abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-05-07 00:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update demos

Browse Source
This commit is contained in:
Zhi Guan
2023-02-07 14:57:17 +08:00
parent 92e27087a9
commit d7fcc6f457
9 changed files with 90 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
demos/scripts/tlcpdemo.sh
View File

@@ -2,21 +2,21 @@
gmssl sm2keygen -pass 1234 -out rootcakey.pem gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
gmssl certparse -in rootcacert.pem gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem gmssl certparse -in signcert.pem
gmssl sm2keygen -pass 1234 -out enckey.pem gmssl sm2keygen -pass 1234 -out enckey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key enckey.pem -pass 1234 -out encreq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem
gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem
gmssl certparse -in enccert.pem gmssl certparse -in enccert.pem
@@ -30,7 +30,7 @@ sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1
sleep 3 sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem gmssl certparse -in clientcert.pem

10
demos/scripts/tls12demo.sh
View File

@@ -2,16 +2,16 @@
gmssl sm2keygen -pass 1234 -out rootcakey.pem gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
gmssl certparse -in rootcacert.pem gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem -ca -path_len_constraint 0
gmssl certparse -in cacert.pem gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem gmssl certparse -in signcert.pem
@@ -24,7 +24,7 @@ sudo gmssl tls12_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -c
sleep 3 sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem gmssl certparse -in clientcert.pem

10
demos/scripts/tls13demo.sh
View File

@@ -2,16 +2,16 @@
gmssl sm2keygen -pass 1234 -out rootcakey.pem gmssl sm2keygen -pass 1234 -out rootcakey.pem
gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca
gmssl certparse -in rootcacert.pem gmssl certparse -in rootcacert.pem
gmssl sm2keygen -pass 1234 -out cakey.pem gmssl sm2keygen -pass 1234 -out cakey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -days 3650 -key cakey.pem -pass 1234 -out careq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN "Sub CA" -key cakey.pem -pass 1234 -out careq.pem
gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem
gmssl certparse -in cacert.pem gmssl certparse -in cacert.pem
gmssl sm2keygen -pass 1234 -out signkey.pem gmssl sm2keygen -pass 1234 -out signkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -days 365 -key signkey.pem -pass 1234 -out signreq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem
gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem
gmssl certparse -in signcert.pem gmssl certparse -in signcert.pem
@@ -24,7 +24,7 @@ sudo gmssl tls13_server -port 443 -cert certs.pem -key signkey.pem -pass 1234 -c
sleep 3 sleep 3
gmssl sm2keygen -pass 1234 -out clientkey.pem gmssl sm2keygen -pass 1234 -out clientkey.pem
gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -days 365 -key clientkey.pem -pass 1234 -out clientreq.pem gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN Client -key clientkey.pem -pass 1234 -out clientreq.pem
gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem gmssl reqsign -in clientreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out clientcert.pem
gmssl certparse -in clientcert.pem gmssl certparse -in clientcert.pem

