diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-08-27 15:33:18 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-12-07 15:26:40 +0100 |
commit | d9f073575fdb07b486cd1b38974cd177687ccc1e (patch) | |
tree | d0e8bf2bb5f98e59ae5fb06a07f4115ab5468516 /apps | |
parent | b0be101326f369f0dd547556d2f3eb3ef5ed0e33 (diff) |
APPS: Improve diagnostics on missing/extra args and unknown cipher/digest
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16450)
Diffstat (limited to 'apps')
45 files changed, 134 insertions, 147 deletions
diff --git a/apps/asn1parse.c b/apps/asn1parse.c index f0bfd1d45f..b456f13d94 100644 --- a/apps/asn1parse.c +++ b/apps/asn1parse.c @@ -159,8 +159,7 @@ int asn1parse_main(int argc, char **argv) } /* No extra args. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (oidfile != NULL) { diff --git a/apps/ciphers.c b/apps/ciphers.c index 9c494224a1..dcf0d3fa1e 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -174,10 +174,9 @@ int ciphers_main(int argc, char **argv) /* Optional arg is cipher name. */ argv = opt_rest(); - argc = opt_num_rest(); - if (argc == 1) + if (opt_num_rest() == 1) ciphers = argv[0]; - else if (argc != 0) + else if (!opt_check_rest_arg(NULL)) goto opthelp; if (convert != NULL) { diff --git a/apps/cmp.c b/apps/cmp.c index f646e3f7bc..5056d841d1 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2552,9 +2552,7 @@ static int get_opts(int argc, char **argv) } /* No extra args. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; return 1; } diff --git a/apps/cms.c b/apps/cms.c index 76c7896719..18671fdc30 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -697,10 +697,8 @@ int cms_main(int argc, char **argv) if (!opt_md(digestname, &sign_md)) goto end; } - if (ciphername != NULL) { - if (!opt_cipher_any(ciphername, &cipher)) - goto end; - } + if (!opt_cipher_any(ciphername, &cipher)) + goto end; if (wrapname != NULL) { if (!opt_cipher_any(wrapname, &wrap_cipher)) goto end; diff --git a/apps/crl.c b/apps/crl.c index 2158a107e5..8d353ff2af 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -209,14 +209,11 @@ int crl_main(int argc, char **argv) } /* No remaining args. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; - if (digestname != NULL) { - if (!opt_md(digestname, &digest)) - goto opthelp; - } + if (!opt_md(digestname, &digest)) + goto opthelp; x = load_crl(infile, informat, 1, "CRL"); if (x == NULL) goto end; diff --git a/apps/crl2pkcs7.c b/apps/crl2pkcs7.c index fe59e65427..681c60285f 100644 --- a/apps/crl2pkcs7.c +++ b/apps/crl2pkcs7.c @@ -104,8 +104,7 @@ int crl2pkcs7_main(int argc, char **argv) } /* No remaining args. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (!nocrl) { diff --git a/apps/dhparam.c b/apps/dhparam.c index 0e90698cd6..9fe0eedfc2 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -155,7 +155,7 @@ int dhparam_main(int argc, char **argv) if (argc == 1) { if (!opt_int(argv[0], &num) || num <= 0) goto opthelp; - } else if (argc != 0) { + } else if (!opt_check_rest_arg(NULL)) { goto opthelp; } if (!app_RAND_load()) diff --git a/apps/dsa.c b/apps/dsa.c index 51c0284353..9605ed81e7 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -161,14 +161,11 @@ int dsa_main(int argc, char **argv) } /* No extra args. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto end; - } + if (!opt_cipher(ciphername, &enc)) + goto end; private = pubin || pubout ? 0 : 1; if (text && !pubin) private = 1; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 8025b8be67..08f912340a 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -133,7 +133,7 @@ int dsaparam_main(int argc, char **argv) if (argc == 1) { if (!opt_int(argv[0], &num) || num < 0) goto opthelp; - } else if (argc != 0) { + } else if (!opt_check_rest_arg(NULL)) { goto opthelp; } if (!app_RAND_load()) @@ -157,14 +157,11 @@ int ec_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto opthelp; - } + if (!opt_cipher(ciphername, &enc)) + goto opthelp; private = param_out || pubin || pubout ? 