leviathan
/
openssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Standardize handling of #ifdef'd options.

Browse Source 
Here are the "rules" for handling flags that depend on #ifdef:

- Do not ifdef the enum.  Only ifdef the OPTIONS table.  All ifdef'd
  entries appear at the end; by convention "engine" is last.  This
  ensures that at run-time, the flag will never be recognized/allowed.
  The next two bullets entries are for silencing compiler warnings:
- In the while/switch parsing statement, use #ifdef for the body to
  disable it; leave the "case OPT_xxx:" and "break" statements outside
  the ifdef/ifndef.  See ciphers.c for example.
- If there are multiple options controlled by a single guard, OPT_FOO,
  OPT_BAR, etc., put a an #ifdef around the set, and then do "#else"
  and a series of case labels and a break. See OPENSSL_NO_AES in cms.c
  for example.

Reviewed-by: Matt Caswell <matt@openssl.org>
master
Rich Salz 8 years ago committed by Rich Salz
parent 366e2a60b2
commit 9c3bcfa027
22 changed files with 222 additions and 219 deletions
Show Stats Download Patch File Download Diff File

14
apps/ciphers.c
Unescape View File

@ -64,12 +64,8 @@
typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
#ifndef OPENSSL_NO_SSL_TRACE
OPT_STDNAME,
#endif
#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
#endif
OPT_TLS1,
OPT_V, OPT_UPPER_V, OPT_S
} OPTION_CHOICE;
@ -79,13 +75,13 @@ OPTIONS ciphers_options[] = {
{"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
{"V", OPT_UPPER_V, '-', "Even more verbose"},
{"s", OPT_S, '-', "Only supported ciphers"},
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
#ifndef OPENSSL_NO_SSL_TRACE
{"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "SSL3 mode"},
#endif
{"tls1", OPT_TLS1, '-', "TLS1 mode"},
{NULL}
};
@ -125,16 +121,16 @@ int ciphers_main(int argc, char **argv)
case OPT_S:
use_supported = 1;
break;
#ifndef OPENSSL_NO_SSL_TRACE
case OPT_STDNAME:
#ifndef OPENSSL_NO_SSL_TRACE
stdname = verbose = 1;
break;
#endif
#ifndef OPENSSL_NO_SSL3
break;
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
break;
#endif
break;
case OPT_TLS1:
meth = TLSv1_client_method();
break;

15
apps/cms.c
Unescape View File

@ -208,6 +208,8 @@ OPTIONS cms_options[] = {
{"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
{"receipt_request_from", OPT_RR_FROM, 's'},
{"receipt_request_to", OPT_RR_TO, 's'},
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_V_OPTIONS,
# ifndef OPENSSL_NO_AES
{"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
{"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
@ -219,9 +221,7 @@ OPTIONS cms_options[] = {
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Any supported cipher"},
OPT_V_OPTIONS,
{NULL},
{NULL}
};
int cms_main(int argc, char **argv)
@ -588,11 +588,11 @@ int cms_main(int argc, char **argv)
goto end;
vpmtouched++;
break;
# ifndef OPENSSL_NO_DES
case OPT_3DES_WRAP:
# ifndef OPENSSL_NO_DES
wrap_cipher = EVP_des_ede3_wrap();
break;
# endif
break;
# ifndef OPENSSL_NO_AES
case OPT_AES128_WRAP:
wrap_cipher = EVP_aes_128_wrap();
@ -603,6 +603,11 @@ int cms_main(int argc, char **argv)
case OPT_AES256_WRAP:
wrap_cipher = EVP_aes_256_wrap();
break;
# else
case OPT_AES128_WRAP:
case OPT_AES192_WRAP:
case OPT_AES256_WRAP:
break;
# endif
}
}

16
apps/crl.c
Unescape View File

@ -95,11 +95,11 @@ OPTIONS crl_options[] = {
{"verify", OPT_VERIFY, '-'},
{"text", OPT_TEXT, '-', "Print out a text format version"},
{"hash", OPT_HASH, '-', "Print hash value"},
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_MD5
{"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
#endif
{"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};
@ -117,11 +117,11 @@ int crl_main(int argc, char **argv)
char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
char *CAfile = NULL, *CApath = NULL, *prog;
OPTION_CHOICE o;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
0, text = 0;
int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber =
0, i, do_ver = 0;
int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
int text = 0, do_ver = 0;
int i;
#ifndef OPENSSL_NO_MD5
int hash_old = 0;
#endif
@ -170,11 +170,11 @@ int crl_main(int argc, char **argv)
CAfile = opt_arg();
do_ver = 1;
break;
#ifndef OPENSSL_NO_MD5
case OPT_HASH_OLD:
#ifndef OPENSSL_NO_MD5
hash_old = ++num;
break;
#endif
break;
case OPT_VERIFY:
do_ver = 1;
break;

2
apps/dgst.c
Unescape View File

@ -111,11 +111,11 @@ OPTIONS dgst_options[] = {
{"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
{"sigop", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macop", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
{"engine_impl", OPT_ENGINE_IMPL, '-'},
#endif
{"", OPT_DIGEST, '-', "Any supported digest"},
{NULL}
};

6
apps/dhparam.c
Unescape View File

@ -153,12 +153,12 @@ OPTIONS dhparam_options[] = {
{"C", OPT_C, '-', "Print C code"},
{"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
{"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
# ifndef OPENSSL_NO_DSA
{"dsaparam", OPT_DSAPARAM, '-',
"Read or generate DSA parameters, convert to DH"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};

24
apps/dsa.c
Unescape View File

@ -82,14 +82,8 @@ OPTIONS dsa_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"inform", OPT_INFORM, 'F', "Input format, DER PEM PVK"},
{"outform", OPT_OUTFORM, 'F', "Output format, DER PEM PVK"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
@ -98,6 +92,14 @@ OPTIONS dsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};
@ -118,11 +120,6 @@ int dsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
opthelp:
ret = 0;
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
@ -166,6 +163,11 @@ int dsa_main(int argc, char **argv)
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#else
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
break;
#endif
case OPT_NOOUT:
noout = 1;

6
apps/dsaparam.c
Unescape View File

@ -103,11 +103,11 @@ OPTIONS dsaparam_options[] = {
{"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
{"rand", OPT_RAND, 's', "Files to use for random number input"},
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
# ifdef GENCB_TEST
{"timebomb", OPT_TIMEBOMB, 'p', "Interrupt keygen after 'pnum' seconds"},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
# endif
{NULL}
};

6
apps/ec.c
Unescape View File

@ -92,9 +92,6 @@ OPTIONS ec_options[] = {
{"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
{"out", OPT_OUT, '>', "Output file"},
{"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key"},
{"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
@ -106,6 +103,9 @@ OPTIONS ec_options[] = {
"Specifies the way the ec parameters are encoded"},
{"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{NULL}
};

12
apps/enc.c
Unescape View File

@ -92,9 +92,6 @@ OPTIONS enc_options[] = {
{"in", OPT_IN, '<', "Input file"},
{"out", OPT_OUT, '>', "Output file"},
{"pass", OPT_PASS, 's', "Passphrase source"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"e", OPT_E, '-', "Encrypt"},
{"d", OPT_D, '-', "Decrypt"},
{"p", OPT_P, '-', "Print the iv/key"},
@ -107,9 +104,6 @@ OPTIONS enc_options[] = {
{"A", OPT_UPPER_A, '-'},
{"a", OPT_A, '-', "base64 encode/decode, depending on encryption flag"},
{"base64", OPT_A, '-', "Base64 output as a single line"},
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
{"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
{"k", OPT_K, 's', "Passphrase"},
{"kfile", OPT_KFILE, '<', "Fead passphrase from file"},
@ -120,6 +114,12 @@ OPTIONS enc_options[] = {
{"non-fips-allow", OPT_NON_FIPS_ALLOW, '-'},
{"none", OPT_NONE, '-', "Don't encrypt"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
#ifdef ZLIB
{"z", OPT_Z, '-', "Use zlib as the 'encryption'"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};

2
apps/gendsa.c
Unescape View File

@ -84,10 +84,10 @@ OPTIONS gendsa_options[] = {
{"passout", OPT_PASSOUT, 's'},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
{NULL}
};

1
apps/genpkey.c
Unescape View File

@ -89,6 +89,7 @@ OPTIONS genpkey_options[] = {
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
/* This is deliberately last. */
{OPT_HELP_STR, 1, 1,
"Order of options may be important! See the documentation.\n"},
{NULL}

