X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=apps%2Fverify.c;h=3c4566393b83551804a22d9a07c6aa6704c5e2fe;hb=2c4ee10c0aa231a30977aad47bae1d0dbe6bbef4;hp=158504464bf545e3069490ef5e23749d5f4eb887;hpb=feb2f53edc7e9b96cfe9c0ab611461edabdd2b34;p=oweals%2Fopenssl.git diff --git a/apps/verify.c b/apps/verify.c index 158504464b..3c4566393b 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -1,58 +1,10 @@ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include @@ -66,9 +18,9 @@ #include static int cb(int ok, X509_STORE_CTX *ctx); -static int check(X509_STORE *ctx, char *file, +static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain); + STACK_OF(X509_CRL) *crls, int show_chain); static int v_verbose = 0, vflags = 0; typedef enum OPTION_choice { @@ -113,7 +65,7 @@ int verify_main(int argc, char **argv) STACK_OF(X509_CRL) *crls = NULL; X509_STORE *store = NULL; X509_VERIFY_PARAM *vpm = NULL; - char *prog, *CApath = NULL, *CAfile = NULL; + const char *prog, *CApath = NULL, *CAfile = NULL; int noCApath = 0, noCAfile = 0; int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1; OPTION_CHOICE o; @@ -167,7 +119,7 @@ int verify_main(int argc, char **argv) break; case OPT_UNTRUSTED: /* Zero or more times */ - if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL, e, + if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL, "untrusted certificates")) goto end; break; @@ -175,26 +127,28 @@ int verify_main(int argc, char **argv) /* Zero or more times */ noCAfile = 1; noCApath = 1; - if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL, e, + if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL, "trusted certificates")) goto end; break; case OPT_CRLFILE: /* Zero or more times */ - if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL, e, + if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL, "other CRLs")) goto end; break; case OPT_CRL_DOWNLOAD: crl_download = 1; break; + case OPT_ENGINE: + if ((e = setup_engine(opt_arg(), 0)) == NULL) { + /* Failure message already displayed */ + goto end; + } + break; case OPT_SHOW_CHAIN: show_chain = 1; break; - case OPT_ENGINE: - /* Specify *before* -trusted/-untrusted/-CRLfile */ - e = setup_engine(opt_arg(), 0); - break; case OPT_VERBOSE: v_verbose = 1; break; @@ -223,11 +177,11 @@ int verify_main(int argc, char **argv) ret = 0; if (argc < 1) { - if (check(store, NULL, untrusted, trusted, crls, e, show_chain) != 1) + if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1) ret = -1; } else { for (i = 0; i < argc; i++) - if (check(store, argv[i], untrusted, trusted, crls, e, + if (check(store, argv[i], untrusted, trusted, crls, show_chain) != 1) ret = -1; } @@ -238,12 +192,13 @@ int verify_main(int argc, char **argv) sk_X509_pop_free(untrusted, X509_free); sk_X509_pop_free(trusted, X509_free); sk_X509_CRL_pop_free(crls, X509_CRL_free); + release_engine(e); return (ret < 0 ? 2 : ret); } -static int check(X509_STORE *ctx, char *file, +static int check(X509_STORE *ctx, const char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, - STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain) + STACK_OF(X509_CRL) *crls, int show_chain) { X509 *x = NULL; int i = 0, ret = 0; @@ -251,7 +206,7 @@ static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *chain = NULL; int num_untrusted; - x = load_cert(file, FORMAT_PEM, NULL, e, "certificate file"); + x = load_cert(file, FORMAT_PEM, "certificate file"); if (x == NULL) goto end; @@ -261,6 +216,7 @@ static int check(X509_STORE *ctx, char *file, (file == NULL) ? "stdin" : file); goto end; } + X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { printf("error %s: X.509 store context initialization failed\n", @@ -268,7 +224,7 @@ static int check(X509_STORE *ctx, char *file, goto end; } if (tchain) - X509_STORE_CTX_trusted_stack(csc, tchain); + X509_STORE_CTX_set0_trusted_stack(csc, tchain); if (crls) X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc);