, OPT_NOOUT, OPT_MD, }; -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, - { "passin", OPT_PASSIN, 's' }, - { "passout", OPT_PASSOUT, 's' }, - { "engine", OPT_ENGINE, 's' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "pubin", OPT_PUBIN, '-' }, - { "pubout", OPT_PUBOUT, '-' }, - { "text_pub", OPT_TEXT_PUB, '-' }, - { "text", OPT_TEXT, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "", OPT_MD, '-' }, + +OPTIONS pkey_options[] = { + { "inform", OPT_INFORM, 'F', "Input format (DER or PEM)" }, + { "outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)" }, + { "passin", OPT_PASSIN, 's', "Input file pass phrase source" }, + { "passout", OPT_PASSOUT, 's', "Output file pass phrase source" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "pubin", OPT_PUBIN, '-', "Read public key from input (default is private key)" }, + { "pubout", OPT_PUBOUT, '-', "Output public key, not private" }, + { "text_pub", OPT_TEXT_PUB, '-', "Only output public key components" }, + { "text", OPT_TEXT, '-', "Output in plaintext as well" }, + { "noout", OPT_NOOUT, '-', "Don't output the key" }, + { "", OPT_MD, '-', "Any supported cipher" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; - int pkey_main(int argc, char **argv) { ENGINE *e = NULL; @@ -121,14 +104,13 @@ int pkey_main(int argc, char **argv) enum options o; char* prog, *engine=NULL; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, pkey_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(pkey_help); + opt_help(pkey_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index 493bdd7943..aab40a2f9a 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -62,27 +62,18 @@ #include <openssl/err.h> #include <openssl/evp.h> -const char* pkeyparam_help[] = { - "-in file input file", - "-out file output file", - "-text print parameters as text", - "-noout don't output encoded parameters", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT, OPT_ENGINE, }; -static OPTIONS options[] = { - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "text", OPT_TEXT, '-' }, - { "noout", OPT_NOOUT, '-' }, + +OPTIONS pkeyparam_options[] = { + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "text", OPT_TEXT, '-', "Print parameters as text" }, + { "noout", OPT_NOOUT, '-', "Don't output encoded parameters" }, #ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, #endif { NULL } }; @@ -98,13 +89,12 @@ int pkeyparam_main(int argc, char **argv) char* prog; char *engine=NULL; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, pkeyparam_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(pkeyparam_help); + opt_help(pkeyparam_options); goto end; case OPT_IN: infile = opt_arg(); diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index e529cc4087..e2b5b8c03b 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -78,29 +78,6 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op, unsigned char *out, size_t *poutlen, unsigned char *in, size_t inlen); -const char* pkeyutl_help[] = { - "-in file input file", - "-out file output file", - "-sigfile file signature file (verify operation only)", - "-inkey file input key", - "-keyform arg private key format - default PEM", - "-pubin input is a public key", - "-certin input is a certificate carrying a public key", - "-pkeyopt X:Y public key options", - "-sign sign with private key", - "-verify verify with public key", - "-verifyrecover verify with public key, recover original data", - "-encrypt encrypt with public key", - "-decrypt decrypt with private key", - "-derive derive shared secret", - "-hexdump hex dump output", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device.", -#endif - "-passin arg pass phrase source", - NULL -}; - enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_ENGINE, OPT_IN, OPT_OUT, @@ -110,30 +87,30 @@ enum options { OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, }; -static OPTIONS options[] = { -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "pubin", OPT_PUBIN, '-' }, - { "certin", OPT_CERTIN, '-' }, +OPTIONS pkeyutl_options[] = { + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "pubin", OPT_PUBIN, '-', "Input is a public key" }, + { "certin", OPT_CERTIN, '-', "Input is a cert with a public key" }, { "asn1parse", OPT_ASN1PARSE, '-' }, - { "hexdump", OPT_HEXDUMP, '-' }, - { "sign", OPT_SIGN, '-' }, - { "verify", OPT_VERIFY, '-' }, - { "verifyrecover", OPT_VERIFYRECOVER, '-' }, + { "hexdump", OPT_HEXDUMP, '-', "Hex dump output" }, + { "sign", OPT_SIGN, '-', "Sign with private key" }, + { "verify", OPT_VERIFY, '-', "Verify with public key" }, + { "verifyrecover", OPT_VERIFYRECOVER, '-', "Verify with public key, recover original data" }, { "rev", OPT_REV, '-' }, - { "encrypt", OPT_ENCRYPT, '-' }, - { "decrypt", OPT_DECRYPT, '-' }, - { "derive", OPT_DERIVE, '-' }, - { "sigfile", OPT_SIGFILE, '<' }, - { "inkey", OPT_INKEY, 's' }, + { "encrypt", OPT_ENCRYPT, '-', "Encrypt with public key" }, + { "decrypt", OPT_DECRYPT, '-', "Decrypt with private key" }, + { "derive", OPT_DERIVE, '-', "Derive