1
/*
2
 * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
#ifndef OSSL_APPS_OPT_H
10
#define OSSL_APPS_OPT_H
11

12
#include <sys/types.h>
13
#include <openssl/e_os2.h>
14
#include <openssl/types.h>
15
#include <stdarg.h>
16

17
#define OPT_COMMON OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
18

19
/*
20
 * Common verification options.
21
 */
22
# define OPT_V_ENUM \
23
        OPT_V__FIRST=2000, \
24
        OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
25
        OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
26
        OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
27
        OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
28
        OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
29
        OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
30
        OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
31
        OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
32
        OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
33
        OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
34
        OPT_V__LAST
35

36
# define OPT_V_OPTIONS \
37
        OPT_SECTION("Validation"), \
38
        { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
39
        { "purpose", OPT_V_PURPOSE, 's', \
40
            "certificate chain purpose"}, \
41
        { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
42
        { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
43
            "chain depth limit" }, \
44
        { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
45
            "chain authentication security level" }, \
46
        { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
47
        { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
48
            "expected peer hostname" }, \
49
        { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
50
            "expected peer email" }, \
51
        { "verify_ip", OPT_V_VERIFY_IP, 's', \
52
            "expected peer IP address" }, \
53
        { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
54
            "permit unhandled critical extensions"}, \
55
        { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
56
        { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
57
        { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
58
        { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
59
        { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
60
            "set policy variable require-explicit-policy"}, \
61
        { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
62
            "set policy variable inhibit-any-policy"}, \
63
        { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
64
            "set policy variable inhibit-policy-mapping"}, \
65
        { "x509_strict", OPT_V_X509_STRICT, '-', \
66
            "disable certificate compatibility work-arounds"}, \
67
        { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
68
            "enable extended CRL features"}, \
69
        { "use_deltas", OPT_V_USE_DELTAS, '-', \
70
            "use delta CRLs"}, \
71
        { "policy_print", OPT_V_POLICY_PRINT, '-', \
72
            "print policy processing diagnostics"}, \
73
        { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
74
            "check root CA self-signatures"}, \
75
        { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
76
            "search trust store first (default)" }, \
77
        { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
78
        { "suiteB_128", OPT_V_SUITEB_128, '-', \
79
            "Suite B 128-bit mode allowing 192-bit algorithms"}, \
80
        { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
81
        { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
82
            "accept chains anchored by intermediate trust-store CAs"}, \
83
        { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
84
        { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
85
        { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
86

87
# define OPT_V_CASES \
88
        OPT_V__FIRST: case OPT_V__LAST: break; \
89
        case OPT_V_POLICY: \
90
        case OPT_V_PURPOSE: \
91
        case OPT_V_VERIFY_NAME: \
92
        case OPT_V_VERIFY_DEPTH: \
93
        case OPT_V_VERIFY_AUTH_LEVEL: \
94
        case OPT_V_ATTIME: \
95
        case OPT_V_VERIFY_HOSTNAME: \
96
        case OPT_V_VERIFY_EMAIL: \
97
        case OPT_V_VERIFY_IP: \
98
        case OPT_V_IGNORE_CRITICAL: \
99
        case OPT_V_ISSUER_CHECKS: \
100
        case OPT_V_CRL_CHECK: \
101
        case OPT_V_CRL_CHECK_ALL: \
102
        case OPT_V_POLICY_CHECK: \
103
        case OPT_V_EXPLICIT_POLICY: \
104
        case OPT_V_INHIBIT_ANY: \
105
        case OPT_V_INHIBIT_MAP: \
106
        case OPT_V_X509_STRICT: \
107
        case OPT_V_EXTENDED_CRL: \
108
        case OPT_V_USE_DELTAS: \
109
        case OPT_V_POLICY_PRINT: \
110
        case OPT_V_CHECK_SS_SIG: \
111
        case OPT_V_TRUSTED_FIRST: \
112
        case OPT_V_SUITEB_128_ONLY: \
113
        case OPT_V_SUITEB_128: \
114
        case OPT_V_SUITEB_192: \
115
        case OPT_V_PARTIAL_CHAIN: \
116
        case OPT_V_NO_ALT_CHAINS: \
117
        case OPT_V_NO_CHECK_TIME: \
118
        case OPT_V_ALLOW_PROXY_CERTS
119

120
/*
121
 * Common "extended validation" options.
122
 */
123
# define OPT_X_ENUM \
124
        OPT_X__FIRST=1000, \
125
        OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
126
        OPT_X_CERTFORM, OPT_X_KEYFORM, \
127
        OPT_X__LAST
128

