[openssl] master update

dev at ddvo.net dev at ddvo.net
Tue Dec 7 14:27:16 UTC 2021


The branch master has been updated
       via  d9f073575fdb07b486cd1b38974cd177687ccc1e (commit)
      from  b0be101326f369f0dd547556d2f3eb3ef5ed0e33 (commit)


- Log -----------------------------------------------------------------
commit d9f073575fdb07b486cd1b38974cd177687ccc1e
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Fri Aug 27 15:33:18 2021 +0200

    APPS: Improve diagnostics on missing/extra args and unknown cipher/digest
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16450)

-----------------------------------------------------------------------

Summary of changes:
 apps/asn1parse.c   |  3 +--
 apps/ciphers.c     |  5 ++---
 apps/cmp.c         |  4 +---
 apps/cms.c         |  6 ++----
 apps/crl.c         |  9 +++------
 apps/crl2pkcs7.c   |  3 +--
 apps/dhparam.c     |  2 +-
 apps/dsa.c         |  9 +++------
 apps/dsaparam.c    |  2 +-
 apps/ec.c          |  9 +++------
 apps/ecparam.c     |  3 +--
 apps/enc.c         |  9 +++------
 apps/fipsinstall.c |  7 +++++--
 apps/gendsa.c      | 11 ++++-------
 apps/genpkey.c     | 12 +++++++-----
 apps/genrsa.c      |  9 +++------
 apps/include/opt.h |  2 ++
 apps/info.c        |  2 +-
 apps/lib/opt.c     | 40 +++++++++++++++++++++++++++++++++++++---
 apps/list.c        |  2 +-
 apps/mac.c         |  5 ++---
 apps/nseq.c        |  3 +--
 apps/ocsp.c        |  3 +--
 apps/openssl.c     |  2 +-
 apps/pkcs12.c      |  9 +++------
 apps/pkcs7.c       |  3 +--
 apps/pkcs8.c       |  3 +--
 apps/pkey.c        |  9 +++------
 apps/pkeyparam.c   |  3 +--
 apps/pkeyutl.c     |  3 +--
 apps/prime.c       |  8 ++++----
 apps/rand.c        |  2 +-
 apps/req.c         |  9 ++-------
 apps/rsa.c         |  9 +++------
 apps/rsautl.c      |  3 +--
 apps/s_client.c    |  5 ++---
 apps/s_server.c    |  3 +--
 apps/s_time.c      |  3 +--
 apps/sess_id.c     |  3 +--
 apps/smime.c       |  4 +---
 apps/spkac.c       |  3 +--
 apps/storeutl.c    | 11 ++++-------
 apps/ts.c          | 17 ++++++++++-------
 apps/version.c     |  3 +--
 apps/x509.c        |  6 ++++--
 45 files changed, 134 insertions(+), 147 deletions(-)

diff --git a/apps/asn1parse.c b/apps/asn1parse.c
index f0bfd1d45f..b456f13d94 100644
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -159,8 +159,7 @@ int asn1parse_main(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (oidfile != NULL) {
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 9c494224a1..dcf0d3fa1e 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -174,10 +174,9 @@ int ciphers_main(int argc, char **argv)
 
     /* Optional arg is cipher name. */
     argv = opt_rest();
-    argc = opt_num_rest();
-    if (argc == 1)
+    if (opt_num_rest() == 1)
         ciphers = argv[0];
-    else if (argc != 0)
+    else if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (convert != NULL) {
diff --git a/apps/cmp.c b/apps/cmp.c
index f646e3f7bc..5056d841d1 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2552,9 +2552,7 @@ static int get_opts(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    argv = opt_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
     return 1;
 }
diff --git a/apps/cms.c b/apps/cms.c
index 76c7896719..18671fdc30 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -697,10 +697,8 @@ int cms_main(int argc, char **argv)
         if (!opt_md(digestname, &sign_md))
             goto end;
     }
-    if (ciphername != NULL) {
-        if (!opt_cipher_any(ciphername, &cipher))
-            goto end;
-    }
+    if (!opt_cipher_any(ciphername, &cipher))
+        goto end;
     if (wrapname != NULL) {
         if (!opt_cipher_any(wrapname, &wrap_cipher))
             goto end;
diff --git a/apps/crl.c b/apps/crl.c
index 2158a107e5..8d353ff2af 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -209,14 +209,11 @@ int crl_main(int argc, char **argv)
     }
 