shared secret" }, + { "sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)" }, + { "inkey", OPT_INKEY, 's', "Input key" }, { "peerkey", OPT_PEERKEY, 's' }, - { "passin", OPT_PASSIN, 's' }, + { "passin", OPT_PASSIN, 's', "Pass phrase source" }, { "peerform", OPT_PEERFORM, 'F' }, - { "keyform", OPT_KEYFORM, 'F' }, - { "pkeyopt", OPT_PKEYOPT, 's' }, + { "keyform", OPT_KEYFORM, 'F', "Private key format - default PEM" }, + { "pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; @@ -156,14 +133,13 @@ int pkeyutl_main(int argc, char **argv) enum options o; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, pkeyutl_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: err: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(pkeyutl_help); + opt_help(pkeyutl_options); goto end; case OPT_IN: infile = opt_arg(); diff --git a/apps/prime.c b/apps/prime.c index da6c67cf67..7e7997419c 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -52,24 +52,17 @@ #include "apps.h" #include <openssl/bn.h> -const char* prime_help[] = { - "-bits n size of number in bits", - "-hex hex", - "-checks n number of checks", - "-generate generate a prime", - "-safe when used with -generate, generate a safe prime", - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS }; -static OPTIONS options[] = { - { "hex", OPT_HEX, '-' }, - { "generate", OPT_GENERATE, '-' }, - { "bits", OPT_BITS, 'p' }, - { "safe", OPT_SAFE, '-' }, - { "checks", OPT_CHECKS, 'p' }, + +OPTIONS prime_options[] = { + { "hex", OPT_HEX, '-', "Hex output" }, + { "generate", OPT_GENERATE, '-', "Generate a prime" }, + { "bits", OPT_BITS, 'p', "Size of number in bits" }, + { "safe", OPT_SAFE, '-', "When used with -generate, generate a safe prime" }, + { "checks", OPT_CHECKS, 'p', "Number of checks" }, { NULL } }; @@ -85,13 +78,12 @@ int prime_main(int argc, char **argv) BIGNUM *bn=NULL; char* prog; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, prime_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(req_help); + opt_help(prime_options); return 1; case OPT_HEX: hex=1; diff --git a/apps/progs.h b/apps/progs.h index e1f00f3001..f6afab3044 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -13,421 +13,415 @@ typedef struct function_st { int type; const char *name; int (*func)(int argc,char *argv[]); - const char **help; + const OPTIONS *help; } FUNCTION; -#ifndef APP_MAIN -extern FUNCTION functions[]; -#endif extern int verify_main(int argc,char *argv[]); -extern const char *verify_help[]; +extern OPTIONS verify_options[]; extern int asn1parse_main(int argc,char *argv[]); -extern const char *asn1parse_help[]; +extern OPTIONS asn1parse_options[]; extern int req_main(int argc,char *argv[]); -extern const char *req_help[]; +extern OPTIONS req_options[]; extern int dgst_main(int argc,char *argv[]); -extern const char *dgst_help[]; +extern OPTIONS dgst_options[]; extern int dh_main(int argc,char *argv[]); -extern const char *dh_help[]; +extern OPTIONS dh_options[]; extern int dhparam_main(int argc,char *argv[]); -extern const char *dhparam_help[]; +extern OPTIONS dhparam_options[]; extern int enc_main(int argc,char *argv[]); -extern const char *enc_help[]; +extern OPTIONS enc_options[]; extern int passwd_main(int argc,char *argv[]); -extern const char *passwd_help[]; +extern OPTIONS passwd_options[]; extern int gendh_main(int argc,char *argv[]); -extern const char *gendh_help[]; +extern OPTIONS gendh_options[]; extern int errstr_main(int argc,char *argv[]); -extern const char *errstr_help[]; +extern OPTIONS errstr_options[]; extern int ca_main(int argc,char *argv[]); -extern const char *ca_help[]; +extern OPTIONS ca_options[]; extern int crl_main(int argc,char *argv[]); -extern const char *crl_help[]; +extern OPTIONS crl_options[]; extern int rsa_main(int argc,char *argv[]); -extern const char *rsa_help[]; +extern OPTIONS rsa_options[]; extern int rsautl_main(int argc,char *argv[]); -extern const char *rsautl_help[]; +extern OPTIONS rsautl_options[]; extern int dsa_main(int argc,char *argv[]); -extern const char *dsa_help[]; +extern OPTIONS dsa_options[]; extern int dsaparam_main(int argc,char *argv[]); -extern const char *dsaparam_help[]; +extern OPTIONS dsaparam_options[]; extern int ec_main(int argc,char *argv[]); -extern const char *ec_help[]; +extern OPTIONS ec_options[]; extern int ecparam_main(int argc,char *argv[]); -extern const char *ecparam_help[]; +extern OPTIONS ecparam_options[]; extern int x509_main(int argc,char *argv[]); -extern const char *x509_help[]; +extern OPTIONS x509_options[]; extern int genrsa_main(int argc,char *argv[]); -extern const char *genrsa_help[]; +extern OPTIONS genrsa_options[]; extern int gendsa_main(int argc,char *argv[]); -extern const char *gendsa_help[]; +extern OPTIONS gendsa_options[]; extern int genpkey_main(int argc,char *argv[]); -extern const char *genpkey_help[]; +extern OPTIONS genpkey_options[]; extern int s_server_main(int argc,char *argv[]); -extern const char *s_server_help[]; +extern OPTIONS s_server_options[]; extern int s_client_main(int argc,char *argv[]); -extern const char *s_client_help[]; +extern OPTIONS s_client_options[]; extern int speed_main(int argc,char *argv[]); -extern const char *speed_help[]; +extern OPTIONS speed_options[]; extern int s_time_main(int argc,char *argv[]); -extern const char *s_time_help[]; +extern OPTIONS s_time_options[]; extern int version_main(int argc,char *argv[]); -extern const char *version_help[]; +extern OPTIONS version_options[]; extern int pkcs7_main(int argc,char *argv[]); -extern const char *pkcs7_help[]; +extern OPTIONS pkcs7_options[]; extern int cms_main(int argc,char *argv[]); -extern const char *cms_help[]; +extern OPTIONS cms_options[]; extern int crl2pkcs7_main(int argc,char *argv[]); -extern const char *crl2pkcs7_help[]; +extern OPTIONS crl2pkcs7_options[]; extern int sess_id_main(int argc,char *argv[]); -extern const char *sess_id_help[]; +extern OPTIONS sess_id_options[]; extern int ciphers_main(int argc,char *argv[]); -extern const char *ciphers_help[]; +extern OPTIONS ciphers_options[]; extern int nseq_main(int argc,char *argv[]); -extern const char *nseq_help[]; +extern OPTIONS nseq_options[]; extern int pkcs12_main(int argc,char *argv[]); -extern const char *pkcs12_help[]; +extern OPTIONS pkcs12_options[]; extern int pkcs8_main(int argc,char *argv[]); -extern const char *pkcs8_help[]; +extern OPTIONS pkcs8_options[]; extern int pkey_main(int argc,char *argv[]); -extern const char *pkey_help[]; +extern OPTIONS pkey_options[]; extern int pkeyparam_main(int argc,char *argv[]); -extern const char *pkeyparam_help[]; +extern OPTIONS pkeyparam_options[]; extern int pkeyutl_main(int argc,char *argv[]); -extern const char *pkeyutl_help[]; +extern OPTIONS pkeyutl_options[]; extern int spkac_main(int argc,char *argv[]); -extern const char *spkac_help[]; +extern OPTIONS spkac_options[]; extern int smime_main(int argc,char *argv[]); -extern const char *smime_help[]; +extern OPTIONS smime_options[]; extern int rand_main(int argc,char *argv[]); -extern const char *rand_help[]; +extern OPTIONS rand_options[]; extern int engine_main(int argc,char *argv[]); -extern const char *engine_help[]; +extern OPTIONS engine_options[]; extern int ocsp_main(int argc,char *argv[]); -extern const char *ocsp_help[]; +extern OPTIONS ocsp_options[]; extern int prime_main(int argc,char *argv[]); -extern const char *prime_help[]; +extern OPTIONS prime_options[]; extern int ts_main(int argc,char *argv[]); -extern const char *ts_help[]; +extern OPTIONS ts_options[]; extern int srp_main(int argc,char *argv[]); -extern const char *srp_help[]; - -#ifdef APP_MAIN +extern OPTIONS srp_options[]; FUNCTION functions[] = { - { FUNC_TYPE_GENERAL, "verify", verify_main, verify_help }, - { FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main, asn1parse_help }, - { FUNC_TYPE_GENERAL, "req", req_main, req_help }, - { FUNC_TYPE_GENERAL, "dgst", dgst_main, dgst_help }, + { FUNC_TYPE_GENERAL, "verify", verify_main, NULL }, + { FUNC_TYPE_GENERAL, "asn1parse", asn1parse_main, NULL }, + { FUNC_TYPE_GENERAL, "req", req_main, NULL }, + { FUNC_TYPE_GENERAL, "dgst", dgst_main, NULL }, #ifndef OPENSSL_NO_DH - { FUNC_TYPE_GENERAL, "dh", dh_main, dh_help }, + { FUNC_TYPE_GENERAL, "dh", dh_main, NULL }, #endif #ifndef OPENSSL_NO_DH - { FUNC_TYPE_GENERAL, "dhparam", dhparam_main, dhparam_help }, + { FUNC_TYPE_GENERAL, "dhparam", dhparam_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "enc", enc_main, enc_help }, - { FUNC_TYPE_GENERAL, "passwd", passwd_main, passwd_help }, + { FUNC_TYPE_GENERAL, "enc", enc_main, NULL }, + { FUNC_TYPE_GENERAL, "passwd", passwd_main, NULL }, #ifndef OPENSSL_NO_DH - { FUNC_TYPE_GENERAL, "gendh", gendh_main, gendh_help }, + { FUNC_TYPE_GENERAL, "gendh", gendh_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "errstr", errstr_main, errstr_help }, - { FUNC_TYPE_GENERAL, "ca", ca_main, ca_help }, - { FUNC_TYPE_GENERAL, "crl", crl_main, crl_help }, + { FUNC_TYPE_GENERAL, "errstr", errstr_main, NULL }, + { FUNC_TYPE_GENERAL, "ca", ca_main, NULL }, + { FUNC_TYPE_GENERAL, "crl", crl_main, NULL }, #ifndef OPENSSL_NO_RSA - { FUNC_TYPE_GENERAL, "rsa", rsa_main, rsa_help }, + { FUNC_TYPE_GENERAL, "rsa", rsa_main, NULL }, #endif #ifndef OPENSSL_NO_RSA - { FUNC_TYPE_GENERAL, "rsautl", rsautl_main, rsautl_help }, + { FUNC_TYPE_GENERAL, "rsautl", rsautl_main, NULL }, #endif #ifndef OPENSSL_NO_DSA - { FUNC_TYPE_GENERAL, "dsa", dsa_main, dsa_help }, + { FUNC_TYPE_GENERAL, "dsa", dsa_main, NULL }, #endif #ifndef OPENSSL_NO_DSA - { FUNC_TYPE_GENERAL, "dsaparam", dsaparam_main, dsaparam_help }, + { FUNC_TYPE_GENERAL, "dsaparam", dsaparam_main, NULL }, #endif #ifndef OPENSSL_NO_EC - { FUNC_TYPE_GENERAL, "ec", ec_main, ec_help }, + { FUNC_TYPE_GENERAL, "ec", ec_main, NULL }, #endif #ifndef OPENSSL_NO_EC - { FUNC_TYPE_GENERAL, "ecparam", ecparam_main, ecparam_help }, + { FUNC_TYPE_GENERAL, "ecparam", ecparam_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "x509", x509_main, x509_help }, + { FUNC_TYPE_GENERAL, "x509", x509_main, NULL }, #ifndef OPENSSL_NO_RSA - { FUNC_TYPE_GENERAL, "genrsa", genrsa_main, genrsa_help }, + { FUNC_TYPE_GENERAL, "genrsa", genrsa_main, NULL }, #endif #ifndef OPENSSL_NO_DSA - { FUNC_TYPE_GENERAL, "gendsa", gendsa_main, gendsa_help }, + { FUNC_TYPE_GENERAL, "gendsa", gendsa_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "genpkey", genpkey_main, genpkey_help }, + { FUNC_TYPE_GENERAL, "genpkey", genpkey_main, NULL }, #if !defined(OPENSSL_NO_SOCK) - { FUNC_TYPE_GENERAL, "s_server", s_server_main, s_server_help }, + { FUNC_TYPE_GENERAL, "s_server", s_server_main, NULL }, #endif #if !defined(OPENSSL_NO_SOCK) - { FUNC_TYPE_GENERAL, "s_client", s_client_main, s_client_help }, + { FUNC_TYPE_GENERAL, "s_client", s_client_main, NULL }, #endif #ifndef OPENSSL_NO_SPEED - { FUNC_TYPE_GENERAL, "speed", speed_main, speed_help }, + { FUNC_TYPE_GENERAL, "speed", speed_main, NULL }, #endif #if !defined(OPENSSL_NO_SOCK) - { FUNC_TYPE_GENERAL, "s_time", s_time_main, s_time_help }, + { FUNC_TYPE_GENERAL, "s_time", s_time_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "version", version_main, version_help }, - { FUNC_TYPE_GENERAL, "pkcs7", pkcs7_main, pkcs7_help }, + { FUNC_TYPE_GENERAL, "version", version_main, NULL }, + { FUNC_TYPE_GENERAL, "pkcs7", pkcs7_main, NULL }, #ifndef OPENSSL_NO_CMS - { FUNC_TYPE_GENERAL, "cms", cms_main, cms_help }, + { FUNC_TYPE_GENERAL, "cms", cms_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_help }, - { FUNC_TYPE_GENERAL, "sess_id", sess_id_main, sess_id_help }, + { FUNC_TYPE_GENERAL, "crl2pkcs7", crl2pkcs7_main, NULL }, + { FUNC_TYPE_GENERAL, "sess_id", sess_id_main, NULL }, #if !defined(OPENSSL_NO_SOCK) - { FUNC_TYPE_GENERAL, "ciphers", ciphers_main, ciphers_help }, + { FUNC_TYPE_GENERAL, "ciphers", ciphers_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "nseq", nseq_main, nseq_help }, + { FUNC_TYPE_GENERAL, "nseq", nseq_main, NULL }, #if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) - { FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main, pkcs12_help }, -#endif - { FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main, pkcs8_help }, - { FUNC_TYPE_GENERAL, "pkey", pkey_main, pkey_help }, - { FUNC_TYPE_GENERAL, "pkeyparam", pkeyparam_main, pkeyparam_help }, - { FUNC_TYPE_GENERAL, "pkeyutl", pkeyutl_main, pkeyutl_help }, - { FUNC_TYPE_GENERAL, "spkac", spkac_main, spkac_help }, - { FUNC_TYPE_GENERAL, "smime", smime_main, smime_help }, - { FUNC_TYPE_GENERAL, "rand", rand_main, rand_help }, + { FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main, NULL }, +#endif + { FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main, NULL }, + { FUNC_TYPE_GENERAL, "pkey", pkey_main, NULL }, + { FUNC_TYPE_GENERAL, "pkeyparam", pkeyparam_main, NULL }, + { FUNC_TYPE_GENERAL, "pkeyutl", pkeyutl_main, NULL }, + { FUNC_TYPE_GENERAL, "spkac", spkac_main, NULL }, + { FUNC_TYPE_GENERAL, "smime", smime_main, NULL }, + { FUNC_TYPE_GENERAL, "rand", rand_main, NULL }, #ifndef OPENSSL_NO_ENGINE - { FUNC_TYPE_GENERAL, "engine", engine_main, engine_help }, + { FUNC_TYPE_GENERAL, "engine", engine_main, NULL }, #endif #ifndef OPENSSL_NO_OCSP - { FUNC_TYPE_GENERAL, "ocsp", ocsp_main, ocsp_help }, + { FUNC_TYPE_GENERAL, "ocsp", ocsp_main, NULL }, #endif - { FUNC_TYPE_GENERAL, "prime", prime_main, prime_help }, - { FUNC_TYPE_GENERAL, "ts", ts_main, ts_help }, + { FUNC_TYPE_GENERAL, "prime", prime_main, NULL }, + { FUNC_TYPE_GENERAL, "ts", ts_main, NULL }, #ifndef OPENSSL_NO_SRP - { FUNC_TYPE_GENERAL, "srp", srp_main, srp_help }, + { FUNC_TYPE_GENERAL, "srp", srp_main, NULL }, #endif #ifndef OPENSSL_NO_MD2 - { FUNC_TYPE_MD, "md2", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "md2", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_MD4 - { FUNC_TYPE_MD, "md4", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "md4", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_MD5 - { FUNC_TYPE_MD, "md5", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "md5", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_MD_GHOST94 - { FUNC_TYPE_MD, "md_ghost94", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "md_ghost94", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_SHA - { FUNC_TYPE_MD, "sha", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "sha", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_SHA1 - { FUNC_TYPE_MD, "sha1", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "sha1", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_SHA224 - { FUNC_TYPE_MD, "sha224", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "sha224", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_SHA256 - { FUNC_TYPE_MD, "sha256", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "sha256", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_SHA384 - { FUNC_TYPE_MD, "sha384", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "sha384", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_SHA512 - { FUNC_TYPE_MD, "sha512", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "sha512", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_MDC2 - { FUNC_TYPE_MD, "mdc2", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "mdc2", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_RMD160 - { FUNC_TYPE_MD, "rmd160", dgst_main, dgst_help }, + { FUNC_TYPE_MD, "rmd160", dgst_main, NULL }, #endif #ifndef OPENSSL_NO_AES - { FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_AES - { FUNC_TYPE_CIPHER, "aes-128-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "aes-128-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_AES - { FUNC_TYPE_CIPHER, "aes-192-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "aes-192-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_AES - { FUNC_TYPE_CIPHER, "aes-192-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "aes-192-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_AES - { FUNC_TYPE_CIPHER, "aes-256-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "aes-256-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_AES - { FUNC_TYPE_CIPHER, "aes-256-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "aes-256-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAMELLIA - { FUNC_TYPE_CIPHER, "camellia-128-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "camellia-128-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAMELLIA - { FUNC_TYPE_CIPHER, "camellia-128-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "camellia-128-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAMELLIA - { FUNC_TYPE_CIPHER, "camellia-192-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "camellia-192-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAMELLIA - { FUNC_TYPE_CIPHER, "camellia-192-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "camellia-192-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAMELLIA - { FUNC_TYPE_CIPHER, "camellia-256-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "camellia-256-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAMELLIA - { FUNC_TYPE_CIPHER, "camellia-256-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "camellia-256-ecb", enc_main, NULL }, #endif - { FUNC_TYPE_CIPHER, "base64", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "base64", enc_main, NULL }, #ifdef ZLIB - { FUNC_TYPE_CIPHER, "zlib", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "zlib", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des3", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des3", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "desx", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "desx", enc_main, NULL }, #endif #ifndef OPENSSL_NO_IDEA - { FUNC_TYPE_CIPHER, "idea", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "idea", enc_main, NULL }, #endif #ifndef OPENSSL_NO_SEED - { FUNC_TYPE_CIPHER, "seed", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "seed", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC4 - { FUNC_TYPE_CIPHER, "rc4", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc4", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC4 - { FUNC_TYPE_CIPHER, "rc4-40", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc4-40", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC2 - { FUNC_TYPE_CIPHER, "rc2", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc2", enc_main, NULL }, #endif #ifndef OPENSSL_NO_BF - { FUNC_TYPE_CIPHER, "bf", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "bf", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAST - { FUNC_TYPE_CIPHER, "cast", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "cast", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC5 - { FUNC_TYPE_CIPHER, "rc5", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc5", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede3", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede3", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede3-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede3-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede3-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede3-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_DES - { FUNC_TYPE_CIPHER, "des-ede3-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "des-ede3-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_IDEA - { FUNC_TYPE_CIPHER, "idea-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "idea-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_IDEA - { FUNC_TYPE_CIPHER, "idea-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "idea-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_IDEA - { FUNC_TYPE_CIPHER, "idea-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "idea-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_IDEA - { FUNC_TYPE_CIPHER, "idea-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "idea-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_SEED - { FUNC_TYPE_CIPHER, "seed-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "seed-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_SEED - { FUNC_TYPE_CIPHER, "seed-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "seed-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_SEED - { FUNC_TYPE_CIPHER, "seed-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "seed-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_SEED - { FUNC_TYPE_CIPHER, "seed-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "seed-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC2 - { FUNC_TYPE_CIPHER, "rc2-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc2-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC2 - { FUNC_TYPE_CIPHER, "rc2-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc2-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC2 - { FUNC_TYPE_CIPHER, "rc2-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc2-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC2 - { FUNC_TYPE_CIPHER, "rc2-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc2-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC2 - { FUNC_TYPE_CIPHER, "rc2-64-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc2-64-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC2 - { FUNC_TYPE_CIPHER, "rc2-40-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc2-40-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_BF - { FUNC_TYPE_CIPHER, "bf-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "bf-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_BF - { FUNC_TYPE_CIPHER, "bf-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "bf-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_BF - { FUNC_TYPE_CIPHER, "bf-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "bf-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_BF - { FUNC_TYPE_CIPHER, "bf-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "bf-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAST - { FUNC_TYPE_CIPHER, "cast5-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "cast5-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAST - { FUNC_TYPE_CIPHER, "cast5-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "cast5-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAST - { FUNC_TYPE_CIPHER, "cast5-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "cast5-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAST - { FUNC_TYPE_CIPHER, "cast5-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "cast5-ofb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_CAST - { FUNC_TYPE_CIPHER, "cast-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "cast-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC5 - { FUNC_TYPE_CIPHER, "rc5-cbc", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc5-cbc", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC5 - { FUNC_TYPE_CIPHER, "rc5-ecb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc5-ecb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC5 - { FUNC_TYPE_CIPHER, "rc5-cfb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc5-cfb", enc_main, NULL }, #endif #ifndef OPENSSL_NO_RC5 - { FUNC_TYPE_CIPHER, "rc5-ofb", enc_main, enc_help }, + { FUNC_TYPE_CIPHER, "rc5-ofb", enc_main, NULL }, #endif {0,NULL} }; -#endif diff --git a/apps/progs.pl b/apps/progs.pl index 24d0395860..44db57214a 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -17,24 +17,21 @@ typedef struct function_st { int type; const char *name; int (*func)(int argc,char *argv[]); - const char **help; + const OPTIONS *help; } FUNCTION; -#ifndef APP_MAIN -extern FUNCTION functions[]; -#endif EOF grep(s/^asn1pars$/asn1parse/, @ARGV); foreach (@ARGV) { printf "extern int %s_main(int argc,char *argv[]);\n", $_; - printf "extern const char *%s_help[];\n", $_; + printf "extern OPTIONS %s_options[];\n", $_; } -printf "\n#ifdef APP_MAIN\n"; printf "FUNCTION functions[] = {\n"; foreach (@ARGV) { - $str="\t{ FUNC_TYPE_GENERAL, \"$_\", ${_}_main, ${_}_help },\n"; + $str="\t{ FUNC_TYPE_GENERAL, \"$_\", ${_}_main, ${_}_options },\n"; + $str="\t{ FUNC_TYPE_GENERAL, \"$_\", ${_}_main, NULL },\n"; # XXX if (/^s_/ || /^ciphers$/) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif (/^speed$/) { @@ -68,7 +65,8 @@ foreach ( "sha", "sha1", "sha224", "sha256", "sha384", "sha512", "mdc2", "rmd160" ) { - $str="\t{ FUNC_TYPE_MD, \"$_\", dgst_main, dgst_help },\n"; + $str="\t{ FUNC_TYPE_MD, \"$_\", dgst_main, dgst_options },\n"; + $str="\t{ FUNC_TYPE_MD, \"$_\", dgst_main, NULL },\n"; # XXX printf "#ifndef OPENSSL_NO_".uc($_)."