mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-06 20:20:50 +08:00
Code Issues Packages Projects Releases Wiki Activity

APPS: Add check for multiple 'unknown' options

Browse Source 
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)
This commit is contained in:
Dr. David von Oheimb 2021-08-24 12:03:12 +02:00 committed by Dr. David von Oheimb
parent 870871e5df
commit 2c2724476e
21 changed files with 52 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/cms.c
View File

@ -314,6 +314,7 @@ int cms_main(int argc, char **argv)
if (encerts == NULL || vpm == NULL)
goto end;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, cms_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/crl.c
View File

@ -98,6 +98,7 @@ int crl_main(int argc, char **argv)
int hash_old = 0;
#endif
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, crl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/dgst.c
View File

@ -115,6 +115,7 @@ int dgst_main(int argc, char **argv)
buf = app_malloc(BUFSIZE, "I/O buffer");
md = (EVP_MD *)EVP_get_digestbyname(argv[0]);
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, dgst_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/dsa.c
View File

@ -92,6 +92,7 @@ int dsa_main(int argc, char **argv)
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, dsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/ec.c
View File

@ -80,6 +80,7 @@ int ec_main(int argc, char **argv)
char *point_format = NULL;
int no_public = 0;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, ec_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/enc.c
View File

@ -143,6 +143,7 @@ int enc_main(int argc, char **argv)
else if (strcmp(argv[0], "enc") != 0)
ciphername = argv[0];
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, enc_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/gendsa.c
View File

@ -62,6 +62,7 @@ int gendsa_main(int argc, char **argv)
OPTION_CHOICE o;
int ret = 1, private = 0, verbose = 0, nbits;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, gendsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/genpkey.c
View File

@ -74,6 +74,7 @@ int genpkey_main(int argc, char **argv)
OSSL_LIB_CTX *libctx = app_get0_libctx();
STACK_OF(OPENSSL_STRING) *keyopt = NULL;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genpkey_options);
keyopt = sk_OPENSSL_STRING_new_null();
if (keyopt == NULL)

1
apps/genrsa.c
View File

@ -93,6 +93,7 @@ int genrsa_main(int argc, char **argv)
if (bn == NULL || cb == NULL)
goto end;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, genrsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

2
apps/include/opt.h
View File

@ -365,6 +365,7 @@ int opt_next(void);
char *opt_flag(void);
char *opt_arg(void);
char *opt_unknown(void);
void reset_unknown(void);
int opt_cipher(const char *name, EVP_CIPHER **cipherp);
int opt_cipher_any(const char *name, EVP_CIPHER **cipherp);
int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
@ -373,6 +374,7 @@ int opt_md(const char *name, EVP_MD **mdp);
int opt_md_silent(const char *name, EVP_MD **mdp);
int opt_int(const char *arg, int *result);
void opt_set_unknown_name(const char *name);
int opt_int_arg(void);
int opt_long(const char *arg, long *result);
int opt_ulong(const char *arg, unsigned long *result);

19
apps/lib/opt.c
View File

@ -41,6 +41,7 @@ static int opt_index;
static char *arg;
static char *flag;
static char *dunno;
static const char *unknown_name;
static const OPTIONS *unknown;
static const OPTIONS *opts;
static char prog[40];
@ -166,7 +167,6 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
opt_begin();
opts = o;
unknown = NULL;
/* Make sure prog name is set for usage output */
(void)opt_progname(argv[0]);
@ -215,6 +215,7 @@ char *opt_init(int ac, char **av, const OPTIONS *o)
}
#endif
if (o->name[0] == '\0') {
OPENSSL_assert(unknown_name != NULL);
OPENSSL_assert(unknown == NULL);
unknown = o;
OPENSSL_assert(unknown->valtype == 0 || unknown->valtype == '-');
@ -236,6 +237,11 @@ static OPT_PAIR formats[] = {
{NULL}
};
void opt_set_unknown_name(const char *name)
{
unknown_name = name;
}
/* Print an error message about a failed format parse. */
static int opt_format_error(const char *s, unsigned long flags)
{
@ -985,6 +991,11 @@ int opt_next(void)
return o->retval;
}
if (unknown != NULL) {
if (dunno != NULL) {
opt_printf_stderr("%s: Multiple %s or unknown options: -%s and -%s\n",
prog, unknown_name, dunno, p);
return -1;
}
dunno = p;
return unknown->retval;
}
@ -1010,6 +1021,12 @@ char *opt_unknown(void)
return dunno;
}
/* Reset the unknown option; needed by ocsp to allow multiple digest options. */
void reset_unknown(void)
{
dunno = NULL;
}
/* Return the rest of the arguments after parsing flags. */
char **opt_rest(void)
{

9
apps/ocsp.c
View File

@ -196,8 +196,10 @@ const OPTIONS ocsp_options[] = {
{"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
{"verify_other", OPT_VERIFY_OTHER, '<',
"Additional certificates to search for signer"},
{"cert", OPT_CERT, '<', "Certificate to check"},
{"serial", OPT_SERIAL, 's', "Serial number to check"},
{"cert", OPT_CERT, '<',
"Certificate to check; may be given multiple times"},
{"serial", OPT_SERIAL, 's',
"Serial number to check; may be given multiple times"},
{"validity_period", OPT_VALIDITY_PERIOD, 'u',
"Maximum validity discrepancy in seconds"},
{"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"},
@ -261,6 +263,7 @@ int ocsp_main(int argc, char **argv)
|| (vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, ocsp_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
@ -436,6 +439,7 @@ int ocsp_main(int argc, char **argv)
goto end;
break;
case OPT_CERT:
reset_unknown();
X509_free(cert);
cert = load_cert(opt_arg(), FORMAT_UNDEF, "certificate");
if (cert == NULL)
@ -449,6 +453,7 @@ int ocsp_main(int argc, char **argv)
trailing_md = 0;
break;
case OPT_SERIAL:
reset_unknown();
if (cert_id_md == NULL)
cert_id_md = (EVP_MD *)EVP_sha1();
if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids))

1
apps/pkcs12.c
View File

@ -182,6 +182,7 @@ int pkcs12_main(int argc, char **argv)
EVP_CIPHER *enc = (EVP_CIPHER *)default_enc;
OPTION_CHOICE o;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, pkcs12_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/pkey.c
View File

@ -83,6 +83,7 @@ int pkey_main(int argc, char **argv)
char *point_format = NULL;
#endif
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, pkey_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/req.c
View File

@ -266,6 +266,7 @@ int req_main(int argc, char **argv)
cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
#endif
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, req_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/rsa.c
View File

@ -139,6 +139,7 @@ int rsa_main(int argc, char **argv)
int selection = 0;
OSSL_ENCODER_CTX *ectx = NULL;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, rsa_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

1
apps/smime.c
View File

@ -160,6 +160,7 @@ int smime_main(int argc, char **argv)
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
return 1;
opt_set_unknown_name("cipher");
prog = opt_init(argc, argv, smime_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

4
apps/storeutl.c
View File

@ -74,7 +74,7 @@ int storeutl_main(int argc, char *argv[])
BIO *out = NULL;
ENGINE *e = NULL;
OPTION_CHOICE o;
char *prog = opt_init(argc, argv, storeutl_options);
char *prog;
PW_CB_DATA pw_cb_data;
int expected = 0;
int criterion = 0;
@ -87,6 +87,8 @@ int storeutl_main(int argc, char *argv[])
EVP_MD *digest = NULL;
OSSL_LIB_CTX *libctx = app_get0_libctx();
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, storeutl_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
case OPT_EOF:

1
apps/ts.c
View File

@ -181,6 +181,7 @@ int ts_main(int argc, char **argv)
if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
goto end;
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, ts_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {

2
apps/x509.c
View File

@ -302,6 +302,7 @@ int x509_main(int argc, char **argv)
goto err;
X509_STORE_set_verify_cb(ctx, callb);
opt_set_unknown_name("digest");
prog = opt_init(argc, argv, x509_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
@ -592,7 +593,6 @@ int x509_main(int argc, char **argv)
break;
}
}
/* No extra arguments. */
if (!opt_check_rest_arg(NULL))
goto opthelp;

11
doc/man1/openssl-ocsp.pod.in
View File

@ -102,15 +102,16 @@ specify output filename, default is standard output.
=item B<-issuer> I<filename>
This specifies the current issuer certificate. This option can be used
multiple times.
This specifies the current issuer certificate.
This option can be used multiple times.
This option B<MUST> come before any B<-cert> options.
=item B<-cert> I<filename>
Add the certificate I<filename> to the request. The issuer certificate
is taken from the previous B<-issuer> option, or an error occurs if no
issuer certificate is specified.
Add the certificate I<filename> to the request.
This option can be used multiple times.
The issuer certificate is taken from the previous B<-issuer> option,
or an error occurs if no issuer certificate is specified.
=item B<-no_certs>