129
# define OPT_X_OPTIONS \
130
        OPT_SECTION("Extended certificate"), \
131
        { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
132
        { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
133
        { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
134
        { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
135
            "build certificate chain for the extended certificates"}, \
136
        { "xcertform", OPT_X_CERTFORM, 'F', \
137
            "format of Extended certificate (PEM/DER/P12); has no effect" }, \
138
        { "xkeyform", OPT_X_KEYFORM, 'F', \
139
            "format of Extended certificate's key (DER/PEM/P12); has no effect"}
140

141
# define OPT_X_CASES \
142
        OPT_X__FIRST: case OPT_X__LAST: break; \
143
        case OPT_X_KEY: \
144
        case OPT_X_CERT: \
145
        case OPT_X_CHAIN: \
146
        case OPT_X_CHAIN_BUILD: \
147
        case OPT_X_CERTFORM: \
148
        case OPT_X_KEYFORM
149

150
/*
151
 * Common SSL options.
152
 * Any changes here must be coordinated with ../ssl/ssl_conf.c
153
 */
154
# define OPT_S_ENUM \
155
        OPT_S__FIRST=3000, \
156
        OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
157
        OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
158
        OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_CLIENTRENEG, \
159
        OPT_S_LEGACYCONN, \
160
        OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, \
161
        OPT_S_ALLOW_NO_DHE_KEX, OPT_S_PREFER_NO_DHE_KEX, \
162
        OPT_S_PRIORITIZE_CHACHA, \
163
        OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
164
        OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
165
        OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
166
        OPT_S_MINPROTO, OPT_S_MAXPROTO, \
167
        OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S_NO_ETM, \
168
        OPT_S_NO_EMS, \
169
        OPT_S_NO_TX_CERT_COMP, \
170
        OPT_S_NO_RX_CERT_COMP, \
171
        OPT_S__LAST
172

173
# define OPT_S_OPTIONS \
174
        OPT_SECTION("TLS/SSL"), \
175
        {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
176
        {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
177
        {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
178
        {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
179
        {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
180
        {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
181
        {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
182
        {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
183
        {"no_tx_cert_comp", OPT_S_NO_TX_CERT_COMP, '-', "Disable sending TLSv1.3 compressed certificates" }, \
184
        {"no_rx_cert_comp", OPT_S_NO_RX_CERT_COMP, '-', "Disable receiving TLSv1.3 compressed certificates" }, \
185
        {"no_ticket", OPT_S_NOTICKET, '-', \
186
            "Disable use of TLS session tickets"}, \
187
        {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
188
        {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
189
            "Enable use of legacy renegotiation (dangerous)"}, \
190
        {"client_renegotiation", OPT_S_CLIENTRENEG, '-', \
191
            "Allow client-initiated renegotiation" }, \
192
        {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
193
            "Disable all renegotiation."}, \
194
        {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
195
            "Allow initial connection to servers that don't support RI"}, \
196
        {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
197
            "Disallow session resumption on renegotiation"}, \
198
        {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
199
            "Disallow initial connection to servers that don't support RI"}, \
200
        {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
201
            "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
202
        {"prefer_no_dhe_kex", OPT_S_PREFER_NO_DHE_KEX, '-', \
203
            "In TLSv1.3 prefer non-(ec)dhe over (ec)dhe-based key exchange on resumption"}, \
204
        {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
205
            "Prioritize ChaCha ciphers when preferred by clients"}, \
206
        {"strict", OPT_S_STRICT, '-', \
207
            "Enforce strict certificate checks as per TLS standard"}, \
208
        {"sigalgs", OPT_S_SIGALGS, 's', \
209
            "Signature algorithms to support (colon-separated list)" }, \
210
        {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
211
            "Signature algorithms to support for client certificate" \
212
            " authentication (colon-separated list)" }, \
213
        {"groups", OPT_S_GROUPS, 's', \
214
            "Groups to advertise (colon-separated list)" }, \
215
        {"curves", OPT_S_CURVES, 's', \
216
            "Groups to advertise (colon-separated list)" }, \
217
        {"named_curve", OPT_S_NAMEDCURVE, 's', \
218
            "Elliptic curve used for ECDHE (server-side only)" }, \
219
        {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
220
        {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
221
        {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
222
        {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
223
        {"record_padding", OPT_S_RECORD_PADDING, 's', \
224
            "Block size to pad TLS 1.3 records to."}, \
225
        {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
226
            "Perform all sorts of protocol violations for testing purposes"}, \
227
        {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
228
            "Disable TLSv1.3 middlebox compat mode" }, \
229
        {"no_etm", OPT_S_NO_ETM, '-', \
230
            "Disable Encrypt-then-Mac extension"}, \
231
        {"no_ems", OPT_S_NO_EMS, '-', \
232
            "Disable Extended master secret extension"}
233

