diff options
| author | Paul Yang <yang.yang@baishancloud.com> | 2019-04-01 10:21:53 +0900 |
|---|---|---|
| committer | Paul Yang <yang.yang@baishancloud.com> | 2019-04-09 20:44:42 +0800 |
| commit | ccf453610f48fe88968f0cfc63784b503eae33a0 (patch) | |
| tree | e91e6430ea6e7062bc01b31d686a0d79581c9e93 /apps/verify.c | |
| parent | bbcaef632440067d173e2c4bfc40dd96ef2c0112 (diff) | |
| download | openssl-new-ccf453610f48fe88968f0cfc63784b503eae33a0.tar.gz | |
Make X509_set_sm2_id consistent with other setters
This commit makes the X509_set_sm2_id to 'set0' behaviour, which means
the memory management is passed to X509 and user doesn't need to free
the sm2_id parameter later. API name also changes to X509_set0_sm2_id.
Document and test case are also updated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8626)
Diffstat (limited to 'apps/verify.c')
| -rw-r--r-- | apps/verify.c | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/apps/verify.c b/apps/verify.c index 67d3276226..3767972a5e 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -246,27 +246,37 @@ static int check(X509_STORE *ctx, const char *file, if (sm2id != NULL) { #ifndef OPENSSL_NO_SM2 - ASN1_OCTET_STRING v; + ASN1_OCTET_STRING *v; - v.data = sm2id; - v.length = sm2idlen; + v = ASN1_OCTET_STRING_new(); + if (v == NULL) { + BIO_printf(bio_err, "error: SM2 ID allocation failed\n"); + goto end; + } - X509_set_sm2_id(x, &v); + if (!ASN1_OCTET_STRING_set(v, sm2id, sm2idlen)) { + BIO_printf(bio_err, "error: setting SM2 ID failed\n"); + ASN1_OCTET_STRING_free(v); + goto end; + } + + X509_set0_sm2_id(x, v); #endif } csc = X509_STORE_CTX_new(); if (csc == NULL) { - printf("error %s: X.509 store context allocation failed\n", - (file == NULL) ? "stdin" : file); + BIO_printf(bio_err, "error %s: X.509 store context allocation failed\n", + (file == NULL) ? "stdin" : file); goto end; } X509_STORE_set_flags(ctx, vflags); if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) { X509_STORE_CTX_free(csc); - printf("error %s: X.509 store context initialization failed\n", - (file == NULL) ? "stdin" : file); + BIO_printf(bio_err, + "error %s: X.509 store context initialization failed\n", + (file == NULL) ? "stdin" : file); goto end; } if (tchain != NULL) @@ -275,28 +285,30 @@ static int check(X509_STORE *ctx, const char *file, X509_STORE_CTX_set0_crls(csc, crls); i = X509_verify_cert(csc); if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) { - printf("%s: OK\n", (file == NULL) ? "stdin" : file); + BIO_printf(bio_out, "%s: OK\n", (file == NULL) ? "stdin" : file); ret = 1; if (show_chain) { int j; chain = X509_STORE_CTX_get1_chain(csc); num_untrusted = X509_STORE_CTX_get_num_untrusted(csc); - printf("Chain:\n"); + BIO_printf(bio_out, "Chain:\n"); for (j = 0; j < sk_X509_num(chain); j++) { X509 *cert = sk_X509_value(chain, j); - printf("depth=%d: ", j); + BIO_printf(bio_out, "depth=%d: ", j); X509_NAME_print_ex_fp(stdout, X509_get_subject_name(cert), 0, get_nameopt()); if (j < num_untrusted) - printf(" (untrusted)"); - printf("\n"); + BIO_printf(bio_out, " (untrusted)"); + BIO_printf(bio_out, "\n"); } sk_X509_pop_free(chain, X509_free); } } else { - printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file); + BIO_printf(bio_err, + "error %s: verification failed\n", + (file == NULL) ? "stdin" : file); } X509_STORE_CTX_free(csc); |