Add -show_chain option to print out verified chain.

[openssl.git] / apps / ts.c

diff --git a/apps/ts.c b/apps/ts.c
index b8fb50b3b58d64533219b1e283f256668befe3fb..ae7604cc698c63457d565e8e320cc41c5e22a85d 100644 (file)
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -65,6 +65,7 @@
 #include <openssl/pem.h>
 #include <openssl/rand.h>
 #include <openssl/ts.h>
+#include <openssl/bn.h>
 
 #undef PROG
 #define PROG   ts_main
@@ -164,6 +165,9 @@ int MAIN(int argc, char **argv)
                BIO_set_fp(bio_err, stderr, BIO_NOCLOSE | BIO_FP_TEXT);
                }
 
+       if (!load_config(bio_err, NULL))
+               goto cleanup;
+
        for (argc--, argv++; argc > 0; argc--, argv++)
                {
                if (strcmp(*argv, "-config") == 0)
@@ -191,16 +195,6 @@ int MAIN(int argc, char **argv)
                        if (argc-- < 1) goto usage;
                        digest = *++argv;
                        }
-               else if (strcmp(*argv, "-md2") == 0
-                       || strcmp(*argv, "-md4") == 0
-                       || strcmp(*argv, "-md5") == 0
-                       || strcmp(*argv, "-sha") == 0
-                       || strcmp(*argv, "-sha1") == 0
-                       || strcmp(*argv, "-mdc2") == 0
-                       || strcmp(*argv, "-ripemd160") == 0)
-                       {
-                       md = EVP_get_digestbyname(*argv + 1);
-                       }
                else if (strcmp(*argv, "-rand") == 0)
                        {
                        if (argc-- < 1) goto usage;
@@ -296,6 +290,10 @@ int MAIN(int argc, char **argv)
                        if (argc-- < 1) goto usage;
                        engine = *++argv;
                        }
+               else if ((md = EVP_get_digestbyname(*argv + 1)) != NULL)
+                       {
+                       /* empty. */
+                       }
                else
                        goto usage;
                }
@@ -603,6 +601,8 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
        int md_value_len;
 
        md_value_len = EVP_MD_size(md);
+       if (md_value_len < 0)
+           goto err;
        if (input)
                {
                /* Digest must be computed from an input file. */
@@ -618,7 +618,8 @@ static int create_digest(BIO *input, char *digest, const EVP_MD *md,
                        {
                        EVP_DigestUpdate(&md_ctx, buffer, length);
                        }
-               EVP_DigestFinal(&md_ctx, *md_value, NULL);
+               if (!EVP_DigestFinal(&md_ctx, *md_value, NULL))
+                       return 0;
                }
        else
                {
@@ -649,7 +650,7 @@ static ASN1_INTEGER *create_nonce(int bits)
 
        /* Generating random byte sequence. */
        if (len > (int)sizeof(buf)) goto err;
-       if (!RAND_bytes(buf, len)) goto err;
+       if (RAND_bytes(buf, len) <= 0) goto err;
 
        /* Find the first non-zero byte and creating ASN1_INTEGER object. */
        for (i = 0; i < len && !buf[i]; ++i);
@@ -818,9 +819,10 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine,
 
        /* Setting serial number provider callback. */
        if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx)) goto end;
-
+#ifndef OPENSSL_NO_ENGINE
        /* Setting default OpenSSL engine. */
        if (!TS_CONF_set_crypto_device(conf, section, engine)) goto end;
+#endif
 
        /* Setting TSA signer certificate. */
        if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx)) goto end;
@@ -1047,6 +1049,8 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest,
                if (!(request = d2i_TS_REQ_bio(input, NULL))) goto err;
                if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) goto err;
                }
+       else
+               return NULL;
 
        /* Add the signature verification flag and arguments. */
        ctx->flags |= TS_VFY_SIGNATURE;
@@ -1080,7 +1084,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file)
        cert_ctx = X509_STORE_new();
 
        /* Setting the callback for certificate chain verification. */
-       X509_STORE_set_verify_cb_func(cert_ctx, verify_cb);
+       X509_STORE_set_verify_cb(cert_ctx, verify_cb);
 
        /* Adding a trusted certificate directory source. */
        if (ca_path)