1=pod 2 3=head1 NAME 4 5OPTIONS, OPT_PAIR, OPT_COMMON, OPT_ERR, OPT_EOF, OPT_HELP, 6opt_init, opt_progname, opt_appname, opt_getprog, opt_help, 7opt_begin, opt_next, opt_flag, opt_arg, opt_unknown, opt_cipher, 8opt_cipher_any, opt_cipher_silent, opt_md, 9opt_int, opt_int_arg, opt_long, opt_ulong, opt_intmax, opt_uintmax, 10opt_format, opt_isdir, opt_string, opt_pair, 11opt_num_rest, opt_rest, opt_legacy_okay 12- Option parsing for commands and tests 13 14=head1 SYNOPSIS 15 16 #include "opt.h" 17 18 typedef struct { ... } OPTIONS; 19 typedef struct { ... } OPT_PAIR; 20 #define OPT_COMMON 21 #define OPT_ERR 22 #define OPT_EOF 23 #define OPT_HELP 24 25 char *opt_init(int argc, char **argv, const OPTIONS *o); 26 char *opt_progname(const char *argv0); 27 char *opt_appname(const char *argv0); 28 char *opt_getprog(void); 29 void opt_help(const OPTIONS *list); 30 31 void opt_begin(void); 32 int opt_next(void); 33 char *opt_flag(void); 34 char *opt_arg(void); 35 char *opt_unknown(void); 36 int opt_cipher(const char *name, EVP_CIPHER **cipherp); 37 int opt_cipher_any(const char *name, EVP_CIPHER **cipherp); 38 int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp); 39 int opt_md(const char *name, EVP_MD **mdp); 40 41 int opt_int(const char *value, int *result); 42 int opt_int_arg(void); 43 int opt_long(const char *value, long *result); 44 int opt_ulong(const char *value, unsigned long *result); 45 int opt_intmax(const char *value, intmax_t *result); 46 int opt_uintmax(const char *value, uintmax_t *result); 47 48 int opt_format(const char *s, unsigned long flags, int *result); 49 int opt_isdir(const char *name); 50 int opt_string(const char *name, const char **options); 51 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result); 52 53 int opt_num_rest(void); 54 char **opt_rest(void); 55 56 int opt_legacy_okay(void); 57 58=head1 DESCRIPTION 59 60The functions on this page provide a common set of option-parsing for 61the OpenSSL command and the internal test programs. 62It is intended to be used like the standard getopt(3) routine, except 63that multi-character flag names are supported, and a variety of parsing 64and other utility functions are also provided. 65 66Programs that use this should make sure to set the appropriate C<-I> 67flag. 68 69These routines expect a global B<BIO> named B<bio_err> to point to 70the equivalent of B<stderr>. This is already done in the OpenSSL 71application. 72 73=head2 Data Types 74 75Each program should define, near the main() routine, an enumeration 76that is the set of options the program accepts. For example: 77 78 typedef enum OPTION_choice { 79 OPT_COMMON, 80 OPT_YES, OPT_NAME, OPT_COUNT, OPT_OFILE, 81 ... 82 } OPTION_CHOICE; 83 84The first two lines must appear exactly as shown. 85OPT_COMMON is a macro that expands to C<OPT_ERR = -1, OPT_EOF = 0, OPT_HELP>. 86In addition to defining symbolic names for the constants that opt_next() 87returns, it also helps guarantee that every command has a C<-help> option. 88The third line is a sample 89set of flags, and the closing C<typedef> name is used for error-checking 90as discussed below. 91By declaring the variable as an C<OPTION_CHOICE>, with the right warning 92flags, the compiler could check that all specified options are handled. 93 94The B<OPTIONS> C<typedef> specifies an option: what type of argument 95it takes (if any), and an optional "help" string. It is a C<struct> 96containing these fields: 97 98 const char *name; 99 int retval; 100 int valtype; 101 const char *helpstr; 102 103The B<name> is the name of the option that the user would type. Options 104are words prefaced with a minus sign. If the user uses two minus signs, 105this is also accepted for compatibility with other GNU software. Some 106names are special, and are described below. 107 108The B<retval> is the value to return if the option is found. It should be 109one of the choices in the enumeration above. 110 111The B<valtype> defines what the option's parameter must be. It should 112be chosen from the following set: 113 114 \0 No value 115 '-' No value 116 's' A text string 117 '/' A directory 118 '<' Name of file to open for input 119 '>' Name of file to open for output 120 'n' A signed number that fits in the C<int> type 121 'p' A positive number that fits in the C<int> type 122 'N' A nonnegative number that fits in the C<int> type 123 'M' A signed number that fits in the C<intmax_t> type 124 'U' An unsigned number that fits in the C<uintmax_t> type 125 'l' A signed number that fits in the C<long> type 126 'u' An unsigned number that fits in the C<unsigned long> type 127 'c' File in PEM, DER, or S/MIME format 128 'F' A file in PEM or DER format 129 'E' Like 'F' but also allows ENGINE 130 'f' Any file format 131 132The B<helpstr> is what to display when the user uses the help option, 133which should be C<"help">. 134 135A program should declare its options right after the enumeration, 136and should follow the ordering of the enumeration as this helps 137readability and maintainability: 138 139 static OPTIONS my_options[] = { 140 {"help", OPT_HELP, '-', "Display this summary"}, 141 {"yes", OPT_YES, '-', "Print an affirmative reply"}, 142 {"count", OPT_COUNT, 'p', "Repeat count"}, 143 {"output" OPT_OFILE, '>', "Output file; default is stdout"}, 144 {NULL} 145 }; 146 147Note that the B<OPT_HELP> option is explicitly listed, and the list ends with 148an entry of all-null's. The other two special options, B<OPT_ERR> and B<OPT_EOF> 149should not appear in the array. 150 151If the help string is too long to fit into one line, it may be continued 152on multiple lines; each entry should use B<OPT_MORE_STR>, like this: 153 154 {"output" OPT_OFILE, '>', "Output file; default is stdout"}, 155 {OPT_MORE_STR, 0, 0, 156 "This flag is not really needed on Unix systems"}, 157 {OPT_MORE_STR, 0, 0, 158 "(Unix and descendents for the win!)"} 159 160Each subsequent line will be indented the correct amount. 161 162By default, the help display will include a standard prolog: 163 164 Usage: PROGRAM [options] 165 Valid options are: 166 ...detailed list of options... 167 168Sometimes there are parameters that should appear in the synopsis. 169Use B<OPT_HELP_STR> as the first entry in your array: 170 171 {OPT_HELP_STR, 1, '-', Usage: %s [options] [text...]\n"} 172 173The B<retval> and B<valtype> are ignored, and the B<helpstr> should 174follow the general construction as shown. The C<%s> will get the program 175name. 176 177If a command has a large set of options, it can be useful to break them 178into sections. Use the macro B<OPT_SECTION> or B<OPT_SECTION_STR> 179to indicate this. The two lines below are equivalent: 180 181 OPT_SECTION("Validation"), 182 {OPT_SECTION_STR, 1, '-', "Validation options:\n"}, 183 184In addition to providing help about options, you can provide a description 185of the parameters a command takes. These should appear at the end of 186the options and are indicated by using B<OPT_PARAM_STR> or the 187B<OPT_PARAMETERS> macro: 188 189 OPT_PARAMETERS() 190 {OPT_PARAM_STR, 1, '-', "Parameters:\n"} 191 192Every "option" after after this should contain the parameter and 193the help string: 194 195 {"text", 0, 0, "Words to display (optional)"}, 196 197=head2 Functions 198 199The opt_init() function takes the I<argc> and I<argv> arguments given to main() 200and a pointer I<o> to the list of options. It returns the simple program 201name, as defined by opt_progname(). 202 203The opt_progname() function takes the full pathname C<argv[0]> in its I<arg0> 204parameter and returns 205the simple short name of the executable, to be used for error messages and 206the like. 207 208The opt_appname() function takes in its I<argv0> parameter 209the "application" name (such 210as the specific command from L<openssl(1)> and appends it to the program 211name. This function should only be called once. 212 213The opt_getprog() function returns the value set by opt_appname(). 214 215The opt_help() function takes a list of option definitions and prints a 216nicely-formatted output. 217 218The opt_begin() function, which is called automatically by opt_init(), 219can be used to reset the option parsing loop. 220 221The opt_next() function is called, once opt_init() has been called, 222in a loop to fetch each option in turn. It returns -1, or B<OPT_EOF> when the 223end of arguments has been reached. This is typically done like this: 224 225 prog = opt_init(argc, argv, my_options); 226 while ((o = opt_next()) != OPT_EOF) { 227 switch (o) { 228 case OPT_EOF: 229 case OPT_ERR: 230 opthelp: 231 fprintf(stderr, "%s: Use -help for summary\n", prog); 232 exit(1); 233 case OPT_HELP: 234 opt_help(my_options); 235 exit(0); 236 ...other options... 237 } 238 } 239 240Within the option parsing loop, the following functions may be called. 241 242The opt_flag() function returns the most recent option name 243including the preceding C<->. 