     /* No remaining args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
-    if (digestname != NULL) {
-        if (!opt_md(digestname, &digest))
-            goto opthelp;
-    }
+    if (!opt_md(digestname, &digest))
+        goto opthelp;
     x = load_crl(infile, informat, 1, "CRL");
     if (x == NULL)
         goto end;
diff --git a/apps/crl2pkcs7.c b/apps/crl2pkcs7.c
index fe59e65427..681c60285f 100644
--- a/apps/crl2pkcs7.c
+++ b/apps/crl2pkcs7.c
@@ -104,8 +104,7 @@ int crl2pkcs7_main(int argc, char **argv)
     }
 
     /* No remaining args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!nocrl) {
diff --git a/apps/dhparam.c b/apps/dhparam.c
index 0e90698cd6..9fe0eedfc2 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -155,7 +155,7 @@ int dhparam_main(int argc, char **argv)
     if (argc == 1) {
         if (!opt_int(argv[0], &num) || num <= 0)
             goto opthelp;
-    } else if (argc != 0) {
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
     if (!app_RAND_load())
diff --git a/apps/dsa.c b/apps/dsa.c
index 51c0284353..9605ed81e7 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -161,14 +161,11 @@ int dsa_main(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto end;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto end;
     private = pubin || pubout ? 0 : 1;
     if (text && !pubin)
         private = 1;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 8025b8be67..08f912340a 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -133,7 +133,7 @@ int dsaparam_main(int argc, char **argv)
     if (argc == 1) {
         if (!opt_int(argv[0], &num) || num < 0)
             goto opthelp;
-    } else if (argc != 0) {
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
     if (!app_RAND_load())
diff --git a/apps/ec.c b/apps/ec.c
index dcbef104ee..4573300a5e 100644
--- a/apps/ec.c
+++ b/apps/ec.c
@@ -157,14 +157,11 @@ int ec_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto opthelp;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto opthelp;
     private = param_out || pubin || pubout ? 0 : 1;
     if (text && !pubin)
         private = 1;
diff --git a/apps/ecparam.c b/apps/ecparam.c
index 12eed703de..9910d8c17e 100644
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@@ -186,8 +186,7 @@ int ecparam_main(int argc, char **argv)
     }
 
     /* No extra args. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
diff --git a/apps/enc.c b/apps/enc.c
index 3dd6098563..e71453c3c4 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -289,17 +289,14 @@ int enc_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
     if (!app_RAND_load())
         goto end;
 
     /* Get the cipher name, either from progname (if set) or flag. */
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &cipher))
-            goto opthelp;
-    }
+    if (!opt_cipher(ciphername, &cipher))
+        goto opthelp;
     if (digestname != NULL) {
         if (!opt_md(digestname, &dgst))
             goto opthelp;
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index 363631112e..5af007083a 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -382,9 +382,12 @@ opthelp:
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0 || (verify && in_fname == NULL))
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
+    if (verify && in_fname == NULL) {
+        BIO_printf(bio_err, "Missing -in option for -verify\n");
+        goto opthelp;
+    }
 
     if (parent_config != NULL) {
         /* Test that a parent config can load the module */
diff --git a/apps/gendsa.c b/apps/gendsa.c
index e5c9bc22ad..b9bc2f502b 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -101,19 +101,16 @@ int gendsa_main(int argc, char **argv)
     }
 
     /* One argument, the params file. */
-    argc = opt_num_rest();
-    argv = opt_rest();
-    if (argc != 1)
+    if (!opt_check_rest_arg("params file"))
         goto opthelp;
+    argv = opt_rest();
     dsaparams = argv[0];
 
     if (!app_RAND_load())
         goto end;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto end;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto end;
     private = 1;
 
     if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
diff --git a/apps/genpkey.c b/apps/genpkey.c
index d00754eeac..7f70a6baa2 100644
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@@ -139,8 +139,7 @@ int genpkey_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     /* Fetch cipher, etc. */
@@ -163,9 +162,12 @@ int genpkey_main(int argc, char **argv)
             goto end;
         }
     }
-    if (ciphername != NULL)
-        if (!opt_cipher(ciphername, &cipher) || do_param == 1)
-            goto opthelp;
+    if (!opt_cipher(ciphername, &cipher))
+        goto opthelp;
+    if (ciphername != NULL && do_param == 1) {
+        BIO_printf(bio_err, "Cannot use cipher with -genparam option\n");
+        goto opthelp;
+    }
 
     private = do_param ? 0 : 1;
 
diff --git a/apps/genrsa.c b/apps/genrsa.c
index e709ea38ce..1a6c67380f 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -157,8 +157,7 @@ opthelp:
                        "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
                        "         Your key size is %d! Larger key size may behave not as expected.\n",
                        OPENSSL_RSA_MAX_MODULUS_BITS, num);
-    } else if (argc > 0) {
-        BIO_printf(bio_err, "Extra arguments given.\n");
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
 
@@ -166,10 +165,8 @@ opthelp:
         goto end;
 
     private = 1;
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto end;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto end;
     if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
         BIO_printf(bio_err, "Error getting password\n");
         goto end;
diff --git a/apps/include/opt.h b/apps/include/opt.h
index 4f83a0ed53..9493901c44 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -368,6 +368,7 @@ char *opt_unknown(void);
 int opt_cipher(const char *name, EVP_CIPHER **cipherp);
 int opt_cipher_any(const char *name, EVP_CIPHER **cipherp);
 int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
+int opt_check_md(const char *name);
 int opt_md(const char *name, EVP_MD **mdp);
 int opt_md_silent(const char *name, EVP_MD **mdp);
 
@@ -392,6 +393,7 @@ int opt_provider_option_given(void);
 
 char **opt_rest(void);
 int opt_num_rest(void);
+int opt_check_rest_arg(const char *expected);
 
 /* Returns non-zero if legacy paths are still available */
 int opt_legacy_okay(void);
diff --git a/apps/info.c b/apps/info.c
index c68603652f..befc62dac1 100644
--- a/apps/info.c
+++ b/apps/info.c
@@ -86,7 +86,7 @@ opthelp:
             break;
         }
     }
-    if (opt_num_rest() != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
     if (dirty > 1) {
         BIO_printf(bio_err, "%s: Only one item allowed\n", prog);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index 157367982d..3925ec96c3 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -399,8 +399,10 @@ int opt_cipher_any(const char *name, EVP_CIPHER **cipherp)
 {
     int ret;
 
+    if (name == NULL)
+         return 1;
     if ((ret = opt_cipher_silent(name, cipherp)) == 0)
-        opt_printf_stderr("%s: Unknown cipher: %s\n", prog, name);
+        opt_printf_stderr("%s: Unknown option or cipher: %s\n", prog, name);
     return ret;
 }
 
@@ -410,6 +412,8 @@ int opt_cipher(const char *name, EVP_CIPHER **cipherp)
      unsigned long int flags;
      EVP_CIPHER *c = NULL;
 
+    if (name == NULL)
+         return 1;
      if (opt_cipher_any(name, &c)) {
         mode = EVP_CIPHER_get_mode(c);
         flags = EVP_CIPHER_get_flags(c);
@@ -454,12 +458,22 @@ int opt_md(const char *name, EVP_MD **mdp)
 {
     int ret;
 
+    if (name == NULL)
+        return 1;
     if ((ret = opt_md_silent(name, mdp)) == 0)
-        opt_printf_stderr("%s: Unknown option or message digest: %s\n", prog,
-                          name != NULL ? name : "\"\"");
+        opt_printf_stderr("%s: Unknown option or message digest: %s\n",
+                          prog, name);
     return ret;
 }
 
+int opt_check_md(const char *name)
+{
+    if (opt_md(name, NULL))
+        return 1;
+    ERR_clear_error();
+    return 0;
+}
+
 /* Look through a list of name/value pairs. */
 int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
 {
@@ -1013,6 +1027,26 @@ int opt_num_rest(void)
     return i;
 }
 
+int opt_check_rest_arg(const char *expected)
+{
+    char *opt = *opt_rest();
+
+    if (opt == NULL || *opt == '\0') {
+        if (expected == NULL)
+            return 1;
+        opt_printf_stderr("%s: Missing argument: %s\n", prog, expected);
+        return 0;
+    } else if (expected != NULL) {
+        return 1;
+    }
+    if (opt_unknown() == NULL)
+        opt_printf_stderr("%s: Extra option: \"%s\"\n", prog, opt);
+    else
+        opt_printf_stderr("%s: Extra (unknown) options: \"%s\" \"%s\"\n",
+                          prog, opt_unknown(), opt != NULL ? opt : "");
+    return 0;
+}
+
 /* Return a string describing the parameter type. */
 static const char *valtype2param(const OPTIONS *o)
 {
diff --git a/apps/list.c b/apps/list.c
index 9732d6625a..30bf2be919 100644
--- a/apps/list.c
+++ b/apps/list.c
@@ -1647,7 +1647,7 @@ opthelp:
     }
 
     /* No extra arguments. */
-    if (opt_num_rest() != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (todo.commands)
diff --git a/apps/mac.c b/apps/mac.c
index 08f06be867..8bd7ce2397 100644
--- a/apps/mac.c
+++ b/apps/mac.c
@@ -137,10 +137,9 @@ opthelp:
     }
 
     /* One argument, the MAC name. */
-    argc = opt_num_rest();
-    argv = opt_rest();
-    if (argc != 1)
+    if (!opt_check_rest_arg("MAC name"))
         goto opthelp;
+    argv = opt_rest();
 
     mac = EVP_MAC_fetch(app_get0_libctx(), argv[0], app_get0_propq());
     if (mac == NULL) {
diff --git a/apps/nseq.c b/apps/nseq.c
index d5524370f2..e66b58d957 100644
--- a/apps/nseq.c
+++ b/apps/nseq.c
@@ -73,8 +73,7 @@ int nseq_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     in = bio_open_default(infile, 'r', FORMAT_PEM);
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 841b5f7b81..b0d030a940 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -535,8 +535,7 @@ int ocsp_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (trailing_md) {
diff --git a/apps/openssl.c b/apps/openssl.c
index d61acbbc54..3497d51f4d 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -357,7 +357,7 @@ int help_main(int argc, char **argv)
         new_argv[2] = NULL;
         return do_cmd(prog_init(), 2, new_argv);
     }
-    if (opt_num_rest() != 0) {
+    if (!opt_check_rest_arg(NULL)) {
         BIO_printf(bio_err, "Usage: %s\n", prog);
         return 1;
     }
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index acc45c405a..65dcdad38a 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -356,17 +356,14 @@ int pkcs12_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
         goto end;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher_any(ciphername, &enc))
-            goto opthelp;
-    }
+    if (!opt_cipher_any(ciphername, &enc))
+        goto opthelp;
     if (export_pkcs12) {
         if ((options & INFO) != 0)
             WARN_EXPORT("info");
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index ba11e8151a..ac2dec152a 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -111,8 +111,7 @@ int pkcs7_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     in = bio_open_default(infile, 'r', informat);
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index 6b09b909eb..e3932245f3 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -193,8 +193,7 @@ int pkcs8_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     private = 1;
diff --git a/apps/pkey.c b/apps/pkey.c
index fb3899b08e..41a4c29897 100644
--- a/apps/pkey.c
+++ b/apps/pkey.c
@@ -171,8 +171,7 @@ int pkey_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (text && text_pub)
@@ -190,10 +189,8 @@ int pkey_main(int argc, char **argv)
 
     private = (!noout && !pubout) || (text && !text_pub);
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &cipher))
-            goto opthelp;
-    }
+    if (!opt_cipher(ciphername, &cipher))
+        goto opthelp;
     if (cipher == NULL) {
         if (passoutarg != NULL)
             BIO_printf(bio_err,
diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c
index 45647341ce..3722be4bf6 100644
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@@ -91,8 +91,7 @@ int pkeyparam_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     in = bio_open_default(infile, 'r', FORMAT_PEM);
diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
index d7290f7d48..9e18dfc0e9 100644
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@@ -253,8 +253,7 @@ int pkeyutl_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
diff --git a/apps/prime.c b/apps/prime.c
index e269493d5c..190254d90e 100644
--- a/apps/prime.c
+++ b/apps/prime.c
@@ -83,12 +83,12 @@ opthelp:
     }
 
     /* Optional arguments are numbers to check. */
+    if (generate && !opt_check_rest_arg(NULL))
+        goto opthelp;
     argc = opt_num_rest();
     argv = opt_rest();
-    if (generate) {
-        if (argc != 0)
-            goto opthelp;
-    } else if (argc == 0) {
+    if (!generate && argc == 0) {
+        BIO_printf(bio_err, "Missing number (s) to check\n");
         goto opthelp;
     }
 
diff --git a/apps/rand.c b/apps/rand.c
index cbf495d5bc..f99c91dbbf 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -95,7 +95,7 @@ int rand_main(int argc, char **argv)
     if (argc == 1) {
         if (!opt_int(argv[0], &num) || num <= 0)
             goto opthelp;
-    } else if (argc != 0) {
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
 
diff --git a/apps/req.c b/apps/req.c
index 274f839902..36ac493807 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -241,7 +241,6 @@ int req_main(int argc, char **argv)
     X509 *new_x509 = NULL, *CAcert = NULL;
     X509_REQ *req = NULL;
     EVP_CIPHER *cipher = NULL;
-    EVP_MD *md = NULL;
     int ext_copy = EXT_COPY_UNSET;
     BIO *addext_bio = NULL;
     char *extsect = NULL;
@@ -473,8 +472,7 @@ int req_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
@@ -533,11 +531,8 @@ int req_main(int argc, char **argv)
 
     /* Check that any specified digest is fetchable */
     if (digest != NULL) {
-        if (!opt_md(digest, &md)) {
-            ERR_clear_error();
+        if (!opt_check_md(digest))
             goto opthelp;
-        }
-        EVP_MD_free(md);
     } else {
         /* No digest specified, default to configuration */
         p = NCONF_get_string(req_conf, section, "default_md");
diff --git a/apps/rsa.c b/apps/rsa.c
index 05a091ce4b..fb73173428 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -217,14 +217,11 @@ int rsa_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
-    if (ciphername != NULL) {
-        if (!opt_cipher(ciphername, &enc))
-            goto opthelp;
-    }
+    if (!opt_cipher(ciphername, &enc))
+        goto opthelp;
     private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
 
     if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
diff --git a/apps/rsautl.c b/apps/rsautl.c
index ae0206014d..c428bf18b4 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -169,8 +169,7 @@ int rsautl_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
diff --git a/apps/s_client.c b/apps/s_client.c
index e0748496de..b905fbd3ec 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -1473,8 +1473,7 @@ int s_client_main(int argc, char **argv)
     }
 
