1*b077aed3SPierre Pronchery /* 2*b077aed3SPierre Pronchery * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. 3*b077aed3SPierre Pronchery * 4*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use 5*b077aed3SPierre Pronchery * this file except in compliance with the License. You can obtain a copy 6*b077aed3SPierre Pronchery * in the file LICENSE in the source distribution or at 7*b077aed3SPierre Pronchery * https://www.openssl.org/source/license.html 8*b077aed3SPierre Pronchery */ 9*b077aed3SPierre Pronchery #ifndef OSSL_APPS_OPT_H 10*b077aed3SPierre Pronchery #define OSSL_APPS_OPT_H 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery #include <sys/types.h> 13*b077aed3SPierre Pronchery #include <openssl/e_os2.h> 14*b077aed3SPierre Pronchery #include <openssl/types.h> 15*b077aed3SPierre Pronchery #include <stdarg.h> 16*b077aed3SPierre Pronchery 17*b077aed3SPierre Pronchery #define OPT_COMMON OPT_ERR = -1, OPT_EOF = 0, OPT_HELP 18*b077aed3SPierre Pronchery 19*b077aed3SPierre Pronchery /* 20*b077aed3SPierre Pronchery * Common verification options. 21*b077aed3SPierre Pronchery */ 22*b077aed3SPierre Pronchery # define OPT_V_ENUM \ 23*b077aed3SPierre Pronchery OPT_V__FIRST=2000, \ 24*b077aed3SPierre Pronchery OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \ 25*b077aed3SPierre Pronchery OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \ 26*b077aed3SPierre Pronchery OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \ 27*b077aed3SPierre Pronchery OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \ 28*b077aed3SPierre Pronchery OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \ 29*b077aed3SPierre Pronchery OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \ 30*b077aed3SPierre Pronchery OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \ 31*b077aed3SPierre Pronchery OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \ 32*b077aed3SPierre Pronchery OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \ 33*b077aed3SPierre Pronchery OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \ 34*b077aed3SPierre Pronchery OPT_V__LAST 35*b077aed3SPierre Pronchery 36*b077aed3SPierre Pronchery # define OPT_V_OPTIONS \ 37*b077aed3SPierre Pronchery OPT_SECTION("Validation"), \ 38*b077aed3SPierre Pronchery { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \ 39*b077aed3SPierre Pronchery { "purpose", OPT_V_PURPOSE, 's', \ 40*b077aed3SPierre Pronchery "certificate chain purpose"}, \ 41*b077aed3SPierre Pronchery { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \ 42*b077aed3SPierre Pronchery { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \ 43*b077aed3SPierre Pronchery "chain depth limit" }, \ 44*b077aed3SPierre Pronchery { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \ 45*b077aed3SPierre Pronchery "chain authentication security level" }, \ 46*b077aed3SPierre Pronchery { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \ 47*b077aed3SPierre Pronchery { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \ 48*b077aed3SPierre Pronchery "expected peer hostname" }, \ 49*b077aed3SPierre Pronchery { "verify_email", OPT_V_VERIFY_EMAIL, 's', \ 50*b077aed3SPierre Pronchery "expected peer email" }, \ 51*b077aed3SPierre Pronchery { "verify_ip", OPT_V_VERIFY_IP, 's', \ 52*b077aed3SPierre Pronchery "expected peer IP address" }, \ 53*b077aed3SPierre Pronchery { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \ 54*b077aed3SPierre Pronchery "permit unhandled critical extensions"}, \ 55*b077aed3SPierre Pronchery { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \ 56*b077aed3SPierre Pronchery { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \ 57*b077aed3SPierre Pronchery { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \ 58*b077aed3SPierre Pronchery { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \ 59*b077aed3SPierre Pronchery { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \ 60*b077aed3SPierre Pronchery "set policy variable require-explicit-policy"}, \ 61*b077aed3SPierre Pronchery { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \ 62*b077aed3SPierre Pronchery "set policy variable inhibit-any-policy"}, \ 63*b077aed3SPierre Pronchery { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \ 64*b077aed3SPierre Pronchery "set policy variable inhibit-policy-mapping"}, \ 65*b077aed3SPierre Pronchery { "x509_strict", OPT_V_X509_STRICT, '-', \ 66*b077aed3SPierre Pronchery "disable certificate compatibility work-arounds"}, \ 67*b077aed3SPierre Pronchery { "extended_crl", OPT_V_EXTENDED_CRL, '-', \ 68*b077aed3SPierre Pronchery "enable extended CRL features"}, \ 69*b077aed3SPierre Pronchery { "use_deltas", OPT_V_USE_DELTAS, '-', \ 70*b077aed3SPierre Pronchery "use delta CRLs"}, \ 71*b077aed3SPierre Pronchery { "policy_print", OPT_V_POLICY_PRINT, '-', \ 72*b077aed3SPierre Pronchery "print policy processing diagnostics"}, \ 73*b077aed3SPierre Pronchery { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \ 74*b077aed3SPierre Pronchery "check root CA self-signatures"}, \ 75*b077aed3SPierre Pronchery { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \ 76*b077aed3SPierre Pronchery "search trust store first (default)" }, \ 77*b077aed3SPierre Pronchery { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \ 78*b077aed3SPierre Pronchery { "suiteB_128", OPT_V_SUITEB_128, '-', \ 79*b077aed3SPierre Pronchery "Suite B 128-bit mode allowing 192-bit algorithms"}, \ 80*b077aed3SPierre Pronchery { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \ 81*b077aed3SPierre Pronchery { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \ 82*b077aed3SPierre Pronchery "accept chains anchored by intermediate trust-store CAs"}, \ 83*b077aed3SPierre Pronchery { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \ 84*b077aed3SPierre Pronchery { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \ 85*b077aed3SPierre Pronchery { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" } 86*b077aed3SPierre Pronchery 87*b077aed3SPierre Pronchery # define OPT_V_CASES \ 88*b077aed3SPierre Pronchery OPT_V__FIRST: case OPT_V__LAST: break; \ 89*b077aed3SPierre Pronchery case OPT_V_POLICY: \ 90*b077aed3SPierre Pronchery case OPT_V_PURPOSE: \ 91*b077aed3SPierre Pronchery case OPT_V_VERIFY_NAME: \ 92*b077aed3SPierre Pronchery case OPT_V_VERIFY_DEPTH: \ 93*b077aed3SPierre Pronchery case OPT_V_VERIFY_AUTH_LEVEL: \ 94*b077aed3SPierre Pronchery case OPT_V_ATTIME: \ 95*b077aed3SPierre Pronchery case OPT_V_VERIFY_HOSTNAME: \ 96*b077aed3SPierre Pronchery case OPT_V_VERIFY_EMAIL: \ 97*b077aed3SPierre Pronchery case OPT_V_VERIFY_IP: \ 98*b077aed3SPierre Pronchery case OPT_V_IGNORE_CRITICAL: \ 99*b077aed3SPierre Pronchery case OPT_V_ISSUER_CHECKS: \ 100*b077aed3SPierre Pronchery case OPT_V_CRL_CHECK: \ 101*b077aed3SPierre Pronchery case OPT_V_CRL_CHECK_ALL: \ 102*b077aed3SPierre Pronchery case OPT_V_POLICY_CHECK: \ 103*b077aed3SPierre Pronchery case OPT_V_EXPLICIT_POLICY: \ 104*b077aed3SPierre Pronchery case OPT_V_INHIBIT_ANY: \ 105*b077aed3SPierre Pronchery case OPT_V_INHIBIT_MAP: \ 106*b077aed3SPierre Pronchery case OPT_V_X509_STRICT: \ 107*b077aed3SPierre Pronchery case OPT_V_EXTENDED_CRL: \ 108*b077aed3SPierre Pronchery case OPT_V_USE_DELTAS: \ 109*b077aed3SPierre Pronchery case OPT_V_POLICY_PRINT: \ 110*b077aed3SPierre Pronchery case OPT_V_CHECK_SS_SIG: \ 111*b077aed3SPierre Pronchery case OPT_V_TRUSTED_FIRST: \ 112*b077aed3SPierre Pronchery case OPT_V_SUITEB_128_ONLY: \ 113*b077aed3SPierre Pronchery case OPT_V_SUITEB_128: \ 114*b077aed3SPierre Pronchery case OPT_V_SUITEB_192: \ 115*b077aed3SPierre Pronchery case OPT_V_PARTIAL_CHAIN: \ 116*b077aed3SPierre Pronchery case OPT_V_NO_ALT_CHAINS: \ 117*b077aed3SPierre Pronchery case OPT_V_NO_CHECK_TIME: \ 118*b077aed3SPierre Pronchery case OPT_V_ALLOW_PROXY_CERTS 119*b077aed3SPierre Pronchery 120*b077aed3SPierre Pronchery /* 121*b077aed3SPierre Pronchery * Common "extended validation" options. 