244 245The opt_arg() function returns the option's argument value, if there is one. 246 247The opt_unknown() function returns the unknown option. 248In an option list, there can be at most one option with the empty string. 249This is a "wildcard" or "unknown" option. For example, it allows an 250option to be be taken as digest algorithm, like C<-sha1>. The function 251opt_md() takes the specified I<name> and fills in the digest into I<mdp>. 252The functions opt_cipher(), opt_cipher_any() and opt_cipher_silent() 253each takes the specified I<name> and fills in the cipher into I<cipherp>. 254The function opt_cipher() only accepts ciphers which are not 255AEAD and are not using XTS mode. The functions opt_cipher_any() and 256opt_cipher_silent() accept any cipher, the latter not emitting an error 257if the cipher is not located. 258 259There are a several useful functions for parsing numbers. These are 260opt_int(), opt_long(), opt_ulong(), opt_intmax(), and opt_uintmax(). They all 261take C<0x> to mean hexadecimal and C<0> to mean octal, and will do the 262necessary range-checking. They return 1 if successful and fill in the 263C<result> pointer with the value, or 0 on error. Note that opt_next() 264will also do range-check on the argument if the appropriate B<valtype> 265field is specified for the option. This means that error-checking inside 266the C<switch> C<case> can often be elided. 267 268The opt_int_arg() function is a convenience abbreviation to opt_int(). 269It parses and returns an integer, assuming its range has been checked before. 270 271The opt_format() function takes a string value, 272such as used with the B<-informat> or similar option, and fills 273the value from the constants in F<fmt.h> file. 274 275The opt_isdir() function returns 1 if the specified I<name> is 276a directory, or 0 if not. 277 278The opt_string() function checks that I<name> appears in the 279NULL-terminated array of strings. It returns 1 if found, 280or prints a diagnostic and returns 0 if not. 281 282The opt_pair() function takes a list of I<pairs>, each of which 283has a text name and an integer. The specified I<name> is 284found on the list, it puts the index in I<*result>, and returns 2851. If not found, it returns 0. 286 287The following functions can be used after processing all the options. 288 289The opt_num_rest() function returns what is left. 290 291The opt_rest() function returns a pointer to the first non-option. 292If there were no parameters, it will point to the NULL that is 293at the end of the standard I<argv> array. 294 295The opt_legacy_okay() function returns true if no options have been 296specified that would preclude using legacy code paths. Currently, 297the various provider options preclude legacy operation. This means, 298for example, that specifying both B<-provider> and B<-engine> in the 299same command line will not work as expected. 300 301=head2 Common Options 302 303There are a few groups of options that are common to many OpenSSL programs. 304These are handled with sets of macros that define common option names 305and common code to handle them. The categories are identified by a 306letter: 307 308 V Validation 309 X Extended certificate 310 S TLS/SSL 311 R Random state 312 313The B<OPT_x_ENUM> macro is used to define the numeration values, where B<x> 314is one of the letters above. The B<OPT_x_OPTIONS> macro is used to 315list the set of common options, and the B<OPT_x_CASES> is used in 316the C<switch> statement. 317 318The common options are used throughout the sources for the OpenSSL commands. 319They are also used with common descriptions when generating the 320manpages, in the file F<doc/perlvars.pm>, which follow a similar naming 321convention. 322 323=head1 RETURN VALUES 324 325Detailed above. 326 327=head1 EXAMPLES 328 329The best examples can be found in sources for the commands in the F<apps> 330directory of the source tree. 331A notable exception is F<apps/cmp.c> which uses this API, but does 332things very differently. 333 334=head1 COPYRIGHT 335 336Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 337 338Licensed under the Apache License 2.0 (the "License"). You may not use this 339file except in compliance with the License. You can obtain a copy in the file 340LICENSE in the source distribution or at 341L<https://www.openssl.org/source/license.html>. 342 343=cut 344