\n${str}#endif\n"; } @@ -93,7 +91,8 @@ foreach ( "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb", "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb" ) { - $str="\t{ FUNC_TYPE_CIPHER, \"$_\", enc_main, enc_help },\n"; + $str="\t{ FUNC_TYPE_CIPHER, \"$_\", enc_main, enc_options },\n"; + $str="\t{ FUNC_TYPE_CIPHER, \"$_\", enc_main, NULL },\n"; # XXX if (/des/) { printf "#ifndef OPENSSL_NO_DES\n${str}#endif\n"; } elsif (/aes/) { @@ -122,4 +121,3 @@ foreach ( } print "\t{0,NULL}\n\t};\n"; -printf "#endif\n"; diff --git a/apps/rand.c b/apps/rand.c index 13ab1284c6..f38b590732 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -64,26 +64,21 @@ #include <openssl/rand.h> -const char *rand_help[] = { - "-out file write to file", - "-rand file... seed PRNG from files", - "-base64 base64 encode output", - "-hex hex encode output", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device", -#endif - NULL -}; enum options { OPT_ERR = -1, OPT_EOF = 0, OPT_OUT, OPT_ENGINE, OPT_RAND, OPT_BASE64, OPT_HEX }; -static OPTIONS options[] = { - { "out", OPT_OUT, '>' }, - { "engine", OPT_ENGINE, 's' }, - { "rand", OPT_RAND, 's' }, - { "base64", OPT_BASE64, '-' }, - { "hex", OPT_HEX, '-' }, + +OPTIONS rand_options[] = { + { OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n" }, + { OPT_HELP_STR, 1, '-', "Valid options are:\n" }, + { "out", OPT_OUT, '>', "Output file" }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "base64", OPT_BASE64, '-', "Base64 encode output" }, + { "hex", OPT_HEX, '-', "Hex encode output" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; @@ -101,16 +96,13 @@ int rand_main(int argc, char **argv) char* prog; char *engine=NULL; - prog = opt_init(argc, argv, options); + prog = opt_init(argc, argv, rand_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Usage: %s [flags] num\n", - prog); - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(rand_help); + opt_help(rand_options); goto end; case OPT_OUT: outfile=opt_arg(); diff --git a/apps/req.c b/apps/req.c index b19cdb390e..1dbee359b7 100644 --- a/apps/req.c +++ b/apps/req.c @@ -102,108 +102,6 @@ #define DEFAULT_KEY_LENGTH 512 #define MIN_KEY_LENGTH 384 -const char *req_help[] = { - "-inform arg input format - DER or PEM", - "-outform arg output format - DER or PEM", - "-in arg input file", - "-out arg output file", - "-text text form of request", - "-pubkey output public key", - "-noout do not output REQ", - "-verify verify signature on REQ", - "-modulus RSA modulus", - "-nodes don't encrypt the output key", - "-subject output the request's subject", - "-passin private key password source", - "-key file use the private key contained in file", - "-keyform arg key file format", - "-keyout arg file to send the key to", - /* XXX rsalz; has LIST_SEP_CHAR */ - "-rand file... load the file(s) into the random number generator", - "-newkey rsa:bits generate a new RSA key of 'bits' in size", - "-newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'", - "-[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)", - "-config file request template file.", - "-subj arg set or modify request subject", - "-multivalue-rdn enable support for multivalued RDNs", - "-new new request.", - "-batch do not ask anything during request generation", - "-x509 output a x509 structure instead of a cert. req.", - "-days number of days a certificate generated by -x509 is valid for.", - "-set_serial serial number to use for a certificate generated by -x509.", - "-newhdr output \"NEW\" in the header lines", - "-asn1-kludge Output the 'request' in a format that is wrong but some CA's", - " have been reported as requiring", - "-extensions .. specify certificate extension section (override value in config file)", - "-reqexts .. specify request extension section (override value in config file)", - "-utf8 input characters are UTF8 (default ASCII)", - "-nameopt arg - various certificate name options", - "-reqopt arg - various request text options", -#ifndef OPENSSL_NO_ENGINE - "-engine e use engine e, possibly a hardware device", -#endif -#ifndef OPENSSL_NO_ECDSA - "-newkey ec:file generate a new EC key, parameters taken from CA in 'file'", -#endif - NULL -}; -enum options { - OPT_ERR = -1, OPT_EOF = 0, - OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY, - OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT, - OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_RAND, OPT_NEWKEY, - OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS, - OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, - OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJECT, OPT_TEXT, OPT_X509, - OPT_ASN1_KLUDGE, OPT_NO_ASN1_KLUDGE, OPT_MULTIVALUE_RDN, - OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS, OPT_REQEXTS, OPT_MD -}; - -static OPTIONS options[] = { - { "inform", OPT_INFORM, 'F' }, - { "outform", OPT_OUTFORM, 'F' }, -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif - { "keygen_engine", OPT_KEYGEN_ENGINE, 's' }, - { "key", OPT_KEY, '<' }, - { "pubkey", OPT_PUBKEY, '-' }, - { "new", OPT_NEW, '-' }, - { "config", OPT_CONFIG, '<' }, - { "keyform", OPT_KEYFORM, 'F' }, - { "in", OPT_IN, '<' }, - { "out", OPT_OUT, '>' }, - { "keyout", OPT_KEYOUT, '>' }, - { "passin", OPT_PASSIN, 's' }, - { "passout", OPT_PASSOUT, 's' }, - { "rand", OPT_RAND, 's' }, - { "newkey", OPT_NEWKEY, 's' }, - { "pkeyopt", OPT_PKEYOPT, 's' }, - { "sigopt", OPT_SIGOPT, 's' }, - { "batch", OPT_BATCH, '-' }, - { "newhdr", OPT_NEWHDR, '-' }, - { "modulus", OPT_MODULUS, '-' }, - { "verify", OPT_VERIFY, '-' }, - { "nodes", OPT_NODES, '-' }, - { "noout", OPT_NOOUT, '-' }, - { "verbose", OPT_VERBOSE, '-' }, - { "utf8", OPT_UTF8, '-' }, - { "nameopt", OPT_NAMEOPT, 