TrustedComputingGroup
diff --git a/Diff for: ‎apps/asn1parse.c
+1-2 b/Diff for: ‎apps/asn1parse.c
+1-2
diff --git a/Diff for: ‎apps/ciphers.c
+2-3 b/Diff for: ‎apps/ciphers.c
+2-3
diff --git a/Diff for: ‎apps/cmp.c
+1-3 b/Diff for: ‎apps/cmp.c
+1-3
diff --git a/Diff for: ‎apps/cms.c
+2-4 b/Diff for: ‎apps/cms.c
+2-4
diff --git a/Diff for: ‎apps/crl.c
+3-6 b/Diff for: ‎apps/crl.c
+3-6
diff --git a/Diff for: ‎apps/crl2pkcs7.c
+1-2 b/Diff for: ‎apps/crl2pkcs7.c
+1-2
diff --git a/Diff for: ‎apps/dhparam.c
+1-1 b/Diff for: ‎apps/dhparam.c
+1-1
diff --git a/Diff for: ‎apps/dsa.c
+3-6 b/Diff for: ‎apps/dsa.c
+3-6
diff --git a/Diff for: ‎apps/dsaparam.c
+1-1 b/Diff for: ‎apps/dsaparam.c
+1-1
diff --git a/Diff for: ‎apps/ec.c
+3-6 b/Diff for: ‎apps/ec.c
+3-6
diff --git a/Diff for: ‎apps/ecparam.c
+1-2 b/Diff for: ‎apps/ecparam.c
+1-2
diff --git a/Diff for: ‎apps/enc.c
+3-6 b/Diff for: ‎apps/enc.c
+3-6
diff --git a/Diff for: ‎apps/fipsinstall.c
+5-2 b/Diff for: ‎apps/fipsinstall.c
+5-2
diff --git a/Diff for: ‎apps/gendsa.c
+4-7 b/Diff for: ‎apps/gendsa.c
+4-7
diff --git a/Diff for: ‎apps/genpkey.c
+7-5 b/Diff for: ‎apps/genpkey.c
+7-5
diff --git a/Diff for: ‎apps/genrsa.c
+3-6 b/Diff for: ‎apps/genrsa.c
+3-6
diff --git a/Diff for: ‎apps/include/opt.h
+2 b/Diff for: ‎apps/include/opt.h
+2
diff --git a/Diff for: ‎apps/info.c
+1-1 b/Diff for: ‎apps/info.c
+1-1
diff --git a/Diff for: ‎apps/lib/opt.c
+37-3 b/Diff for: ‎apps/lib/opt.c
+37-3
diff --git a/Diff for: ‎apps/list.c
+1-1 b/Diff for: ‎apps/list.c
+1-1
diff --git a/Diff for: ‎apps/mac.c
+2-3 b/Diff for: ‎apps/mac.c
+2-3
diff --git a/Diff for: ‎apps/nseq.c
+1-2 b/Diff for: ‎apps/nseq.c
+1-2
diff --git a/Diff for: ‎apps/ocsp.c
+1-2 b/Diff for: ‎apps/ocsp.c
+1-2
diff --git a/Diff for: ‎apps/openssl.c
+1-1 b/Diff for: ‎apps/openssl.c
+1-1
@@ -159,8 +159,7 @@ int asn1parse_main(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (oidfile != NULL) {
 
@@ -174,10 +174,9 @@ int ciphers_main(int argc, char **argv)
 
     /* Optional arg is cipher name. */
     argv = opt_rest();
-    argc = opt_num_rest();
-    if (argc == 1)
+    if (opt_num_rest() == 1)
         ciphers = argv[0];
-    else if (argc != 0)
+    else if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (convert != NULL) {
 
@@ -2552,9 +2552,7 @@ static int get_opts(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    argv = opt_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
     return 1;
 }
 
@@ -697,10 +697,8 @@ int cms_main(int argc, char **argv)
         if (!opt_md(digestname, &sign_md))
             goto end;
     }
-    if (ciphername != NULL) {
-        if (!opt_cipher_any(ciphername, &cipher))
-            goto end;
-    }
+    if (!opt_cipher_any(ciphername, &cipher))
+        goto end;
     if (wrapname != NULL) {
         if (!opt_cipher_any(wrapname, &wrap_cipher))
             goto end;
 