4
apps/passwd.c
Unescape View File

@ -101,6 +101,8 @@ OPTIONS passwd_options[] = {
{"quiet", OPT_QUIET, '-', "No warnings"},
{"table", OPT_TABLE, '-', "Format output as table"},
{"reverse", OPT_REVERSE, '-', "Switch table columns"},
{"salt", OPT_SALT, 's', "Use provided salt"},
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
# ifndef NO_MD5CRYPT_1
{"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
{"1", OPT_1, '-', "MD5-based password algorithm"},
@ -108,8 +110,6 @@ OPTIONS passwd_options[] = {
# ifndef OPENSSL_NO_DES
{"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
# endif
{"salt", OPT_SALT, 's', "Use provided salt"},
{"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
{NULL}
};

2
apps/pkcs12.c
Unescape View File

@ -149,10 +149,10 @@ OPTIONS pkcs12_options[] = {
{"password", OPT_PASSWORD, 's', "Set import/export password source"},
{"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
{"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
{"", OPT_CIPHER, '-', "Any supported cipher"},
{NULL}
};

2
apps/req.c
Unescape View File

@ -176,11 +176,11 @@ OPTIONS req_options[] = {
"Cert extension section (override value in config file)"},
{"reqexts", OPT_REQEXTS, 's',
"Request extension section (override value in config file)"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"keygen_engine", OPT_KEYGEN_ENGINE, 's'},
#endif
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};

18
apps/rsa.c
Unescape View File

@ -138,14 +138,16 @@ OPTIONS rsa_options[] = {
{"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
{"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
{"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
{"noout", OPT_NOOUT, '-', "Don't print key out"},
{"text", OPT_TEXT, '-', "Print the key in text"},
{"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
{"check", OPT_CHECK, '-', "Verify key consistency"},
{"", OPT_CIPHER, '-', "Any supported cipher"},
# ifdef OPENSSL_NO_RC4
{"pvk-strong", OPT_PVK_STRONG, '-'},
{"pvk-weak", OPT_PVK_WEAK, '-'},
{"pvk-none", OPT_PVK_NONE, '-'},
# endif
# ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
# endif
@ -170,11 +172,6 @@ int rsa_main(int argc, char **argv)
switch (o) {
case OPT_EOF:
case OPT_ERR:
#ifdef OPENSSL_NO_RC4
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
#endif
opthelp:
BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
goto end;
@ -227,6 +224,11 @@ int rsa_main(int argc, char **argv)
case OPT_PVK_NONE:
pvk_encr = 0;
break;
#else
case OPT_PVK_STRONG:
case OPT_PVK_WEAK:
case OPT_PVK_NONE:
break;
#endif
case OPT_NOOUT:
noout = 1;

130
apps/s_client.c
Unescape View File

@ -509,17 +509,9 @@ OPTIONS s_client_options[] = {
{"quiet", OPT_QUIET, '-', "No s_client output"},
{"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
{"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
#endif
{"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just use TLSv1"},
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-'},
{"timeout", OPT_TIMEOUT, '-'},
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
{"starttls", OPT_STARTTLS, 's',
"Use the STARTTLS command before starting TLS"},
{"xmpphost", OPT_XMPPHOST, 's', "Host to use with \"-starttls xmpp\""},
@ -534,6 +526,48 @@ OPTIONS s_client_options[] = {
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
"Export len bytes of keying material (default 20)"},
{"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
{"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
{"CRL", OPT_CRL, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"CRLform", OPT_CRLFORM, 'F'},
{"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
{"verify_quiet", OPT_VERIFY_QUIET, '-'},
{"brief", OPT_BRIEF, '-'},
{"prexit", OPT_PREXIT, '-'},
{"security_debug", OPT_SECURITY_DEBUG, '-'},
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"cert_chain", OPT_CERT_CHAIN, '<'},
{"chainCApath", OPT_CHAINCAPATH, '/'},
{"verifyCApath", OPT_VERIFYCAPATH, '/'},
{"build_chain", OPT_BUILD_CHAIN, '-'},
{"chainCAfile", OPT_CHAINCAFILE, '<'},
{"verifyCAfile", OPT_VERIFYCAFILE, '<'},
{"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
{"servername", OPT_SERVERNAME, 's',
"Set TLS extension servername in ClientHello"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
{"status", OPT_STATUS, '-', "Request certificate status from server"},
{"serverinfo", OPT_SERVERINFO, 's',
"types Send empty ClientHello extensions (comma-separated numbers)"},
{"alpn", OPT_ALPN, 's',
"Enable ALPN extension, considering named protocols supported (comma-separated list)"},
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
#endif
#ifndef OPENSSL_NO_DTLS1
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-'},
{"timeout", OPT_TIMEOUT, '-'},
{"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
#endif
#ifndef OPENSSL_NO_SSL_TRACE
{"trace", OPT_TRACE, '-'},
#endif
#ifdef WATT32
{"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
#endif
@ -556,44 +590,14 @@ OPTIONS s_client_options[] = {
"Tolerate other than the known g N values."},
{"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"},
#endif
{"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""},
{"servername", OPT_SERVERNAME, 's',
"Set TLS extension servername in ClientHello"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
{"status", OPT_STATUS, '-', "Request certificate status from server"},
{"serverinfo", OPT_SERVERINFO, 's',
"types Send empty ClientHello extensions (comma-separated numbers)"},
{"alpn", OPT_ALPN, 's',
"Enable ALPN extension, considering named protocols supported (comma-separated list)"},
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Enable NPN extension, considering named protocols supported (comma-separated list)"},
#endif
{"CRL", OPT_CRL, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"CRLform", OPT_CRLFORM, 'F'},
{"verify_return_error", OPT_VERIFY_RET_ERROR, '-'},
{"verify_quiet", OPT_VERIFY_QUIET, '-'},
{"brief", OPT_BRIEF, '-'},
{"prexit", OPT_PREXIT, '-'},
{"trace", OPT_TRACE, '-'},
{"security_debug", OPT_SECURITY_DEBUG, '-'},
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"cert_chain", OPT_CERT_CHAIN, '<'},
{"chainCApath", OPT_CHAINCAPATH, '/'},
{"verifyCApath", OPT_VERIFYCAPATH, '/'},
{"build_chain", OPT_BUILD_CHAIN, '-'},
{"chainCAfile", OPT_CHAINCAFILE, '<'},
{"verifyCAfile", OPT_VERIFYCAFILE, '<'},
{"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's'},
#endif
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
{NULL}
};
@ -706,29 +710,6 @@ int s_client_main(int argc, char **argv)
prog = opt_init(argc, argv, s_client_options);
while ((o = opt_next()) != OPT_EOF) {
switch (o) {
#ifndef WATT32
case OPT_WDEBUG:
#endif
#ifdef OPENSSL_NO_JPAKE
case OPT_JPAKE:
#endif
#ifdef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
#endif
#ifdef OPENSSL_NO_PSK
case OPT_PSK_IDENTITY:
case OPT_PSK:
#endif
#ifdef OPENSSL_NO_SSL3
case OPT_SSL3:
#endif
#ifdef OPENSSL_NO_DTLS1
case OPT_DTLS:
case OPT_DTLS1:
case OPT_DTLS1_2:
case OPT_TIMEOUT:
case OPT_MTU:
#endif
case OPT_EOF:
case OPT_ERR:
opthelp:
@ -866,22 +847,22 @@ int s_client_main(int argc, char **argv)
case OPT_STATUS:
c_status_req = 1;
break;
#ifdef WATT32
case OPT_WDEBUG:
#ifdef WATT32
dbug_init();
break;
#endif
break;
case OPT_MSG:
c_msg = 1;
break;
case OPT_MSGFILE:
bio_c_msg = BIO_new_file(opt_arg(), "w");
break;
#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
#ifndef OPENSSL_NO_SSL_TRACE
c_msg = 2;
break;
#endif
break;
case OPT_SECURITY_DEBUG:
sdebug = 1;
break;
@ -908,6 +889,9 @@ int s_client_main(int argc, char **argv)
BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
goto end;
}
#else
case OPT_PSK_IDENTITY:
case OPT_PSK:
break;
#endif
#ifndef OPENSSL_NO_SRP
@ -941,11 +925,11 @@ int s_client_main(int argc, char **argv)
case OPT_SRP_MOREGROUPS:
break;
#endif
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
break;
#endif
break;
case OPT_TLS1_2:
meth = TLSv1_2_client_method();
break;
@ -974,6 +958,13 @@ int s_client_main(int argc, char **argv)
case OPT_MTU:
socket_mtu = atol(opt_arg());
break;
#else
case OPT_DTLS:
case OPT_DTLS1:
case OPT_DTLS1_2:
case OPT_TIMEOUT:
case OPT_MTU:
break;
#endif
case OPT_FALLBACKSCSV:
fallback_scsv = 1;
@ -1038,13 +1029,12 @@ int s_client_main(int argc, char **argv)
goto end;
case OPT_SERVERNAME:
servername = opt_arg();
/* meth=TLSv1_client_method(); */
break;
#ifndef OPENSSL_NO_JPAKE
case OPT_JPAKE:
#ifndef OPENSSL_NO_JPAKE
jpake_secret = opt_arg();
break;
#endif
break;
case OPT_USE_SRTP:
srtp_profiles = opt_arg();
break;

127
apps/s_server.c
Unescape View File

@ -806,9 +806,7 @@ typedef enum OPTION_choice {
OPT_BRIEF, OPT_NO_TMP_RSA, OPT_NO_DHE, OPT_NO_ECDHE,
OPT_NO_RESUME_EPHEMERAL, OPT_PSK_HINT, OPT_PSK, OPT_SRPVFILE,
OPT_SRPUSERSEED, OPT_REV, OPT_WWW, OPT_UPPER_WWW, OPT_HTTP,
#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
#endif
OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_CHAIN,
OPT_ID_PREFIX, OPT_RAND, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
@ -821,7 +819,6 @@ typedef enum OPTION_choice {
OPTIONS s_server_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
{"port", OPT_PORT, 'p'},
{"accept", OPT_PORT, 'p',
"TCP/IP port to accept on (default is " PORT_STR ")"},
@ -851,9 +848,6 @@ OPTIONS s_server_options[] = {
{"dkeyform", OPT_DKEYFORM, 'F',
"Second key format (PEM, DER or ENGINE) PEM default"},
{"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
#ifdef FIONBIO
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
#endif
{"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
{"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
{"debug", OPT_DEBUG, '-', "Print more output"},
@ -865,47 +859,13 @@ OPTIONS s_server_options[] = {
{"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
{"quiet", OPT_QUIET, '-', "No server output"},
{"no_tmp_rsa", OPT_NO_TMP_RSA, '-', "Do not generate a tmp RSA key"},
#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
# ifndef OPENSSL_NO_JPAKE
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
"A seed string for a default user salt"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
#endif
{"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
{"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
{"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
#ifndef OPENSSL_NO_DTLS1
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
{"chain", OPT_CHAIN, '-', "Read a certificate chain"},
#endif
#ifndef OPENSSL_NO_DH
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
#endif
#ifndef OPENSSL_NO_EC
{"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
#endif
{"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
"Disable caching and tickets if ephemeral (EC)DH is used"},
{"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
{"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
{"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
{"id_prefix", OPT_ID_PREFIX, 's',
"Generate SSL/TLS session IDs prefixed by arg"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"servername", OPT_SERVERNAME, 's',
"Servername for HostName TLS extension"},
{"servername_fatal", OPT_SERVERNAME_FATAL, '-',
@ -916,14 +876,11 @@ OPTIONS s_server_options[] = {
"-Private Key file to use for servername if not in -cert2"},
{"tlsextdebug", OPT_TLSEXTDEBUG, '-',
"Hex dump of all TLS extensions received"},
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Set the advertised protocols for the NPN extension (comma-separated list)"},
#endif
{"use_srtp", OPT_SRTP_PROFILES, '<',
"Offer SRTP key management with a colon-separated profile list"},
{"alpn", OPT_ALPN, 's',
"Set the advertised protocols for the ALPN extension (comma-separated list)"},
{"HTTP", OPT_HTTP, '-', "Like -WWW but ./path incluedes HTTP headers"},
{"id_prefix", OPT_ID_PREFIX, 's',
"Generate SSL/TLS session IDs prefixed by arg"},
{"rand", OPT_RAND, 's',
"Load the file(s) into the random number generator"},
{"keymatexport", OPT_KEYMATEXPORT, 's',
"Export keying material using label"},
{"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
@ -953,12 +910,54 @@ OPTIONS s_server_options[] = {
{"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-'},
{"brief", OPT_BRIEF, '-'},
{"rev", OPT_REV, '-'},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's'},
#endif
OPT_S_OPTIONS,
OPT_V_OPTIONS,
OPT_X_OPTIONS,
#ifdef FIONBIO
{"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
#endif
#ifndef OPENSSL_NO_PSK
{"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
{"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
# ifndef OPENSSL_NO_JPAKE
{"jpake", OPT_JPAKE, 's', "JPAKE secret to use"},
# endif
#endif
#ifndef OPENSSL_NO_SRP
{"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
{"srpuserseed", OPT_SRPUSERSEED, 's',
"A seed string for a default user salt"},
#endif
#ifndef OPENSSL_NO_SSL3
{"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
#endif
#ifndef OPENSSL_NO_DTLS1
{"dtls", OPT_DTLS, '-'},
{"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
{"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
{"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
{"mtu", OPT_MTU, 'p', "Set link layer MTU"},
{"chain", OPT_CHAIN, '-', "Read a certificate chain"},
#endif
#ifndef OPENSSL_NO_DH
{"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
#endif
#ifndef OPENSSL_NO_EC
{"no_ecdhe", OPT_NO_ECDHE, '-', "Disable ephemeral ECDH"},
#endif
#ifndef OPENSSL_NO_NEXTPROTONEG
{"nextprotoneg", OPT_NEXTPROTONEG, 's',
"Set the advertised protocols for the NPN extension (comma-separated list)"},
#endif
#ifndef OPENSSL_NO_SRTP
{"use_srtp", OPT_SRTP_PROFILES, '<',
"Offer SRTP key management with a colon-separated profile list"},
{"alpn", OPT_ALPN, 's',
"Set the advertised protocols for the ALPN extension (comma-separated list)"},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's'},
#endif
{NULL}
};
@ -1246,13 +1245,11 @@ int s_server_main(int argc, char *argv[])
case OPT_MSGFILE:
bio_s_msg = BIO_new_file(opt_arg(), "w");
break;
#ifndef OPENSSL_NO_SSL_TRACE
case OPT_TRACE:
#ifndef OPENSSL_NO_SSL_TRACE
s_msg = 2;
break;
#else
case OPT_TRACE:
goto opthelp;
break;
#endif
case OPT_SECURITY_DEBUG:
sdebug = 1;
@ -1296,6 +1293,10 @@ int s_server_main(int argc, char *argv[])
goto end;
}
break;
#else
case OPT_PSK_HINT:
case OPT_PSK:
break;
#endif
#ifndef OPENSSL_NO_SRP
case OPT_SRPVFILE:
@ -1323,11 +1324,11 @@ int s_server_main(int argc, char *argv[])
case OPT_HTTP:
www = 3;
break;
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_server_method();
break;
#endif
break;
case OPT_TLS1_2:
meth = TLSv1_2_server_method();
break;
@ -1359,6 +1360,14 @@ int s_server_main(int argc, char *argv[])
case OPT_CHAIN:
cert_chain = 1;
break;
#else
case OPT_DTLS:
case OPT_DTLS1:
case OPT_DTLS1_2:
case OPT_TIMEOUT:
case OPT_MTU:
case OPT_CHAIN:
break;
#endif
case OPT_ID_PREFIX:
session_id_prefix = opt_arg();
@ -1381,11 +1390,11 @@ int s_server_main(int argc, char *argv[])
case OPT_KEY2:
s_key_file2 = opt_arg();
break;
#ifndef OPENSSL_NO_NEXTPROTONEG
case OPT_NEXTPROTONEG:
# ifndef OPENSSL_NO_NEXTPROTONEG
next_proto_neg_in = opt_arg();
break;
#endif
break;
case OPT_ALPN:
alpn_in = opt_arg();
break;