     /* Optional argument is connect string if -connect not used. */
-    argc = opt_num_rest();
-    if (argc == 1) {
+    if (opt_num_rest() == 1) {
         /* Don't allow -connect and a separate argument. */
         if (connectstr != NULL) {
             BIO_printf(bio_err,
@@ -1484,7 +1483,7 @@ int s_client_main(int argc, char **argv)
         }
         connect_type = use_inet;
         freeandcopy(&connectstr, *opt_rest());
-    } else if (argc != 0) {
+    } else if (!opt_check_rest_arg(NULL)) {
         goto opthelp;
     }
     if (!app_RAND_load())
diff --git a/apps/s_server.c b/apps/s_server.c
index d60a1f3c85..6b0e013ca7 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1648,8 +1648,7 @@ int s_server_main(int argc, char *argv[])
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
diff --git a/apps/s_time.c b/apps/s_time.c
index 1a58e19de5..1c6ed78b2c 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -234,8 +234,7 @@ int s_time_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (cipher == NULL)
diff --git a/apps/sess_id.c b/apps/sess_id.c
index 714c0f7787..54b3d05563 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -98,8 +98,7 @@ int sess_id_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     x = load_sess_id(infile, informat);
diff --git a/apps/smime.c b/apps/smime.c
index a2ff0b5be7..6cf6ab3a45 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -366,10 +366,8 @@ int smime_main(int argc, char **argv)
         if (!opt_md(digestname, &sign_md))
             goto opthelp;
     }
-    if (ciphername != NULL) {
-        if (!opt_cipher_any(ciphername, &cipher))
+    if (!opt_cipher_any(ciphername, &cipher))
             goto opthelp;
-    }
     if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
         BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
         goto opthelp;
diff --git a/apps/spkac.c b/apps/spkac.c
index d92be7d645..b389d9afce 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -133,8 +133,7 @@ int spkac_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_passwd(passinarg, NULL, &passin, NULL)) {
diff --git a/apps/storeutl.c b/apps/storeutl.c
index 1368caae92..8d1ce3cea3 100644
--- a/apps/storeutl.c
+++ b/apps/storeutl.c
@@ -258,15 +258,12 @@ int storeutl_main(int argc, char *argv[])
     }
 
     /* One argument, the URI */
-    argc = opt_num_rest();
-    argv = opt_rest();
-    if (argc != 1)
+    if (!opt_check_rest_arg("URI"))
         goto opthelp;
+    argv = opt_rest();
 
-    if (digestname != NULL) {
-        if (!opt_md(digestname, &digest))
-            goto opthelp;
-    }
+    if (!opt_md(digestname, &digest))
+        goto opthelp;
 
     if (criterion != 0) {
         switch (criterion) {
diff --git a/apps/ts.c b/apps/ts.c
index e65d223348..8e58ef00b4 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -204,8 +204,10 @@ int ts_main(int argc, char **argv)
         case OPT_QUERY:
         case OPT_REPLY:
         case OPT_VERIFY:
-            if (mode != OPT_ERR)
+            if (mode != OPT_ERR) {
+                BIO_printf(bio_err, "%s: Must give only one of -query, -reply, or -verify\n", prog);
                 goto opthelp;
+            }
             mode = o;
             break;
         case OPT_DATA:
@@ -288,17 +290,18 @@ int ts_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0 || mode == OPT_ERR)
+    if (!opt_check_rest_arg(NULL))
+        goto opthelp;
+    if (mode == OPT_ERR) {
+        BIO_printf(bio_err, "%s: Must give one of -query, -reply, or -verify\n", prog);
         goto opthelp;
+    }
 
     if (!app_RAND_load())
         goto end;
 
-    if (digestname != NULL) {
-        if (!opt_md(digestname, &md))
-            goto opthelp;
-    }
+    if (!opt_md(digestname, &md))
+        goto opthelp;
     if (mode == OPT_REPLY && passin &&
         !app_passwd(passin, NULL, &password, NULL)) {
         BIO_printf(bio_err, "Error getting password.\n");
diff --git a/apps/version.c b/apps/version.c
index cab17a46bf..7185e9edcd 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -99,8 +99,7 @@ opthelp:
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!dirty)
diff --git a/apps/x509.c b/apps/x509.c
index 28fa769a01..188bc17a09 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -594,13 +594,15 @@ int x509_main(int argc, char **argv)
     }
 
     /* No extra arguments. */
-    argc = opt_num_rest();
-    if (argc != 0)
+    if (!opt_check_rest_arg(NULL))
         goto opthelp;
 
     if (!app_RAND_load())
         goto end;
 
+    if (!opt_check_md(digest))
+        goto opthelp;
+
     if (preserve_dates && days != UNSET_DAYS) {
         BIO_printf(bio_err, "Cannot use -preserve_dates with -days option\n");
         goto err;


More information about the openssl-commits mailing list