122*b077aed3SPierre Pronchery */ 123*b077aed3SPierre Pronchery # define OPT_X_ENUM \ 124*b077aed3SPierre Pronchery OPT_X__FIRST=1000, \ 125*b077aed3SPierre Pronchery OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \ 126*b077aed3SPierre Pronchery OPT_X_CERTFORM, OPT_X_KEYFORM, \ 127*b077aed3SPierre Pronchery OPT_X__LAST 128*b077aed3SPierre Pronchery 129*b077aed3SPierre Pronchery # define OPT_X_OPTIONS \ 130*b077aed3SPierre Pronchery OPT_SECTION("Extended certificate"), \ 131*b077aed3SPierre Pronchery { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \ 132*b077aed3SPierre Pronchery { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \ 133*b077aed3SPierre Pronchery { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \ 134*b077aed3SPierre Pronchery { "xchain_build", OPT_X_CHAIN_BUILD, '-', \ 135*b077aed3SPierre Pronchery "build certificate chain for the extended certificates"}, \ 136*b077aed3SPierre Pronchery { "xcertform", OPT_X_CERTFORM, 'F', \ 137*b077aed3SPierre Pronchery "format of Extended certificate (PEM/DER/P12); has no effect" }, \ 138*b077aed3SPierre Pronchery { "xkeyform", OPT_X_KEYFORM, 'F', \ 139*b077aed3SPierre Pronchery "format of Extended certificate's key (DER/PEM/P12); has no effect"} 140*b077aed3SPierre Pronchery 141*b077aed3SPierre Pronchery # define OPT_X_CASES \ 142*b077aed3SPierre Pronchery OPT_X__FIRST: case OPT_X__LAST: break; \ 143*b077aed3SPierre Pronchery case OPT_X_KEY: \ 144*b077aed3SPierre Pronchery case OPT_X_CERT: \ 145*b077aed3SPierre Pronchery case OPT_X_CHAIN: \ 146*b077aed3SPierre Pronchery case OPT_X_CHAIN_BUILD: \ 147*b077aed3SPierre Pronchery case OPT_X_CERTFORM: \ 148*b077aed3SPierre Pronchery case OPT_X_KEYFORM 149*b077aed3SPierre Pronchery 150*b077aed3SPierre Pronchery /* 151*b077aed3SPierre Pronchery * Common SSL options. 152*b077aed3SPierre Pronchery * Any changes here must be coordinated with ../ssl/ssl_conf.c 153*b077aed3SPierre Pronchery */ 154*b077aed3SPierre Pronchery # define OPT_S_ENUM \ 155*b077aed3SPierre Pronchery OPT_S__FIRST=3000, \ 156*b077aed3SPierre Pronchery OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \ 157*b077aed3SPierre Pronchery OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \ 158*b077aed3SPierre Pronchery OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \ 159*b077aed3SPierre Pronchery OPT_S_LEGACYCONN, \ 160*b077aed3SPierre Pronchery OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \ 161*b077aed3SPierre Pronchery OPT_S_PRIORITIZE_CHACHA, \ 162*b077aed3SPierre Pronchery OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \ 163*b077aed3SPierre Pronchery OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \ 164*b077aed3SPierre Pronchery OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \ 165*b077aed3SPierre Pronchery OPT_S_MINPROTO, OPT_S_MAXPROTO, \ 166*b077aed3SPierre Pronchery OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, OPT_S__LAST 167*b077aed3SPierre Pronchery 168*b077aed3SPierre Pronchery # define OPT_S_OPTIONS \ 169*b077aed3SPierre Pronchery OPT_SECTION("TLS/SSL"), \ 170*b077aed3SPierre Pronchery {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \ 171*b077aed3SPierre Pronchery {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \ 172*b077aed3SPierre Pronchery {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \ 173*b077aed3SPierre Pronchery {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \ 174*b077aed3SPierre Pronchery {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \ 175*b077aed3SPierre Pronchery {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \ 176*b077aed3SPierre Pronchery {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \ 177*b077aed3SPierre Pronchery {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \ 178*b077aed3SPierre Pronchery {"no_ticket", OPT_S_NOTICKET, '-', \ 179*b077aed3SPierre Pronchery "Disable use of TLS session tickets"}, \ 180*b077aed3SPierre Pronchery {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \ 181*b077aed3SPierre Pronchery {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \ 182*b077aed3SPierre Pronchery "Enable use of legacy renegotiation (dangerous)"}, \ 183*b077aed3SPierre Pronchery {"client_renegotiation", OPT_S_CLIENTRENEG, '-', \ 184*b077aed3SPierre Pronchery "Allow client-initiated renegotiation" }, \ 185*b077aed3SPierre Pronchery {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \ 186*b077aed3SPierre Pronchery "Disable all renegotiation."}, \ 187*b077aed3SPierre Pronchery {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \ 188*b077aed3SPierre Pronchery "Allow initial connection to servers that don't support RI"}, \ 189*b077aed3SPierre Pronchery {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \ 190*b077aed3SPierre Pronchery "Disallow session resumption on renegotiation"}, \ 191*b077aed3SPierre Pronchery {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \ 192*b077aed3SPierre Pronchery "Disallow initial connection to servers that don't support RI"}, \ 193*b077aed3SPierre Pronchery {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \ 194*b077aed3SPierre Pronchery "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \ 195*b077aed3SPierre Pronchery {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \ 196*b077aed3SPierre Pronchery "Prioritize ChaCha ciphers when preferred by clients"}, \ 197*b077aed3SPierre Pronchery {"strict", OPT_S_STRICT, '-', \ 198*b077aed3SPierre Pronchery "Enforce strict certificate checks as per TLS standard"}, \ 199*b077aed3SPierre Pronchery {"sigalgs", OPT_S_SIGALGS, 's', \ 200*b077aed3SPierre Pronchery "Signature algorithms to support (colon-separated list)" }, \ 201*b077aed3SPierre Pronchery {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \ 202*b077aed3SPierre Pronchery "Signature algorithms to support for client certificate" \ 203*b077aed3SPierre Pronchery " authentication (colon-separated list)" }, \ 204*b077aed3SPierre Pronchery {"groups", OPT_S_GROUPS, 's', \ 205*b077aed3SPierre Pronchery "Groups to advertise (colon-separated list)" }, \ 206*b077aed3SPierre Pronchery {"curves", OPT_S_CURVES, 's', \ 207*b077aed3SPierre Pronchery "Groups to advertise (colon-separated list)" }, \ 208*b077aed3SPierre Pronchery {"named_curve", OPT_S_NAMEDCURVE, 's', \ 209*b077aed3SPierre Pronchery "Elliptic curve used for ECDHE (server-side only)" }, \ 210*b077aed3SPierre Pronchery {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \ 211*b077aed3SPierre Pronchery {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \ 212*b077aed3SPierre Pronchery {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \ 213*b077aed3SPierre Pronchery {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \ 214*b077aed3SPierre Pronchery {"record_padding", OPT_S_RECORD_PADDING, 's', \ 215*b077aed3SPierre Pronchery "Block size to pad TLS 1.3 records to."