diff options
author | Rich Salz <rsalz@akamai.com> | 2014-07-12 17:40:00 -0400 |
---|---|---|
committer | Rich Salz <rsalz@akamai.com> | 2014-07-16 15:11:27 -0400 |
commit | 8c2bb3df08df4426d11103daae075e4c29400999 (patch) | |
tree | 630acf74fcf67546b4f8ffcc28f09070a53b98e2 | |
parent | 0c1bb92adb5a4bd3fe9c987717097bf867eadd84 (diff) | |
download | openssl-new-8c2bb3df08df4426d11103daae075e4c29400999.tar.gz |
all but s_{client,server} converted; started on them.
-rw-r--r-- | apps/TODO | 6 | ||||
-rw-r--r-- | apps/apps.h | 59 | ||||
-rw-r--r-- | apps/cms.c | 2 | ||||
-rw-r--r-- | apps/ocsp.c | 4 | ||||
-rw-r--r-- | apps/opt.c | 5 | ||||
-rw-r--r-- | apps/s_apps.h | 3 | ||||
-rw-r--r-- | apps/s_cb.c | 144 | ||||
-rw-r--r-- | apps/s_server.c | 241 | ||||
-rw-r--r-- | apps/smime.c | 2 | ||||
-rw-r--r-- | apps/verify.c | 2 |
10 files changed, 209 insertions, 259 deletions
@@ -42,18 +42,18 @@ X 630 ecparam.c X 697 enc.c X 738 srp.c - 758 s_socket.c - 789 openssl.c +- 789 openssl.c X 829 smime.c X 952 pkcs12.c X 1117 ts.c X 1313 x509.c X 1447 ocsp.c - 1514 cms.c +X 1514 cms.c X 1758 req.c - 1960 s_cb.c - 2010 testrsa.h 2525 s_client.c 2942 speed.c X 2986 ca.c - 3082 apps.c +- 3082 apps.c 3677 s_server.c diff --git a/apps/apps.h b/apps/apps.h index 057e0644f8..a9a76cf034 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -152,6 +152,9 @@ extern void unbuffer(FILE* fp); #include <signal.h> #endif +/* + * Common verification options. + */ #define OPT_V_ENUM \ OPT_V__FIRST=2000, \ OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \ @@ -222,6 +225,61 @@ extern void unbuffer(FILE* fp); case OPT_V_SUITEB_192: \ case OPT_V_PARTIAL_CHAIN +/* + * Common "extended"? options. + */ +#define OPT_X_ENUM \ + OPT_X__FIRST=1000, \ + OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \ + OPT_X_CERTFORM, OPT_X_KEYFORM, \ + OPT_X__LAST + +#define OPT_X_OPTIONS \ + { "xkey", OPT_X_KEY, '<' }, \ + { "xcert", OPT_X_CERT, '<' }, \ + {" xchain", OPT_X_CHAIN, '<' }, \ + { "xchain_build", OPT_X_CHAIN_BUILD, '-' }, \ + { "xcertform", OPT_X_CERTFORM, 'F' }, \ + { "xkeyform", OPT_X_KEYFORM, 'F' }, + +#define OPT_X_CASES \ + OPT_X__FIRST: case OPT_X__LAST: break; \ + case OPT_X_KEY: \ + case OPT_X_CERT: \ + case OPT_X_CHAIN: \ + case OPT_X_CHAIN_BUILD: \ + case OPT_X_CERTFORM: \ + case OPT_X_KEYFORM: + +/* + * Common SSL options. + */ +#define OPT_S_ENUM \ + OPT_S__FIRST=3000, \ + OPT_S_SIGALGS, OPT_S_CLIENT_SIGALGS, OPT_S_CURVES, OPS_S_NAMED_CURVE, \ + OPT_S_CIPHER, OPT_S_CERT, OPT_S_KEY, OPT_S_DHPARAM \ + OPT_S__LAST + +#define OPT_S_OPTIONS \ + { "sigalgs", OPT_S_SIGALGS, 's' }, \ + { "client_sigalgs", OPT_S_CLIENT_SIGALGS, 's' }, \ + { "curves", OPT_S_CURVES, 's' }, \ + { "named_curve", OPT_S_NAMED_CURVE, 's' }, \ + { "cipher", OPT_S_CIPHER, 's' }, \ + { "cert", OPT_S_CERT, '<' }, \ + { "key", OPT_S_KEY, '<' }, \ + { "dhparam", OPT_S_DHPARAM, '<' }, + +#define OPS_S_CASES \ + OPT_S__FIRST: case OPT_S__LAST: break; \ + case OPT_S_SIGALGS: \ + case OPT_S_CLIENT_SIGALGS: \ + case OPT_S_CURVES: \ + case OPS_S_NAMED_CURVE: \ + case OPT_S_CIPHER: \ + case OPT_S_CERT: \ + case OPT_S_KEY: \ + case OPT_S_DHPARAM #if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE) # define openssl_fdset(a,b) FD_SET((unsigned int)a, b) @@ -249,6 +307,7 @@ typedef struct opt_pair_st { } OPT_PAIR; extern char* opt_progname(const char *argv0); +extern char* opt_getprog(void); extern char* opt_init(int ac, char** av, const OPTIONS* o); extern int opt_next(); extern int opt_format(const char *s, int onlyderpem, int* result); diff --git a/apps/cms.c b/apps/cms.c index 67308ff9c6..a916439c72 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -171,7 +171,6 @@ const char* cms_help[] = { enum options { OPT_ERR = -1, OPT_EOF = 0, - OPT_V_ENUM, OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN, OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT, @@ -189,6 +188,7 @@ enum options { OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM, OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP, OPT_ENGINE, OPT_CIPHER, + OPT_V_ENUM, }; static OPTIONS options[] = { diff --git a/apps/ocsp.c b/apps/ocsp.c index e83b758202..338be594c1 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -172,7 +172,6 @@ const char* ocsp_help[] = { enum options { OPT_ERR = -1, OPT_EOF = 0, - OPT_V_ENUM, OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT, OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE, OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS, @@ -185,6 +184,7 @@ enum options { OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL, OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER, OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_MD, + OPT_V_ENUM, }; static OPTIONS options[] = { @@ -414,7 +414,7 @@ err: vpmtouched++; break; case OPT_VALIDITY_PERIOD: - opt_ulong(opt_arg(), &nsec); + opt_long(opt_arg(), &nsec); break; case OPT_STATUS_AGE: opt_long(opt_arg(), &maxage); diff --git a/apps/opt.c b/apps/opt.c index 1ac2ea5826..526159ed0b 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -90,6 +90,11 @@ char* opt_progname(const char *argv0) } #endif +char* get_getprog(void) +{ + return prog; +} + /* Set up the arg parsing. */ char *opt_init(int ac, char** av, const OPTIONS* o) diff --git a/apps/s_apps.h b/apps/s_apps.h index 625e1eb266..adf09386cf 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -194,8 +194,7 @@ typedef struct ssl_excert_st SSL_EXCERT; void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc); void ssl_excert_free(SSL_EXCERT *exc); -int args_excert(char ***pargs, int *pargc, - int *badarg, BIO *err, SSL_EXCERT **pexc); +int args_excert(int option, SSL_EXCERT **pexc); int load_excert(SSL_EXCERT **pexc, BIO *err); void print_ssl_summary(BIO *bio, SSL *s); #ifdef HEADER_SSL_H diff --git a/apps/s_cb.c b/apps/s_cb.c index 3d41fbb547..2bd72b973c 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1422,111 +1422,71 @@ int load_excert(SSL_EXCERT **pexc, BIO *err) } return 1; } - -int args_excert(char ***pargs, int *pargc, - int *badarg, BIO *err, SSL_EXCERT **pexc) - { - char *arg = **pargs, *argn = (*pargs)[1]; +enum range { OPT_X_ENUM }; + +int args_excert(int opt, SSL_EXCERT **pexc) +{ SSL_EXCERT *exc = *pexc; - int narg = 2; - if (!exc) - { - if (ssl_excert_prepend(&exc)) - *pexc = exc; - else - { - BIO_printf(err, "Error initialising xcert\n"); - *badarg = 1; + + assert(opt > OPT_X__FIRST); + assert(opt < OPT_X__LAST); + + if (exc == NULL) { + if (!ssl_excert_prepend(&exc)) { + BIO_printf(bio_err, " %s: Error initialising xcert\n", + opt_getprog()); goto err; - } } - if (strcmp(arg, "-xcert") == 0) - { - if (!argn) - { - *badarg = 1; - return 1; - } - if (exc->certfile && !ssl_excert_prepend(&exc)) - { - BIO_printf(err, "Error adding xcert\n"); - *badarg = 1; + *pexc = exc; + } + + switch ((enum range)opt) { + case OPT_X__FIRST: + case OPT_X__LAST: + return 0; + case OPT_X_CERT: + if (exc->certfile && !ssl_excert_prepend(&exc)) { + BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog()); goto err; - } - exc->certfile = argn; - } - else if (strcmp(arg,"-xkey") == 0) - { - if (!argn) - { - *badarg = 1; - return 1; - } - if (exc->keyfile) - { - BIO_printf(err, "Key already specified\n"); - *badarg = 1; - return 1; - } - exc->keyfile = argn; - } - else if (strcmp(arg,"-xchain") == 0) - { - if (!argn) - { - *badarg = 1; - return 1; - } - if (exc->chainfile) - { - BIO_printf(err, "Chain already specified\n"); - *badarg = 1; - return 1; - } - exc->chainfile = argn; - } - else if (strcmp(arg,"-xchain_build") == 0) - { - narg = 1; - exc->build_chain = 1; } - else if (strcmp(arg,"-xcertform") == 0) - { - if (!argn) - { - *badarg = 1; + exc->certfile = opt_arg(); + break; + case OPT_X_KEY: + if (exc->keyfile) { + BIO_printf(bio_err, "%s: Key already specified\n", + opt_getprog()); goto err; - } - exc->certform = str2fmt(argn); } - else if (strcmp(arg,"-xkeyform") == 0) - { - if (!argn) - { - *badarg = 1; + exc->keyfile = opt_arg(); + break; + case OPT_X_CHAIN: + if (exc->chainfile) { + BIO_printf(bio_err, "%s: Chain already specified\n", + opt_getprog()); goto err; - } - exc->keyform = str2fmt(argn); } - else - return 0; - - (*pargs) += narg; - - if (pargc) - *pargc -= narg; - - *pexc = exc; - + exc->chainfile = opt_arg(); + break; + case OPT_X_CHAIN_BUILD: + exc->build_chain = 1; + break; + case OPT_X_CERTFORM: + opt_format(opt_arg(), 1, &exc->certform); + break; + case OPT_X_KEYFORM: + opt_format(opt_arg(), 1, &exc->keyform); + break; + } return 1; - err: - ERR_print_errors(err); - ssl_excert_free(exc); +err: + ERR_print_errors(bio_err); + if (exc) + ssl_excert_free(exc); *pexc = NULL; - return 1; - } + return 0; +} static void print_raw_cipherlist(BIO *bio, SSL *s) { diff --git a/apps/s_server.c b/apps/s_server.c index 02db965f3f..3569302921 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -787,11 +787,7 @@ static int cert_status_cb(SSL *s, void *arg) STACK_OF(X509_EXTENSION) *exts; int ret = SSL_TLSEXT_ERR_NOACK; int i; -#if 0 -STACK_OF(OCSP_RESPID) *ids; -SSL_get_tlsext_status_ids(s, &ids); -BIO_printf(err, "cert_status: received %d ids\n", sk_OCSP_RESPID_num(ids)); -#endif + if (srctx->verbose) BIO_puts(err, "cert_status: callback called\n"); /* Build up OCSP query from server certificate */ @@ -957,12 +953,7 @@ static int not_resumable_sess_cb(SSL *s, int is_forward_secure) return is_forward_secure; } -#ifndef OPENSSL_NO_JPAKE static char *jpake_secret = NULL; -#define no_jpake !jpake_secret -#else -#define no_jpake 1 -#endif #ifndef OPENSSL_NO_SRP static srpsrvparm srp_callback_parm; #endif @@ -970,73 +961,57 @@ static char *srtp_profiles = NULL; int s_server_main(int argc, char *argv[]) { - X509_VERIFY_PARAM *vpm = NULL; - int badarg = 0; - short port=PORT; + ENGINE *e=NULL; + EVP_PKEY *s_key=NULL, *s_dkey=NULL; + SSL_CONF_CTX *cctx=NULL; + const SSL_METHOD *meth=SSLv23_server_method(); + SSL_EXCERT *exc=NULL; + STACK_OF(OPENSSL_STRING) *ssl_args=NULL; + STACK_OF(X509) *s_chain=NULL, *s_dchain=NULL; + STACK_OF(X509_CRL) *crls = NULL; + X509 *s_cert=NULL, *s_dcert=NULL; + X509_VERIFY_PARAM *vpm=NULL; + char *CApath=NULL,*CAfile=NULL, *chCApath=NULL,*chCAfile=NULL; + char *dhfile=NULL, *dpassarg=NULL, *dpass=NULL, *inrand=NULL; + char *passarg=NULL, *pass=NULL, *vfyCApath=NULL,*vfyCAfile=NULL; + char *crl_file=NULL; const char *unix_path=NULL; -#ifndef NO_SYS_UN_H - int unlink_unix_path=0; -#endif int (*server_cb)(char *hostname, int s, int stype, unsigned char *context); - char *CApath=NULL,*CAfile=NULL; - char *chCApath=NULL,*chCAfile=NULL; - char *vfyCApath=NULL,*vfyCAfile=NULL; - unsigned char *context = NULL; - char *dhfile = NULL; - int badop=0; - int ret=1; - int build_chain = 0; - int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0; - int state=0; - const SSL_METHOD *meth=NULL; - int socket_type=SOCK_STREAM; - ENGINE *e=NULL; - char *inrand=NULL; - int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM; - char *passarg = NULL, *pass = NULL; - char *dpassarg = NULL, *dpass = NULL; - int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM; - X509 *s_cert = NULL, *s_dcert = NULL; - STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL; - EVP_PKEY *s_key = NULL, *s_dkey = NULL; - int no_cache = 0, ext_cache = 0; - int rev = 0, naccept = -1; - int sdebug = 0; + int badarg=0, badop=0, build_chain=0, no_cache=0, ext_cache=0; + int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0, ret=1; + int s_cert_format=FORMAT_PEM, s_key_format=FORMAT_PEM; + int s_dcert_format=FORMAT_PEM, s_dkey_format=FORMAT_PEM; + int rev=0, naccept=-1, sdebug=0, socket_type=SOCK_STREAM; + int state=0, unlink_unix_path=0; + int crl_format=FORMAT_PEM, crl_download=0; + short port=PORT; + unsigned char *context=NULL; + #ifndef OPENSSL_NO_TLSEXT - EVP_PKEY *s_key2 = NULL; - X509 *s_cert2 = NULL; - tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; + EVP_PKEY *s_key2=NULL; + X509 *s_cert2=NULL; + tlsextctx tlsextcbp={NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING}; # ifndef OPENSSL_NO_NEXTPROTONEG - const char *next_proto_neg_in = NULL; - tlsextnextprotoctx next_proto = { NULL, 0}; + const char *next_proto_neg_in=NULL; + tlsextnextprotoctx next_proto={ NULL, 0}; # endif - const char *alpn_in = NULL; - tlsextalpnctx alpn_ctx = { NULL, 0}; + const char *alpn_in=NULL; + tlsextalpnctx alpn_ctx={ NULL, 0}; #endif #ifndef OPENSSL_NO_PSK /* by default do not send a PSK identity hint */ static char *psk_identity_hint=NULL; #endif #ifndef OPENSSL_NO_SRP - char *srpuserseed = NULL; - char *srp_verifier_file = NULL; + char *srpuserseed=NULL; + char *srp_verifier_file=NULL; #endif - SSL_EXCERT *exc = NULL; - SSL_CONF_CTX *cctx = NULL; - STACK_OF(OPENSSL_STRING) *ssl_args = NULL; - - char *crl_file = NULL; - int crl_format = FORMAT_PEM; - int crl_download = 0; - STACK_OF(X509_CRL) *crls = NULL; - meth=SSLv23_server_method(); local_argc=argc; local_argv=argv; s_server_init(); - cctx = SSL_CONF_CTX_new(); if (!cctx) goto end; @@ -1060,8 +1035,7 @@ int s_server_main(int argc, char *argv[]) if ((strcmp(*argv,"-port") == 0) || (strcmp(*argv,"-accept") == 0)) { - if (--argc < 1) goto bad; - if (!extract_port(*(++argv),&port)) + if (!extract_port(opt_arg(),&port)) goto bad; } else if (strcmp(*argv,"-unix") == 0) @@ -1070,8 +1044,7 @@ int s_server_main(int argc, char *argv[]) BIO_printf(bio_err, "unix domain sockets unsupported\n"); goto bad; #else - if (--argc < 1) goto bad; - unix_path = *(++argv); + unix_path = opt_arg(); #endif } else if (strcmp(*argv,"-unlink") == 0) @@ -1085,8 +1058,7 @@ int s_server_main(int argc, char *argv[]) } else if (strcmp(*argv,"-naccept") == 0) { - if (--argc < 1) goto bad; - naccept = atol(*(++argv)); + naccept = atol(opt_arg()); if (naccept <= 0) { BIO_printf(bio_err, "bad accept value %s\n", @@ -1097,8 +1069,7 @@ int s_server_main(int argc, char *argv[]) else if (strcmp(*argv,"-verify") == 0) { s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); + verify_depth=atoi(opt_arg()); if (!s_quiet) BIO_printf(bio_err,"verify depth is %d\n",verify_depth); } @@ -1106,94 +1077,77 @@ int s_server_main(int argc, char *argv[]) { s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT| SSL_VERIFY_CLIENT_ONCE; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); + verify_depth=atoi(opt_arg()); if (!s_quiet) BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth); } else if (strcmp(*argv,"-context") == 0) { - if (--argc < 1) goto bad; - context= (unsigned char *)*(++argv); + context= (unsigned char *)opt_arg(); } else if (strcmp(*argv,"-cert") == 0) { - if (--argc < 1) goto bad; - s_cert_file= *(++argv); + s_cert_file= opt_arg(); } else if (strcmp(*argv,"-CRL") == 0) { - if (--argc < 1) goto bad; - crl_file= *(++argv); + crl_file= opt_arg(); } else if (strcmp(*argv,"-crl_download") == 0) crl_download = 1; #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-serverinfo") == 0) { - if (--argc < 1) goto bad; - s_serverinfo_file = *(++argv); + s_serverinfo_file = opt_arg(); } #endif else if (strcmp(*argv,"-certform") == 0) { - if (--argc < 1) goto bad; - s_cert_format = str2fmt(*(++argv)); + s_cert_format = str2fmt(opt_arg()); } else if (strcmp(*argv,"-key") == 0) { - if (--argc < 1) goto bad; - s_key_file= *(++argv); + s_key_file= opt_arg(); } else if (strcmp(*argv,"-keyform") == 0) { - if (--argc < 1) goto bad; - s_key_format = str2fmt(*(++argv)); + s_key_format = str2fmt(opt_arg()); } else if (strcmp(*argv,"-pass") == 0) { - if (--argc < 1) goto bad; - passarg = *(++argv); + passarg = opt_arg(); } else if (strcmp(*argv,"-cert_chain") == 0) { - if (--argc < 1) goto bad; - s_chain_file= *(++argv); + s_chain_file= opt_arg(); } else if (strcmp(*argv,"-dhparam") == 0) { - if (--argc < 1) goto bad; - dhfile = *(++argv); + dhfile = opt_arg(); } else if (strcmp(*argv,"-dcertform") == 0) { - if (--argc < 1) goto bad; - s_dcert_format = str2fmt(*(++argv)); + s_dcert_format = str2fmt(opt_arg()); } else if (strcmp(*argv,"-dcert") == 0) { - if (--argc < 1) goto bad; - s_dcert_file= *(++argv); + s_dcert_file= opt_arg(); } else if (strcmp(*argv,"-dkeyform") == 0) { - if (--argc < 1) goto bad; - s_dkey_format = str2fmt(*(++argv)); + s_dkey_format = str2fmt(opt_arg()); } else if (strcmp(*argv,"-dpass") == 0) { - if (--argc < 1) goto bad; - dpassarg = *(++argv); + dpassarg = opt_arg(); } else if (strcmp(*argv,"-dkey") == 0) { - if (--argc < 1) goto bad; - s_dkey_file= *(++argv); + s_dkey_file= opt_arg(); } else if (strcmp(*argv,"-dcert_chain") == 0) { - if (--argc < 1) goto bad; - s_dchain_file= *(++argv); + s_dchain_file= opt_arg(); } else if (strcmp(*argv,"-nocert") == 0) { @@ -1201,18 +1155,15 @@ int s_server_main(int argc, char *argv[]) } else if (strcmp(*argv,"-CApath") == 0) { - if (--argc < 1) goto bad; - CApath= *(++argv); + CApath= opt_arg(); } else if (strcmp(*argv,"-chainCApath") == 0) { - if (--argc < 1) goto bad; - chCApath= *(++argv); + chCApath= opt_arg(); } else if (strcmp(*argv,"-verifyCApath") == 0) { - if (--argc < 1) goto bad; - vfyCApath= *(++argv); + vfyCApath= opt_arg(); } else if (strcmp(*argv,"-no_cache") == 0) no_cache = 1; @@ -1220,8 +1171,7 @@ int s_server_main(int argc, char *argv[]) ext_cache = 1; else if (strcmp(*argv,"-CRLform") == 0) { - if (--argc < 1) goto bad; - crl_format = str2fmt(*(++argv)); + crl_format = str2fmt(opt_arg()); } // case OPT_V_COMMON_VERIFY_CASES: vpmtouched++ else if (!opt_verify(i, vpm)) @@ -1246,18 +1196,15 @@ int s_server_main(int argc, char *argv[]) build_chain = 1; else if (strcmp(*argv,"-CAfile") == 0) { - if (--argc < 1) goto bad; - CAfile= *(++argv); + CAfile= opt_arg(); } else if (strcmp(*argv,"-chainCAfile") == 0) { - if (--argc < 1) goto bad; - chCAfile= *(++argv); + chCAfile= opt_arg(); } else if (strcmp(*argv,"-verifyCAfile") == 0) { - if (--argc < 1) goto bad; - vfyCAfile= *(++argv); + vfyCAfile= opt_arg(); } #ifdef FIONBIO else if (strcmp(*argv,"-nbio") == 0) @@ -1289,14 +1236,12 @@ int s_server_main(int argc, char *argv[]) else if (!strcmp(*argv, "-status_timeout")) { s_tlsextstatus=1; - if (--argc < 1) goto bad; - tlscstatp.timeout = atoi(*(++argv)); + tlscstatp.timeout = atoi(opt_arg()); } else if (!strcmp(*argv, "-status_url")) { s_tlsextstatus=1; - if (--argc < 1) goto bad; - if (!OCSP_parse_url(*(++argv), + if (!OCSP_parse_url(opt_arg(), &tlscstatp.host, &tlscstatp.port, &tlscstatp.path, @@ -1311,8 +1256,7 @@ int s_server_main(int argc, char *argv[]) { s_msg=1; } else if (strcmp(*argv,"-msgfile") == 0) { - if (--argc < 1) goto bad; - bio_s_msg = BIO_new_file(*(++argv), "w"); + bio_s_msg = BIO_new_file(opt_arg(), "w"); } #ifndef OPENSSL_NO_SSL_TRACE else if (strcmp(*argv,"-trace") == 0) @@ -1347,15 +1291,13 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_PSK else if (strcmp(*argv,"-psk_hint") == 0) { - if (--argc < 1) goto bad; - psk_identity_hint= *(++argv); + psk_identity_hint= opt_arg(); } else if (strcmp(*argv,"-psk") == 0) { size_t i; - if (--argc < 1) goto bad; - psk_key=*(++argv); + psk_key=opt_arg(); for (i=0; i<strlen(psk_key); i++) { if (isxdigit((unsigned char)psk_key[i])) @@ -1368,14 +1310,12 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_SRP else if (strcmp(*argv, "-srpvfile") == 0) { - if (--argc < 1) goto bad; - srp_verifier_file = *(++argv); + srp_verifier_file = opt_arg(); meth = TLSv1_server_method(); } else if (strcmp(*argv, "-srpuserseed") == 0) { - if (--argc < 1) goto bad; - srpuserseed = *(++argv); + srpuserseed = opt_arg(); meth = TLSv1_server_method(); } #endif @@ -1423,81 +1363,68 @@ int s_server_main(int argc, char *argv[]) enable_timeouts = 1; else if (strcmp(*argv,"-mtu") == 0) { - if (--argc < 1) goto bad; - socket_mtu = atol(*(++argv)); + socket_mtu = atol(opt_arg()); } else if (strcmp(*argv, "-chain") == 0) cert_chain = 1; #endif else if (strcmp(*argv, "-id_prefix") == 0) { - if (--argc < 1) goto bad; - session_id_prefix = *(++argv); + session_id_prefix = opt_arg(); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { - if (--argc < 1) goto bad; - engine_id= *(++argv); + engine_id= opt_arg(); } #endif else if (strcmp(*argv,"-rand") == 0) { - if (--argc < 1) goto bad; - inrand= *(++argv); + inrand= opt_arg(); } #ifndef OPENSSL_NO_TLSEXT else if (strcmp(*argv,"-servername") == 0) { - if (--argc < 1) goto bad; - tlsextcbp.servername= *(++argv); + tlsextcbp.servername= opt_arg(); } else if (strcmp(*argv,"-servername_fatal") == 0) { tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL; } else if (strcmp(*argv,"-cert2") == 0) { - if (--argc < 1) goto bad; - s_cert_file2= *(++argv); + s_cert_file2= opt_arg(); } else if (strcmp(*argv,"-key2") == 0) { - if (--argc < 1) goto bad; - s_key_file2= *(++argv); + s_key_file2= opt_arg(); } # ifndef OPENSSL_NO_NEXTPROTONEG else if (strcmp(*argv,"-nextprotoneg") == 0) { - if (--argc < 1) goto bad; - next_proto_neg_in = *(++argv); + next_proto_neg_in = opt_arg(); } # endif else if (strcmp(*argv,"-alpn") == 0) { - if (--argc < 1) goto bad; - alpn_in = *(++argv); + alpn_in = opt_arg(); } #endif #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) else if (strcmp(*argv,"-jpake") == 0) { - if (--argc < 1) goto bad; - jpake_secret = *(++argv); + jpake_secret = opt_arg(); } #endif else if (strcmp(*argv,"-use_srtp") == 0) { - if (--argc < 1) goto bad; - srtp_profiles = *(++argv); + srtp_profiles = opt_arg(); } else if (strcmp(*argv,"-keymatexport") == 0) { - if (--argc < 1) goto bad; - keymatexportlabel= *(++argv); + keymatexportlabel= opt_arg(); } else if (strcmp(*argv,"-keymatexportlen") == 0) { - if (--argc < 1) goto bad; - keymatexportlen=atoi(*(++argv)); + keymatexportlen=atoi(opt_arg()); if (keymatexportlen == 0) goto bad; } else @@ -1796,7 +1723,7 @@ bad: SSL_CTX_set1_param(ctx, vpm); ssl_ctx_add_crls(ctx, crls, 0); - if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, no_jpake)) + if (!args_ssl_call(ctx, bio_err, cctx, ssl_args, no_ecdhe, jpake_secret == NULL)) goto end; if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile, @@ -1867,7 +1794,7 @@ bad: SSL_CTX_set1_param(ctx2, vpm); ssl_ctx_add_crls(ctx2, crls, 0); - if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, no_jpake)) + if (!args_ssl_call(ctx2, bio_err, cctx, ssl_args, no_ecdhe, jpake_secret == NULL)) goto end; } diff --git a/apps/smime.c b/apps/smime.c index f52b70c6da..c9ec99bf16 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -143,7 +143,6 @@ const char* smime_help[] = { enum options { OPT_ERR = -1, OPT_EOF = 0, - OPT_V_ENUM, OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY, OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN, OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, @@ -152,6 +151,7 @@ enum options { OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD, OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE, OPT_CAPATH, OPT_IN, OPT_INFORM, OPT_OUT, OPT_OUTFORM, OPT_CONTENT, + OPT_V_ENUM, }; static OPTIONS options[] = { diff --git a/apps/verify.c b/apps/verify.c index a83d2f40af..852a95e9c5 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -87,9 +87,9 @@ const char* verify_help[] = { enum options { OPT_ERR = -1, OPT_EOF = 0, - OPT_V_ENUM, OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN, OPT_VERBOSE, + OPT_V_ENUM, }; static OPTIONS options[] = { |