@@ -209,14 +209,11 @@ int crl_main(int argc, char **argv)
     }
 
     /* No remaining args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
-    if (digestname != NULL) {
-        if (!opt_md(digestname, &digest))
-            goto opthelp;
-    }
+    if (!opt_md(digestname, &digest))
+        goto opthelp;
     x = load_crl(infile, informat, 1, "CRL");
     if (x == NULL)
         goto end;
 
@@ -104,8 +104,7 @@ int crl2pkcs7_main(int argc, char **argv)
     }
 
     /* No remaining args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!nocrl) {
 
@@ -155,7 +155,7 @@ int dhparam_main(int argc, char **argv)
     if (argc == 1) {
         if (!opt_int(argv[0], &num) || num <= 0)
             goto opthelp;
-    } else if (argc != 0) {
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
     if (!app_RAND_load())
 
@@ -161,14 +161,11 @@ int dsa_main(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto end;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto end;
     private = pubin || pubout ? 0 : 1;
     if (text && !pubin)
         private = 1;
 
@@ -133,7 +133,7 @@ int dsaparam_main(int argc, char **argv)
     if (argc == 1) {
         if (!opt_int(argv[0], &num) || num < 0)
             goto opthelp;
-    } else if (argc != 0) {
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
     if (!app_RAND_load())
 
@@ -157,14 +157,11 @@ int ec_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto opthelp;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto opthelp;
     private = param_out || pubin || pubout ? 0 : 1;
     if (text && !pubin)
         private = 1;
 
@@ -186,8 +186,7 @@ int ecparam_main(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
 
@@ -289,17 +289,14 @@ int enc_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
     if (!app_RAND_load())
         goto end;
 
     /* Get the cipher name, either from progname (if set) or flag. */
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &cipher))
-            goto opthelp;
-    }
+    if (!opt_cipher(ciphername, &cipher))
+        goto opthelp;
     if (digestname != NULL) {
         if (!opt_md(digestname, &dgst))
             goto opthelp;
 
@@ -382,9 +382,12 @@ int fipsinstall_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0 || (verify && in_fname == NULL))
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
+    if (verify && in_fname == NULL) {
+        BIO_printf(bio_err, "Missing -in option for -verify\n");
+        goto opthelp;
+    }
 
     if (parent_config != NULL) {
         /* Test that a parent config can load the module */
 
@@ -101,19 +101,16 @@ int gendsa_main(int argc, char **argv)
     }
 
     /* One argument, the params file. */
-    argc = opt_num_rest();
-    argv = opt_rest();
-    if (argc != 1)
+    if (!opt_check_rest_arg("params file"))
         goto opthelp;
+    argv = opt_rest();
     dsaparams = argv[0];
 
     if (!app_RAND_load())
         goto end;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto end;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto end;
     private = 1;
 
     if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
 
@@ -139,8 +139,7 @@ int genpkey_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     /* Fetch cipher, etc. */
@@ -163,9 +162,12 @@ int genpkey_main(int argc, char **argv)
             goto end;
         }
     }
-    if (ciphername != NULL)
-        if (!opt_cipher(ciphername, &cipher) || do_param == 1)
-            goto opthelp;
+    if (!opt_cipher(ciphername, &cipher))
+        goto opthelp;
+    if (ciphername != NULL && do_param == 1) {
+        BIO_printf(bio_err, "Cannot use cipher with -genparam option\n");
+        goto opthelp;
+    }
 
     private = do_param ? 0 : 1;
 
 
@@ -157,19 +157,16 @@ int genrsa_main(int argc, char **argv)
                        "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
                        "         Your key size is %d! Larger key size may behave not as expected.\n",
                        OPENSSL_RSA_MAX_MODULUS_BITS, num);
-    } else if (argc > 0) {
-        BIO_printf(bio_err, "Extra arguments given.\n");
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
 
     if (!app_RAND_load())
         goto end;
 
     private = 1;
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto end;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto end;
     if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
         BIO_printf(bio_err, "Error getting password\n");
         goto end;
 
@@ -368,6 +368,7 @@ char *opt_unknown(void);
 int opt_cipher(const char *name, EVP_CIPHER **cipherp);
 int opt_cipher_any(const char *name, EVP_CIPHER **cipherp);
 int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
+int opt_check_md(const char *name);
 int opt_md(const char *name, EVP_MD **mdp);
 int opt_md_silent(const char *name, EVP_MD **mdp);
 
@@ -392,6 +393,7 @@ int opt_provider_option_given(void);
 
 char **opt_rest(void);
 int opt_num_rest(void);
+int opt_check_rest_arg(const char *expected);
 
 /* Returns non-zero if legacy paths are still available */
 int opt_legacy_okay(void);
 