}, \ 216*b077aed3SPierre Pronchery {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \ 217*b077aed3SPierre Pronchery "Perform all sorts of protocol violations for testing purposes"}, \ 218*b077aed3SPierre Pronchery {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \ 219*b077aed3SPierre Pronchery "Disable TLSv1.3 middlebox compat mode" }, \ 220*b077aed3SPierre Pronchery {"no_etm", OPT_S_NO_ETM, '-', \ 221*b077aed3SPierre Pronchery "Disable Encrypt-then-Mac extension"} 222*b077aed3SPierre Pronchery 223*b077aed3SPierre Pronchery # define OPT_S_CASES \ 224*b077aed3SPierre Pronchery OPT_S__FIRST: case OPT_S__LAST: break; \ 225*b077aed3SPierre Pronchery case OPT_S_NOSSL3: \ 226*b077aed3SPierre Pronchery case OPT_S_NOTLS1: \ 227*b077aed3SPierre Pronchery case OPT_S_NOTLS1_1: \ 228*b077aed3SPierre Pronchery case OPT_S_NOTLS1_2: \ 229*b077aed3SPierre Pronchery case OPT_S_NOTLS1_3: \ 230*b077aed3SPierre Pronchery case OPT_S_BUGS: \ 231*b077aed3SPierre Pronchery case OPT_S_NO_COMP: \ 232*b077aed3SPierre Pronchery case OPT_S_COMP: \ 233*b077aed3SPierre Pronchery case OPT_S_NOTICKET: \ 234*b077aed3SPierre Pronchery case OPT_S_SERVERPREF: \ 235*b077aed3SPierre Pronchery case OPT_S_LEGACYRENEG: \ 236*b077aed3SPierre Pronchery case OPT_S_CLIENTRENEG: \ 237*b077aed3SPierre Pronchery case OPT_S_LEGACYCONN: \ 238*b077aed3SPierre Pronchery case OPT_S_ONRESUMP: \ 239*b077aed3SPierre Pronchery case OPT_S_NOLEGACYCONN: \ 240*b077aed3SPierre Pronchery case OPT_S_ALLOW_NO_DHE_KEX: \ 241*b077aed3SPierre Pronchery case OPT_S_PRIORITIZE_CHACHA: \ 242*b077aed3SPierre Pronchery case OPT_S_STRICT: \ 243*b077aed3SPierre Pronchery case OPT_S_SIGALGS: \ 244*b077aed3SPierre Pronchery case OPT_S_CLIENTSIGALGS: \ 245*b077aed3SPierre Pronchery case OPT_S_GROUPS: \ 246*b077aed3SPierre Pronchery case OPT_S_CURVES: \ 247*b077aed3SPierre Pronchery case OPT_S_NAMEDCURVE: \ 248*b077aed3SPierre Pronchery case OPT_S_CIPHER: \ 249*b077aed3SPierre Pronchery case OPT_S_CIPHERSUITES: \ 250*b077aed3SPierre Pronchery case OPT_S_RECORD_PADDING: \ 251*b077aed3SPierre Pronchery case OPT_S_NO_RENEGOTIATION: \ 252*b077aed3SPierre Pronchery case OPT_S_MINPROTO: \ 253*b077aed3SPierre Pronchery case OPT_S_MAXPROTO: \ 254*b077aed3SPierre Pronchery case OPT_S_DEBUGBROKE: \ 255*b077aed3SPierre Pronchery case OPT_S_NO_MIDDLEBOX: \ 256*b077aed3SPierre Pronchery case OPT_S_NO_ETM 257*b077aed3SPierre Pronchery 258*b077aed3SPierre Pronchery #define IS_NO_PROT_FLAG(o) \ 259*b077aed3SPierre Pronchery (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \ 260*b077aed3SPierre Pronchery || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3) 261*b077aed3SPierre Pronchery 262*b077aed3SPierre Pronchery /* 263*b077aed3SPierre Pronchery * Random state options. 264*b077aed3SPierre Pronchery */ 265*b077aed3SPierre Pronchery # define OPT_R_ENUM \ 266*b077aed3SPierre Pronchery OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST 267*b077aed3SPierre Pronchery 268*b077aed3SPierre Pronchery # define OPT_R_OPTIONS \ 269*b077aed3SPierre Pronchery OPT_SECTION("Random state"), \ 270*b077aed3SPierre Pronchery {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \ 271*b077aed3SPierre Pronchery {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"} 272*b077aed3SPierre Pronchery 273*b077aed3SPierre Pronchery # define OPT_R_CASES \ 274*b077aed3SPierre Pronchery OPT_R__FIRST: case OPT_R__LAST: break; \ 275*b077aed3SPierre Pronchery case OPT_R_RAND: case OPT_R_WRITERAND 276*b077aed3SPierre Pronchery 277*b077aed3SPierre Pronchery /* 278*b077aed3SPierre Pronchery * Provider options. 