0 : 1; if (text && !pubin) private = 1; diff --git a/apps/ecparam.c b/apps/ecparam.c index 12eed703de..9910d8c17e 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -186,8 +186,7 @@ int ecparam_main(int argc, char **argv) } /* No extra args. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (!app_RAND_load()) diff --git a/apps/enc.c b/apps/enc.c index 3dd6098563..e71453c3c4 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -289,17 +289,14 @@ int enc_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (!app_RAND_load()) goto end; /* Get the cipher name, either from progname (if set) or flag. */ - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &cipher)) - goto opthelp; - } + if (!opt_cipher(ciphername, &cipher)) + goto opthelp; if (digestname != NULL) { if (!opt_md(digestname, &dgst)) goto opthelp; diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c index 363631112e..5af007083a 100644 --- a/apps/fipsinstall.c +++ b/apps/fipsinstall.c @@ -382,9 +382,12 @@ opthelp: } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0 || (verify && in_fname == NULL)) + if (!opt_check_rest_arg(NULL)) goto opthelp; + if (verify && in_fname == NULL) { + BIO_printf(bio_err, "Missing -in option for -verify\n"); + goto opthelp; + } if (parent_config != NULL) { /* Test that a parent config can load the module */ diff --git a/apps/gendsa.c b/apps/gendsa.c index e5c9bc22ad..b9bc2f502b 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -101,19 +101,16 @@ int gendsa_main(int argc, char **argv) } /* One argument, the params file. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 1) + if (!opt_check_rest_arg("params file")) goto opthelp; + argv = opt_rest(); dsaparams = argv[0]; if (!app_RAND_load()) goto end; - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto end; - } + if (!opt_cipher(ciphername, &enc)) + goto end; private = 1; if (!app_passwd(NULL, passoutarg, NULL, &passout)) { diff --git a/apps/genpkey.c b/apps/genpkey.c index d00754eeac..7f70a6baa2 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -139,8 +139,7 @@ int genpkey_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; /* Fetch cipher, etc. */ @@ -163,9 +162,12 @@ int genpkey_main(int argc, char **argv) goto end; } } - if (ciphername != NULL) - if (!opt_cipher(ciphername, &cipher) || do_param == 1) - goto opthelp; + if (!opt_cipher(ciphername, &cipher)) + goto opthelp; + if (ciphername != NULL && do_param == 1) { + BIO_printf(bio_err, "Cannot use cipher with -genparam option\n"); + goto opthelp; + } private = do_param ? 0 : 1; diff --git a/apps/genrsa.c b/apps/genrsa.c index e709ea38ce..1a6c67380f 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -157,8 +157,7 @@ opthelp: "Warning: It is not recommended to use more than %d bit for RSA keys.\n" " Your key size is %d! Larger key size may behave not as expected.\n", OPENSSL_RSA_MAX_MODULUS_BITS, num); - } else if (argc > 0) { - BIO_printf(bio_err, "Extra arguments given.\n"); + } else if (!opt_check_rest_arg(NULL)) { goto opthelp; } @@ -166,10 +165,8 @@ opthelp: goto end; private = 1; - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &enc)) - goto end; - } + if (!opt_cipher(ciphername, &enc)) + goto end; if (!app_passwd(NULL, passoutarg, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; diff --git a/apps/include/opt.h b/apps/include/opt.h index 4f83a0ed53..9493901c44 100644 --- a/apps/include/opt.h +++ b/apps/include/opt.h @@ -368,6 +368,7 @@ char *opt_unknown(void); int opt_cipher(const char *name, EVP_CIPHER **cipherp); int opt_cipher_any(const char *name, EVP_CIPHER **cipherp); int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp); +int opt_check_md(const char *name); int opt_md(const char *name, EVP_MD **mdp); int opt_md_silent(const char *name, EVP_MD **mdp); @@ -392,6 +393,7 @@ int opt_provider_option_given(void); char **opt_rest(void); int opt_num_rest(void); +int opt_check_rest_arg(const char *expected); /* Returns non-zero if legacy paths are still available */ int opt_legacy_okay(void); diff --git a/apps/info.c b/apps/info.c index c68603652f..befc62dac1 100644 --- a/apps/info.c +++ b/apps/info.c @@ -86,7 +86,7 @@ opthelp: break; } } - if (opt_num_rest() != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (dirty > 1) { BIO_printf(bio_err, "%s: Only one item allowed\n", prog); diff --git a/apps/lib/opt.c b/apps/lib/opt.c index 157367982d..3925ec96c3 100644 --- a/apps/lib/opt.c +++ b/apps/lib/opt.c @@ -399,8 +399,10 @@ int opt_cipher_any(const char *name, EVP_CIPHER **cipherp) { int ret; + if (name == NULL) + return 1; if ((ret = opt_cipher_silent(name, cipherp)) == 0) - opt_printf_stderr("%s: Unknown cipher: %s\n", prog, name); + opt_printf_stderr("%s: Unknown option or cipher: %s\n", prog, name); return ret; } @@ -410,6 +412,8 @@ int opt_cipher(const char *name, EVP_CIPHER **cipherp) unsigned long int flags; EVP_CIPHER *c = NULL; + if (name == NULL) + return 1; if (opt_cipher_any(name, &c)) { mode = EVP_CIPHER_get_mode(c); flags = EVP_CIPHER_get_flags(c); @@ -454,12 +458,22 @@ int opt_md(const char *name, EVP_MD **mdp) { int ret; + if (name == NULL) + return 1; if ((ret = opt_md_silent(name, mdp)) == 0) - opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog, - name != NULL ? name : "\"\""); + opt_printf_stderr("%s: Unknown option or message digest: %s\n", + prog, name); return ret; } +int opt_check_md(const char *name) +{ + if (opt_md(name, NULL)) + return 1; + ERR_clear_error(); + return 0; +} + /* Look through a list of name/value pairs. */ int opt_pair(const char *name, const OPT_PAIR* pairs, int *result) { @@ -1013,6 +1027,26 @@ int opt_num_rest(void) return i; } +int opt_check_rest_arg(const char *expected) +{ + char *opt = *opt_rest(); + + if (opt == NULL || *opt == '\0') { + if (expected == NULL) + return 1; + opt_printf_stderr("%s: Missing argument: %s\n", prog, expected); + return 0; + } else if (expected != NULL) { + return 1; + } + if (opt_unknown() == NULL) + opt_printf_stderr("%s: Extra option: \"%s\"\n", prog, opt); + else + opt_printf_stderr("%s: Extra (unknown) options: \"%s\" \"%s\"\n", + prog, opt_unknown(), opt != NULL ? opt : ""); + return 0; +} + /* Return a string describing the parameter type. */ static const char *valtype2param(const OPTIONS *o) { diff --git a/apps/list.c b/apps/list.c index 9732d6625a..30bf2be919 100644 --- a/apps/list.c +++ b/apps/list.c @@ -1647,7 +1647,7 @@ opthelp: } /* No extra arguments. */ - if (opt_num_rest() != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (todo.commands) diff --git a/apps/mac.c b/apps/mac.c index 08f06be867..8bd7ce2397 100644 --- a/apps/mac.c +++ b/apps/mac.c @@ -137,10 +137,9 @@ opthelp: } /* One argument, the MAC name. */ - argc = opt_num_rest(); - argv = opt_rest(); - if (argc != 1) + if (!opt_check_rest_arg("MAC name")) goto opthelp; + argv = opt_rest(); mac = EVP_MAC_fetch(app_get0_libctx(), argv[0], app_get0_propq()); if (mac == NULL) { diff --git a/apps/nseq.c b/apps/nseq.c index d5524370f2..e66b58d957 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -73,8 +73,7 @@ int nseq_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; in = bio_open_default(infile, 'r', FORMAT_PEM); diff --git a/apps/ocsp.c b/apps/ocsp.c index 841b5f7b81..b0d030a940 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -535,8 +535,7 @@ int ocsp_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (trailing_md) { diff --git a/apps/openssl.c b/apps/openssl.c index d61acbbc54..3497d51f4d 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -357,7 +357,7 @@ int help_main(int argc, char **argv) new_argv[2] = NULL; return