openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

Standardize handling of #ifdef'd options. 

Here are the "rules" for handling flags that depend on #ifdef:

- Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
  entries appear at the end; by convention "engine" is last.  This
  ensures that at run-time, the flag will never be recognized/allowed.
  The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
  disable it; leave the "case OPT_xxx:" and "break" statements outside
  the ifdef/ifndef.  See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
  OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
  and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
  for example.

Reviewed-by: Matt Caswell <matt@openssl.org>
This commit is contained in:
Rich Salz 2015-05-15 13:50:38 -04:00 committed by Rich Salz
parent 366e2a60b2
commit 9c3bcfa027
22 changed files with 222 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
apps/ciphers.c
View File

@ -64,12 +64,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
#ifndef OPENSSL_NO_SSL_TRACE
OPT_STDNAME,
#endif
#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
#endif
OPT_TLS1,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = {
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
{NULL}
};
@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv)
case OPT_S:
use_supported = 1;
break;
#ifndef OPENSSL_NO_SSL_TRACE
case OPT_STDNAME:
#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
break;
#endif
#ifndef OPENSSL_NO_SSL3
break;
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
break;
#endif
break;
case OPT_TLS1:
meth = TLSv1_client_method();
break;

15
apps/cms.c
View File

@ -208,6 +208,8 @@ OPTIONS cms_options[] = {
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_V_OPTIONS,
# ifndef OPENSSL_NO_AES
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
@ -219,9 +221,7 @@ OPTIONS cms_options[] = {
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_V_OPTIONS,
{NULL},
{NULL}
};
int cms_main(int argc, char **argv)
@ -588,11 +588,11 @@ int cms_main(int argc, char **argv)
goto end;
vpmtouched++;
break;
# ifndef OPENSSL_NO_DES
case OPT_3DES_WRAP:
# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
break;
# endif
break;
# ifndef OPENSSL_NO_AES
case OPT_AES128_WRAP:
wrap_cipher = EVP_aes_128_wrap();
@ -603,6 +603,11 @@ int cms_main(int argc, char **argv)
case OPT_AES256_WRAP:
wrap_cipher = EVP_aes_256_wrap();
break;
# else
case OPT_AES128_WRAP:
case OPT_AES192_WRAP:
case OPT_AES256_WRAP:
break;
# endif
}
}

16
apps/crl.c
View File

@ -95,11 +95,11 @@ OPTIONS crl_options[] = {
{"verify", OPT_VERIFY, '-'},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
@ -117,11 +117,11 @@ int crl_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =
0, i, do_ver = 0;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
@ -170,11 +170,11 @@ int crl_main(int argc, char **argv)
CAfile = opt_arg();
do_ver = 1;
break;
#ifndef OPENSSL_NO_MD5
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
hash_old = ++num;
break;
#endif
break;
case OPT_VERIFY:
do_ver = 1;
break;

2
apps/dgst.c
View File

@ -111,11 +111,11 @@ OPTIONS dgst_options[] = {
{"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
{"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-'},
#endif
{"", OPT_DIGEST, '-', "Any supported digest"},
{NULL}
};

6
apps/dhparam.c
View File

@ -153,12 +153,12 @@ OPTIONS dhparam_options[] = {
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
# ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};

24
apps/dsa.c
View File

@ -82,14 +82,8 @@ OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
@ -98,6 +92,14 @@ OPTIONS dsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
@ -118,11 +120,6 @@ int dsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
@ -166,6 +163,11 @@ int dsa_main(int argc, char **argv)
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#else
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
break;
#endif
case OPT_NOOUT:
noout = 1;

6
apps/dsaparam.c
View File

@ -103,11 +103,11 @@ OPTIONS dsaparam_options[] = {
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
# ifdef GENCB_TEST
{"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};

6
apps/ec.c
View File

@ -92,9 +92,6 @@ OPTIONS ec_options[] = {
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
@ -106,6 +103,9 @@ OPTIONS ec_options[] = {
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};

12
apps/enc.c
View File

@ -92,9 +92,6 @@ OPTIONS enc_options[] = {
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
@ -107,9 +104,6 @@ OPTIONS enc_options[] = {
{"A", OPT_UPPER_A, '-'},
{"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Base64 output as a single line"},
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
@ -120,6 +114,12 @@ OPTIONS enc_options[] = {
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};

2
apps/gendsa.c
View File

@ -84,10 +84,10 @@ OPTIONS gendsa_options[] = {
{"passout", OPT_PASSOUT, 's'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{NULL}
};

1
apps/genpkey.c
View File

@ -89,6 +89,7 @@ OPTIONS genpkey_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
/* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
{NULL}

4
apps/passwd.c
View File

@ -101,6 +101,8 @@ OPTIONS passwd_options[] = {
{"quiet", OPT_QUIET, '-', "No warnings"},
{"table", OPT_TABLE, '-', "Format output as table"},
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
{"salt", OPT_SALT, 's', "Use provided salt"},
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
# ifndef NO_MD5CRYPT_1
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
@ -108,8 +110,6 @@ OPTIONS passwd_options[] = {
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
# endif
{"salt", OPT_SALT, 's', "Use provided salt"},
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
{NULL}
};

2
apps/pkcs12.c
View File

@ -149,10 +149,10 @@ OPTIONS pkcs12_options[] = {
{"password", OPT_PASSWORD, 's', "Set import/export password source"},
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};

2
apps/req.c
View File

@ -176,11 +176,11 @@ OPTIONS req_options[] = {
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
"Request extension section (override value in config file)"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
#endif
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};

18
apps/rsa.c
View File

@ -138,14 +138,16 @@ OPTIONS rsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
{"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifdef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
@ -170,11 +172,6 @@ int rsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
@ -227,6 +224,11 @@ int rsa_main(int argc, char **argv)
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#else
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
break;
#endif
case OPT_NOOUT:
noout = 1;

130
apps/s_client.c
View File

@ -509,17 +509,9 @@ OPTIONS s_client_options[] = {
{"quiet", OPT_QUIET, '-', "No s_client output"},
{"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
{"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
#endif
{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just use TLSv1"},
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-'},
{"timeout", OPT_TIMEOUT, '-'},
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
{"starttls", OPT_STARTTLS, 's',
"Use the STARTTLS command before starting TLS"},
{"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""},
@ -534,6 +526,48 @@ OPTIONS s_client_options[] = {
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
"Export len bytes of keying material (default 20)"},
{"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
{"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
{"CRL", OPT_CRL, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"CRLform", OPT_CRLFORM, 'F'},
{"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
{"verify_quiet", OPT_VERIFY_QUIET, '-'},
{"brief", OPT_BRIEF, '-'},
{"prexit", OPT_PREXIT, '-'},
{"security_debug", OPT_SECURITY_DEBUG, '-'},
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"cert_chain", OPT_CERT_CHAIN, '<'},
{"chainCApath", OPT_CHAINCAPATH, '/'},
{"verifyCApath", OPT_VERIFYCAPATH, '/'},
{"build_chain", OPT_BUILD_CHAIN, '-'},
{"chainCAfile", OPT_CHAINCAFILE, '<'},
{"verifyCAfile", OPT_VERIFYCAFILE, '<'},
{"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
{"servername", OPT_SERVERNAME, 's',
"Set TLS extension servername in ClientHello"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
{"status", OPT_STATUS, '-', "Request certificate status from server"},
{"serverinfo", OPT_SERVERINFO, 's',
"types Send empty ClientHello extensions (comma-separated numbers)"},
{"alpn", OPT_ALPN, 's',
"Enable ALPN extension, considering named protocols supported (comma-separated list)"},
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
#endif
#ifndef OPENSSL_NO_DTLS1
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-'},
{"timeout", OPT_TIMEOUT, '-'},
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
{"trace", OPT_TRACE, '-'},
#endif
#ifdef WATT32
{"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
#endif
@ -556,44 +590,14 @@ OPTIONS s_client_options[] = {
"Tolerate other than the known g N values."},
{"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"},
#endif
{"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
{"servername", OPT_SERVERNAME, 's',
"Set TLS extension servername in ClientHello"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
{"status", OPT_STATUS, '-', "Request certificate status from server"},
{"serverinfo", OPT_SERVERINFO, 's',
"types Send empty ClientHello extensions (comma-separated numbers)"},
{"alpn", OPT_ALPN, 's',
"Enable ALPN extension, considering named protocols supported (comma-separated list)"},
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Enable NPN extension, considering named protocols supported (comma-separated list)"},
#endif
{"CRL", OPT_CRL, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"CRLform", OPT_CRLFORM, 'F'},
{"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
{"verify_quiet", OPT_VERIFY_QUIET, '-'},
{"brief", OPT_BRIEF, '-'},
{"prexit", OPT_PREXIT, '-'},
{"trace", OPT_TRACE, '-'},
{"security_debug", OPT_SECURITY_DEBUG, '-'},
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"cert_chain", OPT_CERT_CHAIN, '<'},
{"chainCApath", OPT_CHAINCAPATH, '/'},
{"verifyCApath", OPT_VERIFYCAPATH, '/'},
{"build_chain", OPT_BUILD_CHAIN, '-'},
{"chainCAfile", OPT_CHAINCAFILE, '<'},
{"verifyCAfile", OPT_VERIFYCAFILE, '<'},
{"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'},
#endif
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
{NULL}
};
@ -706,29 +710,6 @@ int s_client_main(int argc, char **argv)
prog = opt_init(argc, argv, s_client_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
#ifndef WATT32
case OPT_WDEBUG:
#endif
#ifdef OPENSSL_NO_JPAKE
case OPT_JPAKE:
#endif
#ifdef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
#endif
#ifdef OPENSSL_NO_PSK
case OPT_PSK_IDENTITY:
case OPT_PSK:
#endif
#ifdef OPENSSL_NO_SSL3
case OPT_SSL3:
#endif
#ifdef OPENSSL_NO_DTLS1
case OPT_DTLS:
case OPT_DTLS1:
case OPT_DTLS1_2:
case OPT_TIMEOUT:
case OPT_MTU:
#endif
case OPT_EOF:
case OPT_ERR:
opthelp:
@ -866,22 +847,22 @@ int s_client_main(int argc, char **argv)
case OPT_STATUS:
c_status_req = 1;
break;
#ifdef WATT32
case OPT_WDEBUG:
#ifdef WATT32
dbug_init();
break;
#endif
break;
case OPT_MSG:
c_msg = 1;
break;
case OPT_MSGFILE:
bio_c_msg = BIO_new_file(opt_arg(), "w");
break;
#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
#ifndef OPENSSL_NO_SSL_TRACE
c_msg = 2;
break;
#endif
break;
case OPT_SECURITY_DEBUG:
sdebug = 1;
break;
@ -908,6 +889,9 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
goto end;
}
#else
case OPT_PSK_IDENTITY:
case OPT_PSK:
break;
#endif
#ifndef OPENSSL_NO_SRP
@ -941,11 +925,11 @@ int s_client_main(int argc, char **argv)
case OPT_SRP_MOREGROUPS:
break;
#endif
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
break;
#endif
break;
case OPT_TLS1_2:
meth = TLSv1_2_client_method();
break;
@ -974,6 +958,13 @@ int s_client_main(int argc, char **argv)
case OPT_MTU:
socket_mtu = atol(opt_arg());
break;
#else
case OPT_DTLS:
case OPT_DTLS1:
case OPT_DTLS1_2:
case OPT_TIMEOUT:
case OPT_MTU:
break;
#endif
case OPT_FALLBACKSCSV:
fallback_scsv = 1;
@ -1038,13 +1029,12 @@ int s_client_main(int argc, char **argv)
goto end;
case OPT_SERVERNAME:
servername = opt_arg();
/* meth=TLSv1_client_method(); */
break;
#ifndef OPENSSL_NO_JPAKE
case OPT_JPAKE:
#ifndef OPENSSL_NO_JPAKE
jpake_secret = opt_arg();
break;
#endif
break;
case OPT_USE_SRTP:
srtp_profiles = opt_arg();
break;

127
apps/s_server.c
View File

@ -806,9 +806,7 @@ typedef enum OPTION_choice {
OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
#endif
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
@ -821,7 +819,6 @@ typedef enum OPTION_choice {
OPTIONS s_server_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"port", OPT_PORT, 'p'},
{"accept", OPT_PORT, 'p',
"TCP/IP port to accept on (default is " PORT_STR ")"},
@ -851,9 +848,6 @@ OPTIONS s_server_options[] = {
{"dkeyform", OPT_DKEYFORM, 'F',
"Second key format (PEM, DER or ENGINE) PEM default"},
{"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
#ifdef FIONBIO
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
#endif
{"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
{"debug", OPT_DEBUG, '-', "Print more output"},
@ -865,47 +859,13 @@ OPTIONS s_server_options[] = {
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
{"quiet", OPT_QUIET, '-', "No server output"},
{"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
# ifndef OPENSSL_NO_JPAKE
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
"A seed string for a default user salt"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
#endif
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
#ifndef OPENSSL_NO_DTLS1
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
{"chain", OPT_CHAIN, '-', "Read a certificate chain"},
#endif
#ifndef OPENSSL_NO_DH
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
#endif
#ifndef OPENSSL_NO_EC
{"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
#endif
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
"Disable caching and tickets if ephemeral (EC)DH is used"},
{"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
{"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
{"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
{"id_prefix", OPT_ID_PREFIX, 's',
"Generate SSL/TLS session IDs prefixed by arg"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"servername", OPT_SERVERNAME, 's',
"Servername for HostName TLS extension"},
{"servername_fatal", OPT_SERVERNAME_FATAL, '-',
@ -916,14 +876,11 @@ OPTIONS s_server_options[] = {
"-Private Key file to use for servername if not in -cert2"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Set the advertised protocols for the NPN extension (comma-separated list)"},
#endif
{"use_srtp", OPT_SRTP_PROFILES, '<',
"Offer SRTP key management with a colon-separated profile list"},
{"alpn", OPT_ALPN, 's',
"Set the advertised protocols for the ALPN extension (comma-separated list)"},
{"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
{"id_prefix", OPT_ID_PREFIX, 's',
"Generate SSL/TLS session IDs prefixed by arg"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
@ -953,12 +910,54 @@ OPTIONS s_server_options[] = {
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"brief", OPT_BRIEF, '-'},
{"rev", OPT_REV, '-'},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's'},
#endif
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
#ifdef FIONBIO
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
#endif
#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
# ifndef OPENSSL_NO_JPAKE
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
"A seed string for a default user salt"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
#endif
#ifndef OPENSSL_NO_DTLS1
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
{"chain", OPT_CHAIN, '-', "Read a certificate chain"},
#endif
#ifndef OPENSSL_NO_DH
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
#endif
#ifndef OPENSSL_NO_EC
{"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Set the advertised protocols for the NPN extension (comma-separated list)"},
#endif
#ifndef OPENSSL_NO_SRTP
{"use_srtp", OPT_SRTP_PROFILES, '<',
"Offer SRTP key management with a colon-separated profile list"},
{"alpn", OPT_ALPN, 's',
"Set the advertised protocols for the ALPN extension (comma-separated list)"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's'},
#endif
{NULL}
};
@ -1246,13 +1245,11 @@ int s_server_main(int argc, char *argv[])
case OPT_MSGFILE:
bio_s_msg = BIO_new_file(opt_arg(), "w");
break;
case OPT_TRACE:
#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
s_msg = 2;
break;
#else
case OPT_TRACE:
goto opthelp;
break;
#endif
case OPT_SECURITY_DEBUG:
sdebug = 1;
@ -1296,6 +1293,10 @@ int s_server_main(int argc, char *argv[])
goto end;
}
break;
#else
case OPT_PSK_HINT:
case OPT_PSK:
break;
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPVFILE:
@ -1323,11 +1324,11 @@ int s_server_main(int argc, char *argv[])
case OPT_HTTP:
www = 3;
break;
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_server_method();
break;
#endif
break;
case OPT_TLS1_2:
meth = TLSv1_2_server_method();
break;
@ -1359,6 +1360,14 @@ int s_server_main(int argc, char *argv[])
case OPT_CHAIN:
cert_chain = 1;
break;
#else
case OPT_DTLS:
case OPT_DTLS1:
case OPT_DTLS1_2:
case OPT_TIMEOUT:
case OPT_MTU:
case OPT_CHAIN:
break;
#endif
case OPT_ID_PREFIX:
session_id_prefix = opt_arg();
@ -1381,11 +1390,11 @@ int s_server_main(int argc, char *argv[])
case OPT_KEY2:
s_key_file2 = opt_arg();
break;
#ifndef OPENSSL_NO_NEXTPROTONEG
case OPT_NEXTPROTONEG:
# ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_in = opt_arg();
break;
#endif
break;
case OPT_ALPN:
alpn_in = opt_arg();
break;