279*b077aed3SPierre Pronchery */ 280*b077aed3SPierre Pronchery # define OPT_PROV_ENUM \ 281*b077aed3SPierre Pronchery OPT_PROV__FIRST=1600, \ 282*b077aed3SPierre Pronchery OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \ 283*b077aed3SPierre Pronchery OPT_PROV__LAST 284*b077aed3SPierre Pronchery 285*b077aed3SPierre Pronchery # define OPT_CONFIG_OPTION \ 286*b077aed3SPierre Pronchery { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" } 287*b077aed3SPierre Pronchery 288*b077aed3SPierre Pronchery # define OPT_PROV_OPTIONS \ 289*b077aed3SPierre Pronchery OPT_SECTION("Provider"), \ 290*b077aed3SPierre Pronchery { "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \ 291*b077aed3SPierre Pronchery { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \ 292*b077aed3SPierre Pronchery { "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" } 293*b077aed3SPierre Pronchery 294*b077aed3SPierre Pronchery # define OPT_PROV_CASES \ 295*b077aed3SPierre Pronchery OPT_PROV__FIRST: case OPT_PROV__LAST: break; \ 296*b077aed3SPierre Pronchery case OPT_PROV_PROVIDER: \ 297*b077aed3SPierre Pronchery case OPT_PROV_PROVIDER_PATH: \ 298*b077aed3SPierre Pronchery case OPT_PROV_PROPQUERY 299*b077aed3SPierre Pronchery 300*b077aed3SPierre Pronchery /* 301*b077aed3SPierre Pronchery * Option parsing. 302*b077aed3SPierre Pronchery */ 303*b077aed3SPierre Pronchery extern const char OPT_HELP_STR[]; 304*b077aed3SPierre Pronchery extern const char OPT_MORE_STR[]; 305*b077aed3SPierre Pronchery extern const char OPT_SECTION_STR[]; 306*b077aed3SPierre Pronchery extern const char OPT_PARAM_STR[]; 307*b077aed3SPierre Pronchery 308*b077aed3SPierre Pronchery typedef struct options_st { 309*b077aed3SPierre Pronchery const char *name; 310*b077aed3SPierre Pronchery int retval; 311*b077aed3SPierre Pronchery /* 312*b077aed3SPierre Pronchery * value type: - no value (also the value zero), n number, p positive 313*b077aed3SPierre Pronchery * number, u unsigned, l long, s string, < input file, > output file, 314*b077aed3SPierre Pronchery * f any format, F der/pem format, E der/pem/engine format identifier. 315*b077aed3SPierre Pronchery * l, n and u include zero; p does not. 316*b077aed3SPierre Pronchery */ 317*b077aed3SPierre Pronchery int valtype; 318*b077aed3SPierre Pronchery const char *helpstr; 319*b077aed3SPierre Pronchery } OPTIONS; 320*b077aed3SPierre Pronchery /* Special retval values: */ 321*b077aed3SPierre Pronchery #define OPT_PARAM 0 /* same as OPT_EOF usually defined in apps */ 322*b077aed3SPierre Pronchery #define OPT_DUP -2 /* marks duplicate occurrence of option in help output */ 323*b077aed3SPierre Pronchery 324*b077aed3SPierre Pronchery /* 325*b077aed3SPierre Pronchery * A string/int pairing; widely use for option value lookup, hence the 326*b077aed3SPierre Pronchery * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use 327*b077aed3SPierre Pronchery * the "generic" name STRINT_PAIR. 328*b077aed3SPierre Pronchery */ 329*b077aed3SPierre Pronchery typedef struct string_int_pair_st { 330*b077aed3SPierre Pronchery const char *name; 331*b077aed3SPierre Pronchery int retval; 332*b077aed3SPierre Pronchery } OPT_PAIR, STRINT_PAIR; 333*b077aed3SPierre Pronchery 334*b077aed3SPierre Pronchery /* Flags to pass into opt_format; see FORMAT_xxx, below. */ 335*b077aed3SPierre Pronchery # define OPT_FMT_PEMDER (1L << 1) 336*b077aed3SPierre Pronchery # define OPT_FMT_PKCS12 (1L << 2) 337*b077aed3SPierre Pronchery # define OPT_FMT_SMIME (1L << 3) 338*b077aed3SPierre Pronchery # define OPT_FMT_ENGINE (1L << 4) 339*b077aed3SPierre Pronchery # define OPT_FMT_MSBLOB (1L << 5) 340*b077aed3SPierre Pronchery /* (1L << 6) was OPT_FMT_NETSCAPE, but wasn't used */ 341*b077aed3SPierre Pronchery # define OPT_FMT_NSS (1L << 7) 342*b077aed3SPierre Pronchery # define OPT_FMT_TEXT (1L << 8) 343*b077aed3SPierre Pronchery # define OPT_FMT_HTTP (1L << 9) 344*b077aed3SPierre Pronchery # define OPT_FMT_PVK (1L << 10) 345*b077aed3SPierre Pronchery # define OPT_FMT_PDE (OPT_FMT_PEMDER | OPT_FMT_ENGINE) 346*b077aed3SPierre Pronchery # define OPT_FMT_PDS (OPT_FMT_PEMDER | OPT_FMT_SMIME) 347*b077aed3SPierre Pronchery # define OPT_FMT_ANY ( \ 348*b077aed3SPierre Pronchery OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \ 349*b077aed3SPierre Pronchery OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \ 350*b077aed3SPierre Pronchery OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK) 351*b077aed3SPierre Pronchery 352*b077aed3SPierre Pronchery /* Divide options into sections when displaying usage */ 353*b077aed3SPierre Pronchery #define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" } 354*b077aed3SPierre Pronchery #define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" } 355*b077aed3SPierre Pronchery 356*b077aed3SPierre Pronchery const char *opt_path_end(const char *filename); 357*b077aed3SPierre Pronchery char *opt_init(int ac, char **av, const OPTIONS * o); 358*b077aed3SPierre Pronchery char *opt_progname(const char *argv0); 359*b077aed3SPierre Pronchery char *opt_appname(const char *argv0); 360*b077aed3SPierre Pronchery char *opt_getprog(void); 361*b077aed3SPierre Pronchery void opt_help(const OPTIONS * list); 362*b077aed3SPierre Pronchery 363*b077aed3SPierre Pronchery void opt_begin(void); 364*b077aed3SPierre Pronchery int opt_next(void); 365*b077aed3SPierre Pronchery char *opt_flag(void); 366*b077aed3SPierre Pronchery char *opt_arg(void); 367*b077aed3SPierre Pronchery char *opt_unknown(void); 368*b077aed3SPierre Pronchery int opt_cipher(const char *name, EVP_CIPHER **cipherp); 369*b077aed3SPierre Pronchery int opt_cipher_any(const char *name, EVP_CIPHER **cipherp); 370*b077aed3SPierre Pronchery int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp); 371*b077aed3SPierre Pronchery int opt_md(const char *name, EVP_MD **mdp); 372*b077aed3SPierre Pronchery int opt_md_silent(const char *name, EVP_MD **mdp); 373*b077aed3SPierre Pronchery 374*b077aed3SPierre Pronchery int opt_int(const char *arg, int *result); 375*b077aed3SPierre Pronchery int opt_int_arg(void); 376*b077aed3SPierre Pronchery int opt_long(const char *arg, long *result); 377*b077aed3SPierre Pronchery int opt_ulong(const char *arg, unsigned long *result); 378*b077aed3SPierre Pronchery int opt_intmax(const char *arg, ossl_intmax_t *result); 379*b077aed3SPierre Pronchery int opt_uintmax(const char *arg, ossl_uintmax_t *result); 380*b077aed3SPierre Pronchery 381*b077aed3SPierre Pronchery int opt_isdir(const char *name); 382*b077aed3SPierre Pronchery int opt_format(const char *s, unsigned long flags, int *result); 383*b077aed3SPierre Pronchery void print_format_error(int format, unsigned long flags); 384*b077aed3SPierre Pronchery int opt_printf_stderr(const char *fmt, ...); 385*b077aed3SPierre Pronchery int opt_string(const char *name, const char **options); 386*b077aed3SPierre Pronchery int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result); 387*b077aed3SPierre Pronchery 388*b077aed3SPierre Pronchery int opt_verify(int i, X509_VERIFY_PARAM *vpm); 389*b077aed3SPierre Pronchery int opt_rand(int i); 390*b077aed3SPierre Pronchery int opt_provider(int i); 391*b077aed3SPierre Pronchery int opt_provider_option_given(void); 392*b077aed3SPierre Pronchery 393*b077aed3SPierre Pronchery char **opt_rest(void); 394*b077aed3SPierre Pronchery int opt_num_rest(void); 395*b077aed3SPierre Pronchery 396*b077aed3SPierre Pronchery /* Returns non-zero if legacy paths are still available */ 397*b077aed3SPierre Pronchery int opt_legacy_okay(void); 398*b077aed3SPierre Pronchery 399*b077aed3SPierre Pronchery 400*b077aed3SPierre Pronchery #endif /* OSSL_APPS_OPT_H */ 401