@@ -86,7 +86,7 @@ int info_main(int argc, char **argv)
             break;
         }
     }
-    if (opt_num_rest() != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
     if (dirty > 1) {
         BIO_printf(bio_err, "%s: Only one item allowed\n", prog);
 
@@ -399,8 +399,10 @@ int opt_cipher_any(const char *name, EVP_CIPHER **cipherp)
 {
     int ret;
 
+    if (name == NULL)
+         return 1;
     if ((ret = opt_cipher_silent(name, cipherp)) == 0)
-        opt_printf_stderr("%s: Unknown cipher: %s\n", prog, name);
+        opt_printf_stderr("%s: Unknown option or cipher: %s\n", prog, name);
     return ret;
 }
 
@@ -410,6 +412,8 @@ int opt_cipher(const char *name, EVP_CIPHER **cipherp)
      unsigned long int flags;
      EVP_CIPHER *c = NULL;
 
+    if (name == NULL)
+         return 1;
      if (opt_cipher_any(name, &c)) {
         mode = EVP_CIPHER_get_mode(c);
         flags = EVP_CIPHER_get_flags(c);
@@ -454,12 +458,22 @@ int opt_md(const char *name, EVP_MD **mdp)
 {
     int ret;
 
+    if (name == NULL)
+        return 1;
     if ((ret = opt_md_silent(name, mdp)) == 0)
-        opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog,
-                          name != NULL ? name : "\"\"");
+        opt_printf_stderr("%s: Unknown option or message digest: %s\n",
+                          prog, name);
     return ret;
 }
 
+int opt_check_md(const char *name)
+{
+    if (opt_md(name, NULL))
+        return 1;
+    ERR_clear_error();
+    return 0;
+}
+
 /* Look through a list of name/value pairs. */
 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
 {
@@ -1013,6 +1027,26 @@ int opt_num_rest(void)
     return i;
 }
 
+int opt_check_rest_arg(const char *expected)
+{
+    char *opt = *opt_rest();
+
+    if (opt == NULL || *opt == '\0') {
+        if (expected == NULL)
+            return 1;
+        opt_printf_stderr("%s: Missing argument: %s\n", prog, expected);
+        return 0;
+    } else if (expected != NULL) {
+        return 1;
+    }
+    if (opt_unknown() == NULL)
+        opt_printf_stderr("%s: Extra option: \"%s\"\n", prog, opt);
+    else
+        opt_printf_stderr("%s: Extra (unknown) options: \"%s\" \"%s\"\n",
+                          prog, opt_unknown(), opt != NULL ? opt : "");
+    return 0;
+}
+
 /* Return a string describing the parameter type. */
 static const char *valtype2param(const OPTIONS *o)
 {
 
@@ -1647,7 +1647,7 @@ int list_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    if (opt_num_rest() != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (todo.commands)
 
@@ -137,10 +137,9 @@ int mac_main(int argc, char **argv)
     }
 
     /* One argument, the MAC name. */
-    argc = opt_num_rest();
-    argv = opt_rest();
-    if (argc != 1)
+    if (!opt_check_rest_arg("MAC name"))
         goto opthelp;
+    argv = opt_rest();
 
     mac = EVP_MAC_fetch(app_get0_libctx(), argv[0], app_get0_propq());
     if (mac == NULL) {
 
@@ -73,8 +73,7 @@ int nseq_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     in = bio_open_default(infile, 'r', FORMAT_PEM);
 
@@ -535,8 +535,7 @@ int ocsp_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (trailing_md) {
 