234
# define OPT_S_CASES \
235
        OPT_S__FIRST: case OPT_S__LAST: break; \
236
        case OPT_S_NOSSL3: \
237
        case OPT_S_NOTLS1: \
238
        case OPT_S_NOTLS1_1: \
239
        case OPT_S_NOTLS1_2: \
240
        case OPT_S_NOTLS1_3: \
241
        case OPT_S_BUGS: \
242
        case OPT_S_NO_COMP: \
243
        case OPT_S_COMP: \
244
        case OPT_S_NO_TX_CERT_COMP: \
245
        case OPT_S_NO_RX_CERT_COMP: \
246
        case OPT_S_NOTICKET: \
247
        case OPT_S_SERVERPREF: \
248
        case OPT_S_LEGACYRENEG: \
249
        case OPT_S_CLIENTRENEG: \
250
        case OPT_S_LEGACYCONN: \
251
        case OPT_S_ONRESUMP: \
252
        case OPT_S_NOLEGACYCONN: \
253
        case OPT_S_ALLOW_NO_DHE_KEX: \
254
        case OPT_S_PREFER_NO_DHE_KEX: \
255
        case OPT_S_PRIORITIZE_CHACHA: \
256
        case OPT_S_STRICT: \
257
        case OPT_S_SIGALGS: \
258
        case OPT_S_CLIENTSIGALGS: \
259
        case OPT_S_GROUPS: \
260
        case OPT_S_CURVES: \
261
        case OPT_S_NAMEDCURVE: \
262
        case OPT_S_CIPHER: \
263
        case OPT_S_CIPHERSUITES: \
264
        case OPT_S_RECORD_PADDING: \
265
        case OPT_S_NO_RENEGOTIATION: \
266
        case OPT_S_MINPROTO: \
267
        case OPT_S_MAXPROTO: \
268
        case OPT_S_DEBUGBROKE: \
269
        case OPT_S_NO_MIDDLEBOX: \
270
        case OPT_S_NO_ETM: \
271
        case OPT_S_NO_EMS
272

273
#define IS_NO_PROT_FLAG(o) \
274
 (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
275
  || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
276

277
/*
278
 * Random state options.
279
 */
280
# define OPT_R_ENUM \
281
        OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
282

283
# define OPT_R_OPTIONS \
284
    OPT_SECTION("Random state"), \
285
    {"rand", OPT_R_RAND, 's', "Load the given file(s) into the random number generator"}, \
286
    {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
287

288
# define OPT_R_CASES \
289
        OPT_R__FIRST: case OPT_R__LAST: break; \
290
        case OPT_R_RAND: case OPT_R_WRITERAND
291

292
/*
293
 * Provider options.
294
 */
295
# define OPT_PROV_ENUM \
296
        OPT_PROV__FIRST=1600, \
297
        OPT_PROV_PROVIDER, OPT_PROV_PROVIDER_PATH, OPT_PROV_PROPQUERY, \
298
        OPT_PROV_PARAM, \
299
        OPT_PROV__LAST
300

301
# define OPT_CONFIG_OPTION \
302
        { "config", OPT_CONFIG, '<', "Load a configuration file (this may load modules)" }
303

304
# define OPT_PROV_OPTIONS \
305
        OPT_SECTION("Provider"), \
306
        { "provider-path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
307
        { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }, \
308
        { "provparam", OPT_PROV_PARAM, 's', "Set a provider key-value parameter" }, \
309
        { "propquery", OPT_PROV_PROPQUERY, 's', "Property query used when fetching algorithms" }
310

311
# define OPT_PROV_CASES \
312
        OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
313
        case OPT_PROV_PROVIDER: \
314
        case OPT_PROV_PROVIDER_PATH: \
315
        case OPT_PROV_PARAM: \
316
        case OPT_PROV_PROPQUERY
317

318
/*
319
 * Option parsing.
320
 */
321
extern const char OPT_HELP_STR[];
322
extern const char OPT_MORE_STR[];
323
extern const char OPT_SECTION_STR[];
324
extern const char OPT_PARAM_STR[];
325

