xref: /freebsd/crypto/openssl/doc/internal/man3/OPTIONS.pod (revision e9ac41698b2f322d55ccf9da50a3596edb2c1800)
1=pod
2
3=head1 NAME
4
5OPTIONS, OPT_PAIR, OPT_COMMON, OPT_ERR, OPT_EOF, OPT_HELP,
6opt_init, opt_progname, opt_appname, opt_getprog, opt_help,
7opt_begin, opt_next, opt_flag, opt_arg, opt_unknown, opt_cipher,
8opt_cipher_any, opt_cipher_silent, opt_md,
9opt_int, opt_int_arg, opt_long, opt_ulong, opt_intmax, opt_uintmax,
10opt_format, opt_isdir, opt_string, opt_pair,
11opt_num_rest, opt_rest, opt_legacy_okay
12- Option parsing for commands and tests
13
14=head1 SYNOPSIS
15
16 #include "opt.h"
17
18 typedef struct { ... }  OPTIONS;
19 typedef struct { ... } OPT_PAIR;
20 #define OPT_COMMON
21 #define OPT_ERR
22 #define OPT_EOF
23 #define OPT_HELP
24
25 char *opt_init(int argc, char **argv, const OPTIONS *o);
26 char *opt_progname(const char *argv0);
27 char *opt_appname(const char *argv0);
28 char *opt_getprog(void);
29 void opt_help(const OPTIONS *list);
30
31 void opt_begin(void);
32 int opt_next(void);
33 char *opt_flag(void);
34 char *opt_arg(void);
35 char *opt_unknown(void);
36 int opt_cipher(const char *name, EVP_CIPHER **cipherp);
37 int opt_cipher_any(const char *name, EVP_CIPHER **cipherp);
38 int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
39 int opt_md(const char *name, EVP_MD **mdp);
40
41 int opt_int(const char *value, int *result);
42 int opt_int_arg(void);
43 int opt_long(const char *value, long *result);
44 int opt_ulong(const char *value, unsigned long *result);
45 int opt_intmax(const char *value, intmax_t *result);
46 int opt_uintmax(const char *value, uintmax_t *result);
47
48 int opt_format(const char *s, unsigned long flags, int *result);
49 int opt_isdir(const char *name);
50 int opt_string(const char *name, const char **options);
51 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result);
52
53 int opt_num_rest(void);
54 char **opt_rest(void);
55
56 int opt_legacy_okay(void);
57
58=head1 DESCRIPTION
59
60The functions on this page provide a common set of option-parsing for
61the OpenSSL command and the internal test programs.
62It is intended to be used like the standard getopt(3) routine, except
63that multi-character flag names are supported, and a variety of parsing
64and other utility functions are also provided.
65
66Programs that use this should make sure to set the appropriate C<-I>
67flag.
68
69These routines expect a global B<BIO> named B<bio_err> to point to
70the equivalent of B<stderr>. This is already done in the OpenSSL
71application.
72
73=head2 Data Types
74
75Each program should define, near the main() routine, an enumeration
76that is the set of options the program accepts. For example:
77
78    typedef enum OPTION_choice {
79        OPT_COMMON,
80        OPT_YES, OPT_NAME, OPT_COUNT, OPT_OFILE,
81        ...
82    } OPTION_CHOICE;
83
84The first two lines must appear exactly as shown.
85OPT_COMMON is a macro that expands to C<OPT_ERR = -1, OPT_EOF = 0, OPT_HELP>.
86In addition to defining symbolic names for the constants that opt_next()
87returns, it also helps guarantee that every command has a C<-help> option.
88The third line is a sample
89set of flags, and the closing C<typedef> name is used for error-checking
90as discussed below.
91By declaring the variable as an C<OPTION_CHOICE>, with the right warning
92flags, the compiler could check that all specified options are handled.
93
94The B<OPTIONS> C<typedef> specifies an option: what type of argument
95it takes (if any), and an optional "help" string.  It is a C<struct>
96containing these fields:
97
98    const char *name;
99    int retval;
100    int valtype;
101    const char *helpstr;
102
103The B<name> is the name of the option that the user would type. Options
104are words prefaced with a minus sign. If the user uses two minus signs,
105this is also accepted for compatibility with other GNU software. Some
106names are special, and are described below.
107
108The B<retval> is the value to return if the option is found. It should be
109one of the choices in the enumeration above.
110
111The B<valtype> defines what the option's parameter must be. It should
112be chosen from the following set:
113
114    \0  No value
115    '-' No value
116    's' A text string
117    '/' A directory
118    '<' Name of file to open for input
119    '>' Name of file to open for output
120    'n' A signed number that fits in the C<int> type
121    'p' A positive number that fits in the C<int> type
122    'N' A nonnegative number that fits in the C<int> type
123    'M' A signed number that fits in the C<intmax_t> type
124    'U' An unsigned number that fits in the C<uintmax_t> type
125    'l' A signed number that fits in the C<long> type
126    'u' An unsigned number that fits in the C<unsigned long> type
127    'c' File in PEM, DER, or S/MIME format
128    'F' A file in PEM or DER format
129    'E' Like 'F' but also allows ENGINE
130    'f' Any file format
131
132The B<helpstr> is what to display when the user uses the help option,
133which should be C<"help">.
134
135A program should declare its options right after the enumeration,
136and should follow the ordering of the enumeration as this helps
137readability and maintainability:
138
139    static OPTIONS my_options[] = {
140        {"help", OPT_HELP, '-', "Display this summary"},
141        {"yes", OPT_YES, '-', "Print an affirmative reply"},
142        {"count", OPT_COUNT, 'p', "Repeat count"},
143        {"output" OPT_OFILE, '>', "Output file; default is stdout"},
144        {NULL}
145    };
146
147Note that the B<OPT_HELP> option is explicitly listed, and the list ends with
148an entry of all-null's. The other two special options, B<OPT_ERR> and B<OPT_EOF>
149should not appear in the array.
150
151If the help string is too long to fit into one line, it may be continued
152on multiple lines; each entry should use B<OPT_MORE_STR>, like this:
153
154        {"output" OPT_OFILE, '>', "Output file; default is stdout"},
155        {OPT_MORE_STR, 0, 0,
156         "This flag is not really needed on Unix systems"},
157        {OPT_MORE_STR, 0, 0,
158         "(Unix and descendents for the win!)"}
159
160Each subsequent line will be indented the correct amount.
161
162By default, the help display will include a standard prolog:
163
164    Usage: PROGRAM [options]
165    Valid options are:
166    ...detailed list of options...
167
168Sometimes there are parameters that should appear in the synopsis.
169Use B<OPT_HELP_STR> as the first entry in your array:
170
171    {OPT_HELP_STR, 1, '-', Usage: %s [options] [text...]\n"}
172
173The B<retval> and B<valtype> are ignored, and the B<helpstr> should
174follow the general construction as shown. The C<%s> will get the program
175name.
176
177If a command has a large set of options, it can be useful to break them
178into sections.  Use the macro B<OPT_SECTION> or B<OPT_SECTION_STR>
179to indicate this. The two lines below are equivalent:
180
181    OPT_SECTION("Validation"),
182    {OPT_SECTION_STR, 1, '-', "Validation options:\n"},
183
184In addition to providing help about options, you can provide a description
185of the parameters a command takes. These should appear at the end of
186the options and are indicated by using B<OPT_PARAM_STR> or the
187B<OPT_PARAMETERS> macro:
188
189    OPT_PARAMETERS()
190    {OPT_PARAM_STR, 1, '-', "Parameters:\n"}
191
192Every "option" after after this should contain the parameter and
193the help string:
194
195    {"text", 0, 0, "Words to display (optional)"},
196
197=head2 Functions
198
199The opt_init() function takes the I<argc> and I<argv> arguments given to main()
200and a pointer I<o> to the list of options. It returns the simple program
201name, as defined by opt_progname().
202
203The opt_progname() function takes the full pathname C<argv[0]> in its I<arg0>
204parameter and returns
205the simple short name of the executable, to be used for error messages and
206the like.
207
208The opt_appname() function takes in its I<argv0> parameter
209the "application" name (such
210as the specific command from L<openssl(1)> and appends it to the program
211name. This function should only be called once.
212
213The opt_getprog() function returns the value set by opt_appname().
214
215The opt_help() function takes a list of option definitions and prints a
216nicely-formatted output.
217
218The opt_begin() function, which is called automatically by opt_init(),
219can be used to reset the option parsing loop.
220
221The opt_next() function is called, once opt_init() has been called,
222in a loop to fetch each option in turn. It returns -1, or B<OPT_EOF> when the
223end of arguments has been reached. This is typically done like this:
224
225    prog = opt_init(argc, argv, my_options);
226    while ((o = opt_next()) != OPT_EOF) {
227        switch (o) {
228        case OPT_EOF:
229        case OPT_ERR:
230    opthelp:
231            fprintf(stderr, "%s: Use -help for summary\n", prog);
232            exit(1);
233        case OPT_HELP:
234            opt_help(my_options);
235            exit(0);
236        ...other options...
237        }
238    }
239
240Within the option parsing loop, the following functions may be called.
241
242The opt_flag() function returns the most recent option name
243including the preceding C<->.
244
245The opt_arg() function returns the option's argument value, if there is one.
246
247The opt_unknown() function returns the unknown option.
248In an option list, there can be at most one option with the empty string.
249This is a "wildcard" or "unknown" option. For example, it allows an
250option to be be taken as digest algorithm, like C<-sha1>. The function
251opt_md() takes the specified I<name> and fills in the digest into I<mdp>.
252The functions opt_cipher(), opt_cipher_any() and opt_cipher_silent()
253each takes the specified I<name> and fills in the cipher into I<cipherp>.
254The function opt_cipher() only accepts ciphers which are not
255AEAD and are not using XTS mode.  The functions opt_cipher_any() and
256opt_cipher_silent() accept any cipher, the latter not emitting an error
257if the cipher is not located.
258
259There are a several useful functions for parsing numbers.  These are
260opt_int(), opt_long(), opt_ulong(), opt_intmax(), and opt_uintmax().  They all
261take C<0x> to mean hexadecimal and C<0> to mean octal, and will do the
262necessary range-checking. They return 1 if successful and fill in the
263C<result> pointer with the value, or 0 on error. Note that opt_next()
264will also do range-check on the argument if the appropriate B<valtype>
265field is specified for the option. This means that error-checking inside
266the C<switch> C<case> can often be elided.
267
268The opt_int_arg() function is a convenience abbreviation to opt_int().
269It parses and returns an integer, assuming its range has been checked before.
270
271The opt_format() function takes a string value,
272such as used with the B<-informat> or similar option, and fills
273the value from the constants in F<fmt.h> file.
274
275The opt_isdir() function returns 1 if the specified I<name> is
276a directory, or 0 if not.
277
278The opt_string() function checks that I<name> appears in the
279NULL-terminated array of strings. It returns 1 if found,
280or prints a diagnostic and returns 0 if not.
281
282The opt_pair() function takes a list of I<pairs>, each of which
283has a text name and an integer. The specified I<name> is
284found on the list, it puts the index in I<*result>, and returns
2851. If not found, it returns 0.
286
287The following functions can be used after processing all the options.
288
289The opt_num_rest() function returns what is left.
290
291The opt_rest() function returns a pointer to the first non-option.
292If there were no parameters, it will point to the NULL that is
293at the end of the standard I<argv> array.
294
295The opt_legacy_okay() function returns true if no options have been
296specified that would preclude using legacy code paths.  Currently,
297the various provider options preclude legacy operation.  This means,
298for example, that specifying both B<-provider> and B<-engine> in the
299same command line will not work as expected.
300
301=head2 Common Options
302
303There are a few groups of options that are common to many OpenSSL programs.
304These are handled with sets of macros that define common option names
305and common code to handle them.  The categories are identified by a
306letter:
307
308    V   Validation
309    X   Extended certificate
310    S   TLS/SSL
311    R   Random state
312
313The B<OPT_x_ENUM> macro is used to define the numeration values, where B<x>
314is one of the letters above.  The B<OPT_x_OPTIONS> macro is used to
315list the set of common options, and the B<OPT_x_CASES> is used in
316the C<switch> statement.
317
318The common options are used throughout the sources for the OpenSSL commands.
319They are also used with common descriptions when generating the
320manpages, in the file F<doc/perlvars.pm>, which follow a similar naming
321convention.
322
323=head1 RETURN VALUES
324
325Detailed above.
326
327=head1 EXAMPLES
328
329The best examples can be found in sources for the commands in the F<apps>
330directory of the source tree.
331A notable exception is F<apps/cmp.c> which uses this API, but does
332things very differently.
333
334=head1 COPYRIGHT
335
336Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
337
338Licensed under the Apache License 2.0 (the "License").  You may not use this
339file except in compliance with the License.  You can obtain a copy in the file
340LICENSE in the source distribution or at
341L<https://www.openssl.org/source/license.html>.
342
343=cut
344