33
src/sm2_lib.c
View File

@@ -733,15 +733,27 @@ int sm2_ciphertext_from_der(SM2_CIPHERTEXT *C, const uint8_t **in, size_t *inlen
return ret; return ret;
} }
if (asn1_integer_from_der(&x, &xlen, &d, &dlen) != 1 if (asn1_integer_from_der(&x, &xlen, &d, &dlen) != 1
|| asn1_integer_from_der(&y, &ylen, &d, &dlen) != 1 || asn1_length_le(xlen, 32) != 1) {
|| asn1_octet_string_from_der(&hash, &hashlen, &d, &dlen) != 1 error_print();
|| asn1_octet_string_from_der(&c, &clen, &d, &dlen) != 1 return -1;
|| asn1_length_le(xlen, 32) != 1 }
|| asn1_length_le(ylen, 32) != 1 if (asn1_integer_from_der(&y, &ylen, &d, &dlen) != 1
|| asn1_check(hashlen == 32) != 1 || asn1_length_le(ylen, 32) != 1) {
|| asn1_length_le(clen, SM2_MAX_PLAINTEXT_SIZE) != 1 error_print();
|| asn1_length_is_zero(clen) == 1 return -1;
|| asn1_length_is_zero(dlen) != 1) { }
if (asn1_octet_string_from_der(&hash, &hashlen, &d, &dlen) != 1
|| asn1_check(hashlen == 32) != 1) {
error_print();
return -1;
}
if (asn1_octet_string_from_der(&c, &clen, &d, &dlen) != 1
// || asn1_length_is_zero(clen) == 1
|| asn1_length_le(clen, SM2_MAX_PLAINTEXT_SIZE) != 1) {
error_print();
return -1;
}
if (asn1_length_is_zero(dlen) != 1) {
error_print(); error_print();
return -1; return -1;
} }
@@ -818,7 +830,8 @@ int sm2_decrypt(const SM2_KEY *key, const uint8_t *in, size_t inlen, uint8_t *ou
return -1; return -1;
} }
if (sm2_ciphertext_from_der(&C, &in, &inlen) != 1 if (sm2_ciphertext_from_der(&C, &in, &inlen) != 1
|| asn1_length_is_zero(inlen) != 1) { || asn1_length_is_zero(inlen) != 1
) {
error_print(); error_print();
return -1; return -1;
} }

4
src/x509_cer.c
View File

@@ -1796,6 +1796,7 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
} }
if (x509_cert_check(cert, certlen, entity_cert_type, &path_len_constraint) != 1) { if (x509_cert_check(cert, certlen, entity_cert_type, &path_len_constraint) != 1) {
error_print(); error_print();
x509_cert_print(stderr, 0, 10, "Invalid Entity Certificate", cert, certlen);
return -1; return -1;
} }
@@ -1805,8 +1806,9 @@ int x509_certs_verify(const uint8_t *certs, size_t certslen, int certs_type,
error_print(); error_print();
return -1; return -1;
} }
if (x509_cert_check(cert, certlen, X509_cert_ca, &path_len_constraint) != 1) { if (x509_cert_check(cacert, cacertlen, X509_cert_ca, &path_len_constraint) != 1) {
error_print(); error_print();
x509_cert_print(stderr, 0, 10, "Invalid CA Certificate", cacert, cacertlen);
return -1; return -1;
} }

