diff options
| author | Rich Salz <rsalz@akamai.com> | 2014-07-10 22:53:14 -0400 |
|---|---|---|
| committer | Rich Salz <rsalz@akamai.com> | 2014-07-14 18:03:33 -0400 |
| commit | be6115af4a04d8e4e3bd27b8474d5b56cacebbb9 (patch) | |
| tree | bf207fef8ac6f7855d6af73525aa95a900917747 | |
| parent | af8d46725a31112ac15925f64938acd282ae0691 (diff) | |
| download | openssl-new-be6115af4a04d8e4e3bd27b8474d5b56cacebbb9.tar.gz | |
another half-dozen done
| -rw-r--r-- | apps/TODO | 16 | ||||
| -rw-r--r-- | apps/apps.h | 6 | ||||
| -rw-r--r-- | apps/ca.c | 14 | ||||
| -rw-r--r-- | apps/dgst.c | 242 | ||||
| -rw-r--r-- | apps/ecparam.c | 227 | ||||
| -rw-r--r-- | apps/enc.c | 408 | ||||
| -rw-r--r-- | apps/genpkey.c | 191 | ||||
| -rw-r--r-- | apps/opt.c | 14 | ||||
| -rw-r--r-- | apps/pkeyutl.c | 269 | ||||
| -rw-r--r-- | apps/rsautl.c | 38 | ||||
| -rw-r--r-- | apps/s_time.c | 375 | ||||
| -rw-r--r-- | apps/srp.c | 321 |
12 files changed, 1020 insertions, 1101 deletions
@@ -26,7 +26,7 @@ X 329 ec.c 390 verify.c X 400 rsa.c X 411 asn1pars.c - 416 genpkey.c +X 416 genpkey.c X 418 opt.c X 420 crl.c - 433 progs.h @@ -34,13 +34,13 @@ X 438 pkcs8.c X 473 passwd.c X 497 dhparam.c X 530 engine.c - 536 pkeyutl.c - 607 s_time.c - 614 dgst.c - 630 ecparam.c - 697 enc.c - 738 srp.c - 758 s_socket.c +X 536 pkeyutl.c +X 607 s_time.c +X 614 dgst.c +X 630 ecparam.c +X 697 enc.c +X 738 srp.c +- 758 s_socket.c 789 openssl.c 829 smime.c 952 pkcs12.c diff --git a/apps/apps.h b/apps/apps.h index 2edd96d93b..255bd4100c 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -173,6 +173,11 @@ typedef struct options_st { int valtype; } OPTIONS; +typedef struct opt_pair_st { + const char* name; + int retval; +} OPT_PAIR; + extern char* opt_progname(const char *argv0); extern char* opt_init(int ac, char** av, const OPTIONS* o); extern int opt_next(); @@ -180,6 +185,7 @@ extern int opt_format(const char *s, int onlyderpem, int* result); extern int opt_int(const char* arg, int* result); extern int opt_ulong(const char* arg, unsigned long* result); extern int opt_long(const char* arg, long* result); +extern int opt_pair(const char* arg, const OPT_PAIR* pairs, int* result); extern int opt_cipher(const char* name, const EVP_CIPHER** cipherp); extern int opt_md(const char* name, const EVP_MD** mdp); extern char* opt_arg(void); @@ -185,12 +185,6 @@ const char *ca_help[] = { NULL }; -#ifdef EFENCE -extern int EF_PROTECT_FREE; -extern int EF_PROTECT_BELOW; -extern int EF_ALIGNMENT; -#endif - static void lookup_fail(const char *name, const char *tag); static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509, const EVP_MD *dgst,STACK_OF(OPENSSL_STRING) *sigopts, @@ -314,18 +308,10 @@ int ca_main(int argc, char **argv) #define BSIZE 256 MS_STATIC char buf[3][BSIZE]; char *randfile=NULL; -#ifndef OPENSSL_NO_ENGINE char *engine = NULL; -#endif char *tofree=NULL; DB_ATTR db_attr; -#ifdef EFENCE -EF_PROTECT_FREE=1; -EF_PROTECT_BELOW=1; -EF_ALIGNMENT=0; -#endif - conf = NULL; key = NULL; section = NULL; diff --git a/apps/dgst.c b/apps/dgst.c index 14484bb683..ea601d9b09 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -71,6 +71,12 @@ #undef BUFSIZE #define BUFSIZE 1024*8 +int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, + EVP_PKEY *key, unsigned char *sigin, int siglen, + const char *sig_name, const char *md_name, + const char *file,BIO *bmd); + + const char *dgst_help[] = { "-c to output the digest with separating colons", "-r to output the digest in coreutils format", @@ -93,10 +99,41 @@ const char *dgst_help[] = { NULL }; -int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout, - EVP_PKEY *key, unsigned char *sigin, int siglen, - const char *sig_name, const char *md_name, - const char *file,BIO *bmd); +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_C, OPT_R, OPT_RAND, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY, + OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL, + OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT, + OPT_NON_FIPS_ALLOW, OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT, + OPT_DIGEST, +}; + +static OPTIONS options[] = { + { "c", OPT_C, '-' }, + { "r", OPT_R, '-' }, + { "rand", OPT_RAND, 's' }, + { "out", OPT_OUT, '>' }, + { "sign", OPT_SIGN, '<' }, + { "passin", OPT_PASSIN, 's' }, + { "verify", OPT_VERIFY, '<' }, + { "prverify", OPT_PRVERIFY, '<' }, + { "signature", OPT_SIGNATURE, '<' }, + { "keyform", OPT_KEYFORM, 'F', }, + { "engine", OPT_ENGINE, 's' }, + { "engine_impl", OPT_ENGINE_IMPL, '-' }, + { "hex", OPT_HEX, '-' }, + { "binary", OPT_BINARY, '-' }, + { "d", OPT_DEBUG, '-' }, + { "debug", OPT_DEBUG, '-' }, + { "fips-fingerprint", OPT_FIPS_FINGERPRINT, '-' }, + { "non-fips-allow", OPT_NON_FIPS_ALLOW, '-' }, + { "hmac", OPT_HMAC, 's' }, + { "mac", OPT_MAC, 's' }, + { "sigop", OPT_SIGOPT, 's' }, + { "macop", OPT_MACOPT, 's' }, + { "", OPT_DIGEST, '-' }, + { NULL } +}; static void list_md_fn(const EVP_MD *m, const char *from, const char *to, void *arg) @@ -120,132 +157,127 @@ static void list_md_fn(const EVP_MD *m, int dgst_main(int argc, char **argv) { - ENGINE *e = NULL, *impl = NULL; + ENGINE *e=NULL, *impl=NULL; unsigned char *buf=NULL; - int i,err=1; const EVP_MD *md=NULL,*m; - BIO *in=NULL,*inp; - BIO *bmd=NULL; - BIO *out = NULL; - int separator=0; - int debug=0; - int keyform=FORMAT_PEM; - const char *outfile = NULL, *keyfile = NULL; - const char *sigfile = NULL, *randfile = NULL; - int out_bin = -1, want_pub = 0, do_verify = 0; - EVP_PKEY *sigkey = NULL; - unsigned char *sigbuf = NULL; - int siglen = 0; - char *passargin = NULL, *passin = NULL; + BIO *in=NULL,*inp, *bmd=NULL, *out=NULL; + int separator=0, debug=0, keyform=FORMAT_PEM; + const char *outfile=NULL, *keyfile=NULL, *prog=NULL; + const char *sigfile=NULL, *randfile=NULL; + int i,err=1; + int out_bin=-1, want_pub=0, do_verify=0; + EVP_PKEY *sigkey=NULL; + unsigned char *sigbuf=NULL; + int siglen=0, non_fips_allow=0; + char *passinarg=NULL, *passin=NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; - int engine_impl = 0; + int engine_impl=0; #endif char *hmac_key=NULL; char *mac_name=NULL; - int non_fips_allow = 0; - STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL; + STACK_OF(OPENSSL_STRING) *sigopts=NULL, *macopts=NULL; + enum options o; - if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) - { - BIO_printf(bio_err,"out of memory\n"); + prog = opt_progname(argv[0]); + if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) { + BIO_printf(bio_err, "%s: out of memory\n", prog); goto end; - } + } + md=EVP_get_digestbyname(prog); - md=EVP_get_digestbyname(opt_progname(argv[0])); - argc--; - argv++; - while (argc > 0) - { - if ((*argv)[0] != '-') break; - if (strcmp(*argv,"-c") == 0) - separator=1; - else if (strcmp(*argv,"-r") == 0) - separator=2; - else if (strcmp(*argv,"-rand") == 0) - { - randfile=*(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - outfile=*(++argv); - } - else if (strcmp(*argv,"-sign") == 0) - { - keyfile=*(++argv); - } - else if (!strcmp(*argv,"-passin")) - { - passargin=*++argv; - } - else if (strcmp(*argv,"-verify") == 0) - { - keyfile=*(++argv); - want_pub = 1; - do_verify = 1; - } - else if (strcmp(*argv,"-prverify") == 0) - { - keyfile=*(++argv); + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(dgst_help); + goto end; + + case OPT_C: + separator = 1; + break; + case OPT_R: + separator = 2; + break; + case OPT_RAND: + randfile = opt_arg(); + break; + case OPT_OUT: + outfile = opt_arg(); + break; + case OPT_SIGN: + keyfile = opt_arg(); + break; + case OPT_PASSIN: + passinarg = opt_arg(); + break; + case OPT_VERIFY: + keyfile = opt_arg(); + want_pub = do_verify = 1; + break; + case OPT_PRVERIFY: + keyfile = opt_arg(); do_verify = 1; - } - else if (strcmp(*argv,"-signature") == 0) - { - sigfile=*(++argv); - } - else if (strcmp(*argv,"-keyform") == 0) - { - keyform=str2fmt(*(++argv)); - } + break; + case OPT_SIGNATURE: + sigfile = opt_arg(); + break; + case OPT_KEYFORM: + opt_format(opt_arg(), 