's' }, - { "reqopt", OPT_REQOPT, 's' }, - { "text", OPT_TEXT, '-' }, - { "x509", OPT_X509, '-' }, - { "asn1-kludge", OPT_ASN1_KLUDGE, '-' }, - { "no-asn1-kludge", OPT_NO_ASN1_KLUDGE, '-' }, - { "subject", OPT_SUBJECT, 's' }, - { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-' }, - { "days", OPT_DAYS, 'p' }, - { "set-serial", OPT_SET_SERIAL, 'p' }, - { "extensions", OPT_EXTENSIONS, 's' }, - { "reqexts", OPT_REQEXTS, 's' }, - { "", OPT_MD, '-' }, - { NULL } -}; - static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn, int attribs,unsigned long chtype); static int build_subject(X509_REQ *req, char *subj, unsigned long chtype, @@ -229,6 +127,65 @@ static EVP_PKEY_CTX *set_keygen_ctx(BIO *err, const char *gstr, int *pkey_type, static CONF *req_conf=NULL; static int batch=0; +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY, + OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT, + OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_RAND, OPT_NEWKEY, + OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS, + OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8, + OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJECT, OPT_TEXT, OPT_X509, + OPT_ASN1_KLUDGE, OPT_NO_ASN1_KLUDGE, OPT_MULTIVALUE_RDN, + OPT_DAYS, OPT_SET_SERIAL, OPT_EXTENSIONS, OPT_REQEXTS, OPT_MD +}; + +OPTIONS req_options[] = { + { "inform", OPT_INFORM, 'F', "Input format - DER or PEM" }, + { "outform", OPT_OUTFORM, 'F', "Output format - DER or PEM" }, + { "in", OPT_IN, '<', "Input file" }, + { "out", OPT_OUT, '>', "Output file" }, + { "keygen_engine", OPT_KEYGEN_ENGINE, 's' }, + { "key", OPT_KEY, '<', "Use the private key contained in file" }, + { "keyform", OPT_KEYFORM, 'F', "Key file format" }, + { "pubkey", OPT_PUBKEY, '-', "Output public key" }, + { "new", OPT_NEW, '-', "New request" }, + { "config", OPT_CONFIG, '<', "Request template file" }, + { "keyout", OPT_KEYOUT, '>', "File to send the key to" }, + { "passin", OPT_PASSIN, 's', "Private key password source" }, + { "passout", OPT_PASSOUT, 's' }, + { "rand", OPT_RAND, 's', "Load the file(s) into the random number generator" }, + { "newkey", OPT_NEWKEY, 's', "Specify as type:bits" }, + { "pkeyopt", OPT_PKEYOPT, 's' }, + { "sigopt", OPT_SIGOPT, 's' }, + { "batch", OPT_BATCH, '-', "Do not ask anything during request generation" }, + { "newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines" }, + { "modulus", OPT_MODULUS, '-', "RSA modulus" }, + { "verify", OPT_VERIFY, '-', "Verify signature on REQ" }, + { "nodes", OPT_NODES, '-', "Don't encrypt the output key" }, + { "noout", OPT_NOOUT, '-', "Do not output REQ" }, + { "verbose", OPT_VERBOSE, '-' }, + { "utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)" }, + { "nameopt", OPT_NAMEOPT, 's', "Various certificate name options" }, + { "reqopt", OPT_REQOPT, 's', "Various request text options" }, + { "text", OPT_TEXT, '-', "Text form of request" }, + { "x509", OPT_X509, '-', "Output a x509 structure instead of a cert request" }, + { "asn1-kludge", OPT_ASN1_KLUDGE, '-', "Output the request in a format that is wrong" }, + { OPT_MORE_STR, 1, 1, "(Required by some CA's)" }, + { "no-asn1-kludge", OPT_NO_ASN1_KLUDGE, '-' }, + { "subject", OPT_SUBJECT, 's', "Output the request's subject" }, + { "multivalue-rdn", OPT_MULTIVALUE_RDN, '-', "Enable support for multivalued RDNs" }, + { "days", OPT_DAYS, 'p', "Number of days cert is valid for" }, + { "set-serial", OPT_SET_SERIAL, 'p', "Serial number to use" }, + { "extensions", OPT_EXTENSIONS, 's', "Cert extension section (override value in config file)" }, + { "reqexts", OPT_REQEXTS, 's', "Request extension section (override value in config file)" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif + { "", OPT_MD, '-', "Any supported digest" }, + { NULL } +}; + + int req_main(int argc, char **argv) { ENGINE *e = NULL, *gen_eng = NULL; @@ -269,14 +226,13 @@ int req_main(int argc, char **argv) cipher=EVP_des_ede3_cbc(); #endif - opt_init(argc, argv, options); + opt_init(argc, argv, req_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { case OPT_EOF: case OPT_ERR: bad: - BIO_printf(bio_err,"Valid options are:\n"); - printhelp(req_help); + opt_help(req_options); goto end; case OPT_INFORM: opt_format(opt_arg(), 1, &informat); diff --git a/apps/rsa.c b/apps/rsa.c index 1d4de028e9..fde641fc6c 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -118,9 +118,6 @@ enum options { static OPTIONS options[] = { { "inform", OPT_INFORM, 'F' }, { "outform", OPT_OUTFORM, 'F' }, -#ifndef OPENSSL_NO_ENGINE - { "engine", OPT_ENGINE, 's' }, -#endif { "in", OPT_IN, '<' }, { "out", OPT_OUT, '>' }, { "sgckey", OPT_SGCKEY, '-' }, @@ -137,7 +134,10 @@ static OPTIONS options[] = { { "text", OPT_TEXT, '-' }, { "modulus", OPT_MODULUS, '-' }, { "check", OPT_CHECK, '-' }, - { "cipher", OPT_CIPHER, '-' }, + { "", OPT_CIPHER, '-', "Any supported cipher" }, +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device" }, +#endif { NULL } }; |