@@ -357,7 +357,7 @@ int help_main(int argc, char **argv)
         new_argv[2] = NULL;
         return do_cmd(prog_init(), 2, new_argv);
     }
-    if (opt_num_rest() != 0) {
+    if (!opt_check_rest_arg(NULL)) {
         BIO_printf(bio_err, "Usage: %s\n", prog);
         return 1;
     }
Original file line number	Diff line number	Diff line change
`@@ -159,8 +159,7 @@ int asn1parse_main(int argc, char **argv)`
`159`	`159`	`}`
`160`	`160`
`161`	`161`	`/* No extra args. */`
`162`		`- argc = opt_num_rest();`
`163`		`- if (argc != 0)`
	`162`	`+ if (!opt_check_rest_arg(NULL))`
`164`	`163`	`goto opthelp;`
`165`	`164`
`166`	`165`	`if (oidfile != NULL) {`
Original file line number	Diff line number	Diff line change
`@@ -2552,9 +2552,7 @@ static int get_opts(int argc, char **argv)`
`2552`	`2552`	`}`
`2553`	`2553`
`2554`	`2554`	`/* No extra args. */`
`2555`		`- argc = opt_num_rest();`
`2556`		`- argv = opt_rest();`
`2557`		`- if (argc != 0)`
	`2555`	`+ if (!opt_check_rest_arg(NULL))`
`2558`	`2556`	`goto opthelp;`
`2559`	`2557`	`return 1;`
`2560`	`2558`	`}`
Original file line number	Diff line number	Diff line change
`@@ -104,8 +104,7 @@ int crl2pkcs7_main(int argc, char **argv)`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`/* No remaining args. */`
`107`		`- argc = opt_num_rest();`
`108`		`- if (argc != 0)`
	`107`	`+ if (!opt_check_rest_arg(NULL))`
`109`	`108`	`goto opthelp;`
`110`	`109`
`111`	`110`	`if (!nocrl) {`
Original file line number	Diff line number	Diff line change
`@@ -155,7 +155,7 @@ int dhparam_main(int argc, char **argv)`
`155`	`155`	`if (argc == 1) {`
`156`	`156`	`if (!opt_int(argv[0], &num) \|\| num <= 0)`
`157`	`157`	`goto opthelp;`
`158`		`- } else if (argc != 0) {`
	`158`	`+ } else if (!opt_check_rest_arg(NULL)) {`
`159`	`159`	`goto opthelp;`
`160`	`160`	`}`
`161`	`161`	`if (!app_RAND_load())`
Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ int dsaparam_main(int argc, char **argv)`
`133`	`133`	`if (argc == 1) {`
`134`	`134`	`if (!opt_int(argv[0], &num) \|\| num < 0)`
`135`	`135`	`goto opthelp;`
`136`		`- } else if (argc != 0) {`
	`136`	`+ } else if (!opt_check_rest_arg(NULL)) {`
`137`	`137`	`goto opthelp;`
`138`	`138`	`}`
`139`	`139`	`if (!app_RAND_load())`
Original file line number	Diff line number	Diff line change
`@@ -186,8 +186,7 @@ int ecparam_main(int argc, char **argv)`
`186`	`186`	`}`
`187`	`187`
`188`	`188`	`/* No extra args. */`
`189`		`- argc = opt_num_rest();`
`190`		`- if (argc != 0)`
	`189`	`+ if (!opt_check_rest_arg(NULL))`
`191`	`190`	`goto opthelp;`
`192`	`191`
`193`	`192`	`if (!app_RAND_load())`
Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ int info_main(int argc, char **argv)`
`86`	`86`	`break;`
`87`	`87`	`}`
`88`	`88`	`}`
`89`		`- if (opt_num_rest() != 0)`
	`89`	`+ if (!opt_check_rest_arg(NULL))`
`90`	`90`	`goto opthelp;`
`91`	`91`	`if (dirty > 1) {`
`92`	`92`	`BIO_printf(bio_err, "%s: Only one item allowed\n", prog);`
Original file line number	Diff line number	Diff line change
`@@ -1647,7 +1647,7 @@ int list_main(int argc, char **argv)`
`1647`	`1647`	`}`
`1648`	`1648`
`1649`	`1649`	`/* No extra arguments. */`
`1650`		`- if (opt_num_rest() != 0)`
	`1650`	`+ if (!opt_check_rest_arg(NULL))`
`1651`	`1651`	`goto opthelp;`
`1652`	`1652`
`1653`	`1653`	`if (todo.commands)`
Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,7 @@ int nseq_main(int argc, char **argv)`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`/* No extra arguments. */`
`76`		`- argc = opt_num_rest();`
`77`		`- if (argc != 0)`
	`76`	`+ if (!opt_check_rest_arg(NULL))`
`78`	`77`	`goto opthelp;`
`79`	`78`
`80`	`79`	`in = bio_open_default(infile, 'r', FORMAT_PEM);`
Original file line number	Diff line number	Diff line change
`@@ -535,8 +535,7 @@ int ocsp_main(int argc, char **argv)`
`535`	`535`	`}`
`536`	`536`
`537`	`537`	`/* No extra arguments. */`
`538`		`- argc = opt_num_rest();`
`539`		`- if (argc != 0)`
	`538`	`+ if (!opt_check_rest_arg(NULL))`
`540`	`539`	`goto opthelp;`
`541`	`540`
`542`	`541`	`if (trailing_md) {`