326
typedef struct options_st {
327
    const char *name;
328
    int retval;
329
    /*-
330
     * value type:
331
     *
332
     *   '-' no value (also the value zero)
333
     *   'n' number (type 'int')
334
     *   'p' positive number (type 'int')
335
     *   'u' unsigned number (type 'unsigned long')
336
     *   'l' number (type 'unsigned long')
337
     *   'M' number (type 'intmax_t')
338
     *   'U' unsigned number (type 'uintmax_t')
339
     *   's' string
340
     *   '<' input file
341
     *   '>' output file
342
     *   '/' directory
343
     *   'f' any format                    [OPT_FMT_ANY]
344
     *   'F' der/pem format                [OPT_FMT_PEMDER]
345
     *   'A' any ASN1, der/pem/b64 format  [OPT_FMT_ASN1]
346
     *   'E' der/pem/engine format         [OPT_FMT_PDE]
347
     *   'c' pem/der/smime format          [OPT_FMT_PDS]
348
     *
349
     * The 'l', 'n' and 'u' value types include the values zero,
350
     * the 'p' value type does not.
351
     */
352
    int valtype;
353
    const char *helpstr;
354
} OPTIONS;
355
/* Special retval values: */
356
#define OPT_PARAM 0 /* same as OPT_EOF usually defined in apps */
357
#define OPT_DUP -2 /* marks duplicate occurrence of option in help output */
358

359
/*
360
 * A string/int pairing; widely use for option value lookup, hence the
361
 * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
362
 * the "generic" name STRINT_PAIR.
363
 */
364
typedef struct string_int_pair_st {
365
    const char *name;
366
    int retval;
367
} OPT_PAIR, STRINT_PAIR;
368

369
/* Flags to pass into opt_format; see FORMAT_xxx, below. */
370
# define OPT_FMT_PEM             (1L <<  1)
371
# define OPT_FMT_DER             (1L <<  2)
372
# define OPT_FMT_B64             (1L <<  3)
373
# define OPT_FMT_PKCS12          (1L <<  4)
374
# define OPT_FMT_SMIME           (1L <<  5)
375
# define OPT_FMT_ENGINE          (1L <<  6)
376
# define OPT_FMT_MSBLOB          (1L <<  7)
377
# define OPT_FMT_NSS             (1L <<  8)
378
# define OPT_FMT_TEXT            (1L <<  9)
379
# define OPT_FMT_HTTP            (1L << 10)
380
# define OPT_FMT_PVK             (1L << 11)
381

382
# define OPT_FMT_PEMDER  (OPT_FMT_PEM | OPT_FMT_DER)
383
# define OPT_FMT_ASN1    (OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64)
384
# define OPT_FMT_PDE     (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
385
# define OPT_FMT_PDS     (OPT_FMT_PEMDER | OPT_FMT_SMIME)
386
# define OPT_FMT_ANY     ( \
387
        OPT_FMT_PEM | OPT_FMT_DER | OPT_FMT_B64 | \
388
        OPT_FMT_PKCS12 | OPT_FMT_SMIME |                     \
389
        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS | \
390
        OPT_FMT_TEXT | OPT_FMT_HTTP | OPT_FMT_PVK)
391

392
/* Divide options into sections when displaying usage */
393
#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }
394
#define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" }
395

396
const char *opt_path_end(const char *filename);
397
char *opt_init(int ac, char **av, const OPTIONS *o);
398
char *opt_progname(const char *argv0);
399
char *opt_appname(const char *argv0);
400
char *opt_getprog(void);
401
void opt_help(const OPTIONS *list);
402

403
void opt_begin(void);
404
int opt_next(void);
405
char *opt_flag(void);
406
char *opt_arg(void);
407
char *opt_unknown(void);
408
void reset_unknown(void);
409
int opt_cipher(const char *name, EVP_CIPHER **cipherp);
410
int opt_cipher_any(const char *name, EVP_CIPHER **cipherp);
411
int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp);
412
int opt_check_md(const char *name);
413
int opt_md(const char *name, EVP_MD **mdp);
414
int opt_md_silent(const char *name, EVP_MD **mdp);
415

416
int opt_int(const char *arg, int *result);
417
void opt_set_unknown_name(const char *name);
418
int opt_int_arg(void);
419
int opt_long(const char *arg, long *result);
420
int opt_ulong(const char *arg, unsigned long *result);
421
int opt_intmax(const char *arg, ossl_intmax_t *result);
422
int opt_uintmax(const char *arg, ossl_uintmax_t *result);
423

424
int opt_isdir(const char *name);
425
int opt_format(const char *s, unsigned long flags, int *result);
426
void print_format_error(int format, unsigned long flags);
427
int opt_printf_stderr(const char *fmt, ...);
428
int opt_string(const char *name, const char **options);
429
int opt_pair(const char *arg, const OPT_PAIR *pairs, int *result);
430

431
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
432
int opt_rand(int i);
433
int opt_provider(int i);
434
int opt_provider_option_given(void);
435

436
char **opt_rest(void);
437
int opt_num_rest(void);
438
int opt_check_rest_arg(const char *expected);
439

440
/* Returns non-zero if legacy paths are still available */
441
int opt_legacy_okay(void);
442

443

444
#endif /* OSSL_APPS_OPT_H */
445

446