6
apps/s_time.c
Unescape View File

@ -114,9 +114,7 @@ typedef enum OPTION_choice {
OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
OPT_CONNECT, OPT_CIPHER, OPT_CERT, OPT_KEY, OPT_CAPATH,
OPT_CAFILE, OPT_NEW, OPT_REUSE, OPT_BUGS, OPT_VERIFY, OPT_TIME,
#ifndef OPENSSL_NO_SSL3
OPT_SSL3,
#endif
OPT_WWW
} OPTION_CHOICE;
@ -227,11 +225,11 @@ int s_time_main(int argc, char **argv)
goto end;
}
break;
#ifndef OPENSSL_NO_SSL3
case OPT_SSL3:
#ifndef OPENSSL_NO_SSL3
meth = SSLv3_client_method();
break;
#endif
break;
}
}
argc = opt_num_rest();

16
apps/speed.c
Unescape View File

@ -358,19 +358,19 @@ OPTIONS speed_options[] = {
{OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
{OPT_HELP_STR, 1, '-', "Valid options are:\n"},
{"help", OPT_HELP, '-', "Display this summary"},
{"evp", OPT_EVP, 's', "Use specified EVP cipher"},
{"decrypt", OPT_DECRYPT, '-',
"Time decryption instead of encryption (only EVP)"},
{"mr", OPT_MR, '-', "Produce machine readable output"},
{"mb", OPT_MB, '-'},
{"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#if defined(TIMES) || defined(USE_TOD)
{"elapsed", OPT_ELAPSED, '-',
"Measure time in real time instead of CPU user time"},
#endif
{"evp", OPT_EVP, 's', "Use specified EVP cipher"},
{"decrypt", OPT_DECRYPT, '-',
"Time decryption instead of encryption (only EVP)"},
#ifndef NO_FORK
{"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
#endif
{"mr", OPT_MR, '-', "Produce machine readable output"},
{"mb", OPT_MB, '-'},
{"misalign", OPT_MISALIGN, 'n', "Amount to mis-align buffers"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
@ -829,11 +829,11 @@ int speed_main(int argc, char **argv)
case OPT_ENGINE:
(void)setup_engine(opt_arg(), 0);
break;
#ifndef NO_FORK
case OPT_MULTI:
#ifndef NO_FORK
multi = atoi(opt_arg());
break;
#endif
break;
case OPT_MISALIGN:
if (!opt_int(opt_arg(), &misalign))
goto end;

2
apps/ts.c
Unescape View File

@ -151,10 +151,10 @@ OPTIONS ts_options[] = {
{"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
{"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
{"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{"", OPT_MD, '-', "Any supported digest"},
{NULL}
};

2
apps/verify.c
Unescape View File

@ -91,10 +91,10 @@ OPTIONS verify_options[] = {
{"CRLfile", OPT_CRLFILE, '<'},
{"crl_download", OPT_CRL_DOWNLOAD, '-'},
{"show_chain", OPT_SHOW_CHAIN, '-'},
OPT_V_OPTIONS,
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
OPT_V_OPTIONS,
{NULL}
};

28
apps/x509.c
Unescape View File

@ -107,13 +107,9 @@ typedef enum OPTION_choice {
OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
#ifndef OPENSSL_NO_MD5
OPT_SUBJECT_HASH_OLD,
OPT_ISSUER_HASH_OLD,
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
OPT_FORCE_VERSION,
#endif
OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT
} OPTION_CHOICE;
@ -130,12 +126,6 @@ OPTIONS x509_options[] = {
{"serial", OPT_SERIAL, '-', "Print serial number value"},
{"subject_hash", OPT_HASH, '-', "Print subject hash value"},
{"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
#ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
"Print old-style (MD5) issuer hash value"},
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
#endif
{"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
{"subject", OPT_SUBJECT, '-', "Print subject DN"},
{"issuer", OPT_ISSUER, '-', "Print issuer DN"},
@ -194,11 +184,17 @@ OPTIONS x509_options[] = {
{"clrreject", OPT_CLRREJECT, '-'},
{"badsig", OPT_BADSIG, '-'},
{"", OPT_MD, '-', "Any supported digest"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#ifndef OPENSSL_NO_MD5
{"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
"Print old-style (MD5) issuer hash value"},
{"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
"Print old-style (MD5) subject hash value"},
#endif
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
{"force_version", OPT_FORCE_VERSION, 'p'},
#endif
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
#endif
{NULL}
};
@ -291,11 +287,11 @@ int x509_main(int argc, char **argv)
if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
goto opthelp;
break;
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
case OPT_FORCE_VERSION:
#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL
force_version = atoi(opt_arg()) - 1;
break;
#endif
break;
case OPT_DAYS:
days = atoi(opt_arg());
break;
@ -459,6 +455,10 @@ int x509_main(int argc, char **argv)
case OPT_ISSUER_HASH_OLD:
issuer_hash_old = ++num;
break;
#else
case OPT_SUBJECT_HASH_OLD:
case OPT_ISSUER_HASH_OLD:
break;
#endif
case OPT_DATES:
startdate = ++num;

Write Preview
Loading…
Cancel
Save