do_cmd(prog_init(), 2, new_argv); } - if (opt_num_rest() != 0) { + if (!opt_check_rest_arg(NULL)) { BIO_printf(bio_err, "Usage: %s\n", prog); return 1; } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index acc45c405a..65dcdad38a 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -356,17 +356,14 @@ int pkcs12_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (!app_RAND_load()) goto end; - if (ciphername != NULL) { - if (!opt_cipher_any(ciphername, &enc)) - goto opthelp; - } + if (!opt_cipher_any(ciphername, &enc)) + goto opthelp; if (export_pkcs12) { if ((options & INFO) != 0) WARN_EXPORT("info"); diff --git a/apps/pkcs7.c b/apps/pkcs7.c index ba11e8151a..ac2dec152a 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -111,8 +111,7 @@ int pkcs7_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; in = bio_open_default(infile, 'r', informat); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 6b09b909eb..e3932245f3 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -193,8 +193,7 @@ int pkcs8_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; private = 1; diff --git a/apps/pkey.c b/apps/pkey.c index fb3899b08e..41a4c29897 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -171,8 +171,7 @@ int pkey_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (text && text_pub) @@ -190,10 +189,8 @@ int pkey_main(int argc, char **argv) private = (!noout && !pubout) || (text && !text_pub); - if (ciphername != NULL) { - if (!opt_cipher(ciphername, &cipher)) - goto opthelp; - } + if (!opt_cipher(ciphername, &cipher)) + goto opthelp; if (cipher == NULL) { if (passoutarg != NULL) BIO_printf(bio_err, diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index 45647341ce..3722be4bf6 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -91,8 +91,7 @@ int pkeyparam_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; in = bio_open_default(infile, 'r', FORMAT_PEM); diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index d7290f7d48..9e18dfc0e9 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -253,8 +253,7 @@ int pkeyutl_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (!app_RAND_load()) diff --git a/apps/prime.c b/apps/prime.c index e269493d5c..190254d90e 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -83,12 +83,12 @@ opthelp: } /* Optional arguments are numbers to check. */ + if (generate && !opt_check_rest_arg(NULL)) + goto opthelp; argc = opt_num_rest(); argv = opt_rest(); - if (generate) { - if (argc != 0) - goto opthelp; - } else if (argc == 0) { + if (!generate && argc == 0) { + BIO_printf(bio_err, "Missing number (s) to check\n"); goto opthelp; } diff --git a/apps/rand.c b/apps/rand.c index cbf495d5bc..f99c91dbbf 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -95,7 +95,7 @@ int rand_main(int argc, char **argv) if (argc == 1) { if (!opt_int(argv[0], &num) || num <= 0) goto opthelp; - } else if (argc != 0) { + } else if (!opt_check_rest_arg(NULL)) { goto opthelp; } diff --git a/apps/req.c b/apps/req.c index 274f839902..36ac493807 100644 --- a/apps/req.c +++ b/apps/req.c @@ -241,7 +241,6 @@ int req_main(int argc, char **argv) X509 *new_x509 = NULL, *CAcert = NULL; X509_REQ *req = NULL; EVP_CIPHER *cipher = NULL; - EVP_MD *md = NULL; int ext_copy = EXT_COPY_UNSET; BIO *addext_bio = NULL; char *extsect = NULL; @@ -473,8 +472,7 @@ int req_main(int argc, char **argv) } /* No extra arguments. */ - argc = opt_num_rest(); - if (argc != 0) + if (!opt_check_rest_arg(NULL)) goto opthelp; if (!app_RAND_load()) @@ -533,11 +531,8 @@ int req_main(int argc, char **argv) /* Check that any specified digest is fetchable */ if (digest != NULL) { - if (!opt_md(digest, &md)) { - ERR_clear_error(); + if (!opt_check_md(digest)) goto opthelp; - } - EVP_MD_free(md); } else { /* No digest specified, default to configuration */ p = NCONF_get_string(req_conf, section, "default_md"); |