6
apps/s_time.c
View File

@ -114,9 +114,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME,
#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
#endif
OPT_WWW
} OPTION_CHOICE;
@ -227,11 +225,11 @@ int s_time_main(int argc, char **argv)
goto end;
}
break;
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
break;
#endif
break;
}
}
argc = opt_num_rest();

16
apps/speed.c
View File

@ -358,19 +358,19 @@ OPTIONS speed_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"evp", OPT_EVP, 's', "Use specified EVP cipher"},
{"decrypt", OPT_DECRYPT, '-',
"Time decryption instead of encryption (only EVP)"},
{"mr", OPT_MR, '-', "Produce machine readable output"},
{"mb", OPT_MB, '-'},
{"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#if defined(TIMES) || defined(USE_TOD)
{"elapsed", OPT_ELAPSED, '-',
"Measure time in real time instead of CPU user time"},
#endif
{"evp", OPT_EVP, 's', "Use specified EVP cipher"},
{"decrypt", OPT_DECRYPT, '-',
"Time decryption instead of encryption (only EVP)"},
#ifndef NO_FORK
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
#endif
{"mr", OPT_MR, '-', "Produce machine readable output"},
{"mb", OPT_MB, '-'},
{"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@ -829,11 +829,11 @@ int speed_main(int argc, char **argv)
case OPT_ENGINE:
(void)setup_engine(opt_arg(), 0);
break;
#ifndef NO_FORK
case OPT_MULTI:
#ifndef NO_FORK
multi = atoi(opt_arg());
break;
#endif
break;
case OPT_MISALIGN:
if (!opt_int(opt_arg(), &misalign))
goto end;

2
apps/ts.c
View File

@ -151,10 +151,10 @@ OPTIONS ts_options[] = {
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};

2
apps/verify.c
View File

@ -91,10 +91,10 @@ OPTIONS verify_options[] = {
{"CRLfile", OPT_CRLFILE, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"show_chain", OPT_SHOW_CHAIN, '-'},
OPT_V_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_V_OPTIONS,
{NULL}
};

28
apps/x509.c
View File

@ -107,13 +107,9 @@ typedef enum OPTION_choice {
OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
#ifndef OPENSSL_NO_MD5
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
OPT_FORCE_VERSION,
#endif
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
@ -130,12 +126,6 @@ OPTIONS x509_options[] = {
{"serial", OPT_SERIAL, '-', "Print serial number value"},
{"subject_hash", OPT_HASH, '-', "Print subject hash value"},
{"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
#ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
"Print old-style (MD5) issuer hash value"},
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
#endif
{"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
{"subject", OPT_SUBJECT, '-', "Print subject DN"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
@ -194,11 +184,17 @@ OPTIONS x509_options[] = {
{"clrreject", OPT_CLRREJECT, '-'},
{"badsig", OPT_BADSIG, '-'},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
"Print old-style (MD5) issuer hash value"},
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
{"force_version", OPT_FORCE_VERSION, 'p'},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
@ -291,11 +287,11 @@ int x509_main(int argc, char **argv)
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
case OPT_FORCE_VERSION:
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
force_version = atoi(opt_arg()) - 1;
break;
#endif
break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
@ -459,6 +455,10 @@ int x509_main(int argc, char **argv)
case OPT_ISSUER_HASH_OLD:
issuer_hash_old = ++num;
break;
#else
case OPT_SUBJECT_HASH_OLD:
case OPT_ISSUER_HASH_OLD:
break;
#endif
case OPT_DATES:
startdate = ++num;