Skip to content

Commit

Permalink
Merge pull request #8118 from gilles-peskine-arm/ssl-progs-usage-2.28
Browse files Browse the repository at this point in the history
Backport 2.28: Fix usage & error reporting in SSL programs
  • Loading branch information
gilles-peskine-arm authored Oct 25, 2023
2 parents 37b8478 + fc8ad27 commit f38e2fe
Show file tree
Hide file tree
Showing 2 changed files with 100 additions and 52 deletions.
76 changes: 50 additions & 26 deletions programs/ssl/ssl_client2.c
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ int main(void)
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n"
"\n"

#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
Expand Down Expand Up @@ -767,31 +767,6 @@ int main(int argc, char *argv[])
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */

if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
}

mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);

list = mbedtls_ssl_list_ciphersuites();
while (*list) {
mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (!*list) {
break;
}
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
}
mbedtls_printf("\n");
goto exit;
}

opt.server_name = DFL_SERVER_NAME;
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
Expand Down Expand Up @@ -864,9 +839,54 @@ int main(int argc, char *argv[])
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.mki = DFL_SRTP_MKI;

p = q = NULL;
if (argc < 1) {
usage:
if (p != NULL && q != NULL) {
printf("unrecognized value for '%s': '%s'\n", p, q);
} else if (p != NULL && q == NULL) {
printf("unrecognized param: '%s'\n", p);
}

mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
mbedtls_printf(" ssl_client2 help[_theme]\n");
mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
mbedtls_printf("\n");

if (ret == 0) {
ret = 1;
}
goto exit;
}

for (i = 1; i < argc; i++) {
p = argv[i];

if (strcmp(p, "help") == 0) {
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);

ret = 0;
goto exit;
}
if (strcmp(p, "help_ciphersuites") == 0) {
mbedtls_printf(" acceptable ciphersuite names:\n");
for (list = mbedtls_ssl_list_ciphersuites();
*list != 0;
list++) {
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
}

ret = 0;
goto exit;
}

if ((q = strchr(p, '=')) == NULL) {
mbedtls_printf("param requires a value: '%s'\n", p);
p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
Expand Down Expand Up @@ -1226,9 +1246,13 @@ int main(int argc, char *argv[])
} else if (strcmp(p, "mki") == 0) {
opt.mki = q;
} else {
/* This signals that the problem is with p not q */
q = NULL;
goto usage;
}
}
/* This signals that any further errors are not with a single option */
p = q = NULL;

if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
Expand Down
76 changes: 50 additions & 26 deletions programs/ssl/ssl_server2.c
Original file line number Diff line number Diff line change
Expand Up @@ -535,7 +535,7 @@ int main(void)
" otherwise. The expansion of the macro\n" \
" is printed if it is defined\n" \
USAGE_SERIALIZATION \
" acceptable ciphersuite names:\n"
"\n"

#define ALPN_LIST_SIZE 10
#define CURVE_LIST_SIZE 20
Expand Down Expand Up @@ -1449,31 +1449,6 @@ int main(int argc, char *argv[])
signal(SIGINT, term_handler);
#endif

if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
}

mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);

list = mbedtls_ssl_list_ciphersuites();
while (*list) {
mbedtls_printf(" %-42s", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
if (!*list) {
break;
}
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
list++;
}
mbedtls_printf("\n");
goto exit;
}

opt.buffer_size = DFL_IO_BUF_LEN;
opt.server_addr = DFL_SERVER_ADDR;
opt.server_port = DFL_SERVER_PORT;
Expand Down Expand Up @@ -1557,9 +1532,54 @@ int main(int argc, char *argv[])
opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
opt.support_mki = DFL_SRTP_SUPPORT_MKI;

p = q = NULL;
if (argc < 1) {
usage:
if (p != NULL && q != NULL) {
printf("unrecognized value for '%s': '%s'\n", p, q);
} else if (p != NULL && q == NULL) {
printf("unrecognized param: '%s'\n", p);
}

mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
mbedtls_printf(" ssl_client2 help[_theme]\n");
mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
mbedtls_printf("\n");

if (ret == 0) {
ret = 1;
}
goto exit;
}

for (i = 1; i < argc; i++) {
p = argv[i];

if (strcmp(p, "help") == 0) {
mbedtls_printf(USAGE1);
mbedtls_printf(USAGE2);
mbedtls_printf(USAGE3);
mbedtls_printf(USAGE4);

ret = 0;
goto exit;
}
if (strcmp(p, "help_ciphersuites") == 0) {
mbedtls_printf(" acceptable ciphersuite names:\n");
for (list = mbedtls_ssl_list_ciphersuites();
*list != 0;
list++) {
mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
}

ret = 0;
goto exit;
}

if ((q = strchr(p, '=')) == NULL) {
mbedtls_printf("param requires a value: '%s'\n", p);
p = NULL; // avoid "unrecnognized param" message
goto usage;
}
*q++ = '\0';
Expand Down Expand Up @@ -1949,9 +1969,13 @@ int main(int argc, char *argv[])
} else if (strcmp(p, "support_mki") == 0) {
opt.support_mki = atoi(q);
} else {
/* This signals that the problem is with p not q */
q = NULL;
goto usage;
}
}
/* This signals that any further erorrs are not with a single option */
p = q = NULL;

if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
Expand Down

0 comments on commit f38e2fe

Please sign in to comment.