1, &keyform); + break; #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - engine= *(++argv); + case OPT_ENGINE: + engine = opt_arg(); e = setup_engine(bio_err, engine, 0); - } - else if (strcmp(*argv,"-engine_impl") == 0) + break; + case OPT_ENGINE_IMPL: engine_impl = 1; + break; #endif - else if (strcmp(*argv,"-hex") == 0) + case OPT_HEX: out_bin = 0; - else if (strcmp(*argv,"-binary") == 0) + break; + case OPT_BINARY: out_bin = 1; - else if (strcmp(*argv,"-d") == 0) - debug=1; - else if (!strcmp(*argv,"-fips-fingerprint")) + break; + case OPT_DEBUG: + debug = 1; + break; + case OPT_FIPS_FINGERPRINT: hmac_key = "etaonrishdlcupfm"; - else if (strcmp(*argv,"-non-fips-allow") == 0) - non_fips_allow=1; - else if (!strcmp(*argv,"-hmac")) - { - hmac_key=*++argv; - } - else if (!strcmp(*argv,"-mac")) - { - mac_name=*++argv; - } - else if (strcmp(*argv,"-sigopt") == 0) - { + break; + case OPT_NON_FIPS_ALLOW: + non_fips_allow = 1; + break; + case OPT_HMAC: + hmac_key = opt_arg(); + break; + case OPT_MAC: + mac_name = opt_arg(); + break; + case OPT_SIGOPT: if (!sigopts) sigopts = sk_OPENSSL_STRING_new_null(); - if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv))) - break; - } - else if (strcmp(*argv,"-macopt") == 0) - { + if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg())) + goto err; + break; + case OPT_MACOPT: if (!macopts) macopts = sk_OPENSSL_STRING_new_null(); - if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv))) - break; - } - else if (opt_md(opt_unknown(), &m)) + if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg())) + goto err; + break; + case OPT_DIGEST: + if (!opt_md(opt_unknown(), &m)) + goto err; md=m; - else break; - argc--; - argv++; } + } if(do_verify && !sigfile) { @@ -275,7 +307,7 @@ int dgst_main(int argc, char **argv) BIO_set_callback_arg(in,(char *)bio_err); } - if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + if(!app_passwd(bio_err, passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/ecparam.c b/apps/ecparam.c index a3645e8688..5cc626324f 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -85,6 +85,8 @@ #include <openssl/pem.h> +static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); + const char* ecparam_help[] = { "-inform arg input format - default PEM (DER or PEM)", "-outform arg output format - default PEM", @@ -109,135 +111,126 @@ const char* ecparam_help[] = { NULL }; -static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *); +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C, + OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME, + OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_RAND, OPT_ENGINE, +}; +static OPTIONS options[] = { + { "inform", OPT_INFORM, 'F' }, + { "outform", OPT_OUTFORM, 'F' }, + { "in", OPT_IN, '<' }, + { "out", OPT_OUT, '>' }, + { "text", OPT_TEXT, '-' }, + { "C", OPT_C, '-' }, + { "check", OPT_CHECK, '-' }, + { "list_curves", OPT_LIST_CURVES, '-' }, + { "no_seed", OPT_NO_SEED, '-' }, + { "noout", OPT_NOOUT, '-' }, + { "name", OPT_NAME, 's' }, + { "conv_form", OPT_CONV_FORM, 's' }, + { "param_enc", OPT_PARAM_ENC, 's' }, + { "genkey", OPT_GENKEY, '-' }, + { "rand", OPT_RAND, 's' }, + { "engine", OPT_ENGINE, 's' }, + { NULL } +}; +OPT_PAIR forms[] = { + { "compressed", POINT_CONVERSION_COMPRESSED }, + { "uncompressed", POINT_CONVERSION_UNCOMPRESSED }, + { "hybrid", POINT_CONVERSION_HYBRID }, + { NULL } +}; +OPT_PAIR encodings[] = { + { "named_curve", OPENSSL_EC_NAMED_CURVE }, + { "explicit", 0 }, + { NULL } +}; int ecparam_main(int argc, char **argv) { - EC_GROUP *group = NULL; - point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; - int new_form = 0; - int asn1_flag = OPENSSL_EC_NAMED_CURVE; - int new_asn1_flag = 0; - char *curve_name = NULL, *inrand = NULL; - int list_curves = 0, no_seed = 0, check = 0, - badops = 0, text = 0, i, need_rand = 0, genkey = 0; - char *infile = NULL, *outfile = NULL, *prog; - BIO *in = NULL, *out = NULL; - int informat, outformat, noout = 0, C = 0, ret = 1; - char *engine = NULL; - - BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL, - *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL; - unsigned char *buffer = NULL; - - informat=FORMAT_PEM; - outformat=FORMAT_PEM; - - prog=argv[0]; - argc--; - argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-inform") == 0) - { - if (--argc < 1) goto bad; - informat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-outform") == 0) - { - if (--argc < 1) goto bad; - outformat=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outfile= *(++argv); - } - else if (strcmp(*argv,"-text") == 0) + EC_GROUP *group=NULL; + point_conversion_form_t form=POINT_CONVERSION_UNCOMPRESSED; + int new_form=0; + int asn1_flag=OPENSSL_EC_NAMED_CURVE, new_asn1_flag=0; + char *curve_name=NULL, *inrand=NULL; + int list_curves=0, no_seed=0, check=0; + int text=0, i, need_rand=0, genkey=0; + char *infile=NULL, *outfile=NULL, *prog; + BIO *in=NULL, *out=NULL; + int informat=FORMAT_PEM, outformat=FORMAT_PEM, noout=0, C=0, ret=1; + char *engine=NULL; + BIGNUM *ec_p=NULL, *ec_a=NULL, *ec_b=NULL; + BIGNUM *ec_gen=NULL, *ec_order=NULL, *ec_cofactor=NULL; + unsigned char *buffer=NULL; + enum options o; + + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(ecparam_help); + goto end; + case OPT_INFORM: + opt_format(opt_arg(), 1, &informat); + break; + case OPT_IN: + infile = opt_arg(); + break; + case OPT_OUTFORM: + opt_format(opt_arg(), 1, &outformat); + break; + case OPT_OUT: + outfile= opt_arg(); + break; + case OPT_TEXT: text = 1; - else if (strcmp(*argv,"-C") == 0) + break; + case OPT_C: C = 1; - else if (strcmp(*argv,"-check") == 0) + break; + case OPT_CHECK: check = 1; - else if (strcmp (*argv, "-name") == 0) - { - if (--argc < 1) - goto bad; - curve_name = *(++argv); - } - else if (strcmp(*argv, "-list_curves") == 0) + break; + case OPT_LIST_CURVES: list_curves = 1; - else if (strcmp(*argv, "-conv_form") == 0) - { - if (--argc < 1) - goto bad; - ++argv; - new_form = 1; - if (strcmp(*argv, "compressed") == 0) - form = POINT_CONVERSION_COMPRESSED; - else if (strcmp(*argv, "uncompressed") == 0) - form = POINT_CONVERSION_UNCOMPRESSED; - else if (strcmp(*argv, "hybrid") == 0) - form = POINT_CONVERSION_HYBRID; - else - goto bad; - } - else if (strcmp(*argv, "-param_enc") == 0) - { - if (--argc < 1) - goto bad; - ++argv; - new_asn1_flag = 1; - if (strcmp(*argv, "named_curve") == 0) - asn1_flag = OPENSSL_EC_NAMED_CURVE; - else if (strcmp(*argv, "explicit") == 0) - asn1_flag = 0; - else - goto bad; - } - else if (strcmp(*argv, "-no_seed") == 0) + break; + case OPT_NO_SEED: no_seed = 1; - else if (strcmp(*argv, "-noout") == 0) + break; + case OPT_NOOUT: noout=1; - else if (strcmp(*argv,"-genkey") == 0) - { - genkey=1; - need_rand=1; - } - else if (strcmp(*argv, "-rand") == 0) - { - if (--argc < 1) goto bad; - inrand= *(++argv); + break; + case OPT_NAME: + curve_name = opt_arg(); + break; + case OPT_CONV_FORM: + if (!opt_pair(opt_arg(), forms, &new_form)) + goto err; + form = new_form; + new_form = 1; + break; + case OPT_PARAM_ENC: + if (!opt_pair(opt_arg(), encodings, &asn1_flag)) + goto err; + new_asn1_flag = 1; + break; + case OPT_GENKEY: + genkey = need_rand = 1; + break; + case OPT_RAND: + inrand = opt_arg(); need_rand=1; - } - else if(strcmp(*argv, "-engine") == 0) - { - if (--argc < 1) goto bad; - engine = *(++argv); - } - else - { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; break; - } - argc--; - argv++; - } - - if (badops) - { -bad: - BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog); - BIO_printf(bio_err, "where options are\n"); - printhelp(ecparam_help); - goto end; + case OPT_ENGINE: + engine = opt_arg(); + break; } + } in = bio_open_default(infile, RB(informat)); if (in == NULL) diff --git a/apps/enc.c b/apps/enc.c index 6ac91c3e03..25fdca5ddf 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -122,250 +122,231 @@ static void show_ciphers(const OBJ_NAME *name,void *bio_) BIO_printf(bio," "); } +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V, + OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A, + OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE, + OPT_UPPER_S, OPT_IV, OPT_MD, OPT_NON_FIPS_ALLOW, OPT_CIPHER, +}; + +static OPTIONS options[] = { + { "e", OPT_E, '-' }, + { "in", OPT_IN, '<' }, + { "out", OPT_OUT, '>' }, + { "pass", OPT_PASS, 's' }, + { "engine", OPT_ENGINE, 's' }, + { "d", OPT_D, '-' }, + { "p", OPT_P, '-' }, + { "v", OPT_V, '-' }, + { "nopad", OPT_NOPAD, '-' }, + { "salt", OPT_SALT, '-' }, + { "nosalt", OPT_NOSALT, '-' }, + { "debug", OPT_DEBUG, '-' }, + { "P", OPT_UPPER_P, '-' }, + { "A", OPT_UPPER_A, '-' }, + { "a", OPT_A, '-' }, + { "base64", OPT_A, '-' }, + { "z", OPT_Z, '-' }, + { "bufsize", OPT_BUFSIZE, 's' }, + { "k", OPT_K, 's' }, + { "kfile", OPT_KFILE, '<' }, + { "K", OPT_UPPER_K, '-' }, + { "S", OPT_UPPER_S, 's' }, + { "iv", OPT_IV, 's' }, + { "md", OPT_MD, 's' }, + { "non-fips-allow", OPT_NON_FIPS_ALLOW, '-' }, + { "", OPT_CIPHER, '-' }, + { "none", OPT_NONE, '-' }, + { NULL } +}; + int enc_main(int argc, char **argv) { + static char buf[128]; static const char magic[]="Salted__"; char mbuf[sizeof magic-1]; char *strbuf=NULL; - unsigned char *buff=NULL,*bufsize=NULL; - int bsize=BSIZE,verbose=0; - int ret=1,inl; - int nopad = 0; - unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH]; + unsigned char *buff=NULL; + int bsize=BSIZE, verbose=0; + int ret=1, inl, nopad=0, non_fips_allow=0; + unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; unsigned char salt[PKCS5_SALT_LEN]; - char *str=NULL, *passarg = NULL, *pass = NULL; - char *hkey=NULL,*hiv=NULL,*hsalt = NULL; - char *md=NULL; - int enc=1,printkey=0,i,base64=0; - int do_zlib=0; -#ifdef ZLIB - BIO *bzl = NULL; -#endif - int debug=0,olb64=0,nosalt=0; - const EVP_CIPHER *cipher=NULL,*c; + unsigned long n; + char *str=NULL, *passarg=NULL, *pass=NULL; + char *hkey=NULL, *hiv=NULL, *hsalt=NULL, *p; + int enc=1, printkey=0, i, k, base64=0; + int do_zlib=0, debug=0, olb64=0, nosalt=0; + const EVP_CIPHER *cipher=NULL, *c; EVP_CIPHER_CTX *ctx = NULL; - char *inf=NULL,*outf=NULL, *pname; - BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL; -#ifndef OPENSSL_NO_ENGINE + char *infile=NULL, *outfile=NULL, *prog; + BIO *in=NULL, *out=NULL, *b64=NULL, *benc=NULL, *rbio=NULL, *wbio=NULL; + enum options o; char *engine = NULL; -#endif const EVP_MD *dgst=NULL; - int non_fips_allow = 0; +#ifdef ZLIB + BIO *bzl = NULL; +#endif /* first check the program name */ - pname = opt_progname(argv[0]); - if (strcmp(pname, "base64") == 0) - base64=1; + prog = opt_progname(argv[0]); + if (strcmp(prog, "base64") == 0) + base64 = 1; #ifdef ZLIB - else if (strcmp(pname, "zlib") == 0) - do_zlib=1; + else if (strcmp(prog, "zlib") == 0) + do_zlib = 1; #endif - else - cipher=EVP_get_cipherbyname(pname); - if (!do_zlib && !base64 && (cipher == NULL) - && (strcmp(pname,"enc") != 0)) - { - BIO_printf(bio_err,"%s is an unknown cipher\n",pname); - goto bad; + else { + cipher=EVP_get_cipherbyname(prog); + if (cipher == NULL && strcmp(prog, "enc") != 0) { + BIO_printf(bio_err, "%s is not a known cipher\n", prog); + goto end; } + } - argc--; - argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-e") == 0) - enc=1; - else if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - inf= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outf= *(++argv); - } - else if (strcmp(*argv,"-pass") == 0) - { - if (--argc < 1) goto bad; - passarg= *(++argv); - } -#ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine= *(++argv); - } -#endif - else if (strcmp(*argv,"-d") == 0) - enc=0; - else if (strcmp(*argv,"-p") == 0) - printkey=1; - else if (strcmp(*argv,"-v") == 0) - verbose=1; - else if (strcmp(*argv,"-nopad") == 0) - nopad=1; - else if (strcmp(*argv,"-salt") == 0) - nosalt=0; - else if (strcmp(*argv,"-nosalt") == 0) - nosalt=1; - else if (strcmp(*argv,"-debug") == 0) - debug=1; - else if (strcmp(*argv,"-P") == 0) - printkey=2; - else if (strcmp(*argv,"-A") == 0) - olb64=1; - else if (strcmp(*argv,"-a") == 0) - base64=1; - else if (strcmp(*argv,"-base64") == 0) - base64=1; -#ifdef ZLIB - else if (strcmp(*argv,"-z") == 0) - do_zlib=1; -#endif - else if (strcmp(*argv,"-bufsize") == 0) - { - if (--argc < 1) goto bad; - bufsize=(unsigned char *)*(++argv); - } - else if (strcmp(*argv,"-k") == 0) - { - if (--argc < 1) goto bad; - str= *(++argv); - } - else if (strcmp(*argv,"-kfile") == 0) - { - static char buf[128]; - FILE *infile; - char *file; - - if (--argc < 1) goto bad; - file= *(++argv); - infile=fopen(file,"r"); - if (infile == NULL) - { - BIO_printf(bio_err,"unable to read key from '%s'\n", - file); - goto bad; - } - buf[0]='\0'; - if (!fgets(buf,sizeof buf,infile)) - { - BIO_printf(bio_err,"unable to read key from '%s'\n", - file); - goto bad; - } - fclose(infile); - i=strlen(buf); - if ((i > 0) && - ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) - buf[--i]='\0'; - if ((i > 0) && - ((buf[i-1] == '\n') || (buf[i-1] == '\r'))) - buf[--i]='\0'; - if (i < 1) - { - BIO_printf(bio_err,"zero length password\n"); - goto bad; - } - str=buf; - } - else if (strcmp(*argv,"-K") == 0) - { - if (--argc < 1) goto bad; - hkey= *(++argv); - } - else if (strcmp(*argv,"-S") == 0) - { - if (--argc < 1) goto bad; - hsalt= *(++argv); - } - else if (strcmp(*argv,"-iv") == 0) - { - if (--argc < 1) goto bad; - hiv= *(++argv); - } - else if (strcmp(*argv,"-md") == 0) - { - if (--argc < 1) goto bad; - md= *(++argv); - } - else if (strcmp(*argv,"-non-fips-allow") == 0) - non_fips_allow = 1; - else if ((argv[0][0] == '-') && - opt_cipher(opt_unknown(), &c)) - { - cipher=c; - } - else if (strcmp(*argv,"-none") == 0) - cipher=NULL; - else - { - BIO_printf(bio_err,"unknown option '%s'\n",*argv); - BIO_printf(bio_err,"options are:\n"); -bad: + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); printhelp(enc_help); BIO_printf(bio_err,"Cipher Types\n"); OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, show_ciphers, bio_err); BIO_printf(bio_err,"\n"); - goto end; + case OPT_E: + enc = 1; + break; + case OPT_IN: + infile = opt_arg(); + break; + case OPT_OUT: + outfile = opt_arg(); + break; + case OPT_PASS: + passarg = opt_arg(); + break; + case OPT_ENGINE: + engine = opt_arg(); + break; + case OPT_D: + enc = 0; + break; + case OPT_P: + printkey = 1; + break; + case OPT_V: + verbose = 1; + break; + case OPT_NOPAD: + nopad = 1; + break; + case OPT_SALT: + nosalt = 0; + break; + case OPT_NOSALT: + nosalt = 1; + break; + case OPT_DEBUG: + debug = 1; + break; + case OPT_UPPER_P: + printkey = 2; + break; + case OPT_UPPER_A: + olb64 = 1; + break; + case OPT_A: + base64 = 1; + break; + case OPT_Z: + do_zlib = 1; + break; + case OPT_BUFSIZE: + p = opt_arg(); + i = (int)strlen(p) - 1; + k = i >= 1 && p[i] == 'k'; + if (k) + p[i] = '\0'; + if (!opt_ulong(opt_arg(), &n)) + goto err; + if (k) + n *=1024; + bsize = (int)n; + break; + case OPT_K: + str= opt_arg(); + break; + case OPT_KFILE: + in = bio_open_default(opt_arg(), "r"); + if (in == NULL) + goto err; + i = BIO_gets(in, buf, sizeof buf); + BIO_free(in); + in = NULL; + if (i <= 0) { + BIO_printf(bio_err, + "%s Can't read key from %s\n", + prog, opt_arg()); + goto err; } - argc--; - argv++; + while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n')) + buf[i] = '\0'; + if (i <= 0) { + BIO_printf(bio_err, + "%s: zero length password\n", prog); + goto err; + } + str = buf; + break; + case OPT_UPPER_K: + hkey = opt_arg(); + break; + case OPT_UPPER_S: + hsalt = opt_arg(); + break; + case OPT_IV: + hiv = opt_arg(); + break; + case OPT_MD: + if (!opt_md(opt_arg(), &dgst)) + goto err; + break; + case OPT_NON_FIPS_ALLOW: + non_fips_allow = 1; + break; + case OPT_CIPHER: + if (!opt_cipher(opt_unknown(), &c)) + goto err; + cipher = c; + break; + case OPT_NONE: + cipher = NULL; + break; } + } #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif - if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) - { - BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n"); - goto end; - } - - if (md && (dgst=EVP_get_digestbyname(md)) == NULL) - { - BIO_printf(bio_err,"%s is an unsupported message digest type\n",md); + if (cipher && (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)) { + BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; } if (dgst == NULL) - { dgst = EVP_md5(); - } - - if (bufsize != NULL) - { - unsigned long n; - - for (n=0; *bufsize; bufsize++) - { - i= *bufsize; - if ((i <= '9') && (i >= '0')) - n=n*10+i-'0'; - else if (i == 'k') - { - n*=1024; - bufsize++; - break; - } - } - if (*bufsize != '\0') - { - BIO_printf(bio_err,"invalid 'bufsize' specified.