44
src/x509_ext.c
View File

@@ -2039,7 +2039,7 @@ int x509_basic_constraints_from_der(int *ca, int *path_len_cons, const uint8_t *
return 1; return 1;
} }
int x509_basic_constraints_check(int ca, int path_len_cons, int cert_type) int x509_basic_constraints_check(int ca, int path_len_constraint, int cert_type)
{ {
/* /*
entity_cert: entity_cert:
@@ -2055,20 +2055,28 @@ int x509_basic_constraints_check(int ca, int path_len_cons, int cert_type)
ca = 1 ca = 1
path_len_constraint = -1 or > 0 (=0 might be ok?) path_len_constraint = -1 or > 0 (=0 might be ok?)
*/ */
if (cert_type == X509_cert_ca) { switch (cert_type) {
case X509_cert_server_auth:
case X509_cert_client_auth:
case X509_cert_server_key_encipher:
case X509_cert_client_key_encipher:
if (ca > 0 || path_len_constraint != -1) {
error_print();
return -1;
}
break;
// FIXME: add more cert types and check path_len_constraint
case X509_cert_ca:
case X509_cert_crl_sign:
case X509_cert_root_ca:
if (ca != 1) { if (ca != 1) {
error_print(); error_print();
return -1; return -1;
} }
if (path_len_cons < 0 || path_len_cons > X509_MAX_PATH_LEN_CONSTRAINT) { break;
error_print(); default:
return -1; error_print();
} return -1;
} else {
if (ca == 1 || path_len_cons >= 0) {
error_print();
return -1; // comment to only warning
}
} }
return 1; return 1;
} }
@@ -2087,7 +2095,6 @@ int x509_basic_constraints_print(FILE *fp, int fmt, int ind, const char *label,
if ((ret = asn1_boolean_from_der(&val, &d, &dlen)) < 0) goto err; if ((ret = asn1_boolean_from_der(&val, &d, &dlen)) < 0) goto err;
if (ret) format_print(fp, fmt, ind, "cA: %s\n", asn1_boolean_name(val)); if (ret) format_print(fp, fmt, ind, "cA: %s\n", asn1_boolean_name(val));
//else format_print(fp, fmt, ind, "cA: %s\n", asn1_boolean_name(0));
if ((ret = asn1_int_from_der(&val, &d, &dlen)) < 0) goto err; if ((ret = asn1_int_from_der(&val, &d, &dlen)) < 0) goto err;
if (ret) format_print(fp, fmt, ind, "pathLenConstraint: %d\n", val); if (ret) format_print(fp, fmt, ind, "pathLenConstraint: %d\n", val);
if (asn1_length_is_zero(dlen) != 1) goto err; if (asn1_length_is_zero(dlen) != 1) goto err;
@@ -2921,10 +2928,9 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
error_print(); error_print();
return -1; return -1;
} }
*path_len_constraint = path_len;
break; break;
case OID_ce_ext_key_usage: case OID_ce_ext_key_usage:
if (x509_ext_key_usage_from_der(ext_key_usages, &ext_key_usages_cnt, if (x509_ext_key_usage_from_der(ext_key_usages, &ext_key_usages_cnt,
sizeof(ext_key_usages)/sizeof(ext_key_usages[0]), &val, &vlen) != 1 sizeof(ext_key_usages)/sizeof(ext_key_usages[0]), &val, &vlen) != 1
@@ -2949,16 +2955,6 @@ int x509_exts_check(const uint8_t *exts, size_t extslen, int cert_type,
} }
} }
switch (cert_type) {
case X509_cert_ca:
if (ca != 1 || path_len < 0) {
error_print();
return -1;
}
*path_len_constraint = path_len;
break;
}
return 1; return 1;
} }

10
tools/certverify.c
View File

@@ -14,6 +14,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <gmssl/x509.h> #include <gmssl/x509.h>
#include <gmssl/x509_crl.h> #include <gmssl/x509_crl.h>
#include <gmssl/error.h>
static const char *usage = static const char *usage =
@@ -60,7 +61,7 @@ int certverify_main(int argc, char **argv)
argv++; argv++;
if (argc < 1) { if (argc < 1) {
fprintf(stderr, "usage: %s %s\n", prog, options); fprintf(stderr, "usage: %s %s\n", prog, usage);
return 1; return 1;
} }
@@ -171,7 +172,8 @@ bad:
} }
} }
x509_name_print(stdout, 0, 0, "Signed by", subject, subject_len); format_print(stdout, 0, 0, "Signed by\n");
x509_name_print(stdout, 0, 0, "Certificate", subject, subject_len);
check_crl = 0; // only check the entity CRL check_crl = 0; // only check the entity CRL
@@ -193,7 +195,8 @@ final:
goto end; goto end;
} }
printf("Verification %s\n", rv ? "success" : "failure"); printf("Verification %s\n", rv ? "success" : "failure");
x509_name_print(stdout, 0, 0, "Signed by", subject, subject_len); format_print(stdout, 0, 0, "Signed by\n");
x509_name_print(stdout, 0, 0, "Certificate", subject, subject_len);
if (double_certs) { if (double_certs) {
if ((rv = x509_cert_verify_by_ca_cert(enc_cert, enc_cert_len, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) { if ((rv = x509_cert_verify_by_ca_cert(enc_cert, enc_cert_len, cacert, cacertlen, SM2_DEFAULT_ID, strlen(SM2_DEFAULT_ID))) < 0) {
@@ -202,6 +205,7 @@ final:
} }
printf("Verification %s\n", rv ? "success" : "failure"); printf("Verification %s\n", rv ? "success" : "failure");
} }
printf("\n");
ret = 0; ret = 0;
end: end:

15
tools/gmssl.c
View File

@@ -59,6 +59,7 @@ extern int skfutil_main(int argc, char **argv);
static const char *options = static const char *options =
"command [options]\n" "command [options]\n"
"command -help\n"
"\n" "\n"
"Commands:\n" "Commands:\n"
" help Print this help message\n" " help Print this help message\n"
@@ -85,13 +86,13 @@ static const char *options =
" reqparse Parse and print a CSR\n" " reqparse Parse and print a CSR\n"
" crlget Download the CRL of given certificate\n" " crlget Download the CRL of given certificate\n"
" crlgen Sign a CRL with CA certificate and private key\n" " crlgen Sign a CRL with CA certificate and private key\n"
" crlparse Verify a CRL with certificate\n" " crlverify Verify a CRL with issuer's certificate\n"
" crlverify Parse and print CRL\n" " crlparse Parse and print CRL\n"
" certgen Generate a self-signed certificate\n" " certgen Generate a self-signed certificate\n"
" certparse Parse and print certificates\n" " certparse Parse and print certificates\n"
" certverify Verify certificate chain\n" " certverify Verify certificate chain\n"
" certrevoke Revoke certificate and output RevokedCertificate in DER\n" " certrevoke Revoke certificate and output RevokedCertificate record\n"
" cmsparse Parse cryptographic message syntax (CMS)\n" " cmsparse Parse CMS (cryptographic message syntax) file\n"
" cmsencrypt Generate CMS EnvelopedData\n" " cmsencrypt Generate CMS EnvelopedData\n"
" cmsdecrypt Decrypt CMS EnvelopedData\n" " cmsdecrypt Decrypt CMS EnvelopedData\n"
" cmssign Generate CMS SignedData\n" " cmssign Generate CMS SignedData\n"
@@ -103,8 +104,10 @@ static const char *options =
" tls12_client TLS 1.2 client\n" " tls12_client TLS 1.2 client\n"
" tls12_server TLS 1.2 server\n" " tls12_server TLS 1.2 server\n"
" tls13_client TLS 1.3 client\n" " tls13_client TLS 1.3 client\n"
" tls13_server TLS 1.3 server\n"; " tls13_server TLS 1.3 server\n"
"\n"
"run `gmssl <command> -help` to print help of the given command\n"
"\n";
int main(int argc, char **argv) int main(int argc, char **argv)

16
tools/sm2keygen.c
View File

@@ -16,7 +16,14 @@
#include <gmssl/sm2.h> #include <gmssl/sm2.h>
static const char *options = "-pass str [-out pem] [-pubout pem]"; static const char *usage = "-pass str [-out pem] [-pubout pem]\n";
static const char *options =
"Options\n"
" -pass pass Password to encrypt the private key\n"
" -out pem Output password-encrypted PKCS #8 private key in PEM format\n"
" -pubout pem Output public key in PEM format\n"
"\n";
int sm2keygen_main(int argc, char **argv) int sm2keygen_main(int argc, char **argv)
{ {
@@ -39,7 +46,8 @@ int sm2keygen_main(int argc, char **argv)
while (argc > 0) { while (argc > 0) {
if (!strcmp(*argv, "-help")) { if (!strcmp(*argv, "-help")) {
printf("usage: %s %s\n", prog, options); printf("usage: %s %s\n", prog, usage);
printf("%s\n", options);
ret = 0; ret = 0;
goto end; goto end;
} else if (!strcmp(*argv, "-pass")) { } else if (!strcmp(*argv, "-pass")) {
@@ -63,7 +71,7 @@ int sm2keygen_main(int argc, char **argv)
fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv); fprintf(stderr, "%s: illegal option '%s'\n", prog, *argv);
goto end; goto end;
bad: bad:
fprintf(stderr, "%s: '%s' option value missing\n", prog, *argv); fprintf(stderr, "%s: `%s` option value missing\n", prog, *argv);
goto end; goto end;
} }
@@ -72,7 +80,7 @@ bad:
} }
if (!pass) { if (!pass) {
fprintf(stderr, "%s: '-pass' option required\n", prog); fprintf(stderr, "%s: `-pass` option required\n", prog);
goto end; goto end;
} }