\n"); - goto end; - } - - /* It must be large enough for a base64 encoded line */ - if (base64 && n < 80) n=80; - bsize=(int)n; - if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize); - } + /* It must be large enough for a base64 encoded line */ + if (base64 && bsize < 80) + bsize = 80; + if (verbose) + BIO_printf(bio_err,"bufsize=%d\n",bsize); strbuf=OPENSSL_malloc(SIZE); buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize)); @@ -383,13 +364,12 @@ bad: BIO_set_callback_arg(out,(char *)bio_err); } - if (inf == NULL) - { + if (infile == NULL) { unbuffer(stdin); in = dup_bio_in(); - } + } else - in = bio_open_default(inf, "r"); + in = bio_open_default(infile, "r"); if (in == NULL) goto end; @@ -431,7 +411,7 @@ bad: } - out = bio_open_default(outf, "w"); + out = bio_open_default(outfile, "w"); if (out == NULL) goto end; diff --git a/apps/genpkey.c b/apps/genpkey.c index 21df5df206..adfcc6461f 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -83,131 +83,112 @@ const char* genpkey_help[] = { " to value <value>", "-genparam generate parameters, not key", "-text print the in text", + "Order of options may be important! See the documentation.", NULL }; -int genpkey_main(int argc, char **argv) - { - ENGINE *e = NULL; - char **args, *outfile = NULL; - char *passarg = NULL; - BIO *in = NULL, *out = NULL; - const EVP_CIPHER *cipher = NULL; - int outformat; - int text = 0; - EVP_PKEY *pkey=NULL; - EVP_PKEY_CTX *ctx = NULL; - char *pass = NULL; - int badarg = 0; - int ret = 1, rv; - int do_param = 0; +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE, + OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER, +}; - outformat=FORMAT_PEM; +static OPTIONS options[] = { +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's' }, +#endif + { "outform", OPT_OUTFORM, 'F' }, + { "out", OPT_OUT, '>' }, + { "pass", OPT_PASS, 's' }, + { "paramfile", OPT_PARAMFILE, '<' }, + { "algorithm", OPT_ALGORITHM, 's' }, + { "pkeyopt", OPT_PKEYOPT, 's' }, + { "genparam", OPT_GENPARAM, '-' }, + { "text", OPT_TEXT, '-' }, + { "", OPT_CIPHER, '-' }, + { NULL } +}; - args = argv + 1; - while (!badarg && *args && *args[0] == '-') - { - if (!strcmp(*args,"-outform")) - { - if (args[1]) - { - args++; - outformat=str2fmt(*args); - } - else badarg = 1; - } - else if (!strcmp(*args,"-pass")) - { - if (!args[1]) goto bad; - passarg= *(++args); - } +int genpkey_main(int argc, char **argv) + { + ENGINE *e=NULL; + BIO *in=NULL, *out=NULL; + const EVP_CIPHER *cipher=NULL; + EVP_PKEY *pkey=NULL; + EVP_PKEY_CTX *ctx=NULL; + char *outfile=NULL, *passarg=NULL, *pass=NULL; + int outformat=FORMAT_PEM, text=0, ret=1, rv, do_param=0; + enum options o; + char* prog; + + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(genpkey_help); + goto end; + case OPT_OUTFORM: + opt_format(opt_arg(), 1, &outformat); + break; + case OPT_OUT: + outfile= opt_arg(); + break; + + case OPT_PASS: + passarg= opt_arg(); + break; #ifndef OPENSSL_NO_ENGINE - else if (strcmp(*args,"-engine") == 0) - { - if (!args[1]) - goto bad; - e = setup_engine(bio_err, *(++args), 0); - } + case OPT_ENGINE: + e = setup_engine(bio_err, opt_arg(), 0); + break; #endif - else if (!strcmp (*args, "-paramfile")) - { - if (!args[1]) - goto bad; - args++; + case OPT_PARAMFILE: if (do_param == 1) - goto bad; - if (!init_keygen_file(bio_err, &ctx, *args, e)) + goto err; + if (!init_keygen_file(bio_err, &ctx, opt_arg(), e)) goto end; - } - else if (!strcmp (*args, "-out")) - { - if (args[1]) - { - args++; - outfile = *args; - } - else badarg = 1; - } - else if (strcmp(*args,"-algorithm") == 0) - { - if (!args[1]) - goto bad; - if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param)) + break; + case OPT_ALGORITHM: + if (!init_gen_str(bio_err, &ctx, opt_arg(),e, do_param)) goto end; + break; + case OPT_PKEYOPT: + if (ctx == NULL) { + BIO_printf(bio_err, + "%s: No keytype specified.\n", prog); + goto err; } - else if (strcmp(*args,"-pkeyopt") == 0) - { - if (!args[1]) - goto bad; - if (!ctx) - { - BIO_puts(bio_err, "No keytype specified\n"); - goto bad; - } - else if (pkey_ctrl_string(ctx, *(++args)) <= 0) - { - BIO_puts(bio_err, "parameter setting error\n"); + if (pkey_ctrl_string(ctx, opt_arg()) <= 0) { + BIO_printf(bio_err, + "%s: Error setting %s parameter:\n", + prog, opt_arg()); ERR_print_errors(bio_err); goto end; } - } - else if (strcmp(*args,"-genparam") == 0) - { - if (ctx) - goto bad; + break; + case OPT_GENPARAM: + if (ctx != NULL) + goto err; do_param = 1; - } - else if (strcmp(*args,"-text") == 0) + break; + case OPT_TEXT: text=1; - else - { - if (!opt_cipher(*args+1, &cipher)) - { - BIO_printf(bio_err, "Unknown cipher %s\n", - *args + 1); - badarg = 1; - } + break; + case OPT_CIPHER: + if (!opt_cipher(opt_arg(), &cipher)) + goto err; if (do_param == 1) - badarg = 1; - } - args++; + goto err; } + } - if (!ctx) - badarg = 1; - - if (badarg) - { - bad: - BIO_printf(bio_err, "Usage: genpkey [options]\n"); - BIO_printf(bio_err, "where options may be\n"); - printhelp(genpkey_help); - BIO_printf(bio_err, "NB: options order may be important! See the manual page.\n"); - goto end; - } + if (ctx == NULL) + goto err; - if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) - { + if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) { BIO_puts(bio_err, "Error getting password\n"); goto end; } diff --git a/apps/opt.c b/apps/opt.c index 2bf7fb2564..3fe21e08bb 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -202,6 +202,20 @@ int opt_md(const char* name, const EVP_MD** mdp) BIO_printf(bio_err, "%s: Unknown digest %s\n", prog, name); return 0; } +int opt_pair(const char* name, const OPT_PAIR* pairs, int* result) +{ + const OPT_PAIR* pp; + + for (pp = pairs; pp->name; pp++) + if (strcmp(pp->name, name) == 0) { + *result = pp->retval; + return 1; + } + BIO_printf(bio_err, "%s: Value must be one of:\n", prog); + for (pp = pairs; pp->name; pp++) + BIO_printf(bio_err, "\t%s\n", pp->name); + return 0; +} /* See if cp looks like a hex number, in case user left off the 0x */ static int scanforhex(const char* cp) diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 0b9834cc1a..e529cc4087 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -66,12 +66,10 @@ #define KEY_PUBKEY 2 #define KEY_CERT 3 -static void usage(void); - static EVP_PKEY_CTX *init_ctx(int *pkeysize, char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e); + char *passinarg, int pkey_op, ENGINE *e); static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform, const char *file); @@ -103,158 +101,172 @@ const char* pkeyutl_help[] = { NULL }; +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_ENGINE, OPT_IN, OPT_OUT, + OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN, + OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT, + OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN, + OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, +}; + +static OPTIONS options[] = { +#ifndef OPENSSL_NO_ENGINE + { "engine", OPT_ENGINE, 's' }, +#endif + { "in", OPT_IN, '<' }, + { "out", OPT_OUT, '>' }, + { "pubin", OPT_PUBIN, '-' }, + { "certin", OPT_CERTIN, '-' }, + { "asn1parse", OPT_ASN1PARSE, '-' }, + { "hexdump", OPT_HEXDUMP, '-' }, + { "sign", OPT_SIGN, '-' }, + { "verify", OPT_VERIFY, '-' }, + { "verifyrecover", OPT_VERIFYRECOVER, '-' }, + { "rev", OPT_REV, '-' }, + { "encrypt", OPT_ENCRYPT, '-' }, + { "decrypt", OPT_DECRYPT, '-' }, + { "derive", OPT_DERIVE, '-' }, + { "sigfile", OPT_SIGFILE, '<' }, + { "inkey", OPT_INKEY, 's' }, + { "peerkey", OPT_PEERKEY, 's' }, + { "passin", OPT_PASSIN, 's' }, + { "peerform", OPT_PEERFORM, 'F' }, + { "keyform", OPT_KEYFORM, 'F' }, + { "pkeyopt", OPT_PKEYOPT, 's' }, + { NULL } +}; + int pkeyutl_main(int argc, char **argv) { - BIO *in = NULL, *out = NULL; - char *infile = NULL, *outfile = NULL, *sigfile = NULL; - ENGINE *e = NULL; - int pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY; - int keyform = FORMAT_PEM, peerform = FORMAT_PEM; - char badarg = 0, rev = 0; - char hexdump = 0, asn1parse = 0; - EVP_PKEY_CTX *ctx = NULL; - char *passargin = NULL; - int keysize = -1; - - unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL; + BIO *in=NULL, *out=NULL; + char *infile=NULL, *outfile=NULL, *sigfile=NULL; + ENGINE *e=NULL; + int pkey_op=EVP_PKEY_OP_SIGN, key_type=KEY_PRIVKEY; + int keyform=FORMAT_PEM, peerform=FORMAT_PEM; + char rev=0; + char hexdump=0, asn1parse=0; + EVP_PKEY_CTX *ctx=NULL; + char *passinarg=NULL; + int keysize=-1; + unsigned char *buf_in=NULL, *buf_out=NULL, *sig=NULL; size_t buf_outlen; - int buf_inlen = 0, siglen = -1; - - int ret = 1, rv = -1; - - argc--; - argv++; - - while(argc >= 1) - { - if (!strcmp(*argv,"-in")) - { - if (--argc < 1) badarg = 1; - else infile= *(++argv); - } - else if (!strcmp(*argv,"-out")) - { - if (--argc < 1) badarg = 1; - else outfile= *(++argv); - } - else if (!strcmp(*argv,"-sigfile")) - { - if (--argc < 1) badarg = 1; - else sigfile= *(++argv); - } - else if(!strcmp(*argv, "-inkey")) - { - if (--argc < 1) - badarg = 1; - else - { - ctx = init_ctx(&keysize, - *(++argv), keyform, key_type, - passargin, pkey_op, e); - if (!ctx) - { - BIO_puts(bio_err, - "Error initializing context\n"); - ERR_print_errors(bio_err); - badarg = 1; - } - } - } - else if (!strcmp(*argv,"-peerkey")) - { - if (--argc < 1) - badarg = 1; - else if (!setup_peer(bio_err, ctx, peerform, *(++argv))) - badarg = 1; - } - else if (!strcmp(*argv,"-passin")) - { - if (--argc < 1) badarg = 1; - else passargin= *(++argv); - } - else if (strcmp(*argv,"-peerform") == 0) - { - if (--argc < 1) badarg = 1; - else peerform=str2fmt(*(++argv)); - } - else if (strcmp(*argv,"-keyform") == 0) - { - if (--argc < 1) badarg = 1; - else keyform=str2fmt(*(++argv)); + int buf_inlen=0, siglen=-1; + int ret=1, rv=-1; + enum options o; + char* prog; + + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(pkeyutl_help); + goto end; + case OPT_IN: + infile = opt_arg(); + break; + case OPT_OUT: + outfile= opt_arg(); + break; + case OPT_SIGFILE: + sigfile = opt_arg(); + break; + case OPT_INKEY: + ctx = init_ctx(&keysize, opt_arg(), keyform, key_type, + passinarg, pkey_op, e); + if (ctx == NULL) { + BIO_puts(bio_err, + "%s: Error initializing context\n"); + ERR_print_errors(bio_err); + goto err; } + break; + case OPT_PEERKEY: + if (!setup_peer(bio_err, ctx, peerform, opt_arg())) + goto err; + break; + case OPT_PASSIN: + passinarg= opt_arg(); + break; + case OPT_PEERFORM: + opt_format(opt_arg(), 1, &peerform); + break; + case OPT_KEYFORM: + opt_format(opt_arg(), 1, &keyform); + break; #ifndef OPENSSL_NO_ENGINE - else if(!strcmp(*argv, "-engine")) - { - if (--argc < 1) - badarg = 1; - else - e = setup_engine(bio_err, *(++argv), 0); - } + case OPT_ENGINE: + e = setup_engine(bio_err, opt_arg(), 0); + break; #endif - else if(!strcmp(*argv, "-pubin")) + case OPT_PUBIN: key_type = KEY_PUBKEY; - else if(!strcmp(*argv, "-certin")) + break; + case OPT_CERTIN: key_type = KEY_CERT; - else if(!strcmp(*argv, "-asn1parse")) + break; + case OPT_ASN1PARSE: asn1parse = 1; - else if(!strcmp(*argv, "-hexdump")) + break; + case OPT_HEXDUMP: hexdump = 1; - else if(!strcmp(*argv, "-sign")) + break; + case OPT_SIGN: pkey_op = EVP_PKEY_OP_SIGN; - else if(!strcmp(*argv, "-verify")) + break; + case OPT_VERIFY: pkey_op = EVP_PKEY_OP_VERIFY; - else if(!strcmp(*argv, "-verifyrecover")) + break; + case OPT_VERIFYRECOVER: pkey_op = EVP_PKEY_OP_VERIFYRECOVER; - else if(!strcmp(*argv, "-rev")) + break; + case OPT_REV: rev = 1; - else if(!strcmp(*argv, "-encrypt")) + case OPT_ENCRYPT: pkey_op = EVP_PKEY_OP_ENCRYPT; - else if(!strcmp(*argv, "-decrypt")) + break; + case OPT_DECRYPT: pkey_op = EVP_PKEY_OP_DECRYPT; - else if(!strcmp(*argv, "-derive")) + break; + case OPT_DERIVE: pkey_op = EVP_PKEY_OP_DERIVE; - else if (strcmp(*argv,"-pkeyopt") == 0) - { - if (--argc < 1) - badarg = 1; - else if (!ctx) - { - BIO_puts(bio_err, - "-pkeyopt command before -inkey\n"); - badarg = 1; + break; + case OPT_PKEYOPT: + if (ctx == NULL) { + BIO_printf(bio_err, + "%s: Must have -inkey before -pkeyopt\n", + prog); + goto err; } - else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) - { - BIO_puts(bio_err, "parameter setting error\n"); + if (pkey_ctrl_string(ctx, opt_arg()) <= 0) { + BIO_printf(bio_err, + "%s: Can't set parameter:\n", prog); ERR_print_errors(bio_err); goto end; - } } - else badarg = 1; - if(badarg) - { - usage(); - goto end; - } - argc--; - argv++; + break; } + } - if (!ctx) - { - usage(); - goto end; - } + if (ctx == NULL) + goto err; if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { - BIO_puts(bio_err, "Signature file specified for non verify\n"); + BIO_printf(bio_err, + "%s: Signature file specified for non verify\n", + prog); goto end; } if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) { - BIO_puts(bio_err, "No signature file specified for verify\n"); + BIO_printf(bio_err, + "%s: No signature file specified for verify\n", + prog); goto end; } @@ -370,15 +382,10 @@ int pkeyutl_main(int argc, char **argv) return ret; } -static void usage() -{ - BIO_printf(bio_err, "Usage: pkeyutl [options]\n"); - printhelp(pkeyutl_help); -} static EVP_PKEY_CTX *init_ctx(int *pkeysize, char *keyfile, int keyform, int key_type, - char *passargin, int pkey_op, ENGINE *e) + char *passinarg, int pkey_op, ENGINE *e) { EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; @@ -392,7 +399,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, BIO_printf(bio_err, "A private key is needed for this operation\n"); goto end; } - if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) + if(!app_passwd(bio_err, passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/rsautl.c b/apps/rsautl.c index 6eade62ef9..c6e26022ef 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -74,8 +74,6 @@ #define KEY_PUBKEY 2 #define KEY_CERT 3 -static void usage(void); - const char* rsautl_help[] = { "-in file input file", "-out file output file", @@ -135,23 +133,23 @@ static OPTIONS options[] = { int rsautl_main(int argc, char **argv) { - ENGINE *e = NULL; - BIO *in = NULL, *out = NULL; - char *infile = NULL, *outfile = NULL; - char *engine = NULL; - char *keyfile = NULL; - char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY; - int keyformat = FORMAT_PEM; - char need_priv = 0, badarg = 0, rev = 0; - char hexdump = 0, asn1parse = 0; + ENGINE *e=NULL; + BIO *in=NULL, *out=NULL; + char *infile=NULL, *outfile=NULL; + char *engine=NULL; + char *keyfile=NULL; + char rsa_mode=RSA_VERIFY, key_type=KEY_PRIVKEY; + int keyformat=FORMAT_PEM; + char need_priv=0, rev=0; + char hexdump=0, asn1parse=0; X509 *x; - EVP_PKEY *pkey = NULL; - RSA *rsa = NULL; - unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING; - char *passinarg = NULL, *passin = NULL; - int rsa_inlen, rsa_outlen = 0; + EVP_PKEY *pkey=NULL; + RSA *rsa=NULL; + unsigned char *rsa_in=NULL, *rsa_out=NULL, pad=RSA_PKCS1_PADDING; + char *passinarg=NULL, *passin=NULL; + int rsa_inlen, rsa_outlen=0; int keysize; - int ret = 1; + int ret=1; enum options o; char* prog; @@ -351,12 +349,6 @@ end: return ret; } -static void usage() -{ - BIO_printf(bio_err, "Usage: rsautl [options]\n"); - printhelp(rsautl_help); -} - #else /* !OPENSSL_NO_RSA */ # if PEDANTIC diff --git a/apps/s_time.c b/apps/s_time.c index faa99a9032..9e5298b520 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -106,64 +106,11 @@ #undef SECONDS #define SECONDS 30 #define SECONDSSTR "30" + extern int verify_depth; extern int verify_error; -static void s_time_usage(void); -static int parseArgs( int argc, char **argv ); -static SSL *doConnection( SSL *scon ); -static void s_time_init(void); - -/*********************************************************************** - * Static data declarations - */ - -/* static char *port=PORT_STR;*/ -static char *host=SSL_CONNECT_NAME; -static char *t_cert_file=NULL; -static char *t_key_file=NULL; -static char *CApath=NULL; -static char *CAfile=NULL; -static char *tm_cipher=NULL; -static int tm_verify = SSL_VERIFY_NONE; -static int maxTime = SECONDS; -static SSL_CTX *tm_ctx=NULL; -static const SSL_METHOD *s_time_meth=NULL; -static char *s_www_path=NULL; -static long bytes_read=0; -static int st_bugs=0; -static int perform=0; -#ifdef FIONBIO -static int t_nbio=0; -#endif -#ifdef OPENSSL_SYS_WIN32 -static int exitNow = 0; /* Set when it's time to exit main */ -#endif - -static void s_time_init(void) - { - host=SSL_CONNECT_NAME; - t_cert_file=NULL; - t_key_file=NULL; - CApath=NULL; - CAfile=NULL; - tm_cipher=NULL; - tm_verify = SSL_VERIFY_NONE; - maxTime = SECONDS; - tm_ctx=NULL; - s_time_meth=NULL; - s_www_path=NULL; - bytes_read=0; - st_bugs=0; - perform=0; - -#ifdef FIONBIO - t_nbio=0; -#endif -#ifdef OPENSSL_SYS_WIN32 - exitNow = 0; /* Set when it's time to exit main */ -#endif - } +static SSL *doConnection(SSL *scon, const char* host, SSL_CTX* ctx); const char* s_time_help[] = { "-time arg max number of seconds to collect data, default" SECONDSSTR, @@ -176,8 +123,12 @@ const char* s_time_help[] = { "-cipher preferred cipher to use, play with 'openssl ciphers'", "-connect host:port where to connect to (default is "SSL_CONNECT_NAME ")", +#ifndef OPENSSL_NO_SSL2 "-ssl2 just use SSLv2", +#endif +#ifndef OPENSSL_NO_SSL3 "-ssl3 just use SSLv3", +#endif "-bugs turn on SSL bug compatibility", "-new just time new connections", "-reuse just time connection reuse", @@ -188,123 +139,47 @@ const char* s_time_help[] = { NULL }; -static void s_time_usage(void) -{ - BIO_printf(bio_err,"usage: s_time <args>\n\n" ); - printhelp(s_time_help); -} - -/*********************************************************************** - * parseArgs - Parse command line arguments and initialize data - * - * Returns 0 if ok, -1 on bad args - */ -static int parseArgs(int argc, char **argv) -{ - int badop = 0; - - verify_depth=0; - verify_error=X509_V_OK; - - argc--; - argv++; - - while (argc >= 1) { - if (strcmp(*argv,"-connect") == 0) - { - if (--argc < 1) goto bad; - host= *(++argv); - } - else if (strcmp(*argv,"-reuse") == 0) - perform=2; - else if (strcmp(*argv,"-new") == 0) - perform=1; - else if( strcmp(*argv,"-verify") == 0) { - - tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; - if (--argc < 1) goto bad; - verify_depth=atoi(*(++argv)); - BIO_printf(bio_err,"verify depth is %d\n",verify_depth); - - } else if( strcmp(*argv,"-cert") == 0) { - - if (--argc < 1) goto bad; - t_cert_file= *(++argv); - - } else if( strcmp(*argv,"-key") == 0) { - - if (--argc < 1) goto bad; - t_key_file= *(++argv); - - } else if( strcmp(*argv,"-CApath") == 0) { - - if (--argc < 1) goto bad; - CApath= *(++argv); - - } else if( strcmp(*argv,"-CAfile") == 0) { - - if (--argc < 1) goto bad; - CAfile= *(++argv); - - } else if( strcmp(*argv,"-cipher") == 0) { - - if (--argc < 1) goto bad; - tm_cipher= *(++argv); - } +enum options { + OPT_ERR = -1, OPT_EOF = 0, OPT_CONNECT, OPT_CIPHER, OPT_CERT, + OPT_KEY, OPT_CAPATH, OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, + OPT_VERIFY, OPT_TIME, OPT_WWW, +#ifndef OPENSSL_NO_SSL2 + OPT_SSL2, +#endif +#ifndef OPENSSL_NO_SSL3 + OPT_SSL3, +#endif #ifdef FIONBIO - else if(strcmp(*argv,"-nbio") == 0) { - t_nbio=1; - } + OPT_NBIO, #endif - else if(strcmp(*argv,"-www") == 0) - { - if (--argc < 1) goto bad; - s_www_path= *(++argv); - if(strlen(s_www_path) > MYBUFSIZ-100) - { - BIO_printf(bio_err,"-www option too long\n"); - badop=1; - } - } - else if(strcmp(*argv,"-bugs") == 0) - st_bugs=1; +}; + +static OPTIONS options[] = { + { "connect", OPT_CONNECT, 's' }, + { "cipher", OPT_CIPHER, 's' }, + { "cert", OPT_CERT, '<' }, + { "key", OPT_KEY, '<' }, + { "CApath", OPT_CAPATH, '/' }, + { "cafile", OPT_CAFILE, '<' }, + { "new", OPT_NEW, '-' }, + { "reuse", OPT_REUSE, '-' }, + { "bugs", OPT_BUGS, '-' }, + { "verify", OPT_VERIFY, 'p' }, + { "time", OPT_TIME, 'p' }, + { "www", OPT_WWW, 's' }, #ifndef OPENSSL_NO_SSL2 - else if(strcmp(*argv,"-ssl2") == 0) - s_time_meth=SSLv2_client_method(); + { "ssl2", OPT_SSL2, '-' }, #endif #ifndef OPENSSL_NO_SSL3 - else if(strcmp(*argv,"-ssl3") == 0) - s_time_meth=SSLv3_client_method(); + { "ssl3", OPT_SSL3, '-' }, #endif - else if( strcmp(*argv,"-time") == 0) { - - if (--argc < 1) goto bad; - maxTime= atoi(*(++argv)); - } - else { - BIO_printf(bio_err,"unknown option %s\n",*argv); - badop=1; - break; - } - - argc--; - argv++; - } - - if (perform == 0) perform=3; - - if(badop) { -bad: - s_time_usage(); - return -1; - } +#ifdef FIONBIO + { "nbio", OPT_NBIO, '-' }, +#endif + { NULL } +}; - return 0; /* Valid args */ -} -/*********************************************************************** - * TIME - time functions - */ #define START 0 #define STOP 1 @@ -315,60 +190,148 @@ static double tm_Time_F(int s) int s_time_main(int argc, char **argv) { - double totalTime = 0.0; - int nConn = 0; + double totalTime=0.0; + int nConn=0; SSL *scon=NULL; long finishtime=0; int ret=1,i; MS_STATIC char buf[1024*8]; int ver; + char* prog; + char *host=SSL_CONNECT_NAME, *certfile =NULL, *keyfile=NULL; + char *CApath=NULL, *CAfile=NULL, *cipher=NULL; + int maxtime=SECONDS; + const SSL_METHOD *meth=NULL; + SSL_CTX *ctx=NULL; + char *www_path=NULL; + long bytes_read=0; + int st_bugs=0; + int perform=3; + enum options o; +#ifdef FIONBIO + int t_nbio=0; +#endif +#ifdef OPENSSL_SYS_WIN32 + int exitNow=0; /* Set when it's time to exit main */ +#endif - s_time_init(); #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) - s_time_meth=SSLv23_client_method(); + meth=SSLv23_client_method(); #elif !defined(OPENSSL_NO_SSL3) - s_time_meth=SSLv3_client_method(); + meth=SSLv3_client_method(); #elif !defined(OPENSSL_NO_SSL2) - s_time_meth=SSLv2_client_method(); + meth=SSLv2_client_method(); #endif - /* parse the command line arguments */ - if( parseArgs( argc, argv ) < 0 ) - goto end; + verify_depth=0; + verify_error=X509_V_OK; + + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(s_time_help); + goto end; + case OPT_CONNECT: + host= opt_arg(); + break; + case OPT_REUSE: + perform=2; + break; + case OPT_NEW: + perform=1; + break; + case OPT_VERIFY: + if (!opt_int(opt_arg(), &verify_depth)) + goto err; + BIO_printf(bio_err, "%s verify depth is %d\n", + prog, verify_depth); + break; + case OPT_CERT: + certfile = opt_arg(); + break; + case OPT_KEY: + keyfile= opt_arg(); + break; + case OPT_CAPATH: + CApath= opt_arg(); + break; + case OPT_CAFILE: + CAfile= opt_arg(); + break; + case OPT_CIPHER: + cipher= opt_arg(); + break; + case OPT_BUGS: + st_bugs=1; + break; + case OPT_TIME: + if (!opt_int(opt_arg(), &maxtime)) + goto err; + break; + case OPT_WWW: + www_path = opt_arg(); + if(strlen(www_path) > MYBUFSIZ-100) { + BIO_printf(bio_err, + "%s: -www option too long\n", prog); + goto end; + } + break; +#ifndef OPENSSL_NO_SSL2 + case OPT_SSL2: + meth=SSLv2_client_method(); + break; +#endif +#ifndef OPENSSL_NO_SSL3 + case OPT_SSL3: + meth=SSLv3_client_method(); + break; +#endif +#ifdef FIONBIO + case OPT_NBIO: + t_nbio = 1; + break; +#endif + } + } OpenSSL_add_ssl_algorithms(); - if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1); + if ((ctx=SSL_CTX_new(meth)) == NULL) return(1); - SSL_CTX_set_quiet_shutdown(tm_ctx,1); + SSL_CTX_set_quiet_shutdown(ctx,1); - if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL); - SSL_CTX_set_cipher_list(tm_ctx,tm_cipher); - if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) + if (st_bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL); + SSL_CTX_set_cipher_list(ctx,cipher); + if(!set_cert_stuff(ctx,certfile ,keyfile)) goto end; - if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(tm_ctx))) + if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || + (!SSL_CTX_set_default_verify_paths(ctx))) { /* BIO_printf(bio_err,"error setting default verify locations\n"); */ ERR_print_errors(bio_err); /* goto end; */ } - if (tm_cipher == NULL) - tm_cipher = getenv("SSL_CIPHER"); + if (cipher == NULL) + cipher = getenv("SSL_CIPHER"); - if (tm_cipher == NULL ) { + if (cipher == NULL ) { fprintf( stderr, "No CIPHER specified\n" ); + goto end; } if (!(perform & 1)) goto next; - printf( "Collecting connection statistics for %d seconds\n", maxTime ); + printf( "Collecting connection statistics for %d seconds\n", maxtime ); /* Loop and time how long it takes to make connections */ bytes_read=0; - finishtime=(long)time(NULL)+maxTime; + finishtime=(long)time(NULL)+maxtime; tm_Time_F(START); for (;;) { @@ -382,12 +345,12 @@ int s_time_main(int argc, char **argv) goto end; #endif - if( (scon = doConnection( NULL )) == NULL ) + if( (scon = doConnection( NULL,host,ctx )) == NULL ) goto end; - if (s_www_path != NULL) + if (www_path != NULL) { - BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",www_path); SSL_write(scon,buf,strlen(buf)); while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) bytes_read+=i; @@ -423,9 +386,9 @@ int s_time_main(int argc, char **argv) } totalTime += tm_Time_F(STOP); /* Add the time for this iteration */ - i=(int)((long)time(NULL)-finishtime+maxTime); + i=(int)((long)time(NULL)-finishtime+maxtime); printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); - printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); + printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxtime,bytes_read/nConn); /* Now loop and time connections using the same session id over and over */ @@ -434,15 +397,15 @@ next: printf( "\n\nNow timing with session id reuse.\n" ); /* Get an SSL object so we can reuse the session id */ - if( (scon = doConnection( NULL )) == NULL ) + if( (scon = doConnection( NULL,host,ctx )) == NULL ) { fprintf( stderr, "Unable to get connection\n" ); goto end; } - if (s_www_path != NULL) + if (www_path != NULL) { - BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",www_path); SSL_write(scon,buf,strlen(buf)); while (SSL_read(scon,buf,sizeof(buf)) > 0) ; @@ -457,7 +420,7 @@ next: nConn = 0; totalTime = 0.0; - finishtime=(long)time(NULL)+maxTime; + finishtime=(long)time(NULL)+maxtime; printf( "starting\n" ); bytes_read=0; @@ -475,12 +438,12 @@ next: goto end; #endif - if( (doConnection( scon )) == NULL ) + if( (doConnection( scon,host,ctx )) == NULL ) goto end; - if (s_www_path) + if (www_path) { - BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); + BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",www_path); SSL_write(scon,buf,strlen(buf)); while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) bytes_read+=i; @@ -515,28 +478,21 @@ next: printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read); - printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn); + printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxtime,bytes_read/nConn); ret=0; end: if (scon != NULL) SSL_free(scon); - if (tm_ctx != NULL) - { - SSL_CTX_free(tm_ctx); - tm_ctx=NULL; - } + if (ctx != NULL) + SSL_CTX_free(ctx); return(ret); } /*********************************************************************** * doConnection - make a connection - * Args: - * scon = earlier ssl connection for session id, or NULL - * Returns: - * SSL * = the connection pointer. */ -static SSL *doConnection(SSL *scon) +static SSL *doConnection(SSL *scon, const char* host, SSL_CTX *ctx) { BIO *conn; SSL *serverCon; @@ -546,11 +502,10 @@ static SSL *doConnection(SSL *scon) if ((conn=BIO_new(BIO_s_connect())) == NULL) return(NULL); -/* BIO_set_conn_port(conn,port);*/ BIO_set_conn_hostname(conn,host); if (scon == NULL) - serverCon=SSL_new(tm_ctx); + serverCon=SSL_new(ctx); else { serverCon=scon; diff --git a/apps/srp.c b/apps/srp.c index 406206be5e..77cf929ecc 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -99,18 +99,6 @@ const char *srp_help[]={ NULL }; -#ifdef EFENCE -extern int EF_PROTECT_FREE; -extern int EF_PROTECT_BELOW; -extern int EF_ALIGNMENT; -#endif - -static CONF *conf=NULL; -static char *section=NULL; - -#define VERBOSE if (verbose) -#define VVERBOSE if (verbose>1) - static int get_index(CA_DB *db, char* id, char type) { @@ -217,7 +205,8 @@ static char *srp_verify_user(const char *user, const char *srp_verifier, if (password_callback(password, 1024, 0, &cb_tmp) >0) { - VERBOSE BIO_printf(bio,"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N); + if (verbose) + BIO_printf(bio,"Validating\n user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N); BIO_printf(bio, "Pass %s\n", password); OPENSSL_assert(srp_usersalt != NULL); @@ -249,171 +238,143 @@ static char *srp_create_user(char *user, char **srp_verifier, if (password_callback(password,1024,1,&cb_tmp) >0) { - VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N); + if (verbose) + BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N); if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g))) { BIO_printf(bio,"Internal error creating SRP verifier\n"); } else *srp_usersalt = salt; - VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier); + if (verbose>1) BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier); } return gNid; } +enum options { + OPT_ERR = -1, OPT_EOF = 0, + OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD, + OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO, + OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, +}; +static OPTIONS options[] = { + { "verbose", OPT_VERBOSE, '-' }, + { "config", OPT_CONFIG, '<' }, + { "name", OPT_NAME, 's' }, + { "srpvfile", OPT_SRPVFILE, '<' }, + { "add", OPT_ADD, '-' }, + { "delete", OPT_DELETE, '-' }, + { "modify", OPT_MODIFY, '-' }, + { "list", OPT_LIST, '-' }, + { "gn", OPT_GN, 's' }, + { "userinfo", OPT_USERINFO, 's' }, + { "passin", OPT_PASSIN, 's' }, + { "passout", OPT_PASSOUT, 's' }, + { "engine", OPT_ENGINE, 's' }, + { NULL } +}; + int srp_main(int argc, char **argv) { - int add_user = 0; - int list_user= 0; - int delete_user= 0; - int modify_user= 0; - char * user = NULL; - - char *passargin = NULL, *passargout = NULL; - char *passin = NULL, *passout = NULL; - char * gN = NULL; - int gNindex = -1; - char ** gNrow = NULL; - int maxgN = -1; - - char * userinfo = NULL; - - int badops=0; - int ret=1; - int errors=0; - int verbose=0; - int doupdatedb=0; - char *configfile=NULL; - char *dbfile=NULL; + int gNindex=-1, maxgN=-1, ret=1, errors=0, verbose=0; + int i, doupdatedb=0; + char *user=NULL, *passinarg=NULL, *passoutarg=NULL; + char *passin=NULL, *passout=NULL, *gN=NULL, *userinfo=NULL; + char **gNrow=NULL; + char *configfile=NULL, *dbfile=NULL; CA_DB *db=NULL; - char **pp ; - int i; - long errorline = -1; - char *randfile=NULL; -#ifndef OPENSSL_NO_ENGINE - char *engine = NULL; -#endif - char *tofree=NULL; + char **pp; + long errorline=-1; + char *randfile=NULL, *engine=NULL, *tofree=NULL, *section=NULL; DB_ATTR db_attr; - -#ifdef EFENCE -EF_PROTECT_FREE=1; -EF_PROTECT_BELOW=1; -EF_ALIGNMENT=0; -#endif - - - conf = NULL; - section = NULL; - - argc--; - argv++; - while (argc >= 1 && badops == 0) - { - if (strcmp(*argv,"-verbose") == 0) + CONF *conf=NULL; + enum options o; + char* prog; + int mode = OPT_ERR; + + prog = opt_init(argc, argv, options); + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_EOF: + case OPT_ERR: +err: + BIO_printf(bio_err,"Valid options are:\n"); + printhelp(srp_help); + goto end; + case OPT_VERBOSE: verbose++; - else if (strcmp(*argv,"-config") == 0) - { - if (--argc < 1) goto bad; - configfile= *(++argv); - } - else if (strcmp(*argv,"-name") == 0) - { - if (--argc < 1) goto bad; - section= *(++argv); - } - else if (strcmp(*argv,"-srpvfile") == 0) - { - if (--argc < 1) goto bad; - dbfile= *(++argv); - } - else if (strcmp(*argv,"-add") == 0) - add_user=1; - else if (strcmp(*argv,"-delete") == 0) - delete_user=1; - else if (strcmp(*argv,"-modify") == 0) - modify_user=1; - else if (strcmp(*argv,"-list") == 0) - list_user=1; - else if (strcmp(*argv,"-gn") == 0) - { - if (--argc < 1) goto bad; - gN= *(++argv); - } - else if (strcmp(*argv,"-userinfo") == 0) - { - if (--argc < 1) goto bad; - userinfo= *(++argv); - } - else if (strcmp(*argv,"-passin") == 0) - { - if (--argc < 1) goto bad; - passargin= *(++argv); - } - else if (strcmp(*argv,"-passout") == 0) - { - if (--argc < 1) goto bad; - passargout= *(++argv); - } -#ifndef OPENSSL_NO_ENGINE - else if (strcmp(*argv,"-engine") == 0) - { - if (--argc < 1) goto bad; - engine= *(++argv); - } -#endif - - else if (**argv == '-') - { -bad: - BIO_printf(bio_err,"unknown option %s\n",*argv); - badops=1; break; + case OPT_CONFIG: + configfile = opt_arg(); + break; + case OPT_NAME: + section = opt_arg(); + break; + case OPT_SRPVFILE: + dbfile = opt_arg(); + break; + case OPT_ADD: + case OPT_DELETE: + case OPT_MODIFY: + case OPT_LIST: + if (mode != OPT_ERR) { + BIO_printf(bio_err, + "%s: Only one of -add/delete-modify/-list\n", + prog); + goto err; } - else + mode = o; + break; + case OPT_GN: + gN = opt_arg(); + break; + case OPT_USERINFO: + userinfo = opt_arg(); + break; + case OPT_PASSIN: + passinarg = opt_arg(); + break; + case OPT_PASSOUT: + passoutarg = opt_arg(); + break; + case OPT_ENGINE: + engine = opt_arg(); break; - - argc--; - argv++; } + } + + argc = opt_num_rest(); + argv = opt_rest(); if (dbfile && configfile) { BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n"); - badops = 1; + goto end; } - if (add_user+delete_user+modify_user+list_user != 1) - { + if (mode == OPT_ERR) { BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n"); - badops = 1; + goto err; } - if (delete_user+modify_user+delete_user== 1 && argc <= 0) - { + if ((mode == OPT_DELETE || mode == OPT_MODIFY || OPT_ADD) && argc < 1) { BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n"); - badops = 1; + goto err; } if ((passin || passout) && argc != 1 ) { BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n"); - badops = 1; - } - - if (badops) - { - BIO_printf(bio_err, "usage: srp [args] [user] \n"); - printhelp(srp_help); goto err; } + #ifndef OPENSSL_NO_ENGINE setup_engine(bio_err, engine, 0); #endif - if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) + if(!app_passwd(bio_err, passinarg, passoutarg, &passin, &passout)) { BIO_printf(bio_err, "Error getting passwords\n"); - goto err; + goto end; } if (!dbfile) @@ -443,7 +404,8 @@ bad: configfile=tofree; } - VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile); + if (verbose) + BIO_printf(bio_err,"Using configuration from %s\n",configfile); conf = NCONF_new(NULL); if (NCONF_load(conf,configfile,&errorline) <= 0) { @@ -453,7 +415,7 @@ bad: else BIO_printf(bio_err,"error on line %ld of config file '%s'\n" ,errorline,configfile); - goto err; + goto end; } if(tofree) { @@ -464,13 +426,14 @@ bad: /* Lets get the config section we are using */ if (section == NULL) { - VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n"); + if (verbose) + BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n"); section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP); if (section == NULL) { lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP); - goto err; + goto end; } } @@ -478,12 +441,13 @@ bad: randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE"); - VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section); + if (verbose) + BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section); if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL) { lookup_fail(section,ENV_DATABASE); - goto err; + goto end; } } @@ -492,10 +456,11 @@ bad: else app_RAND_load_file(randfile, bio_err, 0); - VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile); + if (verbose) + BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile); db = load_index(dbfile, &db_attr); - if (db == NULL) goto err; + if (db == NULL) goto end; /* Lets check some fields */ for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) @@ -512,7 +477,8 @@ bad: } } - VERBOSE BIO_printf(bio_err, "Database initialised\n"); + if (verbose) + BIO_printf(bio_err, "Database initialised\n"); if (gNindex >= 0) { @@ -522,31 +488,32 @@ bad: else if (maxgN > 0 && !SRP_get_default_gN(gN)) { BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN); - goto err; + goto end; } else { - VERBOSE BIO_printf(bio_err, "Database has no g N information.\n"); + if (verbose) + BIO_printf(bio_err, "Database has no g N information.\n"); gNrow = NULL; } - VVERBOSE BIO_printf(bio_err,"Starting user processing\n"); + if (verbose>1) BIO_printf(bio_err,"Starting user processing\n"); if (argc > 0) user = *(argv++) ; - while (list_user || user) + while (mode == OPT_LIST || user) { int userindex = -1; if (user) - VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user); + if (verbose>1) BIO_printf(bio_err, "Processing user \"%s\"\n", user); if ((userindex = get_index(db, user, 'U')) >= 0) { - print_user(db, bio_err, userindex, (verbose > 0) || list_user); + print_user(db, bio_err, userindex, (verbose > 0) || mode == OPT_LIST); } - if (list_user) + if (mode == OPT_LIST) { if (user == NULL) { @@ -556,7 +523,6 @@ bad: { print_user(db,bio_err, i, 1); } - list_user = 0; } else if (userindex < 0) { @@ -565,7 +531,7 @@ bad: errors++; } } - else if (add_user) + else if (mode == OPT_ADD) { if (userindex >= 0) { @@ -586,7 +552,7 @@ bad: { BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user); errors++; - goto err; + goto end; } row[DB_srpid] = BUF_strdup(user); row[DB_srptype] = BUF_strdup("v"); @@ -602,12 +568,12 @@ bad: if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]); if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]); if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]); - goto err; + goto end; } doupdatedb = 1; } } - else if (modify_user) + else if (mode == OPT_MODIFY) { if (userindex < 0) { @@ -632,7 +598,8 @@ bad: { int user_gN; char **irow = NULL; - VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user); + if (verbose) + BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user); if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0) irow = sk_OPENSSL_PSTRING_value(db->db->data, userindex); @@ -640,16 +607,17 @@ bad: { BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user); errors++; - goto err; + goto end; } } - VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user); + if (verbose) + BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user); if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose))) { BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user); errors++; - goto err; + goto end; } row[DB_srptype][0] = 'v'; @@ -657,13 +625,13 @@ bad: if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) - goto err; + goto end; doupdatedb = 1; } } } - else if (delete_user) + else if (mode == OPT_DELETE) { if (userindex < 0) { @@ -685,11 +653,11 @@ bad: else { user = NULL; - list_user = 0; } } - VERBOSE BIO_printf(bio_err,"User procession done.\n"); + if (verbose) + BIO_printf(bio_err,"User procession done.\n"); if (doupdatedb) @@ -706,21 +674,26 @@ bad: } } - VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n"); - if (!save_index(dbfile, "new", db)) goto err; + if (verbose) + BIO_printf(bio_err, "Trying to update srpvfile.\n"); + if (!save_index(dbfile, "new", db)) goto end; - VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n"); - if (!rotate_index(dbfile, "new", "old")) goto err; + if (verbose) + BIO_printf(bio_err, "Temporary srpvfile created.\n"); + if (!rotate_index(dbfile, "new", "old")) goto end; - VERBOSE BIO_printf(bio_err, "srpvfile updated.\n"); + if (verbose) + BIO_printf(bio_err, "srpvfile updated.\n"); } ret = (errors != 0); -err: +end: if (errors != 0) - VERBOSE BIO_printf(bio_err,"User errors %d.\n",errors); + if (verbose) + BIO_printf(bio_err,"User errors %d.\n",errors); - VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret); + if (verbose) + BIO_printf(bio_err,"SRP terminating with code %d.\n",ret); if(tofree) OPENSSL_free(tofree); if (